@transmission-dynamics/pkcs11js

// Type definitions for pkcs11js v1.1.2 // Project: https://github.com/Transmission-Dynamics/pkcs11js // Definitions by: Stepan Miroshin <https://github.com/microshine> /// <reference types="node" /> /** * A Node.js implementation of the PKCS#11 2.30 interface */ declare module "pkcs11js" { /** * PKCS#11 handle type */ type Handle = Buffer; /** * Structure that describes the version */ interface Version { /** * Major version number (the integer portion of the version) */ major: number; /** * minor version number (the hundredths portion of the version) */ minor: number; } /** * Provides general information about Cryptoki */ interface ModuleInfo { /** * Cryptoki interface version number, for compatibility with future revisions of this interface */ cryptokiVersion: Version; /** * ID of the Cryptoki library manufacturer. * Must be padded with the blank character (' '). */ manufacturerID: string; /** * Bit flags reserved for future versions. Must be zero for this version */ flags: number; /** * Character-string description of the library. * Must be padded with the blank character (' ') */ libraryDescription: string; /** * Cryptoki library version number */ libraryVersion: Version; } /** * Provides information about a slot */ interface SlotInfo { /** * Character-string description of the slot. * Must be padded with the blank character (' ') */ slotDescription: string; /** * ID of the slot manufacturer. * Must be padded with the blank character (' ') */ manufacturerID: string; /** * Bits flags that provide capabilities of the slot */ flags: number; /** * Version number of the slot's hardware */ hardwareVersion: Version; /** * Version number of the slot's firmware */ firmwareVersion: Version; } /** * Provides information about a token */ interface TokenInfo { /** * Application-defined label, assigned during token initialization. * Must be padded with the blank character (' ') */ label: string; /** * ID of the device manufacturer. * Must be padded with the blank character (' ') */ manufacturerID: string; /** * Model of the device. * Must be padded with the blank character (' ') */ model: string; /** * Character-string serial number of the device. * Must be padded with the blank character (' ') */ serialNumber: string; /** * Bit flags indicating capabilities and status of the device */ flags: number; /** * Maximum number of sessions that can be opened with the token at one time by a single application */ maxSessionCount: number; /** * Number of sessions that this application currently has open with the token */ sessionCount: number; /** * Maximum number of read/write sessions that can be opened with the token at one time by a single application */ maxRwSessionCount: number; /** * Number of read/write sessions that this application currently has open with the token */ rwSessionCount: number; /** * Maximum length in bytes of the PIN */ maxPinLen: number; /** * Minimum length in bytes of the PIN */ minPinLen: number; /** * version number of hardware */ hardwareVersion: Version; /** * Version number of firmware */ firmwareVersion: Version; /** * Current time as a character-string of length 16, represented in the format YYYYMMDDhhmmssxx * (4 characters for the year; 2 characters each for the month, the day, the hour, the minute, * and the second; and 2 additional reserved '0' characters). * The value of this field only makes sense for tokens equipped with a clock, * as indicated in the token information flags */ utcTime: string; /** * The total amount of memory on the token in bytes in which public objects may be stored */ totalPublicMemory: number; /** * The amount of free (unused) memory on the token in bytes for public objects */ freePublicMemory: number; /** * The total amount of memory on the token in bytes in which private objects may be stored */ totalPrivateMemory: number; /** * The amount of free (unused) memory on the token in bytes for private objects */ freePrivateMemory: number; } /** * Provides information about a particular mechanism */ interface MechanismInfo { /** * The minimum size of the key for the mechanism */ minKeySize: number; /** * The maximum size of the key for the mechanism */ maxKeySize: number; /** * Bit flags specifying mechanism capabilities */ flags: number; } /** * Provides information about a session */ interface SessionInfo { /** * ID of the slot that interfaces with the token */ slotID: Buffer; /** * The state of the session */ state: number; /** * Bit flags that define the type of session */ flags: number; /** * An error code defined by the cryptographic device */ deviceError: number; } type Template = Attribute[]; interface AttributeResult { type: number; value: Buffer; } type TemplateResult = AttributeResult[]; /** * A structure that includes the type and value of an attribute */ interface Attribute { /** * The attribute type */ type: number; /** * The value of the attribute */ value?: number | boolean | string | Buffer | Date; } /** * A structure that specifies a particular mechanism and any parameters it requires */ interface Mechanism { /** * The type of mechanism */ mechanism: number; /** * The parameter if required by the mechanism */ parameter?: Buffer | number | IParams; } //#region Crypto parameters /** * A base structure of a parameter */ interface IParams { /** * Type of crypto param. Uses constants CK_PARAMS_* */ type: number; } /** * A structure that provides the parameters for the {@link CKM_ECDH1_DERIVE} and {@link CKM_ECDH1_COFACTOR_DERIVE} * key derivation mechanisms, where each party contributes one key pair */ interface ECDH1 extends IParams { /** * Key derivation function used on the shared secret value */ kdf: number; /** * Some data shared between the two parties */ sharedData?: Buffer; /** * The other party's EC public key */ publicData: Buffer; } interface AesCBC extends IParams { iv: Buffer; data?: Buffer; } interface AesCCM extends IParams { dataLen: number; nonce?: Buffer; aad?: Buffer; macLen: number; } interface AesGCM extends IParams { iv?: Buffer; aad?: Buffer; ivBits: number; tagBits: number; } interface RsaOAEP extends IParams { hashAlg: number; mgf: number; source: number; sourceData?: Buffer; } interface RsaPSS extends IParams { hashAlg: number; mgf: number; saltLen: number; } interface Ecdh2Derive extends IParams { kdf: number; sharedData?: Buffer; publicData: Buffer; privateDataLen: number; privateData: Handle; publicData2?: Buffer; } interface EcmqvDerive extends IParams { kdf: number; sharedData?: Buffer; publicData: Buffer; privateDataLen: number; publicData2?: Buffer; privateData: Handle; } interface X942DH1Derive extends IParams { kdf: number; otherInfo?: Buffer; publicData: Buffer; privateData: Handle; } interface X942DH2Derive extends IParams { kdf: number; otherInfo?: Buffer; publicData: Buffer; privateData: Handle; privateDataLen: number; publicData2?: Buffer; } interface X942MQvDeriveParams { kdf: number; otherInfo?: Buffer; publicData: Buffer; privateData: Handle; publicData2?: Buffer; publicKey: Handle; } interface RC2CBCParams extends IParams { effectiveBits: number; iv: Buffer; } interface RC2MACGeneralParams extends IParams { effectiveBits: number; macLength: number; } interface RC5Params extends IParams { wordSize: number; rounds: number; } interface RC5CBCParams extends RC5Params { wordSize: number; rounds: number; iv: Buffer; } interface RC5MACGeneralParams extends RC5Params { wordSize: number; rounds: number; macLength: number; } interface DesCbcEncryptDataParams extends IParams { iv: Buffer; data?: Buffer; } interface SkipjackPrivateWrapParams extends IParams { password: Buffer; publicData: Buffer; primeP: Buffer; baseG: Buffer; subprimeQ: Buffer; randomA: Buffer; } interface SkipjackRelayXParams extends IParams { oldWrappedX: Buffer; oldPassword: Buffer; oldPublicData: Buffer; oldRandomA: Buffer; newPassword: Buffer; newPublicData: Buffer; newRandomA: Buffer; } interface PbeParams extends IParams { initVector: Buffer; password: Buffer; salt: Buffer; iteration: number; } interface KeyWrapSetOaepParams extends IParams { bc: number; x: Buffer; } interface GcmParams extends IParams { iv: Buffer; ivBits: number; aad?: Buffer; tagBits?: number; } interface CcmParams extends IParams { dataLen: number; nonce?: Buffer; aad?: Buffer; macLen?: number; } interface GostR3410DeriveParams extends IParams { kdf: number; publicData: Buffer; ukm?: Buffer; } interface GostR3410KeyWrapParams extends IParams { wrapOID: Buffer; ukm?: Buffer; key: Handle; } //#endregion interface KeyPair { privateKey: Handle; publicKey: Handle; } interface InitializationOptions { /** * NSS library parameters */ libraryParameters?: string; /** * bit flags specifying options for {@link PKCS11.C_Initialize} * - CKF_LIBRARY_CANT_CREATE_OS_THREADS. True if application threads which are executing calls to the library * may not use native operating system calls to spawn new threads; false if they may * - CKF_OS_LOCKING_OK. True if the library can use the native operation system threading model for locking; * false otherwise */ flags?: number; } /** * A Structure which contains a Cryptoki version and each function in the Cryptoki API */ export class PKCS11 { /** * Library path */ public libPath: string; /** * Creates an instance of PKCS11 * @param libPath The path to PKCS#11 library */ constructor(libPath?: string); /** * Loads dynamic library with PKCS#11 interface * @param path The path to PKCS#11 library * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public load(path: string): void; /** * Initializes the Cryptoki library * @param options Initialization options * Supports implementation of standard `CK_C_INITIALIZE_ARGS` and extended NSS format. * - if `options` is null or empty, it calls native `C_Initialize` with `NULL` * - if `options` doesn't have `libraryParameters`, it uses `CK_C_INITIALIZE_ARGS` structure * - if `options` has `libraryParameters`, it uses extended NSS structure * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_Initialize(options?: InitializationOptions): void; /** * Closes dynamic library * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public close(): void; /** * Indicates that an application is done with the Cryptoki library * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_Finalize(): void; /** * Returns general information about Cryptoki * @returns Information about Cryptoki * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_GetInfo(): ModuleInfo; //#region Slot and token management /** * Obtains a list of slots in the system * @param [tokenPresent] Only slots with tokens? * @returns Array of slot IDs * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_GetSlotList(tokenPresent?: boolean): Handle[]; /** * Obtains information about a particular slot in the system * @param slot The ID of the slot * @returns Information about a slot * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_GetSlotInfo(slot: Handle): SlotInfo; /** * Obtains information about a particular token in the system * @param slot ID of the token's slot * @returns Information about a token * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_GetTokenInfo(slot: Handle): TokenInfo; /** * Initializes a token * @param slot ID of the token's slot * @param [pin] The SO's initial PIN * @returns 32-byte token label (blank padded) * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_InitToken(slot: Handle, pin?: string, label?: string): string; /** * Initializes the normal user's PIN * @param session The session's handle * @param pin The normal user's PIN * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_InitPIN(session: Handle, pin?: string): void; /** * Modifies the PIN of the user who is logged in * @param session The session's handle * @param oldPin The old PIN * @param newPin The new PIN * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_SetPIN(session: Handle, oldPin: string, newPin: string): void; /** * Obtains a list of mechanism types supported by a token * @param slot ID of token's slot * @returns A list of mechanism types * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_GetMechanismList(slot: Handle): number[]; /** * Obtains information about a particular mechanism possibly supported by a token * @param slot ID of the token's slot * @param mech Type of mechanism * @returns Information about mechanism * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_GetMechanismInfo(slot: Handle, mech: number): MechanismInfo; //#endregion //#region Session management /** * Opens a session between an application and a token * @param slot The slot's ID * @param flags From CK_SESSION_INFO * @returns Session handle * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_OpenSession(slot: Handle, flags: number): Handle; /** * Closes a session between an application and a token * @param session The session's handle * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_CloseSession(session: Handle): void; /** * Closes all sessions with a token * @param slot The token's slot * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_CloseAllSessions(slot: Handle): void; /** * Obtains information about the session * @param session The session's handle * @returns Receives session info * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_GetSessionInfo(session: Handle): SessionInfo; /** * Logs a user into a token * @param session The session's handle * @param userType The user type * @param [pin] The user's PIN * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_Login(session: Handle, userType: number, pin?: string): void; /** * Logs a user out from a token * @param session The session's handle * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_Logout(session: Handle): void; //#endregion //#region Object management /** * Creates a new object * @param session The session's handle * @param template The object's template * @returns A new object's handle * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_CreateObject(session: Handle, template: Template): Handle; /** * Copies an object, creating a new object for the copy * @param session The session's handle * @param object The object's handle * @param template Template for new object * @returns A handle of copy * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_CopyObject( session: Handle, object: Handle, template: Template ): Handle; /** * Destroys an object * @param session The session's handle * @param object The object's handle * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_DestroyObject(session: Handle, object: Handle): void; /** * Gets the size of an object in bytes * @param session The session's handle * @param object The object's handle * @returns Size of an object in bytes * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_GetObjectSize(session: Handle, object: Handle): number; /** * Initializes a search for token and session objects that match a template * @param session The session's handle * @param template Attribute values to match * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_FindObjectsInit(session: Handle, template: Template): void; /** * Continues a search for token and session * objects that match a template, obtaining additional object * handles * @param session The session's handle * @param maxObjectCount The maximum number of object handles to be returned. Default value is 1. * @returns List of handles * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_FindObjects(session: Handle, maxObjectCount: number): Handle[]; /** * Continues a search for token and session * objects that match a template, obtaining additional object * handles * @param session The session's handle * @returns Object's handle. If object is not found * the result is null * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_FindObjects(session: Handle): Handle | null; /** * Finishes a search for token and session objects * @param session The session's handle * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_FindObjectsFinal(session: Handle): void; /** * Obtains the value of one or more object attributes * @param session The session's handle * @param object The object's handle * @param template Specifies attrs; gets values * @returns List of Attributes with values * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_GetAttributeValue( session: Handle, object: Handle, template: Template ): TemplateResult; /** * Modifies the value of one or more object attributes * @param session The session's handle * @param object The object's handle * @param template Specifies attrs and values * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_SetAttributeValue( session: Handle, object: Handle, template: Template ): void; //#endregion //#region Encryption and decryption /** * Initializes an encryption operation * @param session The session's handle * @param mechanism The encryption mechanism * @param key Handle of encryption key * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_EncryptInit( session: Handle, mechanism: Mechanism, key: Handle ): void; /** * Encrypts single-part data * @param session The session's handle * @param inData Incoming data * @param outData Output data * @returns Sliced output data with encrypted message * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_Encrypt(session: Handle, inData: Buffer, outData: Buffer): Buffer; /** * Encrypts single-part data * @param session The session's handle * @param inData Incoming data * @param outData Output data * @param cb Async callback with sliced output data * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_Encrypt( session: Handle, inData: Buffer, outData: Buffer, cb: (error: Error, data: Buffer) => void ): void; /** * Encrypts single-part data * @param session The session's handle * @param inData Incoming data * @param outData Output data * @returns Sliced output data with encrypted message * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_EncryptAsync( session: Handle, inData: Buffer, outData: Buffer ): Promise<Buffer>; /** * Continues a multiple-part encryption operation * @param session The session's handle * @param inData Incoming data * @param outData Output data * @returns Sliced output data * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_EncryptUpdate( session: Handle, inData: Buffer, outData: Buffer ): Buffer; /** * Finishes a multiple-part encryption operation * @param session The session's handle * @param outData Last output data * @returns Sliced output data * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_EncryptFinal(session: Handle, outData: Buffer): Buffer; /** * Finishes a multiple-part encryption operation * @param session The session's handle * @param outData Last output data * @param cb Async callback with sliced output data */ public C_EncryptFinal( session: Handle, outData: Buffer, cb: (error: Error, data: Buffer) => void ): void; /** * Finishes a multiple-part encryption operation * @param session The session's handle * @param outData Last output data * @returns Sliced output data */ public C_EncryptFinalAsync( session: Handle, outData: Buffer ): Promise<Buffer>; /** * Initializes a decryption operation * @param session The session's handle * @param mechanism The decryption mechanism * @param key Handle of decryption key * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_DecryptInit( session: Handle, mechanism: Mechanism, key: Handle ): void; /** * Decrypts encrypted data in a single part * @param session The session's handle * @param inData Incoming data * @param outData Output data * @returns Sliced output data with decrypted message * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_Decrypt(session: Handle, inData: Buffer, outData: Buffer): Buffer; /** * Decrypts encrypted data in a single part * @param session The session's handle * @param inData Incoming data * @param outData Output data * @param cb Async callback with sliced output data * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_Decrypt( session: Handle, inData: Buffer, outData: Buffer, cb: (error: Error, data: Buffer) => void ): void; /** * Decrypts encrypted data in a single part * @param session The session's handle * @param inData Incoming data * @param outData Output data * @returns Sliced output data with decrypted message * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_DecryptAsync( session: Handle, inData: Buffer, outData: Buffer ): Promise<Buffer>; /** * continues a multiple-part decryption operation * @param session The session's handle * @param inData Incoming data * @param outData Output data * @returns Sliced output data with decrypted block * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_DecryptUpdate( session: Handle, inData: Buffer, outData: Buffer ): Buffer; /** * Finishes a multiple-part decryption operation * @param session The session's handle * @param outData Last part of output data * @returns Sliced output data with decrypted final block * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_DecryptFinal(session: Handle, outData: Buffer): Buffer; /** * Finishes a multiple-part decryption operation * @param session The session's handle * @param outData Last part of output data * @param cb Async callback with sliced output data with decrypted final block */ public C_DecryptFinal( session: Handle, outData: Buffer, cb: (error: Error, data: Buffer) => void ): void; /** * Finishes a multiple-part decryption operation * @param session The session's handle * @param outData Last part of output data * @returns Sliced output data with decrypted final block */ public C_DecryptFinalAsync( session: Handle, outData: Buffer ): Promise<Buffer>; /* Message digesting */ /** * Initializes a message-digesting operation * @param session The session's handle * @param mechanism Digesting mechanism * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_DigestInit(session: Handle, mechanism: Mechanism): void; /** * Digests data in a single part * @param session The session's handle * @param inData Incoming data * @param outData Output data * @returns Sliced output data * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_Digest(session: Handle, inData: Buffer, outData: Buffer): Buffer; /** * Digests data in a single part * @param session The session's handle * @param inData Incoming data * @param outData Output data * @param cb Async callback with sliced output data * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_Digest( session: Handle, inData: Buffer, outData: Buffer, cb: (error: Error, data: Buffer) => void ): void; /** * Digests data in a single part * @param session The session's handle * @param inData Incoming data * @param outData Output data * @returns Sliced output data * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_DigestAsync( session: Handle, inData: Buffer, outData: Buffer ): Promise<Buffer>; /** * continues a multiple-part message-digesting operation * operation, by digesting the value of a secret key as part of * the data already digested * @param session The session's handle * @param inData Incoming data * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_DigestUpdate(session: Handle, inData: Buffer): void; /** * Finishes a multiple-part message-digesting operation * @param session The session's handle * @param outData Output data * @returns Sliced output data * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_DigestFinal(session: Handle, outData: Buffer): Buffer; /** * Finishes a multiple-part message-digesting operation * @param session The session's handle * @param outData Output data * @param cb Async callback with sliced output data */ public C_DigestFinal( session: Handle, outData: Buffer, cb: (error: Error, data: Buffer) => void ): void; /** * Finishes a multiple-part message-digesting operation * @param session The session's handle * @param outData Output data * @returns Sliced output data */ public C_DigestFinalAsync( session: Handle, outData: Buffer ): Promise<Buffer>; /** * Continues a multiple-part message-digesting operation by digesting the value of a secret key * @param session The session's handle * @param key The handle of the secret key to be digested * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_DigestKey(session: Handle, key: Handle): void; //#endregion //#region Signing and MACing /** * initializes a signature (private key encryption) * operation, where the signature is (will be) an appendix to * the data, and plaintext cannot be recovered from the * signature * @param session The session's handle * @param mechanism Signature mechanism * @param key Handle of signature key * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_SignInit(session: Handle, mechanism: Mechanism, key: Handle): void; /** * Signs (encrypts with private key) data in a single * part, where the signature is (will be) an appendix to the * data, and plaintext cannot be recovered from the signature * @param session The session's handle * @param inData Incoming data * @param outData Output data * @returns Sliced output data * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_Sign(session: Handle, inData: Buffer, outData: Buffer): Buffer; /** * Signs (encrypts with private key) data in a single * part, where the signature is (will be) an appendix to the * data, and plaintext cannot be recovered from the signature * @param session The session's handle * @param inData Incoming data * @param outData Output data * @param cb Async callback with sliced output data * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_Sign( session: Handle, inData: Buffer, outData: Buffer, cb: (error: Error, data: Buffer) => void ): void; /** * Signs (encrypts with private key) data in a single * part, where the signature is (will be) an appendix to the * data, and plaintext cannot be recovered from the signature * @param session The session's handle * @param inData Incoming data * @param outData Output data * @returns Sliced output data * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_SignAsync( session: Handle, inData: Buffer, outData: Buffer ): Promise<Buffer>; /** * Continues a multiple-part signature operation, * where the signature is (will be) an appendix to the data, * and plaintext cannot be recovered from the signature * @param session The session's handle * @param inData Incoming data * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_SignUpdate(session: Handle, inData: Buffer): void; /** * Finishes a multiple-part signature operation, * returning the signature * @param session The session's handle * @param outData Output data * @returns Sliced output data * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_SignFinal(session: Handle, outData: Buffer): Buffer; /** * Finishes a multiple-part signature operation, * returning the signature * @param session The session's handle * @param outData Output data * @param cb Async callback with sliced output data */ public C_SignFinal( session: Handle, outData: Buffer, cb: (error: Error, data: Buffer) => void ): void; /** * Finishes a multiple-part signature operation, * returning the signature * @param session The session's handle * @param outData Output data * @returns Sliced output data */ public C_SignFinalAsync(session: Handle, outData: Buffer): Promise<Buffer>; /** * Initializes a signature operation, where the data can be recovered from the signature * @param session The session's handle * @param mechanism The structure that specifies the signature mechanism * @param key The handle of the signature key * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_SignRecoverInit( session: Handle, mechanism: Mechanism, key: Handle ): void; /** * Signs data in a single operation, where the data can be recovered from the signature * @param session * @param inData Incoming data * @param outData Output data * @returns Sliced output data * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_SignRecover( session: Handle, inData: Buffer, outData: Buffer ): Buffer; //#endregion //#region Verifying signatures and MACs /** * initializes a verification operation, where the * signature is an appendix to the data, and plaintext cannot * cannot be recovered from the signature (e.g. DSA) * @param session The session's handle * @param mechanism Verification mechanism * @param key Verification key * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_VerifyInit( session: Handle, mechanism: Mechanism, key: Handle ): void; /** * Verifies a signature in a single-part operation, * where the signature is an appendix to the data, and plaintext * cannot be recovered from the signature * @param session The session's handle * @param inData Incoming data * @param signature Signature to verify * @returns Verification result * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_Verify( session: Handle, inData: Buffer, signature: Buffer ): boolean; /** * Verifies a signature in a single-part operation, * where the signature is an appendix to the data, and plaintext * cannot be recovered from the signature * @param session The session's handle * @param inData Incoming data * @param signature Signature to verify * @param cb Async callback with verification result * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_Verify( session: Handle, inData: Buffer, signature: Buffer, cb: (error: Error, verify: boolean) => void ): void; /** * Verifies a signature in a single-part operation, * where the signature is an appendix to the data, and plaintext * cannot be recovered from the signature * @param session The session's handle * @param inData Incoming data * @param signature Signature to verify * @returns Verification result * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_VerifyAsync( session: Handle, inData: Buffer, signature: Buffer ): Promise<boolean>; /** * Continues a multiple-part verification * operation, where the signature is an appendix to the data, * and plaintext cannot be recovered from the signature * @param session The session's handle * @param inData Incoming data * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_VerifyUpdate(session: Handle, inData: Buffer): void; /** * Finishes a multiple-part verification * operation, checking the signature * @param session The session's handle * @param signature Signature to verify * @returns * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_VerifyFinal(session: Handle, signature: Buffer): boolean; /** * Finishes a multiple-part verification * operation, checking the signature * @param session The session's handle * @param signature Signature to verify * @param cb Async callback with verification result */ public C_VerifyFinal( session: Handle, signature: Buffer, cb: (error: Error, verify: boolean) => void ): void; /** * Finishes a multiple-part verification * operation, checking the signature * @param session The session's handle * @param signature Signature to verify * @returns Verification result */ public C_VerifyFinalAsync( session: Handle, signature: Buffer ): Promise<boolean>; /** * Initializes a signature verification operation, where the data is recovered from the signature * @param session The session's handle * @param mechanism The structure that specifies the verification mechanism * @param key The handle of the verification key * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ C_VerifyRecoverInit( session: Handle, mechanism: Mechanism, key: Handle ): void; /** * Verifies a signature in a single-part operation, where the data is recovered from the signature * @param session The session's handle * @param signature The signature to verify * @param outData The allocated buffer for recovered data * @return The sliced output data with recovered data * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ C_VerifyRecover( session: Handle, signature: Buffer, outData: Buffer ): Buffer; //#endregion //#region Key management /** * Generates a secret key, creating a new key object * @param session The session's handle * @param mechanism Key generation mechanism * @param template Template for new key * @returns The handle of the new key * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_GenerateKey( session: Handle, mechanism: Mechanism, template: Template ): Handle; /** * Generates a secret key, creating a new key object * @param session The session's handle * @param mechanism Key generation mechanism * @param template Template for new key * @param cb Async callback with handle of new key * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_GenerateKey( session: Handle, mechanism: Mechanism, template: Template, cb: (error: Error, key: Handle) => void ): void; /** * Generates a secret key, creating a new key object * @param session The session's handle * @param mechanism The key generation mechanism * @param template The template for the new key * @returns The handle of the new key * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_GenerateKeyAsync( session: Handle, mechanism: Mechanism, template: Template ): Promise<Handle>; /** * Generates a public-key/private-key pair, * creating new key objects * @param session The session's handle * @param mechanism Key generation mechanism * @param publicTmpl Template for public key * @param privateTmpl Template for private key * @returns The pair of handles for private and public keys * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_GenerateKeyPair( session: Handle, mechanism: Mechanism, publicTmpl: Template, privateTmpl: Template ): KeyPair; /** * Generates a public-key/private-key pair, * creating new key objects * @param session The session's handle * @param mechanism Key generation mechanism * @param publicTmpl Template for public key * @param privateTmpl Template for private key * @param cb Async callback with handles for private and public keys * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_GenerateKeyPair( session: Handle, mechanism: Mechanism, publicTmpl: Template, privateTmpl: Template, cb: (error: Error, keys: KeyPair) => void ): void; /** * Generates a public-key/private-key pair, * creating new key objects * @param session The session's handle * @param mechanism Key generation mechanism * @param publicTmpl Template for public key * @param privateTmpl Template for private key * @returns Handles for private and public keys * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_GenerateKeyPairAsync( session: Handle, mechanism: Mechanism, publicTmpl: Template, privateTmpl: Template ): Promise<KeyPair>; /** * Wraps (i.e., encrypts) a key * @param session The session's handle * @param mechanism Wrapping mechanism * @param wrappingKey Wrapping key * @param key Key to be wrapped * @param wrappedKey Init buffer for wrapped key * @returns Sliced wrapped key * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_WrapKey( session: Handle, mechanism: Mechanism, wrappingKey: Handle, key: Handle, wrappedKey: Buffer ): Buffer; /** * Wraps (i.e., encrypts) a key * @param session The session's handle * @param mechanism Wrapping mechanism * @param wrappingKey Wrapping key * @param key Key to be wrapped * @param wrappedKey Init buffer for wrapped key * @param cb Async callback with sliced wrapped key * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_WrapKey( session: Handle, mechanism: Mechanism, wrappingKey: Handle, key: Handle, wrappedKey: Buffer, cb: (error: Error, wrappedKey: Buffer) => void ): void; /** * Wraps (i.e., encrypts) a key * @param session The session's handle * @param mechanism Wrapping mechanism * @param wrappingKey Wrapping key * @param key Key to be wrapped * @param wrappedKey Init buffer for wrapped key * @returns Sliced wrapped key * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_WrapKeyAsync( session: Handle, mechanism: Mechanism, wrappingKey: Handle, key: Handle, wrappedKey: Buffer ): Promise<Buffer>; /** * Unwraps (decrypts) a wrapped key, creating a new key object * @param session The session's handle * @param mechanism Unwrapping mechanism * @param unwrappingKey Unwrapping key * @param wrappedKey Wrapped key * @param template New key template * @returns The unwrapped key handle * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_UnwrapKey( session: Handle, mechanism: Mechanism, unwrappingKey: Handle, wrappedKey: Buffer, template: Template ): Handle; /** * Unwraps (decrypts) a wrapped key, creating a new key object * @param session The session's handle * @param mechanism Unwrapping mechanism * @param unwrappingKey Unwrapping key * @param wrappedKey Wrapped key * @param template New key template * @param cb Async callback with new key handle * @throws {@link NativeError} if native error occurs * @throws {@link Pkcs11Error} if Cryptoki error occurs */ public C_UnwrapKey( session: Handle, mechanism: Mechanism, unwrappingKey: Handle, wrappedKey: Buffer, template: Template, cb: (error: Error, key: Handle) => void ): void; /** * Unwraps (decrypts) a wrapped key, creating a new key object * @param session The session's handle * @param mechanism Unwrapping mechanism * @param unwrappingKey Unwrapping key * @param wrappedKey Wrapped key * @param template New key template * @returns The unwrapped key handle *