pkcs11.java

java 实现的签名方案

   * @return the decrypted data part and the data part's length
   *         (PKCS#11 param: CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions (pEncryptedPart <> null)
   * @postconditions
   */
  public byte[] C_DecryptUpdate(long hSession, byte[] pEncryptedPart) throws PKCS11Exception;


  /**
   * C_DecryptFinal finishes a multiple-part decryption
   * operation.
   * (Encryption and decryption)
   *
   * @param hSession the session's handle
   *         (PKCS#11 param: CK_SESSION_HANDLE hSession)
   * @return the last decrypted data part and the last data part's length
   *         (PKCS#11 param: CK_BYTE_PTR pLastPart,
   *                         CK_ULONG_PTR pulLastPartLen)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions
   * @postconditions (result <> null)
   */
  public byte[] C_DecryptFinal(long hSession) throws PKCS11Exception;



/* *****************************************************************************
 * Message digesting
 ******************************************************************************/

  /**
   * C_DigestInit initializes a message-digesting operation.
   * (Message digesting)
   *
   * @param hSession the session's handle
   *         (PKCS#11 param: CK_SESSION_HANDLE hSession)
   * @param pMechanism the digesting mechanism
   *         (PKCS#11 param: CK_MECHANISM_PTR pMechanism)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions
   * @postconditions
   */
  public void C_DigestInit(long hSession, CK_MECHANISM pMechanism) throws PKCS11Exception;


  /**
   * C_Digest digests data in a single part.
   * (Message digesting)
   *
   * @param hSession the session's handle
   *         (PKCS#11 param: CK_SESSION_HANDLE hSession)
   * @param data the data to get digested and the data's length
   *         (PKCS#11 param: CK_BYTE_PTR pData, CK_ULONG ulDataLen)
   * @return the message digest and the length of the message digest
   *         (PKCS#11 param: CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions (data <> null)
   * @postconditions (result <> null)
   */
  public byte[] C_Digest(long hSession, byte[] data) throws PKCS11Exception;


  /**
   * C_DigestUpdate continues a multiple-part message-digesting
   * operation.
   * (Message digesting)
   *
   * @param hSession the session's handle
   *         (PKCS#11 param: CK_SESSION_HANDLE hSession)
   * @param pPart the data to get digested and the data's length
   *         (PKCS#11 param: CK_BYTE_PTR pPart, CK_ULONG ulPartLen)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions (pPart <> null)
   * @postconditions
   */
  public void C_DigestUpdate(long hSession, byte[] pPart) throws PKCS11Exception;


  /**
   * C_DigestKey continues a multi-part message-digesting
   * operation, by digesting the value of a secret key as part of
   * the data already digested.
   * (Message digesting)
   *
   * @param hSession the session's handle
   *         (PKCS#11 param: CK_SESSION_HANDLE hSession)
   * @param hKey the handle of the secret key to be digested
   *         (PKCS#11 param: CK_OBJECT_HANDLE hKey)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions
   * @postconditions
   */
  public void C_DigestKey(long hSession, long hKey) throws PKCS11Exception;


  /**
   * C_DigestFinal finishes a multiple-part message-digesting
   * operation.
   * (Message digesting)
   *
   * @param hSession the session's handle
   *         (PKCS#11 param: CK_SESSION_HANDLE hSession)
   * @return the message digest and the length of the message digest
   *         (PKCS#11 param: CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions
   * @postconditions (result <> null)
   */
  public byte[] C_DigestFinal(long hSession) throws PKCS11Exception;



/* *****************************************************************************
 * Signing and MACing
 ******************************************************************************/

  /**
   * C_SignInit initializes a signature (private key encryption)
   * operation, where the signature is (will be) an appendix to
   * the data, and plaintext cannot be recovered from the
   * signature.
   * (Signing and MACing)
   *
   * @param hSession the session's handle
   *         (PKCS#11 param: CK_SESSION_HANDLE hSession)
   * @param pMechanism the signature mechanism
   *         (PKCS#11 param: CK_MECHANISM_PTR pMechanism)
   * @param hKey the handle of the signature key
   *         (PKCS#11 param: CK_OBJECT_HANDLE hKey)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions
   * @postconditions
   */
  public void C_SignInit(long hSession, CK_MECHANISM pMechanism, long hKey) throws PKCS11Exception;


  /**
   * C_Sign signs (encrypts with private key) data in a single
   * part, where the signature is (will be) an appendix to the
   * data, and plaintext cannot be recovered from the signature.
   * (Signing and MACing)
   *
   * @param hSession the session's handle
   *         (PKCS#11 param: CK_SESSION_HANDLE hSession)
   * @param pData the data to sign and the data's length
   *         (PKCS#11 param: CK_BYTE_PTR pData, CK_ULONG ulDataLen)
   * @return the signature and the signature's length
   *         (PKCS#11 param: CK_BYTE_PTR pSignature,
   *                         CK_ULONG_PTR pulSignatureLen)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions (pData <> null)
   * @postconditions (result <> null)
   */
  public byte[] C_Sign(long hSession, byte[] pData) throws PKCS11Exception;


  /**
   * C_SignUpdate continues a multiple-part signature operation,
   * where the signature is (will be) an appendix to the data,
   * and plaintext cannot be recovered from the signature.
   * (Signing and MACing)
   *
   * @param hSession the session's handle
   *         (PKCS#11 param: CK_SESSION_HANDLE hSession)
   * @param pPart the data part to sign and the data part's length
   *         (PKCS#11 param: CK_BYTE_PTR pPart, CK_ULONG ulPartLen)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions (pPart <> null)
   * @postconditions
   */
  public void C_SignUpdate(long hSession, byte[] pPart) throws PKCS11Exception;


  /**
   * C_SignFinal finishes a multiple-part signature operation,
   * returning the signature.
   * (Signing and MACing)
   *
   * @param hSession the session's handle
   *         (PKCS#11 param: CK_SESSION_HANDLE hSession)
   * @return the signature and the signature's length
   *         (PKCS#11 param: CK_BYTE_PTR pSignature,
   *                         CK_ULONG_PTR pulSignatureLen)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions
   * @postconditions (result <> null)
   */
  public byte[] C_SignFinal(long hSession) throws PKCS11Exception;


  /**
   * C_SignRecoverInit initializes a signature operation, where
   * the data can be recovered from the signature.
   * (Signing and MACing)
   *
   * @param hSession the session's handle
   *         (PKCS#11 param: CK_SESSION_HANDLE hSession)
   * @param pMechanism the signature mechanism
   *         (PKCS#11 param: CK_MECHANISM_PTR pMechanism)
   * @param hKey the handle of the signature key
   *         (PKCS#11 param: CK_OBJECT_HANDLE hKey)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions
   * @postconditions
   */
  public void C_SignRecoverInit(long hSession, CK_MECHANISM pMechanism, long hKey) throws PKCS11Exception;


  /**
   * C_SignRecover signs data in a single operation, where the
   * data can be recovered from the signature.
   * (Signing and MACing)
   *
   * @param hSession the session's handle
   *         (PKCS#11 param: CK_SESSION_HANDLE hSession)
   * @param pData the data to sign and the data's length
   *         (PKCS#11 param: CK_BYTE_PTR pData, CK_ULONG ulDataLen)
   * @return the signature and the signature's length
   *         (PKCS#11 param: CK_BYTE_PTR pSignature,
   *                         CK_ULONG_PTR pulSignatureLen)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions (pData <> null)
   * @postconditions (result <> null)
   */
  public byte[] C_SignRecover(long hSession, byte[] pData) throws PKCS11Exception;



/* *****************************************************************************
 * Verifying signatures and MACs
 ******************************************************************************/

  /**
   * C_VerifyInit initializes a verification operation, where the
   * signature is an appendix to the data, and plaintext cannot
   * cannot be recovered from the signature (e.g. DSA).
   * (Signing and MACing)
   *
   * @param hSession the session's handle
   *         (PKCS#11 param: CK_SESSION_HANDLE hSession)
   * @param pMechanism the verification mechanism
   *         (PKCS#11 param: CK_MECHANISM_PTR pMechanism)
   * @param hKey the handle of the verification key
   *         (PKCS#11 param: CK_OBJECT_HANDLE hKey)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions
   * @postconditions
   */
  public void C_VerifyInit(long hSession, CK_MECHANISM pMechanism, long hKey) throws PKCS11Exception;


  /**
   * C_Verify verifies a signature in a single-part operation,
   * where the signature is an appendix to the data, and plaintext
   * cannot be recovered from the signature.
   * (Signing and MACing)
   *
   * @param hSession the session's handle
   *         (PKCS#11 param: CK_SESSION_HANDLE hSession)
   * @param pData the signed data and the signed data's length
   *         (PKCS#11 param: CK_BYTE_PTR pData, CK_ULONG ulDataLen)
   * @param pSignature the signature to verify and the signature's length
   *         (PKCS#11 param: CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions (pData <> null) and (pSignature <> null)
   * @postconditions
   */
  public void C_Verify(long hSession, byte[] pData, byte[] pSignature) throws PKCS11Exception;


  /**
   * C_VerifyUpdate continues a multiple-part verification
   * operation, where the signature is an appendix to the data,
   * and plaintext cannot be recovered from the signature.
   * (Signing and MACing)
   *
   * @param hSession the session's handle
   *         (PKCS#11 param: CK_SESSION_HANDLE hSession)
   * @param pPart the signed data part and the signed data part's length
   *         (PKCS#11 param: CK_BYTE_PTR pPart, CK_ULONG ulPartLen)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions (pPart <> null)
   * @postconditions
   */
  public void C_VerifyUpdate(long hSession, byte[] pPart) throws PKCS11Exception;


  /**
   * C_VerifyFinal finishes a multiple-part verification
   * operation, checking the signature.
   * (Signing and MACing)
   *
   * @param hSession the session's handle
   *         (PKCS#11 param: CK_SESSION_HANDLE hSession)
   * @param pSignature the signature to verify and the signature's length
   *         (PKCS#11 param: CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions (pSignature <> null)
   * @postconditions
   */
  public void C_VerifyFinal(long hSession, byte[] pSignature) throws PKCS11Exception;


  /**
   * C_VerifyRecoverInit initializes a signature verification
   * operation, where the data is recovered from the signature.
   * (Signing and MACing)
   *
   * @param hSession the session's handle
   *         (PKCS#11 param: CK_SESSION_HANDLE hSession)
   * @param pMechanism the verification mechanism
   *         (PKCS#11 param: CK_MECHANISM_PTR pMechanism)
   * @param hKey the handle of the verification key
   *         (PKCS#11 param: CK_OBJECT_HANDLE hKey)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions
   * @postconditions
   */
  public void C_VerifyRecoverInit(long hSession, CK_MECHANISM pMechanism, long hKey) throws PKCS11Exception;


  /**
   * C_VerifyRecover verifies a signature in a single-part
   * operation, where the data is recovered from the signature.
   * (Signing and MACing)
   *
   * @param hSession the session's handle
   *         (PKCS#11 param: CK_SESSION_HANDLE hSession)
   * @param pSignature the signature to verify and the signature's length
   *         (PKCS#11 param: CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)