palemoon-dev/platform/security/nss/lib/ckfw/ck.api

# 
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

# This file is in part derived from a file "pkcs11f.h" made available
# by RSA Security at ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/pkcs11f.h

# Fields
#  FUNCTION introduces a Cryptoki function
#  CK_type specifies and introduces an argument
#

# General-purpose

# C_Initialize initializes the Cryptoki library.
FUNCTION C_Initialize
CK_VOID_PTR pInitArgs   # if this is not NULL_PTR, it gets
                        # cast to CK_C_INITIALIZE_ARGS_PTR
                        # and dereferenced

# C_Finalize indicates that an application is done with the
# Cryptoki library.
FUNCTION C_Finalize
CK_VOID_PTR pReserved   # reserved.  Should be NULL_PTR

# C_GetInfo returns general information about Cryptoki. 
FUNCTION C_GetInfo
CK_INFO_PTR pInfo       # location that receives information

# C_GetFunctionList returns the function list. 
FUNCTION C_GetFunctionList
CK_FUNCTION_LIST_PTR_PTR ppFunctionList # receives pointer to function 
                                        # list


# Slot and token management 

# C_GetSlotList obtains a list of slots in the system. 
FUNCTION C_GetSlotList
CK_BBOOL       tokenPresent # only slots with tokens? 
CK_SLOT_ID_PTR pSlotList    # receives array of slot IDs 
CK_ULONG_PTR   pulCount     # receives number of slots 

# C_GetSlotInfo obtains information about a particular slot in the 
# system.
FUNCTION C_GetSlotInfo
CK_SLOT_ID       slotID     # the ID of the slot 
CK_SLOT_INFO_PTR pInfo      # receives the slot information 

# C_GetTokenInfo obtains information about a particular token in the 
# system. 
FUNCTION C_GetTokenInfo
CK_SLOT_ID        slotID    # ID of the token's slot 
CK_TOKEN_INFO_PTR pInfo     # receives the token information 

# C_GetMechanismList obtains a list of mechanism types supported by a 
# token. 
FUNCTION C_GetMechanismList
CK_SLOT_ID            slotID            # ID of token's slot 
CK_MECHANISM_TYPE_PTR pMechanismList    # gets mech. array 
CK_ULONG_PTR          pulCount          # gets # of mechs. 

# C_GetMechanismInfo obtains information about a particular mechanism 
# possibly supported by a token. 
FUNCTION C_GetMechanismInfo
CK_SLOT_ID            slotID    # ID of the token's slot 
CK_MECHANISM_TYPE     type      # type of mechanism 
CK_MECHANISM_INFO_PTR pInfo     # receives mechanism info 

# C_InitToken initializes a token. 
FUNCTION C_InitToken
CK_SLOT_ID  slotID      # ID of the token's slot 
CK_CHAR_PTR pPin        # the SO's initial PIN 
CK_ULONG    ulPinLen    # length in bytes of the PIN 
CK_CHAR_PTR pLabel      # 32-byte token label (blank padded) 

# C_InitPIN initializes the normal user's PIN. 
FUNCTION C_InitPIN
CK_SESSION_HANDLE hSession  # the session's handle 
CK_CHAR_PTR       pPin      # the normal user's PIN 
CK_ULONG          ulPinLen  # length in bytes of the PIN 

# C_SetPIN modifies the PIN of the user who is logged in. 
FUNCTION C_SetPIN
CK_SESSION_HANDLE hSession  # the session's handle 
CK_CHAR_PTR       pOldPin   # the old PIN 
CK_ULONG          ulOldLen  # length of the old PIN 
CK_CHAR_PTR       pNewPin   # the new PIN 
CK_ULONG          ulNewLen  # length of the new PIN 


# Session management 

# C_OpenSession opens a session between an application and a token. 
FUNCTION C_OpenSession
CK_SLOT_ID            slotID        # the slot's ID 
CK_FLAGS              flags         # from CK_SESSION_INFO 
CK_VOID_PTR           pApplication  # passed to callback 
CK_NOTIFY             Notify        # callback function 
CK_SESSION_HANDLE_PTR phSession     # gets session handle 

# C_CloseSession closes a session between an application and a token. 
FUNCTION C_CloseSession
CK_SESSION_HANDLE hSession  # the session's handle 

# C_CloseAllSessions closes all sessions with a token. 
FUNCTION C_CloseAllSessions
CK_SLOT_ID slotID   # the token's slot 

# C_GetSessionInfo obtains information about the session. 
FUNCTION C_GetSessionInfo
CK_SESSION_HANDLE   hSession    # the session's handle 
CK_SESSION_INFO_PTR pInfo       # receives session info 

# C_GetOperationState obtains the state of the cryptographic 
# operation in a session. 
FUNCTION C_GetOperationState
CK_SESSION_HANDLE hSession              # session's handle 
CK_BYTE_PTR       pOperationState       # gets state 
CK_ULONG_PTR      pulOperationStateLen  # gets state length 

# C_SetOperationState restores the state of the cryptographic 
# operation in a session. 
FUNCTION C_SetOperationState
CK_SESSION_HANDLE hSession              # session's handle 
CK_BYTE_PTR      pOperationState        # holds state 
CK_ULONG         ulOperationStateLen    # holds state length 
CK_OBJECT_HANDLE hEncryptionKey         # en/decryption key 
CK_OBJECT_HANDLE hAuthenticationKey     # sign/verify key 

# C_Login logs a user into a token. 
FUNCTION C_Login
CK_SESSION_HANDLE hSession  # the session's handle 
CK_USER_TYPE      userType  # the user type 
CK_CHAR_PTR       pPin      # the user's PIN 
CK_ULONG          ulPinLen  # the length of the PIN 

# C_Logout logs a user out from a token. 
FUNCTION C_Logout
CK_SESSION_HANDLE hSession  # the session's handle 


# Object management 

# C_CreateObject creates a new object. 
FUNCTION C_CreateObject
CK_SESSION_HANDLE    hSession   # the session's handle 
CK_ATTRIBUTE_PTR     pTemplate  # the object's template 
CK_ULONG             ulCount    # attributes in template 
CK_OBJECT_HANDLE_PTR phObject   # gets new object's handle. 

# C_CopyObject copies an object, creating a new object for the copy.
FUNCTION C_CopyObject
CK_SESSION_HANDLE    hSession       # the session's handle 
CK_OBJECT_HANDLE     hObject        # the object's handle 
CK_ATTRIBUTE_PTR     pTemplate      # template for new object 
CK_ULONG             ulCount        # attributes in template 
CK_OBJECT_HANDLE_PTR phNewObject    # receives handle of copy 

# C_DestroyObject destroys an object. 
FUNCTION C_DestroyObject
CK_SESSION_HANDLE hSession  # the session's handle 
CK_OBJECT_HANDLE  hObject   # the object's handle 

# C_GetObjectSize gets the size of an object in bytes. 
FUNCTION C_GetObjectSize
CK_SESSION_HANDLE hSession  # the session's handle 
CK_OBJECT_HANDLE  hObject   # the object's handle 
CK_ULONG_PTR      pulSize   # receives size of object 

# C_GetAttributeValue obtains the value of one or more object 
# attributes. 
FUNCTION C_GetAttributeValue
CK_SESSION_HANDLE hSession    # the session's handle 
CK_OBJECT_HANDLE  hObject     # the object's handle 
CK_ATTRIBUTE_PTR  pTemplate   # specifies attrs; gets vals 
CK_ULONG          ulCount     # attributes in template 

# C_SetAttributeValue modifies the value of one or more object 
# attributes 
FUNCTION C_SetAttributeValue
CK_SESSION_HANDLE hSession    # the session's handle 
CK_OBJECT_HANDLE  hObject     # the object's handle 
CK_ATTRIBUTE_PTR  pTemplate   # specifies attrs and values 
CK_ULONG          ulCount     # attributes in template 

# C_FindObjectsInit initializes a search for token and session 
# objects that match a template. 
FUNCTION C_FindObjectsInit
CK_SESSION_HANDLE hSession    # the session's handle 
CK_ATTRIBUTE_PTR  pTemplate   # attribute values to match 
CK_ULONG          ulCount     # attrs in search template 

# C_FindObjects continues a search for token and session objects that 
# match a template, obtaining additional object handles. 
FUNCTION C_FindObjects
CK_SESSION_HANDLE    hSession           # session's handle 
CK_OBJECT_HANDLE_PTR phObject           # gets obj. handles 
CK_ULONG             ulMaxObjectCount   # max handles to get 
CK_ULONG_PTR         pulObjectCount     # actual # returned 

# C_FindObjectsFinal finishes a search for token and session objects. 
FUNCTION C_FindObjectsFinal
CK_SESSION_HANDLE hSession  # the session's handle 


# Encryption and decryption 

# C_EncryptInit initializes an encryption operation. 
FUNCTION C_EncryptInit
CK_SESSION_HANDLE hSession    # the session's handle 
CK_MECHANISM_PTR  pMechanism  # the encryption mechanism 
CK_OBJECT_HANDLE  hKey        # handle of encryption key 

# C_Encrypt encrypts single-part data. 
FUNCTION C_Encrypt
CK_SESSION_HANDLE hSession              # session's handle 
CK_BYTE_PTR       pData                 # the plaintext data 
CK_ULONG          ulDataLen             # bytes of plaintext 
CK_BYTE_PTR       pEncryptedData        # gets ciphertext 
CK_ULONG_PTR      pulEncryptedDataLen   # gets c-text size 

# C_EncryptUpdate continues a multiple-part encryption operation. 
FUNCTION C_EncryptUpdate
CK_SESSION_HANDLE hSession              # session's handle 
CK_BYTE_PTR       pPart                 # the plaintext data 
CK_ULONG          ulPartLen             # plaintext data len 
CK_BYTE_PTR       pEncryptedPart        # gets ciphertext 
CK_ULONG_PTR      pulEncryptedPartLen   # gets c-text size 

# C_EncryptFinal finishes a multiple-part encryption operation. 
FUNCTION C_EncryptFinal
CK_SESSION_HANDLE hSession                  # session handle 
CK_BYTE_PTR       pLastEncryptedPart        # last c-text 
CK_ULONG_PTR      pulLastEncryptedPartLen   # gets last size 

# C_DecryptInit initializes a decryption operation. 
FUNCTION C_DecryptInit
CK_SESSION_HANDLE hSession      # the session's handle 
CK_MECHANISM_PTR  pMechanism    # the decryption mechanism 
CK_OBJECT_HANDLE  hKey          # handle of decryption key 

# C_Decrypt decrypts encrypted data in a single part. 
FUNCTION C_Decrypt
CK_SESSION_HANDLE hSession              # session's handle 
CK_BYTE_PTR       pEncryptedData        # ciphertext 
CK_ULONG          ulEncryptedDataLen    # ciphertext length 
CK_BYTE_PTR       pData                 # gets plaintext 
CK_ULONG_PTR      pulDataLen            # gets p-text size 

# C_DecryptUpdate continues a multiple-part decryption operation. 
FUNCTION C_DecryptUpdate
CK_SESSION_HANDLE hSession              # session's handle 
CK_BYTE_PTR       pEncryptedPart        # encrypted data 
CK_ULONG          ulEncryptedPartLen    # input length 
CK_BYTE_PTR       pPart                 # gets plaintext 
CK_ULONG_PTR      pulPartLen            # p-text size 

# C_DecryptFinal finishes a multiple-part decryption operation. 
FUNCTION C_DecryptFinal
CK_SESSION_HANDLE hSession          # the session's handle 
CK_BYTE_PTR       pLastPart         # gets plaintext 
CK_ULONG_PTR      pulLastPartLen    # p-text size 


# Message digesting 

# C_DigestInit initializes a message-digesting operation. 
FUNCTION C_DigestInit
CK_SESSION_HANDLE hSession      # the session's handle 
CK_MECHANISM_PTR  pMechanism    # the digesting mechanism 

# C_Digest digests data in a single part. 
FUNCTION C_Digest
CK_SESSION_HANDLE hSession      # the session's handle 
CK_BYTE_PTR       pData         # data to be digested 
CK_ULONG          ulDataLen     # bytes of data to digest 
CK_BYTE_PTR       pDigest       # gets the message digest 
CK_ULONG_PTR      pulDigestLen  # gets digest length 

# C_DigestUpdate continues a multiple-part message-digesting operation.
FUNCTION C_DigestUpdate
CK_SESSION_HANDLE hSession  # the session's handle 
CK_BYTE_PTR       pPart     # data to be digested 
CK_ULONG          ulPartLen # bytes of data to be digested 

# C_DigestKey continues a multi-part message-digesting operation, by 
# digesting the value of a secret key as part of the data already 
# digested. 
FUNCTION C_DigestKey
CK_SESSION_HANDLE hSession  # the session's handle 
CK_OBJECT_HANDLE  hKey      # secret key to digest 

# C_DigestFinal finishes a multiple-part message-digesting operation. 
FUNCTION C_DigestFinal
CK_SESSION_HANDLE hSession      # the session's handle 
CK_BYTE_PTR       pDigest       # gets the message digest 
CK_ULONG_PTR      pulDigestLen  # gets byte count of digest 


# Signing and MACing 

# C_SignInit initializes a signature (private key encryption) 
# operation, where the signature is (will be) an appendix to the 
# data, and plaintext cannot be recovered from the signature. 
FUNCTION C_SignInit
CK_SESSION_HANDLE hSession      # the session's handle 
CK_MECHANISM_PTR  pMechanism    # the signature mechanism 
CK_OBJECT_HANDLE  hKey          # handle of signature key 

# C_Sign signs (encrypts with private key) data in a single part, 
# where the signature is (will be) an appendix to the data, and 
# plaintext cannot be recovered from the signature. 
FUNCTION C_Sign
CK_SESSION_HANDLE hSession          # the session's handle 
CK_BYTE_PTR       pData             # the data to sign 
CK_ULONG          ulDataLen         # count of bytes to sign 
CK_BYTE_PTR       pSignature        # gets the signature 
CK_ULONG_PTR      pulSignatureLen   # gets signature length 

# C_SignUpdate continues a multiple-part signature operation, where 
# the signature is (will be) an appendix to the data, and plaintext 
# cannot be recovered from the signature. 
FUNCTION C_SignUpdate
CK_SESSION_HANDLE hSession  # the session's handle 
CK_BYTE_PTR       pPart     # the data to sign 
CK_ULONG          ulPartLen # count of bytes to sign 

# C_SignFinal finishes a multiple-part signature operation, returning 
# the signature. 
FUNCTION C_SignFinal
CK_SESSION_HANDLE hSession          # the session's handle 
CK_BYTE_PTR       pSignature        # gets the signature 
CK_ULONG_PTR      pulSignatureLen   # gets signature length 

# C_SignRecoverInit initializes a signature operation, where the data 
# can be recovered from the signature. 
FUNCTION C_SignRecoverInit
CK_SESSION_HANDLE hSession      # the session's handle 
CK_MECHANISM_PTR  pMechanism    # the signature mechanism 
CK_OBJECT_HANDLE  hKey          # handle of the signature key 

# C_SignRecover signs data in a single operation, where the data can 
# be recovered from the signature. 
FUNCTION C_SignRecover
CK_SESSION_HANDLE hSession          # the session's handle 
CK_BYTE_PTR       pData             # the data to sign 
CK_ULONG          ulDataLen         # count of bytes to sign 
CK_BYTE_PTR       pSignature        # gets the signature 
CK_ULONG_PTR      pulSignatureLen   # gets signature length 


# Verifying signatures and MACs 

# C_VerifyInit initializes a verification operation, where the 
# signature is an appendix to the data, and plaintext cannot cannot 
# be recovered from the signature (e.g. DSA). 
FUNCTION C_VerifyInit
CK_SESSION_HANDLE hSession      # the session's handle 
CK_MECHANISM_PTR  pMechanism    # the verification mechanism 
CK_OBJECT_HANDLE  hKey          # verification key  

# C_Verify verifies a signature in a single-part operation, where the 
# signature is an appendix to the data, and plaintext cannot be 
# recovered from the signature. 
FUNCTION C_Verify
CK_SESSION_HANDLE hSession          # the session's handle 
CK_BYTE_PTR       pData             # signed data 
CK_ULONG          ulDataLen         # length of signed data 
CK_BYTE_PTR       pSignature        # signature 
CK_ULONG          ulSignatureLen    # signature length

# C_VerifyUpdate continues a multiple-part verification operation, 
# where the signature is an appendix to the data, and plaintext cannot be 
# recovered from the signature. 
FUNCTION C_VerifyUpdate
CK_SESSION_HANDLE hSession  # the session's handle 
CK_BYTE_PTR       pPart     # signed data 
CK_ULONG          ulPartLen # length of signed data 

# C_VerifyFinal finishes a multiple-part verification operation, 
# checking the signature. 
FUNCTION C_VerifyFinal
CK_SESSION_HANDLE hSession          # the session's handle 
CK_BYTE_PTR       pSignature        # signature to verify 
CK_ULONG          ulSignatureLen    # signature length 

# C_VerifyRecoverInit initializes a signature verification operation, 
# where the data is recovered from the signature. 
FUNCTION C_VerifyRecoverInit
CK_SESSION_HANDLE hSession      # the session's handle 
CK_MECHANISM_PTR  pMechanism    # the verification mechanism 
CK_OBJECT_HANDLE  hKey          # verification key 

# C_VerifyRecover verifies a signature in a single-part operation, 
# where the data is recovered from the signature. 
FUNCTION C_VerifyRecover
CK_SESSION_HANDLE hSession          # the session's handle 
CK_BYTE_PTR       pSignature        # signature to verify 
CK_ULONG          ulSignatureLen    # signature length 
CK_BYTE_PTR       pData             # gets signed data 
CK_ULONG_PTR      pulDataLen        # gets signed data len 


# Dual-function cryptographic operations 

# C_DigestEncryptUpdate continues a multiple-part digesting and 
# encryption operation. 
FUNCTION C_DigestEncryptUpdate
CK_SESSION_HANDLE hSession              # session's handle 
CK_BYTE_PTR       pPart                 # the plaintext data 
CK_ULONG          ulPartLen             # plaintext length 
CK_BYTE_PTR       pEncryptedPart        # gets ciphertext 
CK_ULONG_PTR      pulEncryptedPartLen   # gets c-text length 

# C_DecryptDigestUpdate continues a multiple-part decryption and 
# digesting operation. 
FUNCTION C_DecryptDigestUpdate
CK_SESSION_HANDLE hSession              # session's handle 
CK_BYTE_PTR       pEncryptedPart        # ciphertext 
CK_ULONG          ulEncryptedPartLen    # ciphertext length 
CK_BYTE_PTR       pPart                 # gets plaintext 
CK_ULONG_PTR      pulPartLen            # gets plaintext len 

# C_SignEncryptUpdate continues a multiple-part signing and 
# encryption operation. 
FUNCTION C_SignEncryptUpdate
CK_SESSION_HANDLE hSession              # session's handle 
CK_BYTE_PTR       pPart                 # the plaintext data 
CK_ULONG          ulPartLen             # plaintext length 
CK_BYTE_PTR       pEncryptedPart        # gets ciphertext 
CK_ULONG_PTR      pulEncryptedPartLen   # gets c-text length 

# C_DecryptVerifyUpdate continues a multiple-part decryption and 
# verify operation. 
FUNCTION C_DecryptVerifyUpdate
CK_SESSION_HANDLE hSession              # session's handle 
CK_BYTE_PTR       pEncryptedPart        # ciphertext 
CK_ULONG          ulEncryptedPartLen    # ciphertext length 
CK_BYTE_PTR       pPart                 # gets plaintext 
CK_ULONG_PTR      pulPartLen            # gets p-text length 


# Key management 

# C_GenerateKey generates a secret key, creating a new key object. 
FUNCTION C_GenerateKey
CK_SESSION_HANDLE    hSession   # the session's handle 
CK_MECHANISM_PTR     pMechanism # key generation mech. 
CK_ATTRIBUTE_PTR     pTemplate  # template for new key 
CK_ULONG             ulCount    # # of attrs in template 
CK_OBJECT_HANDLE_PTR phKey      # gets handle of new key 

# C_GenerateKeyPair generates a public-key/private-key pair, creating 
# new key objects. 
FUNCTION C_GenerateKeyPair
CK_SESSION_HANDLE    hSession                   # session handle
CK_MECHANISM_PTR     pMechanism                 # key-gen mech.
CK_ATTRIBUTE_PTR     pPublicKeyTemplate         # template for pub. key
CK_ULONG             ulPublicKeyAttributeCount  # # pub. attrs.
CK_ATTRIBUTE_PTR     pPrivateKeyTemplate        # template for priv. key
CK_ULONG             ulPrivateKeyAttributeCount # # priv. attrs.
CK_OBJECT_HANDLE_PTR phPublicKey                # gets pub. key handle
CK_OBJECT_HANDLE_PTR phPrivateKey               # gets priv. key handle

# C_WrapKey wraps (i.e., encrypts) a key. 
FUNCTION C_WrapKey
CK_SESSION_HANDLE hSession         # the session's handle 
CK_MECHANISM_PTR  pMechanism       # the wrapping mechanism 
CK_OBJECT_HANDLE  hWrappingKey     # wrapping key 
CK_OBJECT_HANDLE  hKey             # key to be wrapped 
CK_BYTE_PTR       pWrappedKey      # gets wrapped key 
CK_ULONG_PTR      pulWrappedKeyLen # gets wrapped key size 

# C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new key 
# object. 
FUNCTION C_UnwrapKey
CK_SESSION_HANDLE    hSession           # session's handle 
CK_MECHANISM_PTR     pMechanism         # unwrapping mech. 
CK_OBJECT_HANDLE     hUnwrappingKey     # unwrapping key 
CK_BYTE_PTR          pWrappedKey        # the wrapped key 
CK_ULONG             ulWrappedKeyLen    # wrapped key len 
CK_ATTRIBUTE_PTR     pTemplate          # new key template 
CK_ULONG             ulAttributeCount   # template length 
CK_OBJECT_HANDLE_PTR phKey              # gets new handle 

# C_DeriveKey derives a key from a base key, creating a new key object.
FUNCTION C_DeriveKey
CK_SESSION_HANDLE    hSession           # session's handle 
CK_MECHANISM_PTR     pMechanism         # key deriv. mech. 
CK_OBJECT_HANDLE     hBaseKey           # base key 
CK_ATTRIBUTE_PTR     pTemplate          # new key template 
CK_ULONG             ulAttributeCount   # template length 
CK_OBJECT_HANDLE_PTR phKey              # gets new handle 


# Random number generation 

# C_SeedRandom mixes additional seed material into the token's random 
# number generator. 
FUNCTION C_SeedRandom
CK_SESSION_HANDLE hSession  # the session's handle 
CK_BYTE_PTR       pSeed     # the seed material 
CK_ULONG          ulSeedLen # length of seed material 

# C_GenerateRandom generates random data. 
FUNCTION C_GenerateRandom
CK_SESSION_HANDLE hSession      # the session's handle 
CK_BYTE_PTR       RandomData    # receives the random data 
CK_ULONG          ulRandomLen   # # of bytes to generate 


# Parallel function management 

# C_GetFunctionStatus is a legacy function; it obtains an updated 
# status of a function running in parallel with an application.
FUNCTION C_GetFunctionStatus
CK_SESSION_HANDLE hSession  # the session's handle 

# C_CancelFunction is a legacy function; it cancels a function running 
# in parallel. 
FUNCTION C_CancelFunction
CK_SESSION_HANDLE hSession  # the session's handle 


# Functions added in for Cryptoki Version 2.01 or later 

# C_WaitForSlotEvent waits for a slot event (token insertion, removal, 
# etc.) to occur. 
FUNCTION C_WaitForSlotEvent
CK_FLAGS       flags    # blocking/nonblocking flag 
CK_SLOT_ID_PTR pSlot    # location that receives the slot ID 
CK_VOID_PTR    pRserved # reserved.  Should be NULL_PTR 

## C_ConfigureSlot passes an installation-specified bytestring to a 
## slot. 
#FUNCTION C_ConfigureSlot
#CK_SLOT_ID slotID      # the slot to configure 
#CK_BYTE_PTR pConfig    # the configuration string 
#CK_ULONG ulConfigLen   # length of the config string