The CCRY macro covers the following functions
encrypting a data package
continuing a multiple-part encryption operation
decrypting encrypted data in a single part
continuing a multiple-part decryption operation
digesting data in a single part
continuing a multiple-part message-digesting operation
signing data in a single part where the signature is an appendix of the data
continuing a multiple-part signature operation where the signature is an appendix of the data
signing data in a single operation where the data can be recovered from the signature
verifying a signature in a single-part operation where the signature is an appendix of the data
continuing a verification operation where the signature is an appendix of the data
verifying a signature in a single-part operation where the data can be recovered from the signature
continuing a multiple-part digesting and encryption operation
continuing a multiple-part decryption and digesting operation
continuing a multiple-part signature and encryption operation
continuing a multiple-part decryption and verification operation
All functions are always performed asynchronously if asynchronous function execution was specified for the task with C_Initialize.
A detailed description of the functions of the CCRY macro can be found in PKCS#11 V2.20: Cryptographic Token Interface Standard in the sections 11.8 through 11.13 under “C_Encrypt”, “C_EncryptUpdate”, “C_Decrypt”, “C_DecryptUpdate”, “C_Digest”, “C_DigestUpdate”, “C_DigestKey”, “C_Sign”, “C_SignUpdate”, “C_SignRecover”, “C_Verify”, “C_VerifyUpdate”, “C_VerifyRecover”, “C_DigestEncryptUpdate”, “C_DecryptDigestUpdate”, “C_SignEncryptUpdate” and “C_DecryptVerifyUpdate”.
Macro | Operands |
CCRY | MF=C / D / L / M / E ,VERSION=001 / 002 ,ACTION=ENCRYPT / *ENCRYPTUPDATE / *DECRYPT / *DECRYPTUPDATE / *DIGEST / *DIGESTUPDATE / *SIGN / *SIGNUPDATE / *SIGNRECOVER / *VERIFY / *VERIFYUPDATE / *VERIFYRECOVER / *DIGESTENCRYPTUPDATE / *DECRYPTDIGESTUPDATE / *SIGNENCRYPTUPDATE / *DECRYPTVERIFYUPDATE / <var: enum-of _action_set: 1> / default: _action_set.undefined ,SESSION=<var: int:4> / <integer 0 .. 2147483647> / 0 ,DATAIN=<var: pointer> / NULL ,INLEN=<var: int:4> / <integer 0 .. 2147483647> / 0 ,DATAOUT=<var: pointer> / NULL ,OUTLEN=<var: int:4> / <integer 0 .. 2147483647> / 0 ,BOID=<var: int:4> / 0 ,RPOSTAD=<var: pointer> / NULL ,RPOSTL=<integer 1..2> / <var: int:4> / 0 |
VERSION
specifies which version of the parameter area is to be generated. It is always advisable to use the latest version.
=001
This generates the format that was supported by CRYPT V1.0. This format only supports the parameters already known in CRYPT V1.0.
VERSION=001 is the default.
=002
This generates the format that is supported as of CRYPT V1.1.
ACTION
Type of action.
The corresponding PKCS#11 function is specified for each action code.
=*ENCRYPT
corresponds to the PKCS#11 function C_Encrypt;
encrypts a data package.
=*ENCRYPTUPDATE
corresponds to the PKCS#11 function C_EncryptUpdate;
continues a multiple-part encryption operation.
=*DECRYPT
corresponds to the PKCS#11 function C_Decrypt;
decrypts encrypted data in a single part.
=*DECRYPTUPDATE
corresponds to the PKCS#11 function C_DecryptUpdate;
continues a multiple-part decryption operation.
=*DIGEST
corresponds to the PKCS#11 function C_Digest;
digests data in a single part.
=*DIGESTUPDATE
corresponds to the PKCS#11 function C_DigestUpdate;
continues a multiple-part message-digesting operation.
=*SIGN
corresponds to the PKCS#11 function C_Sign;
signs data in a single part where the signature is an appendix of the data.
=*SIGNUPDATE
corresponds to the PKCS#11 function C_SignUpdate;
continues a multiple-part signature operation where the signature is an appendix of the data.
=*SIGNRECOVER
corresponds to the PKCS#11 function C_SignRecover;
signs data in a single operation where the data can be recovered from the signature.
This function is not supported.
=*VERIFY
corresponds to the PKCS#11 function C_Verify;
checks a signature in a single-part operation where the signature is an appendix of the data.
=*VERIFYUPDATE
corresponds to the PKCS#11 function C_VerifyUpdate;
continues a multiple-part verification operation where the signature is an appendix of the data.
=*VERIFYRECOVER
corresponds to the PKCS#11 function C_VerifyRecover;
checks a signature verification operation where the data can be recovered from the signature.
=*DIGESTENCRYPTUPDATE
corresponds to the PKCS#11 function C_DigestEncryptUpdate;
continues a multiple-part digesting and encryption operation.
This function is not supported.
=*DECRYPTDIGESTUPDATE
corresponds to the PKCS#11 function C_DecryptDigestUpdate;
continues a multiple-part decryption and digesting operation.
This function is not supported.
=*SIGNENCRYPTUPDATE
corresponds to the PKCS#11 function C_SignEncryptUpdate;
continues a multiple-part signature and encryption operation.
This function is not supported.
=*DECRYPTVERIFYUPDATE
corresponds to the PKCS#11 function C_DecryptVerifyUpdate;
continues a multiple-part decryption and verification operation.
This function is not supported.
SESSION
Session identifier
DATAIN
points to the input data
INLEN
Length of the input data in bytes
DATAOUT
points to the output data
*VERIFY: Pointer to signature
*DIGESTUPDATE, *SIGNUPDATE, *VERIFYUPDATE: are not used.
OUTLEN
Length of the output data in bytes
*VERIFY: Length of the signature
*DIGESTUPDATE, *SIGNUPDATE, *VERIFYUPDATE: are not used.
BOID
Event identification
in the case of synchronous execution: BOID is not used.
in the case of asynchronous execution: Event identification to which the end of function processing is signalled.
RPOSTAD
Postcode address
in the case of synchronous execution: RPOSTAD is not used.
in the case of asynchronous execution: specifies a field containing postcode information which is to be transferred to the corresponding program that issues the SOLSIG call (see also “Executive Macros” user guide [3]).
Length of postcode: 4 or 8 bytes
RPOSTL
Length of postcode
in the case of synchronous execution: RPOSTL is not used.
in the case of asynchronous execution: specifies the length of the postcode information in words (1 or 2).