diff --git a/go.mod b/go.mod index 8689e6d6588..7fbf8cce3c2 100644 --- a/go.mod +++ b/go.mod @@ -17,10 +17,10 @@ require ( github.com/jmhodges/clock v1.2.0 github.com/letsencrypt/borp v0.0.0-20251118150929-89c6927051ae github.com/letsencrypt/challtestsrv v1.4.2 - github.com/letsencrypt/pkcs11key/v4 v4.0.0 + github.com/letsencrypt/pkcs11key/v4 v4.0.1 github.com/letsencrypt/validator/v10 v10.0.0-20230215210743-a0c7dfc17158 github.com/miekg/dns v1.1.62 - github.com/miekg/pkcs11 v1.1.1 + github.com/miekg/pkcs11 v1.1.2 github.com/nxadm/tail v1.4.11 github.com/prometheus/client_golang v1.22.0 github.com/prometheus/client_model v0.6.1 diff --git a/go.sum b/go.sum index 0516c1824c5..e5899270cbf 100644 --- a/go.sum +++ b/go.sum @@ -155,8 +155,8 @@ github.com/letsencrypt/borp v0.0.0-20251118150929-89c6927051ae h1:yFuF5yRIwaandc github.com/letsencrypt/borp v0.0.0-20251118150929-89c6927051ae/go.mod h1:gMSMCNKhxox/ccR923EJsIvHeVVYfCABGbirqa0EwuM= github.com/letsencrypt/challtestsrv v1.4.2 h1:0ON3ldMhZyWlfVNYYpFuWRTmZNnyfiL9Hh5YzC3JVwU= github.com/letsencrypt/challtestsrv v1.4.2/go.mod h1:GhqMqcSoeGpYd5zX5TgwA6er/1MbWzx/o7yuuVya+Wk= -github.com/letsencrypt/pkcs11key/v4 v4.0.0 h1:qLc/OznH7xMr5ARJgkZCCWk+EomQkiNTOoOF5LAgagc= -github.com/letsencrypt/pkcs11key/v4 v4.0.0/go.mod h1:EFUvBDay26dErnNb70Nd0/VW3tJiIbETBPTl9ATXQag= +github.com/letsencrypt/pkcs11key/v4 v4.0.1 h1:XIXFxOnQJS5QYBlMnHhnlOBVcfylh7m3fjOJmVcEV88= +github.com/letsencrypt/pkcs11key/v4 v4.0.1/go.mod h1:6KfGBMkPEL6OAIRFSZ0VTj3e9G0Yv9G17W5oQ2x1/UQ= github.com/letsencrypt/validator/v10 v10.0.0-20230215210743-a0c7dfc17158 h1:HGFsIltYMUiB5eoFSowFzSoXkocM2k9ctmJ57QMGjys= github.com/letsencrypt/validator/v10 v10.0.0-20230215210743-a0c7dfc17158/go.mod h1:ZFNBS3H6OEsprCRjscty6GCBe5ZiX44x6qY4s7+bDX0= github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw= @@ -170,9 +170,8 @@ github.com/mattn/go-sqlite3 v1.14.26/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxU github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/miekg/dns v1.1.62 h1:cN8OuEF1/x5Rq6Np+h1epln8OiyPWV+lROx9LxcGgIQ= github.com/miekg/dns v1.1.62/go.mod h1:mvDlcItzm+br7MToIKqkglaGhlFMHJ9DTNNWONWXbNQ= -github.com/miekg/pkcs11 v1.0.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= -github.com/miekg/pkcs11 v1.1.1 h1:Ugu9pdy6vAYku5DEpVWVFPYnzV+bxB+iRdbuFSu7TvU= -github.com/miekg/pkcs11 v1.1.1/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= +github.com/miekg/pkcs11 v1.1.2 h1:/VxmeAX5qU6Q3EwafypogwWbYryHFmF2RpkJmw3m4MQ= +github.com/miekg/pkcs11 v1.1.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mreiferson/go-httpclient v0.0.0-20160630210159-31f0106b4474/go.mod h1:OQA4XLvDbMgS8P0CevmM4m9Q3Jq4phKUzcocxuGJ5m8= diff --git a/vendor/github.com/letsencrypt/pkcs11key/v4/key.go b/vendor/github.com/letsencrypt/pkcs11key/v4/key.go index a456fddb382..ecbd4b1196f 100644 --- a/vendor/github.com/letsencrypt/pkcs11key/v4/key.go +++ b/vendor/github.com/letsencrypt/pkcs11key/v4/key.go @@ -74,7 +74,7 @@ type ctx interface { GetAttributeValue(sh pkcs11.SessionHandle, o pkcs11.ObjectHandle, a []*pkcs11.Attribute) ([]*pkcs11.Attribute, error) GetSlotList(tokenPresent bool) ([]uint, error) GetTokenInfo(slotID uint) (pkcs11.TokenInfo, error) - Initialize() error + Initialize(opts ...pkcs11.InitializeOption) error Login(sh pkcs11.SessionHandle, userType uint, pin string) error Logout(sh pkcs11.SessionHandle) error OpenSession(slotID uint, flags uint) (pkcs11.SessionHandle, error) diff --git a/vendor/github.com/miekg/pkcs11/params.go b/vendor/github.com/miekg/pkcs11/params.go index 6d9ce96ae8f..f111086c371 100644 --- a/vendor/github.com/miekg/pkcs11/params.go +++ b/vendor/github.com/miekg/pkcs11/params.go @@ -26,6 +26,11 @@ static inline void putECDH1PublicParams(CK_ECDH1_DERIVE_PARAMS_PTR params, CK_VO params->pPublicData = pPublicData; params->ulPublicDataLen = ulPublicDataLen; } + +static inline void putRSAAESKeyWrapParams(CK_RSA_AES_KEY_WRAP_PARAMS_PTR params, CK_VOID_PTR pOAEPParams) +{ + params->pOAEPParams = pOAEPParams; +} */ import "C" import "unsafe" @@ -84,7 +89,7 @@ func cGCMParams(p *GCMParams) []byte { p.Free() p.arena = arena p.params = ¶ms - return C.GoBytes(unsafe.Pointer(¶ms), C.int(unsafe.Sizeof(params))) + return memBytes(unsafe.Pointer(¶ms), unsafe.Sizeof(params)) } // IV returns a copy of the actual IV used for the operation. @@ -121,7 +126,7 @@ func NewPSSParams(hashAlg, mgf, saltLength uint) []byte { mgf: C.CK_RSA_PKCS_MGF_TYPE(mgf), sLen: C.CK_ULONG(saltLength), } - return C.GoBytes(unsafe.Pointer(&p), C.int(unsafe.Sizeof(p))) + return memBytes(unsafe.Pointer(&p), unsafe.Sizeof(p)) } // OAEPParams can be passed to NewMechanism to implement CKM_RSA_PKCS_OAEP. @@ -153,7 +158,7 @@ func cOAEPParams(p *OAEPParams, arena arena) ([]byte, arena) { // field is unaligned on windows so this has to call into C C.putOAEPParams(¶ms, buf, len) } - return C.GoBytes(unsafe.Pointer(¶ms), C.int(unsafe.Sizeof(params))), arena + return memBytes(unsafe.Pointer(¶ms), unsafe.Sizeof(params)), arena } // ECDH1DeriveParams can be passed to NewMechanism to implement CK_ECDH1_DERIVE_PARAMS. @@ -186,5 +191,25 @@ func cECDH1DeriveParams(p *ECDH1DeriveParams, arena arena) ([]byte, arena) { publicKeyData, publicKeyDataLen := arena.Allocate(p.PublicKeyData) C.putECDH1PublicParams(¶ms, publicKeyData, publicKeyDataLen) - return C.GoBytes(unsafe.Pointer(¶ms), C.int(unsafe.Sizeof(params))), arena + return memBytes(unsafe.Pointer(¶ms), unsafe.Sizeof(params)), arena } + +type RSAAESKeyWrapParams struct { + AESKeyBits uint + OAEPParams OAEPParams +} + +func cRSAAESKeyWrapParams(p *RSAAESKeyWrapParams, arena arena) ([]byte, arena) { + var param []byte + params := C.CK_RSA_AES_KEY_WRAP_PARAMS { + ulAESKeyBits: C.CK_MECHANISM_TYPE(p.AESKeyBits), + } + + param, arena = cOAEPParams(&p.OAEPParams, arena) + if len(param) != 0 { + buf, _ := arena.Allocate(param) + C.putRSAAESKeyWrapParams(¶ms, buf) + } + return memBytes(unsafe.Pointer(¶ms), unsafe.Sizeof(params)), arena +} + diff --git a/vendor/github.com/miekg/pkcs11/pkcs11.go b/vendor/github.com/miekg/pkcs11/pkcs11.go index e1b5824ec89..8d8d4c39cd3 100644 --- a/vendor/github.com/miekg/pkcs11/pkcs11.go +++ b/vendor/github.com/miekg/pkcs11/pkcs11.go @@ -5,6 +5,8 @@ //go:generate go run const_generate.go // Package pkcs11 is a wrapper around the PKCS#11 cryptographic library. +// Latest version of the specification: +// http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html package pkcs11 // It is *assumed*, that: @@ -104,11 +106,12 @@ void Destroy(struct ctx *c) } #endif -CK_RV Initialize(struct ctx * c) +CK_RV Initialize(struct ctx * c, CK_FLAGS flags, CK_VOID_PTR reserved) { CK_C_INITIALIZE_ARGS args; memset(&args, 0, sizeof(args)); - args.flags = CKF_OS_LOCKING_OK; + args.flags = flags; + args.pReserved = reserved; return c->sym->C_Initialize(&args); } @@ -803,9 +806,36 @@ func (c *Ctx) Destroy() { c.ctx = nil } +type initializeArgs struct { + flags uint + reserved unsafe.Pointer +} + +// An InitializeOption modifies the default behavior of Initialize. +type InitializeOption func(*initializeArgs) + +// InitializeWithFlags sets the flags field in CK_C_INITIALIZE_ARGS. +// Note that flags defaults to CKF_OS_LOCKING_OK if this option is not provided. +func InitializeWithFlags(flags uint) InitializeOption { + return func(args *initializeArgs) { + args.flags = flags + } +} + +// InitializeWithReserved sets the pReserved field in CK_C_INITIALIZE_ARGS. +func InitializeWithReserved(reserved unsafe.Pointer) InitializeOption { + return func(args *initializeArgs) { + args.reserved = reserved + } +} + // Initialize initializes the Cryptoki library. -func (c *Ctx) Initialize() error { - e := C.Initialize(c.ctx) +func (c *Ctx) Initialize(opts ...InitializeOption) error { + args := initializeArgs{flags: CKF_OS_LOCKING_OK} + for _, o := range opts { + o(&args) + } + e := C.Initialize(c.ctx, C.CK_FLAGS(args.flags), C.CK_VOID_PTR(args.reserved)) return toError(e) } diff --git a/vendor/github.com/miekg/pkcs11/release.go b/vendor/github.com/miekg/pkcs11/release.go index d8b99f147ea..c9fcb0e735c 100644 --- a/vendor/github.com/miekg/pkcs11/release.go +++ b/vendor/github.com/miekg/pkcs11/release.go @@ -6,7 +6,7 @@ package pkcs11 import "fmt" // Release is current version of the pkcs11 library. -var Release = R{1, 1, 1} +var Release = R{1, 1, 2} // R holds the version of this library. type R struct { diff --git a/vendor/github.com/miekg/pkcs11/types.go b/vendor/github.com/miekg/pkcs11/types.go index 60eadcb71bb..d3bfce80da7 100644 --- a/vendor/github.com/miekg/pkcs11/types.go +++ b/vendor/github.com/miekg/pkcs11/types.go @@ -53,7 +53,7 @@ func toList(clist C.CK_ULONG_PTR, size C.CK_ULONG) []uint { for i := 0; i < len(l); i++ { l[i] = uint(C.Index(clist, C.CK_ULONG(i))) } - defer C.free(unsafe.Pointer(clist)) + C.free(unsafe.Pointer(clist)) return l } @@ -65,9 +65,15 @@ func cBBool(x bool) C.CK_BBOOL { return C.CK_BBOOL(C.CK_FALSE) } +// memBytes returns a byte slice that references an arbitrary memory area +func memBytes(p unsafe.Pointer, len uintptr) []byte { + const maxIndex int32 = (1 << 31) - 1 + return (*([maxIndex]byte))(p)[:len:len] +} + func uintToBytes(x uint64) []byte { ul := C.CK_ULONG(x) - return C.GoBytes(unsafe.Pointer(&ul), C.int(unsafe.Sizeof(ul))) + return memBytes(unsafe.Pointer(&ul), unsafe.Sizeof(ul)) } // Error represents an PKCS#11 error. @@ -255,13 +261,14 @@ func NewMechanism(mech uint, x interface{}) *Mechanism { } switch p := x.(type) { - case *GCMParams, *OAEPParams, *ECDH1DeriveParams: + case *GCMParams, *OAEPParams, *ECDH1DeriveParams, *RSAAESKeyWrapParams: // contains pointers; defer serialization until cMechanism m.generator = p case []byte: m.Parameter = p default: - panic("parameter must be one of type: []byte, *GCMParams, *OAEPParams, *ECDH1DeriveParams") + panic("parameter must be one of type: []byte, *GCMParams, *OAEPParams, *ECDH1DeriveParams," + + " *RSAAESKeyWrapParams") } return m @@ -284,6 +291,8 @@ func cMechanism(mechList []*Mechanism) (arena, *C.CK_MECHANISM) { param, arena = cOAEPParams(p, arena) case *ECDH1DeriveParams: param, arena = cECDH1DeriveParams(p, arena) + case *RSAAESKeyWrapParams: + param, arena = cRSAAESKeyWrapParams(p, arena) } if len(param) != 0 { buf, len := arena.Allocate(param) diff --git a/vendor/github.com/miekg/pkcs11/vendor.go b/vendor/github.com/miekg/pkcs11/vendor.go index 83188e50017..5132dc4f07b 100644 --- a/vendor/github.com/miekg/pkcs11/vendor.go +++ b/vendor/github.com/miekg/pkcs11/vendor.go @@ -10,12 +10,12 @@ const ( // Vendor specific mechanisms for HMAC on Ncipher HSMs where Ncipher does not allow use of generic_secret keys. const ( - CKM_NC_SHA_1_HMAC_KEY_GEN = CKM_NCIPHER + 0x3 /* no params */ - CKM_NC_MD5_HMAC_KEY_GEN = CKM_NCIPHER + 0x6 /* no params */ - CKM_NC_SHA224_HMAC_KEY_GEN = CKM_NCIPHER + 0x24 /* no params */ - CKM_NC_SHA256_HMAC_KEY_GEN = CKM_NCIPHER + 0x25 /* no params */ - CKM_NC_SHA384_HMAC_KEY_GEN = CKM_NCIPHER + 0x26 /* no params */ - CKM_NC_SHA512_HMAC_KEY_GEN = CKM_NCIPHER + 0x27 /* no params */ + CKM_NC_SHA_1_HMAC_KEY_GEN = CKM_NCIPHER + 0x3 // no params + CKM_NC_MD5_HMAC_KEY_GEN = CKM_NCIPHER + 0x6 // no params + CKM_NC_SHA224_HMAC_KEY_GEN = CKM_NCIPHER + 0x24 // no params + CKM_NC_SHA256_HMAC_KEY_GEN = CKM_NCIPHER + 0x25 // no params + CKM_NC_SHA384_HMAC_KEY_GEN = CKM_NCIPHER + 0x26 // no params + CKM_NC_SHA512_HMAC_KEY_GEN = CKM_NCIPHER + 0x27 // no params ) // Vendor specific range for Mozilla NSS. @@ -67,6 +67,8 @@ const ( CKA_NSS_JPAKE_X2 = CKA_NSS + 32 CKA_NSS_JPAKE_X2S = CKA_NSS + 33 CKA_NSS_MOZILLA_CA_POLICY = CKA_NSS + 34 + CKA_NSS_SERVER_DISTRUST_AFTER = CKA_NSS + 35 + CKA_NSS_EMAIL_DISTRUST_AFTER = CKA_NSS + 36 CKA_TRUST_DIGITAL_SIGNATURE = CKA_TRUST + 1 CKA_TRUST_NON_REPUDIATION = CKA_TRUST + 2 CKA_TRUST_KEY_ENCIPHERMENT = CKA_TRUST + 3 diff --git a/vendor/github.com/miekg/pkcs11/zconst.go b/vendor/github.com/miekg/pkcs11/zconst.go index 41df5cfcf0c..164054decc3 100644 --- a/vendor/github.com/miekg/pkcs11/zconst.go +++ b/vendor/github.com/miekg/pkcs11/zconst.go @@ -7,107 +7,199 @@ package pkcs11 const ( - CK_TRUE = 1 - CK_FALSE = 0 - CK_UNAVAILABLE_INFORMATION = ^uint(0) - CK_EFFECTIVELY_INFINITE = 0 - CK_INVALID_HANDLE = 0 - CKN_SURRENDER = 0 - CKN_OTP_CHANGED = 1 - CKF_TOKEN_PRESENT = 0x00000001 - CKF_REMOVABLE_DEVICE = 0x00000002 - CKF_HW_SLOT = 0x00000004 - CKF_RNG = 0x00000001 - CKF_WRITE_PROTECTED = 0x00000002 - CKF_LOGIN_REQUIRED = 0x00000004 - CKF_USER_PIN_INITIALIZED = 0x00000008 - CKF_RESTORE_KEY_NOT_NEEDED = 0x00000020 - CKF_CLOCK_ON_TOKEN = 0x00000040 - CKF_PROTECTED_AUTHENTICATION_PATH = 0x00000100 - CKF_DUAL_CRYPTO_OPERATIONS = 0x00000200 - CKF_TOKEN_INITIALIZED = 0x00000400 - CKF_SECONDARY_AUTHENTICATION = 0x00000800 - CKF_USER_PIN_COUNT_LOW = 0x00010000 - CKF_USER_PIN_FINAL_TRY = 0x00020000 - CKF_USER_PIN_LOCKED = 0x00040000 - CKF_USER_PIN_TO_BE_CHANGED = 0x00080000 - CKF_SO_PIN_COUNT_LOW = 0x00100000 - CKF_SO_PIN_FINAL_TRY = 0x00200000 - CKF_SO_PIN_LOCKED = 0x00400000 - CKF_SO_PIN_TO_BE_CHANGED = 0x00800000 - CKF_ERROR_STATE = 0x01000000 - CKU_SO = 0 - CKU_USER = 1 - CKU_CONTEXT_SPECIFIC = 2 - CKS_RO_PUBLIC_SESSION = 0 - CKS_RO_USER_FUNCTIONS = 1 - CKS_RW_PUBLIC_SESSION = 2 - CKS_RW_USER_FUNCTIONS = 3 - CKS_RW_SO_FUNCTIONS = 4 - CKF_RW_SESSION = 0x00000002 - CKF_SERIAL_SESSION = 0x00000004 - CKO_DATA = 0x00000000 - CKO_CERTIFICATE = 0x00000001 - CKO_PUBLIC_KEY = 0x00000002 - CKO_PRIVATE_KEY = 0x00000003 - CKO_SECRET_KEY = 0x00000004 - CKO_HW_FEATURE = 0x00000005 - CKO_DOMAIN_PARAMETERS = 0x00000006 - CKO_MECHANISM = 0x00000007 - CKO_OTP_KEY = 0x00000008 - CKO_VENDOR_DEFINED = 0x80000000 - CKH_MONOTONIC_COUNTER = 0x00000001 - CKH_CLOCK = 0x00000002 - CKH_USER_INTERFACE = 0x00000003 - CKH_VENDOR_DEFINED = 0x80000000 - CKK_RSA = 0x00000000 - CKK_DSA = 0x00000001 - CKK_DH = 0x00000002 - CKK_ECDSA = 0x00000003 // Deprecated - CKK_EC = 0x00000003 - CKK_X9_42_DH = 0x00000004 - CKK_KEA = 0x00000005 - CKK_GENERIC_SECRET = 0x00000010 - CKK_RC2 = 0x00000011 - CKK_RC4 = 0x00000012 - CKK_DES = 0x00000013 - CKK_DES2 = 0x00000014 - CKK_DES3 = 0x00000015 - CKK_CAST = 0x00000016 - CKK_CAST3 = 0x00000017 - CKK_CAST5 = 0x00000018 // Deprecated - CKK_CAST128 = 0x00000018 - CKK_RC5 = 0x00000019 - CKK_IDEA = 0x0000001A - CKK_SKIPJACK = 0x0000001B - CKK_BATON = 0x0000001C - CKK_JUNIPER = 0x0000001D - CKK_CDMF = 0x0000001E - CKK_AES = 0x0000001F - CKK_BLOWFISH = 0x00000020 - CKK_TWOFISH = 0x00000021 - CKK_SECURID = 0x00000022 - CKK_HOTP = 0x00000023 - CKK_ACTI = 0x00000024 - CKK_CAMELLIA = 0x00000025 - CKK_ARIA = 0x00000026 - CKK_MD5_HMAC = 0x00000027 - CKK_SHA_1_HMAC = 0x00000028 - CKK_RIPEMD128_HMAC = 0x00000029 - CKK_RIPEMD160_HMAC = 0x0000002A - CKK_SHA256_HMAC = 0x0000002B - CKK_SHA384_HMAC = 0x0000002C - CKK_SHA512_HMAC = 0x0000002D - CKK_SHA224_HMAC = 0x0000002E - CKK_SEED = 0x0000002F - CKK_GOSTR3410 = 0x00000030 - CKK_GOSTR3411 = 0x00000031 - CKK_GOST28147 = 0x00000032 - CKK_SHA3_224_HMAC = 0x00000033 - CKK_SHA3_256_HMAC = 0x00000034 - CKK_SHA3_384_HMAC = 0x00000035 - CKK_SHA3_512_HMAC = 0x00000036 - CKK_VENDOR_DEFINED = 0x80000000 + CK_TRUE = true + CK_FALSE = false + + // some special values for certain CK_ULONG variables + CK_UNAVAILABLE_INFORMATION = ^uint(0) + CK_EFFECTIVELY_INFINITE = 0 + + // The following value is always invalid if used as a session + // handle or object handle + CK_INVALID_HANDLE = 0 + + CKN_SURRENDER = 0 + CKN_OTP_CHANGED = 1 + + // flags: bit flags that provide capabilities of the slot + // + // Bit Flag Mask Meaning + CKF_TOKEN_PRESENT = 0x00000001 // a token is there + CKF_REMOVABLE_DEVICE = 0x00000002 // removable devices + CKF_HW_SLOT = 0x00000004 // hardware slot + + // The flags parameter is defined as follows: + // + // Bit Flag Mask Meaning + CKF_RNG = 0x00000001 // has random # generator + CKF_WRITE_PROTECTED = 0x00000002 // token is write-protected + CKF_LOGIN_REQUIRED = 0x00000004 // user must login + CKF_USER_PIN_INITIALIZED = 0x00000008 // normal user's PIN is set + + // CKF_RESTORE_KEY_NOT_NEEDED. If it is set, + // that means that *every* time the state of cryptographic + // operations of a session is successfully saved, all keys + // needed to continue those operations are stored in the state + CKF_RESTORE_KEY_NOT_NEEDED = 0x00000020 + + // CKF_CLOCK_ON_TOKEN. If it is set, that means + // that the token has some sort of clock. The time on that + // clock is returned in the token info structure + CKF_CLOCK_ON_TOKEN = 0x00000040 + + // CKF_PROTECTED_AUTHENTICATION_PATH. If it is + // set, that means that there is some way for the user to login + // without sending a PIN through the Cryptoki library itself + CKF_PROTECTED_AUTHENTICATION_PATH = 0x00000100 + + // CKF_DUAL_CRYPTO_OPERATIONS. If it is true, + // that means that a single session with the token can perform + // dual simultaneous cryptographic operations (digest and + // encrypt; decrypt and digest; sign and encrypt; and decrypt + // and sign) + CKF_DUAL_CRYPTO_OPERATIONS = 0x00000200 + + // CKF_TOKEN_INITIALIZED. If it is true, the + // token has been initialized using C_InitializeToken or an + // equivalent mechanism outside the scope of PKCS #11. + // Calling C_InitializeToken when this flag is set will cause + // the token to be reinitialized. + CKF_TOKEN_INITIALIZED = 0x00000400 + + // CKF_SECONDARY_AUTHENTICATION. If it is + // true, the token supports secondary authentication for + // private key objects. + CKF_SECONDARY_AUTHENTICATION = 0x00000800 + + // CKF_USER_PIN_COUNT_LOW. If it is true, an + // incorrect user login PIN has been entered at least once + // since the last successful authentication. + CKF_USER_PIN_COUNT_LOW = 0x00010000 + + // CKF_USER_PIN_FINAL_TRY. If it is true, + // supplying an incorrect user PIN will it to become locked. + CKF_USER_PIN_FINAL_TRY = 0x00020000 + + // CKF_USER_PIN_LOCKED. If it is true, the + // user PIN has been locked. User login to the token is not + // possible. + CKF_USER_PIN_LOCKED = 0x00040000 + + // CKF_USER_PIN_TO_BE_CHANGED. If it is true, + // the user PIN value is the default value set by token + // initialization or manufacturing, or the PIN has been + // expired by the card. + CKF_USER_PIN_TO_BE_CHANGED = 0x00080000 + + // CKF_SO_PIN_COUNT_LOW. If it is true, an + // incorrect SO login PIN has been entered at least once since + // the last successful authentication. + CKF_SO_PIN_COUNT_LOW = 0x00100000 + + // CKF_SO_PIN_FINAL_TRY. If it is true, + // supplying an incorrect SO PIN will it to become locked. + CKF_SO_PIN_FINAL_TRY = 0x00200000 + + // CKF_SO_PIN_LOCKED. If it is true, the SO + // PIN has been locked. SO login to the token is not possible. + CKF_SO_PIN_LOCKED = 0x00400000 + + // CKF_SO_PIN_TO_BE_CHANGED. If it is true, + // the SO PIN value is the default value set by token + // initialization or manufacturing, or the PIN has been + // expired by the card. + CKF_SO_PIN_TO_BE_CHANGED = 0x00800000 + CKF_ERROR_STATE = 0x01000000 + + // Security Officer + CKU_SO = 0 + + // Normal user + CKU_USER = 1 + + // Context specific + CKU_CONTEXT_SPECIFIC = 2 + + CKS_RO_PUBLIC_SESSION = 0 + CKS_RO_USER_FUNCTIONS = 1 + CKS_RW_PUBLIC_SESSION = 2 + CKS_RW_USER_FUNCTIONS = 3 + CKS_RW_SO_FUNCTIONS = 4 + + // The flags are defined in the following table: + // + // Bit Flag Mask Meaning + CKF_RW_SESSION = 0x00000002 // session is r/w + CKF_SERIAL_SESSION = 0x00000004 // no parallel + + // The following classes of objects are defined: + CKO_DATA = 0x00000000 + CKO_CERTIFICATE = 0x00000001 + CKO_PUBLIC_KEY = 0x00000002 + CKO_PRIVATE_KEY = 0x00000003 + CKO_SECRET_KEY = 0x00000004 + CKO_HW_FEATURE = 0x00000005 + CKO_DOMAIN_PARAMETERS = 0x00000006 + CKO_MECHANISM = 0x00000007 + CKO_OTP_KEY = 0x00000008 + CKO_VENDOR_DEFINED = 0x80000000 + + // The following hardware feature types are defined + CKH_MONOTONIC_COUNTER = 0x00000001 + CKH_CLOCK = 0x00000002 + CKH_USER_INTERFACE = 0x00000003 + CKH_VENDOR_DEFINED = 0x80000000 + + // the following key types are defined: + CKK_RSA = 0x00000000 + CKK_DSA = 0x00000001 + CKK_DH = 0x00000002 + CKK_ECDSA = 0x00000003 // Deprecated + CKK_EC = 0x00000003 + CKK_X9_42_DH = 0x00000004 + CKK_KEA = 0x00000005 + CKK_GENERIC_SECRET = 0x00000010 + CKK_RC2 = 0x00000011 + CKK_RC4 = 0x00000012 + CKK_DES = 0x00000013 + CKK_DES2 = 0x00000014 + CKK_DES3 = 0x00000015 + CKK_CAST = 0x00000016 + CKK_CAST3 = 0x00000017 + CKK_CAST5 = 0x00000018 // Deprecated + CKK_CAST128 = 0x00000018 + CKK_RC5 = 0x00000019 + CKK_IDEA = 0x0000001A + CKK_SKIPJACK = 0x0000001B + CKK_BATON = 0x0000001C + CKK_JUNIPER = 0x0000001D + CKK_CDMF = 0x0000001E + CKK_AES = 0x0000001F + CKK_BLOWFISH = 0x00000020 + CKK_TWOFISH = 0x00000021 + CKK_SECURID = 0x00000022 + CKK_HOTP = 0x00000023 + CKK_ACTI = 0x00000024 + CKK_CAMELLIA = 0x00000025 + CKK_ARIA = 0x00000026 + CKK_MD5_HMAC = 0x00000027 + CKK_SHA_1_HMAC = 0x00000028 + CKK_RIPEMD128_HMAC = 0x00000029 + CKK_RIPEMD160_HMAC = 0x0000002A + CKK_SHA256_HMAC = 0x0000002B + CKK_SHA384_HMAC = 0x0000002C + CKK_SHA512_HMAC = 0x0000002D + CKK_SHA224_HMAC = 0x0000002E + CKK_SEED = 0x0000002F + CKK_GOSTR3410 = 0x00000030 + CKK_GOSTR3411 = 0x00000031 + CKK_GOST28147 = 0x00000032 + CKK_SHA3_224_HMAC = 0x00000033 + CKK_SHA3_256_HMAC = 0x00000034 + CKK_SHA3_384_HMAC = 0x00000035 + CKK_SHA3_512_HMAC = 0x00000036 + CKK_VENDOR_DEFINED = 0x80000000 + CK_CERTIFICATE_CATEGORY_UNSPECIFIED = 0 CK_CERTIFICATE_CATEGORY_TOKEN_USER = 1 CK_CERTIFICATE_CATEGORY_AUTHORITY = 2 @@ -116,513 +208,539 @@ const ( CK_SECURITY_DOMAIN_MANUFACTURER = 1 CK_SECURITY_DOMAIN_OPERATOR = 2 CK_SECURITY_DOMAIN_THIRD_PARTY = 3 - CKC_X_509 = 0x00000000 - CKC_X_509_ATTR_CERT = 0x00000001 - CKC_WTLS = 0x00000002 - CKC_VENDOR_DEFINED = 0x80000000 - CKF_ARRAY_ATTRIBUTE = 0x40000000 - CK_OTP_FORMAT_DECIMAL = 0 - CK_OTP_FORMAT_HEXADECIMAL = 1 - CK_OTP_FORMAT_ALPHANUMERIC = 2 - CK_OTP_FORMAT_BINARY = 3 - CK_OTP_PARAM_IGNORED = 0 - CK_OTP_PARAM_OPTIONAL = 1 - CK_OTP_PARAM_MANDATORY = 2 - CKA_CLASS = 0x00000000 - CKA_TOKEN = 0x00000001 - CKA_PRIVATE = 0x00000002 - CKA_LABEL = 0x00000003 - CKA_APPLICATION = 0x00000010 - CKA_VALUE = 0x00000011 - CKA_OBJECT_ID = 0x00000012 - CKA_CERTIFICATE_TYPE = 0x00000080 - CKA_ISSUER = 0x00000081 - CKA_SERIAL_NUMBER = 0x00000082 - CKA_AC_ISSUER = 0x00000083 - CKA_OWNER = 0x00000084 - CKA_ATTR_TYPES = 0x00000085 - CKA_TRUSTED = 0x00000086 - CKA_CERTIFICATE_CATEGORY = 0x00000087 - CKA_JAVA_MIDP_SECURITY_DOMAIN = 0x00000088 - CKA_URL = 0x00000089 - CKA_HASH_OF_SUBJECT_PUBLIC_KEY = 0x0000008A - CKA_HASH_OF_ISSUER_PUBLIC_KEY = 0x0000008B - CKA_NAME_HASH_ALGORITHM = 0x0000008C - CKA_CHECK_VALUE = 0x00000090 - CKA_KEY_TYPE = 0x00000100 - CKA_SUBJECT = 0x00000101 - CKA_ID = 0x00000102 - CKA_SENSITIVE = 0x00000103 - CKA_ENCRYPT = 0x00000104 - CKA_DECRYPT = 0x00000105 - CKA_WRAP = 0x00000106 - CKA_UNWRAP = 0x00000107 - CKA_SIGN = 0x00000108 - CKA_SIGN_RECOVER = 0x00000109 - CKA_VERIFY = 0x0000010A - CKA_VERIFY_RECOVER = 0x0000010B - CKA_DERIVE = 0x0000010C - CKA_START_DATE = 0x00000110 - CKA_END_DATE = 0x00000111 - CKA_MODULUS = 0x00000120 - CKA_MODULUS_BITS = 0x00000121 - CKA_PUBLIC_EXPONENT = 0x00000122 - CKA_PRIVATE_EXPONENT = 0x00000123 - CKA_PRIME_1 = 0x00000124 - CKA_PRIME_2 = 0x00000125 - CKA_EXPONENT_1 = 0x00000126 - CKA_EXPONENT_2 = 0x00000127 - CKA_COEFFICIENT = 0x00000128 - CKA_PUBLIC_KEY_INFO = 0x00000129 - CKA_PRIME = 0x00000130 - CKA_SUBPRIME = 0x00000131 - CKA_BASE = 0x00000132 - CKA_PRIME_BITS = 0x00000133 - CKA_SUBPRIME_BITS = 0x00000134 - CKA_SUB_PRIME_BITS = CKA_SUBPRIME_BITS - CKA_VALUE_BITS = 0x00000160 - CKA_VALUE_LEN = 0x00000161 - CKA_EXTRACTABLE = 0x00000162 - CKA_LOCAL = 0x00000163 - CKA_NEVER_EXTRACTABLE = 0x00000164 - CKA_ALWAYS_SENSITIVE = 0x00000165 - CKA_KEY_GEN_MECHANISM = 0x00000166 - CKA_MODIFIABLE = 0x00000170 - CKA_COPYABLE = 0x00000171 - CKA_DESTROYABLE = 0x00000172 - CKA_ECDSA_PARAMS = 0x00000180 // Deprecated - CKA_EC_PARAMS = 0x00000180 - CKA_EC_POINT = 0x00000181 - CKA_SECONDARY_AUTH = 0x00000200 // Deprecated - CKA_AUTH_PIN_FLAGS = 0x00000201 // Deprecated - CKA_ALWAYS_AUTHENTICATE = 0x00000202 - CKA_WRAP_WITH_TRUSTED = 0x00000210 - CKA_WRAP_TEMPLATE = (CKF_ARRAY_ATTRIBUTE | 0x00000211) - CKA_UNWRAP_TEMPLATE = (CKF_ARRAY_ATTRIBUTE | 0x00000212) - CKA_DERIVE_TEMPLATE = (CKF_ARRAY_ATTRIBUTE | 0x00000213) - CKA_OTP_FORMAT = 0x00000220 - CKA_OTP_LENGTH = 0x00000221 - CKA_OTP_TIME_INTERVAL = 0x00000222 - CKA_OTP_USER_FRIENDLY_MODE = 0x00000223 - CKA_OTP_CHALLENGE_REQUIREMENT = 0x00000224 - CKA_OTP_TIME_REQUIREMENT = 0x00000225 - CKA_OTP_COUNTER_REQUIREMENT = 0x00000226 - CKA_OTP_PIN_REQUIREMENT = 0x00000227 - CKA_OTP_COUNTER = 0x0000022E - CKA_OTP_TIME = 0x0000022F - CKA_OTP_USER_IDENTIFIER = 0x0000022A - CKA_OTP_SERVICE_IDENTIFIER = 0x0000022B - CKA_OTP_SERVICE_LOGO = 0x0000022C - CKA_OTP_SERVICE_LOGO_TYPE = 0x0000022D - CKA_GOSTR3410_PARAMS = 0x00000250 - CKA_GOSTR3411_PARAMS = 0x00000251 - CKA_GOST28147_PARAMS = 0x00000252 - CKA_HW_FEATURE_TYPE = 0x00000300 - CKA_RESET_ON_INIT = 0x00000301 - CKA_HAS_RESET = 0x00000302 - CKA_PIXEL_X = 0x00000400 - CKA_PIXEL_Y = 0x00000401 - CKA_RESOLUTION = 0x00000402 - CKA_CHAR_ROWS = 0x00000403 - CKA_CHAR_COLUMNS = 0x00000404 - CKA_COLOR = 0x00000405 - CKA_BITS_PER_PIXEL = 0x00000406 - CKA_CHAR_SETS = 0x00000480 - CKA_ENCODING_METHODS = 0x00000481 - CKA_MIME_TYPES = 0x00000482 - CKA_MECHANISM_TYPE = 0x00000500 - CKA_REQUIRED_CMS_ATTRIBUTES = 0x00000501 - CKA_DEFAULT_CMS_ATTRIBUTES = 0x00000502 - CKA_SUPPORTED_CMS_ATTRIBUTES = 0x00000503 - CKA_ALLOWED_MECHANISMS = (CKF_ARRAY_ATTRIBUTE | 0x00000600) - CKA_VENDOR_DEFINED = 0x80000000 - CKM_RSA_PKCS_KEY_PAIR_GEN = 0x00000000 - CKM_RSA_PKCS = 0x00000001 - CKM_RSA_9796 = 0x00000002 - CKM_RSA_X_509 = 0x00000003 - CKM_MD2_RSA_PKCS = 0x00000004 - CKM_MD5_RSA_PKCS = 0x00000005 - CKM_SHA1_RSA_PKCS = 0x00000006 - CKM_RIPEMD128_RSA_PKCS = 0x00000007 - CKM_RIPEMD160_RSA_PKCS = 0x00000008 - CKM_RSA_PKCS_OAEP = 0x00000009 - CKM_RSA_X9_31_KEY_PAIR_GEN = 0x0000000A - CKM_RSA_X9_31 = 0x0000000B - CKM_SHA1_RSA_X9_31 = 0x0000000C - CKM_RSA_PKCS_PSS = 0x0000000D - CKM_SHA1_RSA_PKCS_PSS = 0x0000000E - CKM_DSA_KEY_PAIR_GEN = 0x00000010 - CKM_DSA = 0x00000011 - CKM_DSA_SHA1 = 0x00000012 - CKM_DSA_SHA224 = 0x00000013 - CKM_DSA_SHA256 = 0x00000014 - CKM_DSA_SHA384 = 0x00000015 - CKM_DSA_SHA512 = 0x00000016 - CKM_DSA_SHA3_224 = 0x00000018 - CKM_DSA_SHA3_256 = 0x00000019 - CKM_DSA_SHA3_384 = 0x0000001A - CKM_DSA_SHA3_512 = 0x0000001B - CKM_DH_PKCS_KEY_PAIR_GEN = 0x00000020 - CKM_DH_PKCS_DERIVE = 0x00000021 - CKM_X9_42_DH_KEY_PAIR_GEN = 0x00000030 - CKM_X9_42_DH_DERIVE = 0x00000031 - CKM_X9_42_DH_HYBRID_DERIVE = 0x00000032 - CKM_X9_42_MQV_DERIVE = 0x00000033 - CKM_SHA256_RSA_PKCS = 0x00000040 - CKM_SHA384_RSA_PKCS = 0x00000041 - CKM_SHA512_RSA_PKCS = 0x00000042 - CKM_SHA256_RSA_PKCS_PSS = 0x00000043 - CKM_SHA384_RSA_PKCS_PSS = 0x00000044 - CKM_SHA512_RSA_PKCS_PSS = 0x00000045 - CKM_SHA224_RSA_PKCS = 0x00000046 - CKM_SHA224_RSA_PKCS_PSS = 0x00000047 - CKM_SHA512_224 = 0x00000048 - CKM_SHA512_224_HMAC = 0x00000049 - CKM_SHA512_224_HMAC_GENERAL = 0x0000004A - CKM_SHA512_224_KEY_DERIVATION = 0x0000004B - CKM_SHA512_256 = 0x0000004C - CKM_SHA512_256_HMAC = 0x0000004D - CKM_SHA512_256_HMAC_GENERAL = 0x0000004E - CKM_SHA512_256_KEY_DERIVATION = 0x0000004F - CKM_SHA512_T = 0x00000050 - CKM_SHA512_T_HMAC = 0x00000051 - CKM_SHA512_T_HMAC_GENERAL = 0x00000052 - CKM_SHA512_T_KEY_DERIVATION = 0x00000053 - CKM_SHA3_256_RSA_PKCS = 0x00000060 - CKM_SHA3_384_RSA_PKCS = 0x00000061 - CKM_SHA3_512_RSA_PKCS = 0x00000062 - CKM_SHA3_256_RSA_PKCS_PSS = 0x00000063 - CKM_SHA3_384_RSA_PKCS_PSS = 0x00000064 - CKM_SHA3_512_RSA_PKCS_PSS = 0x00000065 - CKM_SHA3_224_RSA_PKCS = 0x00000066 - CKM_SHA3_224_RSA_PKCS_PSS = 0x00000067 - CKM_RC2_KEY_GEN = 0x00000100 - CKM_RC2_ECB = 0x00000101 - CKM_RC2_CBC = 0x00000102 - CKM_RC2_MAC = 0x00000103 - CKM_RC2_MAC_GENERAL = 0x00000104 - CKM_RC2_CBC_PAD = 0x00000105 - CKM_RC4_KEY_GEN = 0x00000110 - CKM_RC4 = 0x00000111 - CKM_DES_KEY_GEN = 0x00000120 - CKM_DES_ECB = 0x00000121 - CKM_DES_CBC = 0x00000122 - CKM_DES_MAC = 0x00000123 - CKM_DES_MAC_GENERAL = 0x00000124 - CKM_DES_CBC_PAD = 0x00000125 - CKM_DES2_KEY_GEN = 0x00000130 - CKM_DES3_KEY_GEN = 0x00000131 - CKM_DES3_ECB = 0x00000132 - CKM_DES3_CBC = 0x00000133 - CKM_DES3_MAC = 0x00000134 - CKM_DES3_MAC_GENERAL = 0x00000135 - CKM_DES3_CBC_PAD = 0x00000136 - CKM_DES3_CMAC_GENERAL = 0x00000137 - CKM_DES3_CMAC = 0x00000138 - CKM_CDMF_KEY_GEN = 0x00000140 - CKM_CDMF_ECB = 0x00000141 - CKM_CDMF_CBC = 0x00000142 - CKM_CDMF_MAC = 0x00000143 - CKM_CDMF_MAC_GENERAL = 0x00000144 - CKM_CDMF_CBC_PAD = 0x00000145 - CKM_DES_OFB64 = 0x00000150 - CKM_DES_OFB8 = 0x00000151 - CKM_DES_CFB64 = 0x00000152 - CKM_DES_CFB8 = 0x00000153 - CKM_MD2 = 0x00000200 - CKM_MD2_HMAC = 0x00000201 - CKM_MD2_HMAC_GENERAL = 0x00000202 - CKM_MD5 = 0x00000210 - CKM_MD5_HMAC = 0x00000211 - CKM_MD5_HMAC_GENERAL = 0x00000212 - CKM_SHA_1 = 0x00000220 - CKM_SHA_1_HMAC = 0x00000221 - CKM_SHA_1_HMAC_GENERAL = 0x00000222 - CKM_RIPEMD128 = 0x00000230 - CKM_RIPEMD128_HMAC = 0x00000231 - CKM_RIPEMD128_HMAC_GENERAL = 0x00000232 - CKM_RIPEMD160 = 0x00000240 - CKM_RIPEMD160_HMAC = 0x00000241 - CKM_RIPEMD160_HMAC_GENERAL = 0x00000242 - CKM_SHA256 = 0x00000250 - CKM_SHA256_HMAC = 0x00000251 - CKM_SHA256_HMAC_GENERAL = 0x00000252 - CKM_SHA224 = 0x00000255 - CKM_SHA224_HMAC = 0x00000256 - CKM_SHA224_HMAC_GENERAL = 0x00000257 - CKM_SHA384 = 0x00000260 - CKM_SHA384_HMAC = 0x00000261 - CKM_SHA384_HMAC_GENERAL = 0x00000262 - CKM_SHA512 = 0x00000270 - CKM_SHA512_HMAC = 0x00000271 - CKM_SHA512_HMAC_GENERAL = 0x00000272 - CKM_SECURID_KEY_GEN = 0x00000280 - CKM_SECURID = 0x00000282 - CKM_HOTP_KEY_GEN = 0x00000290 - CKM_HOTP = 0x00000291 - CKM_ACTI = 0x000002A0 - CKM_ACTI_KEY_GEN = 0x000002A1 - CKM_SHA3_256 = 0x000002B0 - CKM_SHA3_256_HMAC = 0x000002B1 - CKM_SHA3_256_HMAC_GENERAL = 0x000002B2 - CKM_SHA3_256_KEY_GEN = 0x000002B3 - CKM_SHA3_224 = 0x000002B5 - CKM_SHA3_224_HMAC = 0x000002B6 - CKM_SHA3_224_HMAC_GENERAL = 0x000002B7 - CKM_SHA3_224_KEY_GEN = 0x000002B8 - CKM_SHA3_384 = 0x000002C0 - CKM_SHA3_384_HMAC = 0x000002C1 - CKM_SHA3_384_HMAC_GENERAL = 0x000002C2 - CKM_SHA3_384_KEY_GEN = 0x000002C3 - CKM_SHA3_512 = 0x000002D0 - CKM_SHA3_512_HMAC = 0x000002D1 - CKM_SHA3_512_HMAC_GENERAL = 0x000002D2 - CKM_SHA3_512_KEY_GEN = 0x000002D3 - CKM_CAST_KEY_GEN = 0x00000300 - CKM_CAST_ECB = 0x00000301 - CKM_CAST_CBC = 0x00000302 - CKM_CAST_MAC = 0x00000303 - CKM_CAST_MAC_GENERAL = 0x00000304 - CKM_CAST_CBC_PAD = 0x00000305 - CKM_CAST3_KEY_GEN = 0x00000310 - CKM_CAST3_ECB = 0x00000311 - CKM_CAST3_CBC = 0x00000312 - CKM_CAST3_MAC = 0x00000313 - CKM_CAST3_MAC_GENERAL = 0x00000314 - CKM_CAST3_CBC_PAD = 0x00000315 - CKM_CAST5_KEY_GEN = 0x00000320 - CKM_CAST128_KEY_GEN = 0x00000320 - CKM_CAST5_ECB = 0x00000321 - CKM_CAST128_ECB = 0x00000321 - CKM_CAST5_CBC = 0x00000322 // Deprecated - CKM_CAST128_CBC = 0x00000322 - CKM_CAST5_MAC = 0x00000323 // Deprecated - CKM_CAST128_MAC = 0x00000323 - CKM_CAST5_MAC_GENERAL = 0x00000324 // Deprecated - CKM_CAST128_MAC_GENERAL = 0x00000324 - CKM_CAST5_CBC_PAD = 0x00000325 // Deprecated - CKM_CAST128_CBC_PAD = 0x00000325 - CKM_RC5_KEY_GEN = 0x00000330 - CKM_RC5_ECB = 0x00000331 - CKM_RC5_CBC = 0x00000332 - CKM_RC5_MAC = 0x00000333 - CKM_RC5_MAC_GENERAL = 0x00000334 - CKM_RC5_CBC_PAD = 0x00000335 - CKM_IDEA_KEY_GEN = 0x00000340 - CKM_IDEA_ECB = 0x00000341 - CKM_IDEA_CBC = 0x00000342 - CKM_IDEA_MAC = 0x00000343 - CKM_IDEA_MAC_GENERAL = 0x00000344 - CKM_IDEA_CBC_PAD = 0x00000345 - CKM_GENERIC_SECRET_KEY_GEN = 0x00000350 - CKM_CONCATENATE_BASE_AND_KEY = 0x00000360 - CKM_CONCATENATE_BASE_AND_DATA = 0x00000362 - CKM_CONCATENATE_DATA_AND_BASE = 0x00000363 - CKM_XOR_BASE_AND_DATA = 0x00000364 - CKM_EXTRACT_KEY_FROM_KEY = 0x00000365 - CKM_SSL3_PRE_MASTER_KEY_GEN = 0x00000370 - CKM_SSL3_MASTER_KEY_DERIVE = 0x00000371 - CKM_SSL3_KEY_AND_MAC_DERIVE = 0x00000372 - CKM_SSL3_MASTER_KEY_DERIVE_DH = 0x00000373 - CKM_TLS_PRE_MASTER_KEY_GEN = 0x00000374 - CKM_TLS_MASTER_KEY_DERIVE = 0x00000375 - CKM_TLS_KEY_AND_MAC_DERIVE = 0x00000376 - CKM_TLS_MASTER_KEY_DERIVE_DH = 0x00000377 - CKM_TLS_PRF = 0x00000378 - CKM_SSL3_MD5_MAC = 0x00000380 - CKM_SSL3_SHA1_MAC = 0x00000381 - CKM_MD5_KEY_DERIVATION = 0x00000390 - CKM_MD2_KEY_DERIVATION = 0x00000391 - CKM_SHA1_KEY_DERIVATION = 0x00000392 - CKM_SHA256_KEY_DERIVATION = 0x00000393 - CKM_SHA384_KEY_DERIVATION = 0x00000394 - CKM_SHA512_KEY_DERIVATION = 0x00000395 - CKM_SHA224_KEY_DERIVATION = 0x00000396 - CKM_SHA3_256_KEY_DERIVE = 0x00000397 - CKM_SHA3_224_KEY_DERIVE = 0x00000398 - CKM_SHA3_384_KEY_DERIVE = 0x00000399 - CKM_SHA3_512_KEY_DERIVE = 0x0000039A - CKM_SHAKE_128_KEY_DERIVE = 0x0000039B - CKM_SHAKE_256_KEY_DERIVE = 0x0000039C - CKM_PBE_MD2_DES_CBC = 0x000003A0 - CKM_PBE_MD5_DES_CBC = 0x000003A1 - CKM_PBE_MD5_CAST_CBC = 0x000003A2 - CKM_PBE_MD5_CAST3_CBC = 0x000003A3 - CKM_PBE_MD5_CAST5_CBC = 0x000003A4 // Deprecated - CKM_PBE_MD5_CAST128_CBC = 0x000003A4 - CKM_PBE_SHA1_CAST5_CBC = 0x000003A5 // Deprecated - CKM_PBE_SHA1_CAST128_CBC = 0x000003A5 - CKM_PBE_SHA1_RC4_128 = 0x000003A6 - CKM_PBE_SHA1_RC4_40 = 0x000003A7 - CKM_PBE_SHA1_DES3_EDE_CBC = 0x000003A8 - CKM_PBE_SHA1_DES2_EDE_CBC = 0x000003A9 - CKM_PBE_SHA1_RC2_128_CBC = 0x000003AA - CKM_PBE_SHA1_RC2_40_CBC = 0x000003AB - CKM_PKCS5_PBKD2 = 0x000003B0 - CKM_PBA_SHA1_WITH_SHA1_HMAC = 0x000003C0 - CKM_WTLS_PRE_MASTER_KEY_GEN = 0x000003D0 - CKM_WTLS_MASTER_KEY_DERIVE = 0x000003D1 - CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC = 0x000003D2 - CKM_WTLS_PRF = 0x000003D3 - CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE = 0x000003D4 - CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE = 0x000003D5 - CKM_TLS10_MAC_SERVER = 0x000003D6 - CKM_TLS10_MAC_CLIENT = 0x000003D7 - CKM_TLS12_MAC = 0x000003D8 - CKM_TLS12_KDF = 0x000003D9 - CKM_TLS12_MASTER_KEY_DERIVE = 0x000003E0 - CKM_TLS12_KEY_AND_MAC_DERIVE = 0x000003E1 - CKM_TLS12_MASTER_KEY_DERIVE_DH = 0x000003E2 - CKM_TLS12_KEY_SAFE_DERIVE = 0x000003E3 - CKM_TLS_MAC = 0x000003E4 - CKM_TLS_KDF = 0x000003E5 - CKM_KEY_WRAP_LYNKS = 0x00000400 - CKM_KEY_WRAP_SET_OAEP = 0x00000401 - CKM_CMS_SIG = 0x00000500 - CKM_KIP_DERIVE = 0x00000510 - CKM_KIP_WRAP = 0x00000511 - CKM_KIP_MAC = 0x00000512 - CKM_CAMELLIA_KEY_GEN = 0x00000550 - CKM_CAMELLIA_ECB = 0x00000551 - CKM_CAMELLIA_CBC = 0x00000552 - CKM_CAMELLIA_MAC = 0x00000553 - CKM_CAMELLIA_MAC_GENERAL = 0x00000554 - CKM_CAMELLIA_CBC_PAD = 0x00000555 - CKM_CAMELLIA_ECB_ENCRYPT_DATA = 0x00000556 - CKM_CAMELLIA_CBC_ENCRYPT_DATA = 0x00000557 - CKM_CAMELLIA_CTR = 0x00000558 - CKM_ARIA_KEY_GEN = 0x00000560 - CKM_ARIA_ECB = 0x00000561 - CKM_ARIA_CBC = 0x00000562 - CKM_ARIA_MAC = 0x00000563 - CKM_ARIA_MAC_GENERAL = 0x00000564 - CKM_ARIA_CBC_PAD = 0x00000565 - CKM_ARIA_ECB_ENCRYPT_DATA = 0x00000566 - CKM_ARIA_CBC_ENCRYPT_DATA = 0x00000567 - CKM_SEED_KEY_GEN = 0x00000650 - CKM_SEED_ECB = 0x00000651 - CKM_SEED_CBC = 0x00000652 - CKM_SEED_MAC = 0x00000653 - CKM_SEED_MAC_GENERAL = 0x00000654 - CKM_SEED_CBC_PAD = 0x00000655 - CKM_SEED_ECB_ENCRYPT_DATA = 0x00000656 - CKM_SEED_CBC_ENCRYPT_DATA = 0x00000657 - CKM_SKIPJACK_KEY_GEN = 0x00001000 - CKM_SKIPJACK_ECB64 = 0x00001001 - CKM_SKIPJACK_CBC64 = 0x00001002 - CKM_SKIPJACK_OFB64 = 0x00001003 - CKM_SKIPJACK_CFB64 = 0x00001004 - CKM_SKIPJACK_CFB32 = 0x00001005 - CKM_SKIPJACK_CFB16 = 0x00001006 - CKM_SKIPJACK_CFB8 = 0x00001007 - CKM_SKIPJACK_WRAP = 0x00001008 - CKM_SKIPJACK_PRIVATE_WRAP = 0x00001009 - CKM_SKIPJACK_RELAYX = 0x0000100a - CKM_KEA_KEY_PAIR_GEN = 0x00001010 - CKM_KEA_KEY_DERIVE = 0x00001011 - CKM_KEA_DERIVE = 0x00001012 - CKM_FORTEZZA_TIMESTAMP = 0x00001020 - CKM_BATON_KEY_GEN = 0x00001030 - CKM_BATON_ECB128 = 0x00001031 - CKM_BATON_ECB96 = 0x00001032 - CKM_BATON_CBC128 = 0x00001033 - CKM_BATON_COUNTER = 0x00001034 - CKM_BATON_SHUFFLE = 0x00001035 - CKM_BATON_WRAP = 0x00001036 - CKM_ECDSA_KEY_PAIR_GEN = 0x00001040 // Deprecated - CKM_EC_KEY_PAIR_GEN = 0x00001040 - CKM_ECDSA = 0x00001041 - CKM_ECDSA_SHA1 = 0x00001042 - CKM_ECDSA_SHA224 = 0x00001043 - CKM_ECDSA_SHA256 = 0x00001044 - CKM_ECDSA_SHA384 = 0x00001045 - CKM_ECDSA_SHA512 = 0x00001046 - CKM_ECDH1_DERIVE = 0x00001050 - CKM_ECDH1_COFACTOR_DERIVE = 0x00001051 - CKM_ECMQV_DERIVE = 0x00001052 - CKM_ECDH_AES_KEY_WRAP = 0x00001053 - CKM_RSA_AES_KEY_WRAP = 0x00001054 - CKM_JUNIPER_KEY_GEN = 0x00001060 - CKM_JUNIPER_ECB128 = 0x00001061 - CKM_JUNIPER_CBC128 = 0x00001062 - CKM_JUNIPER_COUNTER = 0x00001063 - CKM_JUNIPER_SHUFFLE = 0x00001064 - CKM_JUNIPER_WRAP = 0x00001065 - CKM_FASTHASH = 0x00001070 - CKM_AES_KEY_GEN = 0x00001080 - CKM_AES_ECB = 0x00001081 - CKM_AES_CBC = 0x00001082 - CKM_AES_MAC = 0x00001083 - CKM_AES_MAC_GENERAL = 0x00001084 - CKM_AES_CBC_PAD = 0x00001085 - CKM_AES_CTR = 0x00001086 - CKM_AES_GCM = 0x00001087 - CKM_AES_CCM = 0x00001088 - CKM_AES_CTS = 0x00001089 - CKM_AES_CMAC = 0x0000108A - CKM_AES_CMAC_GENERAL = 0x0000108B - CKM_AES_XCBC_MAC = 0x0000108C - CKM_AES_XCBC_MAC_96 = 0x0000108D - CKM_AES_GMAC = 0x0000108E - CKM_BLOWFISH_KEY_GEN = 0x00001090 - CKM_BLOWFISH_CBC = 0x00001091 - CKM_TWOFISH_KEY_GEN = 0x00001092 - CKM_TWOFISH_CBC = 0x00001093 - CKM_BLOWFISH_CBC_PAD = 0x00001094 - CKM_TWOFISH_CBC_PAD = 0x00001095 - CKM_DES_ECB_ENCRYPT_DATA = 0x00001100 - CKM_DES_CBC_ENCRYPT_DATA = 0x00001101 - CKM_DES3_ECB_ENCRYPT_DATA = 0x00001102 - CKM_DES3_CBC_ENCRYPT_DATA = 0x00001103 - CKM_AES_ECB_ENCRYPT_DATA = 0x00001104 - CKM_AES_CBC_ENCRYPT_DATA = 0x00001105 - CKM_GOSTR3410_KEY_PAIR_GEN = 0x00001200 - CKM_GOSTR3410 = 0x00001201 - CKM_GOSTR3410_WITH_GOSTR3411 = 0x00001202 - CKM_GOSTR3410_KEY_WRAP = 0x00001203 - CKM_GOSTR3410_DERIVE = 0x00001204 - CKM_GOSTR3411 = 0x00001210 - CKM_GOSTR3411_HMAC = 0x00001211 - CKM_GOST28147_KEY_GEN = 0x00001220 - CKM_GOST28147_ECB = 0x00001221 - CKM_GOST28147 = 0x00001222 - CKM_GOST28147_MAC = 0x00001223 - CKM_GOST28147_KEY_WRAP = 0x00001224 - CKM_DSA_PARAMETER_GEN = 0x00002000 - CKM_DH_PKCS_PARAMETER_GEN = 0x00002001 - CKM_X9_42_DH_PARAMETER_GEN = 0x00002002 - CKM_DSA_PROBABLISTIC_PARAMETER_GEN = 0x00002003 - CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN = 0x00002004 - CKM_AES_OFB = 0x00002104 - CKM_AES_CFB64 = 0x00002105 - CKM_AES_CFB8 = 0x00002106 - CKM_AES_CFB128 = 0x00002107 - CKM_AES_CFB1 = 0x00002108 - CKM_AES_KEY_WRAP = 0x00002109 - CKM_AES_KEY_WRAP_PAD = 0x0000210A - CKM_RSA_PKCS_TPM_1_1 = 0x00004001 - CKM_RSA_PKCS_OAEP_TPM_1_1 = 0x00004002 - CKM_VENDOR_DEFINED = 0x80000000 - CKF_HW = 0x00000001 - CKF_ENCRYPT = 0x00000100 - CKF_DECRYPT = 0x00000200 - CKF_DIGEST = 0x00000400 - CKF_SIGN = 0x00000800 - CKF_SIGN_RECOVER = 0x00001000 - CKF_VERIFY = 0x00002000 - CKF_VERIFY_RECOVER = 0x00004000 - CKF_GENERATE = 0x00008000 - CKF_GENERATE_KEY_PAIR = 0x00010000 - CKF_WRAP = 0x00020000 - CKF_UNWRAP = 0x00040000 - CKF_DERIVE = 0x00080000 - CKF_EC_F_P = 0x00100000 - CKF_EC_F_2M = 0x00200000 - CKF_EC_ECPARAMETERS = 0x00400000 - CKF_EC_NAMEDCURVE = 0x00800000 - CKF_EC_UNCOMPRESS = 0x01000000 - CKF_EC_COMPRESS = 0x02000000 - CKF_EXTENSION = 0x80000000 + + // The following certificate types are defined: + CKC_X_509 = 0x00000000 + CKC_X_509_ATTR_CERT = 0x00000001 + CKC_WTLS = 0x00000002 + CKC_VENDOR_DEFINED = 0x80000000 + + // The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which + // consists of an array of values. + CKF_ARRAY_ATTRIBUTE = 0x40000000 + + // The following OTP-related defines relate to the CKA_OTP_FORMAT attribute + CK_OTP_FORMAT_DECIMAL = 0 + CK_OTP_FORMAT_HEXADECIMAL = 1 + CK_OTP_FORMAT_ALPHANUMERIC = 2 + CK_OTP_FORMAT_BINARY = 3 + + // The following OTP-related defines relate to the CKA_OTP_..._REQUIREMENT + // attributes + CK_OTP_PARAM_IGNORED = 0 + CK_OTP_PARAM_OPTIONAL = 1 + CK_OTP_PARAM_MANDATORY = 2 + + // The following attribute types are defined: + CKA_CLASS = 0x00000000 + CKA_TOKEN = 0x00000001 + CKA_PRIVATE = 0x00000002 + CKA_LABEL = 0x00000003 + CKA_APPLICATION = 0x00000010 + CKA_VALUE = 0x00000011 + CKA_OBJECT_ID = 0x00000012 + CKA_CERTIFICATE_TYPE = 0x00000080 + CKA_ISSUER = 0x00000081 + CKA_SERIAL_NUMBER = 0x00000082 + CKA_AC_ISSUER = 0x00000083 + CKA_OWNER = 0x00000084 + CKA_ATTR_TYPES = 0x00000085 + CKA_TRUSTED = 0x00000086 + CKA_CERTIFICATE_CATEGORY = 0x00000087 + CKA_JAVA_MIDP_SECURITY_DOMAIN = 0x00000088 + CKA_URL = 0x00000089 + CKA_HASH_OF_SUBJECT_PUBLIC_KEY = 0x0000008A + CKA_HASH_OF_ISSUER_PUBLIC_KEY = 0x0000008B + CKA_NAME_HASH_ALGORITHM = 0x0000008C + CKA_CHECK_VALUE = 0x00000090 + CKA_KEY_TYPE = 0x00000100 + CKA_SUBJECT = 0x00000101 + CKA_ID = 0x00000102 + CKA_SENSITIVE = 0x00000103 + CKA_ENCRYPT = 0x00000104 + CKA_DECRYPT = 0x00000105 + CKA_WRAP = 0x00000106 + CKA_UNWRAP = 0x00000107 + CKA_SIGN = 0x00000108 + CKA_SIGN_RECOVER = 0x00000109 + CKA_VERIFY = 0x0000010A + CKA_VERIFY_RECOVER = 0x0000010B + CKA_DERIVE = 0x0000010C + CKA_START_DATE = 0x00000110 + CKA_END_DATE = 0x00000111 + CKA_MODULUS = 0x00000120 + CKA_MODULUS_BITS = 0x00000121 + CKA_PUBLIC_EXPONENT = 0x00000122 + CKA_PRIVATE_EXPONENT = 0x00000123 + CKA_PRIME_1 = 0x00000124 + CKA_PRIME_2 = 0x00000125 + CKA_EXPONENT_1 = 0x00000126 + CKA_EXPONENT_2 = 0x00000127 + CKA_COEFFICIENT = 0x00000128 + CKA_PUBLIC_KEY_INFO = 0x00000129 + CKA_PRIME = 0x00000130 + CKA_SUBPRIME = 0x00000131 + CKA_BASE = 0x00000132 + CKA_PRIME_BITS = 0x00000133 + CKA_SUBPRIME_BITS = 0x00000134 + CKA_SUB_PRIME_BITS = CKA_SUBPRIME_BITS + CKA_VALUE_BITS = 0x00000160 + CKA_VALUE_LEN = 0x00000161 + CKA_EXTRACTABLE = 0x00000162 + CKA_LOCAL = 0x00000163 + CKA_NEVER_EXTRACTABLE = 0x00000164 + CKA_ALWAYS_SENSITIVE = 0x00000165 + CKA_KEY_GEN_MECHANISM = 0x00000166 + CKA_MODIFIABLE = 0x00000170 + CKA_COPYABLE = 0x00000171 + CKA_DESTROYABLE = 0x00000172 + CKA_ECDSA_PARAMS = 0x00000180 // Deprecated + CKA_EC_PARAMS = 0x00000180 + CKA_EC_POINT = 0x00000181 + CKA_SECONDARY_AUTH = 0x00000200 // Deprecated + CKA_AUTH_PIN_FLAGS = 0x00000201 // Deprecated + CKA_ALWAYS_AUTHENTICATE = 0x00000202 + CKA_WRAP_WITH_TRUSTED = 0x00000210 + CKA_WRAP_TEMPLATE = (CKF_ARRAY_ATTRIBUTE | 0x00000211) + CKA_UNWRAP_TEMPLATE = (CKF_ARRAY_ATTRIBUTE | 0x00000212) + CKA_DERIVE_TEMPLATE = (CKF_ARRAY_ATTRIBUTE | 0x00000213) + CKA_OTP_FORMAT = 0x00000220 + CKA_OTP_LENGTH = 0x00000221 + CKA_OTP_TIME_INTERVAL = 0x00000222 + CKA_OTP_USER_FRIENDLY_MODE = 0x00000223 + CKA_OTP_CHALLENGE_REQUIREMENT = 0x00000224 + CKA_OTP_TIME_REQUIREMENT = 0x00000225 + CKA_OTP_COUNTER_REQUIREMENT = 0x00000226 + CKA_OTP_PIN_REQUIREMENT = 0x00000227 + CKA_OTP_COUNTER = 0x0000022E + CKA_OTP_TIME = 0x0000022F + CKA_OTP_USER_IDENTIFIER = 0x0000022A + CKA_OTP_SERVICE_IDENTIFIER = 0x0000022B + CKA_OTP_SERVICE_LOGO = 0x0000022C + CKA_OTP_SERVICE_LOGO_TYPE = 0x0000022D + CKA_GOSTR3410_PARAMS = 0x00000250 + CKA_GOSTR3411_PARAMS = 0x00000251 + CKA_GOST28147_PARAMS = 0x00000252 + CKA_HW_FEATURE_TYPE = 0x00000300 + CKA_RESET_ON_INIT = 0x00000301 + CKA_HAS_RESET = 0x00000302 + CKA_PIXEL_X = 0x00000400 + CKA_PIXEL_Y = 0x00000401 + CKA_RESOLUTION = 0x00000402 + CKA_CHAR_ROWS = 0x00000403 + CKA_CHAR_COLUMNS = 0x00000404 + CKA_COLOR = 0x00000405 + CKA_BITS_PER_PIXEL = 0x00000406 + CKA_CHAR_SETS = 0x00000480 + CKA_ENCODING_METHODS = 0x00000481 + CKA_MIME_TYPES = 0x00000482 + CKA_MECHANISM_TYPE = 0x00000500 + CKA_REQUIRED_CMS_ATTRIBUTES = 0x00000501 + CKA_DEFAULT_CMS_ATTRIBUTES = 0x00000502 + CKA_SUPPORTED_CMS_ATTRIBUTES = 0x00000503 + CKA_ALLOWED_MECHANISMS = (CKF_ARRAY_ATTRIBUTE | 0x00000600) + CKA_VENDOR_DEFINED = 0x80000000 + + // the following mechanism types are defined: + CKM_RSA_PKCS_KEY_PAIR_GEN = 0x00000000 + CKM_RSA_PKCS = 0x00000001 + CKM_RSA_9796 = 0x00000002 + CKM_RSA_X_509 = 0x00000003 + CKM_MD2_RSA_PKCS = 0x00000004 + CKM_MD5_RSA_PKCS = 0x00000005 + CKM_SHA1_RSA_PKCS = 0x00000006 + CKM_RIPEMD128_RSA_PKCS = 0x00000007 + CKM_RIPEMD160_RSA_PKCS = 0x00000008 + CKM_RSA_PKCS_OAEP = 0x00000009 + CKM_RSA_X9_31_KEY_PAIR_GEN = 0x0000000A + CKM_RSA_X9_31 = 0x0000000B + CKM_SHA1_RSA_X9_31 = 0x0000000C + CKM_RSA_PKCS_PSS = 0x0000000D + CKM_SHA1_RSA_PKCS_PSS = 0x0000000E + CKM_DSA_KEY_PAIR_GEN = 0x00000010 + CKM_DSA = 0x00000011 + CKM_DSA_SHA1 = 0x00000012 + CKM_DSA_SHA224 = 0x00000013 + CKM_DSA_SHA256 = 0x00000014 + CKM_DSA_SHA384 = 0x00000015 + CKM_DSA_SHA512 = 0x00000016 + CKM_DSA_SHA3_224 = 0x00000018 + CKM_DSA_SHA3_256 = 0x00000019 + CKM_DSA_SHA3_384 = 0x0000001A + CKM_DSA_SHA3_512 = 0x0000001B + CKM_DH_PKCS_KEY_PAIR_GEN = 0x00000020 + CKM_DH_PKCS_DERIVE = 0x00000021 + CKM_X9_42_DH_KEY_PAIR_GEN = 0x00000030 + CKM_X9_42_DH_DERIVE = 0x00000031 + CKM_X9_42_DH_HYBRID_DERIVE = 0x00000032 + CKM_X9_42_MQV_DERIVE = 0x00000033 + CKM_SHA256_RSA_PKCS = 0x00000040 + CKM_SHA384_RSA_PKCS = 0x00000041 + CKM_SHA512_RSA_PKCS = 0x00000042 + CKM_SHA256_RSA_PKCS_PSS = 0x00000043 + CKM_SHA384_RSA_PKCS_PSS = 0x00000044 + CKM_SHA512_RSA_PKCS_PSS = 0x00000045 + CKM_SHA224_RSA_PKCS = 0x00000046 + CKM_SHA224_RSA_PKCS_PSS = 0x00000047 + CKM_SHA512_224 = 0x00000048 + CKM_SHA512_224_HMAC = 0x00000049 + CKM_SHA512_224_HMAC_GENERAL = 0x0000004A + CKM_SHA512_224_KEY_DERIVATION = 0x0000004B + CKM_SHA512_256 = 0x0000004C + CKM_SHA512_256_HMAC = 0x0000004D + CKM_SHA512_256_HMAC_GENERAL = 0x0000004E + CKM_SHA512_256_KEY_DERIVATION = 0x0000004F + CKM_SHA512_T = 0x00000050 + CKM_SHA512_T_HMAC = 0x00000051 + CKM_SHA512_T_HMAC_GENERAL = 0x00000052 + CKM_SHA512_T_KEY_DERIVATION = 0x00000053 + CKM_SHA3_256_RSA_PKCS = 0x00000060 + CKM_SHA3_384_RSA_PKCS = 0x00000061 + CKM_SHA3_512_RSA_PKCS = 0x00000062 + CKM_SHA3_256_RSA_PKCS_PSS = 0x00000063 + CKM_SHA3_384_RSA_PKCS_PSS = 0x00000064 + CKM_SHA3_512_RSA_PKCS_PSS = 0x00000065 + CKM_SHA3_224_RSA_PKCS = 0x00000066 + CKM_SHA3_224_RSA_PKCS_PSS = 0x00000067 + CKM_RC2_KEY_GEN = 0x00000100 + CKM_RC2_ECB = 0x00000101 + CKM_RC2_CBC = 0x00000102 + CKM_RC2_MAC = 0x00000103 + CKM_RC2_MAC_GENERAL = 0x00000104 + CKM_RC2_CBC_PAD = 0x00000105 + CKM_RC4_KEY_GEN = 0x00000110 + CKM_RC4 = 0x00000111 + CKM_DES_KEY_GEN = 0x00000120 + CKM_DES_ECB = 0x00000121 + CKM_DES_CBC = 0x00000122 + CKM_DES_MAC = 0x00000123 + CKM_DES_MAC_GENERAL = 0x00000124 + CKM_DES_CBC_PAD = 0x00000125 + CKM_DES2_KEY_GEN = 0x00000130 + CKM_DES3_KEY_GEN = 0x00000131 + CKM_DES3_ECB = 0x00000132 + CKM_DES3_CBC = 0x00000133 + CKM_DES3_MAC = 0x00000134 + CKM_DES3_MAC_GENERAL = 0x00000135 + CKM_DES3_CBC_PAD = 0x00000136 + CKM_DES3_CMAC_GENERAL = 0x00000137 + CKM_DES3_CMAC = 0x00000138 + CKM_CDMF_KEY_GEN = 0x00000140 + CKM_CDMF_ECB = 0x00000141 + CKM_CDMF_CBC = 0x00000142 + CKM_CDMF_MAC = 0x00000143 + CKM_CDMF_MAC_GENERAL = 0x00000144 + CKM_CDMF_CBC_PAD = 0x00000145 + CKM_DES_OFB64 = 0x00000150 + CKM_DES_OFB8 = 0x00000151 + CKM_DES_CFB64 = 0x00000152 + CKM_DES_CFB8 = 0x00000153 + CKM_MD2 = 0x00000200 + CKM_MD2_HMAC = 0x00000201 + CKM_MD2_HMAC_GENERAL = 0x00000202 + CKM_MD5 = 0x00000210 + CKM_MD5_HMAC = 0x00000211 + CKM_MD5_HMAC_GENERAL = 0x00000212 + CKM_SHA_1 = 0x00000220 + CKM_SHA_1_HMAC = 0x00000221 + CKM_SHA_1_HMAC_GENERAL = 0x00000222 + CKM_RIPEMD128 = 0x00000230 + CKM_RIPEMD128_HMAC = 0x00000231 + CKM_RIPEMD128_HMAC_GENERAL = 0x00000232 + CKM_RIPEMD160 = 0x00000240 + CKM_RIPEMD160_HMAC = 0x00000241 + CKM_RIPEMD160_HMAC_GENERAL = 0x00000242 + CKM_SHA256 = 0x00000250 + CKM_SHA256_HMAC = 0x00000251 + CKM_SHA256_HMAC_GENERAL = 0x00000252 + CKM_SHA224 = 0x00000255 + CKM_SHA224_HMAC = 0x00000256 + CKM_SHA224_HMAC_GENERAL = 0x00000257 + CKM_SHA384 = 0x00000260 + CKM_SHA384_HMAC = 0x00000261 + CKM_SHA384_HMAC_GENERAL = 0x00000262 + CKM_SHA512 = 0x00000270 + CKM_SHA512_HMAC = 0x00000271 + CKM_SHA512_HMAC_GENERAL = 0x00000272 + CKM_SECURID_KEY_GEN = 0x00000280 + CKM_SECURID = 0x00000282 + CKM_HOTP_KEY_GEN = 0x00000290 + CKM_HOTP = 0x00000291 + CKM_ACTI = 0x000002A0 + CKM_ACTI_KEY_GEN = 0x000002A1 + CKM_SHA3_256 = 0x000002B0 + CKM_SHA3_256_HMAC = 0x000002B1 + CKM_SHA3_256_HMAC_GENERAL = 0x000002B2 + CKM_SHA3_256_KEY_GEN = 0x000002B3 + CKM_SHA3_224 = 0x000002B5 + CKM_SHA3_224_HMAC = 0x000002B6 + CKM_SHA3_224_HMAC_GENERAL = 0x000002B7 + CKM_SHA3_224_KEY_GEN = 0x000002B8 + CKM_SHA3_384 = 0x000002C0 + CKM_SHA3_384_HMAC = 0x000002C1 + CKM_SHA3_384_HMAC_GENERAL = 0x000002C2 + CKM_SHA3_384_KEY_GEN = 0x000002C3 + CKM_SHA3_512 = 0x000002D0 + CKM_SHA3_512_HMAC = 0x000002D1 + CKM_SHA3_512_HMAC_GENERAL = 0x000002D2 + CKM_SHA3_512_KEY_GEN = 0x000002D3 + CKM_CAST_KEY_GEN = 0x00000300 + CKM_CAST_ECB = 0x00000301 + CKM_CAST_CBC = 0x00000302 + CKM_CAST_MAC = 0x00000303 + CKM_CAST_MAC_GENERAL = 0x00000304 + CKM_CAST_CBC_PAD = 0x00000305 + CKM_CAST3_KEY_GEN = 0x00000310 + CKM_CAST3_ECB = 0x00000311 + CKM_CAST3_CBC = 0x00000312 + CKM_CAST3_MAC = 0x00000313 + CKM_CAST3_MAC_GENERAL = 0x00000314 + CKM_CAST3_CBC_PAD = 0x00000315 + + // Note that CAST128 and CAST5 are the same algorithm + CKM_CAST5_KEY_GEN = 0x00000320 + CKM_CAST128_KEY_GEN = 0x00000320 + CKM_CAST5_ECB = 0x00000321 + CKM_CAST128_ECB = 0x00000321 + CKM_CAST5_CBC = 0x00000322 // Deprecated + CKM_CAST128_CBC = 0x00000322 + CKM_CAST5_MAC = 0x00000323 // Deprecated + CKM_CAST128_MAC = 0x00000323 + CKM_CAST5_MAC_GENERAL = 0x00000324 // Deprecated + CKM_CAST128_MAC_GENERAL = 0x00000324 + CKM_CAST5_CBC_PAD = 0x00000325 // Deprecated + CKM_CAST128_CBC_PAD = 0x00000325 + CKM_RC5_KEY_GEN = 0x00000330 + CKM_RC5_ECB = 0x00000331 + CKM_RC5_CBC = 0x00000332 + CKM_RC5_MAC = 0x00000333 + CKM_RC5_MAC_GENERAL = 0x00000334 + CKM_RC5_CBC_PAD = 0x00000335 + CKM_IDEA_KEY_GEN = 0x00000340 + CKM_IDEA_ECB = 0x00000341 + CKM_IDEA_CBC = 0x00000342 + CKM_IDEA_MAC = 0x00000343 + CKM_IDEA_MAC_GENERAL = 0x00000344 + CKM_IDEA_CBC_PAD = 0x00000345 + CKM_GENERIC_SECRET_KEY_GEN = 0x00000350 + CKM_CONCATENATE_BASE_AND_KEY = 0x00000360 + CKM_CONCATENATE_BASE_AND_DATA = 0x00000362 + CKM_CONCATENATE_DATA_AND_BASE = 0x00000363 + CKM_XOR_BASE_AND_DATA = 0x00000364 + CKM_EXTRACT_KEY_FROM_KEY = 0x00000365 + CKM_SSL3_PRE_MASTER_KEY_GEN = 0x00000370 + CKM_SSL3_MASTER_KEY_DERIVE = 0x00000371 + CKM_SSL3_KEY_AND_MAC_DERIVE = 0x00000372 + CKM_SSL3_MASTER_KEY_DERIVE_DH = 0x00000373 + CKM_TLS_PRE_MASTER_KEY_GEN = 0x00000374 + CKM_TLS_MASTER_KEY_DERIVE = 0x00000375 + CKM_TLS_KEY_AND_MAC_DERIVE = 0x00000376 + CKM_TLS_MASTER_KEY_DERIVE_DH = 0x00000377 + CKM_TLS_PRF = 0x00000378 + CKM_SSL3_MD5_MAC = 0x00000380 + CKM_SSL3_SHA1_MAC = 0x00000381 + CKM_MD5_KEY_DERIVATION = 0x00000390 + CKM_MD2_KEY_DERIVATION = 0x00000391 + CKM_SHA1_KEY_DERIVATION = 0x00000392 + CKM_SHA256_KEY_DERIVATION = 0x00000393 + CKM_SHA384_KEY_DERIVATION = 0x00000394 + CKM_SHA512_KEY_DERIVATION = 0x00000395 + CKM_SHA224_KEY_DERIVATION = 0x00000396 + CKM_SHA3_256_KEY_DERIVE = 0x00000397 + CKM_SHA3_224_KEY_DERIVE = 0x00000398 + CKM_SHA3_384_KEY_DERIVE = 0x00000399 + CKM_SHA3_512_KEY_DERIVE = 0x0000039A + CKM_SHAKE_128_KEY_DERIVE = 0x0000039B + CKM_SHAKE_256_KEY_DERIVE = 0x0000039C + CKM_PBE_MD2_DES_CBC = 0x000003A0 + CKM_PBE_MD5_DES_CBC = 0x000003A1 + CKM_PBE_MD5_CAST_CBC = 0x000003A2 + CKM_PBE_MD5_CAST3_CBC = 0x000003A3 + CKM_PBE_MD5_CAST5_CBC = 0x000003A4 // Deprecated + CKM_PBE_MD5_CAST128_CBC = 0x000003A4 + CKM_PBE_SHA1_CAST5_CBC = 0x000003A5 // Deprecated + CKM_PBE_SHA1_CAST128_CBC = 0x000003A5 + CKM_PBE_SHA1_RC4_128 = 0x000003A6 + CKM_PBE_SHA1_RC4_40 = 0x000003A7 + CKM_PBE_SHA1_DES3_EDE_CBC = 0x000003A8 + CKM_PBE_SHA1_DES2_EDE_CBC = 0x000003A9 + CKM_PBE_SHA1_RC2_128_CBC = 0x000003AA + CKM_PBE_SHA1_RC2_40_CBC = 0x000003AB + CKM_PKCS5_PBKD2 = 0x000003B0 + CKM_PBA_SHA1_WITH_SHA1_HMAC = 0x000003C0 + CKM_WTLS_PRE_MASTER_KEY_GEN = 0x000003D0 + CKM_WTLS_MASTER_KEY_DERIVE = 0x000003D1 + CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC = 0x000003D2 + CKM_WTLS_PRF = 0x000003D3 + CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE = 0x000003D4 + CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE = 0x000003D5 + CKM_TLS10_MAC_SERVER = 0x000003D6 + CKM_TLS10_MAC_CLIENT = 0x000003D7 + CKM_TLS12_MAC = 0x000003D8 + CKM_TLS12_KDF = 0x000003D9 + CKM_TLS12_MASTER_KEY_DERIVE = 0x000003E0 + CKM_TLS12_KEY_AND_MAC_DERIVE = 0x000003E1 + CKM_TLS12_MASTER_KEY_DERIVE_DH = 0x000003E2 + CKM_TLS12_KEY_SAFE_DERIVE = 0x000003E3 + CKM_TLS_MAC = 0x000003E4 + CKM_TLS_KDF = 0x000003E5 + CKM_KEY_WRAP_LYNKS = 0x00000400 + CKM_KEY_WRAP_SET_OAEP = 0x00000401 + CKM_CMS_SIG = 0x00000500 + CKM_KIP_DERIVE = 0x00000510 + CKM_KIP_WRAP = 0x00000511 + CKM_KIP_MAC = 0x00000512 + CKM_CAMELLIA_KEY_GEN = 0x00000550 + CKM_CAMELLIA_ECB = 0x00000551 + CKM_CAMELLIA_CBC = 0x00000552 + CKM_CAMELLIA_MAC = 0x00000553 + CKM_CAMELLIA_MAC_GENERAL = 0x00000554 + CKM_CAMELLIA_CBC_PAD = 0x00000555 + CKM_CAMELLIA_ECB_ENCRYPT_DATA = 0x00000556 + CKM_CAMELLIA_CBC_ENCRYPT_DATA = 0x00000557 + CKM_CAMELLIA_CTR = 0x00000558 + CKM_ARIA_KEY_GEN = 0x00000560 + CKM_ARIA_ECB = 0x00000561 + CKM_ARIA_CBC = 0x00000562 + CKM_ARIA_MAC = 0x00000563 + CKM_ARIA_MAC_GENERAL = 0x00000564 + CKM_ARIA_CBC_PAD = 0x00000565 + CKM_ARIA_ECB_ENCRYPT_DATA = 0x00000566 + CKM_ARIA_CBC_ENCRYPT_DATA = 0x00000567 + CKM_SEED_KEY_GEN = 0x00000650 + CKM_SEED_ECB = 0x00000651 + CKM_SEED_CBC = 0x00000652 + CKM_SEED_MAC = 0x00000653 + CKM_SEED_MAC_GENERAL = 0x00000654 + CKM_SEED_CBC_PAD = 0x00000655 + CKM_SEED_ECB_ENCRYPT_DATA = 0x00000656 + CKM_SEED_CBC_ENCRYPT_DATA = 0x00000657 + CKM_SKIPJACK_KEY_GEN = 0x00001000 + CKM_SKIPJACK_ECB64 = 0x00001001 + CKM_SKIPJACK_CBC64 = 0x00001002 + CKM_SKIPJACK_OFB64 = 0x00001003 + CKM_SKIPJACK_CFB64 = 0x00001004 + CKM_SKIPJACK_CFB32 = 0x00001005 + CKM_SKIPJACK_CFB16 = 0x00001006 + CKM_SKIPJACK_CFB8 = 0x00001007 + CKM_SKIPJACK_WRAP = 0x00001008 + CKM_SKIPJACK_PRIVATE_WRAP = 0x00001009 + CKM_SKIPJACK_RELAYX = 0x0000100a + CKM_KEA_KEY_PAIR_GEN = 0x00001010 + CKM_KEA_KEY_DERIVE = 0x00001011 + CKM_KEA_DERIVE = 0x00001012 + CKM_FORTEZZA_TIMESTAMP = 0x00001020 + CKM_BATON_KEY_GEN = 0x00001030 + CKM_BATON_ECB128 = 0x00001031 + CKM_BATON_ECB96 = 0x00001032 + CKM_BATON_CBC128 = 0x00001033 + CKM_BATON_COUNTER = 0x00001034 + CKM_BATON_SHUFFLE = 0x00001035 + CKM_BATON_WRAP = 0x00001036 + CKM_ECDSA_KEY_PAIR_GEN = 0x00001040 // Deprecated + CKM_EC_KEY_PAIR_GEN = 0x00001040 + CKM_ECDSA = 0x00001041 + CKM_ECDSA_SHA1 = 0x00001042 + CKM_ECDSA_SHA224 = 0x00001043 + CKM_ECDSA_SHA256 = 0x00001044 + CKM_ECDSA_SHA384 = 0x00001045 + CKM_ECDSA_SHA512 = 0x00001046 + CKM_ECDH1_DERIVE = 0x00001050 + CKM_ECDH1_COFACTOR_DERIVE = 0x00001051 + CKM_ECMQV_DERIVE = 0x00001052 + CKM_ECDH_AES_KEY_WRAP = 0x00001053 + CKM_RSA_AES_KEY_WRAP = 0x00001054 + CKM_JUNIPER_KEY_GEN = 0x00001060 + CKM_JUNIPER_ECB128 = 0x00001061 + CKM_JUNIPER_CBC128 = 0x00001062 + CKM_JUNIPER_COUNTER = 0x00001063 + CKM_JUNIPER_SHUFFLE = 0x00001064 + CKM_JUNIPER_WRAP = 0x00001065 + CKM_FASTHASH = 0x00001070 + CKM_AES_KEY_GEN = 0x00001080 + CKM_AES_ECB = 0x00001081 + CKM_AES_CBC = 0x00001082 + CKM_AES_MAC = 0x00001083 + CKM_AES_MAC_GENERAL = 0x00001084 + CKM_AES_CBC_PAD = 0x00001085 + CKM_AES_CTR = 0x00001086 + CKM_AES_GCM = 0x00001087 + CKM_AES_CCM = 0x00001088 + CKM_AES_CTS = 0x00001089 + CKM_AES_CMAC = 0x0000108A + CKM_AES_CMAC_GENERAL = 0x0000108B + CKM_AES_XCBC_MAC = 0x0000108C + CKM_AES_XCBC_MAC_96 = 0x0000108D + CKM_AES_GMAC = 0x0000108E + CKM_BLOWFISH_KEY_GEN = 0x00001090 + CKM_BLOWFISH_CBC = 0x00001091 + CKM_TWOFISH_KEY_GEN = 0x00001092 + CKM_TWOFISH_CBC = 0x00001093 + CKM_BLOWFISH_CBC_PAD = 0x00001094 + CKM_TWOFISH_CBC_PAD = 0x00001095 + CKM_DES_ECB_ENCRYPT_DATA = 0x00001100 + CKM_DES_CBC_ENCRYPT_DATA = 0x00001101 + CKM_DES3_ECB_ENCRYPT_DATA = 0x00001102 + CKM_DES3_CBC_ENCRYPT_DATA = 0x00001103 + CKM_AES_ECB_ENCRYPT_DATA = 0x00001104 + CKM_AES_CBC_ENCRYPT_DATA = 0x00001105 + CKM_GOSTR3410_KEY_PAIR_GEN = 0x00001200 + CKM_GOSTR3410 = 0x00001201 + CKM_GOSTR3410_WITH_GOSTR3411 = 0x00001202 + CKM_GOSTR3410_KEY_WRAP = 0x00001203 + CKM_GOSTR3410_DERIVE = 0x00001204 + CKM_GOSTR3411 = 0x00001210 + CKM_GOSTR3411_HMAC = 0x00001211 + CKM_GOST28147_KEY_GEN = 0x00001220 + CKM_GOST28147_ECB = 0x00001221 + CKM_GOST28147 = 0x00001222 + CKM_GOST28147_MAC = 0x00001223 + CKM_GOST28147_KEY_WRAP = 0x00001224 + CKM_DSA_PARAMETER_GEN = 0x00002000 + CKM_DH_PKCS_PARAMETER_GEN = 0x00002001 + CKM_X9_42_DH_PARAMETER_GEN = 0x00002002 + CKM_DSA_PROBABLISTIC_PARAMETER_GEN = 0x00002003 + CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN = 0x00002004 + CKM_AES_OFB = 0x00002104 + CKM_AES_CFB64 = 0x00002105 + CKM_AES_CFB8 = 0x00002106 + CKM_AES_CFB128 = 0x00002107 + CKM_AES_CFB1 = 0x00002108 + CKM_AES_KEY_WRAP = 0x00002109 // WAS: 0x00001090 + CKM_AES_KEY_WRAP_PAD = 0x0000210A // WAS: 0x00001091 + CKM_RSA_PKCS_TPM_1_1 = 0x00004001 + CKM_RSA_PKCS_OAEP_TPM_1_1 = 0x00004002 + CKM_VENDOR_DEFINED = 0x80000000 + + // The flags are defined as follows: + // + // Bit Flag Mask Meaning + CKF_HW = 0x00000001 // performed by HW + + // Specify whether or not a mechanism can be used for a particular task + CKF_ENCRYPT = 0x00000100 + CKF_DECRYPT = 0x00000200 + CKF_DIGEST = 0x00000400 + CKF_SIGN = 0x00000800 + CKF_SIGN_RECOVER = 0x00001000 + CKF_VERIFY = 0x00002000 + CKF_VERIFY_RECOVER = 0x00004000 + CKF_GENERATE = 0x00008000 + CKF_GENERATE_KEY_PAIR = 0x00010000 + CKF_WRAP = 0x00020000 + CKF_UNWRAP = 0x00040000 + CKF_DERIVE = 0x00080000 + + // Describe a token's EC capabilities not available in mechanism + // information. + CKF_EC_F_P = 0x00100000 + CKF_EC_F_2M = 0x00200000 + CKF_EC_ECPARAMETERS = 0x00400000 + CKF_EC_NAMEDCURVE = 0x00800000 + CKF_EC_UNCOMPRESS = 0x01000000 + CKF_EC_COMPRESS = 0x02000000 + CKF_EXTENSION = 0x80000000 + CKR_OK = 0x00000000 CKR_CANCEL = 0x00000001 CKR_HOST_MEMORY = 0x00000002 @@ -718,49 +836,69 @@ const ( CKR_PUBLIC_KEY_INVALID = 0x000001B9 CKR_FUNCTION_REJECTED = 0x00000200 CKR_VENDOR_DEFINED = 0x80000000 - CKF_LIBRARY_CANT_CREATE_OS_THREADS = 0x00000001 - CKF_OS_LOCKING_OK = 0x00000002 - CKF_DONT_BLOCK = 1 - CKG_MGF1_SHA1 = 0x00000001 - CKG_MGF1_SHA256 = 0x00000002 - CKG_MGF1_SHA384 = 0x00000003 - CKG_MGF1_SHA512 = 0x00000004 - CKG_MGF1_SHA224 = 0x00000005 - CKZ_DATA_SPECIFIED = 0x00000001 - CKD_NULL = 0x00000001 - CKD_SHA1_KDF = 0x00000002 - CKD_SHA1_KDF_ASN1 = 0x00000003 - CKD_SHA1_KDF_CONCATENATE = 0x00000004 - CKD_SHA224_KDF = 0x00000005 - CKD_SHA256_KDF = 0x00000006 - CKD_SHA384_KDF = 0x00000007 - CKD_SHA512_KDF = 0x00000008 - CKD_CPDIVERSIFY_KDF = 0x00000009 - CKD_SHA3_224_KDF = 0x0000000A - CKD_SHA3_256_KDF = 0x0000000B - CKD_SHA3_384_KDF = 0x0000000C - CKD_SHA3_512_KDF = 0x0000000D - CKP_PKCS5_PBKD2_HMAC_SHA1 = 0x00000001 - CKP_PKCS5_PBKD2_HMAC_GOSTR3411 = 0x00000002 - CKP_PKCS5_PBKD2_HMAC_SHA224 = 0x00000003 - CKP_PKCS5_PBKD2_HMAC_SHA256 = 0x00000004 - CKP_PKCS5_PBKD2_HMAC_SHA384 = 0x00000005 - CKP_PKCS5_PBKD2_HMAC_SHA512 = 0x00000006 - CKP_PKCS5_PBKD2_HMAC_SHA512_224 = 0x00000007 - CKP_PKCS5_PBKD2_HMAC_SHA512_256 = 0x00000008 - CKZ_SALT_SPECIFIED = 0x00000001 - CK_OTP_VALUE = 0 - CK_OTP_PIN = 1 - CK_OTP_CHALLENGE = 2 - CK_OTP_TIME = 3 - CK_OTP_COUNTER = 4 - CK_OTP_FLAGS = 5 - CK_OTP_OUTPUT_LENGTH = 6 - CK_OTP_OUTPUT_FORMAT = 7 - CKF_NEXT_OTP = 0x00000001 - CKF_EXCLUDE_TIME = 0x00000002 - CKF_EXCLUDE_COUNTER = 0x00000004 - CKF_EXCLUDE_CHALLENGE = 0x00000008 - CKF_EXCLUDE_PIN = 0x00000010 - CKF_USER_FRIENDLY_OTP = 0x00000020 + + // flags: bit flags that provide capabilities of the slot + // + // Bit Flag Mask Meaning + CKF_LIBRARY_CANT_CREATE_OS_THREADS = 0x00000001 + CKF_OS_LOCKING_OK = 0x00000002 + + // additional flags for parameters to functions + // CKF_DONT_BLOCK is for the function C_WaitForSlotEvent + CKF_DONT_BLOCK = 1 + + // The following MGFs are defined + CKG_MGF1_SHA1 = 0x00000001 + CKG_MGF1_SHA256 = 0x00000002 + CKG_MGF1_SHA384 = 0x00000003 + CKG_MGF1_SHA512 = 0x00000004 + CKG_MGF1_SHA224 = 0x00000005 + + // The following encoding parameter sources are defined + CKZ_DATA_SPECIFIED = 0x00000001 + + // The following EC Key Derivation Functions are defined + CKD_NULL = 0x00000001 + CKD_SHA1_KDF = 0x00000002 + + // The following X9.42 DH key derivation functions are defined + CKD_SHA1_KDF_ASN1 = 0x00000003 + CKD_SHA1_KDF_CONCATENATE = 0x00000004 + CKD_SHA224_KDF = 0x00000005 + CKD_SHA256_KDF = 0x00000006 + CKD_SHA384_KDF = 0x00000007 + CKD_SHA512_KDF = 0x00000008 + CKD_CPDIVERSIFY_KDF = 0x00000009 + CKD_SHA3_224_KDF = 0x0000000A + CKD_SHA3_256_KDF = 0x0000000B + CKD_SHA3_384_KDF = 0x0000000C + CKD_SHA3_512_KDF = 0x0000000D + + CKP_PKCS5_PBKD2_HMAC_SHA1 = 0x00000001 + CKP_PKCS5_PBKD2_HMAC_GOSTR3411 = 0x00000002 + CKP_PKCS5_PBKD2_HMAC_SHA224 = 0x00000003 + CKP_PKCS5_PBKD2_HMAC_SHA256 = 0x00000004 + CKP_PKCS5_PBKD2_HMAC_SHA384 = 0x00000005 + CKP_PKCS5_PBKD2_HMAC_SHA512 = 0x00000006 + CKP_PKCS5_PBKD2_HMAC_SHA512_224 = 0x00000007 + CKP_PKCS5_PBKD2_HMAC_SHA512_256 = 0x00000008 + + // The following salt value sources are defined in PKCS #5 v2.0. + CKZ_SALT_SPECIFIED = 0x00000001 + + CK_OTP_VALUE = 0 + CK_OTP_PIN = 1 + CK_OTP_CHALLENGE = 2 + CK_OTP_TIME = 3 + CK_OTP_COUNTER = 4 + CK_OTP_FLAGS = 5 + CK_OTP_OUTPUT_LENGTH = 6 + CK_OTP_OUTPUT_FORMAT = 7 + + CKF_NEXT_OTP = 0x00000001 + CKF_EXCLUDE_TIME = 0x00000002 + CKF_EXCLUDE_COUNTER = 0x00000004 + CKF_EXCLUDE_CHALLENGE = 0x00000008 + CKF_EXCLUDE_PIN = 0x00000010 + CKF_USER_FRIENDLY_OTP = 0x00000020 ) diff --git a/vendor/modules.txt b/vendor/modules.txt index df78a514e29..4a9c1f6a4e6 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -217,8 +217,8 @@ github.com/letsencrypt/borp # github.com/letsencrypt/challtestsrv v1.4.2 ## explicit; go 1.24 github.com/letsencrypt/challtestsrv -# github.com/letsencrypt/pkcs11key/v4 v4.0.0 -## explicit; go 1.12 +# github.com/letsencrypt/pkcs11key/v4 v4.0.1 +## explicit; go 1.17 github.com/letsencrypt/pkcs11key/v4 # github.com/letsencrypt/validator/v10 v10.0.0-20230215210743-a0c7dfc17158 ## explicit; go 1.18 @@ -226,7 +226,7 @@ github.com/letsencrypt/validator/v10 # github.com/miekg/dns v1.1.62 ## explicit; go 1.19 github.com/miekg/dns -# github.com/miekg/pkcs11 v1.1.1 +# github.com/miekg/pkcs11 v1.1.2 ## explicit; go 1.12 github.com/miekg/pkcs11 # github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822