diff --git a/vendor.conf b/vendor.conf index cc33be3df5..640494244f 100755 --- a/vendor.conf +++ b/vendor.conf @@ -44,7 +44,7 @@ github.com/json-iterator/go 6240e1e7983a85228f7fd9c3e1b6932d46ec58e2 github.com/mailru/easyjson d5b7844b561a7bc640052f1b935f7b800330d7e0 github.com/mattn/go-shellwords v1.0.3 github.com/Microsoft/go-winio v0.4.6 -github.com/miekg/pkcs11 df8ae6ca730422dba20c768ff38ef7d79077a59f +github.com/miekg/pkcs11 5f6e0d0dad6f472df908c8e968a98ef00c9224bb github.com/mitchellh/mapstructure f3009df150dadf309fdee4a54ed65c124afad715 github.com/moby/buildkit aaff9d591ef128560018433fe61beb802e149de8 github.com/Nvveen/Gotty a8b993ba6abdb0e0c12b0125c603323a71c7790c https://github.com/ijc25/Gotty @@ -62,7 +62,7 @@ github.com/sirupsen/logrus v1.0.3 github.com/spf13/cobra 34ceca591bcf34a17a8b7bad5b3ce5f9c165bee5 github.com/spf13/pflag 97afa5e7ca8a08a383cb259e06636b5e2cc7897f github.com/stretchr/testify 4d4bfba8f1d1027c4fdbe371823030df51419987 -github.com/theupdateframework/notary 05985dc5d1c71ee6c387e9cd276a00b9d424af53 +github.com/theupdateframework/notary v0.6.0 github.com/tonistiigi/fsutil dea3a0da73aee887fc02142d995be764106ac5e2 github.com/xeipuuv/gojsonpointer e0fe6f68307607d540ed8eac07a342c33fa1b54a github.com/xeipuuv/gojsonreference e02fc20de94c78484cd5ffb007f8af96be030a45 diff --git a/vendor/github.com/miekg/pkcs11/README.md b/vendor/github.com/miekg/pkcs11/README.md index f41c474394..bd504f6d4c 100644 --- a/vendor/github.com/miekg/pkcs11/README.md +++ b/vendor/github.com/miekg/pkcs11/README.md @@ -1,4 +1,4 @@ -# PKCS#11 [![Build Status](https://travis-ci.org/miekg/pkcs11.png?branch=master)](https://travis-ci.org/miekg/pkcs11) +# PKCS#11 [![Build Status](https://travis-ci.org/miekg/pkcs11.png?branch=master)](https://travis-ci.org/miekg/pkcs11) [![GoDoc](https://img.shields.io/badge/godoc-reference-blue.svg)](http://godoc.org/github.com/miekg/pkcs11) This is a Go implementation of the PKCS#11 API. It wraps the library closely, but uses Go idiom were it makes sense. It has been tested with SoftHSM. @@ -58,6 +58,10 @@ A skeleton program would look somewhat like this (yes, pkcs#11 is verbose): Further examples are included in the tests. +To expose PKCS#11 keys using the +[crypto.Signer interface](https://golang.org/pkg/crypto/#Signer), +please see [github.com/thalesignite/crypto11](https://github.com/thalesignite/crypto11). + # TODO * Fix/double check endian stuff, see types.go NewAttribute() diff --git a/vendor/github.com/miekg/pkcs11/const.go b/vendor/github.com/miekg/pkcs11/const.go index 5901b602cd..a5039efc63 100644 --- a/vendor/github.com/miekg/pkcs11/const.go +++ b/vendor/github.com/miekg/pkcs11/const.go @@ -23,7 +23,19 @@ const ( CKO_VENDOR_DEFINED uint = 0x80000000 ) -// Generated with: awk '/#define CK[AFKMRC]/{ print $2 "=" $3 }' pkcs11t.h +const ( + CKG_MGF1_SHA1 uint = 0x00000001 + CKG_MGF1_SHA224 uint = 0x00000005 + CKG_MGF1_SHA256 uint = 0x00000002 + CKG_MGF1_SHA384 uint = 0x00000003 + CKG_MGF1_SHA512 uint = 0x00000004 +) + +const ( + CKZ_DATA_SPECIFIED uint = 0x00000001 +) + +// Generated with: awk '/#define CK[AFKMRC]/{ print $2 " = " $3 }' pkcs11t.h | sed -e 's/UL$//g' -e 's/UL)$/)/g' // All the flag (CKF_), attribute (CKA_), error code (CKR_), key type (CKK_), certificate type (CKC_) and // mechanism (CKM_) constants as defined in PKCS#11. @@ -49,6 +61,7 @@ const ( CKF_SO_PIN_FINAL_TRY = 0x00200000 CKF_SO_PIN_LOCKED = 0x00400000 CKF_SO_PIN_TO_BE_CHANGED = 0x00800000 + CKF_ERROR_STATE = 0x01000000 CKF_RW_SESSION = 0x00000002 CKF_SERIAL_SESSION = 0x00000004 CKK_RSA = 0x00000000 @@ -82,6 +95,18 @@ const ( CKK_ACTI = 0x00000024 CKK_CAMELLIA = 0x00000025 CKK_ARIA = 0x00000026 + CKK_SHA512_224_HMAC = 0x00000027 + CKK_SHA512_256_HMAC = 0x00000028 + CKK_SHA512_T_HMAC = 0x00000029 + CKK_SHA_1_HMAC = 0x00000028 + CKK_SHA224_HMAC = 0x0000002E + CKK_SHA256_HMAC = 0x0000002B + CKK_SHA384_HMAC = 0x0000002C + CKK_SHA512_HMAC = 0x0000002D + CKK_SEED = 0x00000050 + CKK_GOSTR3410 = 0x00000060 + CKK_GOSTR3411 = 0x00000061 + CKK_GOST28147 = 0x00000062 CKK_VENDOR_DEFINED = 0x80000000 CKC_X_509 = 0x00000000 CKC_X_509_ATTR_CERT = 0x00000001 @@ -107,6 +132,7 @@ const ( CKA_URL = 0x00000089 CKA_HASH_OF_SUBJECT_PUBLIC_KEY = 0x0000008A CKA_HASH_OF_ISSUER_PUBLIC_KEY = 0x0000008B + CKA_NAME_HASH_ALGORITHM = 0x0000008C CKA_CHECK_VALUE = 0x00000090 CKA_KEY_TYPE = 0x00000100 CKA_SUBJECT = 0x00000101 @@ -132,6 +158,7 @@ const ( CKA_EXPONENT_1 = 0x00000126 CKA_EXPONENT_2 = 0x00000127 CKA_COEFFICIENT = 0x00000128 + CKA_PUBLIC_KEY_INFO = 0x00000129 CKA_PRIME = 0x00000130 CKA_SUBPRIME = 0x00000131 CKA_BASE = 0x00000132 @@ -146,6 +173,8 @@ const ( CKA_ALWAYS_SENSITIVE = 0x00000165 CKA_KEY_GEN_MECHANISM = 0x00000166 CKA_MODIFIABLE = 0x00000170 + CKA_COPYABLE = 0x00000171 + CKA_DESTROYABLE = 0x00000172 CKA_ECDSA_PARAMS = 0x00000180 CKA_EC_PARAMS = 0x00000180 CKA_EC_POINT = 0x00000181 @@ -169,6 +198,9 @@ const ( CKA_OTP_SERVICE_IDENTIFIER = 0x0000022B CKA_OTP_SERVICE_LOGO = 0x0000022C CKA_OTP_SERVICE_LOGO_TYPE = 0x0000022D + CKA_GOSTR3410_PARAMS = 0x00000250 + CKA_GOSTR3411_PARAMS = 0x00000251 + CKA_GOST28147_PARAMS = 0x00000252 CKA_HW_FEATURE_TYPE = 0x00000300 CKA_RESET_ON_INIT = 0x00000301 CKA_HAS_RESET = 0x00000302 @@ -206,6 +238,11 @@ const ( CKM_DSA_KEY_PAIR_GEN = 0x00000010 CKM_DSA = 0x00000011 CKM_DSA_SHA1 = 0x00000012 + CKM_DSA_FIPS_G_GEN = 0x00000013 + CKM_DSA_SHA224 = 0x00000014 + CKM_DSA_SHA256 = 0x00000015 + CKM_DSA_SHA384 = 0x00000016 + CKM_DSA_SHA512 = 0x00000017 CKM_DH_PKCS_KEY_PAIR_GEN = 0x00000020 CKM_DH_PKCS_DERIVE = 0x00000021 CKM_X9_42_DH_KEY_PAIR_GEN = 0x00000030 @@ -220,6 +257,18 @@ const ( CKM_SHA512_RSA_PKCS_PSS = 0x00000045 CKM_SHA224_RSA_PKCS = 0x00000046 CKM_SHA224_RSA_PKCS_PSS = 0x00000047 + CKM_SHA512_224 = 0x00000048 + CKM_SHA512_224_HMAC = 0x00000049 + CKM_SHA512_224_HMAC_GENERAL = 0x0000004A + CKM_SHA512_224_KEY_DERIVATION = 0x0000004B + CKM_SHA512_256 = 0x0000004C + CKM_SHA512_256_HMAC = 0x0000004D + CKM_SHA512_256_HMAC_GENERAL = 0x0000004E + CKM_SHA512_256_KEY_DERIVATION = 0x0000004F + CKM_SHA512_T = 0x00000050 + CKM_SHA512_T_HMAC = 0x00000051 + CKM_SHA512_T_HMAC_GENERAL = 0x00000052 + CKM_SHA512_T_KEY_DERIVATION = 0x00000053 CKM_RC2_KEY_GEN = 0x00000100 CKM_RC2_ECB = 0x00000101 CKM_RC2_CBC = 0x00000102 @@ -241,6 +290,8 @@ const ( CKM_DES3_MAC = 0x00000134 CKM_DES3_MAC_GENERAL = 0x00000135 CKM_DES3_CBC_PAD = 0x00000136 + CKM_DES3_CMAC_GENERAL = 0x00000137 + CKM_DES3_CMAC = 0x00000138 CKM_CDMF_KEY_GEN = 0x00000140 CKM_CDMF_ECB = 0x00000141 CKM_CDMF_CBC = 0x00000142 @@ -366,6 +417,16 @@ const ( CKM_WTLS_PRF = 0x000003D3 CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE = 0x000003D4 CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE = 0x000003D5 + CKM_TLS10_MAC_SERVER = 0x000003D6 + CKM_TLS10_MAC_CLIENT = 0x000003D7 + CKM_TLS12_MAC = 0x000003D8 + CKM_TLS12_KDF = 0x000003D9 + CKM_TLS12_MASTER_KEY_DERIVE = 0x000003E0 + CKM_TLS12_KEY_AND_MAC_DERIVE = 0x000003E1 + CKM_TLS12_MASTER_KEY_DERIVE_DH = 0x000003E2 + CKM_TLS12_KEY_SAFE_DERIVE = 0x000003E3 + CKM_TLS_MAC = 0x000003E4 + CKM_TLS_KDF = 0x000003E5 CKM_KEY_WRAP_LYNKS = 0x00000400 CKM_KEY_WRAP_SET_OAEP = 0x00000401 CKM_CMS_SIG = 0x00000500 @@ -389,6 +450,14 @@ const ( CKM_ARIA_CBC_PAD = 0x00000565 CKM_ARIA_ECB_ENCRYPT_DATA = 0x00000566 CKM_ARIA_CBC_ENCRYPT_DATA = 0x00000567 + CKM_SEED_KEY_GEN = 0x00000650 + CKM_SEED_ECB = 0x00000651 + CKM_SEED_CBC = 0x00000652 + CKM_SEED_MAC = 0x00000653 + CKM_SEED_MAC_GENERAL = 0x00000654 + CKM_SEED_CBC_PAD = 0x00000655 + CKM_SEED_ECB_ENCRYPT_DATA = 0x00000656 + CKM_SEED_CBC_ENCRYPT_DATA = 0x00000657 CKM_SKIPJACK_KEY_GEN = 0x00001000 CKM_SKIPJACK_ECB64 = 0x00001001 CKM_SKIPJACK_CBC64 = 0x00001002 @@ -402,6 +471,7 @@ const ( CKM_SKIPJACK_RELAYX = 0x0000100a CKM_KEA_KEY_PAIR_GEN = 0x00001010 CKM_KEA_KEY_DERIVE = 0x00001011 + CKM_KEA_DERIVE = 0x00001012 CKM_FORTEZZA_TIMESTAMP = 0x00001020 CKM_BATON_KEY_GEN = 0x00001030 CKM_BATON_ECB128 = 0x00001031 @@ -414,9 +484,15 @@ const ( CKM_EC_KEY_PAIR_GEN = 0x00001040 CKM_ECDSA = 0x00001041 CKM_ECDSA_SHA1 = 0x00001042 + CKM_ECDSA_SHA224 = 0x00001043 + CKM_ECDSA_SHA256 = 0x00001044 + CKM_ECDSA_SHA384 = 0x00001045 + CKM_ECDSA_SHA512 = 0x00001046 CKM_ECDH1_DERIVE = 0x00001050 CKM_ECDH1_COFACTOR_DERIVE = 0x00001051 CKM_ECMQV_DERIVE = 0x00001052 + CKM_ECDH_AES_KEY_WRAP = 0x00001053 + CKM_RSA_AES_KEY_WRAP = 0x00001054 CKM_JUNIPER_KEY_GEN = 0x00001060 CKM_JUNIPER_ECB128 = 0x00001061 CKM_JUNIPER_CBC128 = 0x00001062 @@ -431,19 +507,52 @@ const ( CKM_AES_MAC_GENERAL = 0x00001084 CKM_AES_CBC_PAD = 0x00001085 CKM_AES_CTR = 0x00001086 + CKM_AES_GCM = 0x00001087 + CKM_AES_CCM = 0x00001088 + CKM_AES_CMAC_GENERAL = 0x00001089 + CKM_AES_CMAC = 0x0000108A + CKM_AES_CTS = 0x0000108B + CKM_AES_XCBC_MAC = 0x0000108C + CKM_AES_XCBC_MAC_96 = 0x0000108D + CKM_AES_GMAC = 0x0000108E CKM_BLOWFISH_KEY_GEN = 0x00001090 CKM_BLOWFISH_CBC = 0x00001091 CKM_TWOFISH_KEY_GEN = 0x00001092 CKM_TWOFISH_CBC = 0x00001093 + CKM_BLOWFISH_CBC_PAD = 0x00001094 + CKM_TWOFISH_CBC_PAD = 0x00001095 CKM_DES_ECB_ENCRYPT_DATA = 0x00001100 CKM_DES_CBC_ENCRYPT_DATA = 0x00001101 CKM_DES3_ECB_ENCRYPT_DATA = 0x00001102 CKM_DES3_CBC_ENCRYPT_DATA = 0x00001103 CKM_AES_ECB_ENCRYPT_DATA = 0x00001104 CKM_AES_CBC_ENCRYPT_DATA = 0x00001105 + CKM_GOSTR3410_KEY_PAIR_GEN = 0x00001200 + CKM_GOSTR3410 = 0x00001201 + CKM_GOSTR3410_WITH_GOSTR3411 = 0x00001202 + CKM_GOSTR3410_KEY_WRAP = 0x00001203 + CKM_GOSTR3410_DERIVE = 0x00001204 + CKM_GOSTR3411 = 0x00001210 + CKM_GOSTR3411_HMAC = 0x00001211 + CKM_GOST28147_KEY_GEN = 0x00001220 + CKM_GOST28147_ECB = 0x00001221 + CKM_GOST28147 = 0x00001222 + CKM_GOST28147_MAC = 0x00001223 + CKM_GOST28147_KEY_WRAP = 0x00001224 CKM_DSA_PARAMETER_GEN = 0x00002000 CKM_DH_PKCS_PARAMETER_GEN = 0x00002001 CKM_X9_42_DH_PARAMETER_GEN = 0x00002002 + CKM_DSA_PROBABLISTIC_PARAMETER_GEN = 0x00002003 + CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN = 0x00002004 + CKM_AES_OFB = 0x00002104 + CKM_AES_CFB64 = 0x00002105 + CKM_AES_CFB8 = 0x00002106 + CKM_AES_CFB128 = 0x00002107 + CKM_AES_CFB1 = 0x00002108 + CKM_AES_KEY_WRAP = 0x00002109 + CKM_AES_KEY_WRAP_PAD = 0x0000210A + CKM_RSA_PKCS_TPM_1_1 = 0x00004001 + CKM_RSA_PKCS_OAEP_TPM_1_1 = 0x00004002 CKM_VENDOR_DEFINED = 0x80000000 CKF_HW = 0x00000001 CKF_ENCRYPT = 0x00000100 @@ -479,6 +588,7 @@ const ( CKR_ATTRIBUTE_SENSITIVE = 0x00000011 CKR_ATTRIBUTE_TYPE_INVALID = 0x00000012 CKR_ATTRIBUTE_VALUE_INVALID = 0x00000013 + CKR_ACTION_PROHIBITED = 0x0000001B CKR_DATA_INVALID = 0x00000020 CKR_DATA_LEN_RANGE = 0x00000021 CKR_DEVICE_ERROR = 0x00000030 @@ -541,6 +651,7 @@ const ( CKR_RANDOM_SEED_NOT_SUPPORTED = 0x00000120 CKR_RANDOM_NO_RNG = 0x00000121 CKR_DOMAIN_PARAMS_INVALID = 0x00000130 + CKR_CURVE_NOT_SUPPORTED = 0x00000140 CKR_BUFFER_TOO_SMALL = 0x00000150 CKR_SAVED_STATE_INVALID = 0x00000160 CKR_INFORMATION_SENSITIVE = 0x00000170 @@ -551,6 +662,11 @@ const ( CKR_MUTEX_NOT_LOCKED = 0x000001A1 CKR_NEW_PIN_MODE = 0x000001B0 CKR_NEXT_OTP = 0x000001B1 + CKR_EXCEEDED_MAX_ITERATIONS = 0x000001C0 + CKR_FIPS_SELF_TEST_FAILED = 0x000001C1 + CKR_LIBRARY_LOAD_FAILED = 0x000001C2 + CKR_PIN_TOO_WEAK = 0x000001C3 + CKR_PUBLIC_KEY_INVALID = 0x000001C4 CKR_FUNCTION_REJECTED = 0x00000200 CKR_VENDOR_DEFINED = 0x80000000 CKF_LIBRARY_CANT_CREATE_OS_THREADS = 0x00000001 diff --git a/vendor/github.com/miekg/pkcs11/pkcs11.go b/vendor/github.com/miekg/pkcs11/pkcs11.go index 424e74980a..e4812b7187 100644 --- a/vendor/github.com/miekg/pkcs11/pkcs11.go +++ b/vendor/github.com/miekg/pkcs11/pkcs11.go @@ -11,21 +11,21 @@ package pkcs11 // * CK_ULONG never overflows an Go int /* +#cgo windows CFLAGS: -DREPACK_STRUCTURES +#cgo windows LDFLAGS: -lltdl +#cgo linux LDFLAGS: -lltdl -ldl +#cgo darwin CFLAGS: -I/usr/local/share/libtool +#cgo darwin LDFLAGS: -lltdl -L/usr/local/lib/ +#cgo openbsd CFLAGS: -I/usr/local/include/ +#cgo openbsd LDFLAGS: -lltdl -L/usr/local/lib/ #cgo LDFLAGS: -lltdl -#define CK_PTR * -#ifndef NULL_PTR -#define NULL_PTR 0 -#endif -#define CK_DEFINE_FUNCTION(returnType, name) returnType name -#define CK_DECLARE_FUNCTION(returnType, name) returnType name -#define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType (* name) -#define CK_CALLBACK_FUNCTION(returnType, name) returnType (* name) #include #include +#include #include #include -#include "pkcs11.h" +#include "pkcs11go.h" struct ctx { lt_dlhandle handle; @@ -70,9 +70,12 @@ void Destroy(struct ctx *c) free(c); } -CK_RV Initialize(struct ctx * c, CK_VOID_PTR initArgs) +CK_RV Initialize(struct ctx * c) { - return c->sym->C_Initialize(initArgs); + CK_C_INITIALIZE_ARGS args; + memset(&args, 0, sizeof(args)); + args.flags = CKF_OS_LOCKING_OK; + return c->sym->C_Initialize(&args); } CK_RV Finalize(struct ctx * c) @@ -80,9 +83,19 @@ CK_RV Finalize(struct ctx * c) return c->sym->C_Finalize(NULL); } -CK_RV GetInfo(struct ctx * c, CK_INFO_PTR info) +CK_RV GetInfo(struct ctx * c, ckInfoPtr info) { - return c->sym->C_GetInfo(info); + CK_INFO p; + CK_RV e = c->sym->C_GetInfo(&p); + if (e != CKR_OK) { + return e; + } + info->cryptokiVersion = p.cryptokiVersion; + memcpy(info->manufacturerID, p.manufacturerID, sizeof(p.manufacturerID)); + info->flags = p.flags; + memcpy(info->libraryDescription, p.libraryDescription, sizeof(p.libraryDescription)); + info->libraryVersion = p.libraryVersion; + return e; } CK_RV GetSlotList(struct ctx * c, CK_BBOOL tokenPresent, @@ -114,7 +127,8 @@ CK_RV GetMechanismList(struct ctx * c, CK_ULONG slotID, { CK_RV e = c->sym->C_GetMechanismList((CK_SLOT_ID) slotID, NULL, mechlen); - if (e != CKR_OK) { + // Gemaltos PKCS11 implementation returns CKR_BUFFER_TOO_SMALL on a NULL ptr instad of CKR_OK as the spec states. + if (e != CKR_OK && e != CKR_BUFFER_TOO_SMALL) { return e; } *mech = calloc(*mechlen, sizeof(CK_MECHANISM_TYPE)); @@ -222,18 +236,22 @@ CK_RV Logout(struct ctx * c, CK_SESSION_HANDLE session) } CK_RV CreateObject(struct ctx * c, CK_SESSION_HANDLE session, - CK_ATTRIBUTE_PTR temp, CK_ULONG tempCount, + ckAttrPtr temp, CK_ULONG tempCount, CK_OBJECT_HANDLE_PTR obj) { - CK_RV e = c->sym->C_CreateObject(session, temp, tempCount, obj); + ATTR_TO_C(tempc, temp, tempCount, NULL); + CK_RV e = c->sym->C_CreateObject(session, tempc, tempCount, obj); + ATTR_FREE(tempc); return e; } CK_RV CopyObject(struct ctx * c, CK_SESSION_HANDLE session, CK_OBJECT_HANDLE o, - CK_ATTRIBUTE_PTR temp, CK_ULONG tempCount, + ckAttrPtr temp, CK_ULONG tempCount, CK_OBJECT_HANDLE_PTR obj) { - CK_RV e = c->sym->C_CopyObject(session, o, temp, tempCount, obj); + ATTR_TO_C(tempc, temp, tempCount, NULL); + CK_RV e = c->sym->C_CopyObject(session, o, tempc, tempCount, obj); + ATTR_FREE(tempc); return e; } @@ -252,39 +270,47 @@ CK_RV GetObjectSize(struct ctx * c, CK_SESSION_HANDLE session, } CK_RV GetAttributeValue(struct ctx * c, CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, CK_ATTRIBUTE_PTR temp, + CK_OBJECT_HANDLE object, ckAttrPtr temp, CK_ULONG templen) { + ATTR_TO_C(tempc, temp, templen, NULL); // Call for the first time, check the returned ulValue in the attributes, then // allocate enough space and try again. - CK_RV e = c->sym->C_GetAttributeValue(session, object, temp, templen); + CK_RV e = c->sym->C_GetAttributeValue(session, object, tempc, templen); if (e != CKR_OK) { + ATTR_FREE(tempc); return e; } CK_ULONG i; for (i = 0; i < templen; i++) { - if ((CK_LONG) temp[i].ulValueLen == -1) { + if ((CK_LONG) tempc[i].ulValueLen == -1) { // either access denied or no such object continue; } - temp[i].pValue = calloc(temp[i].ulValueLen, sizeof(CK_BYTE)); + tempc[i].pValue = calloc(tempc[i].ulValueLen, sizeof(CK_BYTE)); } - e = c->sym->C_GetAttributeValue(session, object, temp, templen); + e = c->sym->C_GetAttributeValue(session, object, tempc, templen); + ATTR_FROM_C(temp, tempc, templen); + ATTR_FREE(tempc); return e; } CK_RV SetAttributeValue(struct ctx * c, CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE object, CK_ATTRIBUTE_PTR temp, + CK_OBJECT_HANDLE object, ckAttrPtr temp, CK_ULONG templen) { - CK_RV e = c->sym->C_SetAttributeValue(session, object, temp, templen); + ATTR_TO_C(tempc, temp, templen, NULL); + CK_RV e = c->sym->C_SetAttributeValue(session, object, tempc, templen); + ATTR_FREE(tempc); return e; } CK_RV FindObjectsInit(struct ctx * c, CK_SESSION_HANDLE session, - CK_ATTRIBUTE_PTR temp, CK_ULONG tempCount) + ckAttrPtr temp, CK_ULONG tempCount) { - CK_RV e = c->sym->C_FindObjectsInit(session, temp, tempCount); + ATTR_TO_C(tempc, temp, tempCount, NULL); + CK_RV e = c->sym->C_FindObjectsInit(session, tempc, tempCount); + ATTR_FREE(tempc); return e; } @@ -304,9 +330,10 @@ CK_RV FindObjectsFinal(struct ctx * c, CK_SESSION_HANDLE session) } CK_RV EncryptInit(struct ctx * c, CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE key) + ckMechPtr mechanism, CK_OBJECT_HANDLE key) { - CK_RV e = c->sym->C_EncryptInit(session, mechanism, key); + MECH_TO_C(m, mechanism); + CK_RV e = c->sym->C_EncryptInit(session, m, key); return e; } @@ -359,9 +386,10 @@ CK_RV EncryptFinal(struct ctx * c, CK_SESSION_HANDLE session, } CK_RV DecryptInit(struct ctx * c, CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE key) + ckMechPtr mechanism, CK_OBJECT_HANDLE key) { - CK_RV e = c->sym->C_DecryptInit(session, mechanism, key); + MECH_TO_C(m, mechanism); + CK_RV e = c->sym->C_DecryptInit(session, m, key); return e; } @@ -414,9 +442,10 @@ CK_RV DecryptFinal(struct ctx * c, CK_SESSION_HANDLE session, } CK_RV DigestInit(struct ctx * c, CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism) + ckMechPtr mechanism) { - CK_RV e = c->sym->C_DigestInit(session, mechanism); + MECH_TO_C(m, mechanism); + CK_RV e = c->sym->C_DigestInit(session, m); return e; } @@ -464,9 +493,10 @@ CK_RV DigestFinal(struct ctx * c, CK_SESSION_HANDLE session, CK_BYTE_PTR * hash, } CK_RV SignInit(struct ctx * c, CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE key) + ckMechPtr mechanism, CK_OBJECT_HANDLE key) { - CK_RV e = c->sym->C_SignInit(session, mechanism, key); + MECH_TO_C(m, mechanism); + CK_RV e = c->sym->C_SignInit(session, m, key); return e; } @@ -508,9 +538,10 @@ CK_RV SignFinal(struct ctx * c, CK_SESSION_HANDLE session, CK_BYTE_PTR * sig, } CK_RV SignRecoverInit(struct ctx * c, CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mech, CK_OBJECT_HANDLE key) + ckMechPtr mech, CK_OBJECT_HANDLE key) { - CK_RV rv = c->sym->C_SignRecoverInit(session, mech, key); + MECH_TO_C(m, mech); + CK_RV rv = c->sym->C_SignRecoverInit(session, m, key); return rv; } @@ -530,9 +561,10 @@ CK_RV SignRecover(struct ctx * c, CK_SESSION_HANDLE session, CK_BYTE_PTR data, } CK_RV VerifyInit(struct ctx * c, CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mech, CK_OBJECT_HANDLE key) + ckMechPtr mech, CK_OBJECT_HANDLE key) { - CK_RV rv = c->sym->C_VerifyInit(session, mech, key); + MECH_TO_C(m, mech); + CK_RV rv = c->sym->C_VerifyInit(session, m, key); return rv; } @@ -558,9 +590,10 @@ CK_RV VerifyFinal(struct ctx * c, CK_SESSION_HANDLE session, CK_BYTE_PTR sig, } CK_RV VerifyRecoverInit(struct ctx * c, CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mech, CK_OBJECT_HANDLE key) + ckMechPtr mech, CK_OBJECT_HANDLE key) { - CK_RV rv = c->sym->C_VerifyRecoverInit(session, mech, key); + MECH_TO_C(m, mech); + CK_RV rv = c->sym->C_VerifyRecoverInit(session, m, key); return rv; } @@ -653,33 +686,39 @@ CK_RV DecryptVerifyUpdate(struct ctx * c, CK_SESSION_HANDLE session, } CK_RV GenerateKey(struct ctx * c, CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, CK_ATTRIBUTE_PTR temp, + ckMechPtr mechanism, ckAttrPtr temp, CK_ULONG tempCount, CK_OBJECT_HANDLE_PTR key) { - CK_RV e = - c->sym->C_GenerateKey(session, mechanism, temp, tempCount, key); + MECH_TO_C(m, mechanism); + ATTR_TO_C(tempc, temp, tempCount, NULL); + CK_RV e = c->sym->C_GenerateKey(session, m, tempc, tempCount, key); + ATTR_FREE(tempc); return e; } CK_RV GenerateKeyPair(struct ctx * c, CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, CK_ATTRIBUTE_PTR pub, - CK_ULONG pubCount, CK_ATTRIBUTE_PTR priv, + ckMechPtr mechanism, ckAttrPtr pub, + CK_ULONG pubCount, ckAttrPtr priv, CK_ULONG privCount, CK_OBJECT_HANDLE_PTR pubkey, CK_OBJECT_HANDLE_PTR privkey) { - CK_RV e = - c->sym->C_GenerateKeyPair(session, mechanism, pub, pubCount, priv, - privCount, - pubkey, privkey); + MECH_TO_C(m, mechanism); + ATTR_TO_C(pubc, pub, pubCount, NULL); + ATTR_TO_C(privc, priv, privCount, pubc); + CK_RV e = c->sym->C_GenerateKeyPair(session, m, pubc, pubCount, + privc, privCount, pubkey, privkey); + ATTR_FREE(pubc); + ATTR_FREE(privc); return e; } CK_RV WrapKey(struct ctx * c, CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE wrappingkey, + ckMechPtr mechanism, CK_OBJECT_HANDLE wrappingkey, CK_OBJECT_HANDLE key, CK_BYTE_PTR * wrapped, CK_ULONG_PTR wrappedlen) { - CK_RV rv = c->sym->C_WrapKey(session, mechanism, wrappingkey, key, NULL, + MECH_TO_C(m, mechanism); + CK_RV rv = c->sym->C_WrapKey(session, m, wrappingkey, key, NULL, wrappedlen); if (rv != CKR_OK) { return rv; @@ -688,26 +727,32 @@ CK_RV WrapKey(struct ctx * c, CK_SESSION_HANDLE session, if (*wrapped == NULL) { return CKR_HOST_MEMORY; } - rv = c->sym->C_WrapKey(session, mechanism, wrappingkey, key, *wrapped, + rv = c->sym->C_WrapKey(session, m, wrappingkey, key, *wrapped, wrappedlen); return rv; } CK_RV DeriveKey(struct ctx * c, CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mech, CK_OBJECT_HANDLE basekey, - CK_ATTRIBUTE_PTR a, CK_ULONG alen, CK_OBJECT_HANDLE_PTR key) + ckMechPtr mech, CK_OBJECT_HANDLE basekey, + ckAttrPtr a, CK_ULONG alen, CK_OBJECT_HANDLE_PTR key) { - CK_RV e = c->sym->C_DeriveKey(session, mech, basekey, a, alen, key); + MECH_TO_C(m, mech); + ATTR_TO_C(tempc, a, alen, NULL); + CK_RV e = c->sym->C_DeriveKey(session, m, basekey, tempc, alen, key); + ATTR_FREE(tempc); return e; } CK_RV UnwrapKey(struct ctx * c, CK_SESSION_HANDLE session, - CK_MECHANISM_PTR mech, CK_OBJECT_HANDLE unwrappingkey, + ckMechPtr mech, CK_OBJECT_HANDLE unwrappingkey, CK_BYTE_PTR wrappedkey, CK_ULONG wrappedkeylen, - CK_ATTRIBUTE_PTR a, CK_ULONG alen, CK_OBJECT_HANDLE_PTR key) + ckAttrPtr a, CK_ULONG alen, CK_OBJECT_HANDLE_PTR key) { - CK_RV e = c->sym->C_UnwrapKey(session, mech, unwrappingkey, wrappedkey, - wrappedkeylen, a, alen, key); + MECH_TO_C(m, mech); + ATTR_TO_C(tempc, a, alen, NULL); + CK_RV e = c->sym->C_UnwrapKey(session, m, unwrappingkey, wrappedkey, + wrappedkeylen, tempc, alen, key); + ATTR_FREE(tempc); return e; } @@ -735,6 +780,38 @@ CK_RV WaitForSlotEvent(struct ctx * c, CK_FLAGS flags, CK_ULONG_PTR slot) c->sym->C_WaitForSlotEvent(flags, (CK_SLOT_ID_PTR) slot, NULL); return e; } + +#ifdef REPACK_STRUCTURES + +CK_RV attrsToC(CK_ATTRIBUTE_PTR *attrOut, ckAttrPtr attrIn, CK_ULONG count) { + CK_ATTRIBUTE_PTR attr = calloc(count, sizeof(CK_ATTRIBUTE)); + if (attr == NULL) { + return CKR_HOST_MEMORY; + } + for (int i = 0; i < count; i++) { + attr[i].type = attrIn[i].type; + attr[i].pValue = attrIn[i].pValue; + attr[i].ulValueLen = attrIn[i].ulValueLen; + } + *attrOut = attr; + return CKR_OK; +} + +void attrsFromC(ckAttrPtr attrOut, CK_ATTRIBUTE_PTR attrIn, CK_ULONG count) { + for (int i = 0; i < count; i++) { + attrOut[i].type = attrIn[i].type; + attrOut[i].pValue = attrIn[i].pValue; + attrOut[i].ulValueLen = attrIn[i].ulValueLen; + } +} + +void mechToC(CK_MECHANISM_PTR mechOut, ckMechPtr mechIn) { + mechOut->mechanism = mechIn->mechanism; + mechOut->pParameter = mechIn->pParameter; + mechOut->ulParameterLen = mechIn->ulParameterLen; +} + +#endif */ import "C" import "strings" @@ -748,6 +825,11 @@ type Ctx struct { // New creates a new context and initializes the module/library for use. func New(module string) *Ctx { + // libtool-ltdl will return an assertion error if passed an empty string, so + // we check for it explicitly. + if module == "" { + return nil + } c := new(Ctx) mod := C.CString(module) defer C.free(unsafe.Pointer(mod)) @@ -769,8 +851,7 @@ func (c *Ctx) Destroy() { /* Initialize initializes the Cryptoki library. */ func (c *Ctx) Initialize() error { - args := &C.CK_C_INITIALIZE_ARGS{nil, nil, nil, nil, C.CKF_OS_LOCKING_OK, nil} - e := C.Initialize(c.ctx, C.CK_VOID_PTR(args)) + e := C.Initialize(c.ctx) return toError(e) } @@ -785,8 +866,8 @@ func (c *Ctx) Finalize() error { /* GetInfo returns general information about Cryptoki. */ func (c *Ctx) GetInfo() (Info, error) { - var p C.CK_INFO - e := C.GetInfo(c.ctx, C.CK_INFO_PTR(&p)) + var p C.ckInfo + e := C.GetInfo(c.ctx, &p) i := Info{ CryptokiVersion: toVersion(p.cryptokiVersion), ManufacturerID: strings.TrimRight(string(C.GoBytes(unsafe.Pointer(&p.manufacturerID[0]), 32)), " "), @@ -1041,11 +1122,11 @@ func (c *Ctx) GetObjectSize(sh SessionHandle, oh ObjectHandle) (uint, error) { func (c *Ctx) GetAttributeValue(sh SessionHandle, o ObjectHandle, a []*Attribute) ([]*Attribute, error) { // copy the attribute list and make all the values nil, so that // the C function can (allocate) fill them in - pa := make([]C.CK_ATTRIBUTE, len(a)) + pa := make([]C.ckAttr, len(a)) for i := 0; i < len(a); i++ { pa[i]._type = C.CK_ATTRIBUTE_TYPE(a[i].Type) } - e := C.GetAttributeValue(c.ctx, C.CK_SESSION_HANDLE(sh), C.CK_OBJECT_HANDLE(o), C.CK_ATTRIBUTE_PTR(&pa[0]), C.CK_ULONG(len(a))) + e := C.GetAttributeValue(c.ctx, C.CK_SESSION_HANDLE(sh), C.CK_OBJECT_HANDLE(o), C.ckAttrPtr(&pa[0]), C.CK_ULONG(len(a))) if toError(e) != nil { return nil, toError(e) } @@ -1529,7 +1610,7 @@ func (c *Ctx) UnwrapKey(sh SessionHandle, m []*Mechanism, unwrappingkey ObjectHa return ObjectHandle(key), toError(e) } -// DeriveKey derives a key from a base key, creating a new key object. */ +// DeriveKey derives a key from a base key, creating a new key object. func (c *Ctx) DeriveKey(sh SessionHandle, m []*Mechanism, basekey ObjectHandle, a []*Attribute) (ObjectHandle, error) { var key C.CK_OBJECT_HANDLE attrarena, ac, aclen := cAttributeList(a) diff --git a/vendor/github.com/miekg/pkcs11/pkcs11.h b/vendor/github.com/miekg/pkcs11/pkcs11.h index 9261e1e4c3..0d78dd7113 100644 --- a/vendor/github.com/miekg/pkcs11/pkcs11.h +++ b/vendor/github.com/miekg/pkcs11/pkcs11.h @@ -1,19 +1,12 @@ -/* pkcs11.h include file for PKCS #11. */ -/* $Revision: 1.2 $ */ - -/* License to copy and use this software is granted provided that it is - * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface - * (Cryptoki)" in all material mentioning or referencing this software. - - * License is also granted to make and use derivative works provided that - * such works are identified as "derived from the RSA Security Inc. PKCS #11 - * Cryptographic Token Interface (Cryptoki)" in all material mentioning or - * referencing the derived work. - - * RSA Security Inc. makes no representations concerning either the - * merchantability of this software or the suitability of this software for - * any particular purpose. It is provided "as is" without express or implied - * warranty of any kind. +/* Copyright (c) OASIS Open 2016. All Rights Reserved./ + * /Distributed under the terms of the OASIS IPR Policy, + * [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT ANY + * IMPLIED OR EXPRESS WARRANTY; there is no warranty of MERCHANTABILITY, FITNESS FOR A + * PARTICULAR PURPOSE or NONINFRINGEMENT of the rights of others. + */ + +/* Latest version of the specification: + * http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html */ #ifndef _PKCS11_H_ @@ -24,14 +17,14 @@ extern "C" { #endif /* Before including this file (pkcs11.h) (or pkcs11t.h by - * itself), 6 platform-specific macros must be defined. These + * itself), 5 platform-specific macros must be defined. These * macros are described below, and typical definitions for them * are also given. Be advised that these definitions can depend * on both the platform and the compiler used (and possibly also * on whether a Cryptoki library is linked statically or * dynamically). * - * In addition to defining these 6 macros, the packing convention + * In addition to defining these 5 macros, the packing convention * for Cryptoki structures should be set. The Cryptoki * convention on packing is that structures should be 1-byte * aligned. @@ -81,39 +74,7 @@ extern "C" { * #define CK_PTR * * * - * 2. CK_DEFINE_FUNCTION(returnType, name): A macro which makes - * an exportable Cryptoki library function definition out of a - * return type and a function name. It should be used in the - * following fashion to define the exposed Cryptoki functions in - * a Cryptoki library: - * - * CK_DEFINE_FUNCTION(CK_RV, C_Initialize)( - * CK_VOID_PTR pReserved - * ) - * { - * ... - * } - * - * If you're using Microsoft Developer Studio 5.0 to define a - * function in a Win32 Cryptoki .dll, it might be defined by: - * - * #define CK_DEFINE_FUNCTION(returnType, name) \ - * returnType __declspec(dllexport) name - * - * If you're using an earlier version of Microsoft Developer - * Studio to define a function in a Win16 Cryptoki .dll, it - * might be defined by: - * - * #define CK_DEFINE_FUNCTION(returnType, name) \ - * returnType __export _far _pascal name - * - * In a UNIX environment, it might be defined by: - * - * #define CK_DEFINE_FUNCTION(returnType, name) \ - * returnType name - * - * - * 3. CK_DECLARE_FUNCTION(returnType, name): A macro which makes + * 2. CK_DECLARE_FUNCTION(returnType, name): A macro which makes * an importable Cryptoki library function declaration out of a * return type and a function name. It should be used in the * following fashion: @@ -141,7 +102,7 @@ extern "C" { * returnType name * * - * 4. CK_DECLARE_FUNCTION_POINTER(returnType, name): A macro + * 3. CK_DECLARE_FUNCTION_POINTER(returnType, name): A macro * which makes a Cryptoki API function pointer declaration or * function pointer type declaration out of a return type and a * function name. It should be used in the following fashion: @@ -178,7 +139,7 @@ extern "C" { * returnType (* name) * * - * 5. CK_CALLBACK_FUNCTION(returnType, name): A macro which makes + * 4. CK_CALLBACK_FUNCTION(returnType, name): A macro which makes * a function pointer type for an application callback out of * a return type for the callback and a name for the callback. * It should be used in the following fashion: @@ -210,7 +171,7 @@ extern "C" { * returnType (* name) * * - * 6. NULL_PTR: This macro is the value of a NULL pointer. + * 5. NULL_PTR: This macro is the value of a NULL pointer. * * In any ANSI/ISO C environment (and in many others as well), * this should best be defined by @@ -222,7 +183,8 @@ extern "C" { /* All the various Cryptoki types and #define'd values are in the - * file pkcs11t.h. */ + * file pkcs11t.h. + */ #include "pkcs11t.h" #define __PASTE(x,y) x##y @@ -238,7 +200,8 @@ extern "C" { extern CK_DECLARE_FUNCTION(CK_RV, name) /* pkcs11f.h has all the information about the Cryptoki - * function prototypes. */ + * function prototypes. + */ #include "pkcs11f.h" #undef CK_NEED_ARG_LIST @@ -257,7 +220,8 @@ extern "C" { typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, __PASTE(CK_,name)) /* pkcs11f.h has all the information about the Cryptoki - * function prototypes. */ + * function prototypes. + */ #include "pkcs11f.h" #undef CK_NEED_ARG_LIST @@ -275,14 +239,15 @@ extern "C" { #define CK_PKCS11_FUNCTION_INFO(name) \ __PASTE(CK_,name) name; - + struct CK_FUNCTION_LIST { CK_VERSION version; /* Cryptoki version */ /* Pile all the function pointers into the CK_FUNCTION_LIST. */ /* pkcs11f.h has all the information about the Cryptoki - * function prototypes. */ + * function prototypes. + */ #include "pkcs11f.h" }; @@ -296,4 +261,5 @@ struct CK_FUNCTION_LIST { } #endif -#endif +#endif /* _PKCS11_H_ */ + diff --git a/vendor/github.com/miekg/pkcs11/pkcs11f.h b/vendor/github.com/miekg/pkcs11/pkcs11f.h index ffbe010f64..ed90affc5e 100644 --- a/vendor/github.com/miekg/pkcs11/pkcs11f.h +++ b/vendor/github.com/miekg/pkcs11/pkcs11f.h @@ -1,26 +1,20 @@ -/* pkcs11f.h include file for PKCS #11. */ -/* $Revision: 1.2 $ */ - -/* License to copy and use this software is granted provided that it is - * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface - * (Cryptoki)" in all material mentioning or referencing this software. - - * License is also granted to make and use derivative works provided that - * such works are identified as "derived from the RSA Security Inc. PKCS #11 - * Cryptographic Token Interface (Cryptoki)" in all material mentioning or - * referencing the derived work. - - * RSA Security Inc. makes no representations concerning either the - * merchantability of this software or the suitability of this software for - * any particular purpose. It is provided "as is" without express or implied - * warranty of any kind. +/* Copyright (c) OASIS Open 2016. All Rights Reserved./ + * /Distributed under the terms of the OASIS IPR Policy, + * [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT ANY + * IMPLIED OR EXPRESS WARRANTY; there is no warranty of MERCHANTABILITY, FITNESS FOR A + * PARTICULAR PURPOSE or NONINFRINGEMENT of the rights of others. + */ + +/* Latest version of the specification: + * http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html */ -/* This header file contains pretty much everything about all the */ -/* Cryptoki function prototypes. Because this information is */ -/* used for more than just declaring function prototypes, the */ -/* order of the functions appearing herein is important, and */ -/* should not be altered. */ +/* This header file contains pretty much everything about all the + * Cryptoki function prototypes. Because this information is + * used for more than just declaring function prototypes, the + * order of the functions appearing herein is important, and + * should not be altered. + */ /* General-purpose */ @@ -30,13 +24,15 @@ CK_PKCS11_FUNCTION_INFO(C_Initialize) ( CK_VOID_PTR pInitArgs /* if this is not NULL_PTR, it gets * cast to CK_C_INITIALIZE_ARGS_PTR - * and dereferenced */ + * and dereferenced + */ ); #endif /* C_Finalize indicates that an application is done with the - * Cryptoki library. */ + * Cryptoki library. + */ CK_PKCS11_FUNCTION_INFO(C_Finalize) #ifdef CK_NEED_ARG_LIST ( @@ -59,7 +55,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetFunctionList) #ifdef CK_NEED_ARG_LIST ( CK_FUNCTION_LIST_PTR_PTR ppFunctionList /* receives pointer to - * function list */ + * function list + */ ); #endif @@ -71,7 +68,7 @@ CK_PKCS11_FUNCTION_INFO(C_GetFunctionList) CK_PKCS11_FUNCTION_INFO(C_GetSlotList) #ifdef CK_NEED_ARG_LIST ( - CK_BBOOL tokenPresent, /* only slots with tokens? */ + CK_BBOOL tokenPresent, /* only slots with tokens */ CK_SLOT_ID_PTR pSlotList, /* receives array of slot IDs */ CK_ULONG_PTR pulCount /* receives number of slots */ ); @@ -79,7 +76,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetSlotList) /* C_GetSlotInfo obtains information about a particular slot in - * the system. */ + * the system. + */ CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo) #ifdef CK_NEED_ARG_LIST ( @@ -90,7 +88,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo) /* C_GetTokenInfo obtains information about a particular token - * in the system. */ + * in the system. + */ CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo) #ifdef CK_NEED_ARG_LIST ( @@ -101,7 +100,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo) /* C_GetMechanismList obtains a list of mechanism types - * supported by a token. */ + * supported by a token. + */ CK_PKCS11_FUNCTION_INFO(C_GetMechanismList) #ifdef CK_NEED_ARG_LIST ( @@ -113,7 +113,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetMechanismList) /* C_GetMechanismInfo obtains information about a particular - * mechanism possibly supported by a token. */ + * mechanism possibly supported by a token. + */ CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo) #ifdef CK_NEED_ARG_LIST ( @@ -127,7 +128,6 @@ CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo) /* C_InitToken initializes a token. */ CK_PKCS11_FUNCTION_INFO(C_InitToken) #ifdef CK_NEED_ARG_LIST -/* pLabel changed from CK_CHAR_PTR to CK_UTF8CHAR_PTR for v2.10 */ ( CK_SLOT_ID slotID, /* ID of the token's slot */ CK_UTF8CHAR_PTR pPin, /* the SO's initial PIN */ @@ -165,7 +165,8 @@ CK_PKCS11_FUNCTION_INFO(C_SetPIN) /* Session management */ /* C_OpenSession opens a session between an application and a - * token. */ + * token. + */ CK_PKCS11_FUNCTION_INFO(C_OpenSession) #ifdef CK_NEED_ARG_LIST ( @@ -179,7 +180,8 @@ CK_PKCS11_FUNCTION_INFO(C_OpenSession) /* C_CloseSession closes a session between an application and a - * token. */ + * token. + */ CK_PKCS11_FUNCTION_INFO(C_CloseSession) #ifdef CK_NEED_ARG_LIST ( @@ -187,6 +189,7 @@ CK_PKCS11_FUNCTION_INFO(C_CloseSession) ); #endif + /* C_CloseAllSessions closes all sessions with a token. */ CK_PKCS11_FUNCTION_INFO(C_CloseAllSessions) #ifdef CK_NEED_ARG_LIST @@ -207,7 +210,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetSessionInfo) /* C_GetOperationState obtains the state of the cryptographic operation - * in a session. */ + * in a session. + */ CK_PKCS11_FUNCTION_INFO(C_GetOperationState) #ifdef CK_NEED_ARG_LIST ( @@ -219,7 +223,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetOperationState) /* C_SetOperationState restores the state of the cryptographic - * operation in a session. */ + * operation in a session. + */ CK_PKCS11_FUNCTION_INFO(C_SetOperationState) #ifdef CK_NEED_ARG_LIST ( @@ -267,8 +272,10 @@ CK_PKCS11_FUNCTION_INFO(C_CreateObject) ); #endif + /* C_CopyObject copies an object, creating a new object for the - * copy. */ + * copy. + */ CK_PKCS11_FUNCTION_INFO(C_CopyObject) #ifdef CK_NEED_ARG_LIST ( @@ -303,7 +310,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetObjectSize) /* C_GetAttributeValue obtains the value of one or more object - * attributes. */ + * attributes. + */ CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue) #ifdef CK_NEED_ARG_LIST ( @@ -316,7 +324,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue) /* C_SetAttributeValue modifies the value of one or more object - * attributes */ + * attributes. + */ CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue) #ifdef CK_NEED_ARG_LIST ( @@ -329,7 +338,8 @@ CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue) /* C_FindObjectsInit initializes a search for token and session - * objects that match a template. */ + * objects that match a template. + */ CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit) #ifdef CK_NEED_ARG_LIST ( @@ -342,7 +352,8 @@ CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit) /* C_FindObjects continues a search for token and session * objects that match a template, obtaining additional object - * handles. */ + * handles. + */ CK_PKCS11_FUNCTION_INFO(C_FindObjects) #ifdef CK_NEED_ARG_LIST ( @@ -355,7 +366,8 @@ CK_PKCS11_FUNCTION_INFO(C_FindObjects) /* C_FindObjectsFinal finishes a search for token and session - * objects. */ + * objects. + */ CK_PKCS11_FUNCTION_INFO(C_FindObjectsFinal) #ifdef CK_NEED_ARG_LIST ( @@ -392,7 +404,8 @@ CK_PKCS11_FUNCTION_INFO(C_Encrypt) /* C_EncryptUpdate continues a multiple-part encryption - * operation. */ + * operation. + */ CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate) #ifdef CK_NEED_ARG_LIST ( @@ -406,7 +419,8 @@ CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate) /* C_EncryptFinal finishes a multiple-part encryption - * operation. */ + * operation. + */ CK_PKCS11_FUNCTION_INFO(C_EncryptFinal) #ifdef CK_NEED_ARG_LIST ( @@ -442,7 +456,8 @@ CK_PKCS11_FUNCTION_INFO(C_Decrypt) /* C_DecryptUpdate continues a multiple-part decryption - * operation. */ + * operation. + */ CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate) #ifdef CK_NEED_ARG_LIST ( @@ -456,7 +471,8 @@ CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate) /* C_DecryptFinal finishes a multiple-part decryption - * operation. */ + * operation. + */ CK_PKCS11_FUNCTION_INFO(C_DecryptFinal) #ifdef CK_NEED_ARG_LIST ( @@ -494,7 +510,8 @@ CK_PKCS11_FUNCTION_INFO(C_Digest) /* C_DigestUpdate continues a multiple-part message-digesting - * operation. */ + * operation. + */ CK_PKCS11_FUNCTION_INFO(C_DigestUpdate) #ifdef CK_NEED_ARG_LIST ( @@ -507,7 +524,8 @@ CK_PKCS11_FUNCTION_INFO(C_DigestUpdate) /* C_DigestKey continues a multi-part message-digesting * operation, by digesting the value of a secret key as part of - * the data already digested. */ + * the data already digested. + */ CK_PKCS11_FUNCTION_INFO(C_DigestKey) #ifdef CK_NEED_ARG_LIST ( @@ -518,7 +536,8 @@ CK_PKCS11_FUNCTION_INFO(C_DigestKey) /* C_DigestFinal finishes a multiple-part message-digesting - * operation. */ + * operation. + */ CK_PKCS11_FUNCTION_INFO(C_DigestFinal) #ifdef CK_NEED_ARG_LIST ( @@ -535,7 +554,8 @@ CK_PKCS11_FUNCTION_INFO(C_DigestFinal) /* C_SignInit initializes a signature (private key encryption) * operation, where the signature is (will be) an appendix to * the data, and plaintext cannot be recovered from the - *signature. */ + * signature. + */ CK_PKCS11_FUNCTION_INFO(C_SignInit) #ifdef CK_NEED_ARG_LIST ( @@ -548,7 +568,8 @@ CK_PKCS11_FUNCTION_INFO(C_SignInit) /* C_Sign signs (encrypts with private key) data in a single * part, where the signature is (will be) an appendix to the - * data, and plaintext cannot be recovered from the signature. */ + * data, and plaintext cannot be recovered from the signature. + */ CK_PKCS11_FUNCTION_INFO(C_Sign) #ifdef CK_NEED_ARG_LIST ( @@ -562,8 +583,9 @@ CK_PKCS11_FUNCTION_INFO(C_Sign) /* C_SignUpdate continues a multiple-part signature operation, - * where the signature is (will be) an appendix to the data, - * and plaintext cannot be recovered from the signature. */ + * where the signature is (will be) an appendix to the data, + * and plaintext cannot be recovered from the signature. + */ CK_PKCS11_FUNCTION_INFO(C_SignUpdate) #ifdef CK_NEED_ARG_LIST ( @@ -574,8 +596,9 @@ CK_PKCS11_FUNCTION_INFO(C_SignUpdate) #endif -/* C_SignFinal finishes a multiple-part signature operation, - * returning the signature. */ +/* C_SignFinal finishes a multiple-part signature operation, + * returning the signature. + */ CK_PKCS11_FUNCTION_INFO(C_SignFinal) #ifdef CK_NEED_ARG_LIST ( @@ -587,7 +610,8 @@ CK_PKCS11_FUNCTION_INFO(C_SignFinal) /* C_SignRecoverInit initializes a signature operation, where - * the data can be recovered from the signature. */ + * the data can be recovered from the signature. + */ CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit) #ifdef CK_NEED_ARG_LIST ( @@ -599,7 +623,8 @@ CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit) /* C_SignRecover signs data in a single operation, where the - * data can be recovered from the signature. */ + * data can be recovered from the signature. + */ CK_PKCS11_FUNCTION_INFO(C_SignRecover) #ifdef CK_NEED_ARG_LIST ( @@ -617,20 +642,22 @@ CK_PKCS11_FUNCTION_INFO(C_SignRecover) /* C_VerifyInit initializes a verification operation, where the * signature is an appendix to the data, and plaintext cannot - * cannot be recovered from the signature (e.g. DSA). */ + * cannot be recovered from the signature (e.g. DSA). + */ CK_PKCS11_FUNCTION_INFO(C_VerifyInit) #ifdef CK_NEED_ARG_LIST ( CK_SESSION_HANDLE hSession, /* the session's handle */ CK_MECHANISM_PTR pMechanism, /* the verification mechanism */ - CK_OBJECT_HANDLE hKey /* verification key */ + CK_OBJECT_HANDLE hKey /* verification key */ ); #endif -/* C_Verify verifies a signature in a single-part operation, +/* C_Verify verifies a signature in a single-part operation, * where the signature is an appendix to the data, and plaintext - * cannot be recovered from the signature. */ + * cannot be recovered from the signature. + */ CK_PKCS11_FUNCTION_INFO(C_Verify) #ifdef CK_NEED_ARG_LIST ( @@ -644,8 +671,9 @@ CK_PKCS11_FUNCTION_INFO(C_Verify) /* C_VerifyUpdate continues a multiple-part verification - * operation, where the signature is an appendix to the data, - * and plaintext cannot be recovered from the signature. */ + * operation, where the signature is an appendix to the data, + * and plaintext cannot be recovered from the signature. + */ CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate) #ifdef CK_NEED_ARG_LIST ( @@ -657,7 +685,8 @@ CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate) /* C_VerifyFinal finishes a multiple-part verification - * operation, checking the signature. */ + * operation, checking the signature. + */ CK_PKCS11_FUNCTION_INFO(C_VerifyFinal) #ifdef CK_NEED_ARG_LIST ( @@ -669,7 +698,8 @@ CK_PKCS11_FUNCTION_INFO(C_VerifyFinal) /* C_VerifyRecoverInit initializes a signature verification - * operation, where the data is recovered from the signature. */ + * operation, where the data is recovered from the signature. + */ CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit) #ifdef CK_NEED_ARG_LIST ( @@ -681,7 +711,8 @@ CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit) /* C_VerifyRecover verifies a signature in a single-part - * operation, where the data is recovered from the signature. */ + * operation, where the data is recovered from the signature. + */ CK_PKCS11_FUNCTION_INFO(C_VerifyRecover) #ifdef CK_NEED_ARG_LIST ( @@ -698,7 +729,8 @@ CK_PKCS11_FUNCTION_INFO(C_VerifyRecover) /* Dual-function cryptographic operations */ /* C_DigestEncryptUpdate continues a multiple-part digesting - * and encryption operation. */ + * and encryption operation. + */ CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate) #ifdef CK_NEED_ARG_LIST ( @@ -712,7 +744,8 @@ CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate) /* C_DecryptDigestUpdate continues a multiple-part decryption and - * digesting operation. */ + * digesting operation. + */ CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate) #ifdef CK_NEED_ARG_LIST ( @@ -726,7 +759,8 @@ CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate) /* C_SignEncryptUpdate continues a multiple-part signing and - * encryption operation. */ + * encryption operation. + */ CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate) #ifdef CK_NEED_ARG_LIST ( @@ -740,7 +774,8 @@ CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate) /* C_DecryptVerifyUpdate continues a multiple-part decryption and - * verify operation. */ + * verify operation. + */ CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate) #ifdef CK_NEED_ARG_LIST ( @@ -757,7 +792,8 @@ CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate) /* Key management */ /* C_GenerateKey generates a secret key, creating a new key - * object. */ + * object. + */ CK_PKCS11_FUNCTION_INFO(C_GenerateKey) #ifdef CK_NEED_ARG_LIST ( @@ -770,31 +806,20 @@ CK_PKCS11_FUNCTION_INFO(C_GenerateKey) #endif -/* C_GenerateKeyPair generates a public-key/private-key pair, - * creating new key objects. */ +/* C_GenerateKeyPair generates a public-key/private-key pair, + * creating new key objects. + */ CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair) #ifdef CK_NEED_ARG_LIST ( - CK_SESSION_HANDLE hSession, /* session - * handle */ - CK_MECHANISM_PTR pMechanism, /* key-gen - * mech. */ - CK_ATTRIBUTE_PTR pPublicKeyTemplate, /* template - * for pub. - * key */ - CK_ULONG ulPublicKeyAttributeCount, /* # pub. - * attrs. */ - CK_ATTRIBUTE_PTR pPrivateKeyTemplate, /* template - * for priv. - * key */ - CK_ULONG ulPrivateKeyAttributeCount, /* # priv. - * attrs. */ - CK_OBJECT_HANDLE_PTR phPublicKey, /* gets pub. - * key - * handle */ - CK_OBJECT_HANDLE_PTR phPrivateKey /* gets - * priv. key - * handle */ + CK_SESSION_HANDLE hSession, /* session handle */ + CK_MECHANISM_PTR pMechanism, /* key-gen mech. */ + CK_ATTRIBUTE_PTR pPublicKeyTemplate, /* template for pub. key */ + CK_ULONG ulPublicKeyAttributeCount, /* # pub. attrs. */ + CK_ATTRIBUTE_PTR pPrivateKeyTemplate, /* template for priv. key */ + CK_ULONG ulPrivateKeyAttributeCount, /* # priv. attrs. */ + CK_OBJECT_HANDLE_PTR phPublicKey, /* gets pub. key handle */ + CK_OBJECT_HANDLE_PTR phPrivateKey /* gets priv. key handle */ ); #endif @@ -814,7 +839,8 @@ CK_PKCS11_FUNCTION_INFO(C_WrapKey) /* C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new - * key object. */ + * key object. + */ CK_PKCS11_FUNCTION_INFO(C_UnwrapKey) #ifdef CK_NEED_ARG_LIST ( @@ -831,7 +857,8 @@ CK_PKCS11_FUNCTION_INFO(C_UnwrapKey) /* C_DeriveKey derives a key from a base key, creating a new key - * object. */ + * object. + */ CK_PKCS11_FUNCTION_INFO(C_DeriveKey) #ifdef CK_NEED_ARG_LIST ( @@ -849,7 +876,8 @@ CK_PKCS11_FUNCTION_INFO(C_DeriveKey) /* Random number generation */ /* C_SeedRandom mixes additional seed material into the token's - * random number generator. */ + * random number generator. + */ CK_PKCS11_FUNCTION_INFO(C_SeedRandom) #ifdef CK_NEED_ARG_LIST ( @@ -876,7 +904,8 @@ CK_PKCS11_FUNCTION_INFO(C_GenerateRandom) /* C_GetFunctionStatus is a legacy function; it obtains an * updated status of a function running in parallel with an - * application. */ + * application. + */ CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus) #ifdef CK_NEED_ARG_LIST ( @@ -886,7 +915,8 @@ CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus) /* C_CancelFunction is a legacy function; it cancels a function - * running in parallel. */ + * running in parallel. + */ CK_PKCS11_FUNCTION_INFO(C_CancelFunction) #ifdef CK_NEED_ARG_LIST ( @@ -895,11 +925,9 @@ CK_PKCS11_FUNCTION_INFO(C_CancelFunction) #endif - -/* Functions added in for Cryptoki Version 2.01 or later */ - /* C_WaitForSlotEvent waits for a slot event (token insertion, - * removal, etc.) to occur. */ + * removal, etc.) to occur. + */ CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent) #ifdef CK_NEED_ARG_LIST ( @@ -908,3 +936,4 @@ CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent) CK_VOID_PTR pRserved /* reserved. Should be NULL_PTR */ ); #endif + diff --git a/vendor/github.com/miekg/pkcs11/pkcs11go.h b/vendor/github.com/miekg/pkcs11/pkcs11go.h new file mode 100644 index 0000000000..305e883706 --- /dev/null +++ b/vendor/github.com/miekg/pkcs11/pkcs11go.h @@ -0,0 +1,83 @@ +// +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. +// + +#define CK_PTR * +#ifndef NULL_PTR +#define NULL_PTR 0 +#endif +#define CK_DEFINE_FUNCTION(returnType, name) returnType name +#define CK_DECLARE_FUNCTION(returnType, name) returnType name +#define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType (* name) +#define CK_CALLBACK_FUNCTION(returnType, name) returnType (* name) + +#include +#ifdef REPACK_STRUCTURES +# pragma pack(push, 1) +# include "pkcs11.h" +# pragma pack(pop) +#else +# include "pkcs11.h" +#endif + +#ifdef REPACK_STRUCTURES + +// Go doesn't support structures with non-default packing, but PKCS#11 requires +// pack(1) on Windows. Use structures with the same members as the CK_ ones but +// default packing, and copy data between the two. + +typedef struct ckInfo { + CK_VERSION cryptokiVersion; + CK_UTF8CHAR manufacturerID[32]; + CK_FLAGS flags; + CK_UTF8CHAR libraryDescription[32]; + CK_VERSION libraryVersion; +} ckInfo, *ckInfoPtr; + +typedef struct ckAttr { + CK_ATTRIBUTE_TYPE type; + CK_VOID_PTR pValue; + CK_ULONG ulValueLen; +} ckAttr, *ckAttrPtr; + +typedef struct ckMech { + CK_MECHANISM_TYPE mechanism; + CK_VOID_PTR pParameter; + CK_ULONG ulParameterLen; +} ckMech, *ckMechPtr; + +CK_RV attrsToC(CK_ATTRIBUTE_PTR *attrOut, ckAttrPtr attrIn, CK_ULONG count); +void attrsFromC(ckAttrPtr attrOut, CK_ATTRIBUTE_PTR attrIn, CK_ULONG count); +void mechToC(CK_MECHANISM_PTR mechOut, ckMechPtr mechIn); + +#define ATTR_TO_C(aout, ain, count, other) \ + CK_ATTRIBUTE_PTR aout; \ + { \ + CK_RV e = attrsToC(&aout, ain, count); \ + if (e != CKR_OK ) { \ + if (other != NULL) free(other); \ + return e; \ + } \ + } +#define ATTR_FREE(aout) free(aout) +#define ATTR_FROM_C(aout, ain, count) attrsFromC(aout, ain, count) +#define MECH_TO_C(mout, min) \ + CK_MECHANISM mval, *mout = &mval; \ + if (min != NULL) { mechToC(mout, min); \ + } else { mout = NULL; } + +#else // REPACK_STRUCTURES + +// Dummy types and macros to avoid any unnecessary copying on UNIX + +typedef CK_INFO ckInfo, *ckInfoPtr; +typedef CK_ATTRIBUTE ckAttr, *ckAttrPtr; +typedef CK_MECHANISM ckMech, *ckMechPtr; + +#define ATTR_TO_C(aout, ain, count, other) CK_ATTRIBUTE_PTR aout = ain +#define ATTR_FREE(aout) +#define ATTR_FROM_C(aout, ain, count) +#define MECH_TO_C(mout, min) CK_MECHANISM_PTR mout = min + +#endif // REPACK_STRUCTURES diff --git a/vendor/github.com/miekg/pkcs11/pkcs11t.h b/vendor/github.com/miekg/pkcs11/pkcs11t.h index add49e4830..c13e67cf55 100644 --- a/vendor/github.com/miekg/pkcs11/pkcs11t.h +++ b/vendor/github.com/miekg/pkcs11/pkcs11t.h @@ -1,40 +1,33 @@ -/* pkcs11t.h include file for PKCS #11. */ -/* $Revision: 1.2 $ */ - -/* License to copy and use this software is granted provided that it is - * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface - * (Cryptoki)" in all material mentioning or referencing this software. - - * License is also granted to make and use derivative works provided that - * such works are identified as "derived from the RSA Security Inc. PKCS #11 - * Cryptographic Token Interface (Cryptoki)" in all material mentioning or - * referencing the derived work. - - * RSA Security Inc. makes no representations concerning either the - * merchantability of this software or the suitability of this software for - * any particular purpose. It is provided "as is" without express or implied - * warranty of any kind. +/* Copyright (c) OASIS Open 2016. All Rights Reserved./ + * /Distributed under the terms of the OASIS IPR Policy, + * [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT ANY + * IMPLIED OR EXPRESS WARRANTY; there is no warranty of MERCHANTABILITY, FITNESS FOR A + * PARTICULAR PURPOSE or NONINFRINGEMENT of the rights of others. + */ + +/* Latest version of the specification: + * http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html */ /* See top of pkcs11.h for information about the macros that * must be defined and the structure-packing conventions that - * must be set before including this file. */ + * must be set before including this file. + */ #ifndef _PKCS11T_H_ #define _PKCS11T_H_ 1 -#define CRYPTOKI_VERSION_MAJOR 2 -#define CRYPTOKI_VERSION_MINOR 20 -#define CRYPTOKI_VERSION_AMENDMENT 3 +#define CRYPTOKI_VERSION_MAJOR 2 +#define CRYPTOKI_VERSION_MINOR 40 +#define CRYPTOKI_VERSION_AMENDMENT 0 -#define CK_TRUE 1 -#define CK_FALSE 0 +#define CK_TRUE 1 +#define CK_FALSE 0 #ifndef CK_DISABLE_TRUE_FALSE #ifndef FALSE #define FALSE CK_FALSE #endif - #ifndef TRUE #define TRUE CK_TRUE #endif @@ -56,7 +49,6 @@ typedef CK_BYTE CK_BBOOL; typedef unsigned long int CK_ULONG; /* a signed value, the same size as a CK_ULONG */ -/* CK_LONG is new for v2.0 */ typedef long int CK_LONG; /* at least 32 bits; each bit is a Boolean flag */ @@ -64,8 +56,8 @@ typedef CK_ULONG CK_FLAGS; /* some special values for certain CK_ULONG variables */ -#define CK_UNAVAILABLE_INFORMATION (~0UL) -#define CK_EFFECTIVELY_INFINITE 0 +#define CK_UNAVAILABLE_INFORMATION (~0UL) +#define CK_EFFECTIVELY_INFINITE 0UL typedef CK_BYTE CK_PTR CK_BYTE_PTR; @@ -78,9 +70,10 @@ typedef void CK_PTR CK_VOID_PTR; typedef CK_VOID_PTR CK_PTR CK_VOID_PTR_PTR; -/* The following value is always invalid if used as a session */ -/* handle or object handle */ -#define CK_INVALID_HANDLE 0 +/* The following value is always invalid if used as a session + * handle or object handle + */ +#define CK_INVALID_HANDLE 0UL typedef struct CK_VERSION { @@ -92,13 +85,9 @@ typedef CK_VERSION CK_PTR CK_VERSION_PTR; typedef struct CK_INFO { - /* manufacturerID and libraryDecription have been changed from - * CK_CHAR to CK_UTF8CHAR for v2.10 */ CK_VERSION cryptokiVersion; /* Cryptoki interface ver */ CK_UTF8CHAR manufacturerID[32]; /* blank padded */ CK_FLAGS flags; /* must be zero */ - - /* libraryDescription and libraryVersion are new for v2.0 */ CK_UTF8CHAR libraryDescription[32]; /* blank padded */ CK_VERSION libraryVersion; /* version of library */ } CK_INFO; @@ -107,15 +96,11 @@ typedef CK_INFO CK_PTR CK_INFO_PTR; /* CK_NOTIFICATION enumerates the types of notifications that - * Cryptoki provides to an application */ -/* CK_NOTIFICATION has been changed from an enum to a CK_ULONG - * for v2.0 */ + * Cryptoki provides to an application + */ typedef CK_ULONG CK_NOTIFICATION; -#define CKN_SURRENDER 0 - -/* The following notification is new for PKCS #11 v2.20 amendment 3 */ -#define CKN_OTP_CHANGED 1 - +#define CKN_SURRENDER 0UL +#define CKN_OTP_CHANGED 1UL typedef CK_ULONG CK_SLOT_ID; @@ -124,13 +109,10 @@ typedef CK_SLOT_ID CK_PTR CK_SLOT_ID_PTR; /* CK_SLOT_INFO provides information about a slot */ typedef struct CK_SLOT_INFO { - /* slotDescription and manufacturerID have been changed from - * CK_CHAR to CK_UTF8CHAR for v2.10 */ CK_UTF8CHAR slotDescription[64]; /* blank padded */ CK_UTF8CHAR manufacturerID[32]; /* blank padded */ CK_FLAGS flags; - /* hardwareVersion and firmwareVersion are new for v2.0 */ CK_VERSION hardwareVersion; /* version of hardware */ CK_VERSION firmwareVersion; /* version of firmware */ } CK_SLOT_INFO; @@ -138,26 +120,21 @@ typedef struct CK_SLOT_INFO { /* flags: bit flags that provide capabilities of the slot * Bit Flag Mask Meaning */ -#define CKF_TOKEN_PRESENT 0x00000001 /* a token is there */ -#define CKF_REMOVABLE_DEVICE 0x00000002 /* removable devices*/ -#define CKF_HW_SLOT 0x00000004 /* hardware slot */ +#define CKF_TOKEN_PRESENT 0x00000001UL /* a token is there */ +#define CKF_REMOVABLE_DEVICE 0x00000002UL /* removable devices*/ +#define CKF_HW_SLOT 0x00000004UL /* hardware slot */ typedef CK_SLOT_INFO CK_PTR CK_SLOT_INFO_PTR; /* CK_TOKEN_INFO provides information about a token */ typedef struct CK_TOKEN_INFO { - /* label, manufacturerID, and model have been changed from - * CK_CHAR to CK_UTF8CHAR for v2.10 */ CK_UTF8CHAR label[32]; /* blank padded */ CK_UTF8CHAR manufacturerID[32]; /* blank padded */ CK_UTF8CHAR model[16]; /* blank padded */ CK_CHAR serialNumber[16]; /* blank padded */ CK_FLAGS flags; /* see below */ - /* ulMaxSessionCount, ulSessionCount, ulMaxRwSessionCount, - * ulRwSessionCount, ulMaxPinLen, and ulMinPinLen have all been - * changed from CK_USHORT to CK_ULONG for v2.0 */ CK_ULONG ulMaxSessionCount; /* max open sessions */ CK_ULONG ulSessionCount; /* sess. now open */ CK_ULONG ulMaxRwSessionCount; /* max R/W sessions */ @@ -168,9 +145,6 @@ typedef struct CK_TOKEN_INFO { CK_ULONG ulFreePublicMemory; /* in bytes */ CK_ULONG ulTotalPrivateMemory; /* in bytes */ CK_ULONG ulFreePrivateMemory; /* in bytes */ - - /* hardwareVersion, firmwareVersion, and time are new for - * v2.0 */ CK_VERSION hardwareVersion; /* version of hardware */ CK_VERSION firmwareVersion; /* version of firmware */ CK_CHAR utcTime[16]; /* time */ @@ -179,146 +153,149 @@ typedef struct CK_TOKEN_INFO { /* The flags parameter is defined as follows: * Bit Flag Mask Meaning */ -#define CKF_RNG 0x00000001 /* has random # - * generator */ -#define CKF_WRITE_PROTECTED 0x00000002 /* token is - * write- - * protected */ -#define CKF_LOGIN_REQUIRED 0x00000004 /* user must - * login */ -#define CKF_USER_PIN_INITIALIZED 0x00000008 /* normal user's - * PIN is set */ +#define CKF_RNG 0x00000001UL /* has random # generator */ +#define CKF_WRITE_PROTECTED 0x00000002UL /* token is write-protected */ +#define CKF_LOGIN_REQUIRED 0x00000004UL /* user must login */ +#define CKF_USER_PIN_INITIALIZED 0x00000008UL /* normal user's PIN is set */ -/* CKF_RESTORE_KEY_NOT_NEEDED is new for v2.0. If it is set, +/* CKF_RESTORE_KEY_NOT_NEEDED. If it is set, * that means that *every* time the state of cryptographic * operations of a session is successfully saved, all keys - * needed to continue those operations are stored in the state */ -#define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020 + * needed to continue those operations are stored in the state + */ +#define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020UL -/* CKF_CLOCK_ON_TOKEN is new for v2.0. If it is set, that means +/* CKF_CLOCK_ON_TOKEN. If it is set, that means * that the token has some sort of clock. The time on that - * clock is returned in the token info structure */ -#define CKF_CLOCK_ON_TOKEN 0x00000040 + * clock is returned in the token info structure + */ +#define CKF_CLOCK_ON_TOKEN 0x00000040UL -/* CKF_PROTECTED_AUTHENTICATION_PATH is new for v2.0. If it is +/* CKF_PROTECTED_AUTHENTICATION_PATH. If it is * set, that means that there is some way for the user to login - * without sending a PIN through the Cryptoki library itself */ -#define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100 + * without sending a PIN through the Cryptoki library itself + */ +#define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100UL -/* CKF_DUAL_CRYPTO_OPERATIONS is new for v2.0. If it is true, +/* CKF_DUAL_CRYPTO_OPERATIONS. If it is true, * that means that a single session with the token can perform * dual simultaneous cryptographic operations (digest and * encrypt; decrypt and digest; sign and encrypt; and decrypt - * and sign) */ -#define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200 + * and sign) + */ +#define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200UL -/* CKF_TOKEN_INITIALIZED if new for v2.10. If it is true, the +/* CKF_TOKEN_INITIALIZED. If it is true, the * token has been initialized using C_InitializeToken or an * equivalent mechanism outside the scope of PKCS #11. * Calling C_InitializeToken when this flag is set will cause - * the token to be reinitialized. */ -#define CKF_TOKEN_INITIALIZED 0x00000400 + * the token to be reinitialized. + */ +#define CKF_TOKEN_INITIALIZED 0x00000400UL -/* CKF_SECONDARY_AUTHENTICATION if new for v2.10. If it is +/* CKF_SECONDARY_AUTHENTICATION. If it is * true, the token supports secondary authentication for - * private key objects. This flag is deprecated in v2.11 and - onwards. */ -#define CKF_SECONDARY_AUTHENTICATION 0x00000800 + * private key objects. + */ +#define CKF_SECONDARY_AUTHENTICATION 0x00000800UL -/* CKF_USER_PIN_COUNT_LOW if new for v2.10. If it is true, an +/* CKF_USER_PIN_COUNT_LOW. If it is true, an * incorrect user login PIN has been entered at least once - * since the last successful authentication. */ -#define CKF_USER_PIN_COUNT_LOW 0x00010000 + * since the last successful authentication. + */ +#define CKF_USER_PIN_COUNT_LOW 0x00010000UL -/* CKF_USER_PIN_FINAL_TRY if new for v2.10. If it is true, - * supplying an incorrect user PIN will it to become locked. */ -#define CKF_USER_PIN_FINAL_TRY 0x00020000 +/* CKF_USER_PIN_FINAL_TRY. If it is true, + * supplying an incorrect user PIN will it to become locked. + */ +#define CKF_USER_PIN_FINAL_TRY 0x00020000UL -/* CKF_USER_PIN_LOCKED if new for v2.10. If it is true, the +/* CKF_USER_PIN_LOCKED. If it is true, the * user PIN has been locked. User login to the token is not - * possible. */ -#define CKF_USER_PIN_LOCKED 0x00040000 + * possible. + */ +#define CKF_USER_PIN_LOCKED 0x00040000UL -/* CKF_USER_PIN_TO_BE_CHANGED if new for v2.10. If it is true, +/* CKF_USER_PIN_TO_BE_CHANGED. If it is true, * the user PIN value is the default value set by token * initialization or manufacturing, or the PIN has been - * expired by the card. */ -#define CKF_USER_PIN_TO_BE_CHANGED 0x00080000 + * expired by the card. + */ +#define CKF_USER_PIN_TO_BE_CHANGED 0x00080000UL -/* CKF_SO_PIN_COUNT_LOW if new for v2.10. If it is true, an +/* CKF_SO_PIN_COUNT_LOW. If it is true, an * incorrect SO login PIN has been entered at least once since - * the last successful authentication. */ -#define CKF_SO_PIN_COUNT_LOW 0x00100000 + * the last successful authentication. + */ +#define CKF_SO_PIN_COUNT_LOW 0x00100000UL -/* CKF_SO_PIN_FINAL_TRY if new for v2.10. If it is true, - * supplying an incorrect SO PIN will it to become locked. */ -#define CKF_SO_PIN_FINAL_TRY 0x00200000 +/* CKF_SO_PIN_FINAL_TRY. If it is true, + * supplying an incorrect SO PIN will it to become locked. + */ +#define CKF_SO_PIN_FINAL_TRY 0x00200000UL -/* CKF_SO_PIN_LOCKED if new for v2.10. If it is true, the SO +/* CKF_SO_PIN_LOCKED. If it is true, the SO * PIN has been locked. SO login to the token is not possible. */ -#define CKF_SO_PIN_LOCKED 0x00400000 +#define CKF_SO_PIN_LOCKED 0x00400000UL -/* CKF_SO_PIN_TO_BE_CHANGED if new for v2.10. If it is true, +/* CKF_SO_PIN_TO_BE_CHANGED. If it is true, * the SO PIN value is the default value set by token * initialization or manufacturing, or the PIN has been - * expired by the card. */ -#define CKF_SO_PIN_TO_BE_CHANGED 0x00800000 + * expired by the card. + */ +#define CKF_SO_PIN_TO_BE_CHANGED 0x00800000UL + +#define CKF_ERROR_STATE 0x01000000UL typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR; /* CK_SESSION_HANDLE is a Cryptoki-assigned value that - * identifies a session */ + * identifies a session + */ typedef CK_ULONG CK_SESSION_HANDLE; typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR; /* CK_USER_TYPE enumerates the types of Cryptoki users */ -/* CK_USER_TYPE has been changed from an enum to a CK_ULONG for - * v2.0 */ typedef CK_ULONG CK_USER_TYPE; /* Security Officer */ -#define CKU_SO 0 +#define CKU_SO 0UL /* Normal user */ -#define CKU_USER 1 -/* Context specific (added in v2.20) */ -#define CKU_CONTEXT_SPECIFIC 2 +#define CKU_USER 1UL +/* Context specific */ +#define CKU_CONTEXT_SPECIFIC 2UL /* CK_STATE enumerates the session states */ -/* CK_STATE has been changed from an enum to a CK_ULONG for - * v2.0 */ typedef CK_ULONG CK_STATE; -#define CKS_RO_PUBLIC_SESSION 0 -#define CKS_RO_USER_FUNCTIONS 1 -#define CKS_RW_PUBLIC_SESSION 2 -#define CKS_RW_USER_FUNCTIONS 3 -#define CKS_RW_SO_FUNCTIONS 4 - +#define CKS_RO_PUBLIC_SESSION 0UL +#define CKS_RO_USER_FUNCTIONS 1UL +#define CKS_RW_PUBLIC_SESSION 2UL +#define CKS_RW_USER_FUNCTIONS 3UL +#define CKS_RW_SO_FUNCTIONS 4UL /* CK_SESSION_INFO provides information about a session */ typedef struct CK_SESSION_INFO { CK_SLOT_ID slotID; CK_STATE state; CK_FLAGS flags; /* see below */ - - /* ulDeviceError was changed from CK_USHORT to CK_ULONG for - * v2.0 */ CK_ULONG ulDeviceError; /* device-dependent error code */ } CK_SESSION_INFO; /* The flags are defined in the following table: * Bit Flag Mask Meaning */ -#define CKF_RW_SESSION 0x00000002 /* session is r/w */ -#define CKF_SERIAL_SESSION 0x00000004 /* no parallel */ +#define CKF_RW_SESSION 0x00000002UL /* session is r/w */ +#define CKF_SERIAL_SESSION 0x00000004UL /* no parallel */ typedef CK_SESSION_INFO CK_PTR CK_SESSION_INFO_PTR; /* CK_OBJECT_HANDLE is a token-specific identifier for an - * object */ + * object + */ typedef CK_ULONG CK_OBJECT_HANDLE; typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR; @@ -326,294 +303,273 @@ typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR; /* CK_OBJECT_CLASS is a value that identifies the classes (or * types) of objects that Cryptoki recognizes. It is defined - * as follows: */ -/* CK_OBJECT_CLASS was changed from CK_USHORT to CK_ULONG for - * v2.0 */ + * as follows: + */ typedef CK_ULONG CK_OBJECT_CLASS; /* The following classes of objects are defined: */ -/* CKO_HW_FEATURE is new for v2.10 */ -/* CKO_DOMAIN_PARAMETERS is new for v2.11 */ -/* CKO_MECHANISM is new for v2.20 */ -#define CKO_DATA 0x00000000 -#define CKO_CERTIFICATE 0x00000001 -#define CKO_PUBLIC_KEY 0x00000002 -#define CKO_PRIVATE_KEY 0x00000003 -#define CKO_SECRET_KEY 0x00000004 -#define CKO_HW_FEATURE 0x00000005 -#define CKO_DOMAIN_PARAMETERS 0x00000006 -#define CKO_MECHANISM 0x00000007 +#define CKO_DATA 0x00000000UL +#define CKO_CERTIFICATE 0x00000001UL +#define CKO_PUBLIC_KEY 0x00000002UL +#define CKO_PRIVATE_KEY 0x00000003UL +#define CKO_SECRET_KEY 0x00000004UL +#define CKO_HW_FEATURE 0x00000005UL +#define CKO_DOMAIN_PARAMETERS 0x00000006UL +#define CKO_MECHANISM 0x00000007UL +#define CKO_OTP_KEY 0x00000008UL -/* CKO_OTP_KEY is new for PKCS #11 v2.20 amendment 1 */ -#define CKO_OTP_KEY 0x00000008 - -#define CKO_VENDOR_DEFINED 0x80000000 +#define CKO_VENDOR_DEFINED 0x80000000UL typedef CK_OBJECT_CLASS CK_PTR CK_OBJECT_CLASS_PTR; -/* CK_HW_FEATURE_TYPE is new for v2.10. CK_HW_FEATURE_TYPE is a - * value that identifies the hardware feature type of an object - * with CK_OBJECT_CLASS equal to CKO_HW_FEATURE. */ +/* CK_HW_FEATURE_TYPE is a value that identifies the hardware feature type + * of an object with CK_OBJECT_CLASS equal to CKO_HW_FEATURE. + */ typedef CK_ULONG CK_HW_FEATURE_TYPE; /* The following hardware feature types are defined */ -/* CKH_USER_INTERFACE is new for v2.20 */ -#define CKH_MONOTONIC_COUNTER 0x00000001 -#define CKH_CLOCK 0x00000002 -#define CKH_USER_INTERFACE 0x00000003 -#define CKH_VENDOR_DEFINED 0x80000000 +#define CKH_MONOTONIC_COUNTER 0x00000001UL +#define CKH_CLOCK 0x00000002UL +#define CKH_USER_INTERFACE 0x00000003UL +#define CKH_VENDOR_DEFINED 0x80000000UL /* CK_KEY_TYPE is a value that identifies a key type */ -/* CK_KEY_TYPE was changed from CK_USHORT to CK_ULONG for v2.0 */ typedef CK_ULONG CK_KEY_TYPE; /* the following key types are defined: */ -#define CKK_RSA 0x00000000 -#define CKK_DSA 0x00000001 -#define CKK_DH 0x00000002 +#define CKK_RSA 0x00000000UL +#define CKK_DSA 0x00000001UL +#define CKK_DH 0x00000002UL +#define CKK_ECDSA 0x00000003UL /* Deprecated */ +#define CKK_EC 0x00000003UL +#define CKK_X9_42_DH 0x00000004UL +#define CKK_KEA 0x00000005UL +#define CKK_GENERIC_SECRET 0x00000010UL +#define CKK_RC2 0x00000011UL +#define CKK_RC4 0x00000012UL +#define CKK_DES 0x00000013UL +#define CKK_DES2 0x00000014UL +#define CKK_DES3 0x00000015UL +#define CKK_CAST 0x00000016UL +#define CKK_CAST3 0x00000017UL +#define CKK_CAST5 0x00000018UL /* Deprecated */ +#define CKK_CAST128 0x00000018UL +#define CKK_RC5 0x00000019UL +#define CKK_IDEA 0x0000001AUL +#define CKK_SKIPJACK 0x0000001BUL +#define CKK_BATON 0x0000001CUL +#define CKK_JUNIPER 0x0000001DUL +#define CKK_CDMF 0x0000001EUL +#define CKK_AES 0x0000001FUL +#define CKK_BLOWFISH 0x00000020UL +#define CKK_TWOFISH 0x00000021UL +#define CKK_SECURID 0x00000022UL +#define CKK_HOTP 0x00000023UL +#define CKK_ACTI 0x00000024UL +#define CKK_CAMELLIA 0x00000025UL +#define CKK_ARIA 0x00000026UL -/* CKK_ECDSA and CKK_KEA are new for v2.0 */ -/* CKK_ECDSA is deprecated in v2.11, CKK_EC is preferred. */ -#define CKK_ECDSA 0x00000003 -#define CKK_EC 0x00000003 -#define CKK_X9_42_DH 0x00000004 -#define CKK_KEA 0x00000005 +#define CKK_MD5_HMAC 0x00000027UL +#define CKK_SHA_1_HMAC 0x00000028UL +#define CKK_RIPEMD128_HMAC 0x00000029UL +#define CKK_RIPEMD160_HMAC 0x0000002AUL +#define CKK_SHA256_HMAC 0x0000002BUL +#define CKK_SHA384_HMAC 0x0000002CUL +#define CKK_SHA512_HMAC 0x0000002DUL +#define CKK_SHA224_HMAC 0x0000002EUL -#define CKK_GENERIC_SECRET 0x00000010 -#define CKK_RC2 0x00000011 -#define CKK_RC4 0x00000012 -#define CKK_DES 0x00000013 -#define CKK_DES2 0x00000014 -#define CKK_DES3 0x00000015 - -/* all these key types are new for v2.0 */ -#define CKK_CAST 0x00000016 -#define CKK_CAST3 0x00000017 -/* CKK_CAST5 is deprecated in v2.11, CKK_CAST128 is preferred. */ -#define CKK_CAST5 0x00000018 -#define CKK_CAST128 0x00000018 -#define CKK_RC5 0x00000019 -#define CKK_IDEA 0x0000001A -#define CKK_SKIPJACK 0x0000001B -#define CKK_BATON 0x0000001C -#define CKK_JUNIPER 0x0000001D -#define CKK_CDMF 0x0000001E -#define CKK_AES 0x0000001F - -/* BlowFish and TwoFish are new for v2.20 */ -#define CKK_BLOWFISH 0x00000020 -#define CKK_TWOFISH 0x00000021 - -/* SecurID, HOTP, and ACTI are new for PKCS #11 v2.20 amendment 1 */ -#define CKK_SECURID 0x00000022 -#define CKK_HOTP 0x00000023 -#define CKK_ACTI 0x00000024 - -/* Camellia is new for PKCS #11 v2.20 amendment 3 */ -#define CKK_CAMELLIA 0x00000025 -/* ARIA is new for PKCS #11 v2.20 amendment 3 */ -#define CKK_ARIA 0x00000026 +#define CKK_SEED 0x0000002FUL +#define CKK_GOSTR3410 0x00000030UL +#define CKK_GOSTR3411 0x00000031UL +#define CKK_GOST28147 0x00000032UL -#define CKK_VENDOR_DEFINED 0x80000000 + +#define CKK_VENDOR_DEFINED 0x80000000UL /* CK_CERTIFICATE_TYPE is a value that identifies a certificate - * type */ -/* CK_CERTIFICATE_TYPE was changed from CK_USHORT to CK_ULONG - * for v2.0 */ + * type + */ typedef CK_ULONG CK_CERTIFICATE_TYPE; +#define CK_CERTIFICATE_CATEGORY_UNSPECIFIED 0UL +#define CK_CERTIFICATE_CATEGORY_TOKEN_USER 1UL +#define CK_CERTIFICATE_CATEGORY_AUTHORITY 2UL +#define CK_CERTIFICATE_CATEGORY_OTHER_ENTITY 3UL + +#define CK_SECURITY_DOMAIN_UNSPECIFIED 0UL +#define CK_SECURITY_DOMAIN_MANUFACTURER 1UL +#define CK_SECURITY_DOMAIN_OPERATOR 2UL +#define CK_SECURITY_DOMAIN_THIRD_PARTY 3UL + + /* The following certificate types are defined: */ -/* CKC_X_509_ATTR_CERT is new for v2.10 */ -/* CKC_WTLS is new for v2.20 */ -#define CKC_X_509 0x00000000 -#define CKC_X_509_ATTR_CERT 0x00000001 -#define CKC_WTLS 0x00000002 -#define CKC_VENDOR_DEFINED 0x80000000 +#define CKC_X_509 0x00000000UL +#define CKC_X_509_ATTR_CERT 0x00000001UL +#define CKC_WTLS 0x00000002UL +#define CKC_VENDOR_DEFINED 0x80000000UL /* CK_ATTRIBUTE_TYPE is a value that identifies an attribute - * type */ -/* CK_ATTRIBUTE_TYPE was changed from CK_USHORT to CK_ULONG for - * v2.0 */ + * type + */ typedef CK_ULONG CK_ATTRIBUTE_TYPE; /* The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which - consists of an array of values. */ -#define CKF_ARRAY_ATTRIBUTE 0x40000000 + * consists of an array of values. + */ +#define CKF_ARRAY_ATTRIBUTE 0x40000000UL -/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 - and relates to the CKA_OTP_FORMAT attribute */ -#define CK_OTP_FORMAT_DECIMAL 0 -#define CK_OTP_FORMAT_HEXADECIMAL 1 -#define CK_OTP_FORMAT_ALPHANUMERIC 2 -#define CK_OTP_FORMAT_BINARY 3 +/* The following OTP-related defines relate to the CKA_OTP_FORMAT attribute */ +#define CK_OTP_FORMAT_DECIMAL 0UL +#define CK_OTP_FORMAT_HEXADECIMAL 1UL +#define CK_OTP_FORMAT_ALPHANUMERIC 2UL +#define CK_OTP_FORMAT_BINARY 3UL -/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 - and relates to the CKA_OTP_..._REQUIREMENT attributes */ -#define CK_OTP_PARAM_IGNORED 0 -#define CK_OTP_PARAM_OPTIONAL 1 -#define CK_OTP_PARAM_MANDATORY 2 +/* The following OTP-related defines relate to the CKA_OTP_..._REQUIREMENT + * attributes + */ +#define CK_OTP_PARAM_IGNORED 0UL +#define CK_OTP_PARAM_OPTIONAL 1UL +#define CK_OTP_PARAM_MANDATORY 2UL /* The following attribute types are defined: */ -#define CKA_CLASS 0x00000000 -#define CKA_TOKEN 0x00000001 -#define CKA_PRIVATE 0x00000002 -#define CKA_LABEL 0x00000003 -#define CKA_APPLICATION 0x00000010 -#define CKA_VALUE 0x00000011 +#define CKA_CLASS 0x00000000UL +#define CKA_TOKEN 0x00000001UL +#define CKA_PRIVATE 0x00000002UL +#define CKA_LABEL 0x00000003UL +#define CKA_APPLICATION 0x00000010UL +#define CKA_VALUE 0x00000011UL +#define CKA_OBJECT_ID 0x00000012UL +#define CKA_CERTIFICATE_TYPE 0x00000080UL +#define CKA_ISSUER 0x00000081UL +#define CKA_SERIAL_NUMBER 0x00000082UL +#define CKA_AC_ISSUER 0x00000083UL +#define CKA_OWNER 0x00000084UL +#define CKA_ATTR_TYPES 0x00000085UL +#define CKA_TRUSTED 0x00000086UL +#define CKA_CERTIFICATE_CATEGORY 0x00000087UL +#define CKA_JAVA_MIDP_SECURITY_DOMAIN 0x00000088UL +#define CKA_URL 0x00000089UL +#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY 0x0000008AUL +#define CKA_HASH_OF_ISSUER_PUBLIC_KEY 0x0000008BUL +#define CKA_NAME_HASH_ALGORITHM 0x0000008CUL +#define CKA_CHECK_VALUE 0x00000090UL -/* CKA_OBJECT_ID is new for v2.10 */ -#define CKA_OBJECT_ID 0x00000012 +#define CKA_KEY_TYPE 0x00000100UL +#define CKA_SUBJECT 0x00000101UL +#define CKA_ID 0x00000102UL +#define CKA_SENSITIVE 0x00000103UL +#define CKA_ENCRYPT 0x00000104UL +#define CKA_DECRYPT 0x00000105UL +#define CKA_WRAP 0x00000106UL +#define CKA_UNWRAP 0x00000107UL +#define CKA_SIGN 0x00000108UL +#define CKA_SIGN_RECOVER 0x00000109UL +#define CKA_VERIFY 0x0000010AUL +#define CKA_VERIFY_RECOVER 0x0000010BUL +#define CKA_DERIVE 0x0000010CUL +#define CKA_START_DATE 0x00000110UL +#define CKA_END_DATE 0x00000111UL +#define CKA_MODULUS 0x00000120UL +#define CKA_MODULUS_BITS 0x00000121UL +#define CKA_PUBLIC_EXPONENT 0x00000122UL +#define CKA_PRIVATE_EXPONENT 0x00000123UL +#define CKA_PRIME_1 0x00000124UL +#define CKA_PRIME_2 0x00000125UL +#define CKA_EXPONENT_1 0x00000126UL +#define CKA_EXPONENT_2 0x00000127UL +#define CKA_COEFFICIENT 0x00000128UL +#define CKA_PUBLIC_KEY_INFO 0x00000129UL +#define CKA_PRIME 0x00000130UL +#define CKA_SUBPRIME 0x00000131UL +#define CKA_BASE 0x00000132UL -#define CKA_CERTIFICATE_TYPE 0x00000080 -#define CKA_ISSUER 0x00000081 -#define CKA_SERIAL_NUMBER 0x00000082 - -/* CKA_AC_ISSUER, CKA_OWNER, and CKA_ATTR_TYPES are new - * for v2.10 */ -#define CKA_AC_ISSUER 0x00000083 -#define CKA_OWNER 0x00000084 -#define CKA_ATTR_TYPES 0x00000085 - -/* CKA_TRUSTED is new for v2.11 */ -#define CKA_TRUSTED 0x00000086 - -/* CKA_CERTIFICATE_CATEGORY ... - * CKA_CHECK_VALUE are new for v2.20 */ -#define CKA_CERTIFICATE_CATEGORY 0x00000087 -#define CKA_JAVA_MIDP_SECURITY_DOMAIN 0x00000088 -#define CKA_URL 0x00000089 -#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY 0x0000008A -#define CKA_HASH_OF_ISSUER_PUBLIC_KEY 0x0000008B -#define CKA_CHECK_VALUE 0x00000090 - -#define CKA_KEY_TYPE 0x00000100 -#define CKA_SUBJECT 0x00000101 -#define CKA_ID 0x00000102 -#define CKA_SENSITIVE 0x00000103 -#define CKA_ENCRYPT 0x00000104 -#define CKA_DECRYPT 0x00000105 -#define CKA_WRAP 0x00000106 -#define CKA_UNWRAP 0x00000107 -#define CKA_SIGN 0x00000108 -#define CKA_SIGN_RECOVER 0x00000109 -#define CKA_VERIFY 0x0000010A -#define CKA_VERIFY_RECOVER 0x0000010B -#define CKA_DERIVE 0x0000010C -#define CKA_START_DATE 0x00000110 -#define CKA_END_DATE 0x00000111 -#define CKA_MODULUS 0x00000120 -#define CKA_MODULUS_BITS 0x00000121 -#define CKA_PUBLIC_EXPONENT 0x00000122 -#define CKA_PRIVATE_EXPONENT 0x00000123 -#define CKA_PRIME_1 0x00000124 -#define CKA_PRIME_2 0x00000125 -#define CKA_EXPONENT_1 0x00000126 -#define CKA_EXPONENT_2 0x00000127 -#define CKA_COEFFICIENT 0x00000128 -#define CKA_PRIME 0x00000130 -#define CKA_SUBPRIME 0x00000131 -#define CKA_BASE 0x00000132 - -/* CKA_PRIME_BITS and CKA_SUB_PRIME_BITS are new for v2.11 */ -#define CKA_PRIME_BITS 0x00000133 -#define CKA_SUBPRIME_BITS 0x00000134 +#define CKA_PRIME_BITS 0x00000133UL +#define CKA_SUBPRIME_BITS 0x00000134UL #define CKA_SUB_PRIME_BITS CKA_SUBPRIME_BITS -/* (To retain backwards-compatibility) */ -#define CKA_VALUE_BITS 0x00000160 -#define CKA_VALUE_LEN 0x00000161 +#define CKA_VALUE_BITS 0x00000160UL +#define CKA_VALUE_LEN 0x00000161UL +#define CKA_EXTRACTABLE 0x00000162UL +#define CKA_LOCAL 0x00000163UL +#define CKA_NEVER_EXTRACTABLE 0x00000164UL +#define CKA_ALWAYS_SENSITIVE 0x00000165UL +#define CKA_KEY_GEN_MECHANISM 0x00000166UL -/* CKA_EXTRACTABLE, CKA_LOCAL, CKA_NEVER_EXTRACTABLE, - * CKA_ALWAYS_SENSITIVE, CKA_MODIFIABLE, CKA_ECDSA_PARAMS, - * and CKA_EC_POINT are new for v2.0 */ -#define CKA_EXTRACTABLE 0x00000162 -#define CKA_LOCAL 0x00000163 -#define CKA_NEVER_EXTRACTABLE 0x00000164 -#define CKA_ALWAYS_SENSITIVE 0x00000165 +#define CKA_MODIFIABLE 0x00000170UL +#define CKA_COPYABLE 0x00000171UL -/* CKA_KEY_GEN_MECHANISM is new for v2.11 */ -#define CKA_KEY_GEN_MECHANISM 0x00000166 +#define CKA_DESTROYABLE 0x00000172UL -#define CKA_MODIFIABLE 0x00000170 +#define CKA_ECDSA_PARAMS 0x00000180UL /* Deprecated */ +#define CKA_EC_PARAMS 0x00000180UL -/* CKA_ECDSA_PARAMS is deprecated in v2.11, - * CKA_EC_PARAMS is preferred. */ -#define CKA_ECDSA_PARAMS 0x00000180 -#define CKA_EC_PARAMS 0x00000180 +#define CKA_EC_POINT 0x00000181UL -#define CKA_EC_POINT 0x00000181 +#define CKA_SECONDARY_AUTH 0x00000200UL /* Deprecated */ +#define CKA_AUTH_PIN_FLAGS 0x00000201UL /* Deprecated */ -/* CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS, - * are new for v2.10. Deprecated in v2.11 and onwards. */ -#define CKA_SECONDARY_AUTH 0x00000200 -#define CKA_AUTH_PIN_FLAGS 0x00000201 +#define CKA_ALWAYS_AUTHENTICATE 0x00000202UL -/* CKA_ALWAYS_AUTHENTICATE ... - * CKA_UNWRAP_TEMPLATE are new for v2.20 */ -#define CKA_ALWAYS_AUTHENTICATE 0x00000202 +#define CKA_WRAP_WITH_TRUSTED 0x00000210UL +#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000211UL) +#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000212UL) +#define CKA_DERIVE_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000213UL) -#define CKA_WRAP_WITH_TRUSTED 0x00000210 -#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000211) -#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000212) +#define CKA_OTP_FORMAT 0x00000220UL +#define CKA_OTP_LENGTH 0x00000221UL +#define CKA_OTP_TIME_INTERVAL 0x00000222UL +#define CKA_OTP_USER_FRIENDLY_MODE 0x00000223UL +#define CKA_OTP_CHALLENGE_REQUIREMENT 0x00000224UL +#define CKA_OTP_TIME_REQUIREMENT 0x00000225UL +#define CKA_OTP_COUNTER_REQUIREMENT 0x00000226UL +#define CKA_OTP_PIN_REQUIREMENT 0x00000227UL +#define CKA_OTP_COUNTER 0x0000022EUL +#define CKA_OTP_TIME 0x0000022FUL +#define CKA_OTP_USER_IDENTIFIER 0x0000022AUL +#define CKA_OTP_SERVICE_IDENTIFIER 0x0000022BUL +#define CKA_OTP_SERVICE_LOGO 0x0000022CUL +#define CKA_OTP_SERVICE_LOGO_TYPE 0x0000022DUL -/* CKA_OTP... atttributes are new for PKCS #11 v2.20 amendment 3. */ -#define CKA_OTP_FORMAT 0x00000220 -#define CKA_OTP_LENGTH 0x00000221 -#define CKA_OTP_TIME_INTERVAL 0x00000222 -#define CKA_OTP_USER_FRIENDLY_MODE 0x00000223 -#define CKA_OTP_CHALLENGE_REQUIREMENT 0x00000224 -#define CKA_OTP_TIME_REQUIREMENT 0x00000225 -#define CKA_OTP_COUNTER_REQUIREMENT 0x00000226 -#define CKA_OTP_PIN_REQUIREMENT 0x00000227 -#define CKA_OTP_COUNTER 0x0000022E -#define CKA_OTP_TIME 0x0000022F -#define CKA_OTP_USER_IDENTIFIER 0x0000022A -#define CKA_OTP_SERVICE_IDENTIFIER 0x0000022B -#define CKA_OTP_SERVICE_LOGO 0x0000022C -#define CKA_OTP_SERVICE_LOGO_TYPE 0x0000022D +#define CKA_GOSTR3410_PARAMS 0x00000250UL +#define CKA_GOSTR3411_PARAMS 0x00000251UL +#define CKA_GOST28147_PARAMS 0x00000252UL +#define CKA_HW_FEATURE_TYPE 0x00000300UL +#define CKA_RESET_ON_INIT 0x00000301UL +#define CKA_HAS_RESET 0x00000302UL -/* CKA_HW_FEATURE_TYPE, CKA_RESET_ON_INIT, and CKA_HAS_RESET - * are new for v2.10 */ -#define CKA_HW_FEATURE_TYPE 0x00000300 -#define CKA_RESET_ON_INIT 0x00000301 -#define CKA_HAS_RESET 0x00000302 +#define CKA_PIXEL_X 0x00000400UL +#define CKA_PIXEL_Y 0x00000401UL +#define CKA_RESOLUTION 0x00000402UL +#define CKA_CHAR_ROWS 0x00000403UL +#define CKA_CHAR_COLUMNS 0x00000404UL +#define CKA_COLOR 0x00000405UL +#define CKA_BITS_PER_PIXEL 0x00000406UL +#define CKA_CHAR_SETS 0x00000480UL +#define CKA_ENCODING_METHODS 0x00000481UL +#define CKA_MIME_TYPES 0x00000482UL +#define CKA_MECHANISM_TYPE 0x00000500UL +#define CKA_REQUIRED_CMS_ATTRIBUTES 0x00000501UL +#define CKA_DEFAULT_CMS_ATTRIBUTES 0x00000502UL +#define CKA_SUPPORTED_CMS_ATTRIBUTES 0x00000503UL +#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE|0x00000600UL) -/* The following attributes are new for v2.20 */ -#define CKA_PIXEL_X 0x00000400 -#define CKA_PIXEL_Y 0x00000401 -#define CKA_RESOLUTION 0x00000402 -#define CKA_CHAR_ROWS 0x00000403 -#define CKA_CHAR_COLUMNS 0x00000404 -#define CKA_COLOR 0x00000405 -#define CKA_BITS_PER_PIXEL 0x00000406 -#define CKA_CHAR_SETS 0x00000480 -#define CKA_ENCODING_METHODS 0x00000481 -#define CKA_MIME_TYPES 0x00000482 -#define CKA_MECHANISM_TYPE 0x00000500 -#define CKA_REQUIRED_CMS_ATTRIBUTES 0x00000501 -#define CKA_DEFAULT_CMS_ATTRIBUTES 0x00000502 -#define CKA_SUPPORTED_CMS_ATTRIBUTES 0x00000503 -#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE|0x00000600) - -#define CKA_VENDOR_DEFINED 0x80000000 +#define CKA_VENDOR_DEFINED 0x80000000UL /* CK_ATTRIBUTE is a structure that includes the type, length - * and value of an attribute */ + * and value of an attribute + */ typedef struct CK_ATTRIBUTE { CK_ATTRIBUTE_TYPE type; CK_VOID_PTR pValue; - - /* ulValueLen went from CK_USHORT to CK_ULONG for v2.0 */ CK_ULONG ulValueLen; /* in bytes */ } CK_ATTRIBUTE; typedef CK_ATTRIBUTE CK_PTR CK_ATTRIBUTE_PTR; - /* CK_DATE is a structure that defines a date */ typedef struct CK_DATE{ CK_CHAR year[4]; /* the year ("1900" - "9999") */ @@ -623,389 +579,411 @@ typedef struct CK_DATE{ /* CK_MECHANISM_TYPE is a value that identifies a mechanism - * type */ -/* CK_MECHANISM_TYPE was changed from CK_USHORT to CK_ULONG for - * v2.0 */ + * type + */ typedef CK_ULONG CK_MECHANISM_TYPE; /* the following mechanism types are defined: */ -#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000 -#define CKM_RSA_PKCS 0x00000001 -#define CKM_RSA_9796 0x00000002 -#define CKM_RSA_X_509 0x00000003 +#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000UL +#define CKM_RSA_PKCS 0x00000001UL +#define CKM_RSA_9796 0x00000002UL +#define CKM_RSA_X_509 0x00000003UL -/* CKM_MD2_RSA_PKCS, CKM_MD5_RSA_PKCS, and CKM_SHA1_RSA_PKCS - * are new for v2.0. They are mechanisms which hash and sign */ -#define CKM_MD2_RSA_PKCS 0x00000004 -#define CKM_MD5_RSA_PKCS 0x00000005 -#define CKM_SHA1_RSA_PKCS 0x00000006 +#define CKM_MD2_RSA_PKCS 0x00000004UL +#define CKM_MD5_RSA_PKCS 0x00000005UL +#define CKM_SHA1_RSA_PKCS 0x00000006UL -/* CKM_RIPEMD128_RSA_PKCS, CKM_RIPEMD160_RSA_PKCS, and - * CKM_RSA_PKCS_OAEP are new for v2.10 */ -#define CKM_RIPEMD128_RSA_PKCS 0x00000007 -#define CKM_RIPEMD160_RSA_PKCS 0x00000008 -#define CKM_RSA_PKCS_OAEP 0x00000009 +#define CKM_RIPEMD128_RSA_PKCS 0x00000007UL +#define CKM_RIPEMD160_RSA_PKCS 0x00000008UL +#define CKM_RSA_PKCS_OAEP 0x00000009UL -/* CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_RSA_X9_31, CKM_SHA1_RSA_X9_31, - * CKM_RSA_PKCS_PSS, and CKM_SHA1_RSA_PKCS_PSS are new for v2.11 */ -#define CKM_RSA_X9_31_KEY_PAIR_GEN 0x0000000A -#define CKM_RSA_X9_31 0x0000000B -#define CKM_SHA1_RSA_X9_31 0x0000000C -#define CKM_RSA_PKCS_PSS 0x0000000D -#define CKM_SHA1_RSA_PKCS_PSS 0x0000000E +#define CKM_RSA_X9_31_KEY_PAIR_GEN 0x0000000AUL +#define CKM_RSA_X9_31 0x0000000BUL +#define CKM_SHA1_RSA_X9_31 0x0000000CUL +#define CKM_RSA_PKCS_PSS 0x0000000DUL +#define CKM_SHA1_RSA_PKCS_PSS 0x0000000EUL -#define CKM_DSA_KEY_PAIR_GEN 0x00000010 -#define CKM_DSA 0x00000011 -#define CKM_DSA_SHA1 0x00000012 -#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020 -#define CKM_DH_PKCS_DERIVE 0x00000021 +#define CKM_DSA_KEY_PAIR_GEN 0x00000010UL +#define CKM_DSA 0x00000011UL +#define CKM_DSA_SHA1 0x00000012UL +#define CKM_DSA_SHA224 0x00000013UL +#define CKM_DSA_SHA256 0x00000014UL +#define CKM_DSA_SHA384 0x00000015UL +#define CKM_DSA_SHA512 0x00000016UL -/* CKM_X9_42_DH_KEY_PAIR_GEN, CKM_X9_42_DH_DERIVE, - * CKM_X9_42_DH_HYBRID_DERIVE, and CKM_X9_42_MQV_DERIVE are new for - * v2.11 */ -#define CKM_X9_42_DH_KEY_PAIR_GEN 0x00000030 -#define CKM_X9_42_DH_DERIVE 0x00000031 -#define CKM_X9_42_DH_HYBRID_DERIVE 0x00000032 -#define CKM_X9_42_MQV_DERIVE 0x00000033 +#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020UL +#define CKM_DH_PKCS_DERIVE 0x00000021UL -/* CKM_SHA256/384/512 are new for v2.20 */ -#define CKM_SHA256_RSA_PKCS 0x00000040 -#define CKM_SHA384_RSA_PKCS 0x00000041 -#define CKM_SHA512_RSA_PKCS 0x00000042 -#define CKM_SHA256_RSA_PKCS_PSS 0x00000043 -#define CKM_SHA384_RSA_PKCS_PSS 0x00000044 -#define CKM_SHA512_RSA_PKCS_PSS 0x00000045 +#define CKM_X9_42_DH_KEY_PAIR_GEN 0x00000030UL +#define CKM_X9_42_DH_DERIVE 0x00000031UL +#define CKM_X9_42_DH_HYBRID_DERIVE 0x00000032UL +#define CKM_X9_42_MQV_DERIVE 0x00000033UL -/* SHA-224 RSA mechanisms are new for PKCS #11 v2.20 amendment 3 */ -#define CKM_SHA224_RSA_PKCS 0x00000046 -#define CKM_SHA224_RSA_PKCS_PSS 0x00000047 +#define CKM_SHA256_RSA_PKCS 0x00000040UL +#define CKM_SHA384_RSA_PKCS 0x00000041UL +#define CKM_SHA512_RSA_PKCS 0x00000042UL +#define CKM_SHA256_RSA_PKCS_PSS 0x00000043UL +#define CKM_SHA384_RSA_PKCS_PSS 0x00000044UL +#define CKM_SHA512_RSA_PKCS_PSS 0x00000045UL -#define CKM_RC2_KEY_GEN 0x00000100 -#define CKM_RC2_ECB 0x00000101 -#define CKM_RC2_CBC 0x00000102 -#define CKM_RC2_MAC 0x00000103 +#define CKM_SHA224_RSA_PKCS 0x00000046UL +#define CKM_SHA224_RSA_PKCS_PSS 0x00000047UL -/* CKM_RC2_MAC_GENERAL and CKM_RC2_CBC_PAD are new for v2.0 */ -#define CKM_RC2_MAC_GENERAL 0x00000104 -#define CKM_RC2_CBC_PAD 0x00000105 +#define CKM_SHA512_224 0x00000048UL +#define CKM_SHA512_224_HMAC 0x00000049UL +#define CKM_SHA512_224_HMAC_GENERAL 0x0000004AUL +#define CKM_SHA512_224_KEY_DERIVATION 0x0000004BUL +#define CKM_SHA512_256 0x0000004CUL +#define CKM_SHA512_256_HMAC 0x0000004DUL +#define CKM_SHA512_256_HMAC_GENERAL 0x0000004EUL +#define CKM_SHA512_256_KEY_DERIVATION 0x0000004FUL -#define CKM_RC4_KEY_GEN 0x00000110 -#define CKM_RC4 0x00000111 -#define CKM_DES_KEY_GEN 0x00000120 -#define CKM_DES_ECB 0x00000121 -#define CKM_DES_CBC 0x00000122 -#define CKM_DES_MAC 0x00000123 +#define CKM_SHA512_T 0x00000050UL +#define CKM_SHA512_T_HMAC 0x00000051UL +#define CKM_SHA512_T_HMAC_GENERAL 0x00000052UL +#define CKM_SHA512_T_KEY_DERIVATION 0x00000053UL -/* CKM_DES_MAC_GENERAL and CKM_DES_CBC_PAD are new for v2.0 */ -#define CKM_DES_MAC_GENERAL 0x00000124 -#define CKM_DES_CBC_PAD 0x00000125 +#define CKM_RC2_KEY_GEN 0x00000100UL +#define CKM_RC2_ECB 0x00000101UL +#define CKM_RC2_CBC 0x00000102UL +#define CKM_RC2_MAC 0x00000103UL -#define CKM_DES2_KEY_GEN 0x00000130 -#define CKM_DES3_KEY_GEN 0x00000131 -#define CKM_DES3_ECB 0x00000132 -#define CKM_DES3_CBC 0x00000133 -#define CKM_DES3_MAC 0x00000134 +#define CKM_RC2_MAC_GENERAL 0x00000104UL +#define CKM_RC2_CBC_PAD 0x00000105UL -/* CKM_DES3_MAC_GENERAL, CKM_DES3_CBC_PAD, CKM_CDMF_KEY_GEN, - * CKM_CDMF_ECB, CKM_CDMF_CBC, CKM_CDMF_MAC, - * CKM_CDMF_MAC_GENERAL, and CKM_CDMF_CBC_PAD are new for v2.0 */ -#define CKM_DES3_MAC_GENERAL 0x00000135 -#define CKM_DES3_CBC_PAD 0x00000136 -#define CKM_CDMF_KEY_GEN 0x00000140 -#define CKM_CDMF_ECB 0x00000141 -#define CKM_CDMF_CBC 0x00000142 -#define CKM_CDMF_MAC 0x00000143 -#define CKM_CDMF_MAC_GENERAL 0x00000144 -#define CKM_CDMF_CBC_PAD 0x00000145 +#define CKM_RC4_KEY_GEN 0x00000110UL +#define CKM_RC4 0x00000111UL +#define CKM_DES_KEY_GEN 0x00000120UL +#define CKM_DES_ECB 0x00000121UL +#define CKM_DES_CBC 0x00000122UL +#define CKM_DES_MAC 0x00000123UL -/* the following four DES mechanisms are new for v2.20 */ -#define CKM_DES_OFB64 0x00000150 -#define CKM_DES_OFB8 0x00000151 -#define CKM_DES_CFB64 0x00000152 -#define CKM_DES_CFB8 0x00000153 +#define CKM_DES_MAC_GENERAL 0x00000124UL +#define CKM_DES_CBC_PAD 0x00000125UL -#define CKM_MD2 0x00000200 +#define CKM_DES2_KEY_GEN 0x00000130UL +#define CKM_DES3_KEY_GEN 0x00000131UL +#define CKM_DES3_ECB 0x00000132UL +#define CKM_DES3_CBC 0x00000133UL +#define CKM_DES3_MAC 0x00000134UL -/* CKM_MD2_HMAC and CKM_MD2_HMAC_GENERAL are new for v2.0 */ -#define CKM_MD2_HMAC 0x00000201 -#define CKM_MD2_HMAC_GENERAL 0x00000202 +#define CKM_DES3_MAC_GENERAL 0x00000135UL +#define CKM_DES3_CBC_PAD 0x00000136UL +#define CKM_DES3_CMAC_GENERAL 0x00000137UL +#define CKM_DES3_CMAC 0x00000138UL +#define CKM_CDMF_KEY_GEN 0x00000140UL +#define CKM_CDMF_ECB 0x00000141UL +#define CKM_CDMF_CBC 0x00000142UL +#define CKM_CDMF_MAC 0x00000143UL +#define CKM_CDMF_MAC_GENERAL 0x00000144UL +#define CKM_CDMF_CBC_PAD 0x00000145UL -#define CKM_MD5 0x00000210 +#define CKM_DES_OFB64 0x00000150UL +#define CKM_DES_OFB8 0x00000151UL +#define CKM_DES_CFB64 0x00000152UL +#define CKM_DES_CFB8 0x00000153UL -/* CKM_MD5_HMAC and CKM_MD5_HMAC_GENERAL are new for v2.0 */ -#define CKM_MD5_HMAC 0x00000211 -#define CKM_MD5_HMAC_GENERAL 0x00000212 +#define CKM_MD2 0x00000200UL -#define CKM_SHA_1 0x00000220 +#define CKM_MD2_HMAC 0x00000201UL +#define CKM_MD2_HMAC_GENERAL 0x00000202UL -/* CKM_SHA_1_HMAC and CKM_SHA_1_HMAC_GENERAL are new for v2.0 */ -#define CKM_SHA_1_HMAC 0x00000221 -#define CKM_SHA_1_HMAC_GENERAL 0x00000222 +#define CKM_MD5 0x00000210UL -/* CKM_RIPEMD128, CKM_RIPEMD128_HMAC, - * CKM_RIPEMD128_HMAC_GENERAL, CKM_RIPEMD160, CKM_RIPEMD160_HMAC, - * and CKM_RIPEMD160_HMAC_GENERAL are new for v2.10 */ -#define CKM_RIPEMD128 0x00000230 -#define CKM_RIPEMD128_HMAC 0x00000231 -#define CKM_RIPEMD128_HMAC_GENERAL 0x00000232 -#define CKM_RIPEMD160 0x00000240 -#define CKM_RIPEMD160_HMAC 0x00000241 -#define CKM_RIPEMD160_HMAC_GENERAL 0x00000242 +#define CKM_MD5_HMAC 0x00000211UL +#define CKM_MD5_HMAC_GENERAL 0x00000212UL -/* CKM_SHA256/384/512 are new for v2.20 */ -#define CKM_SHA256 0x00000250 -#define CKM_SHA256_HMAC 0x00000251 -#define CKM_SHA256_HMAC_GENERAL 0x00000252 +#define CKM_SHA_1 0x00000220UL -/* SHA-224 is new for PKCS #11 v2.20 amendment 3 */ -#define CKM_SHA224 0x00000255 -#define CKM_SHA224_HMAC 0x00000256 -#define CKM_SHA224_HMAC_GENERAL 0x00000257 +#define CKM_SHA_1_HMAC 0x00000221UL +#define CKM_SHA_1_HMAC_GENERAL 0x00000222UL -#define CKM_SHA384 0x00000260 -#define CKM_SHA384_HMAC 0x00000261 -#define CKM_SHA384_HMAC_GENERAL 0x00000262 -#define CKM_SHA512 0x00000270 -#define CKM_SHA512_HMAC 0x00000271 -#define CKM_SHA512_HMAC_GENERAL 0x00000272 +#define CKM_RIPEMD128 0x00000230UL +#define CKM_RIPEMD128_HMAC 0x00000231UL +#define CKM_RIPEMD128_HMAC_GENERAL 0x00000232UL +#define CKM_RIPEMD160 0x00000240UL +#define CKM_RIPEMD160_HMAC 0x00000241UL +#define CKM_RIPEMD160_HMAC_GENERAL 0x00000242UL -/* SecurID is new for PKCS #11 v2.20 amendment 1 */ -#define CKM_SECURID_KEY_GEN 0x00000280 -#define CKM_SECURID 0x00000282 +#define CKM_SHA256 0x00000250UL +#define CKM_SHA256_HMAC 0x00000251UL +#define CKM_SHA256_HMAC_GENERAL 0x00000252UL +#define CKM_SHA224 0x00000255UL +#define CKM_SHA224_HMAC 0x00000256UL +#define CKM_SHA224_HMAC_GENERAL 0x00000257UL +#define CKM_SHA384 0x00000260UL +#define CKM_SHA384_HMAC 0x00000261UL +#define CKM_SHA384_HMAC_GENERAL 0x00000262UL +#define CKM_SHA512 0x00000270UL +#define CKM_SHA512_HMAC 0x00000271UL +#define CKM_SHA512_HMAC_GENERAL 0x00000272UL +#define CKM_SECURID_KEY_GEN 0x00000280UL +#define CKM_SECURID 0x00000282UL +#define CKM_HOTP_KEY_GEN 0x00000290UL +#define CKM_HOTP 0x00000291UL +#define CKM_ACTI 0x000002A0UL +#define CKM_ACTI_KEY_GEN 0x000002A1UL -/* HOTP is new for PKCS #11 v2.20 amendment 1 */ -#define CKM_HOTP_KEY_GEN 0x00000290 -#define CKM_HOTP 0x00000291 - -/* ACTI is new for PKCS #11 v2.20 amendment 1 */ -#define CKM_ACTI 0x000002A0 -#define CKM_ACTI_KEY_GEN 0x000002A1 - -/* All of the following mechanisms are new for v2.0 */ +#define CKM_CAST_KEY_GEN 0x00000300UL +#define CKM_CAST_ECB 0x00000301UL +#define CKM_CAST_CBC 0x00000302UL +#define CKM_CAST_MAC 0x00000303UL +#define CKM_CAST_MAC_GENERAL 0x00000304UL +#define CKM_CAST_CBC_PAD 0x00000305UL +#define CKM_CAST3_KEY_GEN 0x00000310UL +#define CKM_CAST3_ECB 0x00000311UL +#define CKM_CAST3_CBC 0x00000312UL +#define CKM_CAST3_MAC 0x00000313UL +#define CKM_CAST3_MAC_GENERAL 0x00000314UL +#define CKM_CAST3_CBC_PAD 0x00000315UL /* Note that CAST128 and CAST5 are the same algorithm */ -#define CKM_CAST_KEY_GEN 0x00000300 -#define CKM_CAST_ECB 0x00000301 -#define CKM_CAST_CBC 0x00000302 -#define CKM_CAST_MAC 0x00000303 -#define CKM_CAST_MAC_GENERAL 0x00000304 -#define CKM_CAST_CBC_PAD 0x00000305 -#define CKM_CAST3_KEY_GEN 0x00000310 -#define CKM_CAST3_ECB 0x00000311 -#define CKM_CAST3_CBC 0x00000312 -#define CKM_CAST3_MAC 0x00000313 -#define CKM_CAST3_MAC_GENERAL 0x00000314 -#define CKM_CAST3_CBC_PAD 0x00000315 -#define CKM_CAST5_KEY_GEN 0x00000320 -#define CKM_CAST128_KEY_GEN 0x00000320 -#define CKM_CAST5_ECB 0x00000321 -#define CKM_CAST128_ECB 0x00000321 -#define CKM_CAST5_CBC 0x00000322 -#define CKM_CAST128_CBC 0x00000322 -#define CKM_CAST5_MAC 0x00000323 -#define CKM_CAST128_MAC 0x00000323 -#define CKM_CAST5_MAC_GENERAL 0x00000324 -#define CKM_CAST128_MAC_GENERAL 0x00000324 -#define CKM_CAST5_CBC_PAD 0x00000325 -#define CKM_CAST128_CBC_PAD 0x00000325 -#define CKM_RC5_KEY_GEN 0x00000330 -#define CKM_RC5_ECB 0x00000331 -#define CKM_RC5_CBC 0x00000332 -#define CKM_RC5_MAC 0x00000333 -#define CKM_RC5_MAC_GENERAL 0x00000334 -#define CKM_RC5_CBC_PAD 0x00000335 -#define CKM_IDEA_KEY_GEN 0x00000340 -#define CKM_IDEA_ECB 0x00000341 -#define CKM_IDEA_CBC 0x00000342 -#define CKM_IDEA_MAC 0x00000343 -#define CKM_IDEA_MAC_GENERAL 0x00000344 -#define CKM_IDEA_CBC_PAD 0x00000345 -#define CKM_GENERIC_SECRET_KEY_GEN 0x00000350 -#define CKM_CONCATENATE_BASE_AND_KEY 0x00000360 -#define CKM_CONCATENATE_BASE_AND_DATA 0x00000362 -#define CKM_CONCATENATE_DATA_AND_BASE 0x00000363 -#define CKM_XOR_BASE_AND_DATA 0x00000364 -#define CKM_EXTRACT_KEY_FROM_KEY 0x00000365 -#define CKM_SSL3_PRE_MASTER_KEY_GEN 0x00000370 -#define CKM_SSL3_MASTER_KEY_DERIVE 0x00000371 -#define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372 +#define CKM_CAST5_KEY_GEN 0x00000320UL +#define CKM_CAST128_KEY_GEN 0x00000320UL +#define CKM_CAST5_ECB 0x00000321UL +#define CKM_CAST128_ECB 0x00000321UL +#define CKM_CAST5_CBC 0x00000322UL /* Deprecated */ +#define CKM_CAST128_CBC 0x00000322UL +#define CKM_CAST5_MAC 0x00000323UL /* Deprecated */ +#define CKM_CAST128_MAC 0x00000323UL +#define CKM_CAST5_MAC_GENERAL 0x00000324UL /* Deprecated */ +#define CKM_CAST128_MAC_GENERAL 0x00000324UL +#define CKM_CAST5_CBC_PAD 0x00000325UL /* Deprecated */ +#define CKM_CAST128_CBC_PAD 0x00000325UL +#define CKM_RC5_KEY_GEN 0x00000330UL +#define CKM_RC5_ECB 0x00000331UL +#define CKM_RC5_CBC 0x00000332UL +#define CKM_RC5_MAC 0x00000333UL +#define CKM_RC5_MAC_GENERAL 0x00000334UL +#define CKM_RC5_CBC_PAD 0x00000335UL +#define CKM_IDEA_KEY_GEN 0x00000340UL +#define CKM_IDEA_ECB 0x00000341UL +#define CKM_IDEA_CBC 0x00000342UL +#define CKM_IDEA_MAC 0x00000343UL +#define CKM_IDEA_MAC_GENERAL 0x00000344UL +#define CKM_IDEA_CBC_PAD 0x00000345UL +#define CKM_GENERIC_SECRET_KEY_GEN 0x00000350UL +#define CKM_CONCATENATE_BASE_AND_KEY 0x00000360UL +#define CKM_CONCATENATE_BASE_AND_DATA 0x00000362UL +#define CKM_CONCATENATE_DATA_AND_BASE 0x00000363UL +#define CKM_XOR_BASE_AND_DATA 0x00000364UL +#define CKM_EXTRACT_KEY_FROM_KEY 0x00000365UL +#define CKM_SSL3_PRE_MASTER_KEY_GEN 0x00000370UL +#define CKM_SSL3_MASTER_KEY_DERIVE 0x00000371UL +#define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372UL -/* CKM_SSL3_MASTER_KEY_DERIVE_DH, CKM_TLS_PRE_MASTER_KEY_GEN, - * CKM_TLS_MASTER_KEY_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE, and - * CKM_TLS_MASTER_KEY_DERIVE_DH are new for v2.11 */ -#define CKM_SSL3_MASTER_KEY_DERIVE_DH 0x00000373 -#define CKM_TLS_PRE_MASTER_KEY_GEN 0x00000374 -#define CKM_TLS_MASTER_KEY_DERIVE 0x00000375 -#define CKM_TLS_KEY_AND_MAC_DERIVE 0x00000376 -#define CKM_TLS_MASTER_KEY_DERIVE_DH 0x00000377 +#define CKM_SSL3_MASTER_KEY_DERIVE_DH 0x00000373UL +#define CKM_TLS_PRE_MASTER_KEY_GEN 0x00000374UL +#define CKM_TLS_MASTER_KEY_DERIVE 0x00000375UL +#define CKM_TLS_KEY_AND_MAC_DERIVE 0x00000376UL +#define CKM_TLS_MASTER_KEY_DERIVE_DH 0x00000377UL -/* CKM_TLS_PRF is new for v2.20 */ -#define CKM_TLS_PRF 0x00000378 +#define CKM_TLS_PRF 0x00000378UL -#define CKM_SSL3_MD5_MAC 0x00000380 -#define CKM_SSL3_SHA1_MAC 0x00000381 -#define CKM_MD5_KEY_DERIVATION 0x00000390 -#define CKM_MD2_KEY_DERIVATION 0x00000391 -#define CKM_SHA1_KEY_DERIVATION 0x00000392 +#define CKM_SSL3_MD5_MAC 0x00000380UL +#define CKM_SSL3_SHA1_MAC 0x00000381UL +#define CKM_MD5_KEY_DERIVATION 0x00000390UL +#define CKM_MD2_KEY_DERIVATION 0x00000391UL +#define CKM_SHA1_KEY_DERIVATION 0x00000392UL -/* CKM_SHA256/384/512 are new for v2.20 */ -#define CKM_SHA256_KEY_DERIVATION 0x00000393 -#define CKM_SHA384_KEY_DERIVATION 0x00000394 -#define CKM_SHA512_KEY_DERIVATION 0x00000395 +#define CKM_SHA256_KEY_DERIVATION 0x00000393UL +#define CKM_SHA384_KEY_DERIVATION 0x00000394UL +#define CKM_SHA512_KEY_DERIVATION 0x00000395UL +#define CKM_SHA224_KEY_DERIVATION 0x00000396UL -/* SHA-224 key derivation is new for PKCS #11 v2.20 amendment 3 */ -#define CKM_SHA224_KEY_DERIVATION 0x00000396 +#define CKM_PBE_MD2_DES_CBC 0x000003A0UL +#define CKM_PBE_MD5_DES_CBC 0x000003A1UL +#define CKM_PBE_MD5_CAST_CBC 0x000003A2UL +#define CKM_PBE_MD5_CAST3_CBC 0x000003A3UL +#define CKM_PBE_MD5_CAST5_CBC 0x000003A4UL /* Deprecated */ +#define CKM_PBE_MD5_CAST128_CBC 0x000003A4UL +#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5UL /* Deprecated */ +#define CKM_PBE_SHA1_CAST128_CBC 0x000003A5UL +#define CKM_PBE_SHA1_RC4_128 0x000003A6UL +#define CKM_PBE_SHA1_RC4_40 0x000003A7UL +#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8UL +#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9UL +#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AAUL +#define CKM_PBE_SHA1_RC2_40_CBC 0x000003ABUL -#define CKM_PBE_MD2_DES_CBC 0x000003A0 -#define CKM_PBE_MD5_DES_CBC 0x000003A1 -#define CKM_PBE_MD5_CAST_CBC 0x000003A2 -#define CKM_PBE_MD5_CAST3_CBC 0x000003A3 -#define CKM_PBE_MD5_CAST5_CBC 0x000003A4 -#define CKM_PBE_MD5_CAST128_CBC 0x000003A4 -#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5 -#define CKM_PBE_SHA1_CAST128_CBC 0x000003A5 -#define CKM_PBE_SHA1_RC4_128 0x000003A6 -#define CKM_PBE_SHA1_RC4_40 0x000003A7 -#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8 -#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9 -#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AA -#define CKM_PBE_SHA1_RC2_40_CBC 0x000003AB +#define CKM_PKCS5_PBKD2 0x000003B0UL -/* CKM_PKCS5_PBKD2 is new for v2.10 */ -#define CKM_PKCS5_PBKD2 0x000003B0 +#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0UL -#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0 +#define CKM_WTLS_PRE_MASTER_KEY_GEN 0x000003D0UL +#define CKM_WTLS_MASTER_KEY_DERIVE 0x000003D1UL +#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC 0x000003D2UL +#define CKM_WTLS_PRF 0x000003D3UL +#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4UL +#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5UL -/* WTLS mechanisms are new for v2.20 */ -#define CKM_WTLS_PRE_MASTER_KEY_GEN 0x000003D0 -#define CKM_WTLS_MASTER_KEY_DERIVE 0x000003D1 -#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC 0x000003D2 -#define CKM_WTLS_PRF 0x000003D3 -#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4 -#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5 +#define CKM_TLS10_MAC_SERVER 0x000003D6UL +#define CKM_TLS10_MAC_CLIENT 0x000003D7UL +#define CKM_TLS12_MAC 0x000003D8UL +#define CKM_TLS12_KDF 0x000003D9UL +#define CKM_TLS12_MASTER_KEY_DERIVE 0x000003E0UL +#define CKM_TLS12_KEY_AND_MAC_DERIVE 0x000003E1UL +#define CKM_TLS12_MASTER_KEY_DERIVE_DH 0x000003E2UL +#define CKM_TLS12_KEY_SAFE_DERIVE 0x000003E3UL +#define CKM_TLS_MAC 0x000003E4UL +#define CKM_TLS_KDF 0x000003E5UL -#define CKM_KEY_WRAP_LYNKS 0x00000400 -#define CKM_KEY_WRAP_SET_OAEP 0x00000401 +#define CKM_KEY_WRAP_LYNKS 0x00000400UL +#define CKM_KEY_WRAP_SET_OAEP 0x00000401UL -/* CKM_CMS_SIG is new for v2.20 */ -#define CKM_CMS_SIG 0x00000500 +#define CKM_CMS_SIG 0x00000500UL +#define CKM_KIP_DERIVE 0x00000510UL +#define CKM_KIP_WRAP 0x00000511UL +#define CKM_KIP_MAC 0x00000512UL -/* CKM_KIP mechanisms are new for PKCS #11 v2.20 amendment 2 */ -#define CKM_KIP_DERIVE 0x00000510 -#define CKM_KIP_WRAP 0x00000511 -#define CKM_KIP_MAC 0x00000512 +#define CKM_CAMELLIA_KEY_GEN 0x00000550UL +#define CKM_CAMELLIA_ECB 0x00000551UL +#define CKM_CAMELLIA_CBC 0x00000552UL +#define CKM_CAMELLIA_MAC 0x00000553UL +#define CKM_CAMELLIA_MAC_GENERAL 0x00000554UL +#define CKM_CAMELLIA_CBC_PAD 0x00000555UL +#define CKM_CAMELLIA_ECB_ENCRYPT_DATA 0x00000556UL +#define CKM_CAMELLIA_CBC_ENCRYPT_DATA 0x00000557UL +#define CKM_CAMELLIA_CTR 0x00000558UL -/* Camellia is new for PKCS #11 v2.20 amendment 3 */ -#define CKM_CAMELLIA_KEY_GEN 0x00000550 -#define CKM_CAMELLIA_ECB 0x00000551 -#define CKM_CAMELLIA_CBC 0x00000552 -#define CKM_CAMELLIA_MAC 0x00000553 -#define CKM_CAMELLIA_MAC_GENERAL 0x00000554 -#define CKM_CAMELLIA_CBC_PAD 0x00000555 -#define CKM_CAMELLIA_ECB_ENCRYPT_DATA 0x00000556 -#define CKM_CAMELLIA_CBC_ENCRYPT_DATA 0x00000557 -#define CKM_CAMELLIA_CTR 0x00000558 +#define CKM_ARIA_KEY_GEN 0x00000560UL +#define CKM_ARIA_ECB 0x00000561UL +#define CKM_ARIA_CBC 0x00000562UL +#define CKM_ARIA_MAC 0x00000563UL +#define CKM_ARIA_MAC_GENERAL 0x00000564UL +#define CKM_ARIA_CBC_PAD 0x00000565UL +#define CKM_ARIA_ECB_ENCRYPT_DATA 0x00000566UL +#define CKM_ARIA_CBC_ENCRYPT_DATA 0x00000567UL -/* ARIA is new for PKCS #11 v2.20 amendment 3 */ -#define CKM_ARIA_KEY_GEN 0x00000560 -#define CKM_ARIA_ECB 0x00000561 -#define CKM_ARIA_CBC 0x00000562 -#define CKM_ARIA_MAC 0x00000563 -#define CKM_ARIA_MAC_GENERAL 0x00000564 -#define CKM_ARIA_CBC_PAD 0x00000565 -#define CKM_ARIA_ECB_ENCRYPT_DATA 0x00000566 -#define CKM_ARIA_CBC_ENCRYPT_DATA 0x00000567 +#define CKM_SEED_KEY_GEN 0x00000650UL +#define CKM_SEED_ECB 0x00000651UL +#define CKM_SEED_CBC 0x00000652UL +#define CKM_SEED_MAC 0x00000653UL +#define CKM_SEED_MAC_GENERAL 0x00000654UL +#define CKM_SEED_CBC_PAD 0x00000655UL +#define CKM_SEED_ECB_ENCRYPT_DATA 0x00000656UL +#define CKM_SEED_CBC_ENCRYPT_DATA 0x00000657UL -/* Fortezza mechanisms */ -#define CKM_SKIPJACK_KEY_GEN 0x00001000 -#define CKM_SKIPJACK_ECB64 0x00001001 -#define CKM_SKIPJACK_CBC64 0x00001002 -#define CKM_SKIPJACK_OFB64 0x00001003 -#define CKM_SKIPJACK_CFB64 0x00001004 -#define CKM_SKIPJACK_CFB32 0x00001005 -#define CKM_SKIPJACK_CFB16 0x00001006 -#define CKM_SKIPJACK_CFB8 0x00001007 -#define CKM_SKIPJACK_WRAP 0x00001008 -#define CKM_SKIPJACK_PRIVATE_WRAP 0x00001009 -#define CKM_SKIPJACK_RELAYX 0x0000100a -#define CKM_KEA_KEY_PAIR_GEN 0x00001010 -#define CKM_KEA_KEY_DERIVE 0x00001011 -#define CKM_FORTEZZA_TIMESTAMP 0x00001020 -#define CKM_BATON_KEY_GEN 0x00001030 -#define CKM_BATON_ECB128 0x00001031 -#define CKM_BATON_ECB96 0x00001032 -#define CKM_BATON_CBC128 0x00001033 -#define CKM_BATON_COUNTER 0x00001034 -#define CKM_BATON_SHUFFLE 0x00001035 -#define CKM_BATON_WRAP 0x00001036 +#define CKM_SKIPJACK_KEY_GEN 0x00001000UL +#define CKM_SKIPJACK_ECB64 0x00001001UL +#define CKM_SKIPJACK_CBC64 0x00001002UL +#define CKM_SKIPJACK_OFB64 0x00001003UL +#define CKM_SKIPJACK_CFB64 0x00001004UL +#define CKM_SKIPJACK_CFB32 0x00001005UL +#define CKM_SKIPJACK_CFB16 0x00001006UL +#define CKM_SKIPJACK_CFB8 0x00001007UL +#define CKM_SKIPJACK_WRAP 0x00001008UL +#define CKM_SKIPJACK_PRIVATE_WRAP 0x00001009UL +#define CKM_SKIPJACK_RELAYX 0x0000100aUL +#define CKM_KEA_KEY_PAIR_GEN 0x00001010UL +#define CKM_KEA_KEY_DERIVE 0x00001011UL +#define CKM_KEA_DERIVE 0x00001012UL +#define CKM_FORTEZZA_TIMESTAMP 0x00001020UL +#define CKM_BATON_KEY_GEN 0x00001030UL +#define CKM_BATON_ECB128 0x00001031UL +#define CKM_BATON_ECB96 0x00001032UL +#define CKM_BATON_CBC128 0x00001033UL +#define CKM_BATON_COUNTER 0x00001034UL +#define CKM_BATON_SHUFFLE 0x00001035UL +#define CKM_BATON_WRAP 0x00001036UL -/* CKM_ECDSA_KEY_PAIR_GEN is deprecated in v2.11, - * CKM_EC_KEY_PAIR_GEN is preferred */ -#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040 -#define CKM_EC_KEY_PAIR_GEN 0x00001040 +#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040UL /* Deprecated */ +#define CKM_EC_KEY_PAIR_GEN 0x00001040UL -#define CKM_ECDSA 0x00001041 -#define CKM_ECDSA_SHA1 0x00001042 +#define CKM_ECDSA 0x00001041UL +#define CKM_ECDSA_SHA1 0x00001042UL +#define CKM_ECDSA_SHA224 0x00001043UL +#define CKM_ECDSA_SHA256 0x00001044UL +#define CKM_ECDSA_SHA384 0x00001045UL +#define CKM_ECDSA_SHA512 0x00001046UL -/* CKM_ECDH1_DERIVE, CKM_ECDH1_COFACTOR_DERIVE, and CKM_ECMQV_DERIVE - * are new for v2.11 */ -#define CKM_ECDH1_DERIVE 0x00001050 -#define CKM_ECDH1_COFACTOR_DERIVE 0x00001051 -#define CKM_ECMQV_DERIVE 0x00001052 +#define CKM_ECDH1_DERIVE 0x00001050UL +#define CKM_ECDH1_COFACTOR_DERIVE 0x00001051UL +#define CKM_ECMQV_DERIVE 0x00001052UL -#define CKM_JUNIPER_KEY_GEN 0x00001060 -#define CKM_JUNIPER_ECB128 0x00001061 -#define CKM_JUNIPER_CBC128 0x00001062 -#define CKM_JUNIPER_COUNTER 0x00001063 -#define CKM_JUNIPER_SHUFFLE 0x00001064 -#define CKM_JUNIPER_WRAP 0x00001065 -#define CKM_FASTHASH 0x00001070 +#define CKM_ECDH_AES_KEY_WRAP 0x00001053UL +#define CKM_RSA_AES_KEY_WRAP 0x00001054UL -/* CKM_AES_KEY_GEN, CKM_AES_ECB, CKM_AES_CBC, CKM_AES_MAC, - * CKM_AES_MAC_GENERAL, CKM_AES_CBC_PAD, CKM_DSA_PARAMETER_GEN, - * CKM_DH_PKCS_PARAMETER_GEN, and CKM_X9_42_DH_PARAMETER_GEN are - * new for v2.11 */ -#define CKM_AES_KEY_GEN 0x00001080 -#define CKM_AES_ECB 0x00001081 -#define CKM_AES_CBC 0x00001082 -#define CKM_AES_MAC 0x00001083 -#define CKM_AES_MAC_GENERAL 0x00001084 -#define CKM_AES_CBC_PAD 0x00001085 +#define CKM_JUNIPER_KEY_GEN 0x00001060UL +#define CKM_JUNIPER_ECB128 0x00001061UL +#define CKM_JUNIPER_CBC128 0x00001062UL +#define CKM_JUNIPER_COUNTER 0x00001063UL +#define CKM_JUNIPER_SHUFFLE 0x00001064UL +#define CKM_JUNIPER_WRAP 0x00001065UL +#define CKM_FASTHASH 0x00001070UL -/* AES counter mode is new for PKCS #11 v2.20 amendment 3 */ -#define CKM_AES_CTR 0x00001086 +#define CKM_AES_KEY_GEN 0x00001080UL +#define CKM_AES_ECB 0x00001081UL +#define CKM_AES_CBC 0x00001082UL +#define CKM_AES_MAC 0x00001083UL +#define CKM_AES_MAC_GENERAL 0x00001084UL +#define CKM_AES_CBC_PAD 0x00001085UL +#define CKM_AES_CTR 0x00001086UL +#define CKM_AES_GCM 0x00001087UL +#define CKM_AES_CCM 0x00001088UL +#define CKM_AES_CTS 0x00001089UL +#define CKM_AES_CMAC 0x0000108AUL +#define CKM_AES_CMAC_GENERAL 0x0000108BUL -/* BlowFish and TwoFish are new for v2.20 */ -#define CKM_BLOWFISH_KEY_GEN 0x00001090 -#define CKM_BLOWFISH_CBC 0x00001091 -#define CKM_TWOFISH_KEY_GEN 0x00001092 -#define CKM_TWOFISH_CBC 0x00001093 +#define CKM_AES_XCBC_MAC 0x0000108CUL +#define CKM_AES_XCBC_MAC_96 0x0000108DUL +#define CKM_AES_GMAC 0x0000108EUL +#define CKM_BLOWFISH_KEY_GEN 0x00001090UL +#define CKM_BLOWFISH_CBC 0x00001091UL +#define CKM_TWOFISH_KEY_GEN 0x00001092UL +#define CKM_TWOFISH_CBC 0x00001093UL +#define CKM_BLOWFISH_CBC_PAD 0x00001094UL +#define CKM_TWOFISH_CBC_PAD 0x00001095UL -/* CKM_xxx_ENCRYPT_DATA mechanisms are new for v2.20 */ -#define CKM_DES_ECB_ENCRYPT_DATA 0x00001100 -#define CKM_DES_CBC_ENCRYPT_DATA 0x00001101 -#define CKM_DES3_ECB_ENCRYPT_DATA 0x00001102 -#define CKM_DES3_CBC_ENCRYPT_DATA 0x00001103 -#define CKM_AES_ECB_ENCRYPT_DATA 0x00001104 -#define CKM_AES_CBC_ENCRYPT_DATA 0x00001105 +#define CKM_DES_ECB_ENCRYPT_DATA 0x00001100UL +#define CKM_DES_CBC_ENCRYPT_DATA 0x00001101UL +#define CKM_DES3_ECB_ENCRYPT_DATA 0x00001102UL +#define CKM_DES3_CBC_ENCRYPT_DATA 0x00001103UL +#define CKM_AES_ECB_ENCRYPT_DATA 0x00001104UL +#define CKM_AES_CBC_ENCRYPT_DATA 0x00001105UL -#define CKM_DSA_PARAMETER_GEN 0x00002000 -#define CKM_DH_PKCS_PARAMETER_GEN 0x00002001 -#define CKM_X9_42_DH_PARAMETER_GEN 0x00002002 +#define CKM_GOSTR3410_KEY_PAIR_GEN 0x00001200UL +#define CKM_GOSTR3410 0x00001201UL +#define CKM_GOSTR3410_WITH_GOSTR3411 0x00001202UL +#define CKM_GOSTR3410_KEY_WRAP 0x00001203UL +#define CKM_GOSTR3410_DERIVE 0x00001204UL +#define CKM_GOSTR3411 0x00001210UL +#define CKM_GOSTR3411_HMAC 0x00001211UL +#define CKM_GOST28147_KEY_GEN 0x00001220UL +#define CKM_GOST28147_ECB 0x00001221UL +#define CKM_GOST28147 0x00001222UL +#define CKM_GOST28147_MAC 0x00001223UL +#define CKM_GOST28147_KEY_WRAP 0x00001224UL -#define CKM_VENDOR_DEFINED 0x80000000 +#define CKM_DSA_PARAMETER_GEN 0x00002000UL +#define CKM_DH_PKCS_PARAMETER_GEN 0x00002001UL +#define CKM_X9_42_DH_PARAMETER_GEN 0x00002002UL +#define CKM_DSA_PROBABLISTIC_PARAMETER_GEN 0x00002003UL +#define CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN 0x00002004UL + +#define CKM_AES_OFB 0x00002104UL +#define CKM_AES_CFB64 0x00002105UL +#define CKM_AES_CFB8 0x00002106UL +#define CKM_AES_CFB128 0x00002107UL + +#define CKM_AES_CFB1 0x00002108UL +#define CKM_AES_KEY_WRAP 0x00002109UL /* WAS: 0x00001090 */ +#define CKM_AES_KEY_WRAP_PAD 0x0000210AUL /* WAS: 0x00001091 */ + +#define CKM_RSA_PKCS_TPM_1_1 0x00004001UL +#define CKM_RSA_PKCS_OAEP_TPM_1_1 0x00004002UL + +#define CKM_VENDOR_DEFINED 0x80000000UL typedef CK_MECHANISM_TYPE CK_PTR CK_MECHANISM_TYPE_PTR; /* CK_MECHANISM is a structure that specifies a particular - * mechanism */ + * mechanism + */ typedef struct CK_MECHANISM { CK_MECHANISM_TYPE mechanism; CK_VOID_PTR pParameter; - - /* ulParameterLen was changed from CK_USHORT to CK_ULONG for - * v2.0 */ CK_ULONG ulParameterLen; /* in bytes */ } CK_MECHANISM; @@ -1013,7 +991,8 @@ typedef CK_MECHANISM CK_PTR CK_MECHANISM_PTR; /* CK_MECHANISM_INFO provides information about a particular - * mechanism */ + * mechanism + */ typedef struct CK_MECHANISM_INFO { CK_ULONG ulMinKeySize; CK_ULONG ulMaxKeySize; @@ -1021,183 +1000,163 @@ typedef struct CK_MECHANISM_INFO { } CK_MECHANISM_INFO; /* The flags are defined as follows: - * Bit Flag Mask Meaning */ -#define CKF_HW 0x00000001 /* performed by HW */ + * Bit Flag Mask Meaning */ +#define CKF_HW 0x00000001UL /* performed by HW */ -/* The flags CKF_ENCRYPT, CKF_DECRYPT, CKF_DIGEST, CKF_SIGN, - * CKG_SIGN_RECOVER, CKF_VERIFY, CKF_VERIFY_RECOVER, - * CKF_GENERATE, CKF_GENERATE_KEY_PAIR, CKF_WRAP, CKF_UNWRAP, - * and CKF_DERIVE are new for v2.0. They specify whether or not - * a mechanism can be used for a particular task */ -#define CKF_ENCRYPT 0x00000100 -#define CKF_DECRYPT 0x00000200 -#define CKF_DIGEST 0x00000400 -#define CKF_SIGN 0x00000800 -#define CKF_SIGN_RECOVER 0x00001000 -#define CKF_VERIFY 0x00002000 -#define CKF_VERIFY_RECOVER 0x00004000 -#define CKF_GENERATE 0x00008000 -#define CKF_GENERATE_KEY_PAIR 0x00010000 -#define CKF_WRAP 0x00020000 -#define CKF_UNWRAP 0x00040000 -#define CKF_DERIVE 0x00080000 +/* Specify whether or not a mechanism can be used for a particular task */ +#define CKF_ENCRYPT 0x00000100UL +#define CKF_DECRYPT 0x00000200UL +#define CKF_DIGEST 0x00000400UL +#define CKF_SIGN 0x00000800UL +#define CKF_SIGN_RECOVER 0x00001000UL +#define CKF_VERIFY 0x00002000UL +#define CKF_VERIFY_RECOVER 0x00004000UL +#define CKF_GENERATE 0x00008000UL +#define CKF_GENERATE_KEY_PAIR 0x00010000UL +#define CKF_WRAP 0x00020000UL +#define CKF_UNWRAP 0x00040000UL +#define CKF_DERIVE 0x00080000UL -/* CKF_EC_F_P, CKF_EC_F_2M, CKF_EC_ECPARAMETERS, CKF_EC_NAMEDCURVE, - * CKF_EC_UNCOMPRESS, and CKF_EC_COMPRESS are new for v2.11. They - * describe a token's EC capabilities not available in mechanism - * information. */ -#define CKF_EC_F_P 0x00100000 -#define CKF_EC_F_2M 0x00200000 -#define CKF_EC_ECPARAMETERS 0x00400000 -#define CKF_EC_NAMEDCURVE 0x00800000 -#define CKF_EC_UNCOMPRESS 0x01000000 -#define CKF_EC_COMPRESS 0x02000000 +/* Describe a token's EC capabilities not available in mechanism + * information. + */ +#define CKF_EC_F_P 0x00100000UL +#define CKF_EC_F_2M 0x00200000UL +#define CKF_EC_ECPARAMETERS 0x00400000UL +#define CKF_EC_NAMEDCURVE 0x00800000UL +#define CKF_EC_UNCOMPRESS 0x01000000UL +#define CKF_EC_COMPRESS 0x02000000UL -#define CKF_EXTENSION 0x80000000 /* FALSE for this version */ +#define CKF_EXTENSION 0x80000000UL typedef CK_MECHANISM_INFO CK_PTR CK_MECHANISM_INFO_PTR; - /* CK_RV is a value that identifies the return value of a - * Cryptoki function */ -/* CK_RV was changed from CK_USHORT to CK_ULONG for v2.0 */ + * Cryptoki function + */ typedef CK_ULONG CK_RV; -#define CKR_OK 0x00000000 -#define CKR_CANCEL 0x00000001 -#define CKR_HOST_MEMORY 0x00000002 -#define CKR_SLOT_ID_INVALID 0x00000003 +#define CKR_OK 0x00000000UL +#define CKR_CANCEL 0x00000001UL +#define CKR_HOST_MEMORY 0x00000002UL +#define CKR_SLOT_ID_INVALID 0x00000003UL -/* CKR_FLAGS_INVALID was removed for v2.0 */ +#define CKR_GENERAL_ERROR 0x00000005UL +#define CKR_FUNCTION_FAILED 0x00000006UL -/* CKR_GENERAL_ERROR and CKR_FUNCTION_FAILED are new for v2.0 */ -#define CKR_GENERAL_ERROR 0x00000005 -#define CKR_FUNCTION_FAILED 0x00000006 +#define CKR_ARGUMENTS_BAD 0x00000007UL +#define CKR_NO_EVENT 0x00000008UL +#define CKR_NEED_TO_CREATE_THREADS 0x00000009UL +#define CKR_CANT_LOCK 0x0000000AUL -/* CKR_ARGUMENTS_BAD, CKR_NO_EVENT, CKR_NEED_TO_CREATE_THREADS, - * and CKR_CANT_LOCK are new for v2.01 */ -#define CKR_ARGUMENTS_BAD 0x00000007 -#define CKR_NO_EVENT 0x00000008 -#define CKR_NEED_TO_CREATE_THREADS 0x00000009 -#define CKR_CANT_LOCK 0x0000000A +#define CKR_ATTRIBUTE_READ_ONLY 0x00000010UL +#define CKR_ATTRIBUTE_SENSITIVE 0x00000011UL +#define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012UL +#define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013UL -#define CKR_ATTRIBUTE_READ_ONLY 0x00000010 -#define CKR_ATTRIBUTE_SENSITIVE 0x00000011 -#define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012 -#define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013 -#define CKR_DATA_INVALID 0x00000020 -#define CKR_DATA_LEN_RANGE 0x00000021 -#define CKR_DEVICE_ERROR 0x00000030 -#define CKR_DEVICE_MEMORY 0x00000031 -#define CKR_DEVICE_REMOVED 0x00000032 -#define CKR_ENCRYPTED_DATA_INVALID 0x00000040 -#define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041 -#define CKR_FUNCTION_CANCELED 0x00000050 -#define CKR_FUNCTION_NOT_PARALLEL 0x00000051 +#define CKR_ACTION_PROHIBITED 0x0000001BUL -/* CKR_FUNCTION_NOT_SUPPORTED is new for v2.0 */ -#define CKR_FUNCTION_NOT_SUPPORTED 0x00000054 +#define CKR_DATA_INVALID 0x00000020UL +#define CKR_DATA_LEN_RANGE 0x00000021UL +#define CKR_DEVICE_ERROR 0x00000030UL +#define CKR_DEVICE_MEMORY 0x00000031UL +#define CKR_DEVICE_REMOVED 0x00000032UL +#define CKR_ENCRYPTED_DATA_INVALID 0x00000040UL +#define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041UL +#define CKR_FUNCTION_CANCELED 0x00000050UL +#define CKR_FUNCTION_NOT_PARALLEL 0x00000051UL -#define CKR_KEY_HANDLE_INVALID 0x00000060 +#define CKR_FUNCTION_NOT_SUPPORTED 0x00000054UL -/* CKR_KEY_SENSITIVE was removed for v2.0 */ +#define CKR_KEY_HANDLE_INVALID 0x00000060UL -#define CKR_KEY_SIZE_RANGE 0x00000062 -#define CKR_KEY_TYPE_INCONSISTENT 0x00000063 +#define CKR_KEY_SIZE_RANGE 0x00000062UL +#define CKR_KEY_TYPE_INCONSISTENT 0x00000063UL -/* CKR_KEY_NOT_NEEDED, CKR_KEY_CHANGED, CKR_KEY_NEEDED, - * CKR_KEY_INDIGESTIBLE, CKR_KEY_FUNCTION_NOT_PERMITTED, - * CKR_KEY_NOT_WRAPPABLE, and CKR_KEY_UNEXTRACTABLE are new for - * v2.0 */ -#define CKR_KEY_NOT_NEEDED 0x00000064 -#define CKR_KEY_CHANGED 0x00000065 -#define CKR_KEY_NEEDED 0x00000066 -#define CKR_KEY_INDIGESTIBLE 0x00000067 -#define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068 -#define CKR_KEY_NOT_WRAPPABLE 0x00000069 -#define CKR_KEY_UNEXTRACTABLE 0x0000006A +#define CKR_KEY_NOT_NEEDED 0x00000064UL +#define CKR_KEY_CHANGED 0x00000065UL +#define CKR_KEY_NEEDED 0x00000066UL +#define CKR_KEY_INDIGESTIBLE 0x00000067UL +#define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068UL +#define CKR_KEY_NOT_WRAPPABLE 0x00000069UL +#define CKR_KEY_UNEXTRACTABLE 0x0000006AUL -#define CKR_MECHANISM_INVALID 0x00000070 -#define CKR_MECHANISM_PARAM_INVALID 0x00000071 +#define CKR_MECHANISM_INVALID 0x00000070UL +#define CKR_MECHANISM_PARAM_INVALID 0x00000071UL -/* CKR_OBJECT_CLASS_INCONSISTENT and CKR_OBJECT_CLASS_INVALID - * were removed for v2.0 */ -#define CKR_OBJECT_HANDLE_INVALID 0x00000082 -#define CKR_OPERATION_ACTIVE 0x00000090 -#define CKR_OPERATION_NOT_INITIALIZED 0x00000091 -#define CKR_PIN_INCORRECT 0x000000A0 -#define CKR_PIN_INVALID 0x000000A1 -#define CKR_PIN_LEN_RANGE 0x000000A2 +#define CKR_OBJECT_HANDLE_INVALID 0x00000082UL +#define CKR_OPERATION_ACTIVE 0x00000090UL +#define CKR_OPERATION_NOT_INITIALIZED 0x00000091UL +#define CKR_PIN_INCORRECT 0x000000A0UL +#define CKR_PIN_INVALID 0x000000A1UL +#define CKR_PIN_LEN_RANGE 0x000000A2UL -/* CKR_PIN_EXPIRED and CKR_PIN_LOCKED are new for v2.0 */ -#define CKR_PIN_EXPIRED 0x000000A3 -#define CKR_PIN_LOCKED 0x000000A4 +#define CKR_PIN_EXPIRED 0x000000A3UL +#define CKR_PIN_LOCKED 0x000000A4UL -#define CKR_SESSION_CLOSED 0x000000B0 -#define CKR_SESSION_COUNT 0x000000B1 -#define CKR_SESSION_HANDLE_INVALID 0x000000B3 -#define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4 -#define CKR_SESSION_READ_ONLY 0x000000B5 -#define CKR_SESSION_EXISTS 0x000000B6 +#define CKR_SESSION_CLOSED 0x000000B0UL +#define CKR_SESSION_COUNT 0x000000B1UL +#define CKR_SESSION_HANDLE_INVALID 0x000000B3UL +#define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4UL +#define CKR_SESSION_READ_ONLY 0x000000B5UL +#define CKR_SESSION_EXISTS 0x000000B6UL -/* CKR_SESSION_READ_ONLY_EXISTS and - * CKR_SESSION_READ_WRITE_SO_EXISTS are new for v2.0 */ -#define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7 -#define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8 +#define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7UL +#define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8UL -#define CKR_SIGNATURE_INVALID 0x000000C0 -#define CKR_SIGNATURE_LEN_RANGE 0x000000C1 -#define CKR_TEMPLATE_INCOMPLETE 0x000000D0 -#define CKR_TEMPLATE_INCONSISTENT 0x000000D1 -#define CKR_TOKEN_NOT_PRESENT 0x000000E0 -#define CKR_TOKEN_NOT_RECOGNIZED 0x000000E1 -#define CKR_TOKEN_WRITE_PROTECTED 0x000000E2 -#define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0 -#define CKR_UNWRAPPING_KEY_SIZE_RANGE 0x000000F1 -#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x000000F2 -#define CKR_USER_ALREADY_LOGGED_IN 0x00000100 -#define CKR_USER_NOT_LOGGED_IN 0x00000101 -#define CKR_USER_PIN_NOT_INITIALIZED 0x00000102 -#define CKR_USER_TYPE_INVALID 0x00000103 +#define CKR_SIGNATURE_INVALID 0x000000C0UL +#define CKR_SIGNATURE_LEN_RANGE 0x000000C1UL +#define CKR_TEMPLATE_INCOMPLETE 0x000000D0UL +#define CKR_TEMPLATE_INCONSISTENT 0x000000D1UL +#define CKR_TOKEN_NOT_PRESENT 0x000000E0UL +#define CKR_TOKEN_NOT_RECOGNIZED 0x000000E1UL +#define CKR_TOKEN_WRITE_PROTECTED 0x000000E2UL +#define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0UL +#define CKR_UNWRAPPING_KEY_SIZE_RANGE 0x000000F1UL +#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x000000F2UL +#define CKR_USER_ALREADY_LOGGED_IN 0x00000100UL +#define CKR_USER_NOT_LOGGED_IN 0x00000101UL +#define CKR_USER_PIN_NOT_INITIALIZED 0x00000102UL +#define CKR_USER_TYPE_INVALID 0x00000103UL -/* CKR_USER_ANOTHER_ALREADY_LOGGED_IN and CKR_USER_TOO_MANY_TYPES - * are new to v2.01 */ -#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104 -#define CKR_USER_TOO_MANY_TYPES 0x00000105 +#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104UL +#define CKR_USER_TOO_MANY_TYPES 0x00000105UL -#define CKR_WRAPPED_KEY_INVALID 0x00000110 -#define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112 -#define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113 -#define CKR_WRAPPING_KEY_SIZE_RANGE 0x00000114 -#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115 -#define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120 +#define CKR_WRAPPED_KEY_INVALID 0x00000110UL +#define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112UL +#define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113UL +#define CKR_WRAPPING_KEY_SIZE_RANGE 0x00000114UL +#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115UL +#define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120UL -/* These are new to v2.0 */ -#define CKR_RANDOM_NO_RNG 0x00000121 +#define CKR_RANDOM_NO_RNG 0x00000121UL -/* These are new to v2.11 */ -#define CKR_DOMAIN_PARAMS_INVALID 0x00000130 +#define CKR_DOMAIN_PARAMS_INVALID 0x00000130UL -/* These are new to v2.0 */ -#define CKR_BUFFER_TOO_SMALL 0x00000150 -#define CKR_SAVED_STATE_INVALID 0x00000160 -#define CKR_INFORMATION_SENSITIVE 0x00000170 -#define CKR_STATE_UNSAVEABLE 0x00000180 +#define CKR_CURVE_NOT_SUPPORTED 0x00000140UL -/* These are new to v2.01 */ -#define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190 -#define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191 -#define CKR_MUTEX_BAD 0x000001A0 -#define CKR_MUTEX_NOT_LOCKED 0x000001A1 +#define CKR_BUFFER_TOO_SMALL 0x00000150UL +#define CKR_SAVED_STATE_INVALID 0x00000160UL +#define CKR_INFORMATION_SENSITIVE 0x00000170UL +#define CKR_STATE_UNSAVEABLE 0x00000180UL -/* The following return values are new for PKCS #11 v2.20 amendment 3 */ -#define CKR_NEW_PIN_MODE 0x000001B0 -#define CKR_NEXT_OTP 0x000001B1 +#define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190UL +#define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191UL +#define CKR_MUTEX_BAD 0x000001A0UL +#define CKR_MUTEX_NOT_LOCKED 0x000001A1UL -/* This is new to v2.20 */ -#define CKR_FUNCTION_REJECTED 0x00000200 +#define CKR_NEW_PIN_MODE 0x000001B0UL +#define CKR_NEXT_OTP 0x000001B1UL -#define CKR_VENDOR_DEFINED 0x80000000 +#define CKR_EXCEEDED_MAX_ITERATIONS 0x000001B5UL +#define CKR_FIPS_SELF_TEST_FAILED 0x000001B6UL +#define CKR_LIBRARY_LOAD_FAILED 0x000001B7UL +#define CKR_PIN_TOO_WEAK 0x000001B8UL +#define CKR_PUBLIC_KEY_INVALID 0x000001B9UL + +#define CKR_FUNCTION_REJECTED 0x00000200UL + +#define CKR_VENDOR_DEFINED 0x80000000UL /* CK_NOTIFY is an application callback that processes events */ @@ -1210,8 +1169,8 @@ typedef CK_CALLBACK_FUNCTION(CK_RV, CK_NOTIFY)( /* CK_FUNCTION_LIST is a structure holding a Cryptoki spec * version and pointers of appropriate types to all the - * Cryptoki functions */ -/* CK_FUNCTION_LIST is new for v2.0 */ + * Cryptoki functions + */ typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST; typedef CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR; @@ -1220,14 +1179,16 @@ typedef CK_FUNCTION_LIST_PTR CK_PTR CK_FUNCTION_LIST_PTR_PTR; /* CK_CREATEMUTEX is an application callback for creating a - * mutex object */ + * mutex object + */ typedef CK_CALLBACK_FUNCTION(CK_RV, CK_CREATEMUTEX)( CK_VOID_PTR_PTR ppMutex /* location to receive ptr to mutex */ ); /* CK_DESTROYMUTEX is an application callback for destroying a - * mutex object */ + * mutex object + */ typedef CK_CALLBACK_FUNCTION(CK_RV, CK_DESTROYMUTEX)( CK_VOID_PTR pMutex /* pointer to mutex */ ); @@ -1240,14 +1201,16 @@ typedef CK_CALLBACK_FUNCTION(CK_RV, CK_LOCKMUTEX)( /* CK_UNLOCKMUTEX is an application callback for unlocking a - * mutex */ + * mutex + */ typedef CK_CALLBACK_FUNCTION(CK_RV, CK_UNLOCKMUTEX)( CK_VOID_PTR pMutex /* pointer to mutex */ ); /* CK_C_INITIALIZE_ARGS provides the optional arguments to - * C_Initialize */ + * C_Initialize + */ typedef struct CK_C_INITIALIZE_ARGS { CK_CREATEMUTEX CreateMutex; CK_DESTROYMUTEX DestroyMutex; @@ -1260,8 +1223,8 @@ typedef struct CK_C_INITIALIZE_ARGS { /* flags: bit flags that provide capabilities of the slot * Bit Flag Mask Meaning */ -#define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001 -#define CKF_OS_LOCKING_OK 0x00000002 +#define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001UL +#define CKF_OS_LOCKING_OK 0x00000002UL typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR; @@ -1271,39 +1234,36 @@ typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR; /* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */ #define CKF_DONT_BLOCK 1 -/* CK_RSA_PKCS_OAEP_MGF_TYPE is new for v2.10. - * CK_RSA_PKCS_OAEP_MGF_TYPE is used to indicate the Message +/* CK_RSA_PKCS_MGF_TYPE is used to indicate the Message * Generation Function (MGF) applied to a message block when * formatting a message block for the PKCS #1 OAEP encryption - * scheme. */ + * scheme. + */ typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE; typedef CK_RSA_PKCS_MGF_TYPE CK_PTR CK_RSA_PKCS_MGF_TYPE_PTR; /* The following MGFs are defined */ -/* CKG_MGF1_SHA256, CKG_MGF1_SHA384, and CKG_MGF1_SHA512 - * are new for v2.20 */ -#define CKG_MGF1_SHA1 0x00000001 -#define CKG_MGF1_SHA256 0x00000002 -#define CKG_MGF1_SHA384 0x00000003 -#define CKG_MGF1_SHA512 0x00000004 -/* SHA-224 is new for PKCS #11 v2.20 amendment 3 */ -#define CKG_MGF1_SHA224 0x00000005 +#define CKG_MGF1_SHA1 0x00000001UL +#define CKG_MGF1_SHA256 0x00000002UL +#define CKG_MGF1_SHA384 0x00000003UL +#define CKG_MGF1_SHA512 0x00000004UL +#define CKG_MGF1_SHA224 0x00000005UL -/* CK_RSA_PKCS_OAEP_SOURCE_TYPE is new for v2.10. - * CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source +/* CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source * of the encoding parameter when formatting a message block - * for the PKCS #1 OAEP encryption scheme. */ + * for the PKCS #1 OAEP encryption scheme. + */ typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE; typedef CK_RSA_PKCS_OAEP_SOURCE_TYPE CK_PTR CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR; /* The following encoding parameter sources are defined */ -#define CKZ_DATA_SPECIFIED 0x00000001 +#define CKZ_DATA_SPECIFIED 0x00000001UL -/* CK_RSA_PKCS_OAEP_PARAMS is new for v2.10. - * CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the - * CKM_RSA_PKCS_OAEP mechanism. */ +/* CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the + * CKM_RSA_PKCS_OAEP mechanism. + */ typedef struct CK_RSA_PKCS_OAEP_PARAMS { CK_MECHANISM_TYPE hashAlg; CK_RSA_PKCS_MGF_TYPE mgf; @@ -1314,9 +1274,9 @@ typedef struct CK_RSA_PKCS_OAEP_PARAMS { typedef CK_RSA_PKCS_OAEP_PARAMS CK_PTR CK_RSA_PKCS_OAEP_PARAMS_PTR; -/* CK_RSA_PKCS_PSS_PARAMS is new for v2.11. - * CK_RSA_PKCS_PSS_PARAMS provides the parameters to the - * CKM_RSA_PKCS_PSS mechanism(s). */ +/* CK_RSA_PKCS_PSS_PARAMS provides the parameters to the + * CKM_RSA_PKCS_PSS mechanism(s). + */ typedef struct CK_RSA_PKCS_PSS_PARAMS { CK_MECHANISM_TYPE hashAlg; CK_RSA_PKCS_MGF_TYPE mgf; @@ -1325,15 +1285,23 @@ typedef struct CK_RSA_PKCS_PSS_PARAMS { typedef CK_RSA_PKCS_PSS_PARAMS CK_PTR CK_RSA_PKCS_PSS_PARAMS_PTR; -/* CK_EC_KDF_TYPE is new for v2.11. */ typedef CK_ULONG CK_EC_KDF_TYPE; /* The following EC Key Derivation Functions are defined */ -#define CKD_NULL 0x00000001 -#define CKD_SHA1_KDF 0x00000002 +#define CKD_NULL 0x00000001UL +#define CKD_SHA1_KDF 0x00000002UL -/* CK_ECDH1_DERIVE_PARAMS is new for v2.11. - * CK_ECDH1_DERIVE_PARAMS provides the parameters to the +/* The following X9.42 DH key derivation functions are defined */ +#define CKD_SHA1_KDF_ASN1 0x00000003UL +#define CKD_SHA1_KDF_CONCATENATE 0x00000004UL +#define CKD_SHA224_KDF 0x00000005UL +#define CKD_SHA256_KDF 0x00000006UL +#define CKD_SHA384_KDF 0x00000007UL +#define CKD_SHA512_KDF 0x00000008UL +#define CKD_CPDIVERSIFY_KDF 0x00000009UL + + +/* CK_ECDH1_DERIVE_PARAMS provides the parameters to the * CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE mechanisms, * where each party contributes one key pair. */ @@ -1347,10 +1315,10 @@ typedef struct CK_ECDH1_DERIVE_PARAMS { typedef CK_ECDH1_DERIVE_PARAMS CK_PTR CK_ECDH1_DERIVE_PARAMS_PTR; - -/* CK_ECDH2_DERIVE_PARAMS is new for v2.11. +/* * CK_ECDH2_DERIVE_PARAMS provides the parameters to the - * CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs. */ + * CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs. + */ typedef struct CK_ECDH2_DERIVE_PARAMS { CK_EC_KDF_TYPE kdf; CK_ULONG ulSharedDataLen; @@ -1381,19 +1349,15 @@ typedef struct CK_ECMQV_DERIVE_PARAMS { typedef CK_ECMQV_DERIVE_PARAMS CK_PTR CK_ECMQV_DERIVE_PARAMS_PTR; /* Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the - * CKM_X9_42_DH_PARAMETER_GEN mechanisms (new for PKCS #11 v2.11) */ + * CKM_X9_42_DH_PARAMETER_GEN mechanisms + */ typedef CK_ULONG CK_X9_42_DH_KDF_TYPE; typedef CK_X9_42_DH_KDF_TYPE CK_PTR CK_X9_42_DH_KDF_TYPE_PTR; -/* The following X9.42 DH key derivation functions are defined - (besides CKD_NULL already defined : */ -#define CKD_SHA1_KDF_ASN1 0x00000003 -#define CKD_SHA1_KDF_CONCATENATE 0x00000004 - -/* CK_X9_42_DH1_DERIVE_PARAMS is new for v2.11. - * CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the +/* CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the * CKM_X9_42_DH_DERIVE key derivation mechanism, where each party - * contributes one key pair */ + * contributes one key pair + */ typedef struct CK_X9_42_DH1_DERIVE_PARAMS { CK_X9_42_DH_KDF_TYPE kdf; CK_ULONG ulOtherInfoLen; @@ -1404,10 +1368,10 @@ typedef struct CK_X9_42_DH1_DERIVE_PARAMS { typedef struct CK_X9_42_DH1_DERIVE_PARAMS CK_PTR CK_X9_42_DH1_DERIVE_PARAMS_PTR; -/* CK_X9_42_DH2_DERIVE_PARAMS is new for v2.11. - * CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the +/* CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the * CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation - * mechanisms, where each party contributes two key pairs */ + * mechanisms, where each party contributes two key pairs + */ typedef struct CK_X9_42_DH2_DERIVE_PARAMS { CK_X9_42_DH_KDF_TYPE kdf; CK_ULONG ulOtherInfoLen; @@ -1438,8 +1402,8 @@ typedef struct CK_X9_42_MQV_DERIVE_PARAMS { typedef CK_X9_42_MQV_DERIVE_PARAMS CK_PTR CK_X9_42_MQV_DERIVE_PARAMS_PTR; /* CK_KEA_DERIVE_PARAMS provides the parameters to the - * CKM_KEA_DERIVE mechanism */ -/* CK_KEA_DERIVE_PARAMS is new for v2.0 */ + * CKM_KEA_DERIVE mechanism + */ typedef struct CK_KEA_DERIVE_PARAMS { CK_BBOOL isSender; CK_ULONG ulRandomLen; @@ -1454,19 +1418,18 @@ typedef CK_KEA_DERIVE_PARAMS CK_PTR CK_KEA_DERIVE_PARAMS_PTR; /* CK_RC2_PARAMS provides the parameters to the CKM_RC2_ECB and * CKM_RC2_MAC mechanisms. An instance of CK_RC2_PARAMS just - * holds the effective keysize */ + * holds the effective keysize + */ typedef CK_ULONG CK_RC2_PARAMS; typedef CK_RC2_PARAMS CK_PTR CK_RC2_PARAMS_PTR; /* CK_RC2_CBC_PARAMS provides the parameters to the CKM_RC2_CBC - * mechanism */ + * mechanism + */ typedef struct CK_RC2_CBC_PARAMS { - /* ulEffectiveBits was changed from CK_USHORT to CK_ULONG for - * v2.0 */ CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */ - CK_BYTE iv[8]; /* IV for CBC mode */ } CK_RC2_CBC_PARAMS; @@ -1474,8 +1437,8 @@ typedef CK_RC2_CBC_PARAMS CK_PTR CK_RC2_CBC_PARAMS_PTR; /* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the - * CKM_RC2_MAC_GENERAL mechanism */ -/* CK_RC2_MAC_GENERAL_PARAMS is new for v2.0 */ + * CKM_RC2_MAC_GENERAL mechanism + */ typedef struct CK_RC2_MAC_GENERAL_PARAMS { CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */ CK_ULONG ulMacLength; /* Length of MAC in bytes */ @@ -1486,8 +1449,8 @@ typedef CK_RC2_MAC_GENERAL_PARAMS CK_PTR \ /* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and - * CKM_RC5_MAC mechanisms */ -/* CK_RC5_PARAMS is new for v2.0 */ + * CKM_RC5_MAC mechanisms + */ typedef struct CK_RC5_PARAMS { CK_ULONG ulWordsize; /* wordsize in bits */ CK_ULONG ulRounds; /* number of rounds */ @@ -1497,8 +1460,8 @@ typedef CK_RC5_PARAMS CK_PTR CK_RC5_PARAMS_PTR; /* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC - * mechanism */ -/* CK_RC5_CBC_PARAMS is new for v2.0 */ + * mechanism + */ typedef struct CK_RC5_CBC_PARAMS { CK_ULONG ulWordsize; /* wordsize in bits */ CK_ULONG ulRounds; /* number of rounds */ @@ -1510,8 +1473,8 @@ typedef CK_RC5_CBC_PARAMS CK_PTR CK_RC5_CBC_PARAMS_PTR; /* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the - * CKM_RC5_MAC_GENERAL mechanism */ -/* CK_RC5_MAC_GENERAL_PARAMS is new for v2.0 */ + * CKM_RC5_MAC_GENERAL mechanism + */ typedef struct CK_RC5_MAC_GENERAL_PARAMS { CK_ULONG ulWordsize; /* wordsize in bits */ CK_ULONG ulRounds; /* number of rounds */ @@ -1521,16 +1484,14 @@ typedef struct CK_RC5_MAC_GENERAL_PARAMS { typedef CK_RC5_MAC_GENERAL_PARAMS CK_PTR \ CK_RC5_MAC_GENERAL_PARAMS_PTR; - /* CK_MAC_GENERAL_PARAMS provides the parameters to most block * ciphers' MAC_GENERAL mechanisms. Its value is the length of - * the MAC */ -/* CK_MAC_GENERAL_PARAMS is new for v2.0 */ + * the MAC + */ typedef CK_ULONG CK_MAC_GENERAL_PARAMS; typedef CK_MAC_GENERAL_PARAMS CK_PTR CK_MAC_GENERAL_PARAMS_PTR; -/* CK_DES/AES_ECB/CBC_ENCRYPT_DATA_PARAMS are new for v2.20 */ typedef struct CK_DES_CBC_ENCRYPT_DATA_PARAMS { CK_BYTE iv[8]; CK_BYTE_PTR pData; @@ -1548,8 +1509,8 @@ typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS { typedef CK_AES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR; /* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the - * CKM_SKIPJACK_PRIVATE_WRAP mechanism */ -/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS is new for v2.0 */ + * CKM_SKIPJACK_PRIVATE_WRAP mechanism + */ typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS { CK_ULONG ulPasswordLen; CK_BYTE_PTR pPassword; @@ -1565,12 +1526,12 @@ typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS { } CK_SKIPJACK_PRIVATE_WRAP_PARAMS; typedef CK_SKIPJACK_PRIVATE_WRAP_PARAMS CK_PTR \ - CK_SKIPJACK_PRIVATE_WRAP_PTR; + CK_SKIPJACK_PRIVATE_WRAP_PARAMS_PTR; /* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the - * CKM_SKIPJACK_RELAYX mechanism */ -/* CK_SKIPJACK_RELAYX_PARAMS is new for v2.0 */ + * CKM_SKIPJACK_RELAYX mechanism + */ typedef struct CK_SKIPJACK_RELAYX_PARAMS { CK_ULONG ulOldWrappedXLen; CK_BYTE_PTR pOldWrappedX; @@ -1605,17 +1566,15 @@ typedef CK_PBE_PARAMS CK_PTR CK_PBE_PARAMS_PTR; /* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the - * CKM_KEY_WRAP_SET_OAEP mechanism */ -/* CK_KEY_WRAP_SET_OAEP_PARAMS is new for v2.0 */ + * CKM_KEY_WRAP_SET_OAEP mechanism + */ typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS { CK_BYTE bBC; /* block contents byte */ CK_BYTE_PTR pX; /* extra data */ CK_ULONG ulXLen; /* length of extra data in bytes */ } CK_KEY_WRAP_SET_OAEP_PARAMS; -typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR \ - CK_KEY_WRAP_SET_OAEP_PARAMS_PTR; - +typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR CK_KEY_WRAP_SET_OAEP_PARAMS_PTR; typedef struct CK_SSL3_RANDOM_DATA { CK_BYTE_PTR pClientRandom; @@ -1633,7 +1592,6 @@ typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS { typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR \ CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR; - typedef struct CK_SSL3_KEY_MAT_OUT { CK_OBJECT_HANDLE hClientMacSecret; CK_OBJECT_HANDLE hServerMacSecret; @@ -1657,7 +1615,6 @@ typedef struct CK_SSL3_KEY_MAT_PARAMS { typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR CK_SSL3_KEY_MAT_PARAMS_PTR; -/* CK_TLS_PRF_PARAMS is new for version 2.20 */ typedef struct CK_TLS_PRF_PARAMS { CK_BYTE_PTR pSeed; CK_ULONG ulSeedLen; @@ -1669,7 +1626,6 @@ typedef struct CK_TLS_PRF_PARAMS { typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR; -/* WTLS is new for version 2.20 */ typedef struct CK_WTLS_RANDOM_DATA { CK_BYTE_PTR pClientRandom; CK_ULONG ulClientRandomLen; @@ -1721,7 +1677,6 @@ typedef struct CK_WTLS_KEY_MAT_PARAMS { typedef CK_WTLS_KEY_MAT_PARAMS CK_PTR CK_WTLS_KEY_MAT_PARAMS_PTR; -/* CMS is new for version 2.20 */ typedef struct CK_CMS_SIG_PARAMS { CK_OBJECT_HANDLE certificateHandle; CK_MECHANISM_PTR pSigningMechanism; @@ -1747,38 +1702,45 @@ typedef CK_KEY_DERIVATION_STRING_DATA CK_PTR \ /* The CK_EXTRACT_PARAMS is used for the * CKM_EXTRACT_KEY_FROM_KEY mechanism. It specifies which bit * of the base key should be used as the first bit of the - * derived key */ -/* CK_EXTRACT_PARAMS is new for v2.0 */ + * derived key + */ typedef CK_ULONG CK_EXTRACT_PARAMS; typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR; -/* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is new for v2.10. - * CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to +/* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to * indicate the Pseudo-Random Function (PRF) used to generate - * key bits using PKCS #5 PBKDF2. */ + * key bits using PKCS #5 PBKDF2. + */ typedef CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE; -typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR; +typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR \ + CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR; -/* The following PRFs are defined in PKCS #5 v2.0. */ -#define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001 +#define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001UL +#define CKP_PKCS5_PBKD2_HMAC_GOSTR3411 0x00000002UL +#define CKP_PKCS5_PBKD2_HMAC_SHA224 0x00000003UL +#define CKP_PKCS5_PBKD2_HMAC_SHA256 0x00000004UL +#define CKP_PKCS5_PBKD2_HMAC_SHA384 0x00000005UL +#define CKP_PKCS5_PBKD2_HMAC_SHA512 0x00000006UL +#define CKP_PKCS5_PBKD2_HMAC_SHA512_224 0x00000007UL +#define CKP_PKCS5_PBKD2_HMAC_SHA512_256 0x00000008UL - -/* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is new for v2.10. - * CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the +/* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the * source of the salt value when deriving a key using PKCS #5 - * PBKDF2. */ + * PBKDF2. + */ typedef CK_ULONG CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE; -typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE CK_PTR CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR; +typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE CK_PTR \ + CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR; /* The following salt value sources are defined in PKCS #5 v2.0. */ -#define CKZ_SALT_SPECIFIED 0x00000001 +#define CKZ_SALT_SPECIFIED 0x00000001UL -/* CK_PKCS5_PBKD2_PARAMS is new for v2.10. - * CK_PKCS5_PBKD2_PARAMS is a structure that provides the - * parameters to the CKM_PKCS5_PBKD2 mechanism. */ +/* CK_PKCS5_PBKD2_PARAMS is a structure that provides the + * parameters to the CKM_PKCS5_PBKD2 mechanism. + */ typedef struct CK_PKCS5_PBKD2_PARAMS { CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource; CK_VOID_PTR pSaltSourceData; @@ -1793,10 +1755,26 @@ typedef struct CK_PKCS5_PBKD2_PARAMS { typedef CK_PKCS5_PBKD2_PARAMS CK_PTR CK_PKCS5_PBKD2_PARAMS_PTR; -/* All CK_OTP structs are new for PKCS #11 v2.20 amendment 3 */ +/* CK_PKCS5_PBKD2_PARAMS2 is a corrected version of the CK_PKCS5_PBKD2_PARAMS + * structure that provides the parameters to the CKM_PKCS5_PBKD2 mechanism + * noting that the ulPasswordLen field is a CK_ULONG and not a CK_ULONG_PTR. + */ +typedef struct CK_PKCS5_PBKD2_PARAMS2 { + CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource; + CK_VOID_PTR pSaltSourceData; + CK_ULONG ulSaltSourceDataLen; + CK_ULONG iterations; + CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf; + CK_VOID_PTR pPrfData; + CK_ULONG ulPrfDataLen; + CK_UTF8CHAR_PTR pPassword; + CK_ULONG ulPasswordLen; +} CK_PKCS5_PBKD2_PARAMS2; + +typedef CK_PKCS5_PBKD2_PARAMS2 CK_PTR CK_PKCS5_PBKD2_PARAMS2_PTR; typedef CK_ULONG CK_OTP_PARAM_TYPE; -typedef CK_OTP_PARAM_TYPE CK_PARAM_TYPE; /* B/w compatibility */ +typedef CK_OTP_PARAM_TYPE CK_PARAM_TYPE; /* backward compatibility */ typedef struct CK_OTP_PARAM { CK_OTP_PARAM_TYPE type; @@ -1820,25 +1798,22 @@ typedef struct CK_OTP_SIGNATURE_INFO { typedef CK_OTP_SIGNATURE_INFO CK_PTR CK_OTP_SIGNATURE_INFO_PTR; -/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 */ -#define CK_OTP_VALUE 0 -#define CK_OTP_PIN 1 -#define CK_OTP_CHALLENGE 2 -#define CK_OTP_TIME 3 -#define CK_OTP_COUNTER 4 -#define CK_OTP_FLAGS 5 -#define CK_OTP_OUTPUT_LENGTH 6 -#define CK_OTP_OUTPUT_FORMAT 7 +#define CK_OTP_VALUE 0UL +#define CK_OTP_PIN 1UL +#define CK_OTP_CHALLENGE 2UL +#define CK_OTP_TIME 3UL +#define CK_OTP_COUNTER 4UL +#define CK_OTP_FLAGS 5UL +#define CK_OTP_OUTPUT_LENGTH 6UL +#define CK_OTP_OUTPUT_FORMAT 7UL -/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 */ -#define CKF_NEXT_OTP 0x00000001 -#define CKF_EXCLUDE_TIME 0x00000002 -#define CKF_EXCLUDE_COUNTER 0x00000004 -#define CKF_EXCLUDE_CHALLENGE 0x00000008 -#define CKF_EXCLUDE_PIN 0x00000010 -#define CKF_USER_FRIENDLY_OTP 0x00000020 +#define CKF_NEXT_OTP 0x00000001UL +#define CKF_EXCLUDE_TIME 0x00000002UL +#define CKF_EXCLUDE_COUNTER 0x00000004UL +#define CKF_EXCLUDE_CHALLENGE 0x00000008UL +#define CKF_EXCLUDE_PIN 0x00000010UL +#define CKF_USER_FRIENDLY_OTP 0x00000020UL -/* CK_KIP_PARAMS is new for PKCS #11 v2.20 amendment 2 */ typedef struct CK_KIP_PARAMS { CK_MECHANISM_PTR pMechanism; CK_OBJECT_HANDLE hKey; @@ -1848,7 +1823,6 @@ typedef struct CK_KIP_PARAMS { typedef CK_KIP_PARAMS CK_PTR CK_KIP_PARAMS_PTR; -/* CK_AES_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */ typedef struct CK_AES_CTR_PARAMS { CK_ULONG ulCounterBits; CK_BYTE cb[16]; @@ -1856,30 +1830,174 @@ typedef struct CK_AES_CTR_PARAMS { typedef CK_AES_CTR_PARAMS CK_PTR CK_AES_CTR_PARAMS_PTR; -/* CK_CAMELLIA_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */ +typedef struct CK_GCM_PARAMS { + CK_BYTE_PTR pIv; + CK_ULONG ulIvLen; + CK_ULONG ulIvBits; + CK_BYTE_PTR pAAD; + CK_ULONG ulAADLen; + CK_ULONG ulTagBits; +} CK_GCM_PARAMS; + +typedef CK_GCM_PARAMS CK_PTR CK_GCM_PARAMS_PTR; + +typedef struct CK_CCM_PARAMS { + CK_ULONG ulDataLen; + CK_BYTE_PTR pNonce; + CK_ULONG ulNonceLen; + CK_BYTE_PTR pAAD; + CK_ULONG ulAADLen; + CK_ULONG ulMACLen; +} CK_CCM_PARAMS; + +typedef CK_CCM_PARAMS CK_PTR CK_CCM_PARAMS_PTR; + +/* Deprecated. Use CK_GCM_PARAMS */ +typedef struct CK_AES_GCM_PARAMS { + CK_BYTE_PTR pIv; + CK_ULONG ulIvLen; + CK_ULONG ulIvBits; + CK_BYTE_PTR pAAD; + CK_ULONG ulAADLen; + CK_ULONG ulTagBits; +} CK_AES_GCM_PARAMS; + +typedef CK_AES_GCM_PARAMS CK_PTR CK_AES_GCM_PARAMS_PTR; + +/* Deprecated. Use CK_CCM_PARAMS */ +typedef struct CK_AES_CCM_PARAMS { + CK_ULONG ulDataLen; + CK_BYTE_PTR pNonce; + CK_ULONG ulNonceLen; + CK_BYTE_PTR pAAD; + CK_ULONG ulAADLen; + CK_ULONG ulMACLen; +} CK_AES_CCM_PARAMS; + +typedef CK_AES_CCM_PARAMS CK_PTR CK_AES_CCM_PARAMS_PTR; + typedef struct CK_CAMELLIA_CTR_PARAMS { - CK_ULONG ulCounterBits; - CK_BYTE cb[16]; + CK_ULONG ulCounterBits; + CK_BYTE cb[16]; } CK_CAMELLIA_CTR_PARAMS; typedef CK_CAMELLIA_CTR_PARAMS CK_PTR CK_CAMELLIA_CTR_PARAMS_PTR; -/* CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS is new for PKCS #11 v2.20 amendment 3 */ typedef struct CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS { - CK_BYTE iv[16]; - CK_BYTE_PTR pData; - CK_ULONG length; + CK_BYTE iv[16]; + CK_BYTE_PTR pData; + CK_ULONG length; } CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS; -typedef CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS_PTR; +typedef CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR \ + CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS_PTR; -/* CK_ARIA_CBC_ENCRYPT_DATA_PARAMS is new for PKCS #11 v2.20 amendment 3 */ typedef struct CK_ARIA_CBC_ENCRYPT_DATA_PARAMS { - CK_BYTE iv[16]; - CK_BYTE_PTR pData; - CK_ULONG length; + CK_BYTE iv[16]; + CK_BYTE_PTR pData; + CK_ULONG length; } CK_ARIA_CBC_ENCRYPT_DATA_PARAMS; -typedef CK_ARIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_ARIA_CBC_ENCRYPT_DATA_PARAMS_PTR; +typedef CK_ARIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR \ + CK_ARIA_CBC_ENCRYPT_DATA_PARAMS_PTR; + +typedef struct CK_DSA_PARAMETER_GEN_PARAM { + CK_MECHANISM_TYPE hash; + CK_BYTE_PTR pSeed; + CK_ULONG ulSeedLen; + CK_ULONG ulIndex; +} CK_DSA_PARAMETER_GEN_PARAM; + +typedef CK_DSA_PARAMETER_GEN_PARAM CK_PTR CK_DSA_PARAMETER_GEN_PARAM_PTR; + +typedef struct CK_ECDH_AES_KEY_WRAP_PARAMS { + CK_ULONG ulAESKeyBits; + CK_EC_KDF_TYPE kdf; + CK_ULONG ulSharedDataLen; + CK_BYTE_PTR pSharedData; +} CK_ECDH_AES_KEY_WRAP_PARAMS; + +typedef CK_ECDH_AES_KEY_WRAP_PARAMS CK_PTR CK_ECDH_AES_KEY_WRAP_PARAMS_PTR; + +typedef CK_ULONG CK_JAVA_MIDP_SECURITY_DOMAIN; + +typedef CK_ULONG CK_CERTIFICATE_CATEGORY; + +typedef struct CK_RSA_AES_KEY_WRAP_PARAMS { + CK_ULONG ulAESKeyBits; + CK_RSA_PKCS_OAEP_PARAMS_PTR pOAEPParams; +} CK_RSA_AES_KEY_WRAP_PARAMS; + +typedef CK_RSA_AES_KEY_WRAP_PARAMS CK_PTR CK_RSA_AES_KEY_WRAP_PARAMS_PTR; + +typedef struct CK_TLS12_MASTER_KEY_DERIVE_PARAMS { + CK_SSL3_RANDOM_DATA RandomInfo; + CK_VERSION_PTR pVersion; + CK_MECHANISM_TYPE prfHashMechanism; +} CK_TLS12_MASTER_KEY_DERIVE_PARAMS; + +typedef CK_TLS12_MASTER_KEY_DERIVE_PARAMS CK_PTR \ + CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR; + +typedef struct CK_TLS12_KEY_MAT_PARAMS { + CK_ULONG ulMacSizeInBits; + CK_ULONG ulKeySizeInBits; + CK_ULONG ulIVSizeInBits; + CK_BBOOL bIsExport; + CK_SSL3_RANDOM_DATA RandomInfo; + CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial; + CK_MECHANISM_TYPE prfHashMechanism; +} CK_TLS12_KEY_MAT_PARAMS; + +typedef CK_TLS12_KEY_MAT_PARAMS CK_PTR CK_TLS12_KEY_MAT_PARAMS_PTR; + +typedef struct CK_TLS_KDF_PARAMS { + CK_MECHANISM_TYPE prfMechanism; + CK_BYTE_PTR pLabel; + CK_ULONG ulLabelLength; + CK_SSL3_RANDOM_DATA RandomInfo; + CK_BYTE_PTR pContextData; + CK_ULONG ulContextDataLength; +} CK_TLS_KDF_PARAMS; + +typedef CK_TLS_KDF_PARAMS CK_PTR CK_TLS_KDF_PARAMS_PTR; + +typedef struct CK_TLS_MAC_PARAMS { + CK_MECHANISM_TYPE prfHashMechanism; + CK_ULONG ulMacLength; + CK_ULONG ulServerOrClient; +} CK_TLS_MAC_PARAMS; + +typedef CK_TLS_MAC_PARAMS CK_PTR CK_TLS_MAC_PARAMS_PTR; + +typedef struct CK_GOSTR3410_DERIVE_PARAMS { + CK_EC_KDF_TYPE kdf; + CK_BYTE_PTR pPublicData; + CK_ULONG ulPublicDataLen; + CK_BYTE_PTR pUKM; + CK_ULONG ulUKMLen; +} CK_GOSTR3410_DERIVE_PARAMS; + +typedef CK_GOSTR3410_DERIVE_PARAMS CK_PTR CK_GOSTR3410_DERIVE_PARAMS_PTR; + +typedef struct CK_GOSTR3410_KEY_WRAP_PARAMS { + CK_BYTE_PTR pWrapOID; + CK_ULONG ulWrapOIDLen; + CK_BYTE_PTR pUKM; + CK_ULONG ulUKMLen; + CK_OBJECT_HANDLE hKey; +} CK_GOSTR3410_KEY_WRAP_PARAMS; + +typedef CK_GOSTR3410_KEY_WRAP_PARAMS CK_PTR CK_GOSTR3410_KEY_WRAP_PARAMS_PTR; + +typedef struct CK_SEED_CBC_ENCRYPT_DATA_PARAMS { + CK_BYTE iv[16]; + CK_BYTE_PTR pData; + CK_ULONG length; +} CK_SEED_CBC_ENCRYPT_DATA_PARAMS; + +typedef CK_SEED_CBC_ENCRYPT_DATA_PARAMS CK_PTR \ + CK_SEED_CBC_ENCRYPT_DATA_PARAMS_PTR; + +#endif /* _PKCS11T_H_ */ -#endif diff --git a/vendor/github.com/miekg/pkcs11/types.go b/vendor/github.com/miekg/pkcs11/types.go index e789bf1560..fbc6b840eb 100644 --- a/vendor/github.com/miekg/pkcs11/types.go +++ b/vendor/github.com/miekg/pkcs11/types.go @@ -5,18 +5,9 @@ package pkcs11 /* -#define CK_PTR * -#ifndef NULL_PTR -#define NULL_PTR 0 -#endif -#define CK_DEFINE_FUNCTION(returnType, name) returnType name -#define CK_DECLARE_FUNCTION(returnType, name) returnType name -#define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType (* name) -#define CK_CALLBACK_FUNCTION(returnType, name) returnType (* name) - #include #include -#include "pkcs11.h" +#include "pkcs11go.h" CK_ULONG Index(CK_ULONG_PTR array, CK_ULONG i) { @@ -196,20 +187,22 @@ func NewAttribute(typ uint, x interface{}) *Attribute { } // cAttribute returns the start address and the length of an attribute list. -func cAttributeList(a []*Attribute) (arena, C.CK_ATTRIBUTE_PTR, C.CK_ULONG) { +func cAttributeList(a []*Attribute) (arena, C.ckAttrPtr, C.CK_ULONG) { var arena arena if len(a) == 0 { return nil, nil, 0 } - pa := make([]C.CK_ATTRIBUTE, len(a)) + pa := make([]C.ckAttr, len(a)) for i := 0; i < len(a); i++ { pa[i]._type = C.CK_ATTRIBUTE_TYPE(a[i].Type) - if a[i].Value == nil { + //skip attribute if length is 0 to prevent panic in arena.Allocate + if a[i].Value == nil || len(a[i].Value) == 0 { continue } + pa[i].pValue, pa[i].ulValueLen = arena.Allocate(a[i].Value) } - return arena, C.CK_ATTRIBUTE_PTR(&pa[0]), C.CK_ULONG(len(a)) + return arena, C.ckAttrPtr(&pa[0]), C.CK_ULONG(len(a)) } func cDate(t time.Time) []byte { @@ -243,20 +236,22 @@ func NewMechanism(mech uint, x interface{}) *Mechanism { return m } -func cMechanismList(m []*Mechanism) (arena, C.CK_MECHANISM_PTR, C.CK_ULONG) { +func cMechanismList(m []*Mechanism) (arena, C.ckMechPtr, C.CK_ULONG) { var arena arena if len(m) == 0 { return nil, nil, 0 } - pm := make([]C.CK_MECHANISM, len(m)) + pm := make([]C.ckMech, len(m)) for i := 0; i < len(m); i++ { pm[i].mechanism = C.CK_MECHANISM_TYPE(m[i].Mechanism) - if m[i].Parameter == nil { + //skip parameter if length is 0 to prevent panic in arena.Allocate + if m[i].Parameter == nil || len(m[i].Parameter) == 0 { continue } + pm[i].pParameter, pm[i].ulParameterLen = arena.Allocate(m[i].Parameter) } - return arena, C.CK_MECHANISM_PTR(&pm[0]), C.CK_ULONG(len(m)) + return arena, C.ckMechPtr(&pm[0]), C.CK_ULONG(len(m)) } // MechanismInfo provides information about a particular mechanism. diff --git a/vendor/github.com/theupdateframework/notary/README.md b/vendor/github.com/theupdateframework/notary/README.md index 83c0487335..6b955d259c 100644 --- a/vendor/github.com/theupdateframework/notary/README.md +++ b/vendor/github.com/theupdateframework/notary/README.md @@ -1,6 +1,8 @@ Notary +[![GoDoc](https://godoc.org/github.com/theupdateframework/notary?status.svg)](https://godoc.org/github.com/theupdateframework/notary) [![Circle CI](https://circleci.com/gh/theupdateframework/notary/tree/master.svg?style=shield)](https://circleci.com/gh/theupdateframework/notary/tree/master) [![CodeCov](https://codecov.io/github/theupdateframework/notary/coverage.svg?branch=master)](https://codecov.io/github/theupdateframework/notary) [![GoReportCard](https://goreportcard.com/badge/theupdateframework/notary)](https://goreportcard.com/report/github.com/theupdateframework/notary) +[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Ftheupdateframework%2Fnotary.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Ftheupdateframework%2Fnotary?ref=badge_shield) # Notice @@ -14,7 +16,7 @@ location via GitHub's redirect. # Overview The Notary project comprises a [server](cmd/notary-server) and a [client](cmd/notary) for running and interacting -with trusted collections. Please see the [service architecture](docs/service_architecture.md) documentation +with trusted collections. See the [service architecture](docs/service_architecture.md) documentation for more information. Notary aims to make the internet more secure by making it easy for people to @@ -44,26 +46,26 @@ Notary is based on [The Update Framework](https://www.theupdateframework.com/), ## Security -Please see our [service architecture docs](docs/service_architecture.md#threat-model) for more information about our threat model, which details the varying survivability and severities for key compromise as well as mitigations. +See Notary's [service architecture docs](docs/service_architecture.md#threat-model) for more information about our threat model, which details the varying survivability and severities for key compromise as well as mitigations. -Our last security audit was on July 31, 2015 by NCC ([results](docs/resources/ncc_docker_notary_audit_2015_07_31.pdf)). +Notary's last security audit was on July 31, 2015 by NCC ([results](docs/resources/ncc_docker_notary_audit_2015_07_31.pdf)). Any security vulnerabilities can be reported to security@docker.com. # Getting started with the Notary CLI -Please get the Notary Client CLI binary from [the official releases page](https://github.com/theupdateframework/notary/releases) or you can [build one yourself](#building-notary). +Get the Notary Client CLI binary from [the official releases page](https://github.com/theupdateframework/notary/releases) or you can [build one yourself](#building-notary). The version of Notary server and signer should be greater than or equal to Notary CLI's version to ensure feature compatibility (ex: CLI version 0.2, server/signer version >= 0.2), and all official releases are associated with GitHub tags. -To use the Notary CLI with Docker hub images, please have a look at our +To use the Notary CLI with Docker hub images, have a look at Notary's [getting started docs](docs/getting_started.md). -For more advanced usage, please see the +For more advanced usage, see the [advanced usage docs](docs/advanced_usage.md). To use the CLI against a local Notary server rather than against Docker Hub: -1. Please ensure that you have [docker and docker-compose](http://docs.docker.com/compose/install/) installed. +1. Ensure that you have [docker and docker-compose](http://docs.docker.com/compose/install/) installed. 1. `git clone https://github.com/theupdateframework/notary.git` and from the cloned repository path, start up a local Notary server and signer and copy the config file and testing certs to your local notary config directory: @@ -89,28 +91,31 @@ to use `notary` with Docker images. ## Building Notary -Note that our [latest stable release](https://github.com/theupdateframework/notary/releases) is at the head of the +Note that Notary's [latest stable release](https://github.com/theupdateframework/notary/releases) is at the head of the [releases branch](https://github.com/theupdateframework/notary/tree/releases). The master branch is the development branch and contains features for the next release. Prerequisites: - Go >= 1.7.1 -- [godep](https://github.com/tools/godep) installed + - Fedora: `dnf install golang` - libtool development headers installed - Ubuntu: `apt-get install libltdl-dev` - CentOS/RedHat: `yum install libtool-ltdl-devel` + - Fedora: `dnf install libtool-ltdl-devel` - Mac OS ([Homebrew](http://brew.sh/)): `brew install libtool` -Run `make client`, which creates the Notary Client CLI binary at `bin/notary`. -Note that `make client` assumes a standard Go directory structure, in which -Notary is checked out to the `src` directory in your `GOPATH`. For example: -``` -$GOPATH/ - src/ - github.com/ - docker/ - notary/ +Set [```GOPATH```](https://golang.org/doc/code.html#GOPATH). Then, run: + +```bash +$ go get github.com/theupdateframework/notary +# build with pcks11 support by default to support yubikey +$ go install -tags pkcs11 github.com/theupdateframework/notary/cmd/notary +$ notary ``` -To build the server and signer, please run `docker-compose build`. +To build the server and signer, run `docker-compose build`. + + +## License +[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Ftheupdateframework%2Fnotary.svg?type=large)](https://app.fossa.io/projects/git%2Bgithub.com%2Ftheupdateframework%2Fnotary?ref=badge_large) diff --git a/vendor/github.com/theupdateframework/notary/client/client.go b/vendor/github.com/theupdateframework/notary/client/client.go index 217e96235c..efdc6ce4a2 100644 --- a/vendor/github.com/theupdateframework/notary/client/client.go +++ b/vendor/github.com/theupdateframework/notary/client/client.go @@ -1,88 +1,4 @@ -/* -Package client implements everything required for interacting with a Notary repository. - -Usage - -Use this package by creating a new repository object and calling methods on it. - - package main - - import ( - "encoding/hex" - "fmt" - "net/http" - "os" - "time" - - "github.com/docker/distribution/registry/client/auth" - "github.com/docker/distribution/registry/client/auth/challenge" - "github.com/docker/distribution/registry/client/transport" - notary "github.com/theupdateframework/notary/client" - "github.com/theupdateframework/notary/trustpinning" - "github.com/theupdateframework/notary/tuf/data" - ) - - func main() { - rootDir := ".trust" - if err := os.MkdirAll(rootDir, 0700); err != nil { - panic(err) - } - - server := "https://notary.docker.io" - image := "docker.io/library/alpine" - repo, err := notary.NewFileCachedNotaryRepository( - rootDir, - data.GUN(image), - server, - makeHubTransport(server, image), - nil, - trustpinning.TrustPinConfig{}, - ) - - targets, err := repo.ListTargets() - if err != nil { - panic(err) - } - - for _, tgt := range targets { - fmt.Printf("%s\t%s\n", tgt.Name, hex.EncodeToString(tgt.Hashes["sha256"])) - } - } - - func makeHubTransport(server, image string) http.RoundTripper { - base := http.DefaultTransport - modifiers := []transport.RequestModifier{ - transport.NewHeaderRequestModifier(http.Header{ - "User-Agent": []string{"my-client"}, - }), - } - - authTransport := transport.NewTransport(base, modifiers...) - pingClient := &http.Client{ - Transport: authTransport, - Timeout: 5 * time.Second, - } - req, err := http.NewRequest("GET", server+"/v2/", nil) - if err != nil { - panic(err) - } - - challengeManager := challenge.NewSimpleManager() - resp, err := pingClient.Do(req) - if err != nil { - panic(err) - } - defer resp.Body.Close() - if err := challengeManager.AddResponse(resp); err != nil { - panic(err) - } - tokenHandler := auth.NewTokenHandler(base, nil, image, "pull") - modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, tokenHandler, auth.NewBasicHandler(nil))) - - return transport.NewTransport(base, modifiers...) - } - -*/ +//Package client implements everything required for interacting with a Notary repository. package client import ( diff --git a/vendor/github.com/theupdateframework/notary/trustmanager/keys.go b/vendor/github.com/theupdateframework/notary/trustmanager/keys.go index 8ad77a2fec..89e82a75ab 100644 --- a/vendor/github.com/theupdateframework/notary/trustmanager/keys.go +++ b/vendor/github.com/theupdateframework/notary/trustmanager/keys.go @@ -3,6 +3,7 @@ package trustmanager import ( "encoding/pem" "errors" + "fmt" "io" "io/ioutil" "path/filepath" @@ -100,8 +101,9 @@ func ImportKeys(from io.Reader, to []Importer, fallbackRole string, fallbackGUN return err } var ( - writeTo string - toWrite []byte + writeTo string + toWrite []byte + errBlocks []string ) for block, rest := pem.Decode(data); block != nil; block, rest = pem.Decode(rest) { handleLegacyPath(block) @@ -110,6 +112,7 @@ func ImportKeys(from io.Reader, to []Importer, fallbackRole string, fallbackGUN loc, err := checkValidity(block) if err != nil { // already logged in checkValidity + errBlocks = append(errBlocks, err.Error()) continue } @@ -157,6 +160,9 @@ func ImportKeys(from io.Reader, to []Importer, fallbackRole string, fallbackGUN if toWrite != nil { // close out final iteration if there's data left return importToStores(to, writeTo, toWrite) } + if len(errBlocks) > 0 { + return fmt.Errorf("failed to import all keys: %s", strings.Join(errBlocks, ", ")) + } return nil } diff --git a/vendor/github.com/theupdateframework/notary/trustmanager/yubikey/pkcs11_linux.go b/vendor/github.com/theupdateframework/notary/trustmanager/yubikey/pkcs11_linux.go index 9967e89e19..836018f008 100644 --- a/vendor/github.com/theupdateframework/notary/trustmanager/yubikey/pkcs11_linux.go +++ b/vendor/github.com/theupdateframework/notary/trustmanager/yubikey/pkcs11_linux.go @@ -4,7 +4,9 @@ package yubikey var possiblePkcs11Libs = []string{ "/usr/lib/libykcs11.so", + "/usr/lib/libykcs11.so.1", // yubico-piv-tool on Fedora installs here "/usr/lib64/libykcs11.so", + "/usr/lib64/libykcs11.so.1", // yubico-piv-tool on Fedora installs here "/usr/lib/x86_64-linux-gnu/libykcs11.so", "/usr/local/lib/libykcs11.so", } diff --git a/vendor/github.com/theupdateframework/notary/tuf/tuf.go b/vendor/github.com/theupdateframework/notary/tuf/tuf.go index 74f6ceb593..866403bba1 100644 --- a/vendor/github.com/theupdateframework/notary/tuf/tuf.go +++ b/vendor/github.com/theupdateframework/notary/tuf/tuf.go @@ -248,17 +248,14 @@ func (tr *Repo) GetDelegationRole(name data.RoleName) (data.DelegationRole, erro } // Check all public key certificates in the role for expiry // Currently we do not reject expired delegation keys but warn if they might expire soon or have already - for keyID, pubKey := range delgRole.Keys { + for _, pubKey := range delgRole.Keys { certFromKey, err := utils.LoadCertFromPEM(pubKey.Public()) if err != nil { continue } - if err := utils.ValidateCertificate(certFromKey, true); err != nil { - if _, ok := err.(data.ErrCertExpired); !ok { - // do not allow other invalid cert errors - return err - } - logrus.Warnf("error with delegation %s key ID %d: %s", delgRole.Name, keyID, err) + //Don't check the delegation certificate expiry once added, use the TUF role expiry instead + if err := utils.ValidateCertificate(certFromKey, false); err != nil { + return err } } foundRole = &delgRole diff --git a/vendor/github.com/theupdateframework/notary/vendor.conf b/vendor/github.com/theupdateframework/notary/vendor.conf index 73e12db5de..33e81418dd 100644 --- a/vendor/github.com/theupdateframework/notary/vendor.conf +++ b/vendor/github.com/theupdateframework/notary/vendor.conf @@ -5,8 +5,8 @@ github.com/bugsnag/bugsnag-go 13fd6b8acda029830ef9904df6b63be0a83369d0 github.com/bugsnag/panicwrap e2c28503fcd0675329da73bf48b33404db873782 github.com/bugsnag/osext 0dd3f918b21bec95ace9dc86c7e70266cfc5c702 github.com/docker/distribution edc3ab29cdff8694dd6feb85cfeb4b5f1b38ed9c -github.com/opencontainers/go-digest a6d0ee40d4207ea02364bd3b9e8e77b9159ba1eb -github.com/docker/go-connections 3ede32e2033de7505e6500d6c868c2b9ed9f169d +github.com/opencontainers/go-digest a6d0ee40d4207ea02364bd3b9e8e77b9159ba1eb +github.com/docker/go-connections 7395e3f8aa162843a74ed6d48e79627d9792ac55 github.com/docker/go d30aec9fd63c35133f8f79c3412ad91a3b08be06 github.com/dvsekhvalnov/jose2go 6387d3c1f5abd8443b223577d5a7e0f4e0e5731f # v1.2 github.com/go-sql-driver/mysql a0583e0143b1624142adab07e0e97fe106d99561 # v1.3 @@ -15,22 +15,22 @@ github.com/jinzhu/gorm 5409931a1bb87e484d68d649af9367c207713ea2 github.com/jinzhu/inflection 1c35d901db3da928c72a72d8458480cc9ade058f github.com/lib/pq 0dad96c0b94f8dee039aa40467f767467392a0af github.com/mattn/go-sqlite3 b4142c444a8941d0d92b0b7103a24df9cd815e42 # v1.0.0 -github.com/miekg/pkcs11 ba39b9c6300b7e0be41b115330145ef8afdff7d6 +github.com/miekg/pkcs11 5f6e0d0dad6f472df908c8e968a98ef00c9224bb github.com/mitchellh/go-homedir df55a15e5ce646808815381b3db47a8c66ea62f4 github.com/prometheus/client_golang 449ccefff16c8e2b7229f6be1921ba22f62461fe github.com/prometheus/client_model fa8ad6fec33561be4280a8f0514318c79d7f6cb6 # model-0.0.2-12-gfa8ad6f github.com/prometheus/procfs b1afdc266f54247f5dc725544f5d351a8661f502 github.com/prometheus/common 4fdc91a58c9d3696b982e8a680f4997403132d44 github.com/golang/protobuf c3cefd437628a0b7d31b34fe44b3a7a540e98527 -github.com/spf13/cobra f368244301305f414206f889b1735a54cfc8bde8 +github.com/spf13/cobra 7b2c5ac9fc04fc5efafb60700713d4fa609b777b # v0.0.1 github.com/spf13/viper be5ff3e4840cf692388bde7a057595a474ef379e golang.org/x/crypto 76eec36fa14229c4b25bb894c2d0e591527af429 golang.org/x/net 6a513affb38dc9788b449d59ffed099b8de18fa0 -golang.org/x/sys 739734461d1c916b6c72a63d7efda2b27edb369f +golang.org/x/sys 314a259e304ff91bd6985da2a7149bbf91237993 google.golang.org/grpc 708a7f9f3283aa2d4f6132d287d78683babe55c8 # v1.0.5 github.com/pkg/errors 839d9e913e063e28dfd0e6c7b7512793e0a48be9 -github.com/spf13/pflag cb88ea77998c3f024757528e3305022ab50b43be +github.com/spf13/pflag e57e3eeb33f795204c1ca35f56c44f83227c6e66 # v1.0.0 github.com/spf13/cast 4d07383ffe94b5e5a6fa3af9211374a4507a0184 gopkg.in/yaml.v2 bef53efd0c76e49e6de55ead051f886bea7e9420 gopkg.in/fatih/pool.v2 cba550ebf9bce999a02e963296d4bc7a486cb715