diff options
Diffstat (limited to '')
-rw-r--r-- | security/nss/lib/ckfw/ck.api | 541 |
1 files changed, 541 insertions, 0 deletions
diff --git a/security/nss/lib/ckfw/ck.api b/security/nss/lib/ckfw/ck.api new file mode 100644 index 0000000000..810e3db5cc --- /dev/null +++ b/security/nss/lib/ckfw/ck.api @@ -0,0 +1,541 @@ +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +# This file is in part derived from a file "pkcs11f.h" made available +# by RSA Security at ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/pkcs11f.h + +# Fields +# FUNCTION introduces a Cryptoki function +# CK_type specifies and introduces an argument +# + +# General-purpose + +# C_Initialize initializes the Cryptoki library. +FUNCTION C_Initialize +CK_VOID_PTR pInitArgs # if this is not NULL_PTR, it gets + # cast to CK_C_INITIALIZE_ARGS_PTR + # and dereferenced + +# C_Finalize indicates that an application is done with the +# Cryptoki library. +FUNCTION C_Finalize +CK_VOID_PTR pReserved # reserved. Should be NULL_PTR + +# C_GetInfo returns general information about Cryptoki. +FUNCTION C_GetInfo +CK_INFO_PTR pInfo # location that receives information + +# C_GetFunctionList returns the function list. +FUNCTION C_GetFunctionList +CK_FUNCTION_LIST_PTR_PTR ppFunctionList # receives pointer to function + # list + + +# Slot and token management + +# C_GetSlotList obtains a list of slots in the system. +FUNCTION C_GetSlotList +CK_BBOOL tokenPresent # only slots with tokens? +CK_SLOT_ID_PTR pSlotList # receives array of slot IDs +CK_ULONG_PTR pulCount # receives number of slots + +# C_GetSlotInfo obtains information about a particular slot in the +# system. +FUNCTION C_GetSlotInfo +CK_SLOT_ID slotID # the ID of the slot +CK_SLOT_INFO_PTR pInfo # receives the slot information + +# C_GetTokenInfo obtains information about a particular token in the +# system. +FUNCTION C_GetTokenInfo +CK_SLOT_ID slotID # ID of the token's slot +CK_TOKEN_INFO_PTR pInfo # receives the token information + +# C_GetMechanismList obtains a list of mechanism types supported by a +# token. +FUNCTION C_GetMechanismList +CK_SLOT_ID slotID # ID of token's slot +CK_MECHANISM_TYPE_PTR pMechanismList # gets mech. array +CK_ULONG_PTR pulCount # gets # of mechs. + +# C_GetMechanismInfo obtains information about a particular mechanism +# possibly supported by a token. +FUNCTION C_GetMechanismInfo +CK_SLOT_ID slotID # ID of the token's slot +CK_MECHANISM_TYPE type # type of mechanism +CK_MECHANISM_INFO_PTR pInfo # receives mechanism info + +# C_InitToken initializes a token. +FUNCTION C_InitToken +CK_SLOT_ID slotID # ID of the token's slot +CK_CHAR_PTR pPin # the SO's initial PIN +CK_ULONG ulPinLen # length in bytes of the PIN +CK_CHAR_PTR pLabel # 32-byte token label (blank padded) + +# C_InitPIN initializes the normal user's PIN. +FUNCTION C_InitPIN +CK_SESSION_HANDLE hSession # the session's handle +CK_CHAR_PTR pPin # the normal user's PIN +CK_ULONG ulPinLen # length in bytes of the PIN + +# C_SetPIN modifies the PIN of the user who is logged in. +FUNCTION C_SetPIN +CK_SESSION_HANDLE hSession # the session's handle +CK_CHAR_PTR pOldPin # the old PIN +CK_ULONG ulOldLen # length of the old PIN +CK_CHAR_PTR pNewPin # the new PIN +CK_ULONG ulNewLen # length of the new PIN + + +# Session management + +# C_OpenSession opens a session between an application and a token. +FUNCTION C_OpenSession +CK_SLOT_ID slotID # the slot's ID +CK_FLAGS flags # from CK_SESSION_INFO +CK_VOID_PTR pApplication # passed to callback +CK_NOTIFY Notify # callback function +CK_SESSION_HANDLE_PTR phSession # gets session handle + +# C_CloseSession closes a session between an application and a token. +FUNCTION C_CloseSession +CK_SESSION_HANDLE hSession # the session's handle + +# C_CloseAllSessions closes all sessions with a token. +FUNCTION C_CloseAllSessions +CK_SLOT_ID slotID # the token's slot + +# C_GetSessionInfo obtains information about the session. +FUNCTION C_GetSessionInfo +CK_SESSION_HANDLE hSession # the session's handle +CK_SESSION_INFO_PTR pInfo # receives session info + +# C_GetOperationState obtains the state of the cryptographic +# operation in a session. +FUNCTION C_GetOperationState +CK_SESSION_HANDLE hSession # session's handle +CK_BYTE_PTR pOperationState # gets state +CK_ULONG_PTR pulOperationStateLen # gets state length + +# C_SetOperationState restores the state of the cryptographic +# operation in a session. +FUNCTION C_SetOperationState +CK_SESSION_HANDLE hSession # session's handle +CK_BYTE_PTR pOperationState # holds state +CK_ULONG ulOperationStateLen # holds state length +CK_OBJECT_HANDLE hEncryptionKey # en/decryption key +CK_OBJECT_HANDLE hAuthenticationKey # sign/verify key + +# C_Login logs a user into a token. +FUNCTION C_Login +CK_SESSION_HANDLE hSession # the session's handle +CK_USER_TYPE userType # the user type +CK_CHAR_PTR pPin # the user's PIN +CK_ULONG ulPinLen # the length of the PIN + +# C_Logout logs a user out from a token. +FUNCTION C_Logout +CK_SESSION_HANDLE hSession # the session's handle + + +# Object management + +# C_CreateObject creates a new object. +FUNCTION C_CreateObject +CK_SESSION_HANDLE hSession # the session's handle +CK_ATTRIBUTE_PTR pTemplate # the object's template +CK_ULONG ulCount # attributes in template +CK_OBJECT_HANDLE_PTR phObject # gets new object's handle. + +# C_CopyObject copies an object, creating a new object for the copy. +FUNCTION C_CopyObject +CK_SESSION_HANDLE hSession # the session's handle +CK_OBJECT_HANDLE hObject # the object's handle +CK_ATTRIBUTE_PTR pTemplate # template for new object +CK_ULONG ulCount # attributes in template +CK_OBJECT_HANDLE_PTR phNewObject # receives handle of copy + +# C_DestroyObject destroys an object. +FUNCTION C_DestroyObject +CK_SESSION_HANDLE hSession # the session's handle +CK_OBJECT_HANDLE hObject # the object's handle + +# C_GetObjectSize gets the size of an object in bytes. +FUNCTION C_GetObjectSize +CK_SESSION_HANDLE hSession # the session's handle +CK_OBJECT_HANDLE hObject # the object's handle +CK_ULONG_PTR pulSize # receives size of object + +# C_GetAttributeValue obtains the value of one or more object +# attributes. +FUNCTION C_GetAttributeValue +CK_SESSION_HANDLE hSession # the session's handle +CK_OBJECT_HANDLE hObject # the object's handle +CK_ATTRIBUTE_PTR pTemplate # specifies attrs; gets vals +CK_ULONG ulCount # attributes in template + +# C_SetAttributeValue modifies the value of one or more object +# attributes +FUNCTION C_SetAttributeValue +CK_SESSION_HANDLE hSession # the session's handle +CK_OBJECT_HANDLE hObject # the object's handle +CK_ATTRIBUTE_PTR pTemplate # specifies attrs and values +CK_ULONG ulCount # attributes in template + +# C_FindObjectsInit initializes a search for token and session +# objects that match a template. +FUNCTION C_FindObjectsInit +CK_SESSION_HANDLE hSession # the session's handle +CK_ATTRIBUTE_PTR pTemplate # attribute values to match +CK_ULONG ulCount # attrs in search template + +# C_FindObjects continues a search for token and session objects that +# match a template, obtaining additional object handles. +FUNCTION C_FindObjects +CK_SESSION_HANDLE hSession # session's handle +CK_OBJECT_HANDLE_PTR phObject # gets obj. handles +CK_ULONG ulMaxObjectCount # max handles to get +CK_ULONG_PTR pulObjectCount # actual # returned + +# C_FindObjectsFinal finishes a search for token and session objects. +FUNCTION C_FindObjectsFinal +CK_SESSION_HANDLE hSession # the session's handle + + +# Encryption and decryption + +# C_EncryptInit initializes an encryption operation. +FUNCTION C_EncryptInit +CK_SESSION_HANDLE hSession # the session's handle +CK_MECHANISM_PTR pMechanism # the encryption mechanism +CK_OBJECT_HANDLE hKey # handle of encryption key + +# C_Encrypt encrypts single-part data. +FUNCTION C_Encrypt +CK_SESSION_HANDLE hSession # session's handle +CK_BYTE_PTR pData # the plaintext data +CK_ULONG ulDataLen # bytes of plaintext +CK_BYTE_PTR pEncryptedData # gets ciphertext +CK_ULONG_PTR pulEncryptedDataLen # gets c-text size + +# C_EncryptUpdate continues a multiple-part encryption operation. +FUNCTION C_EncryptUpdate +CK_SESSION_HANDLE hSession # session's handle +CK_BYTE_PTR pPart # the plaintext data +CK_ULONG ulPartLen # plaintext data len +CK_BYTE_PTR pEncryptedPart # gets ciphertext +CK_ULONG_PTR pulEncryptedPartLen # gets c-text size + +# C_EncryptFinal finishes a multiple-part encryption operation. +FUNCTION C_EncryptFinal +CK_SESSION_HANDLE hSession # session handle +CK_BYTE_PTR pLastEncryptedPart # last c-text +CK_ULONG_PTR pulLastEncryptedPartLen # gets last size + +# C_DecryptInit initializes a decryption operation. +FUNCTION C_DecryptInit +CK_SESSION_HANDLE hSession # the session's handle +CK_MECHANISM_PTR pMechanism # the decryption mechanism +CK_OBJECT_HANDLE hKey # handle of decryption key + +# C_Decrypt decrypts encrypted data in a single part. +FUNCTION C_Decrypt +CK_SESSION_HANDLE hSession # session's handle +CK_BYTE_PTR pEncryptedData # ciphertext +CK_ULONG ulEncryptedDataLen # ciphertext length +CK_BYTE_PTR pData # gets plaintext +CK_ULONG_PTR pulDataLen # gets p-text size + +# C_DecryptUpdate continues a multiple-part decryption operation. +FUNCTION C_DecryptUpdate +CK_SESSION_HANDLE hSession # session's handle +CK_BYTE_PTR pEncryptedPart # encrypted data +CK_ULONG ulEncryptedPartLen # input length +CK_BYTE_PTR pPart # gets plaintext +CK_ULONG_PTR pulPartLen # p-text size + +# C_DecryptFinal finishes a multiple-part decryption operation. +FUNCTION C_DecryptFinal +CK_SESSION_HANDLE hSession # the session's handle +CK_BYTE_PTR pLastPart # gets plaintext +CK_ULONG_PTR pulLastPartLen # p-text size + + +# Message digesting + +# C_DigestInit initializes a message-digesting operation. +FUNCTION C_DigestInit +CK_SESSION_HANDLE hSession # the session's handle +CK_MECHANISM_PTR pMechanism # the digesting mechanism + +# C_Digest digests data in a single part. +FUNCTION C_Digest +CK_SESSION_HANDLE hSession # the session's handle +CK_BYTE_PTR pData # data to be digested +CK_ULONG ulDataLen # bytes of data to digest +CK_BYTE_PTR pDigest # gets the message digest +CK_ULONG_PTR pulDigestLen # gets digest length + +# C_DigestUpdate continues a multiple-part message-digesting operation. +FUNCTION C_DigestUpdate +CK_SESSION_HANDLE hSession # the session's handle +CK_BYTE_PTR pPart # data to be digested +CK_ULONG ulPartLen # bytes of data to be digested + +# C_DigestKey continues a multi-part message-digesting operation, by +# digesting the value of a secret key as part of the data already +# digested. +FUNCTION C_DigestKey +CK_SESSION_HANDLE hSession # the session's handle +CK_OBJECT_HANDLE hKey # secret key to digest + +# C_DigestFinal finishes a multiple-part message-digesting operation. +FUNCTION C_DigestFinal +CK_SESSION_HANDLE hSession # the session's handle +CK_BYTE_PTR pDigest # gets the message digest +CK_ULONG_PTR pulDigestLen # gets byte count of digest + + +# Signing and MACing + +# C_SignInit initializes a signature (private key encryption) +# operation, where the signature is (will be) an appendix to the +# data, and plaintext cannot be recovered from the signature. +FUNCTION C_SignInit +CK_SESSION_HANDLE hSession # the session's handle +CK_MECHANISM_PTR pMechanism # the signature mechanism +CK_OBJECT_HANDLE hKey # handle of signature key + +# C_Sign signs (encrypts with private key) data in a single part, +# where the signature is (will be) an appendix to the data, and +# plaintext cannot be recovered from the signature. +FUNCTION C_Sign +CK_SESSION_HANDLE hSession # the session's handle +CK_BYTE_PTR pData # the data to sign +CK_ULONG ulDataLen # count of bytes to sign +CK_BYTE_PTR pSignature # gets the signature +CK_ULONG_PTR pulSignatureLen # gets signature length + +# C_SignUpdate continues a multiple-part signature operation, where +# the signature is (will be) an appendix to the data, and plaintext +# cannot be recovered from the signature. +FUNCTION C_SignUpdate +CK_SESSION_HANDLE hSession # the session's handle +CK_BYTE_PTR pPart # the data to sign +CK_ULONG ulPartLen # count of bytes to sign + +# C_SignFinal finishes a multiple-part signature operation, returning +# the signature. +FUNCTION C_SignFinal +CK_SESSION_HANDLE hSession # the session's handle +CK_BYTE_PTR pSignature # gets the signature +CK_ULONG_PTR pulSignatureLen # gets signature length + +# C_SignRecoverInit initializes a signature operation, where the data +# can be recovered from the signature. +FUNCTION C_SignRecoverInit +CK_SESSION_HANDLE hSession # the session's handle +CK_MECHANISM_PTR pMechanism # the signature mechanism +CK_OBJECT_HANDLE hKey # handle of the signature key + +# C_SignRecover signs data in a single operation, where the data can +# be recovered from the signature. +FUNCTION C_SignRecover +CK_SESSION_HANDLE hSession # the session's handle +CK_BYTE_PTR pData # the data to sign +CK_ULONG ulDataLen # count of bytes to sign +CK_BYTE_PTR pSignature # gets the signature +CK_ULONG_PTR pulSignatureLen # gets signature length + + +# Verifying signatures and MACs + +# C_VerifyInit initializes a verification operation, where the +# signature is an appendix to the data, and plaintext cannot cannot +# be recovered from the signature (e.g. DSA). +FUNCTION C_VerifyInit +CK_SESSION_HANDLE hSession # the session's handle +CK_MECHANISM_PTR pMechanism # the verification mechanism +CK_OBJECT_HANDLE hKey # verification key + +# C_Verify verifies a signature in a single-part operation, where the +# signature is an appendix to the data, and plaintext cannot be +# recovered from the signature. +FUNCTION C_Verify +CK_SESSION_HANDLE hSession # the session's handle +CK_BYTE_PTR pData # signed data +CK_ULONG ulDataLen # length of signed data +CK_BYTE_PTR pSignature # signature +CK_ULONG ulSignatureLen # signature length + +# C_VerifyUpdate continues a multiple-part verification operation, +# where the signature is an appendix to the data, and plaintext cannot be +# recovered from the signature. +FUNCTION C_VerifyUpdate +CK_SESSION_HANDLE hSession # the session's handle +CK_BYTE_PTR pPart # signed data +CK_ULONG ulPartLen # length of signed data + +# C_VerifyFinal finishes a multiple-part verification operation, +# checking the signature. +FUNCTION C_VerifyFinal +CK_SESSION_HANDLE hSession # the session's handle +CK_BYTE_PTR pSignature # signature to verify +CK_ULONG ulSignatureLen # signature length + +# C_VerifyRecoverInit initializes a signature verification operation, +# where the data is recovered from the signature. +FUNCTION C_VerifyRecoverInit +CK_SESSION_HANDLE hSession # the session's handle +CK_MECHANISM_PTR pMechanism # the verification mechanism +CK_OBJECT_HANDLE hKey # verification key + +# C_VerifyRecover verifies a signature in a single-part operation, +# where the data is recovered from the signature. +FUNCTION C_VerifyRecover +CK_SESSION_HANDLE hSession # the session's handle +CK_BYTE_PTR pSignature # signature to verify +CK_ULONG ulSignatureLen # signature length +CK_BYTE_PTR pData # gets signed data +CK_ULONG_PTR pulDataLen # gets signed data len + + +# Dual-function cryptographic operations + +# C_DigestEncryptUpdate continues a multiple-part digesting and +# encryption operation. +FUNCTION C_DigestEncryptUpdate +CK_SESSION_HANDLE hSession # session's handle +CK_BYTE_PTR pPart # the plaintext data +CK_ULONG ulPartLen # plaintext length +CK_BYTE_PTR pEncryptedPart # gets ciphertext +CK_ULONG_PTR pulEncryptedPartLen # gets c-text length + +# C_DecryptDigestUpdate continues a multiple-part decryption and +# digesting operation. +FUNCTION C_DecryptDigestUpdate +CK_SESSION_HANDLE hSession # session's handle +CK_BYTE_PTR pEncryptedPart # ciphertext +CK_ULONG ulEncryptedPartLen # ciphertext length +CK_BYTE_PTR pPart # gets plaintext +CK_ULONG_PTR pulPartLen # gets plaintext len + +# C_SignEncryptUpdate continues a multiple-part signing and +# encryption operation. +FUNCTION C_SignEncryptUpdate +CK_SESSION_HANDLE hSession # session's handle +CK_BYTE_PTR pPart # the plaintext data +CK_ULONG ulPartLen # plaintext length +CK_BYTE_PTR pEncryptedPart # gets ciphertext +CK_ULONG_PTR pulEncryptedPartLen # gets c-text length + +# C_DecryptVerifyUpdate continues a multiple-part decryption and +# verify operation. +FUNCTION C_DecryptVerifyUpdate +CK_SESSION_HANDLE hSession # session's handle +CK_BYTE_PTR pEncryptedPart # ciphertext +CK_ULONG ulEncryptedPartLen # ciphertext length +CK_BYTE_PTR pPart # gets plaintext +CK_ULONG_PTR pulPartLen # gets p-text length + + +# Key management + +# C_GenerateKey generates a secret key, creating a new key object. +FUNCTION C_GenerateKey +CK_SESSION_HANDLE hSession # the session's handle +CK_MECHANISM_PTR pMechanism # key generation mech. +CK_ATTRIBUTE_PTR pTemplate # template for new key +CK_ULONG ulCount # # of attrs in template +CK_OBJECT_HANDLE_PTR phKey # gets handle of new key + +# C_GenerateKeyPair generates a public-key/private-key pair, creating +# new key objects. +FUNCTION C_GenerateKeyPair +CK_SESSION_HANDLE hSession # session handle +CK_MECHANISM_PTR pMechanism # key-gen mech. +CK_ATTRIBUTE_PTR pPublicKeyTemplate # template for pub. key +CK_ULONG ulPublicKeyAttributeCount # # pub. attrs. +CK_ATTRIBUTE_PTR pPrivateKeyTemplate # template for priv. key +CK_ULONG ulPrivateKeyAttributeCount # # priv. attrs. +CK_OBJECT_HANDLE_PTR phPublicKey # gets pub. key handle +CK_OBJECT_HANDLE_PTR phPrivateKey # gets priv. key handle + +# C_WrapKey wraps (i.e., encrypts) a key. +FUNCTION C_WrapKey +CK_SESSION_HANDLE hSession # the session's handle +CK_MECHANISM_PTR pMechanism # the wrapping mechanism +CK_OBJECT_HANDLE hWrappingKey # wrapping key +CK_OBJECT_HANDLE hKey # key to be wrapped +CK_BYTE_PTR pWrappedKey # gets wrapped key +CK_ULONG_PTR pulWrappedKeyLen # gets wrapped key size + +# C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new key +# object. +FUNCTION C_UnwrapKey +CK_SESSION_HANDLE hSession # session's handle +CK_MECHANISM_PTR pMechanism # unwrapping mech. +CK_OBJECT_HANDLE hUnwrappingKey # unwrapping key +CK_BYTE_PTR pWrappedKey # the wrapped key +CK_ULONG ulWrappedKeyLen # wrapped key len +CK_ATTRIBUTE_PTR pTemplate # new key template +CK_ULONG ulAttributeCount # template length +CK_OBJECT_HANDLE_PTR phKey # gets new handle + +# C_DeriveKey derives a key from a base key, creating a new key object. +FUNCTION C_DeriveKey +CK_SESSION_HANDLE hSession # session's handle +CK_MECHANISM_PTR pMechanism # key deriv. mech. +CK_OBJECT_HANDLE hBaseKey # base key +CK_ATTRIBUTE_PTR pTemplate # new key template +CK_ULONG ulAttributeCount # template length +CK_OBJECT_HANDLE_PTR phKey # gets new handle + + +# Random number generation + +# C_SeedRandom mixes additional seed material into the token's random +# number generator. +FUNCTION C_SeedRandom +CK_SESSION_HANDLE hSession # the session's handle +CK_BYTE_PTR pSeed # the seed material +CK_ULONG ulSeedLen # length of seed material + +# C_GenerateRandom generates random data. +FUNCTION C_GenerateRandom +CK_SESSION_HANDLE hSession # the session's handle +CK_BYTE_PTR RandomData # receives the random data +CK_ULONG ulRandomLen # # of bytes to generate + + +# Parallel function management + +# C_GetFunctionStatus is a legacy function; it obtains an updated +# status of a function running in parallel with an application. +FUNCTION C_GetFunctionStatus +CK_SESSION_HANDLE hSession # the session's handle + +# C_CancelFunction is a legacy function; it cancels a function running +# in parallel. +FUNCTION C_CancelFunction +CK_SESSION_HANDLE hSession # the session's handle + + +# Functions added in for Cryptoki Version 2.01 or later + +# C_WaitForSlotEvent waits for a slot event (token insertion, removal, +# etc.) to occur. +FUNCTION C_WaitForSlotEvent +CK_FLAGS flags # blocking/nonblocking flag +CK_SLOT_ID_PTR pSlot # location that receives the slot ID +CK_VOID_PTR pRserved # reserved. Should be NULL_PTR + +## C_ConfigureSlot passes an installation-specified bytestring to a +## slot. +#FUNCTION C_ConfigureSlot +#CK_SLOT_ID slotID # the slot to configure +#CK_BYTE_PTR pConfig # the configuration string +#CK_ULONG ulConfigLen # length of the config string |