diff options
| author | Jerry Jelinek <jerry.jelinek@joyent.com> | 2016-12-23 12:23:43 +0000 |
|---|---|---|
| committer | Jerry Jelinek <jerry.jelinek@joyent.com> | 2016-12-23 12:23:43 +0000 |
| commit | 696b52570287ab2055ae727bddf6657c667fedbf (patch) | |
| tree | fd456f505e7919b3a83af2c860620b72375dbcf0 | |
| parent | 5a859e8d1c090b10cf82408f7c51c78f93dd543f (diff) | |
| parent | b106467fd72e9bfd9e2bd78fbaa00a96a4eead45 (diff) | |
| download | illumos-joyent-696b52570287ab2055ae727bddf6657c667fedbf.tar.gz | |
[illumos-gate merge]
commit b106467fd72e9bfd9e2bd78fbaa00a96a4eead45
6239 Add PKCS#11 v2.40 support
6240 pkcs11_mech2keytype returns incorrect key type for CKM_DH_PKCS_PARAMETER_GEN
commit ee89337b3cc91051d11d67625a9672ffa4f83016
7684 RFC 3530 is obsolete
commit ceef358f3b068577bb5f84a851bdc8b464596dc2
7656 unlinking directory on tmpfs can cause kernel panic
commit 3a8761925c0ebb25868080d8dd07b12a2cc0d0ea
6464 libbe shouldn't mangle zfs mountpoints
23 files changed, 2003 insertions, 1585 deletions
diff --git a/usr/src/common/crypto/ecc/oid.c b/usr/src/common/crypto/ecc/oid.c index 1f4cfc7637..fbc7fd8f03 100644 --- a/usr/src/common/crypto/ecc/oid.c +++ b/usr/src/common/crypto/ecc/oid.c @@ -41,8 +41,6 @@ * Sun elects to use this software under the MPL license. */ -#pragma ident "%Z%%M% %I% %E% SMI" - #include <sys/types.h> #include <sys/systm.h> #include <sys/param.h> @@ -147,9 +145,9 @@ CONST_OID ansiX962c2tnb431r1[] = { ANSI_X962_GF2m_OID, 0x14 }; /* XXX this is incorrect */ #define INVALID_CERT_EXTENSION 1 -#define CKM_ECDSA 0x00001041 -#define CKM_ECDSA_SHA1 0x00001042 -#define CKM_ECDH1_DERIVE 0x00001050 +#define CKM_ECDSA 0x00001041UL +#define CKM_ECDSA_SHA1 0x00001042UL +#define CKM_ECDH1_DERIVE 0x00001050UL static SECOidData ANSI_prime_oids[] = { { { siDEROID, NULL, 0 }, ECCurve_noName, diff --git a/usr/src/lib/libbe/common/be_mount.c b/usr/src/lib/libbe/common/be_mount.c index 40daff4cd6..a081df62ed 100644 --- a/usr/src/lib/libbe/common/be_mount.c +++ b/usr/src/lib/libbe/common/be_mount.c @@ -80,6 +80,7 @@ static int be_mount_one_zone(zfs_handle_t *, be_mount_data_t *, char *, char *, char *); static int be_unmount_one_zone(be_unmount_data_t *, char *, char *, char *); static int be_get_ds_from_dir_callback(zfs_handle_t *, void *); +static int mount_zfs(zfs_handle_t *, char *); /* ******************************************************************** */ @@ -1165,8 +1166,7 @@ be_mount_callback(zfs_handle_t *zhp, void *data) /* * Set this filesystem's 'canmount' property to 'noauto' just incase - * it's been set 'on'. We do this so that when we change its - * mountpoint zfs won't immediately try to mount it. + * it's been set 'on'. */ if (zfs_prop_set(zhp, zfs_prop_to_name(ZFS_PROP_CANMOUNT), "noauto")) { be_print_err(gettext("be_mount_callback: failed to " @@ -1211,31 +1211,11 @@ be_mount_callback(zfs_handle_t *zhp, void *data) goto next; - } else if (sourcetype & ZPROP_SRC_INHERITED) { + } else if ((sourcetype & (ZPROP_SRC_INHERITED|ZPROP_SRC_LOCAL)) == 0) { /* - * If the mountpoint is inherited, its parent should have - * already been processed so its current mountpoint value - * is what its mountpoint ought to be. + * Skip dataset if mountpoint is not inherited + * or explicitly set. */ - (void) strlcpy(mountpoint, zhp_mountpoint, sizeof (mountpoint)); - } else if (sourcetype & ZPROP_SRC_LOCAL) { - /* - * Else process dataset with explicitly set mountpoint. - */ - (void) snprintf(mountpoint, sizeof (mountpoint), - "%s%s", altroot, zhp_mountpoint); - - /* Set the new mountpoint for the dataset */ - if (zfs_prop_set(zhp, - zfs_prop_to_name(ZFS_PROP_MOUNTPOINT), - mountpoint)) { - be_print_err(gettext("be_mount_callback: " - "failed to set mountpoint for %s to " - "%s\n"), fs_name, mountpoint); - ZFS_CLOSE(zhp); - return (BE_ERR_ZFS); - } - } else { be_print_err(gettext("be_mount_callback: " "mountpoint sourcetype of %s is %d, skipping ...\n"), fs_name, sourcetype); @@ -1244,21 +1224,10 @@ be_mount_callback(zfs_handle_t *zhp, void *data) } /* Mount this filesystem */ - if (zfs_mount(zhp, NULL, 0) != 0) { + if (mount_zfs(zhp, altroot) != 0) { be_print_err(gettext("be_mount_callback: failed to " "mount dataset %s at %s: %s\n"), fs_name, mountpoint, - libzfs_error_description(g_zfs)); - /* - * Set this filesystem's 'mountpoint' property back to what - * it was - */ - if (sourcetype & ZPROP_SRC_LOCAL && - strcmp(zhp_mountpoint, ZFS_MOUNTPOINT_LEGACY) != 0) { - (void) zfs_prop_set(zhp, - zfs_prop_to_name(ZFS_PROP_MOUNTPOINT), - zhp_mountpoint); - } - + strerror(errno)); ZFS_CLOSE(zhp); return (BE_ERR_MOUNT); } @@ -1377,15 +1346,11 @@ be_unmount_callback(zfs_handle_t *zhp, void *data) ret = zfs_err_to_be_err(g_zfs); } } else { - be_print_err( - gettext("be_unmount_callback: " - "%s not mounted under BE's altroot %s, " - "skipping ...\n"), fs_name, ud->altroot); /* - * fs_name is mounted but not under the - * root for this BE. + * Nothing to do, mountpoint shouldn't be + * corrected. */ - ret = BE_ERR_INVALMOUNTPOINT; + goto done; } } } else { @@ -2131,8 +2096,7 @@ be_mount_root(zfs_handle_t *zhp, char *altroot) /* * Set the canmount property for the BE's root dataset to 'noauto' just - * in case it's been set to 'on'. We do this so that when we change its - * mountpoint, zfs won't immediately try to mount it. + * in case it's been set to 'on'. */ if (zfs_prop_set(zhp, zfs_prop_to_name(ZFS_PROP_CANMOUNT), "noauto") != 0) { @@ -2142,28 +2106,12 @@ be_mount_root(zfs_handle_t *zhp, char *altroot) return (zfs_err_to_be_err(g_zfs)); } - /* Set mountpoint for BE's root filesystem */ - if (zfs_prop_set(zhp, zfs_prop_to_name(ZFS_PROP_MOUNTPOINT), altroot) - != 0) { - be_print_err(gettext("be_mount_root: failed to " - "set mountpoint of %s to %s: %s\n"), - zfs_get_name(zhp), altroot, - libzfs_error_description(g_zfs)); - return (zfs_err_to_be_err(g_zfs)); - } - /* Mount the BE's root filesystem */ - if (zfs_mount(zhp, NULL, 0) != 0) { + if (mount_zfs(zhp, altroot) != 0) { be_print_err(gettext("be_mount_root: failed to " "mount dataset %s at %s: %s\n"), zfs_get_name(zhp), - altroot, libzfs_error_description(g_zfs)); - /* - * Set this BE's root filesystem 'mountpoint' property - * back to what it was before. - */ - (void) zfs_prop_set(zhp, zfs_prop_to_name(ZFS_PROP_MOUNTPOINT), - mountpoint); - return (zfs_err_to_be_err(g_zfs)); + altroot, strerror(errno)); + return (BE_ERR_ZFS); } return (BE_SUCCESS); @@ -2727,3 +2675,76 @@ be_get_ds_from_dir_callback(zfs_handle_t *zhp, void *data) return (zret); } + +/* + * Function: mount_zfs + * Description: This is a function to mount zfs filesystem to alternative + * root without changing zfs mountpoint property. Logic is + * similar to zfs_mount. + * Parameters: + * zhp - zfs_handle_t pointer to current dataset being processed. + * altroot - char pointer to current alternative root. + * Returns: + * BE_SUCCESS - Success + * be_errno_t - Failure + * Scope: + * Private + */ +static int +mount_zfs(zfs_handle_t *zhp, char *altroot) +{ + int flags = 0; + char mountpoint[MAXPATHLEN]; + char real_mountpoint[MAXPATHLEN]; + char source[MAXNAMELEN]; + zprop_source_t sourcetype; + struct stat buf; + + /* Get dataset's mountpoint and source values */ + if (zfs_prop_get(zhp, ZFS_PROP_MOUNTPOINT, mountpoint, + sizeof (mountpoint), &sourcetype, source, sizeof (source), + B_FALSE) != 0) { + be_print_err(gettext("mount_zfs: " + "failed to get mountpoint and sourcetype for %s\n"), + zfs_get_name(zhp)); + ZFS_CLOSE(zhp); + return (BE_ERR_ZFS); + } + + if (strcmp(mountpoint, ZFS_MOUNTPOINT_LEGACY) == 0 || + strcmp(mountpoint, "/") == 0) { + /* + * We are called only from be_mount_root or be_mount_callback + * when mountpoint != LEGACY + */ + mountpoint[0] = '\0'; + } + + (void) snprintf(real_mountpoint, MAXPATHLEN, "%s%s", altroot, + mountpoint); + + if (zpool_get_prop_int(zfs_get_pool_handle(zhp), ZPOOL_PROP_READONLY, + NULL)) + flags |= MS_RDONLY; + + /* Create the directory if it doesn't already exist */ + if (lstat(real_mountpoint, &buf) != 0) { + if (mkdirp(real_mountpoint, 0755) != 0) { + be_print_err(gettext("mount_zfs: " + "failed to create mountpoint for %s\n"), + zfs_get_name(zhp)); + ZFS_CLOSE(zhp); + return (BE_ERR_ZFS); + } + } + + if (mount(zfs_get_name(zhp), real_mountpoint, flags, MNTTYPE_ZFS, + NULL, 0, NULL, 0)) { + be_print_err(gettext("mount_zfs: failed to " + "mount dataset %s at %s\n"), zfs_get_name(zhp), + real_mountpoint); + return (BE_ERR_ZFS); + } + + return (BE_SUCCESS); +} diff --git a/usr/src/lib/libcryptoutil/common/mechkeygen.c b/usr/src/lib/libcryptoutil/common/mechkeygen.c index 48e9ad1ffc..324ffe6a11 100644 --- a/usr/src/lib/libcryptoutil/common/mechkeygen.c +++ b/usr/src/lib/libcryptoutil/common/mechkeygen.c @@ -22,6 +22,7 @@ * Copyright 2008 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. * Copyright 2012 Milan Jurik. All rights reserved. + * Copyright 2016 Jason King. All rights reserved. */ #include <cryptoutil.h> @@ -52,6 +53,8 @@ pkcs11_mech2keygen(CK_MECHANISM_TYPE mech_type, CK_MECHANISM_TYPE *gen_mech) case CKM_RIPEMD128_RSA_PKCS: case CKM_RIPEMD160_RSA_PKCS: case CKM_RSA_PKCS_OAEP: + case CKM_RSA_PKCS_OAEP_TPM_1_1: + case CKM_RSA_PKCS_TPM_1_1: *gen_mech = CKM_RSA_PKCS_KEY_PAIR_GEN; break; @@ -73,6 +76,10 @@ pkcs11_mech2keygen(CK_MECHANISM_TYPE mech_type, CK_MECHANISM_TYPE *gen_mech) case CKM_DSA_KEY_PAIR_GEN: case CKM_DSA: case CKM_DSA_SHA1: + case CKM_DSA_SHA224: + case CKM_DSA_SHA256: + case CKM_DSA_SHA384: + case CKM_DSA_SHA512: *gen_mech = CKM_DSA_KEY_PAIR_GEN; break; @@ -80,6 +87,14 @@ pkcs11_mech2keygen(CK_MECHANISM_TYPE mech_type, CK_MECHANISM_TYPE *gen_mech) *gen_mech = CKM_DSA_PARAMETER_GEN; break; + case CKM_DSA_PROBABLISTIC_PARAMETER_GEN: + *gen_mech = CKM_DSA_PROBABLISTIC_PARAMETER_GEN; + break; + + case CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN: + *gen_mech = CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN; + break; + case CKM_FORTEZZA_TIMESTAMP: *gen_mech = CKM_DSA_KEY_PAIR_GEN; break; @@ -91,6 +106,10 @@ pkcs11_mech2keygen(CK_MECHANISM_TYPE mech_type, CK_MECHANISM_TYPE *gen_mech) case CKM_ECDSA: case CKM_ECDSA_SHA1: + case CKM_ECDSA_SHA224: + case CKM_ECDSA_SHA256: + case CKM_ECDSA_SHA384: + case CKM_ECDSA_SHA512: case CKM_EC_KEY_PAIR_GEN: case CKM_ECDH1_DERIVE: case CKM_ECDH1_COFACTOR_DERIVE: @@ -132,10 +151,19 @@ pkcs11_mech2keygen(CK_MECHANISM_TYPE mech_type, CK_MECHANISM_TYPE *gen_mech) case CKM_SHA512: case CKM_SHA512_HMAC: case CKM_SHA512_HMAC_GENERAL: + case CKM_SHA512_224: + case CKM_SHA512_224_HMAC: + case CKM_SHA512_224_HMAC_GENERAL: + case CKM_SHA512_224_KEY_DERIVATION: + case CKM_SHA512_256: + case CKM_SHA512_256_HMAC: + case CKM_SHA512_256_HMAC_GENERAL: + case CKM_SHA512_256_KEY_DERIVATION: case CKM_GENERIC_SECRET_KEY_GEN: case CKM_FASTHASH: case CKM_PKCS5_PBKD2: case CKM_PBA_SHA1_WITH_SHA1_HMAC: + case CKM_CMS_SIG: *gen_mech = CKM_GENERIC_SECRET_KEY_GEN; break; @@ -237,9 +265,16 @@ pkcs11_mech2keygen(CK_MECHANISM_TYPE mech_type, CK_MECHANISM_TYPE *gen_mech) case CKM_PBE_SHA1_DES3_EDE_CBC: case CKM_DES3_ECB_ENCRYPT_DATA: case CKM_DES3_CBC_ENCRYPT_DATA: + case CKM_DES3_CMAC: + case CKM_DES3_CMAC_GENERAL: *gen_mech = CKM_DES3_KEY_GEN; break; + case CKM_ACTI: + case CKM_ACTI_KEY_GEN: + *gen_mech = CKM_ACTI_KEY_GEN; + break; + case CKM_CAST_KEY_GEN: case CKM_CAST_ECB: case CKM_CAST_CBC: @@ -260,15 +295,16 @@ pkcs11_mech2keygen(CK_MECHANISM_TYPE mech_type, CK_MECHANISM_TYPE *gen_mech) *gen_mech = CKM_CAST3_KEY_GEN; break; - case CKM_CAST128_KEY_GEN: - case CKM_CAST128_ECB: - case CKM_CAST128_CBC: - case CKM_CAST128_MAC: - case CKM_CAST128_MAC_GENERAL: - case CKM_CAST128_CBC_PAD: - case CKM_PBE_MD5_CAST128_CBC: - case CKM_PBE_SHA1_CAST128_CBC: - *gen_mech = CKM_CAST128_KEY_GEN; + /* CAST5 and CAST128 are the same alg */ + case CKM_CAST5_CBC: + case CKM_CAST5_CBC_PAD: + case CKM_CAST5_ECB: + case CKM_CAST5_KEY_GEN: + case CKM_CAST5_MAC: + case CKM_CAST5_MAC_GENERAL: + case CKM_PBE_MD5_CAST5_CBC: + case CKM_PBE_SHA1_CAST5_CBC: + *gen_mech = CKM_CAST5_KEY_GEN; break; case CKM_RC5_KEY_GEN: @@ -339,11 +375,28 @@ pkcs11_mech2keygen(CK_MECHANISM_TYPE mech_type, CK_MECHANISM_TYPE *gen_mech) case CKM_AES_CBC_PAD: case CKM_AES_ECB_ENCRYPT_DATA: case CKM_AES_CBC_ENCRYPT_DATA: + case CKM_AES_CCM: + case CKM_AES_CFB1: + case CKM_AES_CFB128: + case CKM_AES_CFB64: + case CKM_AES_CFB8: + case CKM_AES_CMAC: + case CKM_AES_CMAC_GENERAL: + case CKM_AES_CTR: + case CKM_AES_CTS: + case CKM_AES_GCM: + case CKM_AES_GMAC: + case CKM_AES_KEY_WRAP: + case CKM_AES_KEY_WRAP_PAD: + case CKM_AES_OFB: + case CKM_AES_XCBC_MAC: + case CKM_AES_XCBC_MAC_96: *gen_mech = CKM_AES_KEY_GEN; break; case CKM_BLOWFISH_KEY_GEN: case CKM_BLOWFISH_CBC: + case CKM_BLOWFISH_CBC_PAD: *gen_mech = CKM_BLOWFISH_KEY_GEN; break; @@ -352,6 +405,66 @@ pkcs11_mech2keygen(CK_MECHANISM_TYPE mech_type, CK_MECHANISM_TYPE *gen_mech) *gen_mech = CKM_TWOFISH_KEY_GEN; break; + case CKM_CAMELLIA_CBC: + case CKM_CAMELLIA_CBC_ENCRYPT_DATA: + case CKM_CAMELLIA_CBC_PAD: + case CKM_CAMELLIA_CTR: + case CKM_CAMELLIA_ECB: + case CKM_CAMELLIA_ECB_ENCRYPT_DATA: + case CKM_CAMELLIA_KEY_GEN: + case CKM_CAMELLIA_MAC: + case CKM_CAMELLIA_MAC_GENERAL: + *gen_mech = CKM_CAMELLIA_KEY_GEN; + break; + + case CKM_ARIA_CBC: + case CKM_ARIA_CBC_ENCRYPT_DATA: + case CKM_ARIA_CBC_PAD: + case CKM_ARIA_ECB: + case CKM_ARIA_ECB_ENCRYPT_DATA: + case CKM_ARIA_KEY_GEN: + case CKM_ARIA_MAC: + case CKM_ARIA_MAC_GENERAL: + *gen_mech = CKM_ARIA_KEY_GEN; + break; + + case CKM_GOST28147: + case CKM_GOST28147_ECB: + case CKM_GOST28147_KEY_GEN: + case CKM_GOST28147_KEY_WRAP: + case CKM_GOST28147_MAC: + *gen_mech = CKM_GOST28147_KEY_GEN; + break; + + case CKM_GOSTR3410: + case CKM_GOSTR3410_DERIVE: + case CKM_GOSTR3410_KEY_PAIR_GEN: + case CKM_GOSTR3410_KEY_WRAP: + case CKM_GOSTR3410_WITH_GOSTR3411: + *gen_mech = CKM_GOSTR3410_KEY_PAIR_GEN; + break; + + case CKM_HOTP: + case CKM_HOTP_KEY_GEN: + *gen_mech = CKM_HOTP_KEY_GEN; + break; + + case CKM_SECURID: + case CKM_SECURID_KEY_GEN: + *gen_mech = CKM_SECURID_KEY_GEN; + break; + + case CKM_SEED_CBC: + case CKM_SEED_CBC_ENCRYPT_DATA: + case CKM_SEED_CBC_PAD: + case CKM_SEED_ECB: + case CKM_SEED_ECB_ENCRYPT_DATA: + case CKM_SEED_KEY_GEN: + case CKM_SEED_MAC: + case CKM_SEED_MAC_GENERAL: + *gen_mech = CKM_SEED_KEY_GEN; + break; + default: return (CKR_MECHANISM_INVALID); } diff --git a/usr/src/lib/libcryptoutil/common/mechkeytype.c b/usr/src/lib/libcryptoutil/common/mechkeytype.c index 4aba53489e..615bfa9cd0 100644 --- a/usr/src/lib/libcryptoutil/common/mechkeytype.c +++ b/usr/src/lib/libcryptoutil/common/mechkeytype.c @@ -21,16 +21,16 @@ /* * Copyright 2008 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. + * + * Copyright 2016 Jason King. */ -#pragma ident "%Z%%M% %I% %E% SMI" - #include <cryptoutil.h> /* * Get the key type for the given mechanism * - * All mechanisms in PKCS #11 v2.20 are listed here. + * All mechanisms in PKCS #11 v2.40 are listed here. */ CK_RV pkcs11_mech2keytype(CK_MECHANISM_TYPE mech_type, CK_KEY_TYPE *ktype) @@ -63,7 +63,8 @@ pkcs11_mech2keytype(CK_MECHANISM_TYPE mech_type, CK_KEY_TYPE *ktype) case CKM_SHA1_RSA_X9_31: case CKM_RSA_PKCS_PSS: case CKM_SHA1_RSA_PKCS_PSS: - case CKM_DH_PKCS_PARAMETER_GEN: + case CKM_RSA_PKCS_TPM_1_1: + case CKM_RSA_PKCS_OAEP_TPM_1_1: *ktype = CKK_RSA; break; @@ -72,9 +73,14 @@ pkcs11_mech2keytype(CK_MECHANISM_TYPE mech_type, CK_KEY_TYPE *ktype) case CKM_DSA_SHA1: case CKM_DSA_PARAMETER_GEN: case CKM_FORTEZZA_TIMESTAMP: + case CKM_DSA_SHA224: + case CKM_DSA_SHA256: + case CKM_DSA_SHA384: + case CKM_DSA_SHA512: *ktype = CKK_DSA; break; + case CKM_DH_PKCS_PARAMETER_GEN: case CKM_DH_PKCS_KEY_PAIR_GEN: case CKM_DH_PKCS_DERIVE: *ktype = CKK_DH; @@ -165,6 +171,27 @@ pkcs11_mech2keytype(CK_MECHANISM_TYPE mech_type, CK_KEY_TYPE *ktype) /* not sure the following 2 should be CKK_DES or not */ case CKM_KEY_WRAP_LYNKS: /* wrap/unwrap secret key w/ DES key */ case CKM_KEY_WRAP_SET_OAEP: /* wrap/unwarp DES key w/ RSA key */ + case CKM_SHA512_224: + case CKM_SHA512_224_HMAC: + case CKM_SHA512_224_HMAC_GENERAL: + case CKM_SHA512_224_KEY_DERIVATION: + case CKM_SHA512_256: + case CKM_SHA512_256_HMAC: + case CKM_SHA512_256_HMAC_GENERAL: + case CKM_SHA512_256_KEY_DERIVATION: + case CKM_SHA512_T: + case CKM_SHA512_T_HMAC: + case CKM_SHA512_T_HMAC_GENERAL: + case CKM_SHA512_T_KEY_DERIVATION: + case CKM_TLS10_MAC_SERVER: + case CKM_TLS10_MAC_CLIENT: + case CKM_TLS12_MAC: + case CKM_TLS12_MASTER_KEY_DERIVE: + case CKM_TLS12_KEY_AND_MAC_DERIVE: + case CKM_TLS12_MASTER_KEY_DERIVE_DH: + case CKM_TLS12_KEY_SAFE_DERIVE: + case CKM_TLS_MAC: + case CKM_TLS_KDF: *ktype = CKK_GENERIC_SECRET; break; @@ -318,18 +345,35 @@ pkcs11_mech2keytype(CK_MECHANISM_TYPE mech_type, CK_KEY_TYPE *ktype) case CKM_AES_MAC_GENERAL: case CKM_AES_CBC_PAD: case CKM_AES_CTR: + case CKM_AES_GCM: + case CKM_AES_CCM: + case CKM_AES_CTS: + case CKM_AES_CMAC: + case CKM_AES_CMAC_GENERAL: + case CKM_AES_XCBC_MAC: + case CKM_AES_XCBC_MAC_96: + case CKM_AES_GMAC: case CKM_AES_ECB_ENCRYPT_DATA: case CKM_AES_CBC_ENCRYPT_DATA: + case CKM_AES_OFB: + case CKM_AES_CFB8: + case CKM_AES_CFB64: + case CKM_AES_CFB128: + case CKM_AES_CFB1: + case CKM_AES_KEY_WRAP: + case CKM_AES_KEY_WRAP_PAD: *ktype = CKK_AES; break; case CKM_BLOWFISH_KEY_GEN: case CKM_BLOWFISH_CBC: + case CKM_BLOWFISH_CBC_PAD: *ktype = CKK_BLOWFISH; break; case CKM_TWOFISH_KEY_GEN: case CKM_TWOFISH_CBC: + case CKM_TWOFISH_CBC_PAD: *ktype = CKK_TWOFISH; break; @@ -371,6 +415,26 @@ pkcs11_mech2keytype(CK_MECHANISM_TYPE mech_type, CK_KEY_TYPE *ktype) *ktype = CKK_ARIA; break; + case CKM_GOSTR3410: + case CKM_GOSTR3410_WITH_GOSTR3411: + case CKM_GOSTR3410_KEY_WRAP: + case CKM_GOSTR3410_DERIVE: + *ktype = CKK_GOSTR3410; + break; + + case CKM_GOSTR3411: + case CKM_GOSTR3411_HMAC: + *ktype = CKK_GOSTR3411; + break; + + case CKM_GOST28147_KEY_GEN: + case CKM_GOST28147_ECB: + case CKM_GOST28147: + case CKM_GOST28147_MAC: + case CKM_GOST28147_KEY_WRAP: + *ktype = CKK_GOST28147; + break; + default: rv = CKR_MECHANISM_INVALID; break; diff --git a/usr/src/lib/libcryptoutil/common/mechstr.c b/usr/src/lib/libcryptoutil/common/mechstr.c index 007d7bc0da..388a636111 100644 --- a/usr/src/lib/libcryptoutil/common/mechstr.c +++ b/usr/src/lib/libcryptoutil/common/mechstr.c @@ -21,6 +21,7 @@ /* * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. + * Copyright 2016 Jason King */ /* @@ -68,6 +69,10 @@ static const pkcs11_mapping_t mapping[] = { { "CKM_DSA_KEY_PAIR_GEN", CKM_DSA_KEY_PAIR_GEN }, { "CKM_DSA", CKM_DSA }, { "CKM_DSA_SHA1", CKM_DSA_SHA1 }, + { "CKM_DSA_SHA224", CKM_DSA_SHA224 }, + { "CKM_DSA_SHA256", CKM_DSA_SHA256 }, + { "CKM_DSA_SHA384", CKM_DSA_SHA384 }, + { "CKM_DSA_SHA512", CKM_DSA_SHA512 }, { "CKM_DH_PKCS_KEY_PAIR_GEN", CKM_DH_PKCS_KEY_PAIR_GEN }, { "CKM_DH_PKCS_DERIVE", CKM_DH_PKCS_DERIVE }, { "CKM_X9_42_DH_KEY_PAIR_GEN", CKM_X9_42_DH_KEY_PAIR_GEN }, @@ -82,6 +87,18 @@ static const pkcs11_mapping_t mapping[] = { { "CKM_SHA512_RSA_PKCS_PSS", CKM_SHA512_RSA_PKCS_PSS }, { "CKM_SHA224_RSA_PKCS", CKM_SHA224_RSA_PKCS }, { "CKM_SHA224_RSA_PKCS_PSS", CKM_SHA224_RSA_PKCS_PSS }, + { "CKM_SHA512_224", CKM_SHA512_224 }, + { "CKM_SHA512_224_HMAC", CKM_SHA512_224_HMAC }, + { "CKM_SHA512_224_HMAC_GENERAL", CKM_SHA512_224_HMAC_GENERAL }, + { "CKM_SHA512_224_KEY_DERIVATION", CKM_SHA512_224_KEY_DERIVATION }, + { "CKM_SHA512_256", CKM_SHA512_256 }, + { "CKM_SHA512_256_HMAC", CKM_SHA512_256_HMAC }, + { "CKM_SHA512_256_HMAC_GENERAL", CKM_SHA512_256_HMAC_GENERAL }, + { "CKM_SHA512_256_KEY_DERIVATION", CKM_SHA512_256_KEY_DERIVATION }, + { "CKM_SHA512_T", CKM_SHA512_T }, + { "CKM_SHA512_T_HMAC", CKM_SHA512_T_HMAC }, + { "CKM_SHA512_T_HMAC_GENERAL", CKM_SHA512_T_HMAC_GENERAL }, + { "CKM_SHA512_T_KEY_DERIVATION", CKM_SHA512_T_KEY_DERIVATION }, { "CKM_RC2_KEY_GEN", CKM_RC2_KEY_GEN }, { "CKM_RC2_ECB", CKM_RC2_ECB }, { "CKM_RC2_CBC", CKM_RC2_CBC }, @@ -103,6 +120,8 @@ static const pkcs11_mapping_t mapping[] = { { "CKM_DES3_MAC", CKM_DES3_MAC }, { "CKM_DES3_MAC_GENERAL", CKM_DES3_MAC_GENERAL }, { "CKM_DES3_CBC_PAD", CKM_DES3_CBC_PAD }, + { "CKM_DES3_CMAC_GENERAL", CKM_DES3_CMAC_GENERAL }, + { "CKM_DES3_CMAC", CKM_DES3_CMAC }, { "CKM_CDMF_KEY_GEN", CKM_CDMF_KEY_GEN }, { "CKM_CDMF_ECB", CKM_CDMF_ECB }, { "CKM_CDMF_CBC", CKM_CDMF_CBC }, @@ -231,8 +250,19 @@ static const pkcs11_mapping_t mapping[] = { CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE }, { "CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE", CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE }, + { "CKM_TLS10_MAC_SERVER", CKM_TLS10_MAC_SERVER }, + { "CKM_TLS10_MAC_CLIENT", CKM_TLS10_MAC_CLIENT }, + { "CKM_TLS12_MAC", CKM_TLS12_MAC }, + { "CKM_TLS12_KDF", CKM_TLS12_KDF }, + { "CKM_TLS12_MASTER_KEY_DERIVE", CKM_TLS12_MASTER_KEY_DERIVE }, + { "CKM_TLS12_KEY_AND_MAC_DERIVE", CKM_TLS12_KEY_AND_MAC_DERIVE }, + { "CKM_TLS12_MASTER_KEY_DERIVE_DH", CKM_TLS12_MASTER_KEY_DERIVE_DH }, + { "CKM_TLS12_KEY_SAFE_DERIVE", CKM_TLS12_KEY_SAFE_DERIVE }, + { "CKM_TLS_MAC", CKM_TLS_MAC }, + { "CKM_TLS_KDF", CKM_TLS_KDF }, { "CKM_KEY_WRAP_LYNKS", CKM_KEY_WRAP_LYNKS }, { "CKM_KEY_WRAP_SET_OAEP", CKM_KEY_WRAP_SET_OAEP }, + { "CKM_CMS_SIG", CKM_CMS_SIG }, { "CKM_KIP_DERIVE", CKM_KIP_DERIVE }, { "CKM_KIP_WRAP", CKM_KIP_WRAP }, { "CKM_KIP_MAC", CKM_KIP_MAC }, @@ -253,7 +283,14 @@ static const pkcs11_mapping_t mapping[] = { { "CKM_ARIA_CBC_PAD", CKM_ARIA_CBC_PAD }, { "CKM_ARIA_ECB_ENCRYPT_DATA", CKM_ARIA_ECB_ENCRYPT_DATA }, { "CKM_ARIA_CBC_ENCRYPT_DATA", CKM_ARIA_CBC_ENCRYPT_DATA }, - { "CKM_CMS_SIG", CKM_CMS_SIG }, + { "CKM_SEED_KEY_GEN", CKM_SEED_KEY_GEN }, + { "CKM_SEED_ECB", CKM_SEED_ECB }, + { "CKM_SEED_CBC", CKM_SEED_CBC }, + { "CKM_SEED_MAC", CKM_SEED_MAC }, + { "CKM_SEED_MAC_GENERAL", CKM_SEED_MAC_GENERAL }, + { "CKM_SEED_CBC_PAD", CKM_SEED_CBC_PAD }, + { "CKM_SEED_ECB_ENCRYPT_DATA", CKM_SEED_ECB_ENCRYPT_DATA }, + { "CKM_SEED_CBC_ENCRYPT_DATA", CKM_SEED_CBC_ENCRYPT_DATA }, { "CKM_SKIPJACK_KEY_GEN", CKM_SKIPJACK_KEY_GEN }, { "CKM_SKIPJACK_ECB64", CKM_SKIPJACK_ECB64 }, { "CKM_SKIPJACK_CBC64", CKM_SKIPJACK_CBC64 }, @@ -267,6 +304,7 @@ static const pkcs11_mapping_t mapping[] = { { "CKM_SKIPJACK_RELAYX", CKM_SKIPJACK_RELAYX }, { "CKM_KEA_KEY_PAIR_GEN", CKM_KEA_KEY_PAIR_GEN }, { "CKM_KEA_KEY_DERIVE", CKM_KEA_KEY_DERIVE }, + { "CKM_KEA_DERIVE", CKM_KEA_DERIVE }, { "CKM_FORTEZZA_TIMESTAMP", CKM_FORTEZZA_TIMESTAMP }, { "CKM_BATON_KEY_GEN", CKM_BATON_KEY_GEN }, { "CKM_BATON_ECB128", CKM_BATON_ECB128 }, @@ -275,12 +313,19 @@ static const pkcs11_mapping_t mapping[] = { { "CKM_BATON_COUNTER", CKM_BATON_COUNTER }, { "CKM_BATON_SHUFFLE", CKM_BATON_SHUFFLE }, { "CKM_BATON_WRAP", CKM_BATON_WRAP }, + { "CKM_ECDSA_KEY_PAIR_GEN", CKM_ECDSA_KEY_PAIR_GEN }, { "CKM_EC_KEY_PAIR_GEN", CKM_EC_KEY_PAIR_GEN }, { "CKM_ECDSA", CKM_ECDSA }, { "CKM_ECDSA_SHA1", CKM_ECDSA_SHA1 }, + { "CKM_ECDSA_SHA224", CKM_ECDSA_SHA224 }, + { "CKM_ECDSA_SHA256", CKM_ECDSA_SHA256 }, + { "CKM_ECDSA_SHA384", CKM_ECDSA_SHA384 }, + { "CKM_ECDSA_SHA512", CKM_ECDSA_SHA512 }, { "CKM_ECDH1_DERIVE", CKM_ECDH1_DERIVE }, { "CKM_ECDH1_COFACTOR_DERIVE", CKM_ECDH1_COFACTOR_DERIVE }, { "CKM_ECMQV_DERIVE", CKM_ECMQV_DERIVE }, + { "CKM_ECDH_AES_KEY_WRAP", CKM_ECDH_AES_KEY_WRAP }, + { "CKM_RSA_AES_KEY_WRAP", CKM_RSA_AES_KEY_WRAP }, { "CKM_JUNIPER_KEY_GEN", CKM_JUNIPER_KEY_GEN }, { "CKM_JUNIPER_ECB128", CKM_JUNIPER_ECB128 }, { "CKM_JUNIPER_CBC128", CKM_JUNIPER_CBC128 }, @@ -295,19 +340,54 @@ static const pkcs11_mapping_t mapping[] = { { "CKM_AES_MAC_GENERAL", CKM_AES_MAC_GENERAL }, { "CKM_AES_CBC_PAD", CKM_AES_CBC_PAD }, { "CKM_AES_CTR", CKM_AES_CTR }, + { "CKM_AES_GCM", CKM_AES_GCM }, + { "CKM_AES_CCM", CKM_AES_CCM }, + { "CKM_AES_CTS", CKM_AES_CTS }, + { "CKM_AES_CMAC", CKM_AES_CMAC }, + { "CKM_AES_CMAC_GENERAL", CKM_AES_CMAC_GENERAL }, + { "CKM_AES_XCBC_MAC", CKM_AES_XCBC_MAC }, + { "CKM_AES_XCBC_MAC_96", CKM_AES_XCBC_MAC_96 }, + { "CKM_AES_GMAC", CKM_AES_GMAC }, { "CKM_BLOWFISH_KEY_GEN", CKM_BLOWFISH_KEY_GEN }, { "CKM_BLOWFISH_CBC", CKM_BLOWFISH_CBC }, { "CKM_TWOFISH_KEY_GEN", CKM_TWOFISH_KEY_GEN }, { "CKM_TWOFISH_CBC", CKM_TWOFISH_CBC }, + { "CKM_BLOWFISH_CBC_PAD", CKM_BLOWFISH_CBC_PAD }, + { "CKM_TWOFISH_CBC_PAD", CKM_TWOFISH_CBC_PAD }, { "CKM_DES_ECB_ENCRYPT_DATA", CKM_DES_ECB_ENCRYPT_DATA }, { "CKM_DES_CBC_ENCRYPT_DATA", CKM_DES_CBC_ENCRYPT_DATA }, { "CKM_DES3_ECB_ENCRYPT_DATA", CKM_DES3_ECB_ENCRYPT_DATA }, { "CKM_DES3_CBC_ENCRYPT_DATA", CKM_DES3_CBC_ENCRYPT_DATA }, { "CKM_AES_ECB_ENCRYPT_DATA", CKM_AES_ECB_ENCRYPT_DATA }, { "CKM_AES_CBC_ENCRYPT_DATA", CKM_AES_CBC_ENCRYPT_DATA }, + { "CKM_GOSTR3410_KEY_PAIR_GEN", CKM_GOSTR3410_KEY_PAIR_GEN }, + { "CKM_GOSTR3410", CKM_GOSTR3410 }, + { "CKM_GOSTR3410_WITH_GOSTR3411", CKM_GOSTR3410_WITH_GOSTR3411 }, + { "CKM_GOSTR3410_KEY_WRAP", CKM_GOSTR3410_KEY_WRAP }, + { "CKM_GOSTR3410_DERIVE", CKM_GOSTR3410_DERIVE }, + { "CKM_GOSTR3411", CKM_GOSTR3411 }, + { "CKM_GOSTR3411_HMAC", CKM_GOSTR3411_HMAC }, + { "CKM_GOST28147_KEY_GEN", CKM_GOST28147_KEY_GEN }, + { "CKM_GOST28147_ECB", CKM_GOST28147_ECB }, + { "CKM_GOST28147", CKM_GOST28147 }, + { "CKM_GOST28147_MAC", CKM_GOST28147_MAC }, + { "CKM_GOST28147_KEY_WRAP", CKM_GOST28147_KEY_WRAP }, { "CKM_DSA_PARAMETER_GEN", CKM_DSA_PARAMETER_GEN }, { "CKM_DH_PKCS_PARAMETER_GEN", CKM_DH_PKCS_PARAMETER_GEN }, { "CKM_X9_42_DH_PARAMETER_GEN", CKM_X9_42_DH_PARAMETER_GEN }, + { "CKM_DSA_PROBABLISTIC_PARAMETER_GEN", + CKM_DSA_PROBABLISTIC_PARAMETER_GEN }, + { "CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN", + CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN }, + { "CKM_AES_OFB", CKM_AES_OFB }, + { "CKM_AES_CFB64", CKM_AES_CFB64 }, + { "CKM_AES_CFB8", CKM_AES_CFB8 }, + { "CKM_AES_CFB128", CKM_AES_CFB128 }, + { "CKM_AES_CFB1", CKM_AES_CFB1 }, + { "CKM_AES_KEY_WRAP", CKM_AES_KEY_WRAP }, + { "CKM_AES_KEY_WRAP_PAD", CKM_AES_KEY_WRAP_PAD }, + { "CKM_RSA_PKCS_TPM_1_1", CKM_RSA_PKCS_TPM_1_1 }, + { "CKM_RSA_PKCS_OAEP_TPM_1_1", CKM_RSA_PKCS_OAEP_TPM_1_1 }, /* * Values >= 0x8000000 (CKM_VENDOR_DEFINED) are represented * as strings with hexadecimal numbers (e.g., "0x8123456"). @@ -323,9 +403,10 @@ static const pkcs11_mapping_t mapping[] = { * For use with bsearch(3C) in pkcs11_mech2str(). */ static int -pkcs11_mech_comp(const void *mapping1, const void *mapping2) { +pkcs11_mech_comp(const void *mapping1, const void *mapping2) +{ return (((pkcs11_mapping_t *)mapping1)->mech - - ((pkcs11_mapping_t *)mapping2)->mech); + ((pkcs11_mapping_t *)mapping2)->mech); } diff --git a/usr/src/lib/libcryptoutil/common/pkcserror.c b/usr/src/lib/libcryptoutil/common/pkcserror.c index 4215330967..b2295491be 100644 --- a/usr/src/lib/libcryptoutil/common/pkcserror.c +++ b/usr/src/lib/libcryptoutil/common/pkcserror.c @@ -23,6 +23,7 @@ * Copyright 2004 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. * Copyright 2012 Milan Jurik. All rights reserved. + * Copyright 2015 Jason King. */ /* @@ -71,6 +72,8 @@ pkcs11_strerror(CK_RV rv) return ("CKR_ATTRIBUTE_TYPE_INVALID"); case CKR_ATTRIBUTE_VALUE_INVALID: return ("CKR_ATTRIBUTE_VALUE_INVALID"); + case CKR_ACTION_PROHIBITED: + return ("CKR_ACTION_PROHIBITED"); case CKR_DATA_INVALID: return ("CKR_DATA_INVALID"); case CKR_DATA_LEN_RANGE: @@ -195,6 +198,8 @@ pkcs11_strerror(CK_RV rv) return ("CKR_RANDOM_NO_RNG"); case CKR_DOMAIN_PARAMS_INVALID: return ("CKR_DOMAIN_PARAMS_INVALID"); + case CKR_CURVE_NOT_SUPPORTED: + return ("CLR_CURVE_NOT_SUPPORTED"); case CKR_BUFFER_TOO_SMALL: return ("CKR_BUFFER_TOO_SMALL"); case CKR_SAVED_STATE_INVALID: @@ -211,6 +216,22 @@ pkcs11_strerror(CK_RV rv) return ("CKR_MUTEX_BAD"); case CKR_MUTEX_NOT_LOCKED: return ("CKR_MUTEX_NOT_LOCKED"); + case CKR_NEW_PIN_MODE: + return ("CKR_NEW_PIN_MODE"); + case CKR_NEXT_OTP: + return ("CKR_NEXT_OTP"); + case CKR_EXCEEDED_MAX_ITERATIONS: + return ("CKR_EXCEEDED_MAX_ITERATIONS"); + case CKR_FIPS_SELF_TEST_FAILED: + return ("CKR_FIPS_SELF_TEST_FAILED"); + case CKR_LIBRARY_LOAD_FAILED: + return ("CKR_LIBRARY_LOAD_FAILED"); + case CKR_PIN_TOO_WEAK: + return ("CKR_PIN_TOO_WEAK"); + case CKR_PUBLIC_KEY_INVALID: + return ("CKR_PUBLIC_KEY_INVALID"); + case CKR_FUNCTION_REJECTED: + return ("CKR_FUNCTION_REJECTED"); case CKR_VENDOR_DEFINED: return ("CKR_VENDOR_DEFINED"); default: diff --git a/usr/src/lib/libmapid/common/mapid.c b/usr/src/lib/libmapid/common/mapid.c index 1895c72fed..d0a006d6be 100644 --- a/usr/src/lib/libmapid/common/mapid.c +++ b/usr/src/lib/libmapid/common/mapid.c @@ -25,7 +25,7 @@ /* * PSARC/2004/154 nfsmapid DNS enhancements implementation. * - * As per RFC 3530, file owner and group attributes in version 4 of the + * As per RFC 7530, file owner and group attributes in version 4 of the * NFS protocol are no longer exchanged between client and server as 32 * bit integral values. Instead, owner and group file attributes are * exchanged between client and server as UTF8 strings of form diff --git a/usr/src/lib/pkcs11/include/cryptoki.h b/usr/src/lib/pkcs11/include/cryptoki.h index c319ad0204..2486b6c0b1 100644 --- a/usr/src/lib/pkcs11/include/cryptoki.h +++ b/usr/src/lib/pkcs11/include/cryptoki.h @@ -26,8 +26,6 @@ #ifndef _CRYPTOKI_H #define _CRYPTOKI_H -#pragma ident "%Z%%M% %I% %E% SMI" - #ifdef __cplusplus extern "C" { #endif diff --git a/usr/src/lib/pkcs11/include/pkcs11.h b/usr/src/lib/pkcs11/include/pkcs11.h index 6c612204b7..53bbbd6120 100644 --- a/usr/src/lib/pkcs11/include/pkcs11.h +++ b/usr/src/lib/pkcs11/include/pkcs11.h @@ -1,19 +1,12 @@ -/* pkcs11.h include file for PKCS #11. */ -/* $Revision: 1.4 $ */ - -/* License to copy and use this software is granted provided that it is - * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface - * (Cryptoki)" in all material mentioning or referencing this software. - - * License is also granted to make and use derivative works provided that - * such works are identified as "derived from the RSA Security Inc. PKCS #11 - * Cryptographic Token Interface (Cryptoki)" in all material mentioning or - * referencing the derived work. +/* Copyright (c) OASIS Open 2016. All Rights Reserved./ + * /Distributed under the terms of the OASIS IPR Policy, + * [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT ANY + * IMPLIED OR EXPRESS WARRANTY; there is no warranty of MERCHANTABILITY, FITNESS FOR A + * PARTICULAR PURPOSE or NONINFRINGEMENT of the rights of others. + */ - * RSA Security Inc. makes no representations concerning either the - * merchantability of this software or the suitability of this software for - * any particular purpose. It is provided "as is" without express or implied - * warranty of any kind. +/* Latest version of the specification: + * http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html */ #ifndef _PKCS11_H_ @@ -24,14 +17,14 @@ extern "C" { #endif /* Before including this file (pkcs11.h) (or pkcs11t.h by - * itself), 6 platform-specific macros must be defined. These + * itself), 5 platform-specific macros must be defined. These * macros are described below, and typical definitions for them * are also given. Be advised that these definitions can depend * on both the platform and the compiler used (and possibly also * on whether a Cryptoki library is linked statically or * dynamically). * - * In addition to defining these 6 macros, the packing convention + * In addition to defining these 5 macros, the packing convention * for Cryptoki structures should be set. The Cryptoki * convention on packing is that structures should be 1-byte * aligned. @@ -81,39 +74,7 @@ extern "C" { * #define CK_PTR * * * - * 2. CK_DEFINE_FUNCTION(returnType, name): A macro which makes - * an exportable Cryptoki library function definition out of a - * return type and a function name. It should be used in the - * following fashion to define the exposed Cryptoki functions in - * a Cryptoki library: - * - * CK_DEFINE_FUNCTION(CK_RV, C_Initialize)( - * CK_VOID_PTR pReserved - * ) - * { - * ... - * } - * - * If you're using Microsoft Developer Studio 5.0 to define a - * function in a Win32 Cryptoki .dll, it might be defined by: - * - * #define CK_DEFINE_FUNCTION(returnType, name) \ - * returnType __declspec(dllexport) name - * - * If you're using an earlier version of Microsoft Developer - * Studio to define a function in a Win16 Cryptoki .dll, it - * might be defined by: - * - * #define CK_DEFINE_FUNCTION(returnType, name) \ - * returnType __export _far _pascal name - * - * In a UNIX environment, it might be defined by: - * - * #define CK_DEFINE_FUNCTION(returnType, name) \ - * returnType name - * - * - * 3. CK_DECLARE_FUNCTION(returnType, name): A macro which makes + * 2. CK_DECLARE_FUNCTION(returnType, name): A macro which makes * an importable Cryptoki library function declaration out of a * return type and a function name. It should be used in the * following fashion: @@ -141,7 +102,7 @@ extern "C" { * returnType name * * - * 4. CK_DECLARE_FUNCTION_POINTER(returnType, name): A macro + * 3. CK_DECLARE_FUNCTION_POINTER(returnType, name): A macro * which makes a Cryptoki API function pointer declaration or * function pointer type declaration out of a return type and a * function name. It should be used in the following fashion: @@ -178,7 +139,7 @@ extern "C" { * returnType (* name) * * - * 5. CK_CALLBACK_FUNCTION(returnType, name): A macro which makes + * 4. CK_CALLBACK_FUNCTION(returnType, name): A macro which makes * a function pointer type for an application callback out of * a return type for the callback and a name for the callback. * It should be used in the following fashion: @@ -210,7 +171,7 @@ extern "C" { * returnType (* name) * * - * 6. NULL_PTR: This macro is the value of a NULL pointer. + * 5. NULL_PTR: This macro is the value of a NULL pointer. * * In any ANSI/ISO C environment (and in many others as well), * this should best be defined by @@ -222,7 +183,8 @@ extern "C" { /* All the various Cryptoki types and #define'd values are in the - * file pkcs11t.h. */ + * file pkcs11t.h. + */ #include "pkcs11t.h" #define __PASTE(x,y) x##y @@ -238,7 +200,8 @@ extern "C" { extern CK_DECLARE_FUNCTION(CK_RV, name) /* pkcs11f.h has all the information about the Cryptoki - * function prototypes. */ + * function prototypes. + */ #include "pkcs11f.h" #undef CK_NEED_ARG_LIST @@ -257,7 +220,8 @@ extern "C" { typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, __PASTE(CK_,name)) /* pkcs11f.h has all the information about the Cryptoki - * function prototypes. */ + * function prototypes. + */ #include "pkcs11f.h" #undef CK_NEED_ARG_LIST @@ -275,14 +239,15 @@ extern "C" { #define CK_PKCS11_FUNCTION_INFO(name) \ __PASTE(CK_,name) name; - + struct CK_FUNCTION_LIST { CK_VERSION version; /* Cryptoki version */ /* Pile all the function pointers into the CK_FUNCTION_LIST. */ /* pkcs11f.h has all the information about the Cryptoki - * function prototypes. */ + * function prototypes. + */ #include "pkcs11f.h" }; @@ -296,4 +261,4 @@ struct CK_FUNCTION_LIST { } #endif -#endif +#endif /* _PKCS11_H_ */ diff --git a/usr/src/lib/pkcs11/include/pkcs11f.h b/usr/src/lib/pkcs11/include/pkcs11f.h index a479384e12..538ba9eb63 100644 --- a/usr/src/lib/pkcs11/include/pkcs11f.h +++ b/usr/src/lib/pkcs11/include/pkcs11f.h @@ -1,26 +1,20 @@ -/* pkcs11f.h include file for PKCS #11. */ -/* $Revision: 1.4 $ */ - -/* License to copy and use this software is granted provided that it is - * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface - * (Cryptoki)" in all material mentioning or referencing this software. - - * License is also granted to make and use derivative works provided that - * such works are identified as "derived from the RSA Security Inc. PKCS #11 - * Cryptographic Token Interface (Cryptoki)" in all material mentioning or - * referencing the derived work. +/* Copyright (c) OASIS Open 2016. All Rights Reserved./ + * /Distributed under the terms of the OASIS IPR Policy, + * [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT ANY + * IMPLIED OR EXPRESS WARRANTY; there is no warranty of MERCHANTABILITY, FITNESS FOR A + * PARTICULAR PURPOSE or NONINFRINGEMENT of the rights of others. + */ - * RSA Security Inc. makes no representations concerning either the - * merchantability of this software or the suitability of this software for - * any particular purpose. It is provided "as is" without express or implied - * warranty of any kind. +/* Latest version of the specification: + * http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html */ -/* This header file contains pretty much everything about all the */ -/* Cryptoki function prototypes. Because this information is */ -/* used for more than just declaring function prototypes, the */ -/* order of the functions appearing herein is important, and */ -/* should not be altered. */ +/* This header file contains pretty much everything about all the + * Cryptoki function prototypes. Because this information is + * used for more than just declaring function prototypes, the + * order of the functions appearing herein is important, and + * should not be altered. + */ /* General-purpose */ @@ -30,13 +24,15 @@ CK_PKCS11_FUNCTION_INFO(C_Initialize) ( CK_VOID_PTR pInitArgs /* if this is not NULL_PTR, it gets * cast to CK_C_INITIALIZE_ARGS_PTR - * and dereferenced */ + * and dereferenced + */ ); #endif /* C_Finalize indicates that an application is done with the - * Cryptoki library. */ + * Cryptoki library. + */ CK_PKCS11_FUNCTION_INFO(C_Finalize) #ifdef CK_NEED_ARG_LIST ( @@ -59,7 +55,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetFunctionList) #ifdef CK_NEED_ARG_LIST ( CK_FUNCTION_LIST_PTR_PTR ppFunctionList /* receives pointer to - * function list */ + * function list + */ ); #endif @@ -71,7 +68,7 @@ CK_PKCS11_FUNCTION_INFO(C_GetFunctionList) CK_PKCS11_FUNCTION_INFO(C_GetSlotList) #ifdef CK_NEED_ARG_LIST ( - CK_BBOOL tokenPresent, /* only slots with tokens? */ + CK_BBOOL tokenPresent, /* only slots with tokens */ CK_SLOT_ID_PTR pSlotList, /* receives array of slot IDs */ CK_ULONG_PTR pulCount /* receives number of slots */ ); @@ -79,7 +76,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetSlotList) /* C_GetSlotInfo obtains information about a particular slot in - * the system. */ + * the system. + */ CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo) #ifdef CK_NEED_ARG_LIST ( @@ -90,7 +88,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo) /* C_GetTokenInfo obtains information about a particular token - * in the system. */ + * in the system. + */ CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo) #ifdef CK_NEED_ARG_LIST ( @@ -101,7 +100,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo) /* C_GetMechanismList obtains a list of mechanism types - * supported by a token. */ + * supported by a token. + */ CK_PKCS11_FUNCTION_INFO(C_GetMechanismList) #ifdef CK_NEED_ARG_LIST ( @@ -113,7 +113,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetMechanismList) /* C_GetMechanismInfo obtains information about a particular - * mechanism possibly supported by a token. */ + * mechanism possibly supported by a token. + */ CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo) #ifdef CK_NEED_ARG_LIST ( @@ -127,7 +128,6 @@ CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo) /* C_InitToken initializes a token. */ CK_PKCS11_FUNCTION_INFO(C_InitToken) #ifdef CK_NEED_ARG_LIST -/* pLabel changed from CK_CHAR_PTR to CK_UTF8CHAR_PTR for v2.10 */ ( CK_SLOT_ID slotID, /* ID of the token's slot */ CK_UTF8CHAR_PTR pPin, /* the SO's initial PIN */ @@ -165,7 +165,8 @@ CK_PKCS11_FUNCTION_INFO(C_SetPIN) /* Session management */ /* C_OpenSession opens a session between an application and a - * token. */ + * token. + */ CK_PKCS11_FUNCTION_INFO(C_OpenSession) #ifdef CK_NEED_ARG_LIST ( @@ -179,7 +180,8 @@ CK_PKCS11_FUNCTION_INFO(C_OpenSession) /* C_CloseSession closes a session between an application and a - * token. */ + * token. + */ CK_PKCS11_FUNCTION_INFO(C_CloseSession) #ifdef CK_NEED_ARG_LIST ( @@ -208,7 +210,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetSessionInfo) /* C_GetOperationState obtains the state of the cryptographic operation - * in a session. */ + * in a session. + */ CK_PKCS11_FUNCTION_INFO(C_GetOperationState) #ifdef CK_NEED_ARG_LIST ( @@ -220,7 +223,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetOperationState) /* C_SetOperationState restores the state of the cryptographic - * operation in a session. */ + * operation in a session. + */ CK_PKCS11_FUNCTION_INFO(C_SetOperationState) #ifdef CK_NEED_ARG_LIST ( @@ -270,7 +274,8 @@ CK_PKCS11_FUNCTION_INFO(C_CreateObject) /* C_CopyObject copies an object, creating a new object for the - * copy. */ + * copy. + */ CK_PKCS11_FUNCTION_INFO(C_CopyObject) #ifdef CK_NEED_ARG_LIST ( @@ -305,7 +310,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetObjectSize) /* C_GetAttributeValue obtains the value of one or more object - * attributes. */ + * attributes. + */ CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue) #ifdef CK_NEED_ARG_LIST ( @@ -318,7 +324,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue) /* C_SetAttributeValue modifies the value of one or more object - * attributes */ + * attributes. + */ CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue) #ifdef CK_NEED_ARG_LIST ( @@ -331,7 +338,8 @@ CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue) /* C_FindObjectsInit initializes a search for token and session - * objects that match a template. */ + * objects that match a template. + */ CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit) #ifdef CK_NEED_ARG_LIST ( @@ -344,7 +352,8 @@ CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit) /* C_FindObjects continues a search for token and session * objects that match a template, obtaining additional object - * handles. */ + * handles. + */ CK_PKCS11_FUNCTION_INFO(C_FindObjects) #ifdef CK_NEED_ARG_LIST ( @@ -357,7 +366,8 @@ CK_PKCS11_FUNCTION_INFO(C_FindObjects) /* C_FindObjectsFinal finishes a search for token and session - * objects. */ + * objects. + */ CK_PKCS11_FUNCTION_INFO(C_FindObjectsFinal) #ifdef CK_NEED_ARG_LIST ( @@ -394,7 +404,8 @@ CK_PKCS11_FUNCTION_INFO(C_Encrypt) /* C_EncryptUpdate continues a multiple-part encryption - * operation. */ + * operation. + */ CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate) #ifdef CK_NEED_ARG_LIST ( @@ -408,7 +419,8 @@ CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate) /* C_EncryptFinal finishes a multiple-part encryption - * operation. */ + * operation. + */ CK_PKCS11_FUNCTION_INFO(C_EncryptFinal) #ifdef CK_NEED_ARG_LIST ( @@ -444,7 +456,8 @@ CK_PKCS11_FUNCTION_INFO(C_Decrypt) /* C_DecryptUpdate continues a multiple-part decryption - * operation. */ + * operation. + */ CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate) #ifdef CK_NEED_ARG_LIST ( @@ -458,7 +471,8 @@ CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate) /* C_DecryptFinal finishes a multiple-part decryption - * operation. */ + * operation. + */ CK_PKCS11_FUNCTION_INFO(C_DecryptFinal) #ifdef CK_NEED_ARG_LIST ( @@ -496,7 +510,8 @@ CK_PKCS11_FUNCTION_INFO(C_Digest) /* C_DigestUpdate continues a multiple-part message-digesting - * operation. */ + * operation. + */ CK_PKCS11_FUNCTION_INFO(C_DigestUpdate) #ifdef CK_NEED_ARG_LIST ( @@ -509,7 +524,8 @@ CK_PKCS11_FUNCTION_INFO(C_DigestUpdate) /* C_DigestKey continues a multi-part message-digesting * operation, by digesting the value of a secret key as part of - * the data already digested. */ + * the data already digested. + */ CK_PKCS11_FUNCTION_INFO(C_DigestKey) #ifdef CK_NEED_ARG_LIST ( @@ -520,7 +536,8 @@ CK_PKCS11_FUNCTION_INFO(C_DigestKey) /* C_DigestFinal finishes a multiple-part message-digesting - * operation. */ + * operation. + */ CK_PKCS11_FUNCTION_INFO(C_DigestFinal) #ifdef CK_NEED_ARG_LIST ( @@ -537,7 +554,8 @@ CK_PKCS11_FUNCTION_INFO(C_DigestFinal) /* C_SignInit initializes a signature (private key encryption) * operation, where the signature is (will be) an appendix to * the data, and plaintext cannot be recovered from the - *signature. */ + * signature. + */ CK_PKCS11_FUNCTION_INFO(C_SignInit) #ifdef CK_NEED_ARG_LIST ( @@ -550,7 +568,8 @@ CK_PKCS11_FUNCTION_INFO(C_SignInit) /* C_Sign signs (encrypts with private key) data in a single * part, where the signature is (will be) an appendix to the - * data, and plaintext cannot be recovered from the signature. */ + * data, and plaintext cannot be recovered from the signature. + */ CK_PKCS11_FUNCTION_INFO(C_Sign) #ifdef CK_NEED_ARG_LIST ( @@ -564,8 +583,9 @@ CK_PKCS11_FUNCTION_INFO(C_Sign) /* C_SignUpdate continues a multiple-part signature operation, - * where the signature is (will be) an appendix to the data, - * and plaintext cannot be recovered from the signature. */ + * where the signature is (will be) an appendix to the data, + * and plaintext cannot be recovered from the signature. + */ CK_PKCS11_FUNCTION_INFO(C_SignUpdate) #ifdef CK_NEED_ARG_LIST ( @@ -576,8 +596,9 @@ CK_PKCS11_FUNCTION_INFO(C_SignUpdate) #endif -/* C_SignFinal finishes a multiple-part signature operation, - * returning the signature. */ +/* C_SignFinal finishes a multiple-part signature operation, + * returning the signature. + */ CK_PKCS11_FUNCTION_INFO(C_SignFinal) #ifdef CK_NEED_ARG_LIST ( @@ -589,7 +610,8 @@ CK_PKCS11_FUNCTION_INFO(C_SignFinal) /* C_SignRecoverInit initializes a signature operation, where - * the data can be recovered from the signature. */ + * the data can be recovered from the signature. + */ CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit) #ifdef CK_NEED_ARG_LIST ( @@ -601,7 +623,8 @@ CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit) /* C_SignRecover signs data in a single operation, where the - * data can be recovered from the signature. */ + * data can be recovered from the signature. + */ CK_PKCS11_FUNCTION_INFO(C_SignRecover) #ifdef CK_NEED_ARG_LIST ( @@ -619,20 +642,22 @@ CK_PKCS11_FUNCTION_INFO(C_SignRecover) /* C_VerifyInit initializes a verification operation, where the * signature is an appendix to the data, and plaintext cannot - * cannot be recovered from the signature (e.g. DSA). */ + * cannot be recovered from the signature (e.g. DSA). + */ CK_PKCS11_FUNCTION_INFO(C_VerifyInit) #ifdef CK_NEED_ARG_LIST ( CK_SESSION_HANDLE hSession, /* the session's handle */ CK_MECHANISM_PTR pMechanism, /* the verification mechanism */ - CK_OBJECT_HANDLE hKey /* verification key */ + CK_OBJECT_HANDLE hKey /* verification key */ ); #endif -/* C_Verify verifies a signature in a single-part operation, +/* C_Verify verifies a signature in a single-part operation, * where the signature is an appendix to the data, and plaintext - * cannot be recovered from the signature. */ + * cannot be recovered from the signature. + */ CK_PKCS11_FUNCTION_INFO(C_Verify) #ifdef CK_NEED_ARG_LIST ( @@ -646,8 +671,9 @@ CK_PKCS11_FUNCTION_INFO(C_Verify) /* C_VerifyUpdate continues a multiple-part verification - * operation, where the signature is an appendix to the data, - * and plaintext cannot be recovered from the signature. */ + * operation, where the signature is an appendix to the data, + * and plaintext cannot be recovered from the signature. + */ CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate) #ifdef CK_NEED_ARG_LIST ( @@ -659,7 +685,8 @@ CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate) /* C_VerifyFinal finishes a multiple-part verification - * operation, checking the signature. */ + * operation, checking the signature. + */ CK_PKCS11_FUNCTION_INFO(C_VerifyFinal) #ifdef CK_NEED_ARG_LIST ( @@ -671,7 +698,8 @@ CK_PKCS11_FUNCTION_INFO(C_VerifyFinal) /* C_VerifyRecoverInit initializes a signature verification - * operation, where the data is recovered from the signature. */ + * operation, where the data is recovered from the signature. + */ CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit) #ifdef CK_NEED_ARG_LIST ( @@ -683,7 +711,8 @@ CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit) /* C_VerifyRecover verifies a signature in a single-part - * operation, where the data is recovered from the signature. */ + * operation, where the data is recovered from the signature. + */ CK_PKCS11_FUNCTION_INFO(C_VerifyRecover) #ifdef CK_NEED_ARG_LIST ( @@ -700,7 +729,8 @@ CK_PKCS11_FUNCTION_INFO(C_VerifyRecover) /* Dual-function cryptographic operations */ /* C_DigestEncryptUpdate continues a multiple-part digesting - * and encryption operation. */ + * and encryption operation. + */ CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate) #ifdef CK_NEED_ARG_LIST ( @@ -714,7 +744,8 @@ CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate) /* C_DecryptDigestUpdate continues a multiple-part decryption and - * digesting operation. */ + * digesting operation. + */ CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate) #ifdef CK_NEED_ARG_LIST ( @@ -728,7 +759,8 @@ CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate) /* C_SignEncryptUpdate continues a multiple-part signing and - * encryption operation. */ + * encryption operation. + */ CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate) #ifdef CK_NEED_ARG_LIST ( @@ -742,7 +774,8 @@ CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate) /* C_DecryptVerifyUpdate continues a multiple-part decryption and - * verify operation. */ + * verify operation. + */ CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate) #ifdef CK_NEED_ARG_LIST ( @@ -759,7 +792,8 @@ CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate) /* Key management */ /* C_GenerateKey generates a secret key, creating a new key - * object. */ + * object. + */ CK_PKCS11_FUNCTION_INFO(C_GenerateKey) #ifdef CK_NEED_ARG_LIST ( @@ -772,31 +806,20 @@ CK_PKCS11_FUNCTION_INFO(C_GenerateKey) #endif -/* C_GenerateKeyPair generates a public-key/private-key pair, - * creating new key objects. */ +/* C_GenerateKeyPair generates a public-key/private-key pair, + * creating new key objects. + */ CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair) #ifdef CK_NEED_ARG_LIST ( - CK_SESSION_HANDLE hSession, /* session - * handle */ - CK_MECHANISM_PTR pMechanism, /* key-gen - * mech. */ - CK_ATTRIBUTE_PTR pPublicKeyTemplate, /* template - * for pub. - * key */ - CK_ULONG ulPublicKeyAttributeCount, /* # pub. - * attrs. */ - CK_ATTRIBUTE_PTR pPrivateKeyTemplate, /* template - * for priv. - * key */ - CK_ULONG ulPrivateKeyAttributeCount, /* # priv. - * attrs. */ - CK_OBJECT_HANDLE_PTR phPublicKey, /* gets pub. - * key - * handle */ - CK_OBJECT_HANDLE_PTR phPrivateKey /* gets - * priv. key - * handle */ + CK_SESSION_HANDLE hSession, /* session handle */ + CK_MECHANISM_PTR pMechanism, /* key-gen mech. */ + CK_ATTRIBUTE_PTR pPublicKeyTemplate, /* template for pub. key */ + CK_ULONG ulPublicKeyAttributeCount, /* # pub. attrs. */ + CK_ATTRIBUTE_PTR pPrivateKeyTemplate, /* template for priv. key */ + CK_ULONG ulPrivateKeyAttributeCount, /* # priv. attrs. */ + CK_OBJECT_HANDLE_PTR phPublicKey, /* gets pub. key handle */ + CK_OBJECT_HANDLE_PTR phPrivateKey /* gets priv. key handle */ ); #endif @@ -816,7 +839,8 @@ CK_PKCS11_FUNCTION_INFO(C_WrapKey) /* C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new - * key object. */ + * key object. + */ CK_PKCS11_FUNCTION_INFO(C_UnwrapKey) #ifdef CK_NEED_ARG_LIST ( @@ -833,7 +857,8 @@ CK_PKCS11_FUNCTION_INFO(C_UnwrapKey) /* C_DeriveKey derives a key from a base key, creating a new key - * object. */ + * object. + */ CK_PKCS11_FUNCTION_INFO(C_DeriveKey) #ifdef CK_NEED_ARG_LIST ( @@ -851,7 +876,8 @@ CK_PKCS11_FUNCTION_INFO(C_DeriveKey) /* Random number generation */ /* C_SeedRandom mixes additional seed material into the token's - * random number generator. */ + * random number generator. + */ CK_PKCS11_FUNCTION_INFO(C_SeedRandom) #ifdef CK_NEED_ARG_LIST ( @@ -878,7 +904,8 @@ CK_PKCS11_FUNCTION_INFO(C_GenerateRandom) /* C_GetFunctionStatus is a legacy function; it obtains an * updated status of a function running in parallel with an - * application. */ + * application. + */ CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus) #ifdef CK_NEED_ARG_LIST ( @@ -888,7 +915,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus) /* C_CancelFunction is a legacy function; it cancels a function - * running in parallel. */ + * running in parallel. + */ CK_PKCS11_FUNCTION_INFO(C_CancelFunction) #ifdef CK_NEED_ARG_LIST ( @@ -897,11 +925,9 @@ CK_PKCS11_FUNCTION_INFO(C_CancelFunction) #endif - -/* Functions added in for Cryptoki Version 2.01 or later */ - /* C_WaitForSlotEvent waits for a slot event (token insertion, - * removal, etc.) to occur. */ + * removal, etc.) to occur. + */ CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent) #ifdef CK_NEED_ARG_LIST ( diff --git a/usr/src/lib/pkcs11/include/pkcs11t.h b/usr/src/lib/pkcs11/include/pkcs11t.h index 006c998eba..8538779977 100644 --- a/usr/src/lib/pkcs11/include/pkcs11t.h +++ b/usr/src/lib/pkcs11/include/pkcs11t.h @@ -1,40 +1,33 @@ -/* pkcs11t.h include file for PKCS #11. */ -/* $Revision: 1.10 $ */ - -/* License to copy and use this software is granted provided that it is - * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface - * (Cryptoki)" in all material mentioning or referencing this software. - - * License is also granted to make and use derivative works provided that - * such works are identified as "derived from the RSA Security Inc. PKCS #11 - * Cryptographic Token Interface (Cryptoki)" in all material mentioning or - * referencing the derived work. +/* Copyright (c) OASIS Open 2016. All Rights Reserved./ + * /Distributed under the terms of the OASIS IPR Policy, + * [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT ANY + * IMPLIED OR EXPRESS WARRANTY; there is no warranty of MERCHANTABILITY, FITNESS FOR A + * PARTICULAR PURPOSE or NONINFRINGEMENT of the rights of others. + */ - * RSA Security Inc. makes no representations concerning either the - * merchantability of this software or the suitability of this software for - * any particular purpose. It is provided "as is" without express or implied - * warranty of any kind. +/* Latest version of the specification: + * http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html */ /* See top of pkcs11.h for information about the macros that * must be defined and the structure-packing conventions that - * must be set before including this file. */ + * must be set before including this file. + */ #ifndef _PKCS11T_H_ #define _PKCS11T_H_ 1 -#define CRYPTOKI_VERSION_MAJOR 2 -#define CRYPTOKI_VERSION_MINOR 20 -#define CRYPTOKI_VERSION_AMENDMENT 3 +#define CRYPTOKI_VERSION_MAJOR 2 +#define CRYPTOKI_VERSION_MINOR 40 +#define CRYPTOKI_VERSION_AMENDMENT 0 -#define CK_TRUE 1 -#define CK_FALSE 0 +#define CK_TRUE 1 +#define CK_FALSE 0 #ifndef CK_DISABLE_TRUE_FALSE #ifndef FALSE #define FALSE CK_FALSE #endif - #ifndef TRUE #define TRUE CK_TRUE #endif @@ -56,7 +49,6 @@ typedef CK_BYTE CK_BBOOL; typedef unsigned long int CK_ULONG; /* a signed value, the same size as a CK_ULONG */ -/* CK_LONG is new for v2.0 */ typedef long int CK_LONG; /* at least 32 bits; each bit is a Boolean flag */ @@ -64,8 +56,8 @@ typedef CK_ULONG CK_FLAGS; /* some special values for certain CK_ULONG variables */ -#define CK_UNAVAILABLE_INFORMATION (~0UL) -#define CK_EFFECTIVELY_INFINITE 0 +#define CK_UNAVAILABLE_INFORMATION (~0UL) +#define CK_EFFECTIVELY_INFINITE 0UL typedef CK_BYTE CK_PTR CK_BYTE_PTR; @@ -78,9 +70,10 @@ typedef void CK_PTR CK_VOID_PTR; typedef CK_VOID_PTR CK_PTR CK_VOID_PTR_PTR; -/* The following value is always invalid if used as a session */ -/* handle or object handle */ -#define CK_INVALID_HANDLE 0 +/* The following value is always invalid if used as a session + * handle or object handle + */ +#define CK_INVALID_HANDLE 0UL typedef struct CK_VERSION { @@ -92,13 +85,9 @@ typedef CK_VERSION CK_PTR CK_VERSION_PTR; typedef struct CK_INFO { - /* manufacturerID and libraryDecription have been changed from - * CK_CHAR to CK_UTF8CHAR for v2.10 */ CK_VERSION cryptokiVersion; /* Cryptoki interface ver */ CK_UTF8CHAR manufacturerID[32]; /* blank padded */ CK_FLAGS flags; /* must be zero */ - - /* libraryDescription and libraryVersion are new for v2.0 */ CK_UTF8CHAR libraryDescription[32]; /* blank padded */ CK_VERSION libraryVersion; /* version of library */ } CK_INFO; @@ -107,15 +96,11 @@ typedef CK_INFO CK_PTR CK_INFO_PTR; /* CK_NOTIFICATION enumerates the types of notifications that - * Cryptoki provides to an application */ -/* CK_NOTIFICATION has been changed from an enum to a CK_ULONG - * for v2.0 */ + * Cryptoki provides to an application + */ typedef CK_ULONG CK_NOTIFICATION; -#define CKN_SURRENDER 0 - -/* The following notification is new for PKCS #11 v2.20 amendment 3 */ -#define CKN_OTP_CHANGED 1 - +#define CKN_SURRENDER 0UL +#define CKN_OTP_CHANGED 1UL typedef CK_ULONG CK_SLOT_ID; @@ -124,13 +109,10 @@ typedef CK_SLOT_ID CK_PTR CK_SLOT_ID_PTR; /* CK_SLOT_INFO provides information about a slot */ typedef struct CK_SLOT_INFO { - /* slotDescription and manufacturerID have been changed from - * CK_CHAR to CK_UTF8CHAR for v2.10 */ CK_UTF8CHAR slotDescription[64]; /* blank padded */ CK_UTF8CHAR manufacturerID[32]; /* blank padded */ CK_FLAGS flags; - /* hardwareVersion and firmwareVersion are new for v2.0 */ CK_VERSION hardwareVersion; /* version of hardware */ CK_VERSION firmwareVersion; /* version of firmware */ } CK_SLOT_INFO; @@ -138,26 +120,21 @@ typedef struct CK_SLOT_INFO { /* flags: bit flags that provide capabilities of the slot * Bit Flag Mask Meaning */ -#define CKF_TOKEN_PRESENT 0x00000001 /* a token is there */ -#define CKF_REMOVABLE_DEVICE 0x00000002 /* removable devices*/ -#define CKF_HW_SLOT 0x00000004 /* hardware slot */ +#define CKF_TOKEN_PRESENT 0x00000001UL /* a token is there */ +#define CKF_REMOVABLE_DEVICE 0x00000002UL /* removable devices*/ +#define CKF_HW_SLOT 0x00000004UL /* hardware slot */ typedef CK_SLOT_INFO CK_PTR CK_SLOT_INFO_PTR; /* CK_TOKEN_INFO provides information about a token */ typedef struct CK_TOKEN_INFO { - /* label, manufacturerID, and model have been changed from - * CK_CHAR to CK_UTF8CHAR for v2.10 */ CK_UTF8CHAR label[32]; /* blank padded */ CK_UTF8CHAR manufacturerID[32]; /* blank padded */ CK_UTF8CHAR model[16]; /* blank padded */ CK_CHAR serialNumber[16]; /* blank padded */ CK_FLAGS flags; /* see below */ - /* ulMaxSessionCount, ulSessionCount, ulMaxRwSessionCount, - * ulRwSessionCount, ulMaxPinLen, and ulMinPinLen have all been - * changed from CK_USHORT to CK_ULONG for v2.0 */ CK_ULONG ulMaxSessionCount; /* max open sessions */ CK_ULONG ulSessionCount; /* sess. now open */ CK_ULONG ulMaxRwSessionCount; /* max R/W sessions */ @@ -168,9 +145,6 @@ typedef struct CK_TOKEN_INFO { CK_ULONG ulFreePublicMemory; /* in bytes */ CK_ULONG ulTotalPrivateMemory; /* in bytes */ CK_ULONG ulFreePrivateMemory; /* in bytes */ - - /* hardwareVersion, firmwareVersion, and time are new for - * v2.0 */ CK_VERSION hardwareVersion; /* version of hardware */ CK_VERSION firmwareVersion; /* version of firmware */ CK_CHAR utcTime[16]; /* time */ @@ -179,146 +153,149 @@ typedef struct CK_TOKEN_INFO { /* The flags parameter is defined as follows: * Bit Flag Mask Meaning */ -#define CKF_RNG 0x00000001 /* has random # - * generator */ -#define CKF_WRITE_PROTECTED 0x00000002 /* token is - * write- - * protected */ -#define CKF_LOGIN_REQUIRED 0x00000004 /* user must - * login */ -#define CKF_USER_PIN_INITIALIZED 0x00000008 /* normal user's - * PIN is set */ - -/* CKF_RESTORE_KEY_NOT_NEEDED is new for v2.0. If it is set, +#define CKF_RNG 0x00000001UL /* has random # generator */ +#define CKF_WRITE_PROTECTED 0x00000002UL /* token is write-protected */ +#define CKF_LOGIN_REQUIRED 0x00000004UL /* user must login */ +#define CKF_USER_PIN_INITIALIZED 0x00000008UL /* normal user's PIN is set */ + +/* CKF_RESTORE_KEY_NOT_NEEDED. If it is set, * that means that *every* time the state of cryptographic * operations of a session is successfully saved, all keys - * needed to continue those operations are stored in the state */ -#define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020 + * needed to continue those operations are stored in the state + */ +#define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020UL -/* CKF_CLOCK_ON_TOKEN is new for v2.0. If it is set, that means +/* CKF_CLOCK_ON_TOKEN. If it is set, that means * that the token has some sort of clock. The time on that - * clock is returned in the token info structure */ -#define CKF_CLOCK_ON_TOKEN 0x00000040 + * clock is returned in the token info structure + */ +#define CKF_CLOCK_ON_TOKEN 0x00000040UL -/* CKF_PROTECTED_AUTHENTICATION_PATH is new for v2.0. If it is +/* CKF_PROTECTED_AUTHENTICATION_PATH. If it is * set, that means that there is some way for the user to login - * without sending a PIN through the Cryptoki library itself */ -#define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100 + * without sending a PIN through the Cryptoki library itself + */ +#define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100UL -/* CKF_DUAL_CRYPTO_OPERATIONS is new for v2.0. If it is true, +/* CKF_DUAL_CRYPTO_OPERATIONS. If it is true, * that means that a single session with the token can perform * dual simultaneous cryptographic operations (digest and * encrypt; decrypt and digest; sign and encrypt; and decrypt - * and sign) */ -#define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200 + * and sign) + */ +#define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200UL -/* CKF_TOKEN_INITIALIZED if new for v2.10. If it is true, the +/* CKF_TOKEN_INITIALIZED. If it is true, the * token has been initialized using C_InitializeToken or an * equivalent mechanism outside the scope of PKCS #11. * Calling C_InitializeToken when this flag is set will cause - * the token to be reinitialized. */ -#define CKF_TOKEN_INITIALIZED 0x00000400 + * the token to be reinitialized. + */ +#define CKF_TOKEN_INITIALIZED 0x00000400UL -/* CKF_SECONDARY_AUTHENTICATION if new for v2.10. If it is +/* CKF_SECONDARY_AUTHENTICATION. If it is * true, the token supports secondary authentication for - * private key objects. This flag is deprecated in v2.11 and - onwards. */ -#define CKF_SECONDARY_AUTHENTICATION 0x00000800 + * private key objects. + */ +#define CKF_SECONDARY_AUTHENTICATION 0x00000800UL -/* CKF_USER_PIN_COUNT_LOW if new for v2.10. If it is true, an +/* CKF_USER_PIN_COUNT_LOW. If it is true, an * incorrect user login PIN has been entered at least once - * since the last successful authentication. */ -#define CKF_USER_PIN_COUNT_LOW 0x00010000 + * since the last successful authentication. + */ +#define CKF_USER_PIN_COUNT_LOW 0x00010000UL -/* CKF_USER_PIN_FINAL_TRY if new for v2.10. If it is true, - * supplying an incorrect user PIN will it to become locked. */ -#define CKF_USER_PIN_FINAL_TRY 0x00020000 +/* CKF_USER_PIN_FINAL_TRY. If it is true, + * supplying an incorrect user PIN will it to become locked. + */ +#define CKF_USER_PIN_FINAL_TRY 0x00020000UL -/* CKF_USER_PIN_LOCKED if new for v2.10. If it is true, the +/* CKF_USER_PIN_LOCKED. If it is true, the * user PIN has been locked. User login to the token is not - * possible. */ -#define CKF_USER_PIN_LOCKED 0x00040000 + * possible. + */ +#define CKF_USER_PIN_LOCKED 0x00040000UL -/* CKF_USER_PIN_TO_BE_CHANGED if new for v2.10. If it is true, +/* CKF_USER_PIN_TO_BE_CHANGED. If it is true, * the user PIN value is the default value set by token * initialization or manufacturing, or the PIN has been - * expired by the card. */ -#define CKF_USER_PIN_TO_BE_CHANGED 0x00080000 + * expired by the card. + */ +#define CKF_USER_PIN_TO_BE_CHANGED 0x00080000UL -/* CKF_SO_PIN_COUNT_LOW if new for v2.10. If it is true, an +/* CKF_SO_PIN_COUNT_LOW. If it is true, an * incorrect SO login PIN has been entered at least once since - * the last successful authentication. */ -#define CKF_SO_PIN_COUNT_LOW 0x00100000 + * the last successful authentication. + */ +#define CKF_SO_PIN_COUNT_LOW 0x00100000UL -/* CKF_SO_PIN_FINAL_TRY if new for v2.10. If it is true, - * supplying an incorrect SO PIN will it to become locked. */ -#define CKF_SO_PIN_FINAL_TRY 0x00200000 +/* CKF_SO_PIN_FINAL_TRY. If it is true, + * supplying an incorrect SO PIN will it to become locked. + */ +#define CKF_SO_PIN_FINAL_TRY 0x00200000UL -/* CKF_SO_PIN_LOCKED if new for v2.10. If it is true, the SO +/* CKF_SO_PIN_LOCKED. If it is true, the SO * PIN has been locked. SO login to the token is not possible. */ -#define CKF_SO_PIN_LOCKED 0x00400000 +#define CKF_SO_PIN_LOCKED 0x00400000UL -/* CKF_SO_PIN_TO_BE_CHANGED if new for v2.10. If it is true, +/* CKF_SO_PIN_TO_BE_CHANGED. If it is true, * the SO PIN value is the default value set by token * initialization or manufacturing, or the PIN has been - * expired by the card. */ -#define CKF_SO_PIN_TO_BE_CHANGED 0x00800000 + * expired by the card. + */ +#define CKF_SO_PIN_TO_BE_CHANGED 0x00800000UL + +#define CKF_ERROR_STATE 0x01000000UL typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR; /* CK_SESSION_HANDLE is a Cryptoki-assigned value that - * identifies a session */ + * identifies a session + */ typedef CK_ULONG CK_SESSION_HANDLE; typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR; /* CK_USER_TYPE enumerates the types of Cryptoki users */ -/* CK_USER_TYPE has been changed from an enum to a CK_ULONG for - * v2.0 */ typedef CK_ULONG CK_USER_TYPE; /* Security Officer */ -#define CKU_SO 0 +#define CKU_SO 0UL /* Normal user */ -#define CKU_USER 1 -/* Context specific (added in v2.20) */ -#define CKU_CONTEXT_SPECIFIC 2 +#define CKU_USER 1UL +/* Context specific */ +#define CKU_CONTEXT_SPECIFIC 2UL /* CK_STATE enumerates the session states */ -/* CK_STATE has been changed from an enum to a CK_ULONG for - * v2.0 */ typedef CK_ULONG CK_STATE; -#define CKS_RO_PUBLIC_SESSION 0 -#define CKS_RO_USER_FUNCTIONS 1 -#define CKS_RW_PUBLIC_SESSION 2 -#define CKS_RW_USER_FUNCTIONS 3 -#define CKS_RW_SO_FUNCTIONS 4 - +#define CKS_RO_PUBLIC_SESSION 0UL +#define CKS_RO_USER_FUNCTIONS 1UL +#define CKS_RW_PUBLIC_SESSION 2UL +#define CKS_RW_USER_FUNCTIONS 3UL +#define CKS_RW_SO_FUNCTIONS 4UL /* CK_SESSION_INFO provides information about a session */ typedef struct CK_SESSION_INFO { CK_SLOT_ID slotID; CK_STATE state; CK_FLAGS flags; /* see below */ - - /* ulDeviceError was changed from CK_USHORT to CK_ULONG for - * v2.0 */ CK_ULONG ulDeviceError; /* device-dependent error code */ } CK_SESSION_INFO; /* The flags are defined in the following table: * Bit Flag Mask Meaning */ -#define CKF_RW_SESSION 0x00000002 /* session is r/w */ -#define CKF_SERIAL_SESSION 0x00000004 /* no parallel */ +#define CKF_RW_SESSION 0x00000002UL /* session is r/w */ +#define CKF_SERIAL_SESSION 0x00000004UL /* no parallel */ typedef CK_SESSION_INFO CK_PTR CK_SESSION_INFO_PTR; /* CK_OBJECT_HANDLE is a token-specific identifier for an - * object */ + * object + */ typedef CK_ULONG CK_OBJECT_HANDLE; typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR; @@ -326,294 +303,273 @@ typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR; /* CK_OBJECT_CLASS is a value that identifies the classes (or * types) of objects that Cryptoki recognizes. It is defined - * as follows: */ -/* CK_OBJECT_CLASS was changed from CK_USHORT to CK_ULONG for - * v2.0 */ + * as follows: + */ typedef CK_ULONG CK_OBJECT_CLASS; /* The following classes of objects are defined: */ -/* CKO_HW_FEATURE is new for v2.10 */ -/* CKO_DOMAIN_PARAMETERS is new for v2.11 */ -/* CKO_MECHANISM is new for v2.20 */ -#define CKO_DATA 0x00000000 -#define CKO_CERTIFICATE 0x00000001 -#define CKO_PUBLIC_KEY 0x00000002 -#define CKO_PRIVATE_KEY 0x00000003 -#define CKO_SECRET_KEY 0x00000004 -#define CKO_HW_FEATURE 0x00000005 -#define CKO_DOMAIN_PARAMETERS 0x00000006 -#define CKO_MECHANISM 0x00000007 - -/* CKO_OTP_KEY is new for PKCS #11 v2.20 amendment 1 */ -#define CKO_OTP_KEY 0x00000008 - -#define CKO_VENDOR_DEFINED 0x80000000 +#define CKO_DATA 0x00000000UL +#define CKO_CERTIFICATE 0x00000001UL +#define CKO_PUBLIC_KEY 0x00000002UL +#define CKO_PRIVATE_KEY 0x00000003UL +#define CKO_SECRET_KEY 0x00000004UL +#define CKO_HW_FEATURE 0x00000005UL +#define CKO_DOMAIN_PARAMETERS 0x00000006UL +#define CKO_MECHANISM 0x00000007UL +#define CKO_OTP_KEY 0x00000008UL + +#define CKO_VENDOR_DEFINED 0x80000000UL typedef CK_OBJECT_CLASS CK_PTR CK_OBJECT_CLASS_PTR; -/* CK_HW_FEATURE_TYPE is new for v2.10. CK_HW_FEATURE_TYPE is a - * value that identifies the hardware feature type of an object - * with CK_OBJECT_CLASS equal to CKO_HW_FEATURE. */ +/* CK_HW_FEATURE_TYPE is a value that identifies the hardware feature type + * of an object with CK_OBJECT_CLASS equal to CKO_HW_FEATURE. + */ typedef CK_ULONG CK_HW_FEATURE_TYPE; /* The following hardware feature types are defined */ -/* CKH_USER_INTERFACE is new for v2.20 */ -#define CKH_MONOTONIC_COUNTER 0x00000001 -#define CKH_CLOCK 0x00000002 -#define CKH_USER_INTERFACE 0x00000003 -#define CKH_VENDOR_DEFINED 0x80000000 +#define CKH_MONOTONIC_COUNTER 0x00000001UL +#define CKH_CLOCK 0x00000002UL +#define CKH_USER_INTERFACE 0x00000003UL +#define CKH_VENDOR_DEFINED 0x80000000UL /* CK_KEY_TYPE is a value that identifies a key type */ -/* CK_KEY_TYPE was changed from CK_USHORT to CK_ULONG for v2.0 */ typedef CK_ULONG CK_KEY_TYPE; /* the following key types are defined: */ -#define CKK_RSA 0x00000000 -#define CKK_DSA 0x00000001 -#define CKK_DH 0x00000002 - -/* CKK_ECDSA and CKK_KEA are new for v2.0 */ -/* CKK_ECDSA is deprecated in v2.11, CKK_EC is preferred. */ -#define CKK_ECDSA 0x00000003 -#define CKK_EC 0x00000003 -#define CKK_X9_42_DH 0x00000004 -#define CKK_KEA 0x00000005 - -#define CKK_GENERIC_SECRET 0x00000010 -#define CKK_RC2 0x00000011 -#define CKK_RC4 0x00000012 -#define CKK_DES 0x00000013 -#define CKK_DES2 0x00000014 -#define CKK_DES3 0x00000015 - -/* all these key types are new for v2.0 */ -#define CKK_CAST 0x00000016 -#define CKK_CAST3 0x00000017 -/* CKK_CAST5 is deprecated in v2.11, CKK_CAST128 is preferred. */ -#define CKK_CAST5 0x00000018 -#define CKK_CAST128 0x00000018 -#define CKK_RC5 0x00000019 -#define CKK_IDEA 0x0000001A -#define CKK_SKIPJACK 0x0000001B -#define CKK_BATON 0x0000001C -#define CKK_JUNIPER 0x0000001D -#define CKK_CDMF 0x0000001E -#define CKK_AES 0x0000001F - -/* BlowFish and TwoFish are new for v2.20 */ -#define CKK_BLOWFISH 0x00000020 -#define CKK_TWOFISH 0x00000021 - -/* SecurID, HOTP, and ACTI are new for PKCS #11 v2.20 amendment 1 */ -#define CKK_SECURID 0x00000022 -#define CKK_HOTP 0x00000023 -#define CKK_ACTI 0x00000024 - -/* Camellia is new for PKCS #11 v2.20 amendment 3 */ -#define CKK_CAMELLIA 0x00000025 -/* ARIA is new for PKCS #11 v2.20 amendment 3 */ -#define CKK_ARIA 0x00000026 - - -#define CKK_VENDOR_DEFINED 0x80000000 +#define CKK_RSA 0x00000000UL +#define CKK_DSA 0x00000001UL +#define CKK_DH 0x00000002UL +#define CKK_ECDSA 0x00000003UL /* Deprecated */ +#define CKK_EC 0x00000003UL +#define CKK_X9_42_DH 0x00000004UL +#define CKK_KEA 0x00000005UL +#define CKK_GENERIC_SECRET 0x00000010UL +#define CKK_RC2 0x00000011UL +#define CKK_RC4 0x00000012UL +#define CKK_DES 0x00000013UL +#define CKK_DES2 0x00000014UL +#define CKK_DES3 0x00000015UL +#define CKK_CAST 0x00000016UL +#define CKK_CAST3 0x00000017UL +#define CKK_CAST5 0x00000018UL /* Deprecated */ +#define CKK_CAST128 0x00000018UL +#define CKK_RC5 0x00000019UL +#define CKK_IDEA 0x0000001AUL +#define CKK_SKIPJACK 0x0000001BUL +#define CKK_BATON 0x0000001CUL +#define CKK_JUNIPER 0x0000001DUL +#define CKK_CDMF 0x0000001EUL +#define CKK_AES 0x0000001FUL +#define CKK_BLOWFISH 0x00000020UL +#define CKK_TWOFISH 0x00000021UL +#define CKK_SECURID 0x00000022UL +#define CKK_HOTP 0x00000023UL +#define CKK_ACTI 0x00000024UL +#define CKK_CAMELLIA 0x00000025UL +#define CKK_ARIA 0x00000026UL + +#define CKK_MD5_HMAC 0x00000027UL +#define CKK_SHA_1_HMAC 0x00000028UL +#define CKK_RIPEMD128_HMAC 0x00000029UL +#define CKK_RIPEMD160_HMAC 0x0000002AUL +#define CKK_SHA256_HMAC 0x0000002BUL +#define CKK_SHA384_HMAC 0x0000002CUL +#define CKK_SHA512_HMAC 0x0000002DUL +#define CKK_SHA224_HMAC 0x0000002EUL + +#define CKK_SEED 0x0000002FUL +#define CKK_GOSTR3410 0x00000030UL +#define CKK_GOSTR3411 0x00000031UL +#define CKK_GOST28147 0x00000032UL + + + +#define CKK_VENDOR_DEFINED 0x80000000UL /* CK_CERTIFICATE_TYPE is a value that identifies a certificate - * type */ -/* CK_CERTIFICATE_TYPE was changed from CK_USHORT to CK_ULONG - * for v2.0 */ + * type + */ typedef CK_ULONG CK_CERTIFICATE_TYPE; +#define CK_CERTIFICATE_CATEGORY_UNSPECIFIED 0UL +#define CK_CERTIFICATE_CATEGORY_TOKEN_USER 1UL +#define CK_CERTIFICATE_CATEGORY_AUTHORITY 2UL +#define CK_CERTIFICATE_CATEGORY_OTHER_ENTITY 3UL + +#define CK_SECURITY_DOMAIN_UNSPECIFIED 0UL +#define CK_SECURITY_DOMAIN_MANUFACTURER 1UL +#define CK_SECURITY_DOMAIN_OPERATOR 2UL +#define CK_SECURITY_DOMAIN_THIRD_PARTY 3UL + + /* The following certificate types are defined: */ -/* CKC_X_509_ATTR_CERT is new for v2.10 */ -/* CKC_WTLS is new for v2.20 */ -#define CKC_X_509 0x00000000 -#define CKC_X_509_ATTR_CERT 0x00000001 -#define CKC_WTLS 0x00000002 -#define CKC_VENDOR_DEFINED 0x80000000 +#define CKC_X_509 0x00000000UL +#define CKC_X_509_ATTR_CERT 0x00000001UL +#define CKC_WTLS 0x00000002UL +#define CKC_VENDOR_DEFINED 0x80000000UL /* CK_ATTRIBUTE_TYPE is a value that identifies an attribute - * type */ -/* CK_ATTRIBUTE_TYPE was changed from CK_USHORT to CK_ULONG for - * v2.0 */ + * type + */ typedef CK_ULONG CK_ATTRIBUTE_TYPE; /* The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which - consists of an array of values. */ -#define CKF_ARRAY_ATTRIBUTE 0x40000000 - -/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 - and relates to the CKA_OTP_FORMAT attribute */ -#define CK_OTP_FORMAT_DECIMAL 0 -#define CK_OTP_FORMAT_HEXADECIMAL 1 -#define CK_OTP_FORMAT_ALPHANUMERIC 2 -#define CK_OTP_FORMAT_BINARY 3 - -/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 - and relates to the CKA_OTP_..._REQUIREMENT attributes */ -#define CK_OTP_PARAM_IGNORED 0 -#define CK_OTP_PARAM_OPTIONAL 1 -#define CK_OTP_PARAM_MANDATORY 2 + * consists of an array of values. + */ +#define CKF_ARRAY_ATTRIBUTE 0x40000000UL + +/* The following OTP-related defines relate to the CKA_OTP_FORMAT attribute */ +#define CK_OTP_FORMAT_DECIMAL 0UL +#define CK_OTP_FORMAT_HEXADECIMAL 1UL +#define CK_OTP_FORMAT_ALPHANUMERIC 2UL +#define CK_OTP_FORMAT_BINARY 3UL + +/* The following OTP-related defines relate to the CKA_OTP_..._REQUIREMENT + * attributes + */ +#define CK_OTP_PARAM_IGNORED 0UL +#define CK_OTP_PARAM_OPTIONAL 1UL +#define CK_OTP_PARAM_MANDATORY 2UL /* The following attribute types are defined: */ -#define CKA_CLASS 0x00000000 -#define CKA_TOKEN 0x00000001 -#define CKA_PRIVATE 0x00000002 -#define CKA_LABEL 0x00000003 -#define CKA_APPLICATION 0x00000010 -#define CKA_VALUE 0x00000011 - -/* CKA_OBJECT_ID is new for v2.10 */ -#define CKA_OBJECT_ID 0x00000012 - -#define CKA_CERTIFICATE_TYPE 0x00000080 -#define CKA_ISSUER 0x00000081 -#define CKA_SERIAL_NUMBER 0x00000082 - -/* CKA_AC_ISSUER, CKA_OWNER, and CKA_ATTR_TYPES are new - * for v2.10 */ -#define CKA_AC_ISSUER 0x00000083 -#define CKA_OWNER 0x00000084 -#define CKA_ATTR_TYPES 0x00000085 - -/* CKA_TRUSTED is new for v2.11 */ -#define CKA_TRUSTED 0x00000086 - -/* CKA_CERTIFICATE_CATEGORY ... - * CKA_CHECK_VALUE are new for v2.20 */ -#define CKA_CERTIFICATE_CATEGORY 0x00000087 -#define CKA_JAVA_MIDP_SECURITY_DOMAIN 0x00000088 -#define CKA_URL 0x00000089 -#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY 0x0000008A -#define CKA_HASH_OF_ISSUER_PUBLIC_KEY 0x0000008B -#define CKA_CHECK_VALUE 0x00000090 - -#define CKA_KEY_TYPE 0x00000100 -#define CKA_SUBJECT 0x00000101 -#define CKA_ID 0x00000102 -#define CKA_SENSITIVE 0x00000103 -#define CKA_ENCRYPT 0x00000104 -#define CKA_DECRYPT 0x00000105 -#define CKA_WRAP 0x00000106 -#define CKA_UNWRAP 0x00000107 -#define CKA_SIGN 0x00000108 -#define CKA_SIGN_RECOVER 0x00000109 -#define CKA_VERIFY 0x0000010A -#define CKA_VERIFY_RECOVER 0x0000010B -#define CKA_DERIVE 0x0000010C -#define CKA_START_DATE 0x00000110 -#define CKA_END_DATE 0x00000111 -#define CKA_MODULUS 0x00000120 -#define CKA_MODULUS_BITS 0x00000121 -#define CKA_PUBLIC_EXPONENT 0x00000122 -#define CKA_PRIVATE_EXPONENT 0x00000123 -#define CKA_PRIME_1 0x00000124 -#define CKA_PRIME_2 0x00000125 -#define CKA_EXPONENT_1 0x00000126 -#define CKA_EXPONENT_2 0x00000127 -#define CKA_COEFFICIENT 0x00000128 -#define CKA_PRIME 0x00000130 -#define CKA_SUBPRIME 0x00000131 -#define CKA_BASE 0x00000132 - -/* CKA_PRIME_BITS and CKA_SUB_PRIME_BITS are new for v2.11 */ -#define CKA_PRIME_BITS 0x00000133 -#define CKA_SUBPRIME_BITS 0x00000134 +#define CKA_CLASS 0x00000000UL +#define CKA_TOKEN 0x00000001UL +#define CKA_PRIVATE 0x00000002UL +#define CKA_LABEL 0x00000003UL +#define CKA_APPLICATION 0x00000010UL +#define CKA_VALUE 0x00000011UL +#define CKA_OBJECT_ID 0x00000012UL +#define CKA_CERTIFICATE_TYPE 0x00000080UL +#define CKA_ISSUER 0x00000081UL +#define CKA_SERIAL_NUMBER 0x00000082UL +#define CKA_AC_ISSUER 0x00000083UL +#define CKA_OWNER 0x00000084UL +#define CKA_ATTR_TYPES 0x00000085UL +#define CKA_TRUSTED 0x00000086UL +#define CKA_CERTIFICATE_CATEGORY 0x00000087UL +#define CKA_JAVA_MIDP_SECURITY_DOMAIN 0x00000088UL +#define CKA_URL 0x00000089UL +#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY 0x0000008AUL +#define CKA_HASH_OF_ISSUER_PUBLIC_KEY 0x0000008BUL +#define CKA_NAME_HASH_ALGORITHM 0x0000008CUL +#define CKA_CHECK_VALUE 0x00000090UL + +#define CKA_KEY_TYPE 0x00000100UL +#define CKA_SUBJECT 0x00000101UL +#define CKA_ID 0x00000102UL +#define CKA_SENSITIVE 0x00000103UL +#define CKA_ENCRYPT 0x00000104UL +#define CKA_DECRYPT 0x00000105UL +#define CKA_WRAP 0x00000106UL +#define CKA_UNWRAP 0x00000107UL +#define CKA_SIGN 0x00000108UL +#define CKA_SIGN_RECOVER 0x00000109UL +#define CKA_VERIFY 0x0000010AUL +#define CKA_VERIFY_RECOVER 0x0000010BUL +#define CKA_DERIVE 0x0000010CUL +#define CKA_START_DATE 0x00000110UL +#define CKA_END_DATE 0x00000111UL +#define CKA_MODULUS 0x00000120UL +#define CKA_MODULUS_BITS 0x00000121UL +#define CKA_PUBLIC_EXPONENT 0x00000122UL +#define CKA_PRIVATE_EXPONENT 0x00000123UL +#define CKA_PRIME_1 0x00000124UL +#define CKA_PRIME_2 0x00000125UL +#define CKA_EXPONENT_1 0x00000126UL +#define CKA_EXPONENT_2 0x00000127UL +#define CKA_COEFFICIENT 0x00000128UL +#define CKA_PUBLIC_KEY_INFO 0x00000129UL +#define CKA_PRIME 0x00000130UL +#define CKA_SUBPRIME 0x00000131UL +#define CKA_BASE 0x00000132UL + +#define CKA_PRIME_BITS 0x00000133UL +#define CKA_SUBPRIME_BITS 0x00000134UL #define CKA_SUB_PRIME_BITS CKA_SUBPRIME_BITS -/* (To retain backwards-compatibility) */ - -#define CKA_VALUE_BITS 0x00000160 -#define CKA_VALUE_LEN 0x00000161 - -/* CKA_EXTRACTABLE, CKA_LOCAL, CKA_NEVER_EXTRACTABLE, - * CKA_ALWAYS_SENSITIVE, CKA_MODIFIABLE, CKA_ECDSA_PARAMS, - * and CKA_EC_POINT are new for v2.0 */ -#define CKA_EXTRACTABLE 0x00000162 -#define CKA_LOCAL 0x00000163 -#define CKA_NEVER_EXTRACTABLE 0x00000164 -#define CKA_ALWAYS_SENSITIVE 0x00000165 - -/* CKA_KEY_GEN_MECHANISM is new for v2.11 */ -#define CKA_KEY_GEN_MECHANISM 0x00000166 - -#define CKA_MODIFIABLE 0x00000170 - -/* CKA_ECDSA_PARAMS is deprecated in v2.11, - * CKA_EC_PARAMS is preferred. */ -#define CKA_ECDSA_PARAMS 0x00000180 -#define CKA_EC_PARAMS 0x00000180 - -#define CKA_EC_POINT 0x00000181 - -/* CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS, - * are new for v2.10. Deprecated in v2.11 and onwards. */ -#define CKA_SECONDARY_AUTH 0x00000200 -#define CKA_AUTH_PIN_FLAGS 0x00000201 - -/* CKA_ALWAYS_AUTHENTICATE ... - * CKA_UNWRAP_TEMPLATE are new for v2.20 */ -#define CKA_ALWAYS_AUTHENTICATE 0x00000202 - -#define CKA_WRAP_WITH_TRUSTED 0x00000210 -#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000211) -#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000212) - -/* CKA_OTP... atttributes are new for PKCS #11 v2.20 amendment 3. */ -#define CKA_OTP_FORMAT 0x00000220 -#define CKA_OTP_LENGTH 0x00000221 -#define CKA_OTP_TIME_INTERVAL 0x00000222 -#define CKA_OTP_USER_FRIENDLY_MODE 0x00000223 -#define CKA_OTP_CHALLENGE_REQUIREMENT 0x00000224 -#define CKA_OTP_TIME_REQUIREMENT 0x00000225 -#define CKA_OTP_COUNTER_REQUIREMENT 0x00000226 -#define CKA_OTP_PIN_REQUIREMENT 0x00000227 -#define CKA_OTP_COUNTER 0x0000022E -#define CKA_OTP_TIME 0x0000022F -#define CKA_OTP_USER_IDENTIFIER 0x0000022A -#define CKA_OTP_SERVICE_IDENTIFIER 0x0000022B -#define CKA_OTP_SERVICE_LOGO 0x0000022C -#define CKA_OTP_SERVICE_LOGO_TYPE 0x0000022D - - -/* CKA_HW_FEATURE_TYPE, CKA_RESET_ON_INIT, and CKA_HAS_RESET - * are new for v2.10 */ -#define CKA_HW_FEATURE_TYPE 0x00000300 -#define CKA_RESET_ON_INIT 0x00000301 -#define CKA_HAS_RESET 0x00000302 - -/* The following attributes are new for v2.20 */ -#define CKA_PIXEL_X 0x00000400 -#define CKA_PIXEL_Y 0x00000401 -#define CKA_RESOLUTION 0x00000402 -#define CKA_CHAR_ROWS 0x00000403 -#define CKA_CHAR_COLUMNS 0x00000404 -#define CKA_COLOR 0x00000405 -#define CKA_BITS_PER_PIXEL 0x00000406 -#define CKA_CHAR_SETS 0x00000480 -#define CKA_ENCODING_METHODS 0x00000481 -#define CKA_MIME_TYPES 0x00000482 -#define CKA_MECHANISM_TYPE 0x00000500 -#define CKA_REQUIRED_CMS_ATTRIBUTES 0x00000501 -#define CKA_DEFAULT_CMS_ATTRIBUTES 0x00000502 -#define CKA_SUPPORTED_CMS_ATTRIBUTES 0x00000503 -#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE|0x00000600) - -#define CKA_VENDOR_DEFINED 0x80000000 + +#define CKA_VALUE_BITS 0x00000160UL +#define CKA_VALUE_LEN 0x00000161UL +#define CKA_EXTRACTABLE 0x00000162UL +#define CKA_LOCAL 0x00000163UL +#define CKA_NEVER_EXTRACTABLE 0x00000164UL +#define CKA_ALWAYS_SENSITIVE 0x00000165UL +#define CKA_KEY_GEN_MECHANISM 0x00000166UL + +#define CKA_MODIFIABLE 0x00000170UL +#define CKA_COPYABLE 0x00000171UL + +#define CKA_DESTROYABLE 0x00000172UL + +#define CKA_ECDSA_PARAMS 0x00000180UL /* Deprecated */ +#define CKA_EC_PARAMS 0x00000180UL + +#define CKA_EC_POINT 0x00000181UL + +#define CKA_SECONDARY_AUTH 0x00000200UL /* Deprecated */ +#define CKA_AUTH_PIN_FLAGS 0x00000201UL /* Deprecated */ + +#define CKA_ALWAYS_AUTHENTICATE 0x00000202UL + +#define CKA_WRAP_WITH_TRUSTED 0x00000210UL +#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000211UL) +#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000212UL) +#define CKA_DERIVE_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000213UL) + +#define CKA_OTP_FORMAT 0x00000220UL +#define CKA_OTP_LENGTH 0x00000221UL +#define CKA_OTP_TIME_INTERVAL 0x00000222UL +#define CKA_OTP_USER_FRIENDLY_MODE 0x00000223UL +#define CKA_OTP_CHALLENGE_REQUIREMENT 0x00000224UL +#define CKA_OTP_TIME_REQUIREMENT 0x00000225UL +#define CKA_OTP_COUNTER_REQUIREMENT 0x00000226UL +#define CKA_OTP_PIN_REQUIREMENT 0x00000227UL +#define CKA_OTP_COUNTER 0x0000022EUL +#define CKA_OTP_TIME 0x0000022FUL +#define CKA_OTP_USER_IDENTIFIER 0x0000022AUL +#define CKA_OTP_SERVICE_IDENTIFIER 0x0000022BUL +#define CKA_OTP_SERVICE_LOGO 0x0000022CUL +#define CKA_OTP_SERVICE_LOGO_TYPE 0x0000022DUL + +#define CKA_GOSTR3410_PARAMS 0x00000250UL +#define CKA_GOSTR3411_PARAMS 0x00000251UL +#define CKA_GOST28147_PARAMS 0x00000252UL + +#define CKA_HW_FEATURE_TYPE 0x00000300UL +#define CKA_RESET_ON_INIT 0x00000301UL +#define CKA_HAS_RESET 0x00000302UL + +#define CKA_PIXEL_X 0x00000400UL +#define CKA_PIXEL_Y 0x00000401UL +#define CKA_RESOLUTION 0x00000402UL +#define CKA_CHAR_ROWS 0x00000403UL +#define CKA_CHAR_COLUMNS 0x00000404UL +#define CKA_COLOR 0x00000405UL +#define CKA_BITS_PER_PIXEL 0x00000406UL +#define CKA_CHAR_SETS 0x00000480UL +#define CKA_ENCODING_METHODS 0x00000481UL +#define CKA_MIME_TYPES 0x00000482UL +#define CKA_MECHANISM_TYPE 0x00000500UL +#define CKA_REQUIRED_CMS_ATTRIBUTES 0x00000501UL +#define CKA_DEFAULT_CMS_ATTRIBUTES 0x00000502UL +#define CKA_SUPPORTED_CMS_ATTRIBUTES 0x00000503UL +#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE|0x00000600UL) + +#define CKA_VENDOR_DEFINED 0x80000000UL /* CK_ATTRIBUTE is a structure that includes the type, length - * and value of an attribute */ + * and value of an attribute + */ typedef struct CK_ATTRIBUTE { CK_ATTRIBUTE_TYPE type; CK_VOID_PTR pValue; - - /* ulValueLen went from CK_USHORT to CK_ULONG for v2.0 */ CK_ULONG ulValueLen; /* in bytes */ } CK_ATTRIBUTE; typedef CK_ATTRIBUTE CK_PTR CK_ATTRIBUTE_PTR; - /* CK_DATE is a structure that defines a date */ typedef struct CK_DATE{ CK_CHAR year[4]; /* the year ("1900" - "9999") */ @@ -623,389 +579,411 @@ typedef struct CK_DATE{ /* CK_MECHANISM_TYPE is a value that identifies a mechanism - * type */ -/* CK_MECHANISM_TYPE was changed from CK_USHORT to CK_ULONG for - * v2.0 */ + * type + */ typedef CK_ULONG CK_MECHANISM_TYPE; /* the following mechanism types are defined: */ -#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000 -#define CKM_RSA_PKCS 0x00000001 -#define CKM_RSA_9796 0x00000002 -#define CKM_RSA_X_509 0x00000003 - -/* CKM_MD2_RSA_PKCS, CKM_MD5_RSA_PKCS, and CKM_SHA1_RSA_PKCS - * are new for v2.0. They are mechanisms which hash and sign */ -#define CKM_MD2_RSA_PKCS 0x00000004 -#define CKM_MD5_RSA_PKCS 0x00000005 -#define CKM_SHA1_RSA_PKCS 0x00000006 - -/* CKM_RIPEMD128_RSA_PKCS, CKM_RIPEMD160_RSA_PKCS, and - * CKM_RSA_PKCS_OAEP are new for v2.10 */ -#define CKM_RIPEMD128_RSA_PKCS 0x00000007 -#define CKM_RIPEMD160_RSA_PKCS 0x00000008 -#define CKM_RSA_PKCS_OAEP 0x00000009 - -/* CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_RSA_X9_31, CKM_SHA1_RSA_X9_31, - * CKM_RSA_PKCS_PSS, and CKM_SHA1_RSA_PKCS_PSS are new for v2.11 */ -#define CKM_RSA_X9_31_KEY_PAIR_GEN 0x0000000A -#define CKM_RSA_X9_31 0x0000000B -#define CKM_SHA1_RSA_X9_31 0x0000000C -#define CKM_RSA_PKCS_PSS 0x0000000D -#define CKM_SHA1_RSA_PKCS_PSS 0x0000000E - -#define CKM_DSA_KEY_PAIR_GEN 0x00000010 -#define CKM_DSA 0x00000011 -#define CKM_DSA_SHA1 0x00000012 -#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020 -#define CKM_DH_PKCS_DERIVE 0x00000021 - -/* CKM_X9_42_DH_KEY_PAIR_GEN, CKM_X9_42_DH_DERIVE, - * CKM_X9_42_DH_HYBRID_DERIVE, and CKM_X9_42_MQV_DERIVE are new for - * v2.11 */ -#define CKM_X9_42_DH_KEY_PAIR_GEN 0x00000030 -#define CKM_X9_42_DH_DERIVE 0x00000031 -#define CKM_X9_42_DH_HYBRID_DERIVE 0x00000032 -#define CKM_X9_42_MQV_DERIVE 0x00000033 - -/* CKM_SHA256/384/512 are new for v2.20 */ -#define CKM_SHA256_RSA_PKCS 0x00000040 -#define CKM_SHA384_RSA_PKCS 0x00000041 -#define CKM_SHA512_RSA_PKCS 0x00000042 -#define CKM_SHA256_RSA_PKCS_PSS 0x00000043 -#define CKM_SHA384_RSA_PKCS_PSS 0x00000044 -#define CKM_SHA512_RSA_PKCS_PSS 0x00000045 - -/* SHA-224 RSA mechanisms are new for PKCS #11 v2.20 amendment 3 */ -#define CKM_SHA224_RSA_PKCS 0x00000046 -#define CKM_SHA224_RSA_PKCS_PSS 0x00000047 - -#define CKM_RC2_KEY_GEN 0x00000100 -#define CKM_RC2_ECB 0x00000101 -#define CKM_RC2_CBC 0x00000102 -#define CKM_RC2_MAC 0x00000103 - -/* CKM_RC2_MAC_GENERAL and CKM_RC2_CBC_PAD are new for v2.0 */ -#define CKM_RC2_MAC_GENERAL 0x00000104 -#define CKM_RC2_CBC_PAD 0x00000105 - -#define CKM_RC4_KEY_GEN 0x00000110 -#define CKM_RC4 0x00000111 -#define CKM_DES_KEY_GEN 0x00000120 -#define CKM_DES_ECB 0x00000121 -#define CKM_DES_CBC 0x00000122 -#define CKM_DES_MAC 0x00000123 - -/* CKM_DES_MAC_GENERAL and CKM_DES_CBC_PAD are new for v2.0 */ -#define CKM_DES_MAC_GENERAL 0x00000124 -#define CKM_DES_CBC_PAD 0x00000125 - -#define CKM_DES2_KEY_GEN 0x00000130 -#define CKM_DES3_KEY_GEN 0x00000131 -#define CKM_DES3_ECB 0x00000132 -#define CKM_DES3_CBC 0x00000133 -#define CKM_DES3_MAC 0x00000134 - -/* CKM_DES3_MAC_GENERAL, CKM_DES3_CBC_PAD, CKM_CDMF_KEY_GEN, - * CKM_CDMF_ECB, CKM_CDMF_CBC, CKM_CDMF_MAC, - * CKM_CDMF_MAC_GENERAL, and CKM_CDMF_CBC_PAD are new for v2.0 */ -#define CKM_DES3_MAC_GENERAL 0x00000135 -#define CKM_DES3_CBC_PAD 0x00000136 -#define CKM_CDMF_KEY_GEN 0x00000140 -#define CKM_CDMF_ECB 0x00000141 -#define CKM_CDMF_CBC 0x00000142 -#define CKM_CDMF_MAC 0x00000143 -#define CKM_CDMF_MAC_GENERAL 0x00000144 -#define CKM_CDMF_CBC_PAD 0x00000145 - -/* the following four DES mechanisms are new for v2.20 */ -#define CKM_DES_OFB64 0x00000150 -#define CKM_DES_OFB8 0x00000151 -#define CKM_DES_CFB64 0x00000152 -#define CKM_DES_CFB8 0x00000153 - -#define CKM_MD2 0x00000200 - -/* CKM_MD2_HMAC and CKM_MD2_HMAC_GENERAL are new for v2.0 */ -#define CKM_MD2_HMAC 0x00000201 -#define CKM_MD2_HMAC_GENERAL 0x00000202 - -#define CKM_MD5 0x00000210 - -/* CKM_MD5_HMAC and CKM_MD5_HMAC_GENERAL are new for v2.0 */ -#define CKM_MD5_HMAC 0x00000211 -#define CKM_MD5_HMAC_GENERAL 0x00000212 - -#define CKM_SHA_1 0x00000220 - -/* CKM_SHA_1_HMAC and CKM_SHA_1_HMAC_GENERAL are new for v2.0 */ -#define CKM_SHA_1_HMAC 0x00000221 -#define CKM_SHA_1_HMAC_GENERAL 0x00000222 - -/* CKM_RIPEMD128, CKM_RIPEMD128_HMAC, - * CKM_RIPEMD128_HMAC_GENERAL, CKM_RIPEMD160, CKM_RIPEMD160_HMAC, - * and CKM_RIPEMD160_HMAC_GENERAL are new for v2.10 */ -#define CKM_RIPEMD128 0x00000230 -#define CKM_RIPEMD128_HMAC 0x00000231 -#define CKM_RIPEMD128_HMAC_GENERAL 0x00000232 -#define CKM_RIPEMD160 0x00000240 -#define CKM_RIPEMD160_HMAC 0x00000241 -#define CKM_RIPEMD160_HMAC_GENERAL 0x00000242 - -/* CKM_SHA256/384/512 are new for v2.20 */ -#define CKM_SHA256 0x00000250 -#define CKM_SHA256_HMAC 0x00000251 -#define CKM_SHA256_HMAC_GENERAL 0x00000252 - -/* SHA-224 is new for PKCS #11 v2.20 amendment 3 */ -#define CKM_SHA224 0x00000255 -#define CKM_SHA224_HMAC 0x00000256 -#define CKM_SHA224_HMAC_GENERAL 0x00000257 - -#define CKM_SHA384 0x00000260 -#define CKM_SHA384_HMAC 0x00000261 -#define CKM_SHA384_HMAC_GENERAL 0x00000262 -#define CKM_SHA512 0x00000270 -#define CKM_SHA512_HMAC 0x00000271 -#define CKM_SHA512_HMAC_GENERAL 0x00000272 - -/* SecurID is new for PKCS #11 v2.20 amendment 1 */ -#define CKM_SECURID_KEY_GEN 0x00000280 -#define CKM_SECURID 0x00000282 - -/* HOTP is new for PKCS #11 v2.20 amendment 1 */ -#define CKM_HOTP_KEY_GEN 0x00000290 -#define CKM_HOTP 0x00000291 - -/* ACTI is new for PKCS #11 v2.20 amendment 1 */ -#define CKM_ACTI 0x000002A0 -#define CKM_ACTI_KEY_GEN 0x000002A1 - -/* All of the following mechanisms are new for v2.0 */ +#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000UL +#define CKM_RSA_PKCS 0x00000001UL +#define CKM_RSA_9796 0x00000002UL +#define CKM_RSA_X_509 0x00000003UL + +#define CKM_MD2_RSA_PKCS 0x00000004UL +#define CKM_MD5_RSA_PKCS 0x00000005UL +#define CKM_SHA1_RSA_PKCS 0x00000006UL + +#define CKM_RIPEMD128_RSA_PKCS 0x00000007UL +#define CKM_RIPEMD160_RSA_PKCS 0x00000008UL +#define CKM_RSA_PKCS_OAEP 0x00000009UL + +#define CKM_RSA_X9_31_KEY_PAIR_GEN 0x0000000AUL +#define CKM_RSA_X9_31 0x0000000BUL +#define CKM_SHA1_RSA_X9_31 0x0000000CUL +#define CKM_RSA_PKCS_PSS 0x0000000DUL +#define CKM_SHA1_RSA_PKCS_PSS 0x0000000EUL + +#define CKM_DSA_KEY_PAIR_GEN 0x00000010UL +#define CKM_DSA 0x00000011UL +#define CKM_DSA_SHA1 0x00000012UL +#define CKM_DSA_SHA224 0x00000013UL +#define CKM_DSA_SHA256 0x00000014UL +#define CKM_DSA_SHA384 0x00000015UL +#define CKM_DSA_SHA512 0x00000016UL + +#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020UL +#define CKM_DH_PKCS_DERIVE 0x00000021UL + +#define CKM_X9_42_DH_KEY_PAIR_GEN 0x00000030UL +#define CKM_X9_42_DH_DERIVE 0x00000031UL +#define CKM_X9_42_DH_HYBRID_DERIVE 0x00000032UL +#define CKM_X9_42_MQV_DERIVE 0x00000033UL + +#define CKM_SHA256_RSA_PKCS 0x00000040UL +#define CKM_SHA384_RSA_PKCS 0x00000041UL +#define CKM_SHA512_RSA_PKCS 0x00000042UL +#define CKM_SHA256_RSA_PKCS_PSS 0x00000043UL +#define CKM_SHA384_RSA_PKCS_PSS 0x00000044UL +#define CKM_SHA512_RSA_PKCS_PSS 0x00000045UL + +#define CKM_SHA224_RSA_PKCS 0x00000046UL +#define CKM_SHA224_RSA_PKCS_PSS 0x00000047UL + +#define CKM_SHA512_224 0x00000048UL +#define CKM_SHA512_224_HMAC 0x00000049UL +#define CKM_SHA512_224_HMAC_GENERAL 0x0000004AUL +#define CKM_SHA512_224_KEY_DERIVATION 0x0000004BUL +#define CKM_SHA512_256 0x0000004CUL +#define CKM_SHA512_256_HMAC 0x0000004DUL +#define CKM_SHA512_256_HMAC_GENERAL 0x0000004EUL +#define CKM_SHA512_256_KEY_DERIVATION 0x0000004FUL + +#define CKM_SHA512_T 0x00000050UL +#define CKM_SHA512_T_HMAC 0x00000051UL +#define CKM_SHA512_T_HMAC_GENERAL 0x00000052UL +#define CKM_SHA512_T_KEY_DERIVATION 0x00000053UL + +#define CKM_RC2_KEY_GEN 0x00000100UL +#define CKM_RC2_ECB 0x00000101UL +#define CKM_RC2_CBC 0x00000102UL +#define CKM_RC2_MAC 0x00000103UL + +#define CKM_RC2_MAC_GENERAL 0x00000104UL +#define CKM_RC2_CBC_PAD 0x00000105UL + +#define CKM_RC4_KEY_GEN 0x00000110UL +#define CKM_RC4 0x00000111UL +#define CKM_DES_KEY_GEN 0x00000120UL +#define CKM_DES_ECB 0x00000121UL +#define CKM_DES_CBC 0x00000122UL +#define CKM_DES_MAC 0x00000123UL + +#define CKM_DES_MAC_GENERAL 0x00000124UL +#define CKM_DES_CBC_PAD 0x00000125UL + +#define CKM_DES2_KEY_GEN 0x00000130UL +#define CKM_DES3_KEY_GEN 0x00000131UL +#define CKM_DES3_ECB 0x00000132UL +#define CKM_DES3_CBC 0x00000133UL +#define CKM_DES3_MAC 0x00000134UL + +#define CKM_DES3_MAC_GENERAL 0x00000135UL +#define CKM_DES3_CBC_PAD 0x00000136UL +#define CKM_DES3_CMAC_GENERAL 0x00000137UL +#define CKM_DES3_CMAC 0x00000138UL +#define CKM_CDMF_KEY_GEN 0x00000140UL +#define CKM_CDMF_ECB 0x00000141UL +#define CKM_CDMF_CBC 0x00000142UL +#define CKM_CDMF_MAC 0x00000143UL +#define CKM_CDMF_MAC_GENERAL 0x00000144UL +#define CKM_CDMF_CBC_PAD 0x00000145UL + +#define CKM_DES_OFB64 0x00000150UL +#define CKM_DES_OFB8 0x00000151UL +#define CKM_DES_CFB64 0x00000152UL +#define CKM_DES_CFB8 0x00000153UL + +#define CKM_MD2 0x00000200UL + +#define CKM_MD2_HMAC 0x00000201UL +#define CKM_MD2_HMAC_GENERAL 0x00000202UL + +#define CKM_MD5 0x00000210UL + +#define CKM_MD5_HMAC 0x00000211UL +#define CKM_MD5_HMAC_GENERAL 0x00000212UL + +#define CKM_SHA_1 0x00000220UL + +#define CKM_SHA_1_HMAC 0x00000221UL +#define CKM_SHA_1_HMAC_GENERAL 0x00000222UL + +#define CKM_RIPEMD128 0x00000230UL +#define CKM_RIPEMD128_HMAC 0x00000231UL +#define CKM_RIPEMD128_HMAC_GENERAL 0x00000232UL +#define CKM_RIPEMD160 0x00000240UL +#define CKM_RIPEMD160_HMAC 0x00000241UL +#define CKM_RIPEMD160_HMAC_GENERAL 0x00000242UL + +#define CKM_SHA256 0x00000250UL +#define CKM_SHA256_HMAC 0x00000251UL +#define CKM_SHA256_HMAC_GENERAL 0x00000252UL +#define CKM_SHA224 0x00000255UL +#define CKM_SHA224_HMAC 0x00000256UL +#define CKM_SHA224_HMAC_GENERAL 0x00000257UL +#define CKM_SHA384 0x00000260UL +#define CKM_SHA384_HMAC 0x00000261UL +#define CKM_SHA384_HMAC_GENERAL 0x00000262UL +#define CKM_SHA512 0x00000270UL +#define CKM_SHA512_HMAC 0x00000271UL +#define CKM_SHA512_HMAC_GENERAL 0x00000272UL +#define CKM_SECURID_KEY_GEN 0x00000280UL +#define CKM_SECURID 0x00000282UL +#define CKM_HOTP_KEY_GEN 0x00000290UL +#define CKM_HOTP 0x00000291UL +#define CKM_ACTI 0x000002A0UL +#define CKM_ACTI_KEY_GEN 0x000002A1UL + +#define CKM_CAST_KEY_GEN 0x00000300UL +#define CKM_CAST_ECB 0x00000301UL +#define CKM_CAST_CBC 0x00000302UL +#define CKM_CAST_MAC 0x00000303UL +#define CKM_CAST_MAC_GENERAL 0x00000304UL +#define CKM_CAST_CBC_PAD 0x00000305UL +#define CKM_CAST3_KEY_GEN 0x00000310UL +#define CKM_CAST3_ECB 0x00000311UL +#define CKM_CAST3_CBC 0x00000312UL +#define CKM_CAST3_MAC 0x00000313UL +#define CKM_CAST3_MAC_GENERAL 0x00000314UL +#define CKM_CAST3_CBC_PAD 0x00000315UL /* Note that CAST128 and CAST5 are the same algorithm */ -#define CKM_CAST_KEY_GEN 0x00000300 -#define CKM_CAST_ECB 0x00000301 -#define CKM_CAST_CBC 0x00000302 -#define CKM_CAST_MAC 0x00000303 -#define CKM_CAST_MAC_GENERAL 0x00000304 -#define CKM_CAST_CBC_PAD 0x00000305 -#define CKM_CAST3_KEY_GEN 0x00000310 -#define CKM_CAST3_ECB 0x00000311 -#define CKM_CAST3_CBC 0x00000312 -#define CKM_CAST3_MAC 0x00000313 -#define CKM_CAST3_MAC_GENERAL 0x00000314 -#define CKM_CAST3_CBC_PAD 0x00000315 -#define CKM_CAST5_KEY_GEN 0x00000320 -#define CKM_CAST128_KEY_GEN 0x00000320 -#define CKM_CAST5_ECB 0x00000321 -#define CKM_CAST128_ECB 0x00000321 -#define CKM_CAST5_CBC 0x00000322 -#define CKM_CAST128_CBC 0x00000322 -#define CKM_CAST5_MAC 0x00000323 -#define CKM_CAST128_MAC 0x00000323 -#define CKM_CAST5_MAC_GENERAL 0x00000324 -#define CKM_CAST128_MAC_GENERAL 0x00000324 -#define CKM_CAST5_CBC_PAD 0x00000325 -#define CKM_CAST128_CBC_PAD 0x00000325 -#define CKM_RC5_KEY_GEN 0x00000330 -#define CKM_RC5_ECB 0x00000331 -#define CKM_RC5_CBC 0x00000332 -#define CKM_RC5_MAC 0x00000333 -#define CKM_RC5_MAC_GENERAL 0x00000334 -#define CKM_RC5_CBC_PAD 0x00000335 -#define CKM_IDEA_KEY_GEN 0x00000340 -#define CKM_IDEA_ECB 0x00000341 -#define CKM_IDEA_CBC 0x00000342 -#define CKM_IDEA_MAC 0x00000343 -#define CKM_IDEA_MAC_GENERAL 0x00000344 -#define CKM_IDEA_CBC_PAD 0x00000345 -#define CKM_GENERIC_SECRET_KEY_GEN 0x00000350 -#define CKM_CONCATENATE_BASE_AND_KEY 0x00000360 -#define CKM_CONCATENATE_BASE_AND_DATA 0x00000362 -#define CKM_CONCATENATE_DATA_AND_BASE 0x00000363 -#define CKM_XOR_BASE_AND_DATA 0x00000364 -#define CKM_EXTRACT_KEY_FROM_KEY 0x00000365 -#define CKM_SSL3_PRE_MASTER_KEY_GEN 0x00000370 -#define CKM_SSL3_MASTER_KEY_DERIVE 0x00000371 -#define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372 - -/* CKM_SSL3_MASTER_KEY_DERIVE_DH, CKM_TLS_PRE_MASTER_KEY_GEN, - * CKM_TLS_MASTER_KEY_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE, and - * CKM_TLS_MASTER_KEY_DERIVE_DH are new for v2.11 */ -#define CKM_SSL3_MASTER_KEY_DERIVE_DH 0x00000373 -#define CKM_TLS_PRE_MASTER_KEY_GEN 0x00000374 -#define CKM_TLS_MASTER_KEY_DERIVE 0x00000375 -#define CKM_TLS_KEY_AND_MAC_DERIVE 0x00000376 -#define CKM_TLS_MASTER_KEY_DERIVE_DH 0x00000377 - -/* CKM_TLS_PRF is new for v2.20 */ -#define CKM_TLS_PRF 0x00000378 - -#define CKM_SSL3_MD5_MAC 0x00000380 -#define CKM_SSL3_SHA1_MAC 0x00000381 -#define CKM_MD5_KEY_DERIVATION 0x00000390 -#define CKM_MD2_KEY_DERIVATION 0x00000391 -#define CKM_SHA1_KEY_DERIVATION 0x00000392 - -/* CKM_SHA256/384/512 are new for v2.20 */ -#define CKM_SHA256_KEY_DERIVATION 0x00000393 -#define CKM_SHA384_KEY_DERIVATION 0x00000394 -#define CKM_SHA512_KEY_DERIVATION 0x00000395 - -/* SHA-224 key derivation is new for PKCS #11 v2.20 amendment 3 */ -#define CKM_SHA224_KEY_DERIVATION 0x00000396 - -#define CKM_PBE_MD2_DES_CBC 0x000003A0 -#define CKM_PBE_MD5_DES_CBC 0x000003A1 -#define CKM_PBE_MD5_CAST_CBC 0x000003A2 -#define CKM_PBE_MD5_CAST3_CBC 0x000003A3 -#define CKM_PBE_MD5_CAST5_CBC 0x000003A4 -#define CKM_PBE_MD5_CAST128_CBC 0x000003A4 -#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5 -#define CKM_PBE_SHA1_CAST128_CBC 0x000003A5 -#define CKM_PBE_SHA1_RC4_128 0x000003A6 -#define CKM_PBE_SHA1_RC4_40 0x000003A7 -#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8 -#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9 -#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AA -#define CKM_PBE_SHA1_RC2_40_CBC 0x000003AB - -/* CKM_PKCS5_PBKD2 is new for v2.10 */ -#define CKM_PKCS5_PBKD2 0x000003B0 - -#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0 - -/* WTLS mechanisms are new for v2.20 */ -#define CKM_WTLS_PRE_MASTER_KEY_GEN 0x000003D0 -#define CKM_WTLS_MASTER_KEY_DERIVE 0x000003D1 -#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC 0x000003D2 -#define CKM_WTLS_PRF 0x000003D3 -#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4 -#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5 - -#define CKM_KEY_WRAP_LYNKS 0x00000400 -#define CKM_KEY_WRAP_SET_OAEP 0x00000401 - -/* CKM_CMS_SIG is new for v2.20 */ -#define CKM_CMS_SIG 0x00000500 - -/* CKM_KIP mechanisms are new for PKCS #11 v2.20 amendment 2 */ -#define CKM_KIP_DERIVE 0x00000510 -#define CKM_KIP_WRAP 0x00000511 -#define CKM_KIP_MAC 0x00000512 - -/* Camellia is new for PKCS #11 v2.20 amendment 3 */ -#define CKM_CAMELLIA_KEY_GEN 0x00000550 -#define CKM_CAMELLIA_ECB 0x00000551 -#define CKM_CAMELLIA_CBC 0x00000552 -#define CKM_CAMELLIA_MAC 0x00000553 -#define CKM_CAMELLIA_MAC_GENERAL 0x00000554 -#define CKM_CAMELLIA_CBC_PAD 0x00000555 -#define CKM_CAMELLIA_ECB_ENCRYPT_DATA 0x00000556 -#define CKM_CAMELLIA_CBC_ENCRYPT_DATA 0x00000557 -#define CKM_CAMELLIA_CTR 0x00000558 - -/* ARIA is new for PKCS #11 v2.20 amendment 3 */ -#define CKM_ARIA_KEY_GEN 0x00000560 -#define CKM_ARIA_ECB 0x00000561 -#define CKM_ARIA_CBC 0x00000562 -#define CKM_ARIA_MAC 0x00000563 -#define CKM_ARIA_MAC_GENERAL 0x00000564 -#define CKM_ARIA_CBC_PAD 0x00000565 -#define CKM_ARIA_ECB_ENCRYPT_DATA 0x00000566 -#define CKM_ARIA_CBC_ENCRYPT_DATA 0x00000567 - -/* Fortezza mechanisms */ -#define CKM_SKIPJACK_KEY_GEN 0x00001000 -#define CKM_SKIPJACK_ECB64 0x00001001 -#define CKM_SKIPJACK_CBC64 0x00001002 -#define CKM_SKIPJACK_OFB64 0x00001003 -#define CKM_SKIPJACK_CFB64 0x00001004 -#define CKM_SKIPJACK_CFB32 0x00001005 -#define CKM_SKIPJACK_CFB16 0x00001006 -#define CKM_SKIPJACK_CFB8 0x00001007 -#define CKM_SKIPJACK_WRAP 0x00001008 -#define CKM_SKIPJACK_PRIVATE_WRAP 0x00001009 -#define CKM_SKIPJACK_RELAYX 0x0000100a -#define CKM_KEA_KEY_PAIR_GEN 0x00001010 -#define CKM_KEA_KEY_DERIVE 0x00001011 -#define CKM_FORTEZZA_TIMESTAMP 0x00001020 -#define CKM_BATON_KEY_GEN 0x00001030 -#define CKM_BATON_ECB128 0x00001031 -#define CKM_BATON_ECB96 0x00001032 -#define CKM_BATON_CBC128 0x00001033 -#define CKM_BATON_COUNTER 0x00001034 -#define CKM_BATON_SHUFFLE 0x00001035 -#define CKM_BATON_WRAP 0x00001036 - -/* CKM_ECDSA_KEY_PAIR_GEN is deprecated in v2.11, - * CKM_EC_KEY_PAIR_GEN is preferred */ -#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040 -#define CKM_EC_KEY_PAIR_GEN 0x00001040 - -#define CKM_ECDSA 0x00001041 -#define CKM_ECDSA_SHA1 0x00001042 - -/* CKM_ECDH1_DERIVE, CKM_ECDH1_COFACTOR_DERIVE, and CKM_ECMQV_DERIVE - * are new for v2.11 */ -#define CKM_ECDH1_DERIVE 0x00001050 -#define CKM_ECDH1_COFACTOR_DERIVE 0x00001051 -#define CKM_ECMQV_DERIVE 0x00001052 - -#define CKM_JUNIPER_KEY_GEN 0x00001060 -#define CKM_JUNIPER_ECB128 0x00001061 -#define CKM_JUNIPER_CBC128 0x00001062 -#define CKM_JUNIPER_COUNTER 0x00001063 -#define CKM_JUNIPER_SHUFFLE 0x00001064 -#define CKM_JUNIPER_WRAP 0x00001065 -#define CKM_FASTHASH 0x00001070 - -/* CKM_AES_KEY_GEN, CKM_AES_ECB, CKM_AES_CBC, CKM_AES_MAC, - * CKM_AES_MAC_GENERAL, CKM_AES_CBC_PAD, CKM_DSA_PARAMETER_GEN, - * CKM_DH_PKCS_PARAMETER_GEN, and CKM_X9_42_DH_PARAMETER_GEN are - * new for v2.11 */ -#define CKM_AES_KEY_GEN 0x00001080 -#define CKM_AES_ECB 0x00001081 -#define CKM_AES_CBC 0x00001082 -#define CKM_AES_MAC 0x00001083 -#define CKM_AES_MAC_GENERAL 0x00001084 -#define CKM_AES_CBC_PAD 0x00001085 - -/* AES counter mode is new for PKCS #11 v2.20 amendment 3 */ -#define CKM_AES_CTR 0x00001086 - -/* BlowFish and TwoFish are new for v2.20 */ -#define CKM_BLOWFISH_KEY_GEN 0x00001090 -#define CKM_BLOWFISH_CBC 0x00001091 -#define CKM_TWOFISH_KEY_GEN 0x00001092 -#define CKM_TWOFISH_CBC 0x00001093 - - -/* CKM_xxx_ENCRYPT_DATA mechanisms are new for v2.20 */ -#define CKM_DES_ECB_ENCRYPT_DATA 0x00001100 -#define CKM_DES_CBC_ENCRYPT_DATA 0x00001101 -#define CKM_DES3_ECB_ENCRYPT_DATA 0x00001102 -#define CKM_DES3_CBC_ENCRYPT_DATA 0x00001103 -#define CKM_AES_ECB_ENCRYPT_DATA 0x00001104 -#define CKM_AES_CBC_ENCRYPT_DATA 0x00001105 - -#define CKM_DSA_PARAMETER_GEN 0x00002000 -#define CKM_DH_PKCS_PARAMETER_GEN 0x00002001 -#define CKM_X9_42_DH_PARAMETER_GEN 0x00002002 - -#define CKM_VENDOR_DEFINED 0x80000000 +#define CKM_CAST5_KEY_GEN 0x00000320UL +#define CKM_CAST128_KEY_GEN 0x00000320UL +#define CKM_CAST5_ECB 0x00000321UL +#define CKM_CAST128_ECB 0x00000321UL +#define CKM_CAST5_CBC 0x00000322UL /* Deprecated */ +#define CKM_CAST128_CBC 0x00000322UL +#define CKM_CAST5_MAC 0x00000323UL /* Deprecated */ +#define CKM_CAST128_MAC 0x00000323UL +#define CKM_CAST5_MAC_GENERAL 0x00000324UL /* Deprecated */ +#define CKM_CAST128_MAC_GENERAL 0x00000324UL +#define CKM_CAST5_CBC_PAD 0x00000325UL /* Deprecated */ +#define CKM_CAST128_CBC_PAD 0x00000325UL +#define CKM_RC5_KEY_GEN 0x00000330UL +#define CKM_RC5_ECB 0x00000331UL +#define CKM_RC5_CBC 0x00000332UL +#define CKM_RC5_MAC 0x00000333UL +#define CKM_RC5_MAC_GENERAL 0x00000334UL +#define CKM_RC5_CBC_PAD 0x00000335UL +#define CKM_IDEA_KEY_GEN 0x00000340UL +#define CKM_IDEA_ECB 0x00000341UL +#define CKM_IDEA_CBC 0x00000342UL +#define CKM_IDEA_MAC 0x00000343UL +#define CKM_IDEA_MAC_GENERAL 0x00000344UL +#define CKM_IDEA_CBC_PAD 0x00000345UL +#define CKM_GENERIC_SECRET_KEY_GEN 0x00000350UL +#define CKM_CONCATENATE_BASE_AND_KEY 0x00000360UL +#define CKM_CONCATENATE_BASE_AND_DATA 0x00000362UL +#define CKM_CONCATENATE_DATA_AND_BASE 0x00000363UL +#define CKM_XOR_BASE_AND_DATA 0x00000364UL +#define CKM_EXTRACT_KEY_FROM_KEY 0x00000365UL +#define CKM_SSL3_PRE_MASTER_KEY_GEN 0x00000370UL +#define CKM_SSL3_MASTER_KEY_DERIVE 0x00000371UL +#define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372UL + +#define CKM_SSL3_MASTER_KEY_DERIVE_DH 0x00000373UL +#define CKM_TLS_PRE_MASTER_KEY_GEN 0x00000374UL +#define CKM_TLS_MASTER_KEY_DERIVE 0x00000375UL +#define CKM_TLS_KEY_AND_MAC_DERIVE 0x00000376UL +#define CKM_TLS_MASTER_KEY_DERIVE_DH 0x00000377UL + +#define CKM_TLS_PRF 0x00000378UL + +#define CKM_SSL3_MD5_MAC 0x00000380UL +#define CKM_SSL3_SHA1_MAC 0x00000381UL +#define CKM_MD5_KEY_DERIVATION 0x00000390UL +#define CKM_MD2_KEY_DERIVATION 0x00000391UL +#define CKM_SHA1_KEY_DERIVATION 0x00000392UL + +#define CKM_SHA256_KEY_DERIVATION 0x00000393UL +#define CKM_SHA384_KEY_DERIVATION 0x00000394UL +#define CKM_SHA512_KEY_DERIVATION 0x00000395UL +#define CKM_SHA224_KEY_DERIVATION 0x00000396UL + +#define CKM_PBE_MD2_DES_CBC 0x000003A0UL +#define CKM_PBE_MD5_DES_CBC 0x000003A1UL +#define CKM_PBE_MD5_CAST_CBC 0x000003A2UL +#define CKM_PBE_MD5_CAST3_CBC 0x000003A3UL +#define CKM_PBE_MD5_CAST5_CBC 0x000003A4UL /* Deprecated */ +#define CKM_PBE_MD5_CAST128_CBC 0x000003A4UL +#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5UL /* Deprecated */ +#define CKM_PBE_SHA1_CAST128_CBC 0x000003A5UL +#define CKM_PBE_SHA1_RC4_128 0x000003A6UL +#define CKM_PBE_SHA1_RC4_40 0x000003A7UL +#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8UL +#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9UL +#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AAUL +#define CKM_PBE_SHA1_RC2_40_CBC 0x000003ABUL + +#define CKM_PKCS5_PBKD2 0x000003B0UL + +#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0UL + +#define CKM_WTLS_PRE_MASTER_KEY_GEN 0x000003D0UL +#define CKM_WTLS_MASTER_KEY_DERIVE 0x000003D1UL +#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC 0x000003D2UL +#define CKM_WTLS_PRF 0x000003D3UL +#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4UL +#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5UL + +#define CKM_TLS10_MAC_SERVER 0x000003D6UL +#define CKM_TLS10_MAC_CLIENT 0x000003D7UL +#define CKM_TLS12_MAC 0x000003D8UL +#define CKM_TLS12_KDF 0x000003D9UL +#define CKM_TLS12_MASTER_KEY_DERIVE 0x000003E0UL +#define CKM_TLS12_KEY_AND_MAC_DERIVE 0x000003E1UL +#define CKM_TLS12_MASTER_KEY_DERIVE_DH 0x000003E2UL +#define CKM_TLS12_KEY_SAFE_DERIVE 0x000003E3UL +#define CKM_TLS_MAC 0x000003E4UL +#define CKM_TLS_KDF 0x000003E5UL + +#define CKM_KEY_WRAP_LYNKS 0x00000400UL +#define CKM_KEY_WRAP_SET_OAEP 0x00000401UL + +#define CKM_CMS_SIG 0x00000500UL +#define CKM_KIP_DERIVE 0x00000510UL +#define CKM_KIP_WRAP 0x00000511UL +#define CKM_KIP_MAC 0x00000512UL + +#define CKM_CAMELLIA_KEY_GEN 0x00000550UL +#define CKM_CAMELLIA_ECB 0x00000551UL +#define CKM_CAMELLIA_CBC 0x00000552UL +#define CKM_CAMELLIA_MAC 0x00000553UL +#define CKM_CAMELLIA_MAC_GENERAL 0x00000554UL +#define CKM_CAMELLIA_CBC_PAD 0x00000555UL +#define CKM_CAMELLIA_ECB_ENCRYPT_DATA 0x00000556UL +#define CKM_CAMELLIA_CBC_ENCRYPT_DATA 0x00000557UL +#define CKM_CAMELLIA_CTR 0x00000558UL + +#define CKM_ARIA_KEY_GEN 0x00000560UL +#define CKM_ARIA_ECB 0x00000561UL +#define CKM_ARIA_CBC 0x00000562UL +#define CKM_ARIA_MAC 0x00000563UL +#define CKM_ARIA_MAC_GENERAL 0x00000564UL +#define CKM_ARIA_CBC_PAD 0x00000565UL +#define CKM_ARIA_ECB_ENCRYPT_DATA 0x00000566UL +#define CKM_ARIA_CBC_ENCRYPT_DATA 0x00000567UL + +#define CKM_SEED_KEY_GEN 0x00000650UL +#define CKM_SEED_ECB 0x00000651UL +#define CKM_SEED_CBC 0x00000652UL +#define CKM_SEED_MAC 0x00000653UL +#define CKM_SEED_MAC_GENERAL 0x00000654UL +#define CKM_SEED_CBC_PAD 0x00000655UL +#define CKM_SEED_ECB_ENCRYPT_DATA 0x00000656UL +#define CKM_SEED_CBC_ENCRYPT_DATA 0x00000657UL + +#define CKM_SKIPJACK_KEY_GEN 0x00001000UL +#define CKM_SKIPJACK_ECB64 0x00001001UL +#define CKM_SKIPJACK_CBC64 0x00001002UL +#define CKM_SKIPJACK_OFB64 0x00001003UL +#define CKM_SKIPJACK_CFB64 0x00001004UL +#define CKM_SKIPJACK_CFB32 0x00001005UL +#define CKM_SKIPJACK_CFB16 0x00001006UL +#define CKM_SKIPJACK_CFB8 0x00001007UL +#define CKM_SKIPJACK_WRAP 0x00001008UL +#define CKM_SKIPJACK_PRIVATE_WRAP 0x00001009UL +#define CKM_SKIPJACK_RELAYX 0x0000100aUL +#define CKM_KEA_KEY_PAIR_GEN 0x00001010UL +#define CKM_KEA_KEY_DERIVE 0x00001011UL +#define CKM_KEA_DERIVE 0x00001012UL +#define CKM_FORTEZZA_TIMESTAMP 0x00001020UL +#define CKM_BATON_KEY_GEN 0x00001030UL +#define CKM_BATON_ECB128 0x00001031UL +#define CKM_BATON_ECB96 0x00001032UL +#define CKM_BATON_CBC128 0x00001033UL +#define CKM_BATON_COUNTER 0x00001034UL +#define CKM_BATON_SHUFFLE 0x00001035UL +#define CKM_BATON_WRAP 0x00001036UL + +#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040UL /* Deprecated */ +#define CKM_EC_KEY_PAIR_GEN 0x00001040UL + +#define CKM_ECDSA 0x00001041UL +#define CKM_ECDSA_SHA1 0x00001042UL +#define CKM_ECDSA_SHA224 0x00001043UL +#define CKM_ECDSA_SHA256 0x00001044UL +#define CKM_ECDSA_SHA384 0x00001045UL +#define CKM_ECDSA_SHA512 0x00001046UL + +#define CKM_ECDH1_DERIVE 0x00001050UL +#define CKM_ECDH1_COFACTOR_DERIVE 0x00001051UL +#define CKM_ECMQV_DERIVE 0x00001052UL + +#define CKM_ECDH_AES_KEY_WRAP 0x00001053UL +#define CKM_RSA_AES_KEY_WRAP 0x00001054UL + +#define CKM_JUNIPER_KEY_GEN 0x00001060UL +#define CKM_JUNIPER_ECB128 0x00001061UL +#define CKM_JUNIPER_CBC128 0x00001062UL +#define CKM_JUNIPER_COUNTER 0x00001063UL +#define CKM_JUNIPER_SHUFFLE 0x00001064UL +#define CKM_JUNIPER_WRAP 0x00001065UL +#define CKM_FASTHASH 0x00001070UL + +#define CKM_AES_KEY_GEN 0x00001080UL +#define CKM_AES_ECB 0x00001081UL +#define CKM_AES_CBC 0x00001082UL +#define CKM_AES_MAC 0x00001083UL +#define CKM_AES_MAC_GENERAL 0x00001084UL +#define CKM_AES_CBC_PAD 0x00001085UL +#define CKM_AES_CTR 0x00001086UL +#define CKM_AES_GCM 0x00001087UL +#define CKM_AES_CCM 0x00001088UL +#define CKM_AES_CTS 0x00001089UL +#define CKM_AES_CMAC 0x0000108AUL +#define CKM_AES_CMAC_GENERAL 0x0000108BUL + +#define CKM_AES_XCBC_MAC 0x0000108CUL +#define CKM_AES_XCBC_MAC_96 0x0000108DUL +#define CKM_AES_GMAC 0x0000108EUL + +#define CKM_BLOWFISH_KEY_GEN 0x00001090UL +#define CKM_BLOWFISH_CBC 0x00001091UL +#define CKM_TWOFISH_KEY_GEN 0x00001092UL +#define CKM_TWOFISH_CBC 0x00001093UL +#define CKM_BLOWFISH_CBC_PAD 0x00001094UL +#define CKM_TWOFISH_CBC_PAD 0x00001095UL + +#define CKM_DES_ECB_ENCRYPT_DATA 0x00001100UL +#define CKM_DES_CBC_ENCRYPT_DATA 0x00001101UL +#define CKM_DES3_ECB_ENCRYPT_DATA 0x00001102UL +#define CKM_DES3_CBC_ENCRYPT_DATA 0x00001103UL +#define CKM_AES_ECB_ENCRYPT_DATA 0x00001104UL +#define CKM_AES_CBC_ENCRYPT_DATA 0x00001105UL + +#define CKM_GOSTR3410_KEY_PAIR_GEN 0x00001200UL +#define CKM_GOSTR3410 0x00001201UL +#define CKM_GOSTR3410_WITH_GOSTR3411 0x00001202UL +#define CKM_GOSTR3410_KEY_WRAP 0x00001203UL +#define CKM_GOSTR3410_DERIVE 0x00001204UL +#define CKM_GOSTR3411 0x00001210UL +#define CKM_GOSTR3411_HMAC 0x00001211UL +#define CKM_GOST28147_KEY_GEN 0x00001220UL +#define CKM_GOST28147_ECB 0x00001221UL +#define CKM_GOST28147 0x00001222UL +#define CKM_GOST28147_MAC 0x00001223UL +#define CKM_GOST28147_KEY_WRAP 0x00001224UL + +#define CKM_DSA_PARAMETER_GEN 0x00002000UL +#define CKM_DH_PKCS_PARAMETER_GEN 0x00002001UL +#define CKM_X9_42_DH_PARAMETER_GEN 0x00002002UL +#define CKM_DSA_PROBABLISTIC_PARAMETER_GEN 0x00002003UL +#define CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN 0x00002004UL + +#define CKM_AES_OFB 0x00002104UL +#define CKM_AES_CFB64 0x00002105UL +#define CKM_AES_CFB8 0x00002106UL +#define CKM_AES_CFB128 0x00002107UL + +#define CKM_AES_CFB1 0x00002108UL +#define CKM_AES_KEY_WRAP 0x00002109UL /* WAS: 0x00001090 */ +#define CKM_AES_KEY_WRAP_PAD 0x0000210AUL /* WAS: 0x00001091 */ + +#define CKM_RSA_PKCS_TPM_1_1 0x00004001UL +#define CKM_RSA_PKCS_OAEP_TPM_1_1 0x00004002UL + +#define CKM_VENDOR_DEFINED 0x80000000UL typedef CK_MECHANISM_TYPE CK_PTR CK_MECHANISM_TYPE_PTR; /* CK_MECHANISM is a structure that specifies a particular - * mechanism */ + * mechanism + */ typedef struct CK_MECHANISM { CK_MECHANISM_TYPE mechanism; CK_VOID_PTR pParameter; - - /* ulParameterLen was changed from CK_USHORT to CK_ULONG for - * v2.0 */ CK_ULONG ulParameterLen; /* in bytes */ } CK_MECHANISM; @@ -1013,7 +991,8 @@ typedef CK_MECHANISM CK_PTR CK_MECHANISM_PTR; /* CK_MECHANISM_INFO provides information about a particular - * mechanism */ + * mechanism + */ typedef struct CK_MECHANISM_INFO { CK_ULONG ulMinKeySize; CK_ULONG ulMaxKeySize; @@ -1021,183 +1000,163 @@ typedef struct CK_MECHANISM_INFO { } CK_MECHANISM_INFO; /* The flags are defined as follows: - * Bit Flag Mask Meaning */ -#define CKF_HW 0x00000001 /* performed by HW */ - -/* The flags CKF_ENCRYPT, CKF_DECRYPT, CKF_DIGEST, CKF_SIGN, - * CKG_SIGN_RECOVER, CKF_VERIFY, CKF_VERIFY_RECOVER, - * CKF_GENERATE, CKF_GENERATE_KEY_PAIR, CKF_WRAP, CKF_UNWRAP, - * and CKF_DERIVE are new for v2.0. They specify whether or not - * a mechanism can be used for a particular task */ -#define CKF_ENCRYPT 0x00000100 -#define CKF_DECRYPT 0x00000200 -#define CKF_DIGEST 0x00000400 -#define CKF_SIGN 0x00000800 -#define CKF_SIGN_RECOVER 0x00001000 -#define CKF_VERIFY 0x00002000 -#define CKF_VERIFY_RECOVER 0x00004000 -#define CKF_GENERATE 0x00008000 -#define CKF_GENERATE_KEY_PAIR 0x00010000 -#define CKF_WRAP 0x00020000 -#define CKF_UNWRAP 0x00040000 -#define CKF_DERIVE 0x00080000 - -/* CKF_EC_F_P, CKF_EC_F_2M, CKF_EC_ECPARAMETERS, CKF_EC_NAMEDCURVE, - * CKF_EC_UNCOMPRESS, and CKF_EC_COMPRESS are new for v2.11. They - * describe a token's EC capabilities not available in mechanism - * information. */ -#define CKF_EC_F_P 0x00100000 -#define CKF_EC_F_2M 0x00200000 -#define CKF_EC_ECPARAMETERS 0x00400000 -#define CKF_EC_NAMEDCURVE 0x00800000 -#define CKF_EC_UNCOMPRESS 0x01000000 -#define CKF_EC_COMPRESS 0x02000000 - -#define CKF_EXTENSION 0x80000000 /* FALSE for this version */ + * Bit Flag Mask Meaning */ +#define CKF_HW 0x00000001UL /* performed by HW */ + +/* Specify whether or not a mechanism can be used for a particular task */ +#define CKF_ENCRYPT 0x00000100UL +#define CKF_DECRYPT 0x00000200UL +#define CKF_DIGEST 0x00000400UL +#define CKF_SIGN 0x00000800UL +#define CKF_SIGN_RECOVER 0x00001000UL +#define CKF_VERIFY 0x00002000UL +#define CKF_VERIFY_RECOVER 0x00004000UL +#define CKF_GENERATE 0x00008000UL +#define CKF_GENERATE_KEY_PAIR 0x00010000UL +#define CKF_WRAP 0x00020000UL +#define CKF_UNWRAP 0x00040000UL +#define CKF_DERIVE 0x00080000UL + +/* Describe a token's EC capabilities not available in mechanism + * information. + */ +#define CKF_EC_F_P 0x00100000UL +#define CKF_EC_F_2M 0x00200000UL +#define CKF_EC_ECPARAMETERS 0x00400000UL +#define CKF_EC_NAMEDCURVE 0x00800000UL +#define CKF_EC_UNCOMPRESS 0x01000000UL +#define CKF_EC_COMPRESS 0x02000000UL -typedef CK_MECHANISM_INFO CK_PTR CK_MECHANISM_INFO_PTR; +#define CKF_EXTENSION 0x80000000UL +typedef CK_MECHANISM_INFO CK_PTR CK_MECHANISM_INFO_PTR; /* CK_RV is a value that identifies the return value of a - * Cryptoki function */ -/* CK_RV was changed from CK_USHORT to CK_ULONG for v2.0 */ + * Cryptoki function + */ typedef CK_ULONG CK_RV; -#define CKR_OK 0x00000000 -#define CKR_CANCEL 0x00000001 -#define CKR_HOST_MEMORY 0x00000002 -#define CKR_SLOT_ID_INVALID 0x00000003 - -/* CKR_FLAGS_INVALID was removed for v2.0 */ - -/* CKR_GENERAL_ERROR and CKR_FUNCTION_FAILED are new for v2.0 */ -#define CKR_GENERAL_ERROR 0x00000005 -#define CKR_FUNCTION_FAILED 0x00000006 - -/* CKR_ARGUMENTS_BAD, CKR_NO_EVENT, CKR_NEED_TO_CREATE_THREADS, - * and CKR_CANT_LOCK are new for v2.01 */ -#define CKR_ARGUMENTS_BAD 0x00000007 -#define CKR_NO_EVENT 0x00000008 -#define CKR_NEED_TO_CREATE_THREADS 0x00000009 -#define CKR_CANT_LOCK 0x0000000A - -#define CKR_ATTRIBUTE_READ_ONLY 0x00000010 -#define CKR_ATTRIBUTE_SENSITIVE 0x00000011 -#define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012 -#define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013 -#define CKR_DATA_INVALID 0x00000020 -#define CKR_DATA_LEN_RANGE 0x00000021 -#define CKR_DEVICE_ERROR 0x00000030 -#define CKR_DEVICE_MEMORY 0x00000031 -#define CKR_DEVICE_REMOVED 0x00000032 -#define CKR_ENCRYPTED_DATA_INVALID 0x00000040 -#define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041 -#define CKR_FUNCTION_CANCELED 0x00000050 -#define CKR_FUNCTION_NOT_PARALLEL 0x00000051 - -/* CKR_FUNCTION_NOT_SUPPORTED is new for v2.0 */ -#define CKR_FUNCTION_NOT_SUPPORTED 0x00000054 - -#define CKR_KEY_HANDLE_INVALID 0x00000060 - -/* CKR_KEY_SENSITIVE was removed for v2.0 */ - -#define CKR_KEY_SIZE_RANGE 0x00000062 -#define CKR_KEY_TYPE_INCONSISTENT 0x00000063 - -/* CKR_KEY_NOT_NEEDED, CKR_KEY_CHANGED, CKR_KEY_NEEDED, - * CKR_KEY_INDIGESTIBLE, CKR_KEY_FUNCTION_NOT_PERMITTED, - * CKR_KEY_NOT_WRAPPABLE, and CKR_KEY_UNEXTRACTABLE are new for - * v2.0 */ -#define CKR_KEY_NOT_NEEDED 0x00000064 -#define CKR_KEY_CHANGED 0x00000065 -#define CKR_KEY_NEEDED 0x00000066 -#define CKR_KEY_INDIGESTIBLE 0x00000067 -#define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068 -#define CKR_KEY_NOT_WRAPPABLE 0x00000069 -#define CKR_KEY_UNEXTRACTABLE 0x0000006A - -#define CKR_MECHANISM_INVALID 0x00000070 -#define CKR_MECHANISM_PARAM_INVALID 0x00000071 - -/* CKR_OBJECT_CLASS_INCONSISTENT and CKR_OBJECT_CLASS_INVALID - * were removed for v2.0 */ -#define CKR_OBJECT_HANDLE_INVALID 0x00000082 -#define CKR_OPERATION_ACTIVE 0x00000090 -#define CKR_OPERATION_NOT_INITIALIZED 0x00000091 -#define CKR_PIN_INCORRECT 0x000000A0 -#define CKR_PIN_INVALID 0x000000A1 -#define CKR_PIN_LEN_RANGE 0x000000A2 - -/* CKR_PIN_EXPIRED and CKR_PIN_LOCKED are new for v2.0 */ -#define CKR_PIN_EXPIRED 0x000000A3 -#define CKR_PIN_LOCKED 0x000000A4 - -#define CKR_SESSION_CLOSED 0x000000B0 -#define CKR_SESSION_COUNT 0x000000B1 -#define CKR_SESSION_HANDLE_INVALID 0x000000B3 -#define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4 -#define CKR_SESSION_READ_ONLY 0x000000B5 -#define CKR_SESSION_EXISTS 0x000000B6 - -/* CKR_SESSION_READ_ONLY_EXISTS and - * CKR_SESSION_READ_WRITE_SO_EXISTS are new for v2.0 */ -#define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7 -#define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8 - -#define CKR_SIGNATURE_INVALID 0x000000C0 -#define CKR_SIGNATURE_LEN_RANGE 0x000000C1 -#define CKR_TEMPLATE_INCOMPLETE 0x000000D0 -#define CKR_TEMPLATE_INCONSISTENT 0x000000D1 -#define CKR_TOKEN_NOT_PRESENT 0x000000E0 -#define CKR_TOKEN_NOT_RECOGNIZED 0x000000E1 -#define CKR_TOKEN_WRITE_PROTECTED 0x000000E2 -#define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0 -#define CKR_UNWRAPPING_KEY_SIZE_RANGE 0x000000F1 -#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x000000F2 -#define CKR_USER_ALREADY_LOGGED_IN 0x00000100 -#define CKR_USER_NOT_LOGGED_IN 0x00000101 -#define CKR_USER_PIN_NOT_INITIALIZED 0x00000102 -#define CKR_USER_TYPE_INVALID 0x00000103 - -/* CKR_USER_ANOTHER_ALREADY_LOGGED_IN and CKR_USER_TOO_MANY_TYPES - * are new to v2.01 */ -#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104 -#define CKR_USER_TOO_MANY_TYPES 0x00000105 - -#define CKR_WRAPPED_KEY_INVALID 0x00000110 -#define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112 -#define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113 -#define CKR_WRAPPING_KEY_SIZE_RANGE 0x00000114 -#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115 -#define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120 - -/* These are new to v2.0 */ -#define CKR_RANDOM_NO_RNG 0x00000121 - -/* These are new to v2.11 */ -#define CKR_DOMAIN_PARAMS_INVALID 0x00000130 - -/* These are new to v2.0 */ -#define CKR_BUFFER_TOO_SMALL 0x00000150 -#define CKR_SAVED_STATE_INVALID 0x00000160 -#define CKR_INFORMATION_SENSITIVE 0x00000170 -#define CKR_STATE_UNSAVEABLE 0x00000180 - -/* These are new to v2.01 */ -#define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190 -#define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191 -#define CKR_MUTEX_BAD 0x000001A0 -#define CKR_MUTEX_NOT_LOCKED 0x000001A1 - -/* The following return values are new for PKCS #11 v2.20 amendment 3 */ -#define CKR_NEW_PIN_MODE 0x000001B0 -#define CKR_NEXT_OTP 0x000001B1 - -/* This is new to v2.20 */ -#define CKR_FUNCTION_REJECTED 0x00000200 - -#define CKR_VENDOR_DEFINED 0x80000000 +#define CKR_OK 0x00000000UL +#define CKR_CANCEL 0x00000001UL +#define CKR_HOST_MEMORY 0x00000002UL +#define CKR_SLOT_ID_INVALID 0x00000003UL + +#define CKR_GENERAL_ERROR 0x00000005UL +#define CKR_FUNCTION_FAILED 0x00000006UL + +#define CKR_ARGUMENTS_BAD 0x00000007UL +#define CKR_NO_EVENT 0x00000008UL +#define CKR_NEED_TO_CREATE_THREADS 0x00000009UL +#define CKR_CANT_LOCK 0x0000000AUL + +#define CKR_ATTRIBUTE_READ_ONLY 0x00000010UL +#define CKR_ATTRIBUTE_SENSITIVE 0x00000011UL +#define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012UL +#define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013UL + +#define CKR_ACTION_PROHIBITED 0x0000001BUL + +#define CKR_DATA_INVALID 0x00000020UL +#define CKR_DATA_LEN_RANGE 0x00000021UL +#define CKR_DEVICE_ERROR 0x00000030UL +#define CKR_DEVICE_MEMORY 0x00000031UL +#define CKR_DEVICE_REMOVED 0x00000032UL +#define CKR_ENCRYPTED_DATA_INVALID 0x00000040UL +#define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041UL +#define CKR_FUNCTION_CANCELED 0x00000050UL +#define CKR_FUNCTION_NOT_PARALLEL 0x00000051UL + +#define CKR_FUNCTION_NOT_SUPPORTED 0x00000054UL + +#define CKR_KEY_HANDLE_INVALID 0x00000060UL + +#define CKR_KEY_SIZE_RANGE 0x00000062UL +#define CKR_KEY_TYPE_INCONSISTENT 0x00000063UL + +#define CKR_KEY_NOT_NEEDED 0x00000064UL +#define CKR_KEY_CHANGED 0x00000065UL +#define CKR_KEY_NEEDED 0x00000066UL +#define CKR_KEY_INDIGESTIBLE 0x00000067UL +#define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068UL +#define CKR_KEY_NOT_WRAPPABLE 0x00000069UL +#define CKR_KEY_UNEXTRACTABLE 0x0000006AUL + +#define CKR_MECHANISM_INVALID 0x00000070UL +#define CKR_MECHANISM_PARAM_INVALID 0x00000071UL + +#define CKR_OBJECT_HANDLE_INVALID 0x00000082UL +#define CKR_OPERATION_ACTIVE 0x00000090UL +#define CKR_OPERATION_NOT_INITIALIZED 0x00000091UL +#define CKR_PIN_INCORRECT 0x000000A0UL +#define CKR_PIN_INVALID 0x000000A1UL +#define CKR_PIN_LEN_RANGE 0x000000A2UL + +#define CKR_PIN_EXPIRED 0x000000A3UL +#define CKR_PIN_LOCKED 0x000000A4UL + +#define CKR_SESSION_CLOSED 0x000000B0UL +#define CKR_SESSION_COUNT 0x000000B1UL +#define CKR_SESSION_HANDLE_INVALID 0x000000B3UL +#define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4UL +#define CKR_SESSION_READ_ONLY 0x000000B5UL +#define CKR_SESSION_EXISTS 0x000000B6UL + +#define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7UL +#define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8UL + +#define CKR_SIGNATURE_INVALID 0x000000C0UL +#define CKR_SIGNATURE_LEN_RANGE 0x000000C1UL +#define CKR_TEMPLATE_INCOMPLETE 0x000000D0UL +#define CKR_TEMPLATE_INCONSISTENT 0x000000D1UL +#define CKR_TOKEN_NOT_PRESENT 0x000000E0UL +#define CKR_TOKEN_NOT_RECOGNIZED 0x000000E1UL +#define CKR_TOKEN_WRITE_PROTECTED 0x000000E2UL +#define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0UL +#define CKR_UNWRAPPING_KEY_SIZE_RANGE 0x000000F1UL +#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x000000F2UL +#define CKR_USER_ALREADY_LOGGED_IN 0x00000100UL +#define CKR_USER_NOT_LOGGED_IN 0x00000101UL +#define CKR_USER_PIN_NOT_INITIALIZED 0x00000102UL +#define CKR_USER_TYPE_INVALID 0x00000103UL + +#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104UL +#define CKR_USER_TOO_MANY_TYPES 0x00000105UL + +#define CKR_WRAPPED_KEY_INVALID 0x00000110UL +#define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112UL +#define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113UL +#define CKR_WRAPPING_KEY_SIZE_RANGE 0x00000114UL +#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115UL +#define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120UL + +#define CKR_RANDOM_NO_RNG 0x00000121UL + +#define CKR_DOMAIN_PARAMS_INVALID 0x00000130UL + +#define CKR_CURVE_NOT_SUPPORTED 0x00000140UL + +#define CKR_BUFFER_TOO_SMALL 0x00000150UL +#define CKR_SAVED_STATE_INVALID 0x00000160UL +#define CKR_INFORMATION_SENSITIVE 0x00000170UL +#define CKR_STATE_UNSAVEABLE 0x00000180UL + +#define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190UL +#define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191UL +#define CKR_MUTEX_BAD 0x000001A0UL +#define CKR_MUTEX_NOT_LOCKED 0x000001A1UL + +#define CKR_NEW_PIN_MODE 0x000001B0UL +#define CKR_NEXT_OTP 0x000001B1UL + +#define CKR_EXCEEDED_MAX_ITERATIONS 0x000001B5UL +#define CKR_FIPS_SELF_TEST_FAILED 0x000001B6UL +#define CKR_LIBRARY_LOAD_FAILED 0x000001B7UL +#define CKR_PIN_TOO_WEAK 0x000001B8UL +#define CKR_PUBLIC_KEY_INVALID 0x000001B9UL + +#define CKR_FUNCTION_REJECTED 0x00000200UL + +#define CKR_VENDOR_DEFINED 0x80000000UL /* CK_NOTIFY is an application callback that processes events */ @@ -1210,8 +1169,8 @@ typedef CK_CALLBACK_FUNCTION(CK_RV, CK_NOTIFY)( /* CK_FUNCTION_LIST is a structure holding a Cryptoki spec * version and pointers of appropriate types to all the - * Cryptoki functions */ -/* CK_FUNCTION_LIST is new for v2.0 */ + * Cryptoki functions + */ typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST; typedef CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR; @@ -1220,14 +1179,16 @@ typedef CK_FUNCTION_LIST_PTR CK_PTR CK_FUNCTION_LIST_PTR_PTR; /* CK_CREATEMUTEX is an application callback for creating a - * mutex object */ + * mutex object + */ typedef CK_CALLBACK_FUNCTION(CK_RV, CK_CREATEMUTEX)( CK_VOID_PTR_PTR ppMutex /* location to receive ptr to mutex */ ); /* CK_DESTROYMUTEX is an application callback for destroying a - * mutex object */ + * mutex object + */ typedef CK_CALLBACK_FUNCTION(CK_RV, CK_DESTROYMUTEX)( CK_VOID_PTR pMutex /* pointer to mutex */ ); @@ -1240,14 +1201,16 @@ typedef CK_CALLBACK_FUNCTION(CK_RV, CK_LOCKMUTEX)( /* CK_UNLOCKMUTEX is an application callback for unlocking a - * mutex */ + * mutex + */ typedef CK_CALLBACK_FUNCTION(CK_RV, CK_UNLOCKMUTEX)( CK_VOID_PTR pMutex /* pointer to mutex */ ); /* CK_C_INITIALIZE_ARGS provides the optional arguments to - * C_Initialize */ + * C_Initialize + */ typedef struct CK_C_INITIALIZE_ARGS { CK_CREATEMUTEX CreateMutex; CK_DESTROYMUTEX DestroyMutex; @@ -1260,8 +1223,8 @@ typedef struct CK_C_INITIALIZE_ARGS { /* flags: bit flags that provide capabilities of the slot * Bit Flag Mask Meaning */ -#define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001 -#define CKF_OS_LOCKING_OK 0x00000002 +#define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001UL +#define CKF_OS_LOCKING_OK 0x00000002UL typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR; @@ -1271,39 +1234,36 @@ typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR; /* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */ #define CKF_DONT_BLOCK 1 -/* CK_RSA_PKCS_OAEP_MGF_TYPE is new for v2.10. - * CK_RSA_PKCS_OAEP_MGF_TYPE is used to indicate the Message +/* CK_RSA_PKCS_MGF_TYPE is used to indicate the Message * Generation Function (MGF) applied to a message block when * formatting a message block for the PKCS #1 OAEP encryption - * scheme. */ + * scheme. + */ typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE; typedef CK_RSA_PKCS_MGF_TYPE CK_PTR CK_RSA_PKCS_MGF_TYPE_PTR; /* The following MGFs are defined */ -/* CKG_MGF1_SHA256, CKG_MGF1_SHA384, and CKG_MGF1_SHA512 - * are new for v2.20 */ -#define CKG_MGF1_SHA1 0x00000001 -#define CKG_MGF1_SHA256 0x00000002 -#define CKG_MGF1_SHA384 0x00000003 -#define CKG_MGF1_SHA512 0x00000004 -/* SHA-224 is new for PKCS #11 v2.20 amendment 3 */ -#define CKG_MGF1_SHA224 0x00000005 - -/* CK_RSA_PKCS_OAEP_SOURCE_TYPE is new for v2.10. - * CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source +#define CKG_MGF1_SHA1 0x00000001UL +#define CKG_MGF1_SHA256 0x00000002UL +#define CKG_MGF1_SHA384 0x00000003UL +#define CKG_MGF1_SHA512 0x00000004UL +#define CKG_MGF1_SHA224 0x00000005UL + +/* CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source * of the encoding parameter when formatting a message block - * for the PKCS #1 OAEP encryption scheme. */ + * for the PKCS #1 OAEP encryption scheme. + */ typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE; typedef CK_RSA_PKCS_OAEP_SOURCE_TYPE CK_PTR CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR; /* The following encoding parameter sources are defined */ -#define CKZ_DATA_SPECIFIED 0x00000001 +#define CKZ_DATA_SPECIFIED 0x00000001UL -/* CK_RSA_PKCS_OAEP_PARAMS is new for v2.10. - * CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the - * CKM_RSA_PKCS_OAEP mechanism. */ +/* CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the + * CKM_RSA_PKCS_OAEP mechanism. + */ typedef struct CK_RSA_PKCS_OAEP_PARAMS { CK_MECHANISM_TYPE hashAlg; CK_RSA_PKCS_MGF_TYPE mgf; @@ -1314,9 +1274,9 @@ typedef struct CK_RSA_PKCS_OAEP_PARAMS { typedef CK_RSA_PKCS_OAEP_PARAMS CK_PTR CK_RSA_PKCS_OAEP_PARAMS_PTR; -/* CK_RSA_PKCS_PSS_PARAMS is new for v2.11. - * CK_RSA_PKCS_PSS_PARAMS provides the parameters to the - * CKM_RSA_PKCS_PSS mechanism(s). */ +/* CK_RSA_PKCS_PSS_PARAMS provides the parameters to the + * CKM_RSA_PKCS_PSS mechanism(s). + */ typedef struct CK_RSA_PKCS_PSS_PARAMS { CK_MECHANISM_TYPE hashAlg; CK_RSA_PKCS_MGF_TYPE mgf; @@ -1325,15 +1285,23 @@ typedef struct CK_RSA_PKCS_PSS_PARAMS { typedef CK_RSA_PKCS_PSS_PARAMS CK_PTR CK_RSA_PKCS_PSS_PARAMS_PTR; -/* CK_EC_KDF_TYPE is new for v2.11. */ typedef CK_ULONG CK_EC_KDF_TYPE; /* The following EC Key Derivation Functions are defined */ -#define CKD_NULL 0x00000001 -#define CKD_SHA1_KDF 0x00000002 +#define CKD_NULL 0x00000001UL +#define CKD_SHA1_KDF 0x00000002UL + +/* The following X9.42 DH key derivation functions are defined */ +#define CKD_SHA1_KDF_ASN1 0x00000003UL +#define CKD_SHA1_KDF_CONCATENATE 0x00000004UL +#define CKD_SHA224_KDF 0x00000005UL +#define CKD_SHA256_KDF 0x00000006UL +#define CKD_SHA384_KDF 0x00000007UL +#define CKD_SHA512_KDF 0x00000008UL +#define CKD_CPDIVERSIFY_KDF 0x00000009UL -/* CK_ECDH1_DERIVE_PARAMS is new for v2.11. - * CK_ECDH1_DERIVE_PARAMS provides the parameters to the + +/* CK_ECDH1_DERIVE_PARAMS provides the parameters to the * CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE mechanisms, * where each party contributes one key pair. */ @@ -1347,10 +1315,10 @@ typedef struct CK_ECDH1_DERIVE_PARAMS { typedef CK_ECDH1_DERIVE_PARAMS CK_PTR CK_ECDH1_DERIVE_PARAMS_PTR; - -/* CK_ECDH2_DERIVE_PARAMS is new for v2.11. +/* * CK_ECDH2_DERIVE_PARAMS provides the parameters to the - * CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs. */ + * CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs. + */ typedef struct CK_ECDH2_DERIVE_PARAMS { CK_EC_KDF_TYPE kdf; CK_ULONG ulSharedDataLen; @@ -1381,19 +1349,15 @@ typedef struct CK_ECMQV_DERIVE_PARAMS { typedef CK_ECMQV_DERIVE_PARAMS CK_PTR CK_ECMQV_DERIVE_PARAMS_PTR; /* Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the - * CKM_X9_42_DH_PARAMETER_GEN mechanisms (new for PKCS #11 v2.11) */ + * CKM_X9_42_DH_PARAMETER_GEN mechanisms + */ typedef CK_ULONG CK_X9_42_DH_KDF_TYPE; typedef CK_X9_42_DH_KDF_TYPE CK_PTR CK_X9_42_DH_KDF_TYPE_PTR; -/* The following X9.42 DH key derivation functions are defined - (besides CKD_NULL already defined : */ -#define CKD_SHA1_KDF_ASN1 0x00000003 -#define CKD_SHA1_KDF_CONCATENATE 0x00000004 - -/* CK_X9_42_DH1_DERIVE_PARAMS is new for v2.11. - * CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the +/* CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the * CKM_X9_42_DH_DERIVE key derivation mechanism, where each party - * contributes one key pair */ + * contributes one key pair + */ typedef struct CK_X9_42_DH1_DERIVE_PARAMS { CK_X9_42_DH_KDF_TYPE kdf; CK_ULONG ulOtherInfoLen; @@ -1404,10 +1368,10 @@ typedef struct CK_X9_42_DH1_DERIVE_PARAMS { typedef struct CK_X9_42_DH1_DERIVE_PARAMS CK_PTR CK_X9_42_DH1_DERIVE_PARAMS_PTR; -/* CK_X9_42_DH2_DERIVE_PARAMS is new for v2.11. - * CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the +/* CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the * CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation - * mechanisms, where each party contributes two key pairs */ + * mechanisms, where each party contributes two key pairs + */ typedef struct CK_X9_42_DH2_DERIVE_PARAMS { CK_X9_42_DH_KDF_TYPE kdf; CK_ULONG ulOtherInfoLen; @@ -1438,8 +1402,8 @@ typedef struct CK_X9_42_MQV_DERIVE_PARAMS { typedef CK_X9_42_MQV_DERIVE_PARAMS CK_PTR CK_X9_42_MQV_DERIVE_PARAMS_PTR; /* CK_KEA_DERIVE_PARAMS provides the parameters to the - * CKM_KEA_DERIVE mechanism */ -/* CK_KEA_DERIVE_PARAMS is new for v2.0 */ + * CKM_KEA_DERIVE mechanism + */ typedef struct CK_KEA_DERIVE_PARAMS { CK_BBOOL isSender; CK_ULONG ulRandomLen; @@ -1454,19 +1418,18 @@ typedef CK_KEA_DERIVE_PARAMS CK_PTR CK_KEA_DERIVE_PARAMS_PTR; /* CK_RC2_PARAMS provides the parameters to the CKM_RC2_ECB and * CKM_RC2_MAC mechanisms. An instance of CK_RC2_PARAMS just - * holds the effective keysize */ + * holds the effective keysize + */ typedef CK_ULONG CK_RC2_PARAMS; typedef CK_RC2_PARAMS CK_PTR CK_RC2_PARAMS_PTR; /* CK_RC2_CBC_PARAMS provides the parameters to the CKM_RC2_CBC - * mechanism */ + * mechanism + */ typedef struct CK_RC2_CBC_PARAMS { - /* ulEffectiveBits was changed from CK_USHORT to CK_ULONG for - * v2.0 */ CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */ - CK_BYTE iv[8]; /* IV for CBC mode */ } CK_RC2_CBC_PARAMS; @@ -1474,8 +1437,8 @@ typedef CK_RC2_CBC_PARAMS CK_PTR CK_RC2_CBC_PARAMS_PTR; /* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the - * CKM_RC2_MAC_GENERAL mechanism */ -/* CK_RC2_MAC_GENERAL_PARAMS is new for v2.0 */ + * CKM_RC2_MAC_GENERAL mechanism + */ typedef struct CK_RC2_MAC_GENERAL_PARAMS { CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */ CK_ULONG ulMacLength; /* Length of MAC in bytes */ @@ -1486,8 +1449,8 @@ typedef CK_RC2_MAC_GENERAL_PARAMS CK_PTR \ /* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and - * CKM_RC5_MAC mechanisms */ -/* CK_RC5_PARAMS is new for v2.0 */ + * CKM_RC5_MAC mechanisms + */ typedef struct CK_RC5_PARAMS { CK_ULONG ulWordsize; /* wordsize in bits */ CK_ULONG ulRounds; /* number of rounds */ @@ -1497,8 +1460,8 @@ typedef CK_RC5_PARAMS CK_PTR CK_RC5_PARAMS_PTR; /* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC - * mechanism */ -/* CK_RC5_CBC_PARAMS is new for v2.0 */ + * mechanism + */ typedef struct CK_RC5_CBC_PARAMS { CK_ULONG ulWordsize; /* wordsize in bits */ CK_ULONG ulRounds; /* number of rounds */ @@ -1510,8 +1473,8 @@ typedef CK_RC5_CBC_PARAMS CK_PTR CK_RC5_CBC_PARAMS_PTR; /* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the - * CKM_RC5_MAC_GENERAL mechanism */ -/* CK_RC5_MAC_GENERAL_PARAMS is new for v2.0 */ + * CKM_RC5_MAC_GENERAL mechanism + */ typedef struct CK_RC5_MAC_GENERAL_PARAMS { CK_ULONG ulWordsize; /* wordsize in bits */ CK_ULONG ulRounds; /* number of rounds */ @@ -1521,16 +1484,14 @@ typedef struct CK_RC5_MAC_GENERAL_PARAMS { typedef CK_RC5_MAC_GENERAL_PARAMS CK_PTR \ CK_RC5_MAC_GENERAL_PARAMS_PTR; - /* CK_MAC_GENERAL_PARAMS provides the parameters to most block * ciphers' MAC_GENERAL mechanisms. Its value is the length of - * the MAC */ -/* CK_MAC_GENERAL_PARAMS is new for v2.0 */ + * the MAC + */ typedef CK_ULONG CK_MAC_GENERAL_PARAMS; typedef CK_MAC_GENERAL_PARAMS CK_PTR CK_MAC_GENERAL_PARAMS_PTR; -/* CK_DES/AES_ECB/CBC_ENCRYPT_DATA_PARAMS are new for v2.20 */ typedef struct CK_DES_CBC_ENCRYPT_DATA_PARAMS { CK_BYTE iv[8]; CK_BYTE_PTR pData; @@ -1548,8 +1509,8 @@ typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS { typedef CK_AES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR; /* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the - * CKM_SKIPJACK_PRIVATE_WRAP mechanism */ -/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS is new for v2.0 */ + * CKM_SKIPJACK_PRIVATE_WRAP mechanism + */ typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS { CK_ULONG ulPasswordLen; CK_BYTE_PTR pPassword; @@ -1565,12 +1526,12 @@ typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS { } CK_SKIPJACK_PRIVATE_WRAP_PARAMS; typedef CK_SKIPJACK_PRIVATE_WRAP_PARAMS CK_PTR \ - CK_SKIPJACK_PRIVATE_WRAP_PTR; + CK_SKIPJACK_PRIVATE_WRAP_PARAMS_PTR; /* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the - * CKM_SKIPJACK_RELAYX mechanism */ -/* CK_SKIPJACK_RELAYX_PARAMS is new for v2.0 */ + * CKM_SKIPJACK_RELAYX mechanism + */ typedef struct CK_SKIPJACK_RELAYX_PARAMS { CK_ULONG ulOldWrappedXLen; CK_BYTE_PTR pOldWrappedX; @@ -1605,17 +1566,15 @@ typedef CK_PBE_PARAMS CK_PTR CK_PBE_PARAMS_PTR; /* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the - * CKM_KEY_WRAP_SET_OAEP mechanism */ -/* CK_KEY_WRAP_SET_OAEP_PARAMS is new for v2.0 */ + * CKM_KEY_WRAP_SET_OAEP mechanism + */ typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS { CK_BYTE bBC; /* block contents byte */ CK_BYTE_PTR pX; /* extra data */ CK_ULONG ulXLen; /* length of extra data in bytes */ } CK_KEY_WRAP_SET_OAEP_PARAMS; -typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR \ - CK_KEY_WRAP_SET_OAEP_PARAMS_PTR; - +typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR CK_KEY_WRAP_SET_OAEP_PARAMS_PTR; typedef struct CK_SSL3_RANDOM_DATA { CK_BYTE_PTR pClientRandom; @@ -1633,7 +1592,6 @@ typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS { typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR \ CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR; - typedef struct CK_SSL3_KEY_MAT_OUT { CK_OBJECT_HANDLE hClientMacSecret; CK_OBJECT_HANDLE hServerMacSecret; @@ -1657,7 +1615,6 @@ typedef struct CK_SSL3_KEY_MAT_PARAMS { typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR CK_SSL3_KEY_MAT_PARAMS_PTR; -/* CK_TLS_PRF_PARAMS is new for version 2.20 */ typedef struct CK_TLS_PRF_PARAMS { CK_BYTE_PTR pSeed; CK_ULONG ulSeedLen; @@ -1669,7 +1626,6 @@ typedef struct CK_TLS_PRF_PARAMS { typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR; -/* WTLS is new for version 2.20 */ typedef struct CK_WTLS_RANDOM_DATA { CK_BYTE_PTR pClientRandom; CK_ULONG ulClientRandomLen; @@ -1721,7 +1677,6 @@ typedef struct CK_WTLS_KEY_MAT_PARAMS { typedef CK_WTLS_KEY_MAT_PARAMS CK_PTR CK_WTLS_KEY_MAT_PARAMS_PTR; -/* CMS is new for version 2.20 */ typedef struct CK_CMS_SIG_PARAMS { CK_OBJECT_HANDLE certificateHandle; CK_MECHANISM_PTR pSigningMechanism; @@ -1747,38 +1702,45 @@ typedef CK_KEY_DERIVATION_STRING_DATA CK_PTR \ /* The CK_EXTRACT_PARAMS is used for the * CKM_EXTRACT_KEY_FROM_KEY mechanism. It specifies which bit * of the base key should be used as the first bit of the - * derived key */ -/* CK_EXTRACT_PARAMS is new for v2.0 */ + * derived key + */ typedef CK_ULONG CK_EXTRACT_PARAMS; typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR; -/* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is new for v2.10. - * CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to +/* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to * indicate the Pseudo-Random Function (PRF) used to generate - * key bits using PKCS #5 PBKDF2. */ + * key bits using PKCS #5 PBKDF2. + */ typedef CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE; -typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR; - -/* The following PRFs are defined in PKCS #5 v2.0. */ -#define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001 +typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR \ + CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR; +#define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001UL +#define CKP_PKCS5_PBKD2_HMAC_GOSTR3411 0x00000002UL +#define CKP_PKCS5_PBKD2_HMAC_SHA224 0x00000003UL +#define CKP_PKCS5_PBKD2_HMAC_SHA256 0x00000004UL +#define CKP_PKCS5_PBKD2_HMAC_SHA384 0x00000005UL +#define CKP_PKCS5_PBKD2_HMAC_SHA512 0x00000006UL +#define CKP_PKCS5_PBKD2_HMAC_SHA512_224 0x00000007UL +#define CKP_PKCS5_PBKD2_HMAC_SHA512_256 0x00000008UL -/* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is new for v2.10. - * CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the +/* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the * source of the salt value when deriving a key using PKCS #5 - * PBKDF2. */ + * PBKDF2. + */ typedef CK_ULONG CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE; -typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE CK_PTR CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR; +typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE CK_PTR \ + CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR; /* The following salt value sources are defined in PKCS #5 v2.0. */ -#define CKZ_SALT_SPECIFIED 0x00000001 +#define CKZ_SALT_SPECIFIED 0x00000001UL -/* CK_PKCS5_PBKD2_PARAMS is new for v2.10. - * CK_PKCS5_PBKD2_PARAMS is a structure that provides the - * parameters to the CKM_PKCS5_PBKD2 mechanism. */ +/* CK_PKCS5_PBKD2_PARAMS is a structure that provides the + * parameters to the CKM_PKCS5_PBKD2 mechanism. + */ typedef struct CK_PKCS5_PBKD2_PARAMS { CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource; CK_VOID_PTR pSaltSourceData; @@ -1793,10 +1755,26 @@ typedef struct CK_PKCS5_PBKD2_PARAMS { typedef CK_PKCS5_PBKD2_PARAMS CK_PTR CK_PKCS5_PBKD2_PARAMS_PTR; -/* All CK_OTP structs are new for PKCS #11 v2.20 amendment 3 */ +/* CK_PKCS5_PBKD2_PARAMS2 is a corrected version of the CK_PKCS5_PBKD2_PARAMS + * structure that provides the parameters to the CKM_PKCS5_PBKD2 mechanism + * noting that the ulPasswordLen field is a CK_ULONG and not a CK_ULONG_PTR. + */ +typedef struct CK_PKCS5_PBKD2_PARAMS2 { + CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource; + CK_VOID_PTR pSaltSourceData; + CK_ULONG ulSaltSourceDataLen; + CK_ULONG iterations; + CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf; + CK_VOID_PTR pPrfData; + CK_ULONG ulPrfDataLen; + CK_UTF8CHAR_PTR pPassword; + CK_ULONG ulPasswordLen; +} CK_PKCS5_PBKD2_PARAMS2; + +typedef CK_PKCS5_PBKD2_PARAMS2 CK_PTR CK_PKCS5_PBKD2_PARAMS2_PTR; typedef CK_ULONG CK_OTP_PARAM_TYPE; -typedef CK_OTP_PARAM_TYPE CK_PARAM_TYPE; /* B/w compatibility */ +typedef CK_OTP_PARAM_TYPE CK_PARAM_TYPE; /* backward compatibility */ typedef struct CK_OTP_PARAM { CK_OTP_PARAM_TYPE type; @@ -1820,25 +1798,22 @@ typedef struct CK_OTP_SIGNATURE_INFO { typedef CK_OTP_SIGNATURE_INFO CK_PTR CK_OTP_SIGNATURE_INFO_PTR; -/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 */ -#define CK_OTP_VALUE 0 -#define CK_OTP_PIN 1 -#define CK_OTP_CHALLENGE 2 -#define CK_OTP_TIME 3 -#define CK_OTP_COUNTER 4 -#define CK_OTP_FLAGS 5 -#define CK_OTP_OUTPUT_LENGTH 6 -#define CK_OTP_OUTPUT_FORMAT 7 - -/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 */ -#define CKF_NEXT_OTP 0x00000001 -#define CKF_EXCLUDE_TIME 0x00000002 -#define CKF_EXCLUDE_COUNTER 0x00000004 -#define CKF_EXCLUDE_CHALLENGE 0x00000008 -#define CKF_EXCLUDE_PIN 0x00000010 -#define CKF_USER_FRIENDLY_OTP 0x00000020 - -/* CK_KIP_PARAMS is new for PKCS #11 v2.20 amendment 2 */ +#define CK_OTP_VALUE 0UL +#define CK_OTP_PIN 1UL +#define CK_OTP_CHALLENGE 2UL +#define CK_OTP_TIME 3UL +#define CK_OTP_COUNTER 4UL +#define CK_OTP_FLAGS 5UL +#define CK_OTP_OUTPUT_LENGTH 6UL +#define CK_OTP_OUTPUT_FORMAT 7UL + +#define CKF_NEXT_OTP 0x00000001UL +#define CKF_EXCLUDE_TIME 0x00000002UL +#define CKF_EXCLUDE_COUNTER 0x00000004UL +#define CKF_EXCLUDE_CHALLENGE 0x00000008UL +#define CKF_EXCLUDE_PIN 0x00000010UL +#define CKF_USER_FRIENDLY_OTP 0x00000020UL + typedef struct CK_KIP_PARAMS { CK_MECHANISM_PTR pMechanism; CK_OBJECT_HANDLE hKey; @@ -1848,7 +1823,6 @@ typedef struct CK_KIP_PARAMS { typedef CK_KIP_PARAMS CK_PTR CK_KIP_PARAMS_PTR; -/* CK_AES_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */ typedef struct CK_AES_CTR_PARAMS { CK_ULONG ulCounterBits; CK_BYTE cb[16]; @@ -1856,30 +1830,180 @@ typedef struct CK_AES_CTR_PARAMS { typedef CK_AES_CTR_PARAMS CK_PTR CK_AES_CTR_PARAMS_PTR; -/* CK_CAMELLIA_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */ +typedef struct CK_GCM_PARAMS { + CK_BYTE_PTR pIv; + CK_ULONG ulIvLen; + CK_ULONG ulIvBits; + CK_BYTE_PTR pAAD; + CK_ULONG ulAADLen; + CK_ULONG ulTagBits; +} CK_GCM_PARAMS; + +typedef CK_GCM_PARAMS CK_PTR CK_GCM_PARAMS_PTR; + +typedef struct CK_CCM_PARAMS { + CK_ULONG ulDataLen; + CK_BYTE_PTR pNonce; + CK_ULONG ulNonceLen; + CK_BYTE_PTR pAAD; + CK_ULONG ulAADLen; + CK_ULONG ulMACLen; +} CK_CCM_PARAMS; + +typedef CK_CCM_PARAMS CK_PTR CK_CCM_PARAMS_PTR; + +/* + * These conflict w/ definitions in usr/src/crypto/common and are deprecated, + * so we will require clients to explicitly request their use. + */ +#ifdef PKCS11_DEPRECATED_PARAMS +/* Deprecated. Use CK_GCM_PARAMS */ +typedef struct CK_AES_GCM_PARAMS { + CK_BYTE_PTR pIv; + CK_ULONG ulIvLen; + CK_ULONG ulIvBits; + CK_BYTE_PTR pAAD; + CK_ULONG ulAADLen; + CK_ULONG ulTagBits; +} CK_AES_GCM_PARAMS; + +typedef CK_AES_GCM_PARAMS CK_PTR CK_AES_GCM_PARAMS_PTR; + +/* Deprecated. Use CK_CCM_PARAMS */ +typedef struct CK_AES_CCM_PARAMS { + CK_ULONG ulDataLen; + CK_BYTE_PTR pNonce; + CK_ULONG ulNonceLen; + CK_BYTE_PTR pAAD; + CK_ULONG ulAADLen; + CK_ULONG ulMACLen; +} CK_AES_CCM_PARAMS; + +typedef CK_AES_CCM_PARAMS CK_PTR CK_AES_CCM_PARAMS_PTR; +#endif + typedef struct CK_CAMELLIA_CTR_PARAMS { - CK_ULONG ulCounterBits; - CK_BYTE cb[16]; + CK_ULONG ulCounterBits; + CK_BYTE cb[16]; } CK_CAMELLIA_CTR_PARAMS; typedef CK_CAMELLIA_CTR_PARAMS CK_PTR CK_CAMELLIA_CTR_PARAMS_PTR; -/* CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS is new for PKCS #11 v2.20 amendment 3 */ typedef struct CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS { - CK_BYTE iv[16]; - CK_BYTE_PTR pData; - CK_ULONG length; + CK_BYTE iv[16]; + CK_BYTE_PTR pData; + CK_ULONG length; } CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS; -typedef CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS_PTR; +typedef CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR \ + CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS_PTR; -/* CK_ARIA_CBC_ENCRYPT_DATA_PARAMS is new for PKCS #11 v2.20 amendment 3 */ typedef struct CK_ARIA_CBC_ENCRYPT_DATA_PARAMS { - CK_BYTE iv[16]; - CK_BYTE_PTR pData; - CK_ULONG length; + CK_BYTE iv[16]; + CK_BYTE_PTR pData; + CK_ULONG length; } CK_ARIA_CBC_ENCRYPT_DATA_PARAMS; -typedef CK_ARIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_ARIA_CBC_ENCRYPT_DATA_PARAMS_PTR; +typedef CK_ARIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR \ + CK_ARIA_CBC_ENCRYPT_DATA_PARAMS_PTR; + +typedef struct CK_DSA_PARAMETER_GEN_PARAM { + CK_MECHANISM_TYPE hash; + CK_BYTE_PTR pSeed; + CK_ULONG ulSeedLen; + CK_ULONG ulIndex; +} CK_DSA_PARAMETER_GEN_PARAM; + +typedef CK_DSA_PARAMETER_GEN_PARAM CK_PTR CK_DSA_PARAMETER_GEN_PARAM_PTR; + +typedef struct CK_ECDH_AES_KEY_WRAP_PARAMS { + CK_ULONG ulAESKeyBits; + CK_EC_KDF_TYPE kdf; + CK_ULONG ulSharedDataLen; + CK_BYTE_PTR pSharedData; +} CK_ECDH_AES_KEY_WRAP_PARAMS; + +typedef CK_ECDH_AES_KEY_WRAP_PARAMS CK_PTR CK_ECDH_AES_KEY_WRAP_PARAMS_PTR; + +typedef CK_ULONG CK_JAVA_MIDP_SECURITY_DOMAIN; + +typedef CK_ULONG CK_CERTIFICATE_CATEGORY; + +typedef struct CK_RSA_AES_KEY_WRAP_PARAMS { + CK_ULONG ulAESKeyBits; + CK_RSA_PKCS_OAEP_PARAMS_PTR pOAEPParams; +} CK_RSA_AES_KEY_WRAP_PARAMS; + +typedef CK_RSA_AES_KEY_WRAP_PARAMS CK_PTR CK_RSA_AES_KEY_WRAP_PARAMS_PTR; + +typedef struct CK_TLS12_MASTER_KEY_DERIVE_PARAMS { + CK_SSL3_RANDOM_DATA RandomInfo; + CK_VERSION_PTR pVersion; + CK_MECHANISM_TYPE prfHashMechanism; +} CK_TLS12_MASTER_KEY_DERIVE_PARAMS; + +typedef CK_TLS12_MASTER_KEY_DERIVE_PARAMS CK_PTR \ + CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR; + +typedef struct CK_TLS12_KEY_MAT_PARAMS { + CK_ULONG ulMacSizeInBits; + CK_ULONG ulKeySizeInBits; + CK_ULONG ulIVSizeInBits; + CK_BBOOL bIsExport; + CK_SSL3_RANDOM_DATA RandomInfo; + CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial; + CK_MECHANISM_TYPE prfHashMechanism; +} CK_TLS12_KEY_MAT_PARAMS; + +typedef CK_TLS12_KEY_MAT_PARAMS CK_PTR CK_TLS12_KEY_MAT_PARAMS_PTR; + +typedef struct CK_TLS_KDF_PARAMS { + CK_MECHANISM_TYPE prfMechanism; + CK_BYTE_PTR pLabel; + CK_ULONG ulLabelLength; + CK_SSL3_RANDOM_DATA RandomInfo; + CK_BYTE_PTR pContextData; + CK_ULONG ulContextDataLength; +} CK_TLS_KDF_PARAMS; + +typedef CK_TLS_KDF_PARAMS CK_PTR CK_TLS_KDF_PARAMS_PTR; + +typedef struct CK_TLS_MAC_PARAMS { + CK_MECHANISM_TYPE prfHashMechanism; + CK_ULONG ulMacLength; + CK_ULONG ulServerOrClient; +} CK_TLS_MAC_PARAMS; + +typedef CK_TLS_MAC_PARAMS CK_PTR CK_TLS_MAC_PARAMS_PTR; + +typedef struct CK_GOSTR3410_DERIVE_PARAMS { + CK_EC_KDF_TYPE kdf; + CK_BYTE_PTR pPublicData; + CK_ULONG ulPublicDataLen; + CK_BYTE_PTR pUKM; + CK_ULONG ulUKMLen; +} CK_GOSTR3410_DERIVE_PARAMS; + +typedef CK_GOSTR3410_DERIVE_PARAMS CK_PTR CK_GOSTR3410_DERIVE_PARAMS_PTR; + +typedef struct CK_GOSTR3410_KEY_WRAP_PARAMS { + CK_BYTE_PTR pWrapOID; + CK_ULONG ulWrapOIDLen; + CK_BYTE_PTR pUKM; + CK_ULONG ulUKMLen; + CK_OBJECT_HANDLE hKey; +} CK_GOSTR3410_KEY_WRAP_PARAMS; + +typedef CK_GOSTR3410_KEY_WRAP_PARAMS CK_PTR CK_GOSTR3410_KEY_WRAP_PARAMS_PTR; + +typedef struct CK_SEED_CBC_ENCRYPT_DATA_PARAMS { + CK_BYTE iv[16]; + CK_BYTE_PTR pData; + CK_ULONG length; +} CK_SEED_CBC_ENCRYPT_DATA_PARAMS; + +typedef CK_SEED_CBC_ENCRYPT_DATA_PARAMS CK_PTR \ + CK_SEED_CBC_ENCRYPT_DATA_PARAMS_PTR; + +#endif /* _PKCS11T_H_ */ -#endif diff --git a/usr/src/lib/pkcs11/libpkcs11/common/metaGlobal.h b/usr/src/lib/pkcs11/libpkcs11/common/metaGlobal.h index c0032cdcd9..e590935dba 100644 --- a/usr/src/lib/pkcs11/libpkcs11/common/metaGlobal.h +++ b/usr/src/lib/pkcs11/libpkcs11/common/metaGlobal.h @@ -93,7 +93,7 @@ extern "C" { /* CK_INFO: Information about cryptoki */ #define METASLOT_CRYPTOKI_VERSION_MAJOR 2 -#define METASLOT_CRYPTOKI_VERSION_MINOR 11 +#define METASLOT_CRYPTOKI_VERSION_MINOR 40 #define METASLOT_MANUFACTURER_ID "Sun Microsystems, Inc. " #define METASLOT_LIBRARY_DESCRIPTION "Sun Metaslot " #define METASLOT_LIBRARY_VERSION_MAJOR 1 diff --git a/usr/src/lib/pkcs11/libpkcs11/common/pkcs11Global.h b/usr/src/lib/pkcs11/libpkcs11/common/pkcs11Global.h index 5c49b3f9dc..f93e6b3811 100644 --- a/usr/src/lib/pkcs11/libpkcs11/common/pkcs11Global.h +++ b/usr/src/lib/pkcs11/libpkcs11/common/pkcs11Global.h @@ -27,8 +27,6 @@ #ifndef _PKCS11_GLOBAL_H #define _PKCS11_GLOBAL_H -#pragma ident "%Z%%M% %I% %E% SMI" - #ifdef __cplusplus extern "C" { #endif @@ -48,8 +46,6 @@ extern CK_SLOT_ID fast_slot; #define PKCS11_STRING_LENGTH 32 /* CK_INFO: Information about cryptoki */ -#define CRYPTOKI_VERSION_MAJOR 2 -#define CRYPTOKI_VERSION_MINOR 20 #define CRYPTOKI_VERSION_WARN_MINOR 10 #define MANUFACTURER_ID "Sun Microsystems, Inc. " #define LIBRARY_DESCRIPTION "Sun Crypto PKCS#11 Library " diff --git a/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelGlobal.h b/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelGlobal.h index c973481b35..3211018730 100644 --- a/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelGlobal.h +++ b/usr/src/lib/pkcs11/pkcs11_kernel/common/kernelGlobal.h @@ -26,8 +26,6 @@ #ifndef _KERNELGLOBAL_H #define _KERNELGLOBAL_H -#pragma ident "%Z%%M% %I% %E% SMI" - #ifdef __cplusplus extern "C" { #endif @@ -53,7 +51,7 @@ extern int kernel_fd; /* CK_INFO: Information about cryptoki */ #define CRYPTOKI_VERSION_MAJOR 2 -#define CRYPTOKI_VERSION_MINOR 20 +#define CRYPTOKI_VERSION_MINOR 40 #define MANUFACTURER_ID "Sun Microsystems, Inc. " #define LIBRARY_DESCRIPTION "Sun Crypto pkcs11_kernel " #define LIBRARY_VERSION_MAJOR 1 diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softGlobal.h b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softGlobal.h index bbb4d73152..938bee9029 100644 --- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softGlobal.h +++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softGlobal.h @@ -46,7 +46,7 @@ extern struct ses_to_be_freed_list ses_delay_freed; /* CK_INFO: Information about cryptoki */ #define CRYPTOKI_VERSION_MAJOR 2 -#define CRYPTOKI_VERSION_MINOR 20 +#define CRYPTOKI_VERSION_MINOR 40 #define LIBRARY_DESCRIPTION "Sun Crypto Softtoken " #define LIBRARY_VERSION_MAJOR 1 #define LIBRARY_VERSION_MINOR 1 diff --git a/usr/src/man/man3lib/libpkcs11.3lib b/usr/src/man/man3lib/libpkcs11.3lib index 5309ed33e0..fb9581ee80 100644 --- a/usr/src/man/man3lib/libpkcs11.3lib +++ b/usr/src/man/man3lib/libpkcs11.3lib @@ -1,244 +1,248 @@ -'\" te .\" Copyright (c) 2008, Sun Microsystems, Inc. All rights reserved. +.\" Copyright 2016 Jason King. +.\" .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH LIBPKCS11 3LIB "Aug 4, 2008" -.SH NAME -libpkcs11 \- PKCS#11 Cryptographic Framework library -.SH SYNOPSIS -.LP -.nf -cc [ \fIflag\fR... ] \fIfile\fR... \fB-lpkcs11\fR [ \fIlibrary\fR... ] -#include <\fBsecurity/cryptoki.h\fR> -#include <\fBsecurity/pkcs11.h\fR> -.fi - -.SH DESCRIPTION -.sp -.LP -The \fBlibpkcs11\fR library implements the RSA Security Inc. PKCS#11 -Cryptographic Token Interface (Cryptoki), v2.20 specification by using plug-ins +.Dd Oct 19, 2016 +.Dt LIBPKCS11 3LIB +.Os +.Sh NAME +.Nm libpkcs11 +.Nd PKCS#11 Cryptographic Framework library +.Sh SYNOPSIS +.Lb libpkcs11 +.In security/cryptoki.h +.In security/pkcs11.h +.Sh DESCRIPTION +The +.Nm +library implements the RSA Security Inc. PKCS#11 +Cryptographic Token Interface (Cryptoki), v2.40 specification by using plug-ins to provide the slots. -.sp -.LP -Each plug-in, which also implements RSA PKCS#11 v2.20, represents one or more +.Lp +Each plug-in, which also implements RSA PKCS#11 v2.40, represents one or more slots. -.sp -.LP -The \fBlibpkcs11\fR library provides a special slot called the meta slot. The +.Lp +The +.Nm +library provides a special slot called the meta slot. The meta slot provides a virtual union of capabilities of all other slots. When -available, the meta slot is always the first slot provided by \fBlibpkcs11\fR. -.sp -.LP +available, the meta slot is always the first slot provided by +.Nm . +.Lp The meta slot feature can be configured either system-wide or by individual users. System-wide configuration for meta slot features is done with the -\fBcryptoadm\fR(1M) utility. User configuration for meta slot features is +.Xr cryptoadm 1M +utility. User configuration for meta slot features is performed with environment variables. -.sp -.LP +.Lp By default, the following is the system-wide configuration for meta slot. Meta slot is enabled. Meta slot provides token-based object support with the -Software RSA PKCS#11 softtoken (\fBpkcs11_softtoken\fR(5)). Meta slot is +Software RSA PKCS#11 softtoken +.Pf ( Xr pkcs11_softtoken 5 ) . +Meta slot is allowed to move sensitive token objects to other slots if that is necessary to perform an operation. -.sp -.LP +.Lp Users can overwrite one or more system-wide configuration options for meta slot using these environment variables. -.sp -.LP -The \fB${METASLOT_OBJECTSTORE_SLOT}\fR and \fB${METASLOT_OBJECTSTORE_TOKEN}\fR +.Lp +The +.Ev ${METASLOT_OBJECTSTORE_SLOT} +and +.Ev ${METASLOT_OBJECTSTORE_TOKEN} environment variables are used to specify an alternate token object store. A -user can specify either slot-description in \fB${METASLOT_OBJECTSTORE_SLOT}\fR -or token-label in \fB${METASLOT_OBJECTSTORE_TOKEN}\fR, or both. Valid values +user can specify either slot-description in +.Ev ${METASLOT_OBJECTSTORE_SLOT} +or token-label in +.Ev ${METASLOT_OBJECTSTORE_TOKEN} , or both. Valid values for slot-description and token-label are available from output of the command: -.sp -.in +2 -.nf -cryptoadm list -v -.fi -.in -2 -.sp - -.sp -.LP -The \fB${METASLOT_ENABLED}\fR environment variable is used to specify whether +.Bd -literal -offset indent +# cryptoadm list -v +.Ed +.Lp +The +.Ev ${METASLOT_ENABLED} +environment variable is used to specify whether the user wants to turn the metaslot feature on or off. Only two values are recognized. The value "true" means meta slot will be on. The value "false" means meta slot will be off. -.sp -.LP -The \fB${METASLOT_AUTO_KEY_MIGRATE}\fR environment variable is used to specify +.Lp +The +.Ev ${METASLOT_AUTO_KEY_MIGRATE} +environment variable is used to specify whether the user wants sensitive token objects to move to other slots for cryptographic operations. Only two values are recognized. The value "true" means meta slot will migrate sensitive token objects to other slots if necessary. The value "false" means meta slot will not migrate sensitive token objects to other slots even if it is necessary. -.sp -.LP +.Lp When the meta slot feature is enabled, the slot that provides token-based object support is not shown as one of the available slots. All of its functionality can be used with the meta slot. -.sp -.LP +.Lp This library filters the list of mechanisms available from plug-ins based on -the policy set by \fBcryptoadm\fR(1M). -.sp -.LP -This library provides entry points for all PKCS#11 v2.20 functions. See the RSA -PKCS#11 v2.20 specification at http://www.rsasecurity.com. -.sp -.LP -Plug-ins are added to \fBlibpkcs11\fR by the \fBpkcs11conf\fR class action -script during execution of \fBpkgadd\fR(1M). The available mechanisms are -administered by the \fBcryptoadm\fR(1M) utility. -.sp -.LP +the policy set by +.Xr cryptoadm 1M . +.Lp +This library provides entry points for all PKCS#11 v2.40 functions. See the +PKCS#11 v2.40 specifications at +.Lk http://www.oasis-open.org. +.Lp +Plug-ins are added to +.Nm +by the +.Sy pkcs11conf +class action +script during execution of +.Xr pkgadd 1M . +The available mechanisms are administered by the +.Xr cryptoadm 1M +utility. +.Lp Plug-ins must have all of their library dependancies specified, including -\fBlibc\fR(3LIB). Libraries that have unresolved symbols, including those from -\fBlibc\fR, will be rejected and a message will be sent to \fBsyslog\fR(3C) for -such plug-ins. -.sp -.LP +.Xr libc 3LIB . +Libraries that have unresolved symbols, including those from +.Xr libc 3LIB , +will be rejected and a message will be sent to +.Xr syslog 3C +for such plug-ins. +.Lp Due to U.S. Export regulations, all plug-ins are required to be -cryptographically signed using the \fBelfsign\fR utility. -.sp -.LP +cryptographically signed using the +.Xr elfsign 1 +utility. +.Lp Any plug-in that is not signed or is not a compatible version of PKCS#11 will -be dropped by \fBlibpkcs11\fR. When a plug-in is dropped, the administrator is -alerted by the \fBsyslog\fR(3C) utility. -.sp -.LP -The <\fBsecurity/pkcs11f.h\fR> header contains function definitions. The -<\fBsecurity/pkcs11t.h\fR> header contains type definitions. Applications can -include either of these headers in place of <\fBsecurity/pkcs11.h\fR>, which -contains both function and type definitions. -.SH INTERFACES -.sp -.LP -The shared object \fBlibpkcs11.so.1\fR provides the public interfaces defined -below. See \fBIntro\fR(3) for additional information on shared object -interfaces. -.SS "PKCS#11 Standard" -.sp - -.sp -.TS -l l -l l . -\fBC_CloseAllSessions\fR \fBC_CloseSession\fR -\fBC_CopyObject\fR \fBC_CreateObject\fR -\fBC_Decrypt\fR \fBC_DecryptDigestUpdate\fR -\fBC_DecryptFinal\fR \fBC_DecryptInit\fR -\fBC_DecryptUpdate\fR \fBC_DecryptVerifyUpdate\fR -\fBC_DeriveKey\fR \fBC_DestroyObject\fR -\fBC_Digest\fR \fBC_DigestEncryptUpdate\fR -\fBC_DigestFinal\fR \fBC_DigestInit\fR -\fBC_DigestKey\fR \fBC_DigestUpdate\fR -\fBC_Encrypt\fR \fBC_EncryptFinal\fR -\fBC_EncryptInit\fR \fBC_EncryptUpdate\fR -\fBC_Finalize\fR \fBC_FindObjects\fR -\fBC_FindObjectsFinal\fR \fBC_FindObjectsInit\fR -\fBC_GenerateKey\fR \fBC_GenerateKeyPair\fR -\fBC_GenerateRandom\fR \fBC_GetAttributeValue\fR -\fBC_GetFunctionList\fR \fBC_GetInfo\fR -\fBC_GetMechanismInfo\fR \fBC_GetMechanismList\fR -\fBC_GetObjectSize\fR \fBC_GetOperationState\fR -\fBC_GetSessionInfo\fR \fBC_GetSlotInfo\fR -\fBC_GetSlotList\fR \fBC_GetTokenInfo\fR -\fBC_InitPIN\fR \fBC_InitToken\fR -\fBC_Initialize\fR \fBC_Login\fR -\fBC_Logout\fR \fBC_OpenSession\fR -\fBC_SeedRandom\fR \fBC_SetAttributeValue\fR -\fBC_SetOperationState\fR \fBC_SetPIN\fR -\fBC_Sign\fR \fBC_SignEncryptUpdate\fR -\fBC_SignFinal\fR \fBC_SignInit\fR -\fBC_SignRecover\fR \fBC_SignRecoverInit\fR -\fBC_SignUpdate\fR \fBC_UnwrapKey\fR -\fBC_Verify\fR \fBC_VerifyFinal\fR -\fBC_VerifyInit\fR \fBC_VerifyRecover\fR -\fBC_VerifyRecoverInit\fR \fBC_VerifyUpdate\fR -\fBC_WaitForSlotEvent\fR \fBC_WrapKey\fR -.TE - -.SS "SUNW Extensions" -.sp - -.sp -.TS -l l . -\fBSUNW_C_GetMechSession\fR \fBSUNW_C_KeyToObject\fR -.TE - -.SH FILES -.sp -.ne 2 -.na -\fB\fB/usr/lib/libpkcs11.so.1\fR\fR -.ad -.RS 30n +be dropped by +.Nm . +When a plug-in is dropped, the administrator is alerted by the +.Xr syslog 3C +utility. +.Lp +The +.In security/pkcs11f.h +header contains function definitions. The +.In security/pkcs11t.h +header contains type definitions. Applications can +include either of these headers in place of +.In security/pkcs11.h , +which contains both function and type definitions. +.Sh INTERFACES +The shared object +.Lb libpkcs11.so.1 +provides the public interfaces defined below. See +.Xr Intro 3 +for additional information on shared object interfaces. +.Ss "PKCS#11 Standard" +.\" +.\" Use SUNW_C_GetMechSession for the first column so both sections will +.\" line up better when rendered +.\" +.Bl -column -offset indent ".Sy SUNW_C_GetMechSession" ".Sy C_DecryptDigestUpdate" +.It Sy C_CloseAllSessions Ta Sy C_CloseSession +.It Sy C_CopyObject Ta Sy C_CreateObject +.It Sy C_Decrypt Ta Sy C_DecryptDigestUpdate +.It Sy C_DecryptFinal Ta Sy C_DecryptInit +.It Sy C_DecryptUpdate Ta Sy C_DecryptVerifyUpdate +.It Sy C_DeriveKey Ta Sy C_DestroyObject +.It Sy C_Digest Ta Sy C_DigestEncryptUpdate +.It Sy C_DigestFinal Ta Sy C_DigestInit +.It Sy C_DigestKey Ta Sy C_DigestUpdate +.It Sy C_Encrypt Ta Sy C_EncryptFinal +.It Sy C_EncryptInit Ta Sy C_EncryptUpdate +.It Sy C_Finalize Ta Sy C_FindObjects +.It Sy C_FindObjectsFinal Ta Sy C_FindObjectsInit +.It Sy C_GenerateKey Ta Sy C_GenerateKeyPair +.It Sy C_GenerateRandom Ta Sy C_GetAttributeValue +.It Sy C_GetFunctionList Ta Sy C_GetInfo +.It Sy C_GetMechanismInfo Ta Sy C_GetMechanismList +.It Sy C_GetObjectSize Ta Sy C_GetOperationState +.It Sy C_GetSessionInfo Ta Sy C_GetSlotInfo +.It Sy C_GetSlotList Ta Sy C_GetTokenInfo +.It Sy C_InitPIN Ta Sy C_InitToken +.It Sy C_Initialize Ta Sy C_Login +.It Sy C_Logout Ta Sy C_OpenSession +.It Sy C_SeedRandom Ta Sy C_SetAttributeValue +.It Sy C_SetOperationState Ta Sy C_SetPIN +.It Sy C_Sign Ta Sy C_SignEncryptUpdate +.It Sy C_SignFinal Ta Sy C_SignInit +.It Sy C_SignRecover Ta Sy C_SignRecoverInit +.It Sy C_SignUpdate Ta Sy C_UnwrapKey +.It Sy C_Verify Ta Sy C_VerifyFinal +.It Sy C_VerifyInit Ta Sy C_VerifyRecover +.It Sy C_VerifyRecoverInit Ta Sy C_VerifyUpdate +.It Sy C_WaitForSlotEvent Ta Sy C_WrapKey +.El +.Ss "SUNW Extensions" +.Bl -column -offset indent ".Sy SUNW_C_GetMechSession" ".Sy C_DecryptDigestUpdate" +.It Sy SUNW_C_GetMechSession Ta Sy SUNW_C_KeyToObject +.El +.Sh FILES +.Bl -tag -compact -width Pa +.It Pa /usr/lib/libpkcs11.so.1 shared object -.RE - -.sp -.ne 2 -.na -\fB\fB/usr/lib/64/libpkcs11.so.1\fR\fR -.ad -.RS 30n +.It Pa /usr/lib/64/libpkcs11.so.1 64-bit shared object -.RE - -.SH ATTRIBUTES -.sp -.LP -See \fBattributes\fR(5) for descriptions of the following attributes: -.sp - -.sp -.TS -box; -c | c -l | l . -ATTRIBUTE TYPE ATTRIBUTE VALUE -Interface Stability Committed -_ -MT-Level See below. -_ -Standard See below. -.TE - -.sp -.LP +.El +.Sh ATTRIBUTES +See +.Xr attributes 5 +for descriptions of the following attributes: +.Sh INTERFACE STABILITY +.Sy Committed +.Sh MT-LEVEL The SUNW Extension functions are MT-Safe. The PKCS#11 Standard functions are -MT-Safe with exceptions. See Section 6.5.2 of RSA PKCS#11 v2.20. -.sp -.LP -The PKCS#11 Standard functions conform to PKCS#11 v2.20. -.SH SEE ALSO -.sp -.LP -\fBcryptoadm\fR(1M), \fBpkgadd\fR(1M), \fBIntro\fR(3), -\fBSUNW_C_GetMechSession\fR(3EXT), \fBsyslog\fR(3C), \fBattributes\fR(5) , -\fBpkcs11_kernel\fR(5), \fBpkcs11_softtoken\fR(5) -.sp -.LP -RSA PKCS#11 v2.20 http://www.rsasecurity.com -.SH NOTES -.sp -.LP -If an application calls \fBC_WaitForSlotEvent()\fR without the -\fBCKF_DONT_BLOCK\fR flag set, \fBlibpkcs11\fR must create threads internally. -If, however, \fBCKF_LIBRARY_CANT_CREATE_OS_THREADS\fR is set, -\fBC_WaitForSlotEvent()\fR returns \fBCKR_FUNCTION_FAILED\fR. -.sp -.LP +MT-Safe with exceptions. See Section 2.5.3 of PKCS#11 Cryptographic Token Usage +Guide v2.40 and Section 5.1.5 of PKCS#11 Cryptographic Token Interface Base +Standard v2.40 +.Sh STANDARD +The PKCS#11 Standard functions conform to PKCS#11 Cryptographic Token +Interface Profiles v2.40 Extended Provider. +.Sh SEE ALSO +.Xr cryptoadm 1M , +.Xr pkgadd 1M , +.Xr Intro 3 , +.Xr syslog 3C , +.Xr SUNW_C_GetMechSession 3EXT , +.Xr attributes 5 , +.Xr pkcs11_kernel 5 , +.Xr pkcs11_softtoken 5 +.Rs +.%T "PKCS#11 Cryptographic Token Interface Base Specification v2.40 Plus Errata 01" +.%U http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/errata01/os/pkcs11-base-v2.40-errata01-os.html +.Re +.Rs +.%T "PKCS#11 Cryptographic Token Interface Profiles v2.40" +.%U http://docs.oasis-open.org/pkcs11/pkcs11-profiles/v2.40/pkcs11-profiles-v2.40.html +.Re +.Rs +.%T "PKCS#11 Cryptographic Token Interface Usage Guide v2.40" +.%U http://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/pkcs11-ug-v2.40.html +.Re +.Sh NOTES +If an application calls +.Fn C_WaitForSlotEvent +without the +.Dv CKF_DONT_BLOCK +flag set, +.Nm +must create threads internally. If, however, +.Dv CKF_LIBRARY_CANT_CREATE_OS_THREADS +is set, +.Fn C_WaitForSlotEvent +returns +.Dv CKR_FUNCTION_FAILED . +.Lp The PKCS#11 library does not work with Netscape 4.\fIx\fR but does work with more recent versions of Netscape and Mozilla. -.sp -.LP -Because \fBC_Initalize()\fR might have been called by both an application and a +.Lp +Because +.Fn C_Initalize +might have been called by both an application and a library, it is not safe for a library or its plugins to call -\fBC_Finalize()\fR. A library can be finished calling functions from -\fBlibpkcs11\fR, while an application might not. +.Fn C_Finalize . +A library can be finished calling functions from +.Nm , +while an application might not. diff --git a/usr/src/uts/common/fs/nfs/nfs4_idmap.c b/usr/src/uts/common/fs/nfs/nfs4_idmap.c index 35afec00d2..c0e2492d56 100644 --- a/usr/src/uts/common/fs/nfs/nfs4_idmap.c +++ b/usr/src/uts/common/fs/nfs/nfs4_idmap.c @@ -25,7 +25,7 @@ /* * There are well defined policies for mapping uid and gid values to and - * from utf8 strings, as specified in RFC 3530. The protocol ops that are + * from utf8 strings, as specified in RFC 7530. The protocol ops that are * most significantly affected by any changes in policy are GETATTR and * SETATTR, as these have different behavior depending on whether the id * mapping code is executing on the client or server. Thus, the following @@ -1267,12 +1267,15 @@ nfs_idmap_reclaim(void *arg) * string. If found, the corresponding mapping is returned in id_buf and * the cache entry is updated to the head of the LRU list. The computed * hash queue number, is returned in hashno. + * + * cip - cache info ptr + * u8s - utf8 string to resolve + * hashno - hash number, retval + * id_buf - if found, id for u8s */ static uint_t -nfs_idmap_cache_s2i_lkup(idmap_cache_info_t *cip, /* cache info ptr */ - utf8string *u8s, /* utf8 string to resolve */ - uint_t *hashno, /* hash number, retval */ - uid_t *id_buf) /* if found, id for u8s */ +nfs_idmap_cache_s2i_lkup(idmap_cache_info_t *cip, utf8string *u8s, + uint_t *hashno, uid_t *id_buf) { nfsidmap_t *p; nfsidmap_t *pnext; @@ -1345,13 +1348,16 @@ nfs_idmap_cache_s2i_lkup(idmap_cache_info_t *cip, /* cache info ptr */ * to do it. If NOT found, then a new entry is allocated for the specified * cache, and inserted. The hash queue number is obtained from hash_number * if the behavior is HQ_HASH_HINT, or computed otherwise. + * + * cip - cache info ptr + * id - id result from upcall + * u8s - utf8 string to resolve + * behavior - hash algorithm behavior + * hash_number - hash number iff hint */ static void -nfs_idmap_cache_s2i_insert(idmap_cache_info_t *cip, /* cache info ptr */ - uid_t id, /* id result from upcall */ - utf8string *u8s, /* utf8 string to resolve */ - hash_stat behavior, /* hash algorithm behavior */ - uint_t hash_number) /* hash number iff hint */ +nfs_idmap_cache_s2i_insert(idmap_cache_info_t *cip, uid_t id, utf8string *u8s, + hash_stat behavior, uint_t hash_number) { uint_t hashno; char *c_str; @@ -1445,12 +1451,15 @@ nfs_idmap_cache_s2i_insert(idmap_cache_info_t *cip, /* cache info ptr */ * If found, the corresponding mapping is returned in u8s and the * cache entry is updated to the head of the LRU list. The computed * hash queue number, is returned in hashno. + * + * cip - cache info ptr + * id - id to resolve + * hashno - hash number, retval + * u8s - if found, utf8 str for id */ static uint_t -nfs_idmap_cache_i2s_lkup(idmap_cache_info_t *cip, /* cache info ptr */ - uid_t id, /* id to resolve */ - uint_t *hashno, /* hash number, retval */ - utf8string *u8s) /* if found, utf8 str for id */ +nfs_idmap_cache_i2s_lkup(idmap_cache_info_t *cip, uid_t id, uint_t *hashno, + utf8string *u8s) { uint_t found_stat = 0; nfsidmap_t *p; @@ -1513,13 +1522,16 @@ nfs_idmap_cache_i2s_lkup(idmap_cache_info_t *cip, /* cache info ptr */ * do it. If NOT found, then a new entry is allocated for the specified * cache, and inserted. The hash queue number is obtained from hash_number * if the behavior is HQ_HASH_HINT, or computed otherwise. + * + * cip - cache info ptr + * id - id to resolve + * u8s - utf8 result from upcall + * behavior - has algorithm behavior + * hash_number - hash number iff hint */ static void -nfs_idmap_cache_i2s_insert(idmap_cache_info_t *cip, /* cache info ptr */ - uid_t id, /* id to resolve */ - utf8string *u8s, /* utf8 result from upcall */ - hash_stat behavior, /* has algorithm behavior */ - uint_t hash_number) /* hash number iff hint */ +nfs_idmap_cache_i2s_insert(idmap_cache_info_t *cip, uid_t id, utf8string *u8s, + hash_stat behavior, uint_t hash_number) { uint_t hashno; nfsidhq_t *hq; diff --git a/usr/src/uts/common/fs/nfs/nfs4_vnops.c b/usr/src/uts/common/fs/nfs/nfs4_vnops.c index 4c6be91e0a..941fcbe4b3 100644 --- a/usr/src/uts/common/fs/nfs/nfs4_vnops.c +++ b/usr/src/uts/common/fs/nfs/nfs4_vnops.c @@ -14006,7 +14006,7 @@ nfs4frlock_update_state(LOCK4args *lock_args, LOCKU4args *locku_args, * Clean that up here. It's unclear whether we should do * this even if the filesystem has been forcibly unmounted. * For most servers, it's probably wasted effort, but - * RFC3530 lets servers require that unlocks exactly match + * RFC 7530 lets servers require that unlocks exactly match * the locks that are held. */ if (resend_rqstp != NULL && diff --git a/usr/src/uts/common/fs/tmpfs/tmp_vnops.c b/usr/src/uts/common/fs/tmpfs/tmp_vnops.c index 9087454e32..747d280915 100644 --- a/usr/src/uts/common/fs/tmpfs/tmp_vnops.c +++ b/usr/src/uts/common/fs/tmpfs/tmp_vnops.c @@ -1134,10 +1134,8 @@ tmp_remove( rw_enter(&parent->tn_rwlock, RW_WRITER); rw_enter(&tp->tn_rwlock, RW_WRITER); - if (tp->tn_type != VDIR || - (error = secpolicy_fs_linkdir(cred, dvp->v_vfsp)) == 0) - error = tdirdelete(parent, tp, nm, tp->tn_type == VDIR ? - DR_RMDIR : DR_REMOVE, cred); + error = (tp->tn_type == VDIR) ? EPERM : + tdirdelete(parent, tp, nm, DR_REMOVE, cred); rw_exit(&tp->tn_rwlock); rw_exit(&parent->tn_rwlock); @@ -1172,8 +1170,7 @@ tmp_link( parent = (struct tmpnode *)VTOTN(dvp); from = (struct tmpnode *)VTOTN(srcvp); - if ((srcvp->v_type == VDIR && - secpolicy_fs_linkdir(cred, dvp->v_vfsp)) || + if (srcvp->v_type == VDIR || (from->tn_uid != crgetuid(cred) && secpolicy_basic_link(cred))) return (EPERM); diff --git a/usr/src/uts/common/nfs/nfs4_kprot.h b/usr/src/uts/common/nfs/nfs4_kprot.h index 30d1e438cd..e3acc9b901 100644 --- a/usr/src/uts/common/nfs/nfs4_kprot.h +++ b/usr/src/uts/common/nfs/nfs4_kprot.h @@ -269,7 +269,7 @@ typedef uint32_t aceflag4; #define ACE4_FAILED_ACCESS_ACE_FLAG 0x00000020 #define ACE4_IDENTIFIER_GROUP 0x00000040 /* - * This defines all valid flag bits, as defined by RFC 3530. If + * This defines all valid flag bits, as defined by RFC 7530. If * any additional flag bits are deemed part of the NFSv4 spec, * you must also add them to the definition below. */ @@ -304,7 +304,7 @@ typedef uint32_t acemask4; #define ACE4_GENERIC_WRITE 0x00160106 #define ACE4_GENERIC_EXECUTE 0x001200A0 /* - * This defines all valid access mask bits, as defined by RFC 3530. If + * This defines all valid access mask bits, as defined by RFC 7530. If * any additional access mask bits are deemed part of the NFSv4 spec, * you must also add them to the definition below. */ diff --git a/usr/src/uts/common/sys/crypto/common.h b/usr/src/uts/common/sys/crypto/common.h index 68283c390a..22e8e7c13f 100644 --- a/usr/src/uts/common/sys/crypto/common.h +++ b/usr/src/uts/common/sys/crypto/common.h @@ -306,22 +306,22 @@ typedef uint64_t crypto_attr_type_t; #define SUN_CKA_SUBPRIME 0x00000131 #define SUN_CKA_BASE 0x00000132 -#define CKK_EC 0x00000003 -#define CKK_GENERIC_SECRET 0x00000010 -#define CKK_RC4 0x00000012 -#define CKK_AES 0x0000001F -#define CKK_DES 0x00000013 -#define CKK_DES2 0x00000014 -#define CKK_DES3 0x00000015 - -#define CKO_PUBLIC_KEY 0x00000002 -#define CKO_PRIVATE_KEY 0x00000003 -#define CKA_CLASS 0x00000000 -#define CKA_VALUE 0x00000011 -#define CKA_KEY_TYPE 0x00000100 -#define CKA_VALUE_LEN 0x00000161 -#define CKA_EC_PARAMS 0x00000180 -#define CKA_EC_POINT 0x00000181 +#define CKK_EC 0x00000003UL +#define CKK_GENERIC_SECRET 0x00000010UL +#define CKK_RC4 0x00000012UL +#define CKK_AES 0x0000001FUL +#define CKK_DES 0x00000013UL +#define CKK_DES2 0x00000014UL +#define CKK_DES3 0x00000015UL + +#define CKO_PUBLIC_KEY 0x00000002UL +#define CKO_PRIVATE_KEY 0x00000003UL +#define CKA_CLASS 0x00000000UL +#define CKA_VALUE 0x00000011UL +#define CKA_KEY_TYPE 0x00000100UL +#define CKA_VALUE_LEN 0x00000161UL +#define CKA_EC_PARAMS 0x00000180UL +#define CKA_EC_POINT 0x00000181UL typedef uint32_t crypto_object_id_t; diff --git a/usr/src/uts/common/sys/crypto/dca.h b/usr/src/uts/common/sys/crypto/dca.h index 49157dff4b..b2117f2760 100644 --- a/usr/src/uts/common/sys/crypto/dca.h +++ b/usr/src/uts/common/sys/crypto/dca.h @@ -796,23 +796,23 @@ void dca_dprintf(dca_t *, int, const char *, ...); /* * Some pkcs#11 defines as there are no pkcs#11 header files included. */ -#define CKO_PUBLIC_KEY 0x00000002 -#define CKO_PRIVATE_KEY 0x00000003 - -#define CKA_CLASS 0x00000000 -#define CKA_VALUE 0x00000011 -#define CKA_KEY_TYPE 0x00000100 -#define CKA_MODULUS 0x00000120 -#define CKA_PUBLIC_EXPONENT 0x00000122 -#define CKA_PRIVATE_EXPONENT 0x00000123 -#define CKA_PRIME_1 0x00000124 -#define CKA_PRIME_2 0x00000125 -#define CKA_EXPONENT_1 0x00000126 -#define CKA_EXPONENT_2 0x00000127 -#define CKA_COEFFICIENT 0x00000128 -#define CKA_PRIME 0x00000130 -#define CKA_SUBPRIME 0x00000131 -#define CKA_BASE 0x00000132 +#define CKO_PUBLIC_KEY 0x00000002UL +#define CKO_PRIVATE_KEY 0x00000003UL + +#define CKA_CLASS 0x00000000UL +#define CKA_VALUE 0x00000011UL +#define CKA_KEY_TYPE 0x00000100UL +#define CKA_MODULUS 0x00000120UL +#define CKA_PUBLIC_EXPONENT 0x00000122UL +#define CKA_PRIVATE_EXPONENT 0x00000123UL +#define CKA_PRIME_1 0x00000124UL +#define CKA_PRIME_2 0x00000125UL +#define CKA_EXPONENT_1 0x00000126UL +#define CKA_EXPONENT_2 0x00000127UL +#define CKA_COEFFICIENT 0x00000128UL +#define CKA_PRIME 0x00000130UL +#define CKA_SUBPRIME 0x00000131UL +#define CKA_BASE 0x00000132UL /* * Driver globals. */ diff --git a/usr/src/uts/common/sys/crypto/ioctl.h b/usr/src/uts/common/sys/crypto/ioctl.h index 6fdc4dfe14..32dddf4394 100644 --- a/usr/src/uts/common/sys/crypto/ioctl.h +++ b/usr/src/uts/common/sys/crypto/ioctl.h @@ -45,13 +45,13 @@ extern "C" { #define MAX_NUM_THRESHOLD 7 /* the PKCS11 Mechanisms */ -#define CKM_RC4 0x00000111 -#define CKM_DES3_ECB 0x00000132 -#define CKM_DES3_CBC 0x00000133 -#define CKM_MD5 0x00000210 -#define CKM_SHA_1 0x00000220 -#define CKM_AES_ECB 0x00001081 -#define CKM_AES_CBC 0x00001082 +#define CKM_RC4 0x00000111UL +#define CKM_DES3_ECB 0x00000132UL +#define CKM_DES3_CBC 0x00000133UL +#define CKM_MD5 0x00000210UL +#define CKM_SHA_1 0x00000220UL +#define CKM_AES_ECB 0x00001081UL +#define CKM_AES_CBC 0x00001082UL /* * General Purpose Ioctls |