Cryptographic Token Interface Standard

PKCS#11

---

CK_MECHANISM_INFO Reference

CK_MECHANISM_INFO

CK_MECHANISM_INFO is a structure that provides information about a particular mechanism. More...

Data Fields
CK_ULONG	ulMinKeySize
	the minimum size of the key for the mechanism. More...
CK_ULONG	ulMaxKeySize
	the maximum size of the key for the mechanism. More...
CK_FLAGS	flags
	bit flags specifying mechanism capabilities. More...

---

Detailed Description

CK_MECHANISM_INFO

CK_MECHANISM_INFO is a structure that provides information about a particular mechanism.

ulMinKeySize	the minimum size of the key for the mechanism
ulMaxKeySize	the maximum size of the key for the mechanism
flags	bit flags specifying mechanism capabilities

For some mechanisms, the ulMinKeySize and ulMaxKeySize fields have meaningless values.

The following table defines the flags parameter:

Table 7-4, Mechanism Information Flags

Bit Flag	Mask	Meaning
CKF_HW	0x00000001	TRUE if the mechanism is performed by the device; FALSE if the mechanism is performed in software
CKF_ENCRYPT	0x00000100	TRUE if the mechanism can be used with C_EncryptInit
CKF_DECRYPT	0x00000200	TRUE if the mechanism can be used with C_DecryptInit
CKF_DIGEST	0x00000400	TRUE if the mechanism can be used with C_DigestInit
CKF_SIGN	0x00000800	TRUE if the mechanism can be used with C_SignInit
CKF_SIGN_RECOVER	0x00001000	TRUE if the mechanism can be used with C_SignRecoverInit
CKF_VERIFY	0x00002000	TRUE if the mechanism can be used with C_VerifyInit
CKF_VERIFY_RECOVER	0x00004000	TRUE if the mechanism can be used with C_VerifyRecoverInit
CKF_GENERATE	0x00008000	TRUE if the mechanism can be used with C_GenerateKey
CKF_GENERATE_KEY_PAIR	0x00010000	TRUE if the mechanism can be used with C_GenerateKeyPair
CKF_WRAP	0x00020000	TRUE if the mechanism can be used with C_WrapKey
CKF_UNWRAP	0x00040000	TRUE if the mechanism can be used with C_UnwrapKey
CKF_DERIVE	0x00080000	TRUE if the mechanism can be used with C_DeriveKey
CKF_EXTENSION	0x80000000	TRUE if an extension to the flags; FALSE if no extensions. Must be FALSE for this version.

CK_MECHANISM_INFO_PTR

CK_MECHANISM_INFO_PTR points to a CK_MECHANISM_INFO structure. It is implementation-dependent.

Function types

Cryptoki represents information about functions with the following data types:

CK_ENTRY

CK_ENTRY is not really a type. Rather, it is a string used provided to a C compiler in a given environment to produce an entry into Cryptoki (i.e., a Cryptoki function). It is implementation-dependent. For a Win32 Cryptoki .dll, it might be "__declspec( dllexport)". For a Win16 Cryptoki .dll, it might be "_export _far _pascal". For a Unix library, it might be "".

CK_RV

CK_RV is a value that identifies the return value of a Cryptoki function. It is defined as follows:

typedef CK_ULONG CK_RV;

For this version of Cryptoki, the following return values are defined:

#define CKR_OK 0x00000000
#define CKR_CANCEL 0x00000001
#define CKR_HOST_MEMORY 0x00000002
#define CKR_SLOT_ID_INVALID 0x00000003
#define CKR_GENERAL_ERROR 0x00000005
#define CKR_FUNCTION_FAILED 0x00000006
#define CKR_ATTRIBUTE_READ_ONLY 0x00000010
#define CKR_ATTRIBUTE_SENSITIVE 0x00000011
#define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012
#define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013
#define CKR_DATA_INVALID 0x00000020
#define CKR_DATA_LEN_RANGE 0x00000021
#define CKR_DEVICE_ERROR 0x00000030
#define CKR_DEVICE_MEMORY 0x00000031
#define CKR_DEVICE_REMOVED 0x00000032
#define CKR_ENCRYPTED_DATA_INVALID 0x00000040
#define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041
#define CKR_FUNCTION_CANCELED 0x00000050
#define CKR_FUNCTION_NOT_PARALLEL 0x00000051
#define CKR_FUNCTION_PARALLEL 0x00000052
#define CKR_FUNCTION_NOT_SUPPORTED 0x00000054
#define CKR_KEY_HANDLE_INVALID 0x00000060
#define CKR_KEY_SIZE_RANGE 0x00000062
#define CKR_KEY_TYPE_INCONSISTENT 0x00000063
#define CKR_KEY_NOT_NEEDED 0x00000064
#define CKR_KEY_CHANGED 0x00000065
#define CKR_KEY_NEEDED 0x00000066
#define CKR_KEY_INDIGESTIBLE 0x00000067
#define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068
#define CKR_KEY_NOT_WRAPPABLE 0x00000069
#define CKR_KEY_UNEXTRACTABLE 0x0000006A
#define CKR_MECHANISM_INVALID 0x00000070
#define CKR_MECHANISM_PARAM_INVALID 0x00000071
#define CKR_OBJECT_HANDLE_INVALID 0x00000082
#define CKR_OPERATION_ACTIVE 0x00000090
#define CKR_OPERATION_NOT_INITIALIZED 0x00000091
#define CKR_PIN_INCORRECT 0x000000A0
#define CKR_PIN_INVALID 0x000000A1
#define CKR_PIN_LEN_RANGE 0x000000A2
#define CKR_SESSION_CLOSED 0x000000B0
#define CKR_SESSION_COUNT 0x000000B1
#define CKR_SESSION_EXCLUSIVE_EXISTS 0x000000B2
#define CKR_SESSION_HANDLE_INVALID 0x000000B3
#define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4
#define CKR_SESSION_READ_ONLY 0x000000B5
#define CKR_SESSION_EXISTS 0x000000B6
#define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7
#define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8
#define CKR_SIGNATURE_INVALID 0x000000C0
#define CKR_SIGNATURE_LEN_RANGE 0x000000C1
#define CKR_TEMPLATE_INCOMPLETE 0x000000D0
#define CKR_TEMPLATE_INCONSISTENT 0x000000D1
#define CKR_TOKEN_NOT_PRESENT 0x000000E0
#define CKR_TOKEN_NOT_RECOGNIZED 0x000000E1
#define CKR_TOKEN_WRITE_PROTECTED 0x000000E2
#define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0
#define CKR_UNWRAPPING_KEY_SIZE_RANGE 0x000000F1
#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x000000F2
#define CKR_USER_ALREADY_LOGGED_IN 0x00000100
#define CKR_USER_NOT_LOGGED_IN 0x00000101
#define CKR_USER_PIN_NOT_INITIALIZED 0x00000102
#define CKR_USER_TYPE_INVALID 0x00000103
#define CKR_WRAPPED_KEY_INVALID 0x00000110
#define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112
#define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113
#define CKR_WRAPPING_KEY_SIZE_RANGE 0x00000114
#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115
#define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120
#define CKR_RANDOM_NO_RNG 0x00000121
#define CKR_INSERTION_CALLBACK_NOT_SUPPORTED 0x00000141
#define CKR_BUFFER_TOO_SMALL 0x00000150
#define CKR_SAVED_STATE_INVALID 0x00000160
#define CKR_INFORMATION_SENSITIVE 0x00000170
#define CKR_STATE_UNSAVEABLE 0x00000180
#define CKR_VENDOR_DEFINED 0x80000000

Section defines the meaning of each CK_RV value. Return values CKR_VENDOR_DEFINED and above are permanently reserved for token vendors. For interoperability, vendors should register their return values through the PKCS process.

CK_NOTIFY

CK_NOTIFY is the type of a pointer to a function used by Cryptoki to perform notification callbacks. It is implementation-dependent, but it is typically defined as follows, where CK_PTR is the C string used to create function pointers (e.g., "*"):

typedef CK_RV (CK_ENTRY * CK_NOTIFY)(
CK_SESSION_HANDLE hSession,
CK_NOTIFICATION event,
CK_VOID_PTR pApplication
);

The arguments to a notification callback function have the following meanings:

hSession The handle of the session performing the callback

event The type of notification callback

pApplication An application-defined value. This is the same value as was passed to C_OpenSession to open the session performing the callback

Cryptoki also defines an entire family of other function pointer types. For each function C_XXX in the Cryptoki API (there are 67 such functions in Cryptoki v2.0; see Section for detailed information about each of them), Cryptoki defines a type CK_C_XXX, which is a pointer to a function of C_XXX 's type.

CK_FUNCTION_LIST

CK_FUNCTION_LIST is a structure which contains a Cryptoki version and a function pointer to each function in the Cryptoki API. It is defined as follows:

---

Field Documentation

CK_ULONG ulMinKeySize

the minimum size of the key for the mechanism.

CK_ULONG ulMaxKeySize

the maximum size of the key for the mechanism.

CK_FLAGS flags

bit flags specifying mechanism capabilities.

---

RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v200