1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*
3  * Copyright (c) 2018-2020, Linaro Limited
4  */
5 
6 #ifndef PKCS11_H
7 #define PKCS11_H
8 
9 #ifdef __cplusplus
10 extern "C" {
11 #endif
12 
13 /*
14  * PKCS#11 Cryptoki API v2.40-errata01, See specification from:
15  * http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/errata01/os/pkcs11-base-v2.40-errata01-os-complete.html
16  */
17 #define CK_PKCS11_VERSION_MAJOR		2
18 #define CK_PKCS11_VERSION_MINOR		40
19 #define CK_PKCS11_VERSION_PATCH		1
20 
21 typedef unsigned char CK_BYTE;
22 typedef unsigned long CK_ULONG;
23 typedef long CK_LONG;
24 
25 typedef CK_BYTE CK_CHAR;
26 typedef CK_BYTE CK_UTF8CHAR;
27 
28 typedef CK_BYTE *CK_BYTE_PTR;
29 
30 typedef CK_ULONG *CK_ULONG_PTR;
31 
32 typedef CK_CHAR *CK_CHAR_PTR;
33 typedef CK_UTF8CHAR *CK_UTF8CHAR_PTR;
34 
35 typedef void *CK_VOID_PTR;
36 typedef CK_VOID_PTR *CK_VOID_PTR_PTR;
37 
38 typedef CK_BYTE CK_BBOOL;
39 
40 #define CK_TRUE			1
41 #define CK_FALSE		0
42 
43 typedef CK_ULONG CK_FLAGS;
44 
45 #define CK_UNAVAILABLE_INFORMATION	(~0UL)
46 #define CK_EFFECTIVELY_INFINITE		0UL
47 
48 typedef CK_ULONG CK_SESSION_HANDLE;
49 typedef CK_SESSION_HANDLE *CK_SESSION_HANDLE_PTR;
50 
51 typedef CK_ULONG CK_OBJECT_HANDLE;
52 typedef CK_OBJECT_HANDLE *CK_OBJECT_HANDLE_PTR;
53 
54 #define CK_INVALID_HANDLE	0
55 
56 typedef CK_ULONG CK_SLOT_ID;
57 typedef CK_SLOT_ID *CK_SLOT_ID_PTR;
58 
59 typedef struct CK_VERSION CK_VERSION;
60 typedef struct CK_VERSION *CK_VERSION_PTR;
61 
62 struct CK_VERSION {
63 	CK_BYTE		major;
64 	CK_BYTE		minor;
65 };
66 
67 typedef struct CK_DATE CK_DATE;
68 typedef struct CK_DATE *CK_DATE_PTR;
69 
70 struct CK_DATE {
71 	CK_CHAR		year[4];
72 	CK_CHAR		month[2];
73 	CK_CHAR		day[2];
74 };
75 
76 /*
77  * PKCS#11 Objects attributes
78  */
79 
80 typedef CK_ULONG CK_ATTRIBUTE_TYPE;
81 
82 typedef struct CK_ATTRIBUTE CK_ATTRIBUTE;
83 typedef struct CK_ATTRIBUTE *CK_ATTRIBUTE_PTR;
84 
85 struct CK_ATTRIBUTE {
86 	CK_ATTRIBUTE_TYPE	type;
87 	CK_VOID_PTR		pValue;
88 	CK_ULONG		ulValueLen;
89 };
90 
91 /*
92  * Values for CK_ATTRIBUTE_TYPE
93  *
94  * This does not cover the full PKCS#11 IDs.
95  */
96 #define CKF_ARRAY_ATTRIBUTE		(1U << 30)
97 #define CKA_VENDOR_DEFINED		(1U << 31)
98 #define CKA_CLASS			0x0000
99 #define CKA_TOKEN			0x0001
100 #define CKA_PRIVATE			0x0002
101 #define CKA_LABEL			0x0003
102 #define CKA_APPLICATION			0x0010
103 #define CKA_VALUE			0x0011
104 #define CKA_OBJECT_ID			0x0012
105 #define CKA_CERTIFICATE_TYPE		0x0080
106 #define CKA_ISSUER			0x0081
107 #define CKA_SERIAL_NUMBER		0x0082
108 #define CKA_AC_ISSUER			0x0083
109 #define CKA_OWNER			0x0084
110 #define CKA_ATTR_TYPES			0x0085
111 #define CKA_TRUSTED			0x0086
112 #define CKA_CERTIFICATE_CATEGORY	0x0087
113 #define CKA_JAVA_MIDP_SECURITY_DOMAIN	0x0088
114 #define CKA_URL				0x0089
115 #define CKA_HASH_OF_SUBJECT_PUBLIC_KEY	0x008a
116 #define CKA_HASH_OF_ISSUER_PUBLIC_KEY	0x008b
117 #define CKA_NAME_HASH_ALGORITHM		0x008c
118 #define CKA_CHECK_VALUE			0x0090
119 #define CKA_KEY_TYPE			0x0100
120 #define CKA_SUBJECT			0x0101
121 #define CKA_ID				0x0102
122 #define CKA_SENSITIVE			0x0103
123 #define CKA_ENCRYPT			0x0104
124 #define CKA_DECRYPT			0x0105
125 #define CKA_WRAP			0x0106
126 #define CKA_UNWRAP			0x0107
127 #define CKA_SIGN			0x0108
128 #define CKA_SIGN_RECOVER		0x0109
129 #define CKA_VERIFY			0x010a
130 #define CKA_VERIFY_RECOVER		0x010b
131 #define CKA_DERIVE			0x010c
132 #define CKA_START_DATE			0x0110
133 #define CKA_END_DATE			0x0111
134 #define CKA_MODULUS			0x0120
135 #define CKA_MODULUS_BITS		0x0121
136 #define CKA_PUBLIC_EXPONENT		0x0122
137 #define CKA_PRIVATE_EXPONENT		0x0123
138 #define CKA_PRIME_1			0x0124
139 #define CKA_PRIME_2			0x0125
140 #define CKA_EXPONENT_1			0x0126
141 #define CKA_EXPONENT_2			0x0127
142 #define CKA_COEFFICIENT			0x0128
143 #define CKA_PUBLIC_KEY_INFO		0x0129
144 #define CKA_PRIME			0x0130
145 #define CKA_SUBPRIME			0x0131
146 #define CKA_BASE			0x0132
147 #define CKA_PRIME_BITS			0x0133
148 #define CKA_SUBPRIME_BITS		0x0134
149 #define CKA_VALUE_BITS			0x0160
150 #define CKA_VALUE_LEN			0x0161
151 #define CKA_EXTRACTABLE			0x0162
152 #define CKA_LOCAL			0x0163
153 #define CKA_NEVER_EXTRACTABLE		0x0164
154 #define CKA_ALWAYS_SENSITIVE		0x0165
155 #define CKA_KEY_GEN_MECHANISM		0x0166
156 #define CKA_MODIFIABLE			0x0170
157 #define CKA_COPYABLE			0x0171
158 #define CKA_DESTROYABLE			0x0172
159 #define CKA_EC_PARAMS			0x0180
160 #define CKA_EC_POINT			0x0181
161 #define CKA_ALWAYS_AUTHENTICATE		0x0202
162 #define CKA_WRAP_WITH_TRUSTED		0x0210
163 #define CKA_WRAP_TEMPLATE		(0x0211 | CKF_ARRAY_ATTRIBUTE)
164 #define CKA_UNWRAP_TEMPLATE		(0x0212 | CKF_ARRAY_ATTRIBUTE)
165 #define CKA_DERIVE_TEMPLATE		(0x0213 | CKF_ARRAY_ATTRIBUTE)
166 #define CKA_OTP_FORMAT			0x0220
167 #define CKA_OTP_LENGTH			0x0221
168 #define CKA_OTP_TIME_INTERVAL		0x0222
169 #define CKA_OTP_USER_FRIENDLY_MODE	0x0223
170 #define CKA_OTP_CHALLENGE_REQUIREMENT	0x0224
171 #define CKA_OTP_TIME_REQUIREMENT	0x0225
172 #define CKA_OTP_COUNTER_REQUIREMENT	0x0226
173 #define CKA_OTP_PIN_REQUIREMENT		0x0227
174 #define CKA_OTP_COUNTER			0x022e
175 #define CKA_OTP_TIME			0x022f
176 #define CKA_OTP_USER_IDENTIFIER		0x022a
177 #define CKA_OTP_SERVICE_IDENTIFIER	0x022b
178 #define CKA_OTP_SERVICE_LOGO		0x022c
179 #define CKA_OTP_SERVICE_LOGO_TYPE	0x022d
180 #define CKA_GOSTR3410_PARAMS		0x0250
181 #define CKA_GOSTR3411_PARAMS		0x0251
182 #define CKA_GOST28147_PARAMS		0x0252
183 #define CKA_HW_FEATURE_TYPE		0x0300
184 #define CKA_RESET_ON_INIT		0x0301
185 #define CKA_HAS_RESET			0x0302
186 #define CKA_PIXEL_X			0x0400
187 #define CKA_PIXEL_Y			0x0401
188 #define CKA_RESOLUTION			0x0402
189 #define CKA_CHAR_ROWS			0x0403
190 #define CKA_CHAR_COLUMNS		0x0404
191 #define CKA_COLOR			0x0405
192 #define CKA_BITS_PER_PIXEL		0x0406
193 #define CKA_CHAR_SETS			0x0480
194 #define CKA_ENCODING_METHODS		0x0481
195 #define CKA_MIME_TYPES			0x0482
196 #define CKA_MECHANISM_TYPE		0x0500
197 #define CKA_REQUIRED_CMS_ATTRIBUTES	0x0501
198 #define CKA_DEFAULT_CMS_ATTRIBUTES	0x0502
199 #define CKA_SUPPORTED_CMS_ATTRIBUTES	0x0503
200 #define CKA_ALLOWED_MECHANISMS		(0x0600 | CKF_ARRAY_ATTRIBUTE)
201 
202 /* Attribute CKA_CLASS refers to a CK_OBJECT_CLASS typed value */
203 typedef CK_ULONG CK_OBJECT_CLASS;
204 typedef CK_OBJECT_CLASS *CK_OBJECT_CLASS_PTR;
205 
206 /* Values for type CK_OBJECT_CLASS */
207 #define CKO_VENDOR_DEFINED		(1U << 31)
208 #define CKO_DATA			0x0
209 #define CKO_CERTIFICATE			0x1
210 #define CKO_PUBLIC_KEY			0x2
211 #define CKO_PRIVATE_KEY			0x3
212 #define CKO_SECRET_KEY			0x4
213 #define CKO_HW_FEATURE			0x5
214 #define CKO_DOMAIN_PARAMETERS		0x6
215 #define CKO_MECHANISM			0x7
216 #define CKO_OTP_KEY			0x8
217 
218 /* Attribute CKA_KEY_TYPE refers to a CK_KEY_TYPE typed value */
219 typedef CK_ULONG CK_KEY_TYPE;
220 typedef CK_KEY_TYPE *CK_KEY_TYPE_PTR;
221 
222 /*
223  * Values for type CK_KEY_TYPE
224  *
225  * This does not cover the full PKCS#11 IDs.
226  */
227 #define CKK_VENDOR_DEFINED		(1U << 31)
228 #define CKK_RSA				0x000
229 #define CKK_DSA				0x001
230 #define CKK_DH				0x002
231 #define CKK_ECDSA			0x003
232 #define CKK_EC				0x003
233 #define CKK_GENERIC_SECRET		0x010
234 #define CKK_DES3			0x015
235 #define CKK_AES				0x01f
236 #define CKK_HOTP			0x023
237 #define CKK_MD5_HMAC			0x027
238 #define CKK_SHA_1_HMAC			0x028
239 #define CKK_SHA256_HMAC			0x02b
240 #define CKK_SHA384_HMAC			0x02c
241 #define CKK_SHA512_HMAC			0x02d
242 #define CKK_SHA224_HMAC			0x02e
243 #define CKK_EC_EDWARDS			0x040 /* PKCS#11 v3.1-cs01 */
244 
245 /*
246  * Certificates
247  */
248 typedef CK_ULONG CK_CERTIFICATE_TYPE;
249 typedef CK_ULONG CK_CERTIFICATE_CATEGORY;
250 
251 /*
252  * Valid values for attribute CKA_CERTIFICATE_TYPE
253  */
254 #define CKC_X_509			0x00000000UL
255 #define CKC_X_509_ATTR_CERT		0x00000001UL
256 #define CKC_WTLS			0x00000002UL
257 
258 /*
259  * Valid values for attribute CKA_CERTIFICATE_CATEGORY
260  */
261 #define CK_CERTIFICATE_CATEGORY_UNSPECIFIED	0UL
262 #define CK_CERTIFICATE_CATEGORY_TOKEN_USER	1UL
263 #define CK_CERTIFICATE_CATEGORY_AUTHORITY	2UL
264 #define CK_CERTIFICATE_CATEGORY_OTHER_ENTITY	3UL
265 
266 /*
267  * Mechanisms
268  *
269  * Note: a mechanism can be referenced as object reference in some PKCS#11 API
270  * functions. In such case, the object hold attribute CKA_MECHANISM_TYPE which
271  * refers to a CK_MECHANISM_TYPE typed value that defines the target mechanism.
272  */
273 
274 typedef CK_ULONG CK_MECHANISM_TYPE;
275 typedef CK_MECHANISM_TYPE *CK_MECHANISM_TYPE_PTR;
276 
277 /*
278  * Values for type CK_MECHANISM_TYPE
279  *
280  * This does not cover the full PKCS#11 IDs.
281  */
282 #define CKM_VENDOR_DEFINED		(1U << 31)
283 #define CKM_RSA_PKCS_KEY_PAIR_GEN	0x00000
284 #define CKM_RSA_PKCS			0x00001
285 #define CKM_RSA_9796			0x00002
286 #define CKM_RSA_X_509			0x00003
287 #define CKM_MD5_RSA_PKCS		0x00005
288 #define CKM_SHA1_RSA_PKCS		0x00006
289 #define CKM_RSA_PKCS_OAEP		0x00009
290 #define CKM_RSA_PKCS_PSS		0x0000d
291 #define CKM_SHA1_RSA_PKCS_PSS		0x0000e
292 #define CKM_SHA256_RSA_PKCS		0x00040
293 #define CKM_SHA384_RSA_PKCS		0x00041
294 #define CKM_SHA512_RSA_PKCS		0x00042
295 #define CKM_SHA256_RSA_PKCS_PSS		0x00043
296 #define CKM_SHA384_RSA_PKCS_PSS		0x00044
297 #define CKM_SHA512_RSA_PKCS_PSS		0x00045
298 #define CKM_SHA224_RSA_PKCS		0x00046
299 #define CKM_SHA224_RSA_PKCS_PSS		0x00047
300 #define CKM_SHA512_224			0x00048
301 #define CKM_SHA512_224_HMAC		0x00049
302 #define CKM_SHA512_224_HMAC_GENERAL	0x0004a
303 #define CKM_SHA512_224_KEY_DERIVATION	0x0004b
304 #define CKM_SHA512_256			0x0004c
305 #define CKM_SHA512_256_HMAC		0x0004d
306 #define CKM_SHA512_256_HMAC_GENERAL	0x0004e
307 #define CKM_SHA512_256_KEY_DERIVATION	0x0004f
308 #define CKM_DES3_ECB			0x00132
309 #define CKM_DES3_CBC			0x00133
310 #define CKM_DES3_MAC			0x00134
311 #define CKM_DES3_MAC_GENERAL		0x00135
312 #define CKM_DES3_CBC_PAD		0x00136
313 #define CKM_DES3_CMAC_GENERAL		0x00137
314 #define CKM_DES3_CMAC			0x00138
315 #define CKM_MD5				0x00210
316 #define CKM_MD5_HMAC			0x00211
317 #define CKM_MD5_HMAC_GENERAL		0x00212
318 #define CKM_SHA_1			0x00220
319 #define CKM_SHA_1_HMAC			0x00221
320 #define CKM_SHA_1_HMAC_GENERAL		0x00222
321 #define CKM_SHA256			0x00250
322 #define CKM_SHA256_HMAC			0x00251
323 #define CKM_SHA256_HMAC_GENERAL		0x00252
324 #define CKM_SHA224			0x00255
325 #define CKM_SHA224_HMAC			0x00256
326 #define CKM_SHA224_HMAC_GENERAL		0x00257
327 #define CKM_SHA384			0x00260
328 #define CKM_SHA384_HMAC			0x00261
329 #define CKM_SHA384_HMAC_GENERAL		0x00262
330 #define CKM_SHA512			0x00270
331 #define CKM_SHA512_HMAC			0x00271
332 #define CKM_SHA512_HMAC_GENERAL		0x00272
333 #define CKM_HOTP_KEY_GEN		0x00290
334 #define CKM_HOTP			0x00291
335 #define CKM_GENERIC_SECRET_KEY_GEN	0x00350
336 #define CKM_MD5_KEY_DERIVATION		0x00390
337 #define CKM_MD2_KEY_DERIVATION		0x00391
338 #define CKM_SHA1_KEY_DERIVATION		0x00392
339 #define CKM_SHA256_KEY_DERIVATION	0x00393
340 #define CKM_SHA384_KEY_DERIVATION	0x00394
341 #define CKM_SHA512_KEY_DERIVATION	0x00395
342 #define CKM_SHA224_KEY_DERIVATION	0x00396
343 #define CKM_EC_KEY_PAIR_GEN		0x01040
344 #define CKM_ECDSA			0x01041
345 #define CKM_ECDSA_SHA1			0x01042
346 #define CKM_ECDSA_SHA224		0x01043
347 #define CKM_ECDSA_SHA256		0x01044
348 #define CKM_ECDSA_SHA384		0x01045
349 #define CKM_ECDSA_SHA512		0x01046
350 #define CKM_ECDH1_DERIVE		0x01050
351 #define CKM_ECDH1_COFACTOR_DERIVE	0x01051
352 #define CKM_ECMQV_DERIVE		0x01052
353 #define CKM_ECDH_AES_KEY_WRAP		0x01053
354 #define CKM_RSA_AES_KEY_WRAP		0x01054
355 #define CKM_EC_EDWARDS_KEY_PAIR_GEN	0x01055
356 #define CKM_EDDSA			0x01057
357 #define CKM_AES_KEY_GEN			0x01080
358 #define CKM_AES_ECB			0x01081
359 #define CKM_AES_CBC			0x01082
360 #define CKM_AES_MAC			0x01083
361 #define CKM_AES_MAC_GENERAL		0x01084
362 #define CKM_AES_CBC_PAD			0x01085
363 #define CKM_AES_CTR			0x01086
364 #define CKM_AES_GCM			0x01087
365 #define CKM_AES_CCM			0x01088
366 #define CKM_AES_CTS			0x01089
367 #define CKM_AES_CMAC			0x0108a
368 #define CKM_AES_CMAC_GENERAL		0x0108b
369 #define CKM_AES_XCBC_MAC		0x0108c
370 #define CKM_AES_XCBC_MAC_96		0x0108d
371 #define CKM_AES_GMAC			0x0108e
372 #define CKM_DES3_ECB_ENCRYPT_DATA	0x01102
373 #define CKM_DES3_CBC_ENCRYPT_DATA	0x01103
374 #define CKM_AES_ECB_ENCRYPT_DATA	0x01104
375 #define CKM_AES_CBC_ENCRYPT_DATA	0x01105
376 #define CKM_AES_KEY_WRAP		0x02109
377 #define CKM_AES_KEY_WRAP_PAD		0x0210a
378 
379 typedef struct CK_MECHANISM_INFO CK_MECHANISM_INFO;
380 typedef struct CK_MECHANISM_INFO *CK_MECHANISM_INFO_PTR;
381 
382 struct CK_MECHANISM_INFO {
383 	CK_ULONG		ulMinKeySize;
384 	CK_ULONG		ulMaxKeySize;
385 	CK_FLAGS		flags;
386 };
387 
388 /* Flags for field flags of struct ck_mechanism_info */
389 #define CKF_HW				(1U << 0)
390 #define CKF_ENCRYPT			(1U << 8)
391 #define CKF_DECRYPT			(1U << 9)
392 #define CKF_DIGEST			(1U << 10)
393 #define CKF_SIGN			(1U << 11)
394 #define CKF_SIGN_RECOVER		(1U << 12)
395 #define CKF_VERIFY			(1U << 13)
396 #define CKF_VERIFY_RECOVER		(1U << 14)
397 #define CKF_GENERATE			(1U << 15)
398 #define CKF_GENERATE_KEY_PAIR		(1U << 16)
399 #define CKF_WRAP			(1U << 17)
400 #define CKF_UNWRAP			(1U << 18)
401 #define CKF_DERIVE			(1U << 19)
402 #define CKF_EC_F_P			(1U << 20)
403 #define CKF_EC_F_2M			(1U << 21)
404 #define CKF_EC_ECPARAMETERS		(1U << 22)
405 #define CKF_EC_NAMEDCURVE		(1U << 23)
406 #define CKF_EC_UNCOMPRESS		(1U << 24)
407 #define CKF_EC_COMPRESS			(1U << 25)
408 #define CKF_EXTENSION			(1U << 31)
409 
410 /*
411  * Mechanism parameter structures
412  *
413  * This does not cover the whole mechanism parameter structures defined by
414  * the PKCS#11. To be updated when needed.
415  */
416 
417 typedef struct CK_MECHANISM CK_MECHANISM;
418 typedef struct CK_MECHANISM *CK_MECHANISM_PTR;
419 
420 struct CK_MECHANISM {
421 	CK_MECHANISM_TYPE	mechanism;
422 	CK_VOID_PTR		pParameter;
423 	CK_ULONG		ulParameterLen;
424 };
425 
426 typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE;
427 
428 /* Values for type CK_RSA_PKCS_MGF_TYPE */
429 #define CKG_MGF1_SHA1		0x0001UL
430 #define CKG_MGF1_SHA224		0x0005UL
431 #define CKG_MGF1_SHA256		0x0002UL
432 #define CKG_MGF1_SHA384		0x0003UL
433 #define CKG_MGF1_SHA512		0x0004UL
434 
435 typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE;
436 
437 /* Values for type CK_RSA_PKCS_OAEP_SOURCE_TYPE */
438 #define CKZ_DATA_SPECIFIED	0x0001UL
439 
440 /* MAC General parameters */
441 typedef CK_ULONG CK_MAC_GENERAL_PARAMS;
442 typedef CK_MAC_GENERAL_PARAMS *CK_MAC_GENERAL_PARAMS_PTR;
443 
444 /*
445  * CK_EC_KDF_TYPE is used to indicate the Key Derivation Function (KDF) applied
446  * to derive keying data from a shared secret.
447  */
448 typedef CK_ULONG CK_EC_KDF_TYPE;
449 
450 /*
451  * Elliptic curve Diffie-Hellman key derivation
452  * Elliptic curve Diffie-Hellman cofactor key derivation parameters
453  */
454 typedef struct CK_ECDH1_DERIVE_PARAMS CK_ECDH1_DERIVE_PARAMS;
455 typedef struct CK_ECDH1_DERIVE_PARAMS *CK_ECDH1_DERIVE_PARAMS_PTR;
456 
457 struct CK_ECDH1_DERIVE_PARAMS {
458 	CK_EC_KDF_TYPE		kdf;
459 	CK_ULONG		ulSharedDataLen;
460 	CK_BYTE_PTR		pSharedData;
461 	CK_ULONG		ulPublicDataLen;
462 	CK_BYTE_PTR		pPublicData;
463 };
464 
465 /* AES CBC encryption parameters */
466 typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS CK_AES_CBC_ENCRYPT_DATA_PARAMS;
467 typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS
468 					*CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR;
469 
470 struct CK_AES_CBC_ENCRYPT_DATA_PARAMS {
471 	CK_BYTE			iv[16];
472 	CK_BYTE_PTR		pData;
473 	CK_ULONG		length;
474 };
475 
476 /* AES CTR parameters */
477 typedef struct CK_AES_CTR_PARAMS CK_AES_CTR_PARAMS;
478 typedef struct CK_AES_CTR_PARAMS *CK_AES_CTR_PARAMS_PTR;
479 
480 struct CK_AES_CTR_PARAMS {
481 	CK_ULONG		ulCounterBits;
482 	CK_BYTE			cb[16];
483 };
484 
485 /* AES GCM parameters */
486 typedef struct CK_GCM_PARAMS CK_GCM_PARAMS;
487 typedef struct CK_GCM_PARAMS *CK_GCM_PARAMS_PTR;
488 
489 struct CK_GCM_PARAMS {
490 	CK_BYTE_PTR		pIv;
491 	CK_ULONG		ulIvLen;
492 	CK_ULONG		ulIvBits;
493 	CK_BYTE_PTR		pAAD;
494 	CK_ULONG		ulAADLen;
495 	CK_ULONG		ulTagBits;
496 };
497 
498 /* EdDSA (RFC 8032) */
499 typedef struct CK_EDDSA_PARAMS {
500 	CK_BYTE phFlag;
501 	CK_ULONG ulContextDataLen;
502 	CK_BYTE_PTR pContextData;
503 } CK_EDDSA_PARAMS;
504 
505 typedef CK_EDDSA_PARAMS *CK_EDDSA_PARAMS_PTR;
506 
507 /* AES CCM parameters */
508 typedef struct CK_CCM_PARAMS CK_CCM_PARAMS;
509 typedef struct CK_CCM_PARAMS *CK_CCM_PARAMS_PTR;
510 
511 struct CK_CCM_PARAMS {
512 	CK_ULONG		ulDataLen;
513 	CK_BYTE_PTR		pNonce;
514 	CK_ULONG		ulNonceLen;
515 	CK_BYTE_PTR		pAAD;
516 	CK_ULONG		ulAADLen;
517 	CK_ULONG		ulMACLen;
518 };
519 
520 typedef struct CK_KEY_DERIVATION_STRING_DATA CK_KEY_DERIVATION_STRING_DATA;
521 typedef struct CK_KEY_DERIVATION_STRING_DATA
522 					*CK_KEY_DERIVATION_STRING_DATA_PTR;
523 
524 struct CK_KEY_DERIVATION_STRING_DATA {
525 	CK_BYTE_PTR pData;
526 	CK_ULONG    ulLen;
527 };
528 
529 /* Parameters for CKM_RSA_PKCS_PSS */
530 typedef struct CK_RSA_PKCS_PSS_PARAMS CK_RSA_PKCS_PSS_PARAMS;
531 typedef struct CK_RSA_PKCS_PSS_PARAMS *CK_RSA_PKCS_PSS_PARAMS_PTR;
532 
533 struct CK_RSA_PKCS_PSS_PARAMS {
534 	CK_MECHANISM_TYPE	hashAlg;
535 	CK_RSA_PKCS_MGF_TYPE	mgf;
536 	CK_ULONG		sLen;
537 };
538 
539 /* Parameters for CKM_RSA_PKCS_OAEP */
540 typedef struct CK_RSA_PKCS_OAEP_PARAMS CK_RSA_PKCS_OAEP_PARAMS;
541 typedef struct CK_RSA_PKCS_OAEP_PARAMS *CK_RSA_PKCS_OAEP_PARAMS_PTR;
542 
543 struct CK_RSA_PKCS_OAEP_PARAMS {
544 	CK_MECHANISM_TYPE	hashAlg;
545 	CK_RSA_PKCS_MGF_TYPE	mgf;
546 	CK_RSA_PKCS_OAEP_SOURCE_TYPE source;
547 	CK_VOID_PTR		pSourceData;
548 	CK_ULONG		ulSourceDataLen;
549 };
550 
551 typedef struct CK_RSA_AES_KEY_WRAP_PARAMS {
552 	CK_ULONG ulAESKeyBits;
553 	CK_RSA_PKCS_OAEP_PARAMS_PTR pOAEPParams;
554 } CK_RSA_AES_KEY_WRAP_PARAMS;
555 
556 typedef CK_RSA_AES_KEY_WRAP_PARAMS *CK_RSA_AES_KEY_WRAP_PARAMS_PTR;
557 
558 /*
559  * PKCS#11 return values
560  */
561 typedef CK_ULONG CK_RV;
562 
563 /* Values for type CK_RV */
564 #define CKR_VENDOR_DEFINED			(1U << 31)
565 #define CKR_OK					0x0000
566 #define CKR_CANCEL				0x0001
567 #define CKR_HOST_MEMORY				0x0002
568 #define CKR_SLOT_ID_INVALID			0x0003
569 #define CKR_GENERAL_ERROR			0x0005
570 #define CKR_FUNCTION_FAILED			0x0006
571 #define CKR_ARGUMENTS_BAD			0x0007
572 #define CKR_NO_EVENT				0x0008
573 #define CKR_NEED_TO_CREATE_THREADS		0x0009
574 #define CKR_CANT_LOCK				0x000a
575 #define CKR_ATTRIBUTE_READ_ONLY			0x0010
576 #define CKR_ATTRIBUTE_SENSITIVE			0x0011
577 #define CKR_ATTRIBUTE_TYPE_INVALID		0x0012
578 #define CKR_ATTRIBUTE_VALUE_INVALID		0x0013
579 #define CKR_ACTION_PROHIBITED			0x001b
580 #define CKR_DATA_INVALID			0x0020
581 #define CKR_DATA_LEN_RANGE			0x0021
582 #define CKR_DEVICE_ERROR			0x0030
583 #define CKR_DEVICE_MEMORY			0x0031
584 #define CKR_DEVICE_REMOVED			0x0032
585 #define CKR_ENCRYPTED_DATA_INVALID		0x0040
586 #define CKR_ENCRYPTED_DATA_LEN_RANGE		0x0041
587 #define CKR_FUNCTION_CANCELED			0x0050
588 #define CKR_FUNCTION_NOT_PARALLEL		0x0051
589 #define CKR_FUNCTION_NOT_SUPPORTED		0x0054
590 #define CKR_KEY_HANDLE_INVALID			0x0060
591 #define CKR_KEY_SIZE_RANGE			0x0062
592 #define CKR_KEY_TYPE_INCONSISTENT		0x0063
593 #define CKR_KEY_NOT_NEEDED			0x0064
594 #define CKR_KEY_CHANGED				0x0065
595 #define CKR_KEY_NEEDED				0x0066
596 #define CKR_KEY_INDIGESTIBLE			0x0067
597 #define CKR_KEY_FUNCTION_NOT_PERMITTED		0x0068
598 #define CKR_KEY_NOT_WRAPPABLE			0x0069
599 #define CKR_KEY_UNEXTRACTABLE			0x006a
600 #define CKR_MECHANISM_INVALID			0x0070
601 #define CKR_MECHANISM_PARAM_INVALID		0x0071
602 #define CKR_OBJECT_HANDLE_INVALID		0x0082
603 #define CKR_OPERATION_ACTIVE			0x0090
604 #define CKR_OPERATION_NOT_INITIALIZED		0x0091
605 #define CKR_PIN_INCORRECT			0x00a0
606 #define CKR_PIN_INVALID				0x00a1
607 #define CKR_PIN_LEN_RANGE			0x00a2
608 #define CKR_PIN_EXPIRED				0x00a3
609 #define CKR_PIN_LOCKED				0x00a4
610 #define CKR_SESSION_CLOSED			0x00b0
611 #define CKR_SESSION_COUNT			0x00b1
612 #define CKR_SESSION_HANDLE_INVALID		0x00b3
613 #define CKR_SESSION_PARALLEL_NOT_SUPPORTED	0x00b4
614 #define CKR_SESSION_READ_ONLY			0x00b5
615 #define CKR_SESSION_EXISTS			0x00b6
616 #define CKR_SESSION_READ_ONLY_EXISTS		0x00b7
617 #define CKR_SESSION_READ_WRITE_SO_EXISTS	0x00b8
618 #define CKR_SIGNATURE_INVALID			0x00c0
619 #define CKR_SIGNATURE_LEN_RANGE			0x00c1
620 #define CKR_TEMPLATE_INCOMPLETE			0x00d0
621 #define CKR_TEMPLATE_INCONSISTENT		0x00d1
622 #define CKR_TOKEN_NOT_PRESENT			0x00e0
623 #define CKR_TOKEN_NOT_RECOGNIZED		0x00e1
624 #define CKR_TOKEN_WRITE_PROTECTED		0x00e2
625 #define CKR_UNWRAPPING_KEY_HANDLE_INVALID	0x00f0
626 #define CKR_UNWRAPPING_KEY_SIZE_RANGE		0x00f1
627 #define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT	0x00f2
628 #define CKR_USER_ALREADY_LOGGED_IN		0x0100
629 #define CKR_USER_NOT_LOGGED_IN			0x0101
630 #define CKR_USER_PIN_NOT_INITIALIZED		0x0102
631 #define CKR_USER_TYPE_INVALID			0x0103
632 #define CKR_USER_ANOTHER_ALREADY_LOGGED_IN	0x0104
633 #define CKR_USER_TOO_MANY_TYPES			0x0105
634 #define CKR_WRAPPED_KEY_INVALID			0x0110
635 #define CKR_WRAPPED_KEY_LEN_RANGE		0x0112
636 #define CKR_WRAPPING_KEY_HANDLE_INVALID		0x0113
637 #define CKR_WRAPPING_KEY_SIZE_RANGE		0x0114
638 #define CKR_WRAPPING_KEY_TYPE_INCONSISTENT	0x0115
639 #define CKR_RANDOM_SEED_NOT_SUPPORTED		0x0120
640 #define CKR_RANDOM_NO_RNG			0x0121
641 #define CKR_DOMAIN_PARAMS_INVALID		0x0130
642 #define CKR_CURVE_NOT_SUPPORTED			0x0140
643 #define CKR_BUFFER_TOO_SMALL			0x0150
644 #define CKR_SAVED_STATE_INVALID			0x0160
645 #define CKR_INFORMATION_SENSITIVE		0x0170
646 #define CKR_STATE_UNSAVEABLE			0x0180
647 #define CKR_CRYPTOKI_NOT_INITIALIZED		0x0190
648 #define CKR_CRYPTOKI_ALREADY_INITIALIZED	0x0191
649 #define CKR_MUTEX_BAD				0x01a0
650 #define CKR_MUTEX_NOT_LOCKED			0x01a1
651 #define CKR_NEW_PIN_MODE			0x01b0
652 #define CKR_NEXT_OTP				0x01b1
653 #define CKR_EXCEEDED_MAX_ITERATIONS		0x01b5
654 #define CKR_FIPS_SELF_TEST_FAILED		0x01b6
655 #define CKR_LIBRARY_LOAD_FAILED			0x01b7
656 #define CKR_PIN_TOO_WEAK			0x01b8
657 #define CKR_PUBLIC_KEY_INVALID			0x01b9
658 #define CKR_FUNCTION_REJECTED			0x0200
659 
660 /*
661  * PKCS#11 API functions
662  */
663 
664 /* Argument for C_GetInfo */
665 typedef struct CK_INFO CK_INFO;
666 typedef struct CK_INFO *CK_INFO_PTR;
667 
668 struct CK_INFO {
669 	CK_VERSION	cryptokiVersion;
670 	CK_UTF8CHAR	manufacturerID[32];
671 	CK_FLAGS	flags;
672 	CK_UTF8CHAR	libraryDescription[32];
673 	CK_VERSION	libraryVersion;
674 };
675 
676 /* Argument for C_GetSlotInfo */
677 typedef struct CK_SLOT_INFO CK_SLOT_INFO;
678 typedef struct CK_SLOT_INFO *CK_SLOT_INFO_PTR;
679 
680 struct CK_SLOT_INFO {
681 	CK_UTF8CHAR	slotDescription[64];
682 	CK_UTF8CHAR	manufacturerID[32];
683 	CK_FLAGS	flags;
684 	CK_VERSION	hardwareVersion;
685 	CK_VERSION	firmwareVersion;
686 };
687 
688 /* Values for field flags of struct ck_slot_info */
689 #define CKF_TOKEN_PRESENT	(1U << 0)
690 #define CKF_REMOVABLE_DEVICE	(1U << 1)
691 #define CKF_HW_SLOT		(1U << 2)
692 
693 /* Argument for C_GetTokenInfo */
694 typedef struct CK_TOKEN_INFO CK_TOKEN_INFO;
695 typedef struct CK_TOKEN_INFO *CK_TOKEN_INFO_PTR;
696 
697 struct CK_TOKEN_INFO {
698 	CK_UTF8CHAR	label[32];
699 	CK_UTF8CHAR	manufacturerID[32];
700 	CK_UTF8CHAR	model[16];
701 	CK_CHAR		serialNumber[16];
702 	CK_FLAGS	flags;
703 	CK_ULONG	ulMaxSessionCount;
704 	CK_ULONG	ulSessionCount;
705 	CK_ULONG	ulMaxRwSessionCount;
706 	CK_ULONG	ulRwSessionCount;
707 	CK_ULONG	ulMaxPinLen;
708 	CK_ULONG	ulMinPinLen;
709 	CK_ULONG	ulTotalPublicMemory;
710 	CK_ULONG	ulFreePublicMemory;
711 	CK_ULONG	ulTotalPrivateMemory;
712 	CK_ULONG	ulFreePrivateMemory;
713 	CK_VERSION	hardwareVersion;
714 	CK_VERSION	firmwareVersion;
715 	CK_CHAR		utcTime[16];
716 };
717 
718 /* Values for field flags of struct ck_token_info */
719 #define CKF_RNG					(1U << 0)
720 #define CKF_WRITE_PROTECTED			(1U << 1)
721 #define CKF_LOGIN_REQUIRED			(1U << 2)
722 #define CKF_USER_PIN_INITIALIZED		(1U << 3)
723 #define CKF_RESTORE_KEY_NOT_NEEDED		(1U << 5)
724 #define CKF_CLOCK_ON_TOKEN			(1U << 6)
725 #define CKF_PROTECTED_AUTHENTICATION_PATH	(1U << 8)
726 #define CKF_DUAL_CRYPTO_OPERATIONS		(1U << 9)
727 #define CKF_TOKEN_INITIALIZED			(1U << 10)
728 #define CKF_SECONDARY_AUTHENTICATION		(1U << 11)
729 #define CKF_USER_PIN_COUNT_LOW			(1U << 16)
730 #define CKF_USER_PIN_FINAL_TRY			(1U << 17)
731 #define CKF_USER_PIN_LOCKED			(1U << 18)
732 #define CKF_USER_PIN_TO_BE_CHANGED		(1U << 19)
733 #define CKF_SO_PIN_COUNT_LOW			(1U << 20)
734 #define CKF_SO_PIN_FINAL_TRY			(1U << 21)
735 #define CKF_SO_PIN_LOCKED			(1U << 22)
736 #define CKF_SO_PIN_TO_BE_CHANGED		(1U << 23)
737 #define CKF_ERROR_STATE				(1U << 24)
738 
739 /* Argument for C_GetSessionInfo */
740 typedef struct CK_SESSION_INFO CK_SESSION_INFO;
741 typedef struct CK_SESSION_INFO *CK_SESSION_INFO_PTR;
742 
743 typedef CK_ULONG CK_STATE;
744 
745 /* Values for CK_STATE */
746 #define CKS_RO_PUBLIC_SESSION		0
747 #define CKS_RO_USER_FUNCTIONS		1
748 #define CKS_RW_PUBLIC_SESSION		2
749 #define CKS_RW_USER_FUNCTIONS		3
750 #define CKS_RW_SO_FUNCTIONS		4
751 
752 struct CK_SESSION_INFO {
753 	CK_SLOT_ID	slotID;
754 	CK_STATE	state;
755 	CK_FLAGS	flags;
756 	CK_ULONG	ulDeviceError;
757 };
758 
759 /* Values for field flags of struct ck_session_info */
760 #define CKF_RW_SESSION			(1U << 1)
761 #define CKF_SERIAL_SESSION		(1U << 2)
762 
763 /* Argument for C_Login */
764 typedef CK_ULONG CK_USER_TYPE;
765 
766 /* Values for CK_USER_TYPE */
767 #define CKU_SO				0
768 #define CKU_USER			1
769 #define CKU_CONTEXT_SPECIFIC		2
770 
771 /* Values for argument flags of C_WaitForSlotEvent */
772 #define CKF_DONT_BLOCK			1
773 
774 /* Argument for CK_NOTIFY typed callback function */
775 typedef CK_ULONG CK_NOTIFICATION;
776 
777 /* Values for CK_NOTIFICATION */
778 #define CKN_SURRENDER			0
779 #define CKN_OTP_CHANGED			1
780 
781 /* Callback handler types */
782 typedef CK_RV (*CK_NOTIFY) (CK_SESSION_HANDLE hSession, CK_NOTIFICATION event,
783 			    CK_VOID_PTR pApplication);
784 typedef CK_RV (*CK_CREATEMUTEX) (CK_VOID_PTR_PTR ppMutex);
785 typedef CK_RV (*CK_DESTROYMUTEX) (CK_VOID_PTR pMutex);
786 typedef CK_RV (*CK_LOCKMUTEX) (CK_VOID_PTR pMutex);
787 typedef CK_RV (*CK_UNLOCKMUTEX) (CK_VOID_PTR pMutex);
788 
789 /* Argument for C_GetFunctionList */
790 typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST;
791 typedef struct CK_FUNCTION_LIST *CK_FUNCTION_LIST_PTR;
792 typedef struct CK_FUNCTION_LIST **CK_FUNCTION_LIST_PTR_PTR;
793 
794 struct CK_FUNCTION_LIST {
795 	CK_VERSION version;
796 	CK_RV (*C_Initialize)(CK_VOID_PTR pInitArgs);
797 	CK_RV (*C_Finalize)(CK_VOID_PTR pReserved);
798 	CK_RV (*C_GetInfo)(CK_INFO_PTR pInfo);
799 	CK_RV (*C_GetFunctionList)(CK_FUNCTION_LIST_PTR_PTR ppFunctionList);
800 	CK_RV (*C_GetSlotList)(CK_BBOOL tokenPresent,
801 			       CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount);
802 	CK_RV (*C_GetSlotInfo)(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo);
803 	CK_RV (*C_GetTokenInfo)(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo);
804 	CK_RV (*C_GetMechanismList)(CK_SLOT_ID slotID,
805 				    CK_MECHANISM_TYPE_PTR pMechanismList,
806 				    CK_ULONG_PTR pulCount);
807 	CK_RV (*C_GetMechanismInfo)(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type,
808 				    CK_MECHANISM_INFO_PTR pInfo);
809 	CK_RV (*C_InitToken)(CK_SLOT_ID slotID, CK_UTF8CHAR_PTR pPin,
810 			     CK_ULONG ulPinLen, CK_UTF8CHAR_PTR pLabel);
811 	CK_RV (*C_InitPIN)(CK_SESSION_HANDLE hSession,
812 			   CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen);
813 	CK_RV (*C_SetPIN)(CK_SESSION_HANDLE hSession,
814 			  CK_UTF8CHAR_PTR pOldPin, CK_ULONG ulOldLen,
815 			  CK_UTF8CHAR_PTR pNewPin, CK_ULONG ulNewLen);
816 	CK_RV (*C_OpenSession)(CK_SLOT_ID slotID, CK_FLAGS flags,
817 			       CK_VOID_PTR pApplication, CK_NOTIFY Notify,
818 			       CK_SESSION_HANDLE_PTR phSession);
819 	CK_RV (*C_CloseSession)(CK_SESSION_HANDLE hSession);
820 	CK_RV (*C_CloseAllSessions)(CK_SLOT_ID slotID);
821 	CK_RV (*C_GetSessionInfo)(CK_SESSION_HANDLE hSession,
822 				  CK_SESSION_INFO_PTR pInfo);
823 	CK_RV (*C_GetOperationState)(CK_SESSION_HANDLE hSession,
824 				     CK_BYTE_PTR pOperationState,
825 				     CK_ULONG_PTR pulOperationStateLen);
826 	CK_RV (*C_SetOperationState)(CK_SESSION_HANDLE hSession,
827 				     CK_BYTE_PTR pOperationState,
828 				     CK_ULONG ulOperationStateLen,
829 				     CK_OBJECT_HANDLE hEncryptionKey,
830 				     CK_OBJECT_HANDLE hAuthenticationKey);
831 	CK_RV (*C_Login)(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType,
832 			 CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen);
833 	CK_RV (*C_Logout)(CK_SESSION_HANDLE hSession);
834 	CK_RV (*C_CreateObject)(CK_SESSION_HANDLE hSession,
835 				CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
836 				CK_OBJECT_HANDLE_PTR phObject);
837 	CK_RV (*C_CopyObject)(CK_SESSION_HANDLE hSession,
838 			      CK_OBJECT_HANDLE hObject,
839 			      CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
840 			      CK_OBJECT_HANDLE_PTR phNewObject);
841 	CK_RV (*C_DestroyObject)(CK_SESSION_HANDLE hSession,
842 				 CK_OBJECT_HANDLE hObject);
843 	CK_RV (*C_GetObjectSize)(CK_SESSION_HANDLE hSession,
844 				 CK_OBJECT_HANDLE hObject,
845 				 CK_ULONG_PTR pulSize);
846 	CK_RV (*C_GetAttributeValue)(CK_SESSION_HANDLE hSession,
847 				     CK_OBJECT_HANDLE hObject,
848 				     CK_ATTRIBUTE_PTR pTemplate,
849 				     CK_ULONG ulCount);
850 	CK_RV (*C_SetAttributeValue)(CK_SESSION_HANDLE hSession,
851 				     CK_OBJECT_HANDLE hObject,
852 				     CK_ATTRIBUTE_PTR pTemplate,
853 				     CK_ULONG ulCount);
854 	CK_RV (*C_FindObjectsInit)(CK_SESSION_HANDLE hSession,
855 				   CK_ATTRIBUTE_PTR pTemplate,
856 				   CK_ULONG ulCount);
857 	CK_RV (*C_FindObjects)(CK_SESSION_HANDLE hSession,
858 			       CK_OBJECT_HANDLE_PTR phObject,
859 			       CK_ULONG ulMaxObjectCount,
860 			       CK_ULONG_PTR pulObjectCount);
861 	CK_RV (*C_FindObjectsFinal)(CK_SESSION_HANDLE hSession);
862 	CK_RV (*C_EncryptInit)(CK_SESSION_HANDLE hSession,
863 			       CK_MECHANISM_PTR pMechanism,
864 			       CK_OBJECT_HANDLE hKey);
865 	CK_RV (*C_Encrypt)(CK_SESSION_HANDLE hSession,
866 			   CK_BYTE_PTR pData, CK_ULONG ulDataLen,
867 			   CK_BYTE_PTR pEncryptedData,
868 			   CK_ULONG_PTR pulEncryptedDataLen);
869 	CK_RV (*C_EncryptUpdate)(CK_SESSION_HANDLE hSession,
870 				 CK_BYTE_PTR pPart, CK_ULONG ulPartLen,
871 				 CK_BYTE_PTR pEncryptedData,
872 				 CK_ULONG_PTR pulEncryptedDataLen);
873 	CK_RV (*C_EncryptFinal)(CK_SESSION_HANDLE hSession,
874 				CK_BYTE_PTR pLastEncryptedPart,
875 				CK_ULONG_PTR pulLastEncryptedPartLen);
876 	CK_RV (*C_DecryptInit)(CK_SESSION_HANDLE hSession,
877 			       CK_MECHANISM_PTR pMechanism,
878 			       CK_OBJECT_HANDLE hKey);
879 	CK_RV (*C_Decrypt)(CK_SESSION_HANDLE hSession,
880 			   CK_BYTE_PTR pEncryptedData,
881 			   CK_ULONG ulEncryptedDataLen,
882 			   CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen);
883 	CK_RV (*C_DecryptUpdate)(CK_SESSION_HANDLE hSession,
884 				 CK_BYTE_PTR pEncryptedPart,
885 				 CK_ULONG ulEncryptedPartLen,
886 				 CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen);
887 	CK_RV (*C_DecryptFinal)(CK_SESSION_HANDLE hSession,
888 				CK_BYTE_PTR pLastPart,
889 				CK_ULONG_PTR pulLastPartLen);
890 	CK_RV (*C_DigestInit)(CK_SESSION_HANDLE hSession,
891 			      CK_MECHANISM_PTR pMechanism);
892 	CK_RV (*C_Digest)(CK_SESSION_HANDLE hSession,
893 			  CK_BYTE_PTR pData, CK_ULONG ulDataLen,
894 			  CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen);
895 	CK_RV (*C_DigestUpdate)(CK_SESSION_HANDLE hSession,
896 				CK_BYTE_PTR pPart, CK_ULONG ulPartLen);
897 	CK_RV (*C_DigestKey)(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey);
898 	CK_RV (*C_DigestFinal)(CK_SESSION_HANDLE hSession,
899 			       CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen);
900 	CK_RV (*C_SignInit)(CK_SESSION_HANDLE hSession,
901 			    CK_MECHANISM_PTR pMechanism,
902 			    CK_OBJECT_HANDLE hKey);
903 	CK_RV (*C_Sign)(CK_SESSION_HANDLE hSession,
904 			CK_BYTE_PTR pData, CK_ULONG ulDataLen,
905 			CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen);
906 	CK_RV (*C_SignUpdate)(CK_SESSION_HANDLE hSession,
907 			      CK_BYTE_PTR pPart, CK_ULONG ulPartLen);
908 	CK_RV (*C_SignFinal)(CK_SESSION_HANDLE hSession,
909 			     CK_BYTE_PTR pSignature,
910 			     CK_ULONG_PTR pulSignatureLen);
911 	CK_RV (*C_SignRecoverInit)(CK_SESSION_HANDLE hSession,
912 				   CK_MECHANISM_PTR pMechanism,
913 				   CK_OBJECT_HANDLE hKey);
914 	CK_RV (*C_SignRecover)(CK_SESSION_HANDLE hSession,
915 			       CK_BYTE_PTR pData, CK_ULONG ulDataLen,
916 			       CK_BYTE_PTR pSignature,
917 			       CK_ULONG_PTR pulSignatureLen);
918 	CK_RV (*C_VerifyInit)(CK_SESSION_HANDLE hSession,
919 			      CK_MECHANISM_PTR pMechanism,
920 			      CK_OBJECT_HANDLE hKey);
921 	CK_RV (*C_Verify)(CK_SESSION_HANDLE hSession,
922 			  CK_BYTE_PTR pData, CK_ULONG ulDataLen,
923 			  CK_BYTE_PTR pSignature,
924 			  CK_ULONG ulSignatureLen);
925 	CK_RV (*C_VerifyUpdate)(CK_SESSION_HANDLE hSession,
926 				CK_BYTE_PTR pPart, CK_ULONG ulPartLen);
927 	CK_RV (*C_VerifyFinal)(CK_SESSION_HANDLE hSession,
928 			       CK_BYTE_PTR pSignature,
929 			       CK_ULONG ulSignatureLen);
930 	CK_RV (*C_VerifyRecoverInit)(CK_SESSION_HANDLE hSession,
931 				     CK_MECHANISM_PTR pMechanism,
932 				     CK_OBJECT_HANDLE hKey);
933 	CK_RV (*C_VerifyRecover)(CK_SESSION_HANDLE hSession,
934 				 CK_BYTE_PTR pSignature,
935 				 CK_ULONG ulSignatureLen,
936 				 CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen);
937 	CK_RV (*C_DigestEncryptUpdate)(CK_SESSION_HANDLE hSession,
938 				       CK_BYTE_PTR pPart, CK_ULONG ulPartLen,
939 				       CK_BYTE_PTR pEncryptedPart,
940 				       CK_ULONG_PTR pulEncryptedPartLen);
941 	CK_RV (*C_DecryptDigestUpdate)(CK_SESSION_HANDLE hSession,
942 				       CK_BYTE_PTR pEncryptedPart,
943 				       CK_ULONG ulEncryptedPartLen,
944 				       CK_BYTE_PTR pPart,
945 				       CK_ULONG_PTR pulPartLen);
946 	CK_RV (*C_SignEncryptUpdate)(CK_SESSION_HANDLE hSession,
947 				     CK_BYTE_PTR pPart, CK_ULONG ulPartLen,
948 				     CK_BYTE_PTR pEncryptedPart,
949 				     CK_ULONG_PTR pulEncryptedPartLen);
950 	CK_RV (*C_DecryptVerifyUpdate)(CK_SESSION_HANDLE hSession,
951 				       CK_BYTE_PTR pEncryptedPart,
952 				       CK_ULONG ulEncryptedPartLen,
953 				       CK_BYTE_PTR pPart,
954 				       CK_ULONG_PTR pulPartLen);
955 	CK_RV (*C_GenerateKey)(CK_SESSION_HANDLE hSession,
956 			       CK_MECHANISM_PTR pMechanism,
957 			       CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
958 			       CK_OBJECT_HANDLE_PTR phKey);
959 	CK_RV (*C_GenerateKeyPair)(CK_SESSION_HANDLE hSession,
960 				   CK_MECHANISM_PTR pMechanism,
961 				   CK_ATTRIBUTE_PTR pPublicKeyTemplate,
962 				   CK_ULONG ulPublicKeyAttributeCount,
963 				   CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
964 				   CK_ULONG ulPrivateKeyAttributeCount,
965 				   CK_OBJECT_HANDLE_PTR phPublicKey,
966 				   CK_OBJECT_HANDLE_PTR phPrivateKey);
967 	CK_RV (*C_WrapKey)(CK_SESSION_HANDLE hSession,
968 			   CK_MECHANISM_PTR pMechanism,
969 			   CK_OBJECT_HANDLE hWrappingKey,
970 			   CK_OBJECT_HANDLE hKey,
971 			   CK_BYTE_PTR pWrappedKey,
972 			   CK_ULONG_PTR pulWrappedKeyLen);
973 	CK_RV (*C_UnwrapKey)(CK_SESSION_HANDLE hSession,
974 			     CK_MECHANISM_PTR pMechanism,
975 			     CK_OBJECT_HANDLE hUnwrappingKey,
976 			     CK_BYTE_PTR pWrappedKey,
977 			     CK_ULONG ulWrappedKeyLen,
978 			     CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
979 			     CK_OBJECT_HANDLE_PTR phKey);
980 	CK_RV (*C_DeriveKey)(CK_SESSION_HANDLE hSession,
981 			     CK_MECHANISM_PTR pMechanism,
982 			     CK_OBJECT_HANDLE hBaseKey,
983 			     CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
984 			     CK_OBJECT_HANDLE_PTR phKey);
985 	CK_RV (*C_SeedRandom)(CK_SESSION_HANDLE hSession,
986 			      CK_BYTE_PTR pSeed, CK_ULONG ulSeedLen);
987 	CK_RV (*C_GenerateRandom)(CK_SESSION_HANDLE hSession,
988 				  CK_BYTE_PTR pRandomData,
989 				  CK_ULONG ulRandomLen);
990 	CK_RV (*C_GetFunctionStatus)(CK_SESSION_HANDLE hSession);
991 	CK_RV (*C_CancelFunction)(CK_SESSION_HANDLE hSession);
992 	CK_RV (*C_WaitForSlotEvent)(CK_FLAGS flags, CK_SLOT_ID_PTR slotID,
993 				    CK_VOID_PTR pReserved);
994 };
995 
996 /* Optional init_args structure for C_Initialize */
997 typedef struct CK_C_INITIALIZE_ARGS CK_C_INITIALIZE_ARGS;
998 typedef struct CK_C_INITIALIZE_ARGS *CK_C_INITIALIZE_ARGS_PTR;
999 
1000 struct CK_C_INITIALIZE_ARGS {
1001 	CK_CREATEMUTEX		CreateMutex;
1002 	CK_DESTROYMUTEX		DestroyMutex;
1003 	CK_LOCKMUTEX		LockMutex;
1004 	CK_UNLOCKMUTEX		UnlockMutex;
1005 	CK_FLAGS		flags;
1006 	CK_VOID_PTR		reserved;
1007 };
1008 
1009 /* Flags for field flags of struct ck_c_initialize_args */
1010 #define CKF_LIBRARY_CANT_CREATE_OS_THREADS	(1U << 0)
1011 #define CKF_OS_LOCKING_OK			(1U << 1)
1012 
1013 CK_RV C_Initialize(CK_VOID_PTR pInitArgs);
1014 
1015 CK_RV C_Finalize(CK_VOID_PTR pReserved);
1016 
1017 CK_RV C_GetInfo(CK_INFO_PTR pInfo);
1018 
1019 CK_RV C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList);
1020 
1021 CK_RV C_GetSlotList(CK_BBOOL tokenPresent,
1022 		    CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount);
1023 
1024 CK_RV C_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo);
1025 
1026 CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo);
1027 
1028 CK_RV C_GetMechanismList(CK_SLOT_ID slotID,
1029 			 CK_MECHANISM_TYPE_PTR pMechanismList,
1030 			 CK_ULONG_PTR pulCount);
1031 
1032 CK_RV C_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type,
1033 			 CK_MECHANISM_INFO_PTR pInfo);
1034 
1035 CK_RV C_InitToken(CK_SLOT_ID slotID, CK_UTF8CHAR_PTR pPin,
1036 		  CK_ULONG ulPinLen, CK_UTF8CHAR_PTR pLabel);
1037 
1038 CK_RV C_InitPIN(CK_SESSION_HANDLE hSession,
1039 		CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen);
1040 
1041 CK_RV C_SetPIN(CK_SESSION_HANDLE hSession,
1042 	       CK_UTF8CHAR_PTR pOldPin, CK_ULONG ulOldLen,
1043 	       CK_UTF8CHAR_PTR pNewPin, CK_ULONG ulNewLen);
1044 
1045 CK_RV C_OpenSession(CK_SLOT_ID slotID, CK_FLAGS flags,
1046 		    CK_VOID_PTR pApplication, CK_NOTIFY Notify,
1047 		    CK_SESSION_HANDLE_PTR phSession);
1048 
1049 CK_RV C_CloseSession(CK_SESSION_HANDLE hSession);
1050 
1051 CK_RV C_CloseAllSessions(CK_SLOT_ID slotID);
1052 
1053 CK_RV C_GetSessionInfo(CK_SESSION_HANDLE hSession, CK_SESSION_INFO_PTR pInfo);
1054 
1055 CK_RV C_GetOperationState(CK_SESSION_HANDLE hSession,
1056 			  CK_BYTE_PTR pOperationState,
1057 			  CK_ULONG_PTR pulOperationStateLen);
1058 
1059 CK_RV C_SetOperationState(CK_SESSION_HANDLE hSession,
1060 			  CK_BYTE_PTR pOperationState,
1061 			  CK_ULONG ulOperationStateLen,
1062 			  CK_OBJECT_HANDLE hEncryptionKey,
1063 			  CK_OBJECT_HANDLE hAuthenticationKey);
1064 
1065 CK_RV C_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType,
1066 	      CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen);
1067 
1068 CK_RV C_Logout(CK_SESSION_HANDLE hSession);
1069 
1070 CK_RV C_CreateObject(CK_SESSION_HANDLE hSession,
1071 		     CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
1072 		     CK_OBJECT_HANDLE_PTR phObject);
1073 
1074 CK_RV C_CopyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject,
1075 		   CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
1076 		   CK_OBJECT_HANDLE_PTR phNewObject);
1077 
1078 CK_RV C_DestroyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject);
1079 
1080 CK_RV C_GetObjectSize(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject,
1081 		      CK_ULONG_PTR pulSize);
1082 
1083 CK_RV C_GetAttributeValue(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject,
1084 			  CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount);
1085 
1086 CK_RV C_SetAttributeValue(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject,
1087 			  CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount);
1088 
1089 CK_RV C_FindObjectsInit(CK_SESSION_HANDLE hSession,
1090 			CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount);
1091 
1092 CK_RV C_FindObjects(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE_PTR phObject,
1093 		    CK_ULONG ulMaxObjectCount, CK_ULONG_PTR pulObjectCount);
1094 
1095 CK_RV C_FindObjectsFinal(CK_SESSION_HANDLE hSession);
1096 
1097 CK_RV C_EncryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
1098 		    CK_OBJECT_HANDLE hKey);
1099 
1100 CK_RV C_Encrypt(CK_SESSION_HANDLE hSession,
1101 		CK_BYTE_PTR pData, CK_ULONG ulDataLen,
1102 		CK_BYTE_PTR pEncryptedData, CK_ULONG_PTR pulEncryptedDataLen);
1103 
1104 CK_RV C_EncryptUpdate(CK_SESSION_HANDLE hSession,
1105 		      CK_BYTE_PTR pPart, CK_ULONG ulPartLen,
1106 		      CK_BYTE_PTR pEncryptedData,
1107 		      CK_ULONG_PTR pulEncryptedDataLen);
1108 
1109 CK_RV C_EncryptFinal(CK_SESSION_HANDLE hSession,
1110 		     CK_BYTE_PTR pLastEncryptedPart,
1111 		     CK_ULONG_PTR pulLastEncryptedPartLen);
1112 
1113 CK_RV C_DecryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
1114 		    CK_OBJECT_HANDLE hKey);
1115 
1116 CK_RV C_Decrypt(CK_SESSION_HANDLE hSession,
1117 		CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen,
1118 		CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen);
1119 
1120 CK_RV C_DecryptUpdate(CK_SESSION_HANDLE hSession,
1121 		      CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen,
1122 		      CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen);
1123 
1124 CK_RV C_DecryptFinal(CK_SESSION_HANDLE hSession,
1125 		     CK_BYTE_PTR pLastPart, CK_ULONG_PTR pulLastPartLen);
1126 
1127 CK_RV C_DigestInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism);
1128 
1129 CK_RV C_Digest(CK_SESSION_HANDLE hSession,
1130 	       CK_BYTE_PTR pData, CK_ULONG ulDataLen,
1131 	       CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen);
1132 
1133 CK_RV C_DigestUpdate(CK_SESSION_HANDLE hSession,
1134 		     CK_BYTE_PTR pPart, CK_ULONG ulPartLen);
1135 
1136 CK_RV C_DigestKey(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey);
1137 
1138 CK_RV C_DigestFinal(CK_SESSION_HANDLE hSession,
1139 		    CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen);
1140 
1141 CK_RV C_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
1142 		 CK_OBJECT_HANDLE hKey);
1143 
1144 CK_RV C_Sign(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen,
1145 	     CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen);
1146 
1147 CK_RV C_SignUpdate(CK_SESSION_HANDLE hSession,
1148 		   CK_BYTE_PTR pPart, CK_ULONG ulPartLen);
1149 
1150 CK_RV C_SignFinal(CK_SESSION_HANDLE hSession,
1151 		  CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen);
1152 
1153 CK_RV C_SignRecoverInit(CK_SESSION_HANDLE hSession,
1154 			CK_MECHANISM_PTR pMechanism,
1155 			CK_OBJECT_HANDLE hKey);
1156 
1157 CK_RV C_SignRecover(CK_SESSION_HANDLE hSession,
1158 		    CK_BYTE_PTR pData, CK_ULONG ulDataLen,
1159 		    CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen);
1160 
1161 CK_RV C_VerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
1162 		   CK_OBJECT_HANDLE hKey);
1163 
1164 CK_RV C_Verify(CK_SESSION_HANDLE hSession,
1165 	       CK_BYTE_PTR pData, CK_ULONG ulDataLen,
1166 	       CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen);
1167 
1168 CK_RV C_VerifyUpdate(CK_SESSION_HANDLE hSession,
1169 		     CK_BYTE_PTR pPart, CK_ULONG ulPartLen);
1170 
1171 CK_RV C_VerifyFinal(CK_SESSION_HANDLE hSession,
1172 		    CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen);
1173 
1174 CK_RV C_VerifyRecoverInit(CK_SESSION_HANDLE hSession,
1175 			  CK_MECHANISM_PTR pMechanism,
1176 			  CK_OBJECT_HANDLE hKey);
1177 
1178 CK_RV C_VerifyRecover(CK_SESSION_HANDLE hSession,
1179 		      CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen,
1180 		      CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen);
1181 
1182 CK_RV C_DigestEncryptUpdate(CK_SESSION_HANDLE hSession,
1183 			    CK_BYTE_PTR pPart, CK_ULONG ulPartLen,
1184 			    CK_BYTE_PTR pEncryptedPart,
1185 			    CK_ULONG_PTR pulEncryptedPartLen);
1186 
1187 CK_RV C_DecryptDigestUpdate(CK_SESSION_HANDLE hSession,
1188 			    CK_BYTE_PTR pEncryptedPart,
1189 			    CK_ULONG ulEncryptedPartLen,
1190 			    CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen);
1191 
1192 CK_RV C_SignEncryptUpdate(CK_SESSION_HANDLE hSession,
1193 			  CK_BYTE_PTR pPart,
1194 			  CK_ULONG ulPartLen,
1195 			  CK_BYTE_PTR pEncryptedPart,
1196 			  CK_ULONG_PTR pulEncryptedPartLen);
1197 
1198 CK_RV C_DecryptVerifyUpdate(CK_SESSION_HANDLE hSession,
1199 			    CK_BYTE_PTR pEncryptedPart,
1200 			    CK_ULONG ulEncryptedPartLen,
1201 			    CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen);
1202 
1203 CK_RV C_GenerateKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
1204 		    CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
1205 		    CK_OBJECT_HANDLE_PTR phKey);
1206 
1207 CK_RV C_GenerateKeyPair(CK_SESSION_HANDLE hSession,
1208 			CK_MECHANISM_PTR pMechanism,
1209 			CK_ATTRIBUTE_PTR pPublicKeyTemplate,
1210 			CK_ULONG ulPublicKeyAttributeCount,
1211 			CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
1212 			CK_ULONG ulPrivateKeyAttributeCount,
1213 			CK_OBJECT_HANDLE_PTR phPublicKey,
1214 			CK_OBJECT_HANDLE_PTR phPrivateKey);
1215 
1216 CK_RV C_WrapKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
1217 		CK_OBJECT_HANDLE hWrappingKey, CK_OBJECT_HANDLE hKey,
1218 		CK_BYTE_PTR pWrappedKey, CK_ULONG_PTR pulWrappedKeyLen);
1219 
1220 CK_RV C_UnwrapKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
1221 		  CK_OBJECT_HANDLE hUnwrappingKey,
1222 		  CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen,
1223 		  CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
1224 		  CK_OBJECT_HANDLE_PTR phKey);
1225 
1226 CK_RV C_DeriveKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
1227 		  CK_OBJECT_HANDLE hBaseKey,
1228 		  CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
1229 		  CK_OBJECT_HANDLE_PTR phKey);
1230 
1231 CK_RV C_SeedRandom(CK_SESSION_HANDLE hSession,
1232 		   CK_BYTE_PTR pSeed, CK_ULONG ulSeedLen);
1233 
1234 CK_RV C_GenerateRandom(CK_SESSION_HANDLE hSession,
1235 		       CK_BYTE_PTR pRandomData, CK_ULONG ulRandomLen);
1236 
1237 CK_RV C_GetFunctionStatus(CK_SESSION_HANDLE hSession);
1238 
1239 CK_RV C_CancelFunction(CK_SESSION_HANDLE hSession);
1240 
1241 CK_RV C_WaitForSlotEvent(CK_FLAGS flags, CK_SLOT_ID_PTR slotID,
1242 			 CK_VOID_PTR pReserved);
1243 
1244 #ifdef __cplusplus
1245 }
1246 #endif
1247 
1248 #endif /*PKCS11_H*/
1249