pkcs11.java

java 实现的签名方案

   * @return the recovered data and the recovered data's length
   *         (PKCS#11 param: CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions (pSignature <> null)
   * @postconditions (result <> null)
   */
  public byte[] C_VerifyRecover(long hSession, byte[] pSignature) throws PKCS11Exception;



/* *****************************************************************************
 * Dual-function cryptographic operations
 ******************************************************************************/

  /**
   * C_DigestEncryptUpdate continues a multiple-part digesting
   * and encryption operation.
   * (Dual-function cryptographic operations)
   *
   * @param hSession the session's handle
   *         (PKCS#11 param: CK_SESSION_HANDLE hSession)
   * @param pPart the data part to digest and to encrypt and the data's length
   *         (PKCS#11 param: CK_BYTE_PTR pPart, CK_ULONG ulPartLen)
   * @return the digested and encrypted data part and the data part's length
   *         (PKCS#11 param: CK_BYTE_PTR pEncryptedPart,
   *                         CK_ULONG_PTR pulEncryptedPartLen)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions (pPart <> null)
   * @postconditions
   */
  public byte[] C_DigestEncryptUpdate(long hSession, byte[] pPart) throws PKCS11Exception;


  /**
   * C_DecryptDigestUpdate continues a multiple-part decryption and
   * digesting operation.
   * (Dual-function cryptographic operations)
   *
   * @param hSession the session's handle
   *         (PKCS#11 param: CK_SESSION_HANDLE hSession)
   * @param pEncryptedPart the encrypted data part to decrypt and to digest
   *         and encrypted data part's length
   *         (PKCS#11 param: CK_BYTE_PTR pEncryptedPart,
   *                         CK_ULONG ulEncryptedPartLen)
   * @return the decrypted and digested data part and the data part's length
   *         (PKCS#11 param: CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions (pEncryptedPart <> null)
   * @postconditions
   */
  public byte[] C_DecryptDigestUpdate(long hSession, byte[] pEncryptedPart) throws PKCS11Exception;


  /**
   * C_SignEncryptUpdate continues a multiple-part signing and
   * encryption operation.
   * (Dual-function cryptographic operations)
   *
   * @param hSession the session's handle
   *         (PKCS#11 param: CK_SESSION_HANDLE hSession)
   * @param pPart the data part to sign and to encrypt and the data part's
   *         length
   *         (PKCS#11 param: CK_BYTE_PTR pPart, CK_ULONG ulPartLen)
   * @return the signed and encrypted data part and the data part's length
   *         (PKCS#11 param: CK_BYTE_PTR pEncryptedPart,
   *                         CK_ULONG_PTR pulEncryptedPartLen)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions (pPart <> null)
   * @postconditions
   */
  public byte[] C_SignEncryptUpdate(long hSession, byte[] pPart) throws PKCS11Exception;


  /**
   * C_DecryptVerifyUpdate continues a multiple-part decryption and
   * verify operation.
   * (Dual-function cryptographic operations)
   *
   * @param hSession the session's handle
   *         (PKCS#11 param: CK_SESSION_HANDLE hSession)
   * @param pEncryptedPart the encrypted data part to decrypt and to verify
   *         and the data part's length
   *         (PKCS#11 param: CK_BYTE_PTR pEncryptedPart,
   *                         CK_ULONG ulEncryptedPartLen)
   * @return the decrypted and verified data part and the data part's length
   *         (PKCS#11 param: CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions (pEncryptedPart <> null)
   * @postconditions
   */
  public byte[] C_DecryptVerifyUpdate(long hSession, byte[] pEncryptedPart) throws PKCS11Exception;



/* *****************************************************************************
 * Key management
 ******************************************************************************/

  /**
   * C_GenerateKey generates a secret key, creating a new key
   * object.
   * (Key management)
   *
   * @param hSession the session's handle
   *         (PKCS#11 param: CK_SESSION_HANDLE hSession)
   * @param pMechanism the key generation mechanism
   *         (PKCS#11 param: CK_MECHANISM_PTR pMechanism)
   * @param pTemplate the template for the new key and the number of
   *         attributes in the template
   *         (PKCS#11 param: CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)
   * @return the handle of the new key
   *         (PKCS#11 param: CK_OBJECT_HANDLE_PTR phKey)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions
   * @postconditions
   */
  public long C_GenerateKey(long hSession, CK_MECHANISM pMechanism, CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception;


  /**
   * C_GenerateKeyPair generates a public native-key/private-key pair,
   * creating new key objects.
   * (Key management)
   *
   * @param hSession the session's handle
   *         (PKCS#11 param: CK_SESSION_HANDLE hSession)
   * @param pMechanism the key generation mechanism
   *         (PKCS#11 param: CK_MECHANISM_PTR pMechanism)
   * @param pPublicKeyTemplate the template for the new public key and the
   *         number of attributes in the template
   *         (PKCS#11 param: CK_ATTRIBUTE_PTR pPublicKeyTemplate,
   *                         CK_ULONG ulPublicKeyAttributeCount)
   * @param pPrivateKeyTemplate the template for the new private key and the
   *         number of attributes in the template
   *         (PKCS#11 param: CK_ATTRIBUTE_PTR pPrivateKeyTemplate
   *                         CK_ULONG ulPrivateKeyAttributeCount)
   * @return a long array with exactly two elements and the public key handle
   *         as the first element and the private key handle as the second
   *         element
   *         (PKCS#11 param: CK_OBJECT_HANDLE_PTR phPublicKey,
   *                         CK_OBJECT_HANDLE_PTR phPrivateKey)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions (pMechanism <> null)
   * @postconditions (result <> null) and (result.length == 2)
   */
  public long[] C_GenerateKeyPair(long hSession,
                                   CK_MECHANISM pMechanism,
                                   CK_ATTRIBUTE[] pPublicKeyTemplate,
                                   CK_ATTRIBUTE[] pPrivateKeyTemplate) throws PKCS11Exception;



  /**
   * C_WrapKey wraps (i.e., encrypts) a key.
   * (Key management)
   *
   * @param hSession the session's handle
   *         (PKCS#11 param: CK_SESSION_HANDLE hSession)
   * @param pMechanism the wrapping mechanism
   *         (PKCS#11 param: CK_MECHANISM_PTR pMechanism)
   * @param hWrappingKey the handle of the wrapping key
   *         (PKCS#11 param: CK_OBJECT_HANDLE hWrappingKey)
   * @param hKey the handle of the key to be wrapped
   *         (PKCS#11 param: CK_OBJECT_HANDLE hKey)
   * @return the wrapped key and the length of the wrapped key
   *         (PKCS#11 param: CK_BYTE_PTR pWrappedKey,
   *                         CK_ULONG_PTR pulWrappedKeyLen)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions
   * @postconditions (result <> null)
   */
  public byte[] C_WrapKey(long hSession, CK_MECHANISM pMechanism, long hWrappingKey, long hKey) throws PKCS11Exception;


  /**
   * C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new
   * key object.
   * (Key management)
   *
   * @param hSession the session's handle
   *         (PKCS#11 param: CK_SESSION_HANDLE hSession)
   * @param pMechanism the unwrapping mechanism
   *         (PKCS#11 param: CK_MECHANISM_PTR pMechanism)
   * @param hUnwrappingKey the handle of the unwrapping key
   *         (PKCS#11 param: CK_OBJECT_HANDLE hUnwrappingKey)
   * @param pWrappedKey the wrapped key to unwrap and the wrapped key's length
   *         (PKCS#11 param: CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen)
   * @param pTemplate the template for the new key and the number of
   *         attributes in the template
   *         (PKCS#11 param: CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)
   * @return the handle of the unwrapped key
   *         (PKCS#11 param: CK_OBJECT_HANDLE_PTR phKey)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions (pWrappedKey <> null)
   * @postconditions
   */
  public long C_UnwrapKey(long hSession, CK_MECHANISM pMechanism,
                          long hUnwrappingKey, byte[] pWrappedKey,
                          CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception;


  /**
   * C_DeriveKey derives a key from a base key, creating a new key
   * object.
   * (Key management)
   *
   * @param hSession the session's handle
   *         (PKCS#11 param: CK_SESSION_HANDLE hSession)
   * @param pMechanism the key derivation mechanism
   *         (PKCS#11 param: CK_MECHANISM_PTR pMechanism)
   * @param hBaseKey the handle of the base key
   *         (PKCS#11 param: CK_OBJECT_HANDLE hBaseKey)
   * @param pTemplate the template for the new key and the number of
   *         attributes in the template
   *         (PKCS#11 param: CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)
   * @return the handle of the derived key
   *         (PKCS#11 param: CK_OBJECT_HANDLE_PTR phKey)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions
   * @postconditions
   */
  public long C_DeriveKey(long hSession, CK_MECHANISM pMechanism,
                          long hBaseKey, CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception;



/* *****************************************************************************
 * Random number generation
 ******************************************************************************/

  /**
   * C_SeedRandom mixes additional seed material into the token's
   * random number generator.
   * (Random number generation)
   *
   * @param hSession the session's handle
   *         (PKCS#11 param: CK_SESSION_HANDLE hSession)
   * @param pSeed the seed material and the seed material's length
   *         (PKCS#11 param: CK_BYTE_PTR pSeed, CK_ULONG ulSeedLen)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions (pSeed <> null)
   * @postconditions
   */
  public void C_SeedRandom(long hSession, byte[] pSeed) throws PKCS11Exception;


  /**
   * C_GenerateRandom generates random data.
   * (Random number generation)
   *
   * @param hSession the session's handle
   *         (PKCS#11 param: CK_SESSION_HANDLE hSession)
   * @param randomData receives the random data and the length of RandomData
   *         is the length of random data to be generated
   *         (PKCS#11 param: CK_BYTE_PTR pRandomData, CK_ULONG ulRandomLen)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions (randomData <> null)
   * @postconditions
   */
  public void C_GenerateRandom(long hSession, byte[] randomData) throws PKCS11Exception;



/* *****************************************************************************
 * Parallel function management
 ******************************************************************************/

  /**
   * C_GetFunctionStatus is a legacy function; it obtains an
   * updated status of a function running in parallel with an
   * application.
   * (Parallel function management)
   *
   * @param hSession the session's handle
   *         (PKCS#11 param: CK_SESSION_HANDLE hSession)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions
   * @postconditions
   */
  public void C_GetFunctionStatus(long hSession) throws PKCS11Exception;


  /**
   * C_CancelFunction is a legacy function; it cancels a function
   * running in parallel.
   * (Parallel function management)
   *
   * @param hSession the session's handle
   *         (PKCS#11 param: CK_SESSION_HANDLE hSession)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions
   * @postconditions
   */
  public void C_CancelFunction(long hSession) throws PKCS11Exception;



/* *****************************************************************************
 * Functions added in for Cryptoki Version 2.01 or later
 ******************************************************************************/

  /**
   * C_WaitForSlotEvent waits for a slot event (token insertion,
   * removal, etc.) to occur.
   * (General-purpose)
   *
   * @param flags blocking/nonblocking flag
   *         (PKCS#11 param: CK_FLAGS flags)
   * @param pReserved reserved. Should be null
   *         (PKCS#11 param: CK_VOID_PTR pReserved)
   * @return the slot ID where the event occured
   *         (PKCS#11 param: CK_SLOT_ID_PTR pSlot)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions (pRserved == null)
   * @postconditions
   */
  public long C_WaitForSlotEvent(long flags, Object pReserved) throws PKCS11Exception;

  /**
   * This method can be used to cleanup this object. Made public to enable
   * explicit cleanup, because garbage collection using System.gc() does not
   * always collect the free object immediately.
   *
   * @exception Throwable If finalization fails.
   * @preconditions
   * @postconditions
   */
  public void finalize() throws Throwable;

}