HID® Crescendo® PKCS11
|
#include <pkcs11/v2.40/cryptoki.h>
Functions | |
CK_RV | C_Encrypt (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pEncryptedData, CK_ULONG_PTR pulEncryptedDataLen) |
C_Encrypt encrypts single-part data. | |
CK_RV | C_EncryptFinal (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pLastEncryptedPart, CK_ULONG_PTR pulLastEncryptedPartLen) |
C_EncryptFinal finishes a multiple-part encryption operation. | |
CK_RV | C_EncryptInit (CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) |
C_EncryptInit initializes an encryption operation. | |
CK_RV | C_EncryptUpdate (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart, CK_ULONG_PTR pulEncryptedPartLen) |
C_EncryptUpdate continues a multiple-part encryption operation, processing another data part. | |
CK_RV C_Encrypt | ( | CK_SESSION_HANDLE | hSession, |
CK_BYTE_PTR | pData, | ||
CK_ULONG | ulDataLen, | ||
CK_BYTE_PTR | pEncryptedData, | ||
CK_ULONG_PTR | pulEncryptedDataLen ) |
C_Encrypt encrypts single-part data.
hSession
is the session's handle; pData
points to the data; ulDataLen
is the length in bytes of the data; pEncryptedData
points to the location that receives the encrypted data; pulEncryptedDataLen
points to the location that holds the length in bytes of the encrypted data.
C_Encrypt uses the convention described in Section 5.2 on producing output.
The encryption operation MUST have been initialized with C_EncryptInit. A call to C_Encrypt always terminates the active encryption operation unless it returns CKR_BUFFER_TOO_SMALL or is a successful call (i.e., one which returns CKR_OK) to determine the length of the buffer needed to hold the ciphertext.
C_Encrypt cannot be used to terminate a multi-part operation, and MUST be called after C_EncryptInit without intervening C_EncryptUpdate calls.
For some encryption mechanisms, the input plaintext data has certain length constraints (either because the mechanism can only encrypt relatively short pieces of plaintext, or because the mechanism’s input data MUST consist of an integral number of blocks). If these constraints are not satisfied, then C_Encrypt will fail with return code CKR_DATA_LEN_RANGE.
The plaintext and ciphertext can be in the same place, i.e., it is OK if pData
and pEncryptedData
point to the same location.
For most mechanisms, C_Encrypt is equivalent to a sequence of C_EncryptUpdate operations followed by C_EncryptFinal.
Return values: CKR_ARGUMENTS_BAD, CKR_BUFFER_TOO_SMALL, CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DATA_INVALID, CKR_DATA_LEN_RANGE, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED, CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK, CKR_OPERATION_NOT_INITIALIZED, CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID.
CK_RV C_EncryptFinal | ( | CK_SESSION_HANDLE | hSession, |
CK_BYTE_PTR | pLastEncryptedPart, | ||
CK_ULONG_PTR | pulLastEncryptedPartLen ) |
C_EncryptFinal finishes a multiple-part encryption operation.
hSession
is the session's handle; pLastEncryptedPart
points to the location that receives the last encrypted data part, if any; pulLastEncryptedPartLen
points to the location that holds the length of the last encrypted data part.
C_EncryptFinal uses the convention described in Section 5.2 on producing output.
The encryption operation MUST have been initialized with C_EncryptInit. A call to C_EncryptFinal always terminates the active encryption operation unless it returns CKR_BUFFER_TOO_SMALL or is a successful call (i.e., one which returns CKR_OK) to determine the length of the buffer needed to hold the ciphertext.
For some multi-part encryption mechanisms, the input plaintext data has certain length constraints, because the mechanism’s input data MUST consist of an integral number of blocks. If these constraints are not satisfied, then C_EncryptFinal will fail with return code CKR_DATA_LEN_RANGE.
Return values: CKR_ARGUMENTS_BAD, CKR_BUFFER_TOO_SMALL, CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DATA_LEN_RANGE, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED, CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK, CKR_OPERATION_NOT_INITIALIZED, CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID.
CK_RV C_EncryptInit | ( | CK_SESSION_HANDLE | hSession, |
CK_MECHANISM_PTR | pMechanism, | ||
CK_OBJECT_HANDLE | hKey ) |
C_EncryptInit initializes an encryption operation.
hSession
is the session's handle; pMechanism
points to the encryption mechanism; hKey
is the handle of the encryption key.
The CKA_ENCRYPT attribute of the encryption key, which indicates whether the key supports encryption, MUST be CK_TRUE.
After calling C_EncryptInit, the application can either call C_Encrypt to encrypt data in a single part; or call C_EncryptUpdate zero or more times, followed by C_EncryptFinal, to encrypt data in multiple parts. The encryption operation is active until the application uses a call to C_Encrypt or C_EncryptFinal to actually obtain the final piece of ciphertext. To process additional data (in single or multiple parts), the application MUST call C_EncryptInit again.
Return values: CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED, CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_KEY_FUNCTION_NOT_PERMITTED, CKR_KEY_HANDLE_INVALID, CKR_KEY_SIZE_RANGE, CKR_KEY_TYPE_INCONSISTENT, CKR_MECHANISM_INVALID, CKR_MECHANISM_PARAM_INVALID, CKR_OK, CKR_OPERATION_ACTIVE, CKR_PIN_EXPIRED, CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID, CKR_USER_NOT_LOGGED_IN.
CK_RV C_EncryptUpdate | ( | CK_SESSION_HANDLE | hSession, |
CK_BYTE_PTR | pPart, | ||
CK_ULONG | ulPartLen, | ||
CK_BYTE_PTR | pEncryptedPart, | ||
CK_ULONG_PTR | pulEncryptedPartLen ) |
C_EncryptUpdate continues a multiple-part encryption operation, processing another data part.
hSession
is the session's handle; pPart
points to the data part; ulPartLen
is the length of the data part; pEncryptedPart
points to the location that receives the encrypted data part; pulEncryptedPartLen
points to the location that holds the length in bytes of the encrypted data part.
C_EncryptUpdate uses the convention described in Section 5.2 on producing output.
The encryption operation MUST have been initialized with C_EncryptInit. This function may be called any number of times in succession. A call to C_EncryptUpdate which results in an error other than CKR_BUFFER_TOO_SMALL terminates the current encryption operation.
The plaintext and ciphertext can be in the same place, i.e., it is OK if pPart
and pEncryptedPart
point to the same location.
Return values: CKR_ARGUMENTS_BAD, CKR_BUFFER_TOO_SMALL, CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DATA_LEN_RANGE, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED, CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK, CKR_OPERATION_NOT_INITIALIZED, CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID.