1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/ckfw/ck.api Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,541 @@
1.4 +#
1.5 +# This Source Code Form is subject to the terms of the Mozilla Public
1.6 +# License, v. 2.0. If a copy of the MPL was not distributed with this
1.7 +# file, You can obtain one at http://mozilla.org/MPL/2.0/.
1.8 +
1.9 +# This file is in part derived from a file "pkcs11f.h" made available
1.10 +# by RSA Security at ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/pkcs11f.h
1.11 +
1.12 +# Fields
1.13 +# FUNCTION introduces a Cryptoki function
1.14 +# CK_type specifies and introduces an argument
1.15 +#
1.16 +
1.17 +# General-purpose
1.18 +
1.19 +# C_Initialize initializes the Cryptoki library.
1.20 +FUNCTION C_Initialize
1.21 +CK_VOID_PTR pInitArgs # if this is not NULL_PTR, it gets
1.22 + # cast to CK_C_INITIALIZE_ARGS_PTR
1.23 + # and dereferenced
1.24 +
1.25 +# C_Finalize indicates that an application is done with the
1.26 +# Cryptoki library.
1.27 +FUNCTION C_Finalize
1.28 +CK_VOID_PTR pReserved # reserved. Should be NULL_PTR
1.29 +
1.30 +# C_GetInfo returns general information about Cryptoki.
1.31 +FUNCTION C_GetInfo
1.32 +CK_INFO_PTR pInfo # location that receives information
1.33 +
1.34 +# C_GetFunctionList returns the function list.
1.35 +FUNCTION C_GetFunctionList
1.36 +CK_FUNCTION_LIST_PTR_PTR ppFunctionList # receives pointer to function
1.37 + # list
1.38 +
1.39 +
1.40 +# Slot and token management
1.41 +
1.42 +# C_GetSlotList obtains a list of slots in the system.
1.43 +FUNCTION C_GetSlotList
1.44 +CK_BBOOL tokenPresent # only slots with tokens?
1.45 +CK_SLOT_ID_PTR pSlotList # receives array of slot IDs
1.46 +CK_ULONG_PTR pulCount # receives number of slots
1.47 +
1.48 +# C_GetSlotInfo obtains information about a particular slot in the
1.49 +# system.
1.50 +FUNCTION C_GetSlotInfo
1.51 +CK_SLOT_ID slotID # the ID of the slot
1.52 +CK_SLOT_INFO_PTR pInfo # receives the slot information
1.53 +
1.54 +# C_GetTokenInfo obtains information about a particular token in the
1.55 +# system.
1.56 +FUNCTION C_GetTokenInfo
1.57 +CK_SLOT_ID slotID # ID of the token's slot
1.58 +CK_TOKEN_INFO_PTR pInfo # receives the token information
1.59 +
1.60 +# C_GetMechanismList obtains a list of mechanism types supported by a
1.61 +# token.
1.62 +FUNCTION C_GetMechanismList
1.63 +CK_SLOT_ID slotID # ID of token's slot
1.64 +CK_MECHANISM_TYPE_PTR pMechanismList # gets mech. array
1.65 +CK_ULONG_PTR pulCount # gets # of mechs.
1.66 +
1.67 +# C_GetMechanismInfo obtains information about a particular mechanism
1.68 +# possibly supported by a token.
1.69 +FUNCTION C_GetMechanismInfo
1.70 +CK_SLOT_ID slotID # ID of the token's slot
1.71 +CK_MECHANISM_TYPE type # type of mechanism
1.72 +CK_MECHANISM_INFO_PTR pInfo # receives mechanism info
1.73 +
1.74 +# C_InitToken initializes a token.
1.75 +FUNCTION C_InitToken
1.76 +CK_SLOT_ID slotID # ID of the token's slot
1.77 +CK_CHAR_PTR pPin # the SO's initial PIN
1.78 +CK_ULONG ulPinLen # length in bytes of the PIN
1.79 +CK_CHAR_PTR pLabel # 32-byte token label (blank padded)
1.80 +
1.81 +# C_InitPIN initializes the normal user's PIN.
1.82 +FUNCTION C_InitPIN
1.83 +CK_SESSION_HANDLE hSession # the session's handle
1.84 +CK_CHAR_PTR pPin # the normal user's PIN
1.85 +CK_ULONG ulPinLen # length in bytes of the PIN
1.86 +
1.87 +# C_SetPIN modifies the PIN of the user who is logged in.
1.88 +FUNCTION C_SetPIN
1.89 +CK_SESSION_HANDLE hSession # the session's handle
1.90 +CK_CHAR_PTR pOldPin # the old PIN
1.91 +CK_ULONG ulOldLen # length of the old PIN
1.92 +CK_CHAR_PTR pNewPin # the new PIN
1.93 +CK_ULONG ulNewLen # length of the new PIN
1.94 +
1.95 +
1.96 +# Session management
1.97 +
1.98 +# C_OpenSession opens a session between an application and a token.
1.99 +FUNCTION C_OpenSession
1.100 +CK_SLOT_ID slotID # the slot's ID
1.101 +CK_FLAGS flags # from CK_SESSION_INFO
1.102 +CK_VOID_PTR pApplication # passed to callback
1.103 +CK_NOTIFY Notify # callback function
1.104 +CK_SESSION_HANDLE_PTR phSession # gets session handle
1.105 +
1.106 +# C_CloseSession closes a session between an application and a token.
1.107 +FUNCTION C_CloseSession
1.108 +CK_SESSION_HANDLE hSession # the session's handle
1.109 +
1.110 +# C_CloseAllSessions closes all sessions with a token.
1.111 +FUNCTION C_CloseAllSessions
1.112 +CK_SLOT_ID slotID # the token's slot
1.113 +
1.114 +# C_GetSessionInfo obtains information about the session.
1.115 +FUNCTION C_GetSessionInfo
1.116 +CK_SESSION_HANDLE hSession # the session's handle
1.117 +CK_SESSION_INFO_PTR pInfo # receives session info
1.118 +
1.119 +# C_GetOperationState obtains the state of the cryptographic
1.120 +# operation in a session.
1.121 +FUNCTION C_GetOperationState
1.122 +CK_SESSION_HANDLE hSession # session's handle
1.123 +CK_BYTE_PTR pOperationState # gets state
1.124 +CK_ULONG_PTR pulOperationStateLen # gets state length
1.125 +
1.126 +# C_SetOperationState restores the state of the cryptographic
1.127 +# operation in a session.
1.128 +FUNCTION C_SetOperationState
1.129 +CK_SESSION_HANDLE hSession # session's handle
1.130 +CK_BYTE_PTR pOperationState # holds state
1.131 +CK_ULONG ulOperationStateLen # holds state length
1.132 +CK_OBJECT_HANDLE hEncryptionKey # en/decryption key
1.133 +CK_OBJECT_HANDLE hAuthenticationKey # sign/verify key
1.134 +
1.135 +# C_Login logs a user into a token.
1.136 +FUNCTION C_Login
1.137 +CK_SESSION_HANDLE hSession # the session's handle
1.138 +CK_USER_TYPE userType # the user type
1.139 +CK_CHAR_PTR pPin # the user's PIN
1.140 +CK_ULONG ulPinLen # the length of the PIN
1.141 +
1.142 +# C_Logout logs a user out from a token.
1.143 +FUNCTION C_Logout
1.144 +CK_SESSION_HANDLE hSession # the session's handle
1.145 +
1.146 +
1.147 +# Object management
1.148 +
1.149 +# C_CreateObject creates a new object.
1.150 +FUNCTION C_CreateObject
1.151 +CK_SESSION_HANDLE hSession # the session's handle
1.152 +CK_ATTRIBUTE_PTR pTemplate # the object's template
1.153 +CK_ULONG ulCount # attributes in template
1.154 +CK_OBJECT_HANDLE_PTR phObject # gets new object's handle.
1.155 +
1.156 +# C_CopyObject copies an object, creating a new object for the copy.
1.157 +FUNCTION C_CopyObject
1.158 +CK_SESSION_HANDLE hSession # the session's handle
1.159 +CK_OBJECT_HANDLE hObject # the object's handle
1.160 +CK_ATTRIBUTE_PTR pTemplate # template for new object
1.161 +CK_ULONG ulCount # attributes in template
1.162 +CK_OBJECT_HANDLE_PTR phNewObject # receives handle of copy
1.163 +
1.164 +# C_DestroyObject destroys an object.
1.165 +FUNCTION C_DestroyObject
1.166 +CK_SESSION_HANDLE hSession # the session's handle
1.167 +CK_OBJECT_HANDLE hObject # the object's handle
1.168 +
1.169 +# C_GetObjectSize gets the size of an object in bytes.
1.170 +FUNCTION C_GetObjectSize
1.171 +CK_SESSION_HANDLE hSession # the session's handle
1.172 +CK_OBJECT_HANDLE hObject # the object's handle
1.173 +CK_ULONG_PTR pulSize # receives size of object
1.174 +
1.175 +# C_GetAttributeValue obtains the value of one or more object
1.176 +# attributes.
1.177 +FUNCTION C_GetAttributeValue
1.178 +CK_SESSION_HANDLE hSession # the session's handle
1.179 +CK_OBJECT_HANDLE hObject # the object's handle
1.180 +CK_ATTRIBUTE_PTR pTemplate # specifies attrs; gets vals
1.181 +CK_ULONG ulCount # attributes in template
1.182 +
1.183 +# C_SetAttributeValue modifies the value of one or more object
1.184 +# attributes
1.185 +FUNCTION C_SetAttributeValue
1.186 +CK_SESSION_HANDLE hSession # the session's handle
1.187 +CK_OBJECT_HANDLE hObject # the object's handle
1.188 +CK_ATTRIBUTE_PTR pTemplate # specifies attrs and values
1.189 +CK_ULONG ulCount # attributes in template
1.190 +
1.191 +# C_FindObjectsInit initializes a search for token and session
1.192 +# objects that match a template.
1.193 +FUNCTION C_FindObjectsInit
1.194 +CK_SESSION_HANDLE hSession # the session's handle
1.195 +CK_ATTRIBUTE_PTR pTemplate # attribute values to match
1.196 +CK_ULONG ulCount # attrs in search template
1.197 +
1.198 +# C_FindObjects continues a search for token and session objects that
1.199 +# match a template, obtaining additional object handles.
1.200 +FUNCTION C_FindObjects
1.201 +CK_SESSION_HANDLE hSession # session's handle
1.202 +CK_OBJECT_HANDLE_PTR phObject # gets obj. handles
1.203 +CK_ULONG ulMaxObjectCount # max handles to get
1.204 +CK_ULONG_PTR pulObjectCount # actual # returned
1.205 +
1.206 +# C_FindObjectsFinal finishes a search for token and session objects.
1.207 +FUNCTION C_FindObjectsFinal
1.208 +CK_SESSION_HANDLE hSession # the session's handle
1.209 +
1.210 +
1.211 +# Encryption and decryption
1.212 +
1.213 +# C_EncryptInit initializes an encryption operation.
1.214 +FUNCTION C_EncryptInit
1.215 +CK_SESSION_HANDLE hSession # the session's handle
1.216 +CK_MECHANISM_PTR pMechanism # the encryption mechanism
1.217 +CK_OBJECT_HANDLE hKey # handle of encryption key
1.218 +
1.219 +# C_Encrypt encrypts single-part data.
1.220 +FUNCTION C_Encrypt
1.221 +CK_SESSION_HANDLE hSession # session's handle
1.222 +CK_BYTE_PTR pData # the plaintext data
1.223 +CK_ULONG ulDataLen # bytes of plaintext
1.224 +CK_BYTE_PTR pEncryptedData # gets ciphertext
1.225 +CK_ULONG_PTR pulEncryptedDataLen # gets c-text size
1.226 +
1.227 +# C_EncryptUpdate continues a multiple-part encryption operation.
1.228 +FUNCTION C_EncryptUpdate
1.229 +CK_SESSION_HANDLE hSession # session's handle
1.230 +CK_BYTE_PTR pPart # the plaintext data
1.231 +CK_ULONG ulPartLen # plaintext data len
1.232 +CK_BYTE_PTR pEncryptedPart # gets ciphertext
1.233 +CK_ULONG_PTR pulEncryptedPartLen # gets c-text size
1.234 +
1.235 +# C_EncryptFinal finishes a multiple-part encryption operation.
1.236 +FUNCTION C_EncryptFinal
1.237 +CK_SESSION_HANDLE hSession # session handle
1.238 +CK_BYTE_PTR pLastEncryptedPart # last c-text
1.239 +CK_ULONG_PTR pulLastEncryptedPartLen # gets last size
1.240 +
1.241 +# C_DecryptInit initializes a decryption operation.
1.242 +FUNCTION C_DecryptInit
1.243 +CK_SESSION_HANDLE hSession # the session's handle
1.244 +CK_MECHANISM_PTR pMechanism # the decryption mechanism
1.245 +CK_OBJECT_HANDLE hKey # handle of decryption key
1.246 +
1.247 +# C_Decrypt decrypts encrypted data in a single part.
1.248 +FUNCTION C_Decrypt
1.249 +CK_SESSION_HANDLE hSession # session's handle
1.250 +CK_BYTE_PTR pEncryptedData # ciphertext
1.251 +CK_ULONG ulEncryptedDataLen # ciphertext length
1.252 +CK_BYTE_PTR pData # gets plaintext
1.253 +CK_ULONG_PTR pulDataLen # gets p-text size
1.254 +
1.255 +# C_DecryptUpdate continues a multiple-part decryption operation.
1.256 +FUNCTION C_DecryptUpdate
1.257 +CK_SESSION_HANDLE hSession # session's handle
1.258 +CK_BYTE_PTR pEncryptedPart # encrypted data
1.259 +CK_ULONG ulEncryptedPartLen # input length
1.260 +CK_BYTE_PTR pPart # gets plaintext
1.261 +CK_ULONG_PTR pulPartLen # p-text size
1.262 +
1.263 +# C_DecryptFinal finishes a multiple-part decryption operation.
1.264 +FUNCTION C_DecryptFinal
1.265 +CK_SESSION_HANDLE hSession # the session's handle
1.266 +CK_BYTE_PTR pLastPart # gets plaintext
1.267 +CK_ULONG_PTR pulLastPartLen # p-text size
1.268 +
1.269 +
1.270 +# Message digesting
1.271 +
1.272 +# C_DigestInit initializes a message-digesting operation.
1.273 +FUNCTION C_DigestInit
1.274 +CK_SESSION_HANDLE hSession # the session's handle
1.275 +CK_MECHANISM_PTR pMechanism # the digesting mechanism
1.276 +
1.277 +# C_Digest digests data in a single part.
1.278 +FUNCTION C_Digest
1.279 +CK_SESSION_HANDLE hSession # the session's handle
1.280 +CK_BYTE_PTR pData # data to be digested
1.281 +CK_ULONG ulDataLen # bytes of data to digest
1.282 +CK_BYTE_PTR pDigest # gets the message digest
1.283 +CK_ULONG_PTR pulDigestLen # gets digest length
1.284 +
1.285 +# C_DigestUpdate continues a multiple-part message-digesting operation.
1.286 +FUNCTION C_DigestUpdate
1.287 +CK_SESSION_HANDLE hSession # the session's handle
1.288 +CK_BYTE_PTR pPart # data to be digested
1.289 +CK_ULONG ulPartLen # bytes of data to be digested
1.290 +
1.291 +# C_DigestKey continues a multi-part message-digesting operation, by
1.292 +# digesting the value of a secret key as part of the data already
1.293 +# digested.
1.294 +FUNCTION C_DigestKey
1.295 +CK_SESSION_HANDLE hSession # the session's handle
1.296 +CK_OBJECT_HANDLE hKey # secret key to digest
1.297 +
1.298 +# C_DigestFinal finishes a multiple-part message-digesting operation.
1.299 +FUNCTION C_DigestFinal
1.300 +CK_SESSION_HANDLE hSession # the session's handle
1.301 +CK_BYTE_PTR pDigest # gets the message digest
1.302 +CK_ULONG_PTR pulDigestLen # gets byte count of digest
1.303 +
1.304 +
1.305 +# Signing and MACing
1.306 +
1.307 +# C_SignInit initializes a signature (private key encryption)
1.308 +# operation, where the signature is (will be) an appendix to the
1.309 +# data, and plaintext cannot be recovered from the signature.
1.310 +FUNCTION C_SignInit
1.311 +CK_SESSION_HANDLE hSession # the session's handle
1.312 +CK_MECHANISM_PTR pMechanism # the signature mechanism
1.313 +CK_OBJECT_HANDLE hKey # handle of signature key
1.314 +
1.315 +# C_Sign signs (encrypts with private key) data in a single part,
1.316 +# where the signature is (will be) an appendix to the data, and
1.317 +# plaintext cannot be recovered from the signature.
1.318 +FUNCTION C_Sign
1.319 +CK_SESSION_HANDLE hSession # the session's handle
1.320 +CK_BYTE_PTR pData # the data to sign
1.321 +CK_ULONG ulDataLen # count of bytes to sign
1.322 +CK_BYTE_PTR pSignature # gets the signature
1.323 +CK_ULONG_PTR pulSignatureLen # gets signature length
1.324 +
1.325 +# C_SignUpdate continues a multiple-part signature operation, where
1.326 +# the signature is (will be) an appendix to the data, and plaintext
1.327 +# cannot be recovered from the signature.
1.328 +FUNCTION C_SignUpdate
1.329 +CK_SESSION_HANDLE hSession # the session's handle
1.330 +CK_BYTE_PTR pPart # the data to sign
1.331 +CK_ULONG ulPartLen # count of bytes to sign
1.332 +
1.333 +# C_SignFinal finishes a multiple-part signature operation, returning
1.334 +# the signature.
1.335 +FUNCTION C_SignFinal
1.336 +CK_SESSION_HANDLE hSession # the session's handle
1.337 +CK_BYTE_PTR pSignature # gets the signature
1.338 +CK_ULONG_PTR pulSignatureLen # gets signature length
1.339 +
1.340 +# C_SignRecoverInit initializes a signature operation, where the data
1.341 +# can be recovered from the signature.
1.342 +FUNCTION C_SignRecoverInit
1.343 +CK_SESSION_HANDLE hSession # the session's handle
1.344 +CK_MECHANISM_PTR pMechanism # the signature mechanism
1.345 +CK_OBJECT_HANDLE hKey # handle of the signature key
1.346 +
1.347 +# C_SignRecover signs data in a single operation, where the data can
1.348 +# be recovered from the signature.
1.349 +FUNCTION C_SignRecover
1.350 +CK_SESSION_HANDLE hSession # the session's handle
1.351 +CK_BYTE_PTR pData # the data to sign
1.352 +CK_ULONG ulDataLen # count of bytes to sign
1.353 +CK_BYTE_PTR pSignature # gets the signature
1.354 +CK_ULONG_PTR pulSignatureLen # gets signature length
1.355 +
1.356 +
1.357 +# Verifying signatures and MACs
1.358 +
1.359 +# C_VerifyInit initializes a verification operation, where the
1.360 +# signature is an appendix to the data, and plaintext cannot cannot
1.361 +# be recovered from the signature (e.g. DSA).
1.362 +FUNCTION C_VerifyInit
1.363 +CK_SESSION_HANDLE hSession # the session's handle
1.364 +CK_MECHANISM_PTR pMechanism # the verification mechanism
1.365 +CK_OBJECT_HANDLE hKey # verification key
1.366 +
1.367 +# C_Verify verifies a signature in a single-part operation, where the
1.368 +# signature is an appendix to the data, and plaintext cannot be
1.369 +# recovered from the signature.
1.370 +FUNCTION C_Verify
1.371 +CK_SESSION_HANDLE hSession # the session's handle
1.372 +CK_BYTE_PTR pData # signed data
1.373 +CK_ULONG ulDataLen # length of signed data
1.374 +CK_BYTE_PTR pSignature # signature
1.375 +CK_ULONG ulSignatureLen # signature length
1.376 +
1.377 +# C_VerifyUpdate continues a multiple-part verification operation,
1.378 +# where the signature is an appendix to the data, and plaintext cannot be
1.379 +# recovered from the signature.
1.380 +FUNCTION C_VerifyUpdate
1.381 +CK_SESSION_HANDLE hSession # the session's handle
1.382 +CK_BYTE_PTR pPart # signed data
1.383 +CK_ULONG ulPartLen # length of signed data
1.384 +
1.385 +# C_VerifyFinal finishes a multiple-part verification operation,
1.386 +# checking the signature.
1.387 +FUNCTION C_VerifyFinal
1.388 +CK_SESSION_HANDLE hSession # the session's handle
1.389 +CK_BYTE_PTR pSignature # signature to verify
1.390 +CK_ULONG ulSignatureLen # signature length
1.391 +
1.392 +# C_VerifyRecoverInit initializes a signature verification operation,
1.393 +# where the data is recovered from the signature.
1.394 +FUNCTION C_VerifyRecoverInit
1.395 +CK_SESSION_HANDLE hSession # the session's handle
1.396 +CK_MECHANISM_PTR pMechanism # the verification mechanism
1.397 +CK_OBJECT_HANDLE hKey # verification key
1.398 +
1.399 +# C_VerifyRecover verifies a signature in a single-part operation,
1.400 +# where the data is recovered from the signature.
1.401 +FUNCTION C_VerifyRecover
1.402 +CK_SESSION_HANDLE hSession # the session's handle
1.403 +CK_BYTE_PTR pSignature # signature to verify
1.404 +CK_ULONG ulSignatureLen # signature length
1.405 +CK_BYTE_PTR pData # gets signed data
1.406 +CK_ULONG_PTR pulDataLen # gets signed data len
1.407 +
1.408 +
1.409 +# Dual-function cryptographic operations
1.410 +
1.411 +# C_DigestEncryptUpdate continues a multiple-part digesting and
1.412 +# encryption operation.
1.413 +FUNCTION C_DigestEncryptUpdate
1.414 +CK_SESSION_HANDLE hSession # session's handle
1.415 +CK_BYTE_PTR pPart # the plaintext data
1.416 +CK_ULONG ulPartLen # plaintext length
1.417 +CK_BYTE_PTR pEncryptedPart # gets ciphertext
1.418 +CK_ULONG_PTR pulEncryptedPartLen # gets c-text length
1.419 +
1.420 +# C_DecryptDigestUpdate continues a multiple-part decryption and
1.421 +# digesting operation.
1.422 +FUNCTION C_DecryptDigestUpdate
1.423 +CK_SESSION_HANDLE hSession # session's handle
1.424 +CK_BYTE_PTR pEncryptedPart # ciphertext
1.425 +CK_ULONG ulEncryptedPartLen # ciphertext length
1.426 +CK_BYTE_PTR pPart # gets plaintext
1.427 +CK_ULONG_PTR pulPartLen # gets plaintext len
1.428 +
1.429 +# C_SignEncryptUpdate continues a multiple-part signing and
1.430 +# encryption operation.
1.431 +FUNCTION C_SignEncryptUpdate
1.432 +CK_SESSION_HANDLE hSession # session's handle
1.433 +CK_BYTE_PTR pPart # the plaintext data
1.434 +CK_ULONG ulPartLen # plaintext length
1.435 +CK_BYTE_PTR pEncryptedPart # gets ciphertext
1.436 +CK_ULONG_PTR pulEncryptedPartLen # gets c-text length
1.437 +
1.438 +# C_DecryptVerifyUpdate continues a multiple-part decryption and
1.439 +# verify operation.
1.440 +FUNCTION C_DecryptVerifyUpdate
1.441 +CK_SESSION_HANDLE hSession # session's handle
1.442 +CK_BYTE_PTR pEncryptedPart # ciphertext
1.443 +CK_ULONG ulEncryptedPartLen # ciphertext length
1.444 +CK_BYTE_PTR pPart # gets plaintext
1.445 +CK_ULONG_PTR pulPartLen # gets p-text length
1.446 +
1.447 +
1.448 +# Key management
1.449 +
1.450 +# C_GenerateKey generates a secret key, creating a new key object.
1.451 +FUNCTION C_GenerateKey
1.452 +CK_SESSION_HANDLE hSession # the session's handle
1.453 +CK_MECHANISM_PTR pMechanism # key generation mech.
1.454 +CK_ATTRIBUTE_PTR pTemplate # template for new key
1.455 +CK_ULONG ulCount # # of attrs in template
1.456 +CK_OBJECT_HANDLE_PTR phKey # gets handle of new key
1.457 +
1.458 +# C_GenerateKeyPair generates a public-key/private-key pair, creating
1.459 +# new key objects.
1.460 +FUNCTION C_GenerateKeyPair
1.461 +CK_SESSION_HANDLE hSession # session handle
1.462 +CK_MECHANISM_PTR pMechanism # key-gen mech.
1.463 +CK_ATTRIBUTE_PTR pPublicKeyTemplate # template for pub. key
1.464 +CK_ULONG ulPublicKeyAttributeCount # # pub. attrs.
1.465 +CK_ATTRIBUTE_PTR pPrivateKeyTemplate # template for priv. key
1.466 +CK_ULONG ulPrivateKeyAttributeCount # # priv. attrs.
1.467 +CK_OBJECT_HANDLE_PTR phPublicKey # gets pub. key handle
1.468 +CK_OBJECT_HANDLE_PTR phPrivateKey # gets priv. key handle
1.469 +
1.470 +# C_WrapKey wraps (i.e., encrypts) a key.
1.471 +FUNCTION C_WrapKey
1.472 +CK_SESSION_HANDLE hSession # the session's handle
1.473 +CK_MECHANISM_PTR pMechanism # the wrapping mechanism
1.474 +CK_OBJECT_HANDLE hWrappingKey # wrapping key
1.475 +CK_OBJECT_HANDLE hKey # key to be wrapped
1.476 +CK_BYTE_PTR pWrappedKey # gets wrapped key
1.477 +CK_ULONG_PTR pulWrappedKeyLen # gets wrapped key size
1.478 +
1.479 +# C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new key
1.480 +# object.
1.481 +FUNCTION C_UnwrapKey
1.482 +CK_SESSION_HANDLE hSession # session's handle
1.483 +CK_MECHANISM_PTR pMechanism # unwrapping mech.
1.484 +CK_OBJECT_HANDLE hUnwrappingKey # unwrapping key
1.485 +CK_BYTE_PTR pWrappedKey # the wrapped key
1.486 +CK_ULONG ulWrappedKeyLen # wrapped key len
1.487 +CK_ATTRIBUTE_PTR pTemplate # new key template
1.488 +CK_ULONG ulAttributeCount # template length
1.489 +CK_OBJECT_HANDLE_PTR phKey # gets new handle
1.490 +
1.491 +# C_DeriveKey derives a key from a base key, creating a new key object.
1.492 +FUNCTION C_DeriveKey
1.493 +CK_SESSION_HANDLE hSession # session's handle
1.494 +CK_MECHANISM_PTR pMechanism # key deriv. mech.
1.495 +CK_OBJECT_HANDLE hBaseKey # base key
1.496 +CK_ATTRIBUTE_PTR pTemplate # new key template
1.497 +CK_ULONG ulAttributeCount # template length
1.498 +CK_OBJECT_HANDLE_PTR phKey # gets new handle
1.499 +
1.500 +
1.501 +# Random number generation
1.502 +
1.503 +# C_SeedRandom mixes additional seed material into the token's random
1.504 +# number generator.
1.505 +FUNCTION C_SeedRandom
1.506 +CK_SESSION_HANDLE hSession # the session's handle
1.507 +CK_BYTE_PTR pSeed # the seed material
1.508 +CK_ULONG ulSeedLen # length of seed material
1.509 +
1.510 +# C_GenerateRandom generates random data.
1.511 +FUNCTION C_GenerateRandom
1.512 +CK_SESSION_HANDLE hSession # the session's handle
1.513 +CK_BYTE_PTR RandomData # receives the random data
1.514 +CK_ULONG ulRandomLen # # of bytes to generate
1.515 +
1.516 +
1.517 +# Parallel function management
1.518 +
1.519 +# C_GetFunctionStatus is a legacy function; it obtains an updated
1.520 +# status of a function running in parallel with an application.
1.521 +FUNCTION C_GetFunctionStatus
1.522 +CK_SESSION_HANDLE hSession # the session's handle
1.523 +
1.524 +# C_CancelFunction is a legacy function; it cancels a function running
1.525 +# in parallel.
1.526 +FUNCTION C_CancelFunction
1.527 +CK_SESSION_HANDLE hSession # the session's handle
1.528 +
1.529 +
1.530 +# Functions added in for Cryptoki Version 2.01 or later
1.531 +
1.532 +# C_WaitForSlotEvent waits for a slot event (token insertion, removal,
1.533 +# etc.) to occur.
1.534 +FUNCTION C_WaitForSlotEvent
1.535 +CK_FLAGS flags # blocking/nonblocking flag
1.536 +CK_SLOT_ID_PTR pSlot # location that receives the slot ID
1.537 +CK_VOID_PTR pRserved # reserved. Should be NULL_PTR
1.538 +
1.539 +## C_ConfigureSlot passes an installation-specified bytestring to a
1.540 +## slot.
1.541 +#FUNCTION C_ConfigureSlot
1.542 +#CK_SLOT_ID slotID # the slot to configure
1.543 +#CK_BYTE_PTR pConfig # the configuration string
1.544 +#CK_ULONG ulConfigLen # length of the config string
