summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/ckfw/ck.api
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--security/nss/lib/ckfw/ck.api541
1 files changed, 541 insertions, 0 deletions
diff --git a/security/nss/lib/ckfw/ck.api b/security/nss/lib/ckfw/ck.api
new file mode 100644
index 0000000000..810e3db5cc
--- /dev/null
+++ b/security/nss/lib/ckfw/ck.api
@@ -0,0 +1,541 @@
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# This file is in part derived from a file "pkcs11f.h" made available
+# by RSA Security at ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/pkcs11f.h
+
+# Fields
+# FUNCTION introduces a Cryptoki function
+# CK_type specifies and introduces an argument
+#
+
+# General-purpose
+
+# C_Initialize initializes the Cryptoki library.
+FUNCTION C_Initialize
+CK_VOID_PTR pInitArgs # if this is not NULL_PTR, it gets
+ # cast to CK_C_INITIALIZE_ARGS_PTR
+ # and dereferenced
+
+# C_Finalize indicates that an application is done with the
+# Cryptoki library.
+FUNCTION C_Finalize
+CK_VOID_PTR pReserved # reserved. Should be NULL_PTR
+
+# C_GetInfo returns general information about Cryptoki.
+FUNCTION C_GetInfo
+CK_INFO_PTR pInfo # location that receives information
+
+# C_GetFunctionList returns the function list.
+FUNCTION C_GetFunctionList
+CK_FUNCTION_LIST_PTR_PTR ppFunctionList # receives pointer to function
+ # list
+
+
+# Slot and token management
+
+# C_GetSlotList obtains a list of slots in the system.
+FUNCTION C_GetSlotList
+CK_BBOOL tokenPresent # only slots with tokens?
+CK_SLOT_ID_PTR pSlotList # receives array of slot IDs
+CK_ULONG_PTR pulCount # receives number of slots
+
+# C_GetSlotInfo obtains information about a particular slot in the
+# system.
+FUNCTION C_GetSlotInfo
+CK_SLOT_ID slotID # the ID of the slot
+CK_SLOT_INFO_PTR pInfo # receives the slot information
+
+# C_GetTokenInfo obtains information about a particular token in the
+# system.
+FUNCTION C_GetTokenInfo
+CK_SLOT_ID slotID # ID of the token's slot
+CK_TOKEN_INFO_PTR pInfo # receives the token information
+
+# C_GetMechanismList obtains a list of mechanism types supported by a
+# token.
+FUNCTION C_GetMechanismList
+CK_SLOT_ID slotID # ID of token's slot
+CK_MECHANISM_TYPE_PTR pMechanismList # gets mech. array
+CK_ULONG_PTR pulCount # gets # of mechs.
+
+# C_GetMechanismInfo obtains information about a particular mechanism
+# possibly supported by a token.
+FUNCTION C_GetMechanismInfo
+CK_SLOT_ID slotID # ID of the token's slot
+CK_MECHANISM_TYPE type # type of mechanism
+CK_MECHANISM_INFO_PTR pInfo # receives mechanism info
+
+# C_InitToken initializes a token.
+FUNCTION C_InitToken
+CK_SLOT_ID slotID # ID of the token's slot
+CK_CHAR_PTR pPin # the SO's initial PIN
+CK_ULONG ulPinLen # length in bytes of the PIN
+CK_CHAR_PTR pLabel # 32-byte token label (blank padded)
+
+# C_InitPIN initializes the normal user's PIN.
+FUNCTION C_InitPIN
+CK_SESSION_HANDLE hSession # the session's handle
+CK_CHAR_PTR pPin # the normal user's PIN
+CK_ULONG ulPinLen # length in bytes of the PIN
+
+# C_SetPIN modifies the PIN of the user who is logged in.
+FUNCTION C_SetPIN
+CK_SESSION_HANDLE hSession # the session's handle
+CK_CHAR_PTR pOldPin # the old PIN
+CK_ULONG ulOldLen # length of the old PIN
+CK_CHAR_PTR pNewPin # the new PIN
+CK_ULONG ulNewLen # length of the new PIN
+
+
+# Session management
+
+# C_OpenSession opens a session between an application and a token.
+FUNCTION C_OpenSession
+CK_SLOT_ID slotID # the slot's ID
+CK_FLAGS flags # from CK_SESSION_INFO
+CK_VOID_PTR pApplication # passed to callback
+CK_NOTIFY Notify # callback function
+CK_SESSION_HANDLE_PTR phSession # gets session handle
+
+# C_CloseSession closes a session between an application and a token.
+FUNCTION C_CloseSession
+CK_SESSION_HANDLE hSession # the session's handle
+
+# C_CloseAllSessions closes all sessions with a token.
+FUNCTION C_CloseAllSessions
+CK_SLOT_ID slotID # the token's slot
+
+# C_GetSessionInfo obtains information about the session.
+FUNCTION C_GetSessionInfo
+CK_SESSION_HANDLE hSession # the session's handle
+CK_SESSION_INFO_PTR pInfo # receives session info
+
+# C_GetOperationState obtains the state of the cryptographic
+# operation in a session.
+FUNCTION C_GetOperationState
+CK_SESSION_HANDLE hSession # session's handle
+CK_BYTE_PTR pOperationState # gets state
+CK_ULONG_PTR pulOperationStateLen # gets state length
+
+# C_SetOperationState restores the state of the cryptographic
+# operation in a session.
+FUNCTION C_SetOperationState
+CK_SESSION_HANDLE hSession # session's handle
+CK_BYTE_PTR pOperationState # holds state
+CK_ULONG ulOperationStateLen # holds state length
+CK_OBJECT_HANDLE hEncryptionKey # en/decryption key
+CK_OBJECT_HANDLE hAuthenticationKey # sign/verify key
+
+# C_Login logs a user into a token.
+FUNCTION C_Login
+CK_SESSION_HANDLE hSession # the session's handle
+CK_USER_TYPE userType # the user type
+CK_CHAR_PTR pPin # the user's PIN
+CK_ULONG ulPinLen # the length of the PIN
+
+# C_Logout logs a user out from a token.
+FUNCTION C_Logout
+CK_SESSION_HANDLE hSession # the session's handle
+
+
+# Object management
+
+# C_CreateObject creates a new object.
+FUNCTION C_CreateObject
+CK_SESSION_HANDLE hSession # the session's handle
+CK_ATTRIBUTE_PTR pTemplate # the object's template
+CK_ULONG ulCount # attributes in template
+CK_OBJECT_HANDLE_PTR phObject # gets new object's handle.
+
+# C_CopyObject copies an object, creating a new object for the copy.
+FUNCTION C_CopyObject
+CK_SESSION_HANDLE hSession # the session's handle
+CK_OBJECT_HANDLE hObject # the object's handle
+CK_ATTRIBUTE_PTR pTemplate # template for new object
+CK_ULONG ulCount # attributes in template
+CK_OBJECT_HANDLE_PTR phNewObject # receives handle of copy
+
+# C_DestroyObject destroys an object.
+FUNCTION C_DestroyObject
+CK_SESSION_HANDLE hSession # the session's handle
+CK_OBJECT_HANDLE hObject # the object's handle
+
+# C_GetObjectSize gets the size of an object in bytes.
+FUNCTION C_GetObjectSize
+CK_SESSION_HANDLE hSession # the session's handle
+CK_OBJECT_HANDLE hObject # the object's handle
+CK_ULONG_PTR pulSize # receives size of object
+
+# C_GetAttributeValue obtains the value of one or more object
+# attributes.
+FUNCTION C_GetAttributeValue
+CK_SESSION_HANDLE hSession # the session's handle
+CK_OBJECT_HANDLE hObject # the object's handle
+CK_ATTRIBUTE_PTR pTemplate # specifies attrs; gets vals
+CK_ULONG ulCount # attributes in template
+
+# C_SetAttributeValue modifies the value of one or more object
+# attributes
+FUNCTION C_SetAttributeValue
+CK_SESSION_HANDLE hSession # the session's handle
+CK_OBJECT_HANDLE hObject # the object's handle
+CK_ATTRIBUTE_PTR pTemplate # specifies attrs and values
+CK_ULONG ulCount # attributes in template
+
+# C_FindObjectsInit initializes a search for token and session
+# objects that match a template.
+FUNCTION C_FindObjectsInit
+CK_SESSION_HANDLE hSession # the session's handle
+CK_ATTRIBUTE_PTR pTemplate # attribute values to match
+CK_ULONG ulCount # attrs in search template
+
+# C_FindObjects continues a search for token and session objects that
+# match a template, obtaining additional object handles.
+FUNCTION C_FindObjects
+CK_SESSION_HANDLE hSession # session's handle
+CK_OBJECT_HANDLE_PTR phObject # gets obj. handles
+CK_ULONG ulMaxObjectCount # max handles to get
+CK_ULONG_PTR pulObjectCount # actual # returned
+
+# C_FindObjectsFinal finishes a search for token and session objects.
+FUNCTION C_FindObjectsFinal
+CK_SESSION_HANDLE hSession # the session's handle
+
+
+# Encryption and decryption
+
+# C_EncryptInit initializes an encryption operation.
+FUNCTION C_EncryptInit
+CK_SESSION_HANDLE hSession # the session's handle
+CK_MECHANISM_PTR pMechanism # the encryption mechanism
+CK_OBJECT_HANDLE hKey # handle of encryption key
+
+# C_Encrypt encrypts single-part data.
+FUNCTION C_Encrypt
+CK_SESSION_HANDLE hSession # session's handle
+CK_BYTE_PTR pData # the plaintext data
+CK_ULONG ulDataLen # bytes of plaintext
+CK_BYTE_PTR pEncryptedData # gets ciphertext
+CK_ULONG_PTR pulEncryptedDataLen # gets c-text size
+
+# C_EncryptUpdate continues a multiple-part encryption operation.
+FUNCTION C_EncryptUpdate
+CK_SESSION_HANDLE hSession # session's handle
+CK_BYTE_PTR pPart # the plaintext data
+CK_ULONG ulPartLen # plaintext data len
+CK_BYTE_PTR pEncryptedPart # gets ciphertext
+CK_ULONG_PTR pulEncryptedPartLen # gets c-text size
+
+# C_EncryptFinal finishes a multiple-part encryption operation.
+FUNCTION C_EncryptFinal
+CK_SESSION_HANDLE hSession # session handle
+CK_BYTE_PTR pLastEncryptedPart # last c-text
+CK_ULONG_PTR pulLastEncryptedPartLen # gets last size
+
+# C_DecryptInit initializes a decryption operation.
+FUNCTION C_DecryptInit
+CK_SESSION_HANDLE hSession # the session's handle
+CK_MECHANISM_PTR pMechanism # the decryption mechanism
+CK_OBJECT_HANDLE hKey # handle of decryption key
+
+# C_Decrypt decrypts encrypted data in a single part.
+FUNCTION C_Decrypt
+CK_SESSION_HANDLE hSession # session's handle
+CK_BYTE_PTR pEncryptedData # ciphertext
+CK_ULONG ulEncryptedDataLen # ciphertext length
+CK_BYTE_PTR pData # gets plaintext
+CK_ULONG_PTR pulDataLen # gets p-text size
+
+# C_DecryptUpdate continues a multiple-part decryption operation.
+FUNCTION C_DecryptUpdate
+CK_SESSION_HANDLE hSession # session's handle
+CK_BYTE_PTR pEncryptedPart # encrypted data
+CK_ULONG ulEncryptedPartLen # input length
+CK_BYTE_PTR pPart # gets plaintext
+CK_ULONG_PTR pulPartLen # p-text size
+
+# C_DecryptFinal finishes a multiple-part decryption operation.
+FUNCTION C_DecryptFinal
+CK_SESSION_HANDLE hSession # the session's handle
+CK_BYTE_PTR pLastPart # gets plaintext
+CK_ULONG_PTR pulLastPartLen # p-text size
+
+
+# Message digesting
+
+# C_DigestInit initializes a message-digesting operation.
+FUNCTION C_DigestInit
+CK_SESSION_HANDLE hSession # the session's handle
+CK_MECHANISM_PTR pMechanism # the digesting mechanism
+
+# C_Digest digests data in a single part.
+FUNCTION C_Digest
+CK_SESSION_HANDLE hSession # the session's handle
+CK_BYTE_PTR pData # data to be digested
+CK_ULONG ulDataLen # bytes of data to digest
+CK_BYTE_PTR pDigest # gets the message digest
+CK_ULONG_PTR pulDigestLen # gets digest length
+
+# C_DigestUpdate continues a multiple-part message-digesting operation.
+FUNCTION C_DigestUpdate
+CK_SESSION_HANDLE hSession # the session's handle
+CK_BYTE_PTR pPart # data to be digested
+CK_ULONG ulPartLen # bytes of data to be digested
+
+# C_DigestKey continues a multi-part message-digesting operation, by
+# digesting the value of a secret key as part of the data already
+# digested.
+FUNCTION C_DigestKey
+CK_SESSION_HANDLE hSession # the session's handle
+CK_OBJECT_HANDLE hKey # secret key to digest
+
+# C_DigestFinal finishes a multiple-part message-digesting operation.
+FUNCTION C_DigestFinal
+CK_SESSION_HANDLE hSession # the session's handle
+CK_BYTE_PTR pDigest # gets the message digest
+CK_ULONG_PTR pulDigestLen # gets byte count of digest
+
+
+# Signing and MACing
+
+# C_SignInit initializes a signature (private key encryption)
+# operation, where the signature is (will be) an appendix to the
+# data, and plaintext cannot be recovered from the signature.
+FUNCTION C_SignInit
+CK_SESSION_HANDLE hSession # the session's handle
+CK_MECHANISM_PTR pMechanism # the signature mechanism
+CK_OBJECT_HANDLE hKey # handle of signature key
+
+# C_Sign signs (encrypts with private key) data in a single part,
+# where the signature is (will be) an appendix to the data, and
+# plaintext cannot be recovered from the signature.
+FUNCTION C_Sign
+CK_SESSION_HANDLE hSession # the session's handle
+CK_BYTE_PTR pData # the data to sign
+CK_ULONG ulDataLen # count of bytes to sign
+CK_BYTE_PTR pSignature # gets the signature
+CK_ULONG_PTR pulSignatureLen # gets signature length
+
+# C_SignUpdate continues a multiple-part signature operation, where
+# the signature is (will be) an appendix to the data, and plaintext
+# cannot be recovered from the signature.
+FUNCTION C_SignUpdate
+CK_SESSION_HANDLE hSession # the session's handle
+CK_BYTE_PTR pPart # the data to sign
+CK_ULONG ulPartLen # count of bytes to sign
+
+# C_SignFinal finishes a multiple-part signature operation, returning
+# the signature.
+FUNCTION C_SignFinal
+CK_SESSION_HANDLE hSession # the session's handle
+CK_BYTE_PTR pSignature # gets the signature
+CK_ULONG_PTR pulSignatureLen # gets signature length
+
+# C_SignRecoverInit initializes a signature operation, where the data
+# can be recovered from the signature.
+FUNCTION C_SignRecoverInit
+CK_SESSION_HANDLE hSession # the session's handle
+CK_MECHANISM_PTR pMechanism # the signature mechanism
+CK_OBJECT_HANDLE hKey # handle of the signature key
+
+# C_SignRecover signs data in a single operation, where the data can
+# be recovered from the signature.
+FUNCTION C_SignRecover
+CK_SESSION_HANDLE hSession # the session's handle
+CK_BYTE_PTR pData # the data to sign
+CK_ULONG ulDataLen # count of bytes to sign
+CK_BYTE_PTR pSignature # gets the signature
+CK_ULONG_PTR pulSignatureLen # gets signature length
+
+
+# Verifying signatures and MACs
+
+# C_VerifyInit initializes a verification operation, where the
+# signature is an appendix to the data, and plaintext cannot cannot
+# be recovered from the signature (e.g. DSA).
+FUNCTION C_VerifyInit
+CK_SESSION_HANDLE hSession # the session's handle
+CK_MECHANISM_PTR pMechanism # the verification mechanism
+CK_OBJECT_HANDLE hKey # verification key
+
+# C_Verify verifies a signature in a single-part operation, where the
+# signature is an appendix to the data, and plaintext cannot be
+# recovered from the signature.
+FUNCTION C_Verify
+CK_SESSION_HANDLE hSession # the session's handle
+CK_BYTE_PTR pData # signed data
+CK_ULONG ulDataLen # length of signed data
+CK_BYTE_PTR pSignature # signature
+CK_ULONG ulSignatureLen # signature length
+
+# C_VerifyUpdate continues a multiple-part verification operation,
+# where the signature is an appendix to the data, and plaintext cannot be
+# recovered from the signature.
+FUNCTION C_VerifyUpdate
+CK_SESSION_HANDLE hSession # the session's handle
+CK_BYTE_PTR pPart # signed data
+CK_ULONG ulPartLen # length of signed data
+
+# C_VerifyFinal finishes a multiple-part verification operation,
+# checking the signature.
+FUNCTION C_VerifyFinal
+CK_SESSION_HANDLE hSession # the session's handle
+CK_BYTE_PTR pSignature # signature to verify
+CK_ULONG ulSignatureLen # signature length
+
+# C_VerifyRecoverInit initializes a signature verification operation,
+# where the data is recovered from the signature.
+FUNCTION C_VerifyRecoverInit
+CK_SESSION_HANDLE hSession # the session's handle
+CK_MECHANISM_PTR pMechanism # the verification mechanism
+CK_OBJECT_HANDLE hKey # verification key
+
+# C_VerifyRecover verifies a signature in a single-part operation,
+# where the data is recovered from the signature.
+FUNCTION C_VerifyRecover
+CK_SESSION_HANDLE hSession # the session's handle
+CK_BYTE_PTR pSignature # signature to verify
+CK_ULONG ulSignatureLen # signature length
+CK_BYTE_PTR pData # gets signed data
+CK_ULONG_PTR pulDataLen # gets signed data len
+
+
+# Dual-function cryptographic operations
+
+# C_DigestEncryptUpdate continues a multiple-part digesting and
+# encryption operation.
+FUNCTION C_DigestEncryptUpdate
+CK_SESSION_HANDLE hSession # session's handle
+CK_BYTE_PTR pPart # the plaintext data
+CK_ULONG ulPartLen # plaintext length
+CK_BYTE_PTR pEncryptedPart # gets ciphertext
+CK_ULONG_PTR pulEncryptedPartLen # gets c-text length
+
+# C_DecryptDigestUpdate continues a multiple-part decryption and
+# digesting operation.
+FUNCTION C_DecryptDigestUpdate
+CK_SESSION_HANDLE hSession # session's handle
+CK_BYTE_PTR pEncryptedPart # ciphertext
+CK_ULONG ulEncryptedPartLen # ciphertext length
+CK_BYTE_PTR pPart # gets plaintext
+CK_ULONG_PTR pulPartLen # gets plaintext len
+
+# C_SignEncryptUpdate continues a multiple-part signing and
+# encryption operation.
+FUNCTION C_SignEncryptUpdate
+CK_SESSION_HANDLE hSession # session's handle
+CK_BYTE_PTR pPart # the plaintext data
+CK_ULONG ulPartLen # plaintext length
+CK_BYTE_PTR pEncryptedPart # gets ciphertext
+CK_ULONG_PTR pulEncryptedPartLen # gets c-text length
+
+# C_DecryptVerifyUpdate continues a multiple-part decryption and
+# verify operation.
+FUNCTION C_DecryptVerifyUpdate
+CK_SESSION_HANDLE hSession # session's handle
+CK_BYTE_PTR pEncryptedPart # ciphertext
+CK_ULONG ulEncryptedPartLen # ciphertext length
+CK_BYTE_PTR pPart # gets plaintext
+CK_ULONG_PTR pulPartLen # gets p-text length
+
+
+# Key management
+
+# C_GenerateKey generates a secret key, creating a new key object.
+FUNCTION C_GenerateKey
+CK_SESSION_HANDLE hSession # the session's handle
+CK_MECHANISM_PTR pMechanism # key generation mech.
+CK_ATTRIBUTE_PTR pTemplate # template for new key
+CK_ULONG ulCount # # of attrs in template
+CK_OBJECT_HANDLE_PTR phKey # gets handle of new key
+
+# C_GenerateKeyPair generates a public-key/private-key pair, creating
+# new key objects.
+FUNCTION C_GenerateKeyPair
+CK_SESSION_HANDLE hSession # session handle
+CK_MECHANISM_PTR pMechanism # key-gen mech.
+CK_ATTRIBUTE_PTR pPublicKeyTemplate # template for pub. key
+CK_ULONG ulPublicKeyAttributeCount # # pub. attrs.
+CK_ATTRIBUTE_PTR pPrivateKeyTemplate # template for priv. key
+CK_ULONG ulPrivateKeyAttributeCount # # priv. attrs.
+CK_OBJECT_HANDLE_PTR phPublicKey # gets pub. key handle
+CK_OBJECT_HANDLE_PTR phPrivateKey # gets priv. key handle
+
+# C_WrapKey wraps (i.e., encrypts) a key.
+FUNCTION C_WrapKey
+CK_SESSION_HANDLE hSession # the session's handle
+CK_MECHANISM_PTR pMechanism # the wrapping mechanism
+CK_OBJECT_HANDLE hWrappingKey # wrapping key
+CK_OBJECT_HANDLE hKey # key to be wrapped
+CK_BYTE_PTR pWrappedKey # gets wrapped key
+CK_ULONG_PTR pulWrappedKeyLen # gets wrapped key size
+
+# C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new key
+# object.
+FUNCTION C_UnwrapKey
+CK_SESSION_HANDLE hSession # session's handle
+CK_MECHANISM_PTR pMechanism # unwrapping mech.
+CK_OBJECT_HANDLE hUnwrappingKey # unwrapping key
+CK_BYTE_PTR pWrappedKey # the wrapped key
+CK_ULONG ulWrappedKeyLen # wrapped key len
+CK_ATTRIBUTE_PTR pTemplate # new key template
+CK_ULONG ulAttributeCount # template length
+CK_OBJECT_HANDLE_PTR phKey # gets new handle
+
+# C_DeriveKey derives a key from a base key, creating a new key object.
+FUNCTION C_DeriveKey
+CK_SESSION_HANDLE hSession # session's handle
+CK_MECHANISM_PTR pMechanism # key deriv. mech.
+CK_OBJECT_HANDLE hBaseKey # base key
+CK_ATTRIBUTE_PTR pTemplate # new key template
+CK_ULONG ulAttributeCount # template length
+CK_OBJECT_HANDLE_PTR phKey # gets new handle
+
+
+# Random number generation
+
+# C_SeedRandom mixes additional seed material into the token's random
+# number generator.
+FUNCTION C_SeedRandom
+CK_SESSION_HANDLE hSession # the session's handle
+CK_BYTE_PTR pSeed # the seed material
+CK_ULONG ulSeedLen # length of seed material
+
+# C_GenerateRandom generates random data.
+FUNCTION C_GenerateRandom
+CK_SESSION_HANDLE hSession # the session's handle
+CK_BYTE_PTR RandomData # receives the random data
+CK_ULONG ulRandomLen # # of bytes to generate
+
+
+# Parallel function management
+
+# C_GetFunctionStatus is a legacy function; it obtains an updated
+# status of a function running in parallel with an application.
+FUNCTION C_GetFunctionStatus
+CK_SESSION_HANDLE hSession # the session's handle
+
+# C_CancelFunction is a legacy function; it cancels a function running
+# in parallel.
+FUNCTION C_CancelFunction
+CK_SESSION_HANDLE hSession # the session's handle
+
+
+# Functions added in for Cryptoki Version 2.01 or later
+
+# C_WaitForSlotEvent waits for a slot event (token insertion, removal,
+# etc.) to occur.
+FUNCTION C_WaitForSlotEvent
+CK_FLAGS flags # blocking/nonblocking flag
+CK_SLOT_ID_PTR pSlot # location that receives the slot ID
+CK_VOID_PTR pRserved # reserved. Should be NULL_PTR
+
+## C_ConfigureSlot passes an installation-specified bytestring to a
+## slot.
+#FUNCTION C_ConfigureSlot
+#CK_SLOT_ID slotID # the slot to configure
+#CK_BYTE_PTR pConfig # the configuration string
+#CK_ULONG ulConfigLen # length of the config string