Defines PKCS11 vendor-specific interface extensions for HPSE NVIDIA Tegra products.
Data Structures | |
| struct | CK_NVIDIA_CHANNEL_ATTRIBUTE |
| CK_NVIDIA_CHANNEL_ATTRIBUTE provides the parameters to use a channel for a set of operations. More... | |
| struct | CK_NVIDIA_BATCH_SIGN_ENTRY |
| CK_NVIDIA_BATCH_SIGN_ENTRY provides the parameters, the input, and the output for a single batch entry in a batch message-based signature process. More... | |
| struct | CK_NVIDIA_BATCH_VERIFY_ENTRY |
| CK_NVIDIA_BATCH_VERIFY_ENTRY provides the parameters, the input, and the output for a single batch entry in a batch message-based signature verification process. More... | |
| struct | NV_CK_FUNCTION_LIST |
| NVIDIA functions list. More... | |
| struct | CK_NVIDIA_AES_CBC_KEY_DATA_WRAP_PARAMS |
| CK_NVIDIA_AES_CBC_KEY_DATA_WRAP_PARAMS provides the parameters to the CKM_NVIDIA_AES_CBC_KEY_DATA_WRAP mechanism. More... | |
| struct | CK_NVIDIA_SP800_56C_TWO_STEPS_KDF_PARAMS |
| CK_NVIDIA_SP800_56C_TWO_STEPS_KDF_PARAMS provides the parameters to the CKM_NVIDIA_SP800_56C_TWO_STEPS_KDF mechanism. More... | |
| struct | CK_NVIDIA_MACSEC_AES_KEY_WRAP_PARAMS |
| CK_CKM_NVIDIA_MACSEC_AES_KEY_WRAP_PARAMS provides the parameters to the CKM_NVIDIA_MACSEC_AES_KEY_WRAP mechanism. More... | |
| struct | CK_NVIDIA_ZERO_COPY_ENTRY |
| CK_NVIDIA_ZERO_COPY_ENTRY provides single zero copy data address More... | |
| struct | CK_NVIDIA_ZERO_COPY_LIST |
| CK_NVIDIA_ZERO_COPY_LIST provides multiple zero copy data addresses More... | |
| struct | CK_NVIDIA_OX5B_SHA256_KEY_DERIVATION_PARAMS |
| CKM_NVIDIA_OX5B_SHA256_KEY_DERIVATION_PARAMS provides the parameters to the CKM_NVIDIA_OX5B_SHA256_KEY_DERIVATION mechanism. More... | |
| struct | CK_NVIDIA_SP800_56A_ONE_STEP_KDF_PARAMS |
| CK_NVIDIA_SP800_56A_ONE_STEP_KDF_PARAMS provides the parameters to the CKM_NVIDIA_SP800_56A_ONE_STEP_KDF mechanism. More... | |
Macros | |
| #define | CKF_NVIDIA_ZERO_COPY (0x00000001UL) |
| Declaration of CKF_NVIDIA vendor extension flags. More... | |
| #define | CKF_NVIDIA_GCM_DECRYPT_UNAVAILABLE (0x00000002UL) |
| Indicates this channel does not support GCM decrypt operations. More... | |
| #define | CKF_NVIDIA_HMAC_SIGN (0x0100000000UL) |
| Extended mechanism flags used by channel feature - these follow on from CKF_EC_CURVENAME (0x80000000UL) More... | |
| #define | CKF_NVIDIA_HMAC_VERIFY (0x0200000000UL) |
| Used in the pChannelSettings structure of C_NVIDIA_OpenSession to indicate that a channel is to be used for HMAC verification. More... | |
| #define | CKF_NVIDIA_HMAC_MESSAGE_SIGN (0x0400000000UL) |
| Used in the pChannelSettings structure of C_NVIDIA_OpenSession to indicate that a channel is to be used for HMAC message-based signing. More... | |
| #define | CKF_NVIDIA_HMAC_MESSAGE_VERIFY (0x0800000000UL) |
| Used in the pChannelSettings structure of C_NVIDIA_OpenSession to indicate that a channel is to be used for HMAC message-based verification. More... | |
| #define | CKF_NVIDIA_TOKEN_OK (0x02000000UL) |
| TokenInfo extended flags - these follow on from CKF_ERROR_STATE (0x01000000UL) More... | |
| #define | CKF_NVIDIA_SECURE_STORAGE_FAILED (0x04000000UL) |
| This token does not have functional secure storage. More... | |
| #define | CKF_NVIDIA_SECURE_STORAGE_TAMPERED (0x08000000UL) |
| Secure storage may have been tampered with, is not available. More... | |
| #define | CKF_NVIDIA_KEYLOAD_TIMEOUT (0x10000000UL) |
| It was not possible to transfer keys in a specified time, token keys will be unavailable. More... | |
| #define | CKF_NVIDIA_KEYLOAD_FAILED (0x20000000UL) |
| An error occurred when loading keys, token keys will be unavailable. More... | |
| #define | CKF_NVIDIA_TOKEN_ERROR (0x40000000UL) |
| An unspecified error occurred with the token. More... | |
| #define | CKF_NVIDIA_SECURE_STORAGE_NOT_PROVISIONED (0x80000000UL) |
| Secure storage is present, but not provisioned. More... | |
| #define | CKF_NVIDIA_SECURE_STORAGE_NOT_PRESENT (0x100000000UL) |
| Secure storage could not be found. More... | |
| #define | CKF_NVIDIA_KAT_TEST_NONE (0x00000001UL) |
| KAT related flags. More... | |
| #define | CKF_NVIDIA_KAT_TEST_START (0x00000002UL) |
| For NVIDIA internal use only. More... | |
| #define | CKF_NVIDIA_KAT_TEST_PASS (0x00000004UL) |
| For NVIDIA internal use only. More... | |
| #define | CKF_NVIDIA_KAT_TEST_FAIL (0x00000008UL) |
| For NVIDIA internal use only. More... | |
| #define | CKF_NVIDIA_KAT_TEST_BYPASS (0x00000010UL) |
| For NVIDIA internal use only. More... | |
| #define | CKF_NVIDIA_KAT_TEST_LIMIT_INIT (0x00000020UL) |
| For NVIDIA internal use only. More... | |
| #define | CKR_NVIDIA_CHANNEL_NOT_FOUND (CKR_VENDOR_DEFINED | 0x000000007UL) |
| Declaration of CKR_NVIDIA vendor extension return values. More... | |
| #define | CKR_NVIDIA_CHANNEL_CANNOT_OPEN (CKR_VENDOR_DEFINED | 0x000000008UL) |
| The requested channel could not be opened. More... | |
| #define | CKR_NVIDIA_SECURE_STORAGE_FAILED (CKR_VENDOR_DEFINED | 0x000000009UL) |
| This token does not have functional secure storage. More... | |
| #define | CKR_NVIDIA_SECURE_STORAGE_TAMPERED (CKR_VENDOR_DEFINED | 0x000000010UL) |
| Secure storage may have been tampered, is not available. More... | |
| #define | CKR_NVIDIA_OBJECTS_CHANGED (CKR_VENDOR_DEFINED | 0x000000011UL) |
| The number of stored objects are different from when the search was initialised. More... | |
| #define | CKR_NVIDIA_FUNCTION_NOT_ALLOWED_IN_SYSTEM_STATE (CKR_VENDOR_DEFINED | 0x000000012UL) |
| This function call is not permitted in the current NVDVMS state state. More... | |
| #define | CKR_NVIDIA_CRYPTOKI_UNAVAILABLE (CKR_VENDOR_DEFINED | 0x000000013UL) |
| Cryptoki is unavailable due to a prior CKR_NVIDIA_FUNCTION_NOT_ALLOWED_IN_SYSTEM_STATE error. More... | |
| #define | CKA_NVIDIA_CALLER_NONCE (CKA_VENDOR_DEFINED | 0x00000001UL) |
| Declaration of CKA_NVIDIA vendor extension attributes. More... | |
| #define | C_EncryptGetIV C_NVIDIA_EncryptGetIV |
| C_EncryptGetIV is a legacy interface for C_NVIDIA_EncryptGetIV to allow for backwards compatibility. More... | |
| #define | CKM_NVIDIA_AES_CBC_KEY_DATA_WRAP (CKM_VENDOR_DEFINED | 0x00000001UL) |
| The CKM_NVIDIA_AES_CBC_KEY_DATA_WRAP mechanism type should be used with a CK_NVIDIA_AES_CBC_KEY_DATA_WRAP_PARAMS mechanism parameter to wrap either one secret key or a pair of secret keys with custom data interleaved between the two. More... | |
| #define | CKM_NVIDIA_SP800_56C_TWO_STEPS_KDF (CKM_VENDOR_DEFINED | 0x00000002UL) |
| The CKM_NVIDIA_SP800_56C_TWO_STEPS_KDF mechanism type should be used with a CK_NVIDIA_SP800_56C_TWO_STEPS_KDF_PARAMS mechanism parameter to derive a secret key from a CKK_AES or CKK_GENERIC_SECRET secret. More... | |
| #define | CKM_NVIDIA_MACSEC_AES_KEY_WRAP (CKM_VENDOR_DEFINED | 0x00000003UL) |
| The CKM_NVIDIA_MACSEC_AES_KEY_WRAP mechanism type should be used with a CK_NVIDIA_MACSEC_AES_KEY_WRAP_PARAMS mechanism parameter to wrap or unwrap a secret key. More... | |
| #define | CKM_NVIDIA_PSC_AES_CMAC (CKM_VENDOR_DEFINED | 0x00000004UL) |
| The CKM_NVIDIA_PSC_AES_CMAC mechanism is used to authenticate MACsec-protected traffic metadata-PDUs. More... | |
| #define | CKM_NVIDIA_AES_GCM_KEY_UNWRAP (CKM_VENDOR_DEFINED | 0x00000005UL) |
| The CKM_NVIDIA_AES_GCM_KEY_UNWRAP mechanism type should be used with the C_UnwrapKey API and the CK_GCM_PARAMS mechanism parameter to unwrap keys. More... | |
| #define | CKM_NVIDIA_OX5B_SHA256_KEY_DERIVATION (CKM_VENDOR_DEFINED | 0x00000006UL) |
| The CKM_NVIDIA_OX5B_SHA256_KEY_DERIVATION mechanism type should be used with the C_DeriveKey API and the CK_NVIDIA_OX5B_SHA256_KEY_DERIVATION_PARAMS mechanism parameter to derive keys. More... | |
| #define | CKM_NVIDIA_SP800_56A_ONE_STEP_KDF (CKM_VENDOR_DEFINED | 0x00000007UL) |
| The CKM_NVIDIA_SP800_56A_ONE_STEP_KDF mechanism type should be used with a CK_NVIDIA_SP800_56A_ONE_STEP_KDF_PARAMS mechanism parameter to derive a secret key from a CKK_AES or CKK_GENERIC_SECRET secret. More... | |
| #define | CKM_NVIDIA_TSECRADAR_AES_CMAC (CKM_VENDOR_DEFINED | 0x00000008UL) |
| The CKM_NVIDIA_TSECRADAR_AES_CMAC mechanism is a drop-in replacement for CKM_AES_CMAC. More... | |
Typedefs | |
| typedef CK_ULONG | CK_NVIDIA_CHANNEL_HANDLE |
| Declaration of CK_NVIDIA_CHANNEL_HANDLE as a type. More... | |
| typedef CK_NVIDIA_CHANNEL_HANDLE CK_PTR | CK_NVIDIA_CHANNEL_HANDLE_PTR |
| Declaration of CK_NVIDIA_CHANNEL_HANDLE_PTR as a type. More... | |
| typedef CK_FLAGS | CK_NVIDIA_FLAGS |
| Declaration of CK_NVIDIA_FLAGS as a type. More... | |
| typedef CK_NVIDIA_FLAGS CK_PTR | CK_NVIDIA_FLAGS_PTR |
| Declaration of CK_NVIDIA_FLAGS_PTR as a type. More... | |
| typedef struct NV_CK_FUNCTION_LIST | NV_CK_FUNCTION_LIST |
| Declaration of NV_CK_FUNCTION_LIST as a type. More... | |
| typedef NV_CK_FUNCTION_LIST CK_PTR | NV_CK_FUNCTION_LIST_PTR |
| Declaration of NV_CK_FUNCTION_LIST_PTR as a type. More... | |
| typedef NV_CK_FUNCTION_LIST_PTR CK_PTR | NV_CK_FUNCTION_LIST_PTR_PTR |
| Declaration of NV_CK_FUNCTION_LIST_PTR_PTR as a type. More... | |
| typedef CK_RV(* | CK_C_NVIDIA_EncryptGetIV) (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pIV, CK_BYTE_PTR pIVLen) |
| pointer to C_NVIDIA_EncryptGetIV More... | |
| typedef CK_RV(* | CK_C_NVIDIA_CommitTokenObjects) (CK_SESSION_HANDLE hSession, CK_FLAGS flags) |
| pointer to C_NVIDIA_CommitTokenObjects More... | |
| typedef CK_RV(* | CK_C_NVIDIA_InitializeChannel) (CK_ULONG ulChannelId, CK_NVIDIA_CHANNEL_HANDLE_PTR phChannel, CK_NVIDIA_FLAGS_PTR pFlags) |
| pointer to C_NVIDIA_InitializeChannel More... | |
| typedef struct CK_NVIDIA_CHANNEL_ATTRIBUTE | CK_NVIDIA_CHANNEL_ATTRIBUTE |
| CK_NVIDIA_CHANNEL_ATTRIBUTE provides the parameters to use a channel for a set of operations. More... | |
| typedef CK_NVIDIA_CHANNEL_ATTRIBUTE CK_PTR | CK_NVIDIA_CHANNEL_ATTRIBUTE_PTR |
| pointer to a CK_NVIDIA_CHANNEL_ATTRIBUTE structure More... | |
| typedef CK_RV(* | CK_C_NVIDIA_OpenSession) (CK_SLOT_ID slotID, CK_FLAGS flags, CK_VOID_PTR pApplication, CK_NOTIFY Notify, CK_SESSION_HANDLE_PTR phSession, CK_NVIDIA_CHANNEL_ATTRIBUTE_PTR pChannelSettings, CK_ULONG ulChannelSettingsCount, CK_NVIDIA_FLAGS additionalFlags) |
| pointer to C_NVIDIA_OpenSession More... | |
| typedef CK_RV(* | CK_C_NVIDIA_FinalizeChannel) (CK_NVIDIA_CHANNEL_HANDLE hChannel) |
| pointer to CK_C_NVIDIA_FinalizeChannel More... | |
| typedef CK_RV(* | CK_C_NVIDIA_SetKATParameters) (CK_FLAGS flags) |
| pointer to C_NVIDIA_SetKATParameters More... | |
| typedef CK_RV(* | CK_C_NVIDIA_BatchMessageSignInit) (CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE_PTR phKeys, CK_ULONG ulKeysCount) |
| pointer to C_NVIDIA_BatchMessageSignInit More... | |
| typedef struct CK_NVIDIA_BATCH_SIGN_ENTRY | CK_NVIDIA_BATCH_SIGN_ENTRY |
| CK_NVIDIA_BATCH_SIGN_ENTRY provides the parameters, the input, and the output for a single batch entry in a batch message-based signature process. More... | |
| typedef CK_NVIDIA_BATCH_SIGN_ENTRY CK_PTR | CK_NVIDIA_BATCH_SIGN_ENTRY_PTR |
| Declaration of CK_NVIDIA_BATCH_SIGN_ENTRY_PTR as a type. More... | |
| typedef CK_RV(* | CK_C_NVIDIA_BatchSignMessage) (CK_SESSION_HANDLE hSession, CK_NVIDIA_BATCH_SIGN_ENTRY_PTR pBatchEntry, CK_ULONG ulBatchEntryCount) |
| pointer to C_NVIDIA_BatchSignMessage More... | |
| typedef CK_RV(* | CK_C_NVIDIA_BatchMessageSignFinal) (CK_SESSION_HANDLE hSession) |
| pointer to C_NVIDIA_BatchMessageSignFinal More... | |
| typedef CK_RV(* | CK_C_NVIDIA_BatchMessageVerifyInit) (CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE_PTR phKeys, CK_ULONG ulKeysCount) |
| pointer to C_NVIDIA_BatchMessageVerifyInit More... | |
| typedef struct CK_NVIDIA_BATCH_VERIFY_ENTRY | CK_NVIDIA_BATCH_VERIFY_ENTRY |
| CK_NVIDIA_BATCH_VERIFY_ENTRY provides the parameters, the input, and the output for a single batch entry in a batch message-based signature verification process. More... | |
| typedef CK_NVIDIA_BATCH_VERIFY_ENTRY CK_PTR | CK_NVIDIA_BATCH_VERIFY_ENTRY_PTR |
| Declaration of CK_NVIDIA_BATCH_VERIFY_ENTRY_PTR as a type. More... | |
| typedef CK_RV(* | CK_C_NVIDIA_BatchVerifyMessage) (CK_SESSION_HANDLE hSession, CK_NVIDIA_BATCH_VERIFY_ENTRY_PTR pBatchEntry, CK_ULONG ulBatchEntryCount) |
| pointer to C_NVIDIA_BatchVerifyMessage More... | |
| typedef CK_RV(* | CK_C_NVIDIA_BatchMessageVerifyFinal) (CK_SESSION_HANDLE hSession) |
| pointer to C_NVIDIA_BatchMessageVerifyFinal More... | |
| typedef struct CK_NVIDIA_AES_CBC_KEY_DATA_WRAP_PARAMS | CK_NVIDIA_AES_CBC_KEY_DATA_WRAP_PARAMS |
| CK_NVIDIA_AES_CBC_KEY_DATA_WRAP_PARAMS provides the parameters to the CKM_NVIDIA_AES_CBC_KEY_DATA_WRAP mechanism. More... | |
| typedef CK_NVIDIA_AES_CBC_KEY_DATA_WRAP_PARAMS CK_PTR | CK_NVIDIA_AES_CBC_KEY_DATA_WRAP_PARAMS_PTR |
| Declaration of CK_AES_CBC_CUSTOM_DATA_WRAP_PARAMS_PTR as a type. More... | |
| typedef struct CK_NVIDIA_SP800_56C_TWO_STEPS_KDF_PARAMS | CK_NVIDIA_SP800_56C_TWO_STEPS_KDF_PARAMS |
| CK_NVIDIA_SP800_56C_TWO_STEPS_KDF_PARAMS provides the parameters to the CKM_NVIDIA_SP800_56C_TWO_STEPS_KDF mechanism. More... | |
| typedef CK_NVIDIA_SP800_56C_TWO_STEPS_KDF_PARAMS CK_PTR | CK_NVIDIA_SP800_56C_TWO_STEPS_KDF_PARAMS_PTR |
| Declaration of CK_NVIDIA_SP800_56C_TWO_STEPS_KDF_PARAMS_PTR as a type. More... | |
| typedef struct CK_NVIDIA_MACSEC_AES_KEY_WRAP_PARAMS | CK_NVIDIA_MACSEC_AES_KEY_WRAP_PARAMS |
| CK_CKM_NVIDIA_MACSEC_AES_KEY_WRAP_PARAMS provides the parameters to the CKM_NVIDIA_MACSEC_AES_KEY_WRAP mechanism. More... | |
| typedef CK_NVIDIA_MACSEC_AES_KEY_WRAP_PARAMS CK_PTR | CK_NVIDIA_MACSEC_AES_KEY_WRAP_PARAMS_PTR |
| Declaration of CK_NVIDIA_MACSEC_AES_KEY_WRAP_PARAMS_PTR as a type. More... | |
| typedef struct CK_NVIDIA_ZERO_COPY_ENTRY | CK_NVIDIA_ZERO_COPY_ENTRY |
| CK_NVIDIA_ZERO_COPY_ENTRY provides single zero copy data address More... | |
| typedef CK_NVIDIA_ZERO_COPY_ENTRY CK_PTR | CK_NVIDIA_ZERO_COPY_ENTRY_PTR |
| Declaration of CK_NVIDIA_ZERO_COPY_ENTRY_PTR as a type. More... | |
| typedef struct CK_NVIDIA_ZERO_COPY_LIST | CK_NVIDIA_ZERO_COPY_LIST |
| CK_NVIDIA_ZERO_COPY_LIST provides multiple zero copy data addresses More... | |
| typedef CK_NVIDIA_ZERO_COPY_LIST CK_PTR | CK_NVIDIA_ZERO_COPY_LIST_PTR |
| Declaration of CK_NVIDIA_ZERO_COPY_LIST_PTR as a type. More... | |
| typedef struct CK_NVIDIA_OX5B_SHA256_KEY_DERIVATION_PARAMS | CK_NVIDIA_OX5B_SHA256_KEY_DERIVATION_PARAMS |
| CKM_NVIDIA_OX5B_SHA256_KEY_DERIVATION_PARAMS provides the parameters to the CKM_NVIDIA_OX5B_SHA256_KEY_DERIVATION mechanism. More... | |
| typedef CK_NVIDIA_OX5B_SHA256_KEY_DERIVATION_PARAMS CK_PTR | CK_NVIDIA_OX5B_SHA256_KEY_DERIVATION_PARAMS_PTR |
| Declaration of CK_NVIDIA_MACSEC_AES_KEY_WRAP_PARAMS_PTR as a type. More... | |
| typedef struct CK_NVIDIA_SP800_56A_ONE_STEP_KDF_PARAMS | CK_NVIDIA_SP800_56A_ONE_STEP_KDF_PARAMS |
| CK_NVIDIA_SP800_56A_ONE_STEP_KDF_PARAMS provides the parameters to the CKM_NVIDIA_SP800_56A_ONE_STEP_KDF mechanism. More... | |
| typedef CK_NVIDIA_SP800_56A_ONE_STEP_KDF_PARAMS CK_PTR | CK_NVIDIA_SP800_56A_ONE_STEP_KDF_PARAMS_PTR |
| Declaration of CK_NVIDIA_SP800_56A_ONE_STEP_KDF_PARAMS_PTR as a type. More... | |
Functions | |
| CK_RV | C_NVIDIA_EncryptGetIV (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pIV, CK_BYTE_PTR pIVLen) |
| C_NVIDIA_EncryptGetIV gets the IV or CTR buffer data which was generated during the AES encryption for CBC, GCM or CTR mode. More... | |
| CK_RV | C_NVIDIA_CommitTokenObjects (CK_SESSION_HANDLE hSession, CK_FLAGS flags) |
| C_NVIDIA_CommitTokenObjects writes the current state of all token objects on a dynamic token to secure storage. More... | |
| CK_RV | C_NVIDIA_InitializeChannel (CK_ULONG ulChannelId, CK_NVIDIA_CHANNEL_HANDLE_PTR phChannel, CK_NVIDIA_FLAGS_PTR pFlags) |
| C_NVIDIA_InitializeChannel opens a channel to a hardware engine. More... | |
| CK_RV | C_NVIDIA_OpenSession (CK_SLOT_ID slotID, CK_FLAGS flags, CK_VOID_PTR pApplication, CK_NOTIFY Notify, CK_SESSION_HANDLE_PTR phSession, CK_NVIDIA_CHANNEL_ATTRIBUTE_PTR pChannelSettings, CK_ULONG ulChannelSettingsCount, CK_NVIDIA_FLAGS additionalFlags) |
| C_NVIDIA_OpenSession opens a PKCS#11 session that can be configured to use different channels. More... | |
| CK_RV | C_NVIDIA_FinalizeChannel (CK_NVIDIA_CHANNEL_HANDLE hChannel) |
| C_NVIDIA_FinalizeChannel closes a channel handle if it is not in use. More... | |
| CK_RV | C_NVIDIA_SetKATParameters (CK_FLAGS flags) |
| C_NVIDIA_SetKATParameters is used exclusively by the NVIDIA KAT utility More... | |
| CK_RV | C_NVIDIA_BatchMessageSignInit (CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE_PTR phKeys, CK_ULONG ulKeysCount) |
| C_NVIDIA_BatchMessageSignInit initializes a batch message-based signature process. More... | |
| CK_RV | C_NVIDIA_BatchSignMessage (CK_SESSION_HANDLE hSession, CK_NVIDIA_BATCH_SIGN_ENTRY_PTR pBatchEntry, CK_ULONG ulBatchEntryCount) |
| C_NVIDIA_BatchSignMessage signs a batch of messages in a single part. More... | |
| CK_RV | C_NVIDIA_BatchMessageSignFinal (CK_SESSION_HANDLE hSession) |
| C_NVIDIA_BatchMessageSignFinal finishes a batch message-based signature process. More... | |
| CK_RV | C_NVIDIA_BatchMessageVerifyInit (CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE_PTR phKeys, CK_ULONG ulKeysCount) |
| C_NVIDIA_BatchMessageVerifyInit initializes a batch message-based signature verification process. More... | |
| CK_RV | C_NVIDIA_BatchVerifyMessage (CK_SESSION_HANDLE hSession, CK_NVIDIA_BATCH_VERIFY_ENTRY_PTR pBatchEntry, CK_ULONG ulBatchEntryCount) |
| C_NVIDIA_BatchVerifyMessage verifies the signatures of a batch of messages in a single part. More... | |
| CK_RV | C_NVIDIA_BatchMessageVerifyFinal (CK_SESSION_HANDLE hSession) |
| C_NVIDIA_BatchMessageVerifyFinal finishes a batch message-based signature process. More... | |
| #define C_EncryptGetIV C_NVIDIA_EncryptGetIV |
C_EncryptGetIV is a legacy interface for C_NVIDIA_EncryptGetIV to allow for backwards compatibility.
Definition at line 195 of file nvpkcs11.h.
| #define CKA_NVIDIA_CALLER_NONCE (CKA_VENDOR_DEFINED | 0x00000001UL) |
Declaration of CKA_NVIDIA vendor extension attributes.
Set when deriving a TLS session key designed to allow user nonce input
Definition at line 130 of file nvpkcs11.h.
| #define CKF_NVIDIA_GCM_DECRYPT_UNAVAILABLE (0x00000002UL) |
Indicates this channel does not support GCM decrypt operations.
Definition at line 92 of file nvpkcs11.h.
| #define CKF_NVIDIA_HMAC_MESSAGE_SIGN (0x0400000000UL) |
Used in the pChannelSettings structure of C_NVIDIA_OpenSession to indicate that a channel is to be used for HMAC message-based signing.
Definition at line 97 of file nvpkcs11.h.
| #define CKF_NVIDIA_HMAC_MESSAGE_VERIFY (0x0800000000UL) |
Used in the pChannelSettings structure of C_NVIDIA_OpenSession to indicate that a channel is to be used for HMAC message-based verification.
Definition at line 98 of file nvpkcs11.h.
| #define CKF_NVIDIA_HMAC_SIGN (0x0100000000UL) |
Extended mechanism flags used by channel feature - these follow on from CKF_EC_CURVENAME (0x80000000UL)
Used in the pChannelSettings structure of C_NVIDIA_OpenSession to indicate that a channel is to be used for HMAC signing
Definition at line 95 of file nvpkcs11.h.
| #define CKF_NVIDIA_HMAC_VERIFY (0x0200000000UL) |
Used in the pChannelSettings structure of C_NVIDIA_OpenSession to indicate that a channel is to be used for HMAC verification.
Definition at line 96 of file nvpkcs11.h.
| #define CKF_NVIDIA_KAT_TEST_BYPASS (0x00000010UL) |
For NVIDIA internal use only.
Definition at line 115 of file nvpkcs11.h.
| #define CKF_NVIDIA_KAT_TEST_FAIL (0x00000008UL) |
For NVIDIA internal use only.
Definition at line 114 of file nvpkcs11.h.
| #define CKF_NVIDIA_KAT_TEST_LIMIT_INIT (0x00000020UL) |
For NVIDIA internal use only.
Definition at line 116 of file nvpkcs11.h.
| #define CKF_NVIDIA_KAT_TEST_NONE (0x00000001UL) |
| #define CKF_NVIDIA_KAT_TEST_PASS (0x00000004UL) |
For NVIDIA internal use only.
Definition at line 113 of file nvpkcs11.h.
| #define CKF_NVIDIA_KAT_TEST_START (0x00000002UL) |
For NVIDIA internal use only.
Definition at line 112 of file nvpkcs11.h.
| #define CKF_NVIDIA_KEYLOAD_FAILED (0x20000000UL) |
An error occurred when loading keys, token keys will be unavailable.
Definition at line 105 of file nvpkcs11.h.
| #define CKF_NVIDIA_KEYLOAD_TIMEOUT (0x10000000UL) |
It was not possible to transfer keys in a specified time, token keys will be unavailable.
Definition at line 104 of file nvpkcs11.h.
| #define CKF_NVIDIA_SECURE_STORAGE_FAILED (0x04000000UL) |
This token does not have functional secure storage.
Definition at line 102 of file nvpkcs11.h.
| #define CKF_NVIDIA_SECURE_STORAGE_NOT_PRESENT (0x100000000UL) |
Secure storage could not be found.
Definition at line 108 of file nvpkcs11.h.
| #define CKF_NVIDIA_SECURE_STORAGE_NOT_PROVISIONED (0x80000000UL) |
Secure storage is present, but not provisioned.
Definition at line 107 of file nvpkcs11.h.
| #define CKF_NVIDIA_SECURE_STORAGE_TAMPERED (0x08000000UL) |
Secure storage may have been tampered with, is not available.
Definition at line 103 of file nvpkcs11.h.
| #define CKF_NVIDIA_TOKEN_ERROR (0x40000000UL) |
An unspecified error occurred with the token.
Definition at line 106 of file nvpkcs11.h.
| #define CKF_NVIDIA_TOKEN_OK (0x02000000UL) |
TokenInfo extended flags - these follow on from CKF_ERROR_STATE (0x01000000UL)
Secure storage is available
Definition at line 101 of file nvpkcs11.h.
| #define CKF_NVIDIA_ZERO_COPY (0x00000001UL) |
Declaration of CKF_NVIDIA vendor extension flags.
Channel related flags Indicates this channel must be used with zero copy buffers
Definition at line 91 of file nvpkcs11.h.
| #define CKM_NVIDIA_AES_CBC_KEY_DATA_WRAP (CKM_VENDOR_DEFINED | 0x00000001UL) |
The CKM_NVIDIA_AES_CBC_KEY_DATA_WRAP mechanism type should be used with a CK_NVIDIA_AES_CBC_KEY_DATA_WRAP_PARAMS mechanism parameter to wrap either one secret key or a pair of secret keys with custom data interleaved between the two.
This mechanism is intended for the C_WrapKey API. C_WrapKey's third argument is the wrapping key (hWrappingKey) and the fourth argument is the key to be wrapped (hKey).
If hTrailingKey is CK_INVALID_HANDLE, the mechanism wraps a single key (data=[hKey]) using AES in CBC mode.
If hTrailingKey is a valid handle, the mechanism wraps two keys with custom data interleaved between them (data=[hKey|pData|hTrailingKey]) using AES in CBC mode.
The wrapping key (hWrappingKey) can either be a session or a token object. The keys to be wrapped (hKey and hTrailingKey) should not differ in their storage attribute: they should both be session objects, or token objects.
The mechanism uses CBC mode and generates a random IV that is returned to the caller in the iv field of the mechanism parameter.
The convention described in Section 5.2 of the PKCS #11 base documentation can be used with C_WrapKey to compute the length of the wrapped key(s).
Definition at line 938 of file nvpkcs11.h.
| #define CKM_NVIDIA_AES_GCM_KEY_UNWRAP (CKM_VENDOR_DEFINED | 0x00000005UL) |
The CKM_NVIDIA_AES_GCM_KEY_UNWRAP mechanism type should be used with the C_UnwrapKey API and the CK_GCM_PARAMS mechanism parameter to unwrap keys.
This mechanism unwraps keys that were previously wrapped along with their metadata using the custom NVIDIA method/script. When calling C_UnwrapKey with this mechanism, no template should be provided since the wrapped blob contains both the key value and the metadata. The pTemplate and ulAttributeCount arguments should be set to NULL and 0 respectively.
Definition at line 1057 of file nvpkcs11.h.
| #define CKM_NVIDIA_MACSEC_AES_KEY_WRAP (CKM_VENDOR_DEFINED | 0x00000003UL) |
The CKM_NVIDIA_MACSEC_AES_KEY_WRAP mechanism type should be used with a CK_NVIDIA_MACSEC_AES_KEY_WRAP_PARAMS mechanism parameter to wrap or unwrap a secret key.
This mechanism is intended for the C_WrapKey and C_UnwrapKey API.
It is designed to support NVIDIA MACsec hardware and software only.
Definition at line 995 of file nvpkcs11.h.
| #define CKM_NVIDIA_OX5B_SHA256_KEY_DERIVATION (CKM_VENDOR_DEFINED | 0x00000006UL) |
The CKM_NVIDIA_OX5B_SHA256_KEY_DERIVATION mechanism type should be used with the C_DeriveKey API and the CK_NVIDIA_OX5B_SHA256_KEY_DERIVATION_PARAMS mechanism parameter to derive keys.
this Mechanism performs both operations:
Definition at line 1068 of file nvpkcs11.h.
| #define CKM_NVIDIA_PSC_AES_CMAC (CKM_VENDOR_DEFINED | 0x00000004UL) |
The CKM_NVIDIA_PSC_AES_CMAC mechanism is used to authenticate MACsec-protected traffic metadata-PDUs.
This mechanism is intended for the C_SignInit or C_MessageSignInit or C_VerifyInit or C_MessageVerifyInit APIs, single-part data only.
It is designed to support NVIDIA MACsec hardware and software only.
Definition at line 1044 of file nvpkcs11.h.
| #define CKM_NVIDIA_SP800_56A_ONE_STEP_KDF (CKM_VENDOR_DEFINED | 0x00000007UL) |
The CKM_NVIDIA_SP800_56A_ONE_STEP_KDF mechanism type should be used with a CK_NVIDIA_SP800_56A_ONE_STEP_KDF_PARAMS mechanism parameter to derive a secret key from a CKK_AES or CKK_GENERIC_SECRET secret.
The mechanism is intended for the C_DeriveKey API. The mechanism derives keys as described in NISTSP800-56AREV.3. The KDF stage uses one step key derivation as described in NISTSP800-56CREV.1: PRF(counter||key||InfoString). When PRF is CKM_SHA256, the expanded key stream is 32B and C_DeriveKey returns all or part of the key stream depending on the ulKeyOffset parameter and the CKA_VALUE_LEN attribute of the derived key.
CKA_VALUE_LEN = 32, ulKeyOffset = 0 : the entire key stream is used for the 32B derived key. CKA_VALUE_LEN = 16, ulKeyOffset = 0 : the first 16B of the key stream are used for the 16B derived key. CKA_VALUE_LEN = 16, ulKeyOffset = 16 : the trailing 16B of the key stream are used for the 16B derived key.
C_DeriveKey may be called twice to derive two 16B keys: with ulKeyOffset 0 then with ulKeyOffset 16.
Definition at line 1104 of file nvpkcs11.h.
| #define CKM_NVIDIA_SP800_56C_TWO_STEPS_KDF (CKM_VENDOR_DEFINED | 0x00000002UL) |
The CKM_NVIDIA_SP800_56C_TWO_STEPS_KDF mechanism type should be used with a CK_NVIDIA_SP800_56C_TWO_STEPS_KDF_PARAMS mechanism parameter to derive a secret key from a CKK_AES or CKK_GENERIC_SECRET secret.
The mechanism is intended for the C_DeriveKey API. The mechanism uses two step key derivation as described in NISTSP800-56CREV.1: first extract randomness from the base key and the salt, then expand it in counter mode with an Info string.
If applicable, the L field described in the NISTSP800-56CREV.1 standard should be explicitly supplied as part of the Info string.
Definition at line 967 of file nvpkcs11.h.
| #define CKM_NVIDIA_TSECRADAR_AES_CMAC (CKM_VENDOR_DEFINED | 0x00000008UL) |
The CKM_NVIDIA_TSECRADAR_AES_CMAC mechanism is a drop-in replacement for CKM_AES_CMAC.
The mechanism is supported only on the TSECRADAR safety token and should be used with ephemeral keys of type CKK_AES.
This mechanism is intended for the single-part versions of the C_SignInit/C_MessageSignInit and C_VerifyInit/C_MessageVerifyInit APIs.
Definition at line 1130 of file nvpkcs11.h.
| #define CKR_NVIDIA_CHANNEL_CANNOT_OPEN (CKR_VENDOR_DEFINED | 0x000000008UL) |
The requested channel could not be opened.
Definition at line 121 of file nvpkcs11.h.
| #define CKR_NVIDIA_CHANNEL_NOT_FOUND (CKR_VENDOR_DEFINED | 0x000000007UL) |
Declaration of CKR_NVIDIA vendor extension return values.
The requested channel could not be found
Definition at line 120 of file nvpkcs11.h.
| #define CKR_NVIDIA_CRYPTOKI_UNAVAILABLE (CKR_VENDOR_DEFINED | 0x000000013UL) |
Cryptoki is unavailable due to a prior CKR_NVIDIA_FUNCTION_NOT_ALLOWED_IN_SYSTEM_STATE error.
Definition at line 126 of file nvpkcs11.h.
| #define CKR_NVIDIA_FUNCTION_NOT_ALLOWED_IN_SYSTEM_STATE (CKR_VENDOR_DEFINED | 0x000000012UL) |
This function call is not permitted in the current NVDVMS state state.
Definition at line 125 of file nvpkcs11.h.
| #define CKR_NVIDIA_OBJECTS_CHANGED (CKR_VENDOR_DEFINED | 0x000000011UL) |
The number of stored objects are different from when the search was initialised.
Definition at line 124 of file nvpkcs11.h.
| #define CKR_NVIDIA_SECURE_STORAGE_FAILED (CKR_VENDOR_DEFINED | 0x000000009UL) |
This token does not have functional secure storage.
Definition at line 122 of file nvpkcs11.h.
| #define CKR_NVIDIA_SECURE_STORAGE_TAMPERED (CKR_VENDOR_DEFINED | 0x000000010UL) |
Secure storage may have been tampered, is not available.
Definition at line 123 of file nvpkcs11.h.
| typedef CK_RV(* CK_C_NVIDIA_BatchMessageSignFinal) (CK_SESSION_HANDLE hSession) |
pointer to C_NVIDIA_BatchMessageSignFinal
Definition at line 699 of file nvpkcs11.h.
| typedef CK_RV(* CK_C_NVIDIA_BatchMessageSignInit) (CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE_PTR phKeys, CK_ULONG ulKeysCount) |
pointer to C_NVIDIA_BatchMessageSignInit
Definition at line 569 of file nvpkcs11.h.
| typedef CK_RV(* CK_C_NVIDIA_BatchMessageVerifyFinal) (CK_SESSION_HANDLE hSession) |
pointer to C_NVIDIA_BatchMessageVerifyFinal
Definition at line 890 of file nvpkcs11.h.
| typedef CK_RV(* CK_C_NVIDIA_BatchMessageVerifyInit) (CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE_PTR phKeys, CK_ULONG ulKeysCount) |
pointer to C_NVIDIA_BatchMessageVerifyInit
Definition at line 761 of file nvpkcs11.h.
| typedef CK_RV(* CK_C_NVIDIA_BatchSignMessage) (CK_SESSION_HANDLE hSession, CK_NVIDIA_BATCH_SIGN_ENTRY_PTR pBatchEntry, CK_ULONG ulBatchEntryCount) |
pointer to C_NVIDIA_BatchSignMessage
Definition at line 647 of file nvpkcs11.h.
| typedef CK_RV(* CK_C_NVIDIA_BatchVerifyMessage) (CK_SESSION_HANDLE hSession, CK_NVIDIA_BATCH_VERIFY_ENTRY_PTR pBatchEntry, CK_ULONG ulBatchEntryCount) |
pointer to C_NVIDIA_BatchVerifyMessage
Definition at line 839 of file nvpkcs11.h.
| typedef CK_RV(* CK_C_NVIDIA_CommitTokenObjects) (CK_SESSION_HANDLE hSession, CK_FLAGS flags) |
pointer to C_NVIDIA_CommitTokenObjects
Definition at line 265 of file nvpkcs11.h.
| typedef CK_RV(* CK_C_NVIDIA_EncryptGetIV) (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pIV, CK_BYTE_PTR pIVLen) |
pointer to C_NVIDIA_EncryptGetIV
Definition at line 199 of file nvpkcs11.h.
| typedef CK_RV(* CK_C_NVIDIA_FinalizeChannel) (CK_NVIDIA_CHANNEL_HANDLE hChannel) |
pointer to CK_C_NVIDIA_FinalizeChannel
Definition at line 472 of file nvpkcs11.h.
| typedef CK_RV(* CK_C_NVIDIA_InitializeChannel) (CK_ULONG ulChannelId, CK_NVIDIA_CHANNEL_HANDLE_PTR phChannel, CK_NVIDIA_FLAGS_PTR pFlags) |
pointer to C_NVIDIA_InitializeChannel
Definition at line 322 of file nvpkcs11.h.
| typedef CK_RV(* CK_C_NVIDIA_OpenSession) (CK_SLOT_ID slotID, CK_FLAGS flags, CK_VOID_PTR pApplication, CK_NOTIFY Notify, CK_SESSION_HANDLE_PTR phSession, CK_NVIDIA_CHANNEL_ATTRIBUTE_PTR pChannelSettings, CK_ULONG ulChannelSettingsCount, CK_NVIDIA_FLAGS additionalFlags) |
pointer to C_NVIDIA_OpenSession
Definition at line 418 of file nvpkcs11.h.
pointer to C_NVIDIA_SetKATParameters
Definition at line 507 of file nvpkcs11.h.
CK_NVIDIA_AES_CBC_KEY_DATA_WRAP_PARAMS provides the parameters to the CKM_NVIDIA_AES_CBC_KEY_DATA_WRAP mechanism.
Declaration of CK_AES_CBC_CUSTOM_DATA_WRAP_PARAMS_PTR as a type.
Definition at line 952 of file nvpkcs11.h.
| typedef struct CK_NVIDIA_BATCH_SIGN_ENTRY CK_NVIDIA_BATCH_SIGN_ENTRY |
CK_NVIDIA_BATCH_SIGN_ENTRY provides the parameters, the input, and the output for a single batch entry in a batch message-based signature process.
| typedef CK_NVIDIA_BATCH_SIGN_ENTRY CK_PTR CK_NVIDIA_BATCH_SIGN_ENTRY_PTR |
Declaration of CK_NVIDIA_BATCH_SIGN_ENTRY_PTR as a type.
Definition at line 592 of file nvpkcs11.h.
| typedef struct CK_NVIDIA_BATCH_VERIFY_ENTRY CK_NVIDIA_BATCH_VERIFY_ENTRY |
CK_NVIDIA_BATCH_VERIFY_ENTRY provides the parameters, the input, and the output for a single batch entry in a batch message-based signature verification process.
| typedef CK_NVIDIA_BATCH_VERIFY_ENTRY CK_PTR CK_NVIDIA_BATCH_VERIFY_ENTRY_PTR |
Declaration of CK_NVIDIA_BATCH_VERIFY_ENTRY_PTR as a type.
Definition at line 784 of file nvpkcs11.h.
| typedef struct CK_NVIDIA_CHANNEL_ATTRIBUTE CK_NVIDIA_CHANNEL_ATTRIBUTE |
CK_NVIDIA_CHANNEL_ATTRIBUTE provides the parameters to use a channel for a set of operations.
| typedef CK_NVIDIA_CHANNEL_ATTRIBUTE CK_PTR CK_NVIDIA_CHANNEL_ATTRIBUTE_PTR |
pointer to a CK_NVIDIA_CHANNEL_ATTRIBUTE structure
Definition at line 338 of file nvpkcs11.h.
| typedef CK_ULONG CK_NVIDIA_CHANNEL_HANDLE |
Declaration of CK_NVIDIA_CHANNEL_HANDLE as a type.
Definition at line 72 of file nvpkcs11.h.
| typedef CK_NVIDIA_CHANNEL_HANDLE CK_PTR CK_NVIDIA_CHANNEL_HANDLE_PTR |
Declaration of CK_NVIDIA_CHANNEL_HANDLE_PTR as a type.
Definition at line 74 of file nvpkcs11.h.
| typedef CK_FLAGS CK_NVIDIA_FLAGS |
Declaration of CK_NVIDIA_FLAGS as a type.
Definition at line 77 of file nvpkcs11.h.
| typedef CK_NVIDIA_FLAGS CK_PTR CK_NVIDIA_FLAGS_PTR |
Declaration of CK_NVIDIA_FLAGS_PTR as a type.
Definition at line 79 of file nvpkcs11.h.
CK_CKM_NVIDIA_MACSEC_AES_KEY_WRAP_PARAMS provides the parameters to the CKM_NVIDIA_MACSEC_AES_KEY_WRAP mechanism.
Declaration of CK_NVIDIA_MACSEC_AES_KEY_WRAP_PARAMS_PTR as a type.
Definition at line 1009 of file nvpkcs11.h.
| typedef struct CK_NVIDIA_OX5B_SHA256_KEY_DERIVATION_PARAMS CK_NVIDIA_OX5B_SHA256_KEY_DERIVATION_PARAMS |
CKM_NVIDIA_OX5B_SHA256_KEY_DERIVATION_PARAMS provides the parameters to the CKM_NVIDIA_OX5B_SHA256_KEY_DERIVATION mechanism.
| typedef CK_NVIDIA_OX5B_SHA256_KEY_DERIVATION_PARAMS CK_PTR CK_NVIDIA_OX5B_SHA256_KEY_DERIVATION_PARAMS_PTR |
Declaration of CK_NVIDIA_MACSEC_AES_KEY_WRAP_PARAMS_PTR as a type.
Definition at line 1083 of file nvpkcs11.h.
CK_NVIDIA_SP800_56A_ONE_STEP_KDF_PARAMS provides the parameters to the CKM_NVIDIA_SP800_56A_ONE_STEP_KDF mechanism.
Declaration of CK_NVIDIA_SP800_56A_ONE_STEP_KDF_PARAMS_PTR as a type.
Definition at line 1119 of file nvpkcs11.h.
CK_NVIDIA_SP800_56C_TWO_STEPS_KDF_PARAMS provides the parameters to the CKM_NVIDIA_SP800_56C_TWO_STEPS_KDF mechanism.
| typedef CK_NVIDIA_SP800_56C_TWO_STEPS_KDF_PARAMS CK_PTR CK_NVIDIA_SP800_56C_TWO_STEPS_KDF_PARAMS_PTR |
Declaration of CK_NVIDIA_SP800_56C_TWO_STEPS_KDF_PARAMS_PTR as a type.
Definition at line 983 of file nvpkcs11.h.
| typedef struct CK_NVIDIA_ZERO_COPY_ENTRY CK_NVIDIA_ZERO_COPY_ENTRY |
CK_NVIDIA_ZERO_COPY_ENTRY provides single zero copy data address
| typedef CK_NVIDIA_ZERO_COPY_ENTRY CK_PTR CK_NVIDIA_ZERO_COPY_ENTRY_PTR |
Declaration of CK_NVIDIA_ZERO_COPY_ENTRY_PTR as a type.
Definition at line 1022 of file nvpkcs11.h.
| typedef struct CK_NVIDIA_ZERO_COPY_LIST CK_NVIDIA_ZERO_COPY_LIST |
CK_NVIDIA_ZERO_COPY_LIST provides multiple zero copy data addresses
| typedef CK_NVIDIA_ZERO_COPY_LIST CK_PTR CK_NVIDIA_ZERO_COPY_LIST_PTR |
Declaration of CK_NVIDIA_ZERO_COPY_LIST_PTR as a type.
Definition at line 1034 of file nvpkcs11.h.
| typedef struct NV_CK_FUNCTION_LIST NV_CK_FUNCTION_LIST |
Declaration of NV_CK_FUNCTION_LIST as a type.
Definition at line 82 of file nvpkcs11.h.
| typedef NV_CK_FUNCTION_LIST CK_PTR NV_CK_FUNCTION_LIST_PTR |
Declaration of NV_CK_FUNCTION_LIST_PTR as a type.
Definition at line 84 of file nvpkcs11.h.
| typedef NV_CK_FUNCTION_LIST_PTR CK_PTR NV_CK_FUNCTION_LIST_PTR_PTR |
Declaration of NV_CK_FUNCTION_LIST_PTR_PTR as a type.
Definition at line 86 of file nvpkcs11.h.
| CK_RV C_NVIDIA_BatchMessageSignFinal | ( | CK_SESSION_HANDLE | hSession | ) |
C_NVIDIA_BatchMessageSignFinal finishes a batch message-based signature process.
If there is no active batch message-based signature process, then this function will fail with CKR_OPERATION_NOT_INITIALIZED. C_NVIDIA_BatchMessageSignInit must be called to initialize a new signature process.
| [in] | hSession | previously obtained from C_OpenSession or C_NVIDIA_OpenSession |
Usage considerations
| CK_RV C_NVIDIA_BatchMessageSignInit | ( | CK_SESSION_HANDLE | hSession, |
| CK_MECHANISM_PTR | pMechanism, | ||
| CK_OBJECT_HANDLE_PTR | phKeys, | ||
| CK_ULONG | ulKeysCount | ||
| ) |
C_NVIDIA_BatchMessageSignInit initializes a batch message-based signature process.
If there is an active batch message-based signature process, then this function will fail with CKR_OPERATION_ACTIVE. C_NVIDIA_BatchMessageSignFinal must be called to finalize the previous process before C_NVIDIA_BatchMessageSignInit is allowed to kickstart a new signature process.
| [in] | hSession | previously obtained from C_OpenSession or C_NVIDIA_OpenSession |
| [in] | pMechanism | pointer to the signature mechanism |
| [in] | phKeys | array of signing keys |
| [in] | ulKeysCount | number of keys in the array phKeys |
Usage considerations
| CK_RV C_NVIDIA_BatchMessageVerifyFinal | ( | CK_SESSION_HANDLE | hSession | ) |
C_NVIDIA_BatchMessageVerifyFinal finishes a batch message-based signature process.
If there is no active batch message-based signature process, then this function will fail with CKR_OPERATION_NOT_INITIALIZED. C_NVIDIA_BatchMessageVerifyInit must be called to initialize a new signature process.
| [in] | hSession | Previously obtained from C_OpenSession or C_NVIDIA_OpenSession |
Usage considerations
| CK_RV C_NVIDIA_BatchMessageVerifyInit | ( | CK_SESSION_HANDLE | hSession, |
| CK_MECHANISM_PTR | pMechanism, | ||
| CK_OBJECT_HANDLE_PTR | phKeys, | ||
| CK_ULONG | ulKeysCount | ||
| ) |
C_NVIDIA_BatchMessageVerifyInit initializes a batch message-based signature verification process.
If there is an active batch message-based signature verification process, then this function will fail with CKR_OPERATION_ACTIVE. C_NVIDIA_BatchMessageVerifyFinal must be called to finalize the previous process before C_NVIDIA_BatchMessageVerifyInit is allowed to kickstart a new signature verification process.
| [in] | hSession | previously obtained from C_OpenSession or C_NVIDIA_OpenSession |
| [in] | pMechanism | pointer to the signature verification mechanism |
| [in] | phKeys | array of signature verification keys |
| [in] | ulKeysCount | number of keys in the array phKeys |
Usage considerations
| CK_RV C_NVIDIA_BatchSignMessage | ( | CK_SESSION_HANDLE | hSession, |
| CK_NVIDIA_BATCH_SIGN_ENTRY_PTR | pBatchEntry, | ||
| CK_ULONG | ulBatchEntryCount | ||
| ) |
C_NVIDIA_BatchSignMessage signs a batch of messages in a single part.
If there is no active batch message-based signature process, then this function will fail with CKR_OPERATION_NOT_INITIALIZED. C_NVIDIA_BatchMessageSignInit must be called to initialize a new signature process.
| [in] | hSession | previously obtained from C_OpenSession or C_NVIDIA_OpenSession |
| [in,out] | pBatchEntry | array of batch entries to be signed |
| [in] | ulBatchEntryCount | number of entries in the batch array |
Usage considerations
| CK_RV C_NVIDIA_BatchVerifyMessage | ( | CK_SESSION_HANDLE | hSession, |
| CK_NVIDIA_BATCH_VERIFY_ENTRY_PTR | pBatchEntry, | ||
| CK_ULONG | ulBatchEntryCount | ||
| ) |
C_NVIDIA_BatchVerifyMessage verifies the signatures of a batch of messages in a single part.
If there is no active batch message-based signature verification process, then this function will fail with CKR_OPERATION_NOT_INITIALIZED. C_NVIDIA_BatchMessageVerifyInit must be called to initialize a new signature verification process.
| [in] | hSession | previously obtained from C_OpenSession or C_NVIDIA_OpenSession |
| [in,out] | pBatchEntry | array of batch entries to be verified |
| [in] | ulBatchEntryCount | number of entries in the batch array |
Usage considerations
| CK_RV C_NVIDIA_CommitTokenObjects | ( | CK_SESSION_HANDLE | hSession, |
| CK_FLAGS | flags | ||
| ) |
C_NVIDIA_CommitTokenObjects writes the current state of all token objects on a dynamic token to secure storage.
If there is a session open on any safety token in the system, then this function will fail with CKR_OPERATION_ACTIVE in order to prevent any disruption to ongoing safety operations.
| [in] | hSession | Previously obtained from C_OpenSession or C_NVIDIA_OpenSession |
| [in] | flags | Currently not required, argument is reserved for future expansion |
If no changes have been made, then this function will return CKR_OK. If changes have been made, this function may take several minutes to complete. This would apply to all tokens in the system, not just the token referenced in the call. To protect safety-critical operations from being blocked, this function must only be called during the deinit phase, as it could have an impact on live operations and boot time. To enforce safe operation, this function will fail with CKR_OPERATION_ACTIVE if any application has any safety token session open on this device (not just the token referenced in this call).
Usage considerations
| CK_RV C_NVIDIA_EncryptGetIV | ( | CK_SESSION_HANDLE | hSession, |
| CK_BYTE_PTR | pIV, | ||
| CK_BYTE_PTR | pIVLen | ||
| ) |
C_NVIDIA_EncryptGetIV gets the IV or CTR buffer data which was generated during the AES encryption for CBC, GCM or CTR mode.
| [in] | hSession | The session handle for the encryption session initialized with C_EncryptInit |
| [in,out] | pIV | Buffer for storing the IV or CTR data generated during the encryption session |
| [in,out] | pIVLen | Pointer to the location that holds the length of the IV or CTR |
This function is called as the last step in the encryption sequence, and requires that first C_EncryptInit and then C_Encrypt or C_EncryptInit and then one or more C_EncryptUpdate(s) followed by C_EncryptFinal have been called first.
A call to C_NVIDIA_EncryptGetIV always terminates the active encryption unless it returns CKR_BUFFER_TOO_SMALL, or is a successful call (returns CKR_OK) to determine the length of the buffer needed to hold the data.
If the function is successful it will return the IV value and the size of the IV value.
C_NVIDIA_EncryptGetIV uses the convention described in Section 5.2 in the PKCS #11 base documentation on producing output.
Usage considerations
| CK_RV C_NVIDIA_FinalizeChannel | ( | CK_NVIDIA_CHANNEL_HANDLE | hChannel | ) |
C_NVIDIA_FinalizeChannel closes a channel handle if it is not in use.
| [in] | hChannel | Usage considerations C_NVIDIA_FinalizeChannel can be called to close a channel when is not configured for use in any session. If it is in use, CKR_OPERATION_ACTIVE is returned. This only needs to be called once per handle, not once per C_NVIDIA_InitializeChannel call. |
| CK_RV C_NVIDIA_InitializeChannel | ( | CK_ULONG | ulChannelId, |
| CK_NVIDIA_CHANNEL_HANDLE_PTR | phChannel, | ||
| CK_NVIDIA_FLAGS_PTR | pFlags | ||
| ) |
C_NVIDIA_InitializeChannel opens a channel to a hardware engine.
| [in] | ulChannelId | Obtained from the device tree |
| [out] | phChannel | Handle to be used with C_NVIDIA_OpenSession |
| [out] | pFlags | Returns the flags that are associated with this channel, which could be none, or combinations of CKF_NVIDIA_ZERO_COPY and CKF_NVIDIA_GCM_DECRYPT_UNAVAILABLE |
This is the first part of an extension to the PKCS#11 standard that allows targetting different hardware engines. The handle can then be used with C_NVIDIA_OpenSession to create a session, or later with C_NVIDIA_FinalizeChannel to close it.
If the requested channel has already been opened, the same handle is returned.
Usage considerations
| CK_RV C_NVIDIA_OpenSession | ( | CK_SLOT_ID | slotID, |
| CK_FLAGS | flags, | ||
| CK_VOID_PTR | pApplication, | ||
| CK_NOTIFY | Notify, | ||
| CK_SESSION_HANDLE_PTR | phSession, | ||
| CK_NVIDIA_CHANNEL_ATTRIBUTE_PTR | pChannelSettings, | ||
| CK_ULONG | ulChannelSettingsCount, | ||
| CK_NVIDIA_FLAGS | additionalFlags | ||
| ) |
C_NVIDIA_OpenSession opens a PKCS#11 session that can be configured to use different channels.
| [in] | slotID | Same usage as C_OpenSession |
| [in] | flags | Same usage as C_OpenSession |
| [in] | pApplication | Same usage as C_OpenSession |
| [in] | Notify | Same usage as C_OpenSession |
| [in,out] | phSession | Same usage as C_OpenSession |
| [in] | pChannelSettings | Structure that contains mappings of operations to engines |
| [in] | ulChannelSettingsCount | Number of entries in pChannelSettings structure |
| [in] | additionalFlags | For future expansion, currently must be set to 0 |
Extends the functionality of the standard C_OpenSession API call to allow channels to be configured in that session. The pChannelSettings structure contains mappings of commands (e.g. CKF_ENCRYPT) to channel handles (as obtained from C_NVIDIA_InitializeChannel). This allows a session to call (e.g.) C_Encrypt and have that function target a different hardware engine queue (e.g. TZ-SE AES0).
Multiple commands can share a channel, provided that the hardware engine type is usable for all operations. Multiple mapping entries are possible, but commands must only be specified once.
Usage considerations
C_NVIDIA_SetKATParameters is used exclusively by the NVIDIA KAT utility
| [in] | flags | Usage considerations C_NVIDIA_SetKATParameters is not intended for end users. |