#include <pkcs11/v2.40/cryptoki.h>
Functions | |
| CK_RV | C_Encrypt (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pEncryptedData, CK_ULONG_PTR pulEncryptedDataLen) |
| Encrypts single-part data. | |
| CK_RV | C_EncryptFinal (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pLastEncryptedPart, CK_ULONG_PTR pulLastEncryptedPartLen) |
| Finishes a multiple-part encryption operation. | |
| CK_RV | C_EncryptInit (CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) |
| Initializes an encryption operation. | |
| CK_RV | C_EncryptUpdate (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart, CK_ULONG_PTR pulEncryptedPartLen) |
| Continues a multiple-part encryption operation, processing another data part. | |
Function Documentation
◆ C_Encrypt()
| CK_RV C_Encrypt | ( | CK_SESSION_HANDLE | hSession, |
| CK_BYTE_PTR | pData, | ||
| CK_ULONG | ulDataLen, | ||
| CK_BYTE_PTR | pEncryptedData, | ||
| CK_ULONG_PTR | pulEncryptedDataLen ) |
Encrypts single-part data.
- Parameters
-
[in] hSession is the session's handle. [in] pData points to the data. [in] ulDataLen is the length in bytes of the data. [out] pEncryptedData points to the location that receives the encrypted data. [in,out] pulEncryptedDataLen points to the location that holds the length in bytes of the encrypted data.
C_Encrypt uses the convention described in Section 5.2 on producing output.
The encryption operation MUST have been initialized with C_EncryptInit. A call to C_Encrypt always terminates the active encryption operation unless it returns CKR_BUFFER_TOO_SMALL or is a successful call (i.e., one which returns CKR_OK) to determine the length of the buffer needed to hold the ciphertext.
C_Encrypt cannot be used to terminate a multi-part operation, and MUST be called after C_EncryptInit without intervening C_EncryptUpdate calls.
For some encryption mechanisms, the input plaintext data has certain length constraints (either because the mechanism can only encrypt relatively short pieces of plaintext, or because the mechanism’s input data MUST consist of an integral number of blocks). If these constraints are not satisfied, then C_Encrypt will fail with return code CKR_DATA_LEN_RANGE.
The plaintext and ciphertext can be in the same place, i.e., it is OK if pData and pEncryptedData point to the same location.
For most mechanisms, C_Encrypt is equivalent to a sequence of C_EncryptUpdate operations followed by C_EncryptFinal.
- Returns
- CKR_OK on success.
- One of the following error codes on failure:
CKR_ARGUMENTS_BAD, CKR_BUFFER_TOO_SMALL, CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DATA_INVALID, CKR_DATA_LEN_RANGE, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED, CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OPERATION_NOT_INITIALIZED, CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID.
◆ C_EncryptFinal()
| CK_RV C_EncryptFinal | ( | CK_SESSION_HANDLE | hSession, |
| CK_BYTE_PTR | pLastEncryptedPart, | ||
| CK_ULONG_PTR | pulLastEncryptedPartLen ) |
Finishes a multiple-part encryption operation.
- Parameters
-
[in] hSession is the session's handle. [out] pLastEncryptedPart points to the location that receives the last encrypted data part, if any. [in,out] pulLastEncryptedPartLen points to the location that holds the length of the last encrypted data part.
C_EncryptFinal uses the convention described in Section 5.2 on producing output. The encryption operation MUST have been initialized with C_EncryptInit. A call to C_EncryptFinal always terminates the active encryption operation unless it returns CKR_BUFFER_TOO_SMALL or is a successful call (i.e., one which returns CKR_OK) to determine the length of the buffer needed to hold the ciphertext.
For some multi-part encryption mechanisms, the input plaintext data has certain length constraints, because the mechanism’s input data MUST consist of an integral number of blocks. If these constraints are not satisfied, then C_EncryptFinal will fail with return code CKR_DATA_LEN_RANGE.
- Returns
- CKR_OK on success.
- One of the following error codes on failure:
CKR_ARGUMENTS_BAD, CKR_BUFFER_TOO_SMALL, CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DATA_LEN_RANGE, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED, CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OPERATION_NOT_INITIALIZED, CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID.
◆ C_EncryptInit()
| CK_RV C_EncryptInit | ( | CK_SESSION_HANDLE | hSession, |
| CK_MECHANISM_PTR | pMechanism, | ||
| CK_OBJECT_HANDLE | hKey ) |
Initializes an encryption operation.
- Parameters
-
[in] hSession is the session's handle. [in] pMechanism points to the encryption mechanism. [in] hKey is the handle of the encryption key.
The CKA_ENCRYPT attribute of the encryption key, which indicates whether the key supports encryption, MUST be CK_TRUE.
After calling C_EncryptInit, the application can either call C_Encrypt to encrypt data in a single part; or call C_EncryptUpdate zero or more times, followed by C_EncryptFinal, to encrypt data in multiple parts. The encryption operation is active until the application uses a call to C_Encrypt or C_EncryptFinal to actually obtain the final piece of ciphertext. To process additional data (in single or multiple parts), the application MUST call C_EncryptInit again.
- Returns
- CKR_OK on success.
- One of the following error codes on failure:
CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED, CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_KEY_FUNCTION_NOT_PERMITTED, CKR_KEY_HANDLE_INVALID, CKR_KEY_SIZE_RANGE, CKR_KEY_TYPE_INCONSISTENT, CKR_MECHANISM_INVALID, CKR_MECHANISM_PARAM_INVALID, CKR_OPERATION_ACTIVE, CKR_PIN_EXPIRED, CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID, CKR_USER_NOT_LOGGED_IN.
◆ C_EncryptUpdate()
| CK_RV C_EncryptUpdate | ( | CK_SESSION_HANDLE | hSession, |
| CK_BYTE_PTR | pPart, | ||
| CK_ULONG | ulPartLen, | ||
| CK_BYTE_PTR | pEncryptedPart, | ||
| CK_ULONG_PTR | pulEncryptedPartLen ) |
Continues a multiple-part encryption operation, processing another data part.
- Parameters
-
[in] hSession is the session's handle. [in] pPart points to the data part. [in] ulPartLen is the length of the data part. [out] pEncryptedPart points to the location that receives the encrypted data part. [in,out] pulEncryptedPartLen points to the location that holds the length in bytes of the encrypted data part.
C_EncryptUpdate uses the convention described in Section 5.2 on producing output.
The encryption operation MUST have been initialized with C_EncryptInit. This function may be called any number of times in succession. A call to C_EncryptUpdate which results in an error other than CKR_BUFFER_TOO_SMALL terminates the current encryption operation.
The plaintext and ciphertext can be in the same place, i.e., it is OK if pPart and pEncryptedPart point to the same location.
- Returns
- CKR_OK on success.
- One of the following error codes on failure:
CKR_ARGUMENTS_BAD, CKR_BUFFER_TOO_SMALL, CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DATA_LEN_RANGE, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED, CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OPERATION_NOT_INITIALIZED, CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID.