From 08d3d667b92d401d8fd9cb8b79d4da92cb6c4147 Mon Sep 17 00:00:00 2001
From: Marcus Heese <marcus.heese@gmail.com>
Date: Sun, 19 Apr 2020 21:58:27 -0700
Subject: [PATCH 1/4] minor changes to Cargo.toml to improve experience on
 crates.io

---
 Cargo.toml | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/Cargo.toml b/Cargo.toml
index 3e65b1f..28909a3 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -19,14 +19,21 @@ description = "Rust PKCS#11 Library"
 #documentation = "https://github.com/mheese/rust-pkcs11"
 homepage = "https://github.com/mheese/rust-pkcs11"
 repository = "https://github.com/mheese/rust-pkcs11"
-#readme = "..."
+readme = "README.md"
 keywords = ["pkcs11", "cryptoki"]
 categories = ["external-ffi-bindings", "cryptography", "hardware-support"]
 license = "Apache-2.0"
+license-file = "LICENSE"
 exclude = [
     "pkcs11-docs/**",
 ]
 
+[badges]
+maintenance = { status = "actively-developed" }
+codecov = { repository = "mheese/rust-pkcs11", branch = "master", service = "github" }
+is-it-maintained-issue-resolution = { repository = "mheese/rust-pkcs11" }
+is-it-maintained-open-issues = { repository = "mheese/rust-pkcs11" }
+
 [dependencies]
 libloading = "^0.5"
 num-bigint = "^0.2"

From ff26e3d8b16386a94a6a251b3825323591b5fda7 Mon Sep 17 00:00:00 2001
From: Marcus Heese <marcus.heese@gmail.com>
Date: Sun, 19 Apr 2020 21:59:52 -0700
Subject: [PATCH 2/4] updating README

---
 README.md | 47 +++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 45 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index c07055a..61d71ea 100644
--- a/README.md
+++ b/README.md
@@ -16,18 +16,60 @@ limitations under the License.
 
 # Rust PKCS#11 Library
 
+[![Latest version](https://img.shields.io/crates/v/pkcs11.svg)](https://crates.io/crates/pkcs11)
+[![Documentation](https://docs.rs/pkcs11/badge.svg)](https://docs.rs/pkcs11)
 ![Build status](https://github.com/mheese/rust-pkcs11/workflows/Linux/badge.svg)
 ![Build status](https://github.com/mheese/rust-pkcs11/workflows/macOS/badge.svg)
 ![Build status](https://github.com/mheese/rust-pkcs11/workflows/Windows/badge.svg)
+![Build status](https://github.com/mheese/rust-pkcs11/workflows/Audit/badge.svg)
 [![codecov](https://codecov.io/gh/mheese/rust-pkcs11/branch/master/graph/badge.svg)](https://codecov.io/gh/mheese/rust-pkcs11)
+![License](https://img.shields.io/crates/l/pkcs11.svg)
 
 This is a library which brings support for PKCS#11 to Rust. It is aiming at having both a very low-level API to map the PKCS#11 functionality to Rust as well as having a higher-level API for more easy usage as well as bringing more safety for programming against PKCS#11.
 
+## Status
+
+The library has full support for all functions in PKCS#11 v2.40.
+It should technically work with any Cryptoki version from v2.00.
+For example there is special handling for `C_WaitForSlotEvent` which has been added only in v2.01.
+You can successfully implement and reach all low-level Cryptoki semantics and structures.
+All of them are integration tested using SoftHSM.
+For better interoperability the low-level API is using nearly the same function/method calls and data structures as defined in the official standard.
+That means that using the low-level API should be very easy for people who are familiar with PKCS#11 as the naming and variables/constants/defines are the same.
+
+A high-level more Rust-friendly API is in the design process.
+Its goal is to hide most of the low-level PKCS#11 semantics that one does not need to be aware of as they can be very verbose.
+Furthermore using Rust datastructures it is possible to come up with a more type-safe library at compile time to help users to use PKCS#11 more successfully and to make it more robust.
+It will also provide easier primitives for multi-part encrypting/decrypting/signing/etc.
+Ideally by providing a streaming API.
+Last but not least it will provide session management and lock/unlock free sessions as they are available from the context.
+Especially on tokens that provide parallel processing this can be a very tedious and error-prone process.
+
+## Compatiblity Matrix
+
+**TODO:** This is still in the making, and most likely very incomplete.
+
+As PKCS#11 implementations are not always sticking to the standard, your token might still have problems, unfortunately.
+These are known tokens as reported by users that definitely work together with this library.
+
+- [SoftHSM version 2](https://github.com/opendnssec/SoftHSMv2) (duh, who would have thought)
+- [Nitrokey HSM 2](https://www.nitrokey.com)
+- [CardConnect SmartCard-HSM](https://www.smartcard-hsm.com/)
+- Safenet iKey 2032
+- and probably a lot more...
+
+If you use this library with an HSM that is not listed here, please open an issue (or even better a PR) so that I can update this matrix.
+If your token does not work, please also open an issue, of course, so that we can investigate.
+
 ## Testing
 
-Testing is currently done with [SoftHSM2](https://github.com/opendnssec/SoftHSMv2 "SoftHSM2 Repo"). A trillion thanks to the people at OpenDNSSEC for writing SoftHSM. This makes it possible to develop applications that need to support PKCS#11. I would have no idea what to do without it. (Suggestions are always welcome.)
+Testing is currently done with [SoftHSM2](https://github.com/opendnssec/SoftHSMv2 "SoftHSM2 Repo").
+A trillion thanks to the people at OpenDNSSEC for writing SoftHSM.
+This makes it possible to develop applications that need to support PKCS#11.
+I would have no idea what to do without it.
+(Suggestions are always welcome.)
 
-### Status
+## TODO
 
 Here is a list of the implementation status and plans on what to do next:
 
@@ -52,3 +94,4 @@ Here is a list of the implementation status and plans on what to do next:
 - [ ] Write and Generate Documentation for Rust docs
 - [ ] Better Testing (lots of repetitive code + we need a testing framework and different SoftHSM versions for different platforms)
 - [ ] Suppport for PKCS#11 v3.00
+- [ ] make packed struct and CK_ULONG / CK_LONG feature flags with platform defaults when it becomes possible - currently the default when the target is Windows as PKCS#11 explicitly demands packed structs on Windows and `unsigned long` and `long` are both only 32bit on Microsoft compilers by default. However, on any other unix platform the defaults are not really defined and one might need to opt in for one or the other.

From 398212a07b511441c214271b38949f62b3423a1c Mon Sep 17 00:00:00 2001
From: Marcus Heese <marcus.heese@gmail.com>
Date: Sun, 19 Apr 2020 22:07:17 -0700
Subject: [PATCH 3/4] changing docs README

---
 pkcs11-docs/README.md | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/pkcs11-docs/README.md b/pkcs11-docs/README.md
index 08d10e5..c2cf1c2 100644
--- a/pkcs11-docs/README.md
+++ b/pkcs11-docs/README.md
@@ -18,6 +18,13 @@ limitations under the License.
 
 The purpose of this section is to provide all possible available documentation that makes programming against PKCS#11 easier.
 
+## Collection of all PKCS#11 standards
+
+I ran across this only recently (April 2020).
+It is an invaluable collection of all PKCS#11 standards including all their C header files: <https://github.com/mheese/PKCS11-SPECS>
+
+Special thanks to the guys from [Pkcs11Interop](https://pkcs11interop.net/) to provide this collection.
+
 ## Reference Documentation
 
 When one first starts to explore the PKCS#11 world, there will be obstacles. The biggest one is to know and discover what documentation to read so that one can get familiar with the standard. It is best to read up on it in the following order:
@@ -26,17 +33,9 @@ When one first starts to explore the PKCS#11 world, there will be obstacles. The
 2. [Base Specification](http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html "PKCS#11 v2.40 Base Specification") - This is the most important document for implementation of this library - in particular for the low-level API. It explains in detail how the C interface is structured and how to interact with it. Following this will provide all the details on how to write the FFI wrapper.
 3. [Current Mechanisms](http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/pkcs11-curr-v2.40.html "PKCS#11 v2.40 Current Mechanisms") - This document is in particular important for our higher-leval API. It explains in detail on how to interface in detail with all the cryptographic algorithms. E.g. go here if you need help on how to generate and use an RSA key or how to use the token for digital signatures.
 
-Here are the links to the documents that are also saved for reference in this repository (in case they become unavailable at some time):
-
-- <http://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/pkcs11-ug-v2.40.html>
-- <http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html>
-- <http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/pkcs11-curr-v2.40.html>
-
 ## C Header Files
 
-The C header files in this folder have been downloaded from the following links below.
-
-Normative computer language definition files for PKCS #11 v2.40:
+The C header files for PKCS #11 v2.40 can be found at this location:
 
 - <http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/errata01/os/include/pkcs11-v2.40/pkcs11.h>
 - <http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/errata01/os/include/pkcs11-v2.40/pkcs11t.h>

From 613aab6164103ff00211f5fb67f78c4063a39ee5 Mon Sep 17 00:00:00 2001
From: Marcus Heese <marcus.heese@gmail.com>
Date: Sun, 19 Apr 2020 22:08:11 -0700
Subject: [PATCH 4/4] removing PKCS11 html docs and header files as they are
 now part of the forked repository which include all these things anyway, but
 for all versions of the standard

---
 pkcs11-docs/pkcs11-v240-base-specs.html  | 20373 ----------
 pkcs11-docs/pkcs11-v240-curr-mechs.html  | 42903 ---------------------
 pkcs11-docs/pkcs11-v240-usage-guide.html |  4755 ---
 pkcs11-docs/pkcs11.h                     |   265 -
 pkcs11-docs/pkcs11f.h                    |   939 -
 pkcs11-docs/pkcs11t.h                    |  2003 -
 6 files changed, 71238 deletions(-)
 delete mode 100644 pkcs11-docs/pkcs11-v240-base-specs.html
 delete mode 100644 pkcs11-docs/pkcs11-v240-curr-mechs.html
 delete mode 100644 pkcs11-docs/pkcs11-v240-usage-guide.html
 delete mode 100644 pkcs11-docs/pkcs11.h
 delete mode 100644 pkcs11-docs/pkcs11f.h
 delete mode 100644 pkcs11-docs/pkcs11t.h

diff --git a/pkcs11-docs/pkcs11-v240-base-specs.html b/pkcs11-docs/pkcs11-v240-base-specs.html
deleted file mode 100644
index 164bac6..0000000
--- a/pkcs11-docs/pkcs11-v240-base-specs.html
+++ /dev/null
@@ -1,20373 +0,0 @@
-<html>
-
-<head>
-<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
-<meta name=Generator content="Microsoft Word 14 (filtered)">
-<base href="http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html">
-<title>PKCS #11 Cryptographic Token Interface Base Specification Version 2.40</title>
-<style>
-<!--
- /* Font Definitions */
- @font-face
-	{font-family:Helvetica;
-	panose-1:2 11 6 4 2 2 2 2 2 4;}
-@font-face
-	{font-family:Courier;
-	panose-1:2 7 4 9 2 2 5 2 4 4;}
-@font-face
-	{font-family:"Tms Rmn";
-	panose-1:2 2 6 3 4 5 5 2 3 4;}
-@font-face
-	{font-family:Helv;
-	panose-1:2 11 6 4 2 2 2 3 2 4;}
-@font-face
-	{font-family:"New York";
-	panose-1:2 4 5 3 6 5 6 2 3 4;}
-@font-face
-	{font-family:System;
-	panose-1:0 0 0 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:Wingdings;
-	panose-1:5 0 0 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"MS Mincho";
-	panose-1:2 2 6 9 4 2 5 8 3 4;}
-@font-face
-	{font-family:Batang;
-	panose-1:2 3 6 0 0 1 1 1 1 1;}
-@font-face
-	{font-family:SimSun;
-	panose-1:2 1 6 0 3 1 1 1 1 1;}
-@font-face
-	{font-family:PMingLiU;
-	panose-1:2 2 5 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"MS Gothic";
-	panose-1:2 11 6 9 7 2 5 8 2 4;}
-@font-face
-	{font-family:Dotum;
-	panose-1:2 11 6 0 0 1 1 1 1 1;}
-@font-face
-	{font-family:SimHei;
-	panose-1:2 1 6 9 6 1 1 1 1 1;}
-@font-face
-	{font-family:MingLiU;
-	panose-1:2 2 5 9 0 0 0 0 0 0;}
-@font-face
-	{font-family:Mincho;
-	panose-1:2 2 6 9 4 3 5 8 3 5;}
-@font-face
-	{font-family:Gulim;
-	panose-1:2 11 6 0 0 1 1 1 1 1;}
-@font-face
-	{font-family:Century;
-	panose-1:2 4 6 4 5 5 5 2 3 4;}
-@font-face
-	{font-family:"Angsana New";
-	panose-1:2 2 6 3 5 4 5 2 3 4;}
-@font-face
-	{font-family:"Cordia New";
-	panose-1:2 11 3 4 2 2 2 2 2 4;}
-@font-face
-	{font-family:Mangal;
-	panose-1:2 4 5 3 5 2 3 3 2 2;}
-@font-face
-	{font-family:Latha;
-	panose-1:2 11 6 4 2 2 2 2 2 4;}
-@font-face
-	{font-family:Sylfaen;
-	panose-1:1 10 5 2 5 3 6 3 3 3;}
-@font-face
-	{font-family:Vrinda;
-	panose-1:2 11 5 2 4 2 4 2 2 3;}
-@font-face
-	{font-family:Raavi;
-	panose-1:2 11 5 2 4 2 4 2 2 3;}
-@font-face
-	{font-family:Shruti;
-	panose-1:2 11 5 2 4 2 4 2 2 3;}
-@font-face
-	{font-family:Sendnya;
-	panose-1:0 0 4 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:Gautami;
-	panose-1:2 11 5 2 4 2 4 2 2 3;}
-@font-face
-	{font-family:Tunga;
-	panose-1:2 11 5 2 4 2 4 2 2 3;}
-@font-face
-	{font-family:"Estrangelo Edessa";
-	panose-1:3 8 6 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"Cambria Math";
-	panose-1:2 4 5 3 5 4 6 3 2 4;}
-@font-face
-	{font-family:"Arial Unicode MS";
-	panose-1:2 11 6 4 2 2 2 2 2 4;}
-@font-face
-	{font-family:Cambria;
-	panose-1:2 4 5 3 5 4 6 3 2 4;}
-@font-face
-	{font-family:Calibri;
-	panose-1:2 15 5 2 2 2 4 3 2 4;}
-@font-face
-	{font-family:Tahoma;
-	panose-1:2 11 6 4 3 5 4 4 2 4;}
-@font-face
-	{font-family:Times;
-	panose-1:2 2 6 3 5 4 5 2 3 4;}
-@font-face
-	{font-family:Palatino;}
-@font-face
-	{font-family:"\@MS Mincho";
-	panose-1:2 2 6 9 4 2 5 8 3 4;}
-@font-face
-	{font-family:"\@Arial Unicode MS";
-	panose-1:2 11 6 4 2 2 2 2 2 4;}
- /* Style Definitions */
- p.MsoNormal, li.MsoNormal, div.MsoNormal
-	{margin-top:4.0pt;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:0in;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";}
-h1
-	{margin-top:24.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:.3in;
-	text-indent:-.3in;
-	page-break-before:always;
-	page-break-after:avoid;
-	border:none;
-	padding:0in;
-	font-size:18.0pt;
-	font-family:"Arial","sans-serif";
-	color:#3B006F;
-	font-weight:bold;}
-h2
-	{mso-style-name:"Heading 2\,H2";
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:.4in;
-	text-indent:-.4in;
-	page-break-after:avoid;
-	font-size:14.0pt;
-	font-family:"Arial","sans-serif";
-	color:#3B006F;
-	font-weight:bold;}
-h3
-	{mso-style-name:"Heading 3\,H3";
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:.5in;
-	text-indent:-.5in;
-	page-break-after:avoid;
-	font-size:13.0pt;
-	font-family:"Arial","sans-serif";
-	color:#3B006F;
-	font-weight:bold;}
-h4
-	{mso-style-name:"Heading 4\,H4";
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:.6in;
-	text-indent:-.6in;
-	page-break-after:avoid;
-	font-size:12.0pt;
-	font-family:"Arial","sans-serif";
-	color:#3B006F;
-	font-weight:bold;}
-h5
-	{margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:.7in;
-	text-indent:-.7in;
-	page-break-after:avoid;
-	font-size:12.0pt;
-	font-family:"Arial","sans-serif";
-	color:#3B006F;
-	font-weight:bold;}
-h6
-	{margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:.8in;
-	text-indent:-.8in;
-	page-break-after:avoid;
-	font-size:11.0pt;
-	font-family:"Arial","sans-serif";
-	color:#3B006F;
-	font-weight:bold;}
-p.MsoHeading7, li.MsoHeading7, div.MsoHeading7
-	{margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:.9in;
-	text-indent:-.9in;
-	page-break-after:avoid;
-	font-size:11.0pt;
-	font-family:"Arial","sans-serif";
-	color:#3B006F;
-	font-weight:bold;}
-p.MsoHeading8, li.MsoHeading8, div.MsoHeading8
-	{margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:1.0in;
-	text-indent:-1.0in;
-	page-break-after:avoid;
-	font-size:11.0pt;
-	font-family:"Arial","sans-serif";
-	color:#3B006F;
-	font-weight:bold;
-	font-style:italic;}
-p.MsoHeading9, li.MsoHeading9, div.MsoHeading9
-	{margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:1.1in;
-	text-indent:-1.1in;
-	page-break-after:avoid;
-	font-size:11.0pt;
-	font-family:"Arial","sans-serif";
-	color:#3B006F;
-	font-weight:bold;
-	font-style:italic;}
-p.MsoIndex1, li.MsoIndex1, div.MsoIndex1
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	text-align:justify;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";}
-p.MsoIndex2, li.MsoIndex2, div.MsoIndex2
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:.25in;
-	text-align:justify;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";}
-p.MsoIndex3, li.MsoIndex3, div.MsoIndex3
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	text-align:justify;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";}
-p.MsoIndex4, li.MsoIndex4, div.MsoIndex4
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:.75in;
-	text-align:justify;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";}
-p.MsoIndex5, li.MsoIndex5, div.MsoIndex5
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:1.0in;
-	text-align:justify;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";}
-p.MsoIndex6, li.MsoIndex6, div.MsoIndex6
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:1.25in;
-	text-align:justify;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";}
-p.MsoIndex7, li.MsoIndex7, div.MsoIndex7
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:1.5in;
-	text-align:justify;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";}
-p.MsoToc1, li.MsoToc1, div.MsoToc1
-	{margin-top:3.0pt;
-	margin-right:0in;
-	margin-bottom:3.0pt;
-	margin-left:0in;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";}
-p.MsoToc2, li.MsoToc2, div.MsoToc2
-	{margin-top:3.0pt;
-	margin-right:0in;
-	margin-bottom:3.0pt;
-	margin-left:12.0pt;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";}
-p.MsoToc3, li.MsoToc3, div.MsoToc3
-	{margin-top:3.0pt;
-	margin-right:0in;
-	margin-bottom:3.0pt;
-	margin-left:24.0pt;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";}
-p.MsoToc4, li.MsoToc4, div.MsoToc4
-	{margin-top:3.0pt;
-	margin-right:0in;
-	margin-bottom:3.0pt;
-	margin-left:.5in;
-	font-size:9.0pt;
-	font-family:"Arial","sans-serif";}
-p.MsoToc5, li.MsoToc5, div.MsoToc5
-	{margin-top:3.0pt;
-	margin-right:0in;
-	margin-bottom:3.0pt;
-	margin-left:48.0pt;
-	font-size:9.0pt;
-	font-family:"Arial","sans-serif";}
-p.MsoToc6, li.MsoToc6, div.MsoToc6
-	{margin-top:4.0pt;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:60.0pt;
-	font-size:9.0pt;
-	font-family:"Arial","sans-serif";}
-p.MsoToc7, li.MsoToc7, div.MsoToc7
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:1.0in;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";}
-p.MsoToc8, li.MsoToc8, div.MsoToc8
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:84.0pt;
-	margin-bottom:.0001pt;
-	font-size:9.0pt;
-	font-family:"Times New Roman","serif";}
-p.MsoToc9, li.MsoToc9, div.MsoToc9
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:96.0pt;
-	margin-bottom:.0001pt;
-	font-size:9.0pt;
-	font-family:"Times New Roman","serif";}
-p.MsoNormalIndent, li.MsoNormalIndent, div.MsoNormalIndent
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	text-align:justify;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";}
-p.MsoFootnoteText, li.MsoFootnoteText, div.MsoFootnoteText
-	{mso-style-link:"Footnote Text Char";
-	margin-top:4.0pt;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:0in;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";}
-p.MsoCommentText, li.MsoCommentText, div.MsoCommentText
-	{mso-style-link:"Comment Text Char";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	text-align:justify;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";}
-p.MsoHeader, li.MsoHeader, div.MsoHeader
-	{mso-style-name:"Header\,header odd\,header odd1\,header odd2\,header odd11\,header odd3\,header odd12\,header odd21\,header odd111";
-	margin-top:4.0pt;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:0in;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";}
-p.MsoFooter, li.MsoFooter, div.MsoFooter
-	{mso-style-link:"Footer Char";
-	margin-top:4.0pt;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:0in;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";}
-p.MsoIndexHeading, li.MsoIndexHeading, div.MsoIndexHeading
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	text-align:justify;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";}
-p.MsoCaption, li.MsoCaption, div.MsoCaption
-	{margin-top:6.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:0in;
-	page-break-after:avoid;
-	font-size:9.0pt;
-	font-family:"Arial","sans-serif";
-	font-style:italic;}
-p.MsoTof, li.MsoTof, div.MsoTof
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:20.0pt;
-	margin-bottom:.0001pt;
-	text-indent:-20.0pt;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";
-	font-variant:small-caps;}
-span.MsoFootnoteReference
-	{vertical-align:super;}
-span.MsoEndnoteReference
-	{vertical-align:super;}
-p.MsoEndnoteText, li.MsoEndnoteText, div.MsoEndnoteText
-	{mso-style-link:"Endnote Text Char";
-	margin-top:4.0pt;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:0in;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";}
-p.MsoList, li.MsoList, div.MsoList
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:.25in;
-	text-align:justify;
-	text-indent:-.25in;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";}
-p.MsoListBullet, li.MsoListBullet, div.MsoListBullet
-	{margin-top:4.0pt;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:.25in;
-	text-indent:-.25in;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";}
-p.MsoListNumber, li.MsoListNumber, div.MsoListNumber
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:.5in;
-	text-align:justify;
-	text-indent:-.5in;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";}
-p.MsoList2, li.MsoList2, div.MsoList2
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:.5in;
-	text-align:justify;
-	text-indent:-.25in;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";}
-p.MsoListBullet2, li.MsoListBullet2, div.MsoListBullet2
-	{margin-top:4.0pt;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:.5in;
-	text-indent:-.25in;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";}
-p.MsoTitle, li.MsoTitle, div.MsoTitle
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	border:none;
-	padding:0in;
-	font-size:24.0pt;
-	font-family:"Arial","sans-serif";
-	color:#3B006F;
-	font-weight:bold;}
-p.MsoBodyText, li.MsoBodyText, div.MsoBodyText
-	{mso-style-link:"Body Text Char";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:0in;
-	text-align:justify;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";}
-p.MsoBodyTextIndent, li.MsoBodyTextIndent, div.MsoBodyTextIndent
-	{mso-style-link:"Body Text Indent Char";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:1.5in;
-	text-align:justify;
-	text-indent:-1.5in;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";}
-p.MsoListContinue2, li.MsoListContinue2, div.MsoListContinue2
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:.5in;
-	text-align:justify;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";}
-p.MsoMessageHeader, li.MsoMessageHeader, div.MsoMessageHeader
-	{mso-style-link:"Message Header Char";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:.75in;
-	text-align:justify;
-	text-indent:-.75in;
-	background:#CCCCCC;
-	border:none;
-	padding:0in;
-	font-size:12.0pt;
-	font-family:"Arial","sans-serif";}
-p.MsoSubtitle, li.MsoSubtitle, div.MsoSubtitle
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	border:none;
-	padding:0in;
-	font-size:18.0pt;
-	font-family:"Arial","sans-serif";
-	color:#3B006F;
-	font-weight:bold;}
-p.MsoDate, li.MsoDate, div.MsoDate
-	{mso-style-link:"Date Char";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	text-align:center;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";
-	font-style:italic;}
-p.MsoNoteHeading, li.MsoNoteHeading, div.MsoNoteHeading
-	{margin-top:4.0pt;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:0in;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";}
-p.MsoBodyText2, li.MsoBodyText2, div.MsoBodyText2
-	{mso-style-link:"Body Text 2 Char";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	text-align:justify;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";}
-p.MsoBodyTextIndent3, li.MsoBodyTextIndent3, div.MsoBodyTextIndent3
-	{mso-style-link:"Body Text Indent 3 Char";
-	margin-top:6.0pt;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:170.1pt;
-	margin-bottom:.0001pt;
-	text-align:justify;
-	text-indent:-134.1pt;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";}
-a:link, span.MsoHyperlink
-	{color:#0000EE;
-	text-decoration:none;}
-a:visited, span.MsoHyperlinkFollowed
-	{color:purple;
-	text-decoration:underline;}
-p.MsoDocumentMap, li.MsoDocumentMap, div.MsoDocumentMap
-	{mso-style-link:"Document Map Char";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	text-align:justify;
-	background:navy;
-	font-size:12.0pt;
-	font-family:"Tahoma","sans-serif";}
-p
-	{margin-right:0in;
-	margin-left:0in;
-	font-size:10.0pt;
-	font-family:"Arial Unicode MS","sans-serif";}
-pre
-	{mso-style-link:"HTML Preformatted Char";
-	margin:0in;
-	margin-bottom:.0001pt;
-	font-size:10.0pt;
-	font-family:"Arial Unicode MS","sans-serif";}
-tt
-	{font-family:"Arial Unicode MS","sans-serif";}
-p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
-	{mso-style-link:"Balloon Text Char";
-	margin:0in;
-	margin-bottom:.0001pt;
-	font-size:8.0pt;
-	font-family:"Tahoma","sans-serif";}
-p.Titlepageinfo, li.Titlepageinfo, div.Titlepageinfo
-	{mso-style-name:"Title page info";
-	margin:0in;
-	margin-bottom:.0001pt;
-	page-break-after:avoid;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";
-	color:#3B006F;
-	font-weight:bold;}
-p.Titlepageinfodescription, li.Titlepageinfodescription, div.Titlepageinfodescription
-	{mso-style-name:"Title page info description";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:.5in;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";}
-p.TitlepageinfodescriptionCxSpFirst, li.TitlepageinfodescriptionCxSpFirst, div.TitlepageinfodescriptionCxSpFirst
-	{mso-style-name:"Title page info descriptionCxSpFirst";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:.5in;
-	margin-bottom:.0001pt;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";}
-p.TitlepageinfodescriptionCxSpMiddle, li.TitlepageinfodescriptionCxSpMiddle, div.TitlepageinfodescriptionCxSpMiddle
-	{mso-style-name:"Title page info descriptionCxSpMiddle";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:.5in;
-	margin-bottom:.0001pt;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";}
-p.TitlepageinfodescriptionCxSpLast, li.TitlepageinfodescriptionCxSpLast, div.TitlepageinfodescriptionCxSpLast
-	{mso-style-name:"Title page info descriptionCxSpLast";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:.5in;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";}
-p.Contributor, li.Contributor, div.Contributor
-	{mso-style-name:Contributor;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:.5in;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";}
-p.ContributorCxSpFirst, li.ContributorCxSpFirst, div.ContributorCxSpFirst
-	{mso-style-name:ContributorCxSpFirst;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:.5in;
-	margin-bottom:.0001pt;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";}
-p.ContributorCxSpMiddle, li.ContributorCxSpMiddle, div.ContributorCxSpMiddle
-	{mso-style-name:ContributorCxSpMiddle;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:.5in;
-	margin-bottom:.0001pt;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";}
-p.ContributorCxSpLast, li.ContributorCxSpLast, div.ContributorCxSpLast
-	{mso-style-name:ContributorCxSpLast;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:.5in;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";}
-p.Legalnotice, li.Legalnotice, div.Legalnotice
-	{mso-style-name:"Legal notice";
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:0in;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";}
-p.LegalnoticeCxSpFirst, li.LegalnoticeCxSpFirst, div.LegalnoticeCxSpFirst
-	{mso-style-name:"Legal noticeCxSpFirst";
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:0in;
-	margin-bottom:.0001pt;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";}
-p.LegalnoticeCxSpMiddle, li.LegalnoticeCxSpMiddle, div.LegalnoticeCxSpMiddle
-	{mso-style-name:"Legal noticeCxSpMiddle";
-	margin:0in;
-	margin-bottom:.0001pt;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";}
-p.LegalnoticeCxSpLast, li.LegalnoticeCxSpLast, div.LegalnoticeCxSpLast
-	{mso-style-name:"Legal noticeCxSpLast";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:0in;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";}
-span.Datatype
-	{mso-style-name:Datatype;
-	font-family:"Courier New";}
-p.Code, li.Code, div.Code
-	{mso-style-name:Code;
-	margin-top:0in;
-	margin-right:.3in;
-	margin-bottom:0in;
-	margin-left:.3in;
-	margin-bottom:.0001pt;
-	background:#D9D9D9;
-	border:none;
-	padding:0in;
-	font-size:9.0pt;
-	font-family:"Courier New";}
-p.AppendixHeading2, li.AppendixHeading2, div.AppendixHeading2
-	{mso-style-name:AppendixHeading2;
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:.4in;
-	text-indent:-.4in;
-	page-break-after:avoid;
-	font-size:14.0pt;
-	font-family:"Arial","sans-serif";
-	color:#3B006F;
-	font-weight:bold;}
-span.Element
-	{mso-style-name:Element;
-	font-family:"Courier New";}
-span.Attribute
-	{mso-style-name:Attribute;
-	font-family:"Courier New";}
-span.Keyword
-	{mso-style-name:Keyword;
-	font-family:"Courier New";}
-p.Note, li.Note, div.Note
-	{mso-style-name:Note;
-	margin-top:6.0pt;
-	margin-right:.5in;
-	margin-bottom:6.0pt;
-	margin-left:.5in;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";}
-p.Definitionterm, li.Definitionterm, div.Definitionterm
-	{mso-style-name:"Definition term";
-	margin-top:4.0pt;
-	margin-right:2.0in;
-	margin-bottom:4.0pt;
-	margin-left:0in;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";
-	font-weight:bold;}
-p.Definition, li.Definition, div.Definition
-	{mso-style-name:Definition;
-	margin-top:4.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:.5in;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";}
-p.Ref, li.Ref, div.Ref
-	{mso-style-name:Ref;
-	margin-top:2.0pt;
-	margin-right:0in;
-	margin-bottom:2.0pt;
-	margin-left:1.5in;
-	text-indent:-1.25in;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";
-	color:black;}
-p.AppendixHeading1, li.AppendixHeading1, div.AppendixHeading1
-	{mso-style-name:AppendixHeading1;
-	mso-style-link:"AppendixHeading1 Char";
-	margin-right:0in;
-	margin-left:.25in;
-	text-indent:-.25in;
-	page-break-before:always;
-	page-break-after:avoid;
-	border:none;
-	padding:0in;
-	font-size:18.0pt;
-	font-family:"Arial","sans-serif";
-	color:#3B006F;
-	font-weight:bold;}
-span.Refterm
-	{mso-style-name:"Ref term";
-	font-weight:bold;}
-p.Example, li.Example, div.Example
-	{mso-style-name:Example;
-	margin-top:0in;
-	margin-right:.3in;
-	margin-bottom:0in;
-	margin-left:.3in;
-	margin-bottom:.0001pt;
-	background:#E6E6E6;
-	font-size:9.0pt;
-	font-family:"Courier New";}
-span.CODEtemp
-	{mso-style-name:"CODE temp";
-	font-family:"Courier New";}
-p.Codesmall, li.Codesmall, div.Codesmall
-	{mso-style-name:"Code small";
-	margin-top:0in;
-	margin-right:.3in;
-	margin-bottom:0in;
-	margin-left:.3in;
-	margin-bottom:.0001pt;
-	background:#E6E6E6;
-	border:none;
-	padding:0in;
-	font-size:8.0pt;
-	font-family:"Courier New";}
-p.Examplesmall, li.Examplesmall, div.Examplesmall
-	{mso-style-name:"Example small";
-	margin-top:0in;
-	margin-right:.3in;
-	margin-bottom:0in;
-	margin-left:.3in;
-	margin-bottom:.0001pt;
-	background:#E6E6E6;
-	font-size:8.0pt;
-	font-family:"Courier New";}
-span.Variable
-	{mso-style-name:Variable;
-	font-style:italic;}
-span.FootnoteTextChar
-	{mso-style-name:"Footnote Text Char";
-	mso-style-link:"Footnote Text";
-	font-family:"Arial","sans-serif";}
-p.RelatedWork, li.RelatedWork, div.RelatedWork
-	{mso-style-name:"Related Work";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:.75in;
-	text-indent:-.25in;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";}
-p.RelatedWorkCxSpFirst, li.RelatedWorkCxSpFirst, div.RelatedWorkCxSpFirst
-	{mso-style-name:"Related WorkCxSpFirst";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:.75in;
-	margin-bottom:.0001pt;
-	text-indent:-.25in;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";}
-p.RelatedWorkCxSpMiddle, li.RelatedWorkCxSpMiddle, div.RelatedWorkCxSpMiddle
-	{mso-style-name:"Related WorkCxSpMiddle";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:.75in;
-	margin-bottom:.0001pt;
-	text-indent:-.25in;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";}
-p.RelatedWorkCxSpLast, li.RelatedWorkCxSpLast, div.RelatedWorkCxSpLast
-	{mso-style-name:"Related WorkCxSpLast";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:.75in;
-	text-indent:-.25in;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";}
-p.Abstract, li.Abstract, div.Abstract
-	{mso-style-name:Abstract;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:.5in;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";}
-p.Notices, li.Notices, div.Notices
-	{mso-style-name:Notices;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	page-break-before:always;
-	border:none;
-	padding:0in;
-	font-size:18.0pt;
-	font-family:"Arial","sans-serif";
-	color:#3B006F;
-	font-weight:bold;}
-p.TextBody, li.TextBody, div.TextBody
-	{mso-style-name:"Text Body";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:0in;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";}
-p.AppendixHeading3, li.AppendixHeading3, div.AppendixHeading3
-	{mso-style-name:AppendixHeading3;
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:.5in;
-	text-indent:-.5in;
-	page-break-after:avoid;
-	font-size:13.0pt;
-	font-family:"Arial","sans-serif";
-	color:#3B006F;
-	font-weight:bold;}
-span.EndnoteTextChar
-	{mso-style-name:"Endnote Text Char";
-	mso-style-link:"Endnote Text";
-	font-family:"Arial","sans-serif";}
-p.Heading1WP, li.Heading1WP, div.Heading1WP
-	{mso-style-name:"Heading 1 WP";
-	margin-top:24.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:0in;
-	text-indent:0in;
-	page-break-after:avoid;
-	border:none;
-	padding:0in;
-	font-size:18.0pt;
-	font-family:"Arial","sans-serif";
-	color:#3B006F;
-	font-weight:bold;}
-span.FooterChar
-	{mso-style-name:"Footer Char";
-	mso-style-link:Footer;
-	font-family:"Arial","sans-serif";}
-span.BalloonTextChar
-	{mso-style-name:"Balloon Text Char";
-	mso-style-link:"Balloon Text";
-	font-family:"Tahoma","sans-serif";}
-span.AppendixHeading1Char
-	{mso-style-name:"AppendixHeading1 Char";
-	mso-style-link:AppendixHeading1;
-	font-family:"Arial","sans-serif";
-	color:#3B006F;
-	font-weight:bold;}
-span.apple-style-span
-	{mso-style-name:apple-style-span;}
-p.reference, li.reference, div.reference
-	{mso-style-name:reference;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:89.3pt;
-	text-align:justify;
-	text-indent:-89.3pt;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";}
-p.definition0, li.definition0, div.definition0
-	{mso-style-name:definition;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:2.3in;
-	text-indent:-2.3in;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";}
-p.Table, li.Table, div.Table
-	{mso-style-name:Table;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:2.0pt;
-	margin-left:0in;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";}
-span.HTMLPreformattedChar
-	{mso-style-name:"HTML Preformatted Char";
-	mso-style-link:"HTML Preformatted";
-	font-family:"Arial Unicode MS","sans-serif";}
-p.equation, li.equation, div.equation
-	{mso-style-name:equation;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	text-align:center;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";}
-p.smallexample, li.smallexample, div.smallexample
-	{mso-style-name:"small example";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:.5in;
-	margin-bottom:.0001pt;
-	border:none;
-	padding:0in;
-	font-size:9.0pt;
-	font-family:"Courier New";}
-p.name, li.name, div.name
-	{mso-style-name:name;
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:.6in;
-	text-align:justify;
-	text-indent:-.6in;
-	page-break-after:avoid;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";
-	font-weight:bold;}
-p.information, li.information, div.information
-	{mso-style-name:information;
-	margin-top:0in;
-	margin-right:.5in;
-	margin-bottom:0in;
-	margin-left:0in;
-	margin-bottom:.0001pt;
-	text-align:justify;
-	font-size:12.0pt;
-	font-family:Courier;
-	color:black;}
-p.headingfunction, li.headingfunction, div.headingfunction
-	{mso-style-name:"heading function";
-	margin-top:0in;
-	margin-right:.5in;
-	margin-bottom:0in;
-	margin-left:0in;
-	margin-bottom:.0001pt;
-	font-size:12.0pt;
-	font-family:"Times","serif";}
-p.description, li.description, div.description
-	{mso-style-name:description;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	text-align:justify;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";}
-p.space, li.space, div.space
-	{mso-style-name:space;
-	margin:0in;
-	margin-bottom:.0001pt;
-	text-align:justify;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";}
-p.title, li.title, div.title
-	{mso-style-name:title;
-	margin-top:24.0pt;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	text-align:center;
-	font-size:16.0pt;
-	font-family:"Times New Roman","serif";
-	font-weight:bold;}
-p.subtitle, li.subtitle, div.subtitle
-	{mso-style-name:subtitle;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	text-align:center;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";
-	font-style:italic;}
-p.element0, li.element0, div.element0
-	{mso-style-name:element;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:1.0in;
-	text-align:justify;
-	text-indent:-.5in;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";}
-p.subelement, li.subelement, div.subelement
-	{mso-style-name:subelement;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:1.3in;
-	text-align:justify;
-	text-indent:-.5in;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";}
-span.CommentTextChar
-	{mso-style-name:"Comment Text Char";
-	mso-style-link:"Comment Text";}
-p.CFunction, li.CFunction, div.CFunction
-	{mso-style-name:CFunction;
-	margin-top:0in;
-	margin-right:.3in;
-	margin-bottom:0in;
-	margin-left:0in;
-	margin-bottom:.0001pt;
-	background:#D9D9D9;
-	border:none;
-	padding:0in;
-	font-size:12.0pt;
-	font-family:"Courier New";}
-p.TableSmallFont, li.TableSmallFont, div.TableSmallFont
-	{mso-style-name:TableSmallFont;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:2.0pt;
-	margin-left:0in;
-	text-align:center;
-	page-break-after:avoid;
-	font-size:8.0pt;
-	font-family:"Times New Roman","serif";}
-p.Appendix1, li.Appendix1, div.Appendix1
-	{mso-style-name:Appendix1;
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	text-align:justify;
-	text-indent:0in;
-	page-break-after:avoid;
-	font-size:14.0pt;
-	font-family:"Times New Roman","serif";
-	font-weight:bold;}
-p.Appendix2, li.Appendix2, div.Appendix2
-	{mso-style-name:Appendix2;
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	text-align:justify;
-	text-indent:0in;
-	page-break-after:avoid;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";
-	font-weight:bold;}
-span.BodyTextChar
-	{mso-style-name:"Body Text Char";
-	mso-style-link:"Body Text";}
-span.npal
-	{mso-style-name:npal;
-	font-family:Palatino;}
-p.numberedlist2, li.numberedlist2, div.numberedlist2
-	{mso-style-name:"numbered list 2";
-	margin-top:.1in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:45.0pt;
-	text-align:justify;
-	text-indent:-.25in;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";}
-p.bulletedlist2, li.bulletedlist2, div.bulletedlist2
-	{mso-style-name:"bulleted list 2";
-	margin-top:.1in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:45.0pt;
-	text-align:justify;
-	text-indent:-.25in;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";}
-p.bulletedlist1, li.bulletedlist1, div.bulletedlist1
-	{mso-style-name:"bulleted list 1";
-	margin-top:.1in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:27.0pt;
-	text-align:justify;
-	text-indent:-.25in;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";}
-span.DocumentMapChar
-	{mso-style-name:"Document Map Char";
-	mso-style-link:"Document Map";
-	font-family:"Tahoma","sans-serif";
-	background:navy;}
-span.BodyText2Char
-	{mso-style-name:"Body Text 2 Char";
-	mso-style-link:"Body Text 2";}
-span.Typewriter
-	{mso-style-name:Typewriter;
-	font-family:"Courier New";}
-p.Appendix10, li.Appendix10, div.Appendix10
-	{mso-style-name:"Appendix 1";
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:.3in;
-	text-align:justify;
-	text-indent:-.3in;
-	page-break-after:avoid;
-	font-size:14.0pt;
-	font-family:"Times New Roman","serif";
-	font-weight:bold;}
-p.Preformatted, li.Preformatted, div.Preformatted
-	{mso-style-name:Preformatted;
-	margin:0in;
-	margin-bottom:.0001pt;
-	font-size:12.0pt;
-	font-family:"Courier New";
-	layout-grid-mode:line;}
-p.Appendix20, li.Appendix20, div.Appendix20
-	{mso-style-name:"Appendix 2";
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:.4in;
-	text-align:justify;
-	text-indent:-.4in;
-	page-break-after:avoid;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";
-	font-weight:bold;}
-p.Appendix, li.Appendix, div.Appendix
-	{mso-style-name:Appendix;
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	text-align:justify;
-	text-indent:0in;
-	page-break-after:avoid;
-	font-size:14.0pt;
-	font-family:"Times New Roman","serif";
-	font-weight:bold;}
-span.DateChar
-	{mso-style-name:"Date Char";
-	mso-style-link:Date;
-	font-style:italic;}
-span.BodyTextIndentChar
-	{mso-style-name:"Body Text Indent Char";
-	mso-style-link:"Body Text Indent";}
-p.Argument, li.Argument, div.Argument
-	{mso-style-name:Argument;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:1.5in;
-	text-align:justify;
-	text-indent:-1.5in;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";}
-p.Step, li.Step, div.Step
-	{mso-style-name:Step;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:.5in;
-	text-align:justify;
-	text-indent:-.5in;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";}
-p.Equation0, li.Equation0, div.Equation0
-	{mso-style-name:Equation;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	text-align:center;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";}
-p.example0, li.example0, div.example0
-	{mso-style-name:example;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	font-size:12.0pt;
-	font-family:"Courier New";}
-p.paragraph, li.paragraph, div.paragraph
-	{mso-style-name:paragraph;
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:0in;
-	margin-bottom:.0001pt;
-	text-align:justify;
-	font-size:10.0pt;
-	font-family:"Times","serif";}
-p.listitem, li.listitem, div.listitem
-	{mso-style-name:"list item";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:27.0pt;
-	margin-bottom:.0001pt;
-	text-align:justify;
-	text-indent:-27.0pt;
-	font-size:10.0pt;
-	font-family:"Times","serif";}
-p.note0, li.note0, div.note0
-	{mso-style-name:note;
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:0in;
-	margin-bottom:.0001pt;
-	text-align:justify;
-	font-size:9.0pt;
-	font-family:"Times","serif";}
-p.Substep, li.Substep, div.Substep
-	{mso-style-name:Substep;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:1.0in;
-	text-align:justify;
-	text-indent:-.5in;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";}
-p.syntax, li.syntax, div.syntax
-	{mso-style-name:syntax;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	font-size:12.0pt;
-	font-family:"Courier New";}
-p.Appendix3, li.Appendix3, div.Appendix3
-	{mso-style-name:"Appendix 3";
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	text-align:justify;
-	text-indent:0in;
-	page-break-after:avoid;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";
-	font-weight:bold;}
-span.MessageHeaderChar
-	{mso-style-name:"Message Header Char";
-	mso-style-link:"Message Header";
-	font-family:"Arial","sans-serif";
-	background:#CCCCCC;}
-p.ASN1, li.ASN1, div.ASN1
-	{mso-style-name:"ASN\.1";
-	margin-top:6.8pt;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:0in;
-	margin-bottom:.0001pt;
-	text-align:justify;
-	font-size:9.0pt;
-	font-family:"Helvetica","sans-serif";
-	font-weight:bold;}
-p.ASN1Cont, li.ASN1Cont, div.ASN1Cont
-	{mso-style-name:"ASN\.1 Cont\.";
-	margin:0in;
-	margin-bottom:.0001pt;
-	font-size:9.0pt;
-	font-family:"Helvetica","sans-serif";
-	font-weight:bold;}
-span.BodyTextIndent3Char
-	{mso-style-name:"Body Text Indent 3 Char";
-	mso-style-link:"Body Text Indent 3";
-	font-family:"MS Mincho";}
-p.Text, li.Text, div.Text
-	{mso-style-name:Text;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:127.6pt;
-	margin-bottom:.0001pt;
-	text-align:justify;
-	font-size:11.0pt;
-	font-family:"Times New Roman","serif";}
-p.BoxedCode, li.BoxedCode, div.BoxedCode
-	{mso-style-name:Boxed_Code;
-	margin-top:4.0pt;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:0in;
-	border:none;
-	padding:0in;
-	font-size:10.0pt;
-	font-family:"Courier New";}
-span.msoIns
-	{mso-style-name:"";
-	text-decoration:underline;
-	color:teal;}
-span.msoDel
-	{mso-style-name:"";
-	text-decoration:line-through;
-	color:red;}
- /* Page Definitions */
- @page WordSection1
-	{size:8.5in 11.0in;
-	margin:1.0in 1.0in .5in 1.0in;}
-div.WordSection1
-	{page:WordSection1;}
-@page WordSection2
-	{size:8.5in 11.0in;
-	margin:1.0in 1.0in .5in 1.0in;}
-div.WordSection2
-	{page:WordSection2;}
- /* List Definitions */
- ol
-	{margin-bottom:0in;}
-ul
-	{margin-bottom:0in;}
--->
-</style>
-
-</head>
-
-<body lang=EN-US link="#0000EE" vlink=purple>
-
-<div class=WordSection1>
-
-<p class=MsoHeader><img width=203 height=54
-src="pkcs11-base-v2.40-os_files/image001.jpg"></p>
-
-<div style='border:none;border-top:solid gray 1.0pt;padding:1.0pt 0in 0in 0in'>
-
-<p class=MsoTitle><span style='font-size:22.0pt'>PKCS #11 Cryptographic Token
-Interface Base Specification Version 2.40</span></p>
-
-<p class=MsoSubtitle>OASIS Standard</p>
-
-<p class=MsoSubtitle>14 April 2015</p>
-
-</div>
-
-<p class=Titlepageinfo><span style='font-size:12.0pt'>Specification URIs</span></p>
-
-<p class=Titlepageinfo>This version:</p>
-
-<p class=TitlepageinfodescriptionCxSpFirst><span class=MsoHyperlink><span
-style='color:windowtext'><a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.doc">http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.doc</a>
-(Authoritative)</span></span></p>
-
-<p class=TitlepageinfodescriptionCxSpMiddle><span class=MsoHyperlink><span
-style='color:windowtext'><a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html">http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html</a></span></span></p>
-
-<p class=TitlepageinfodescriptionCxSpLast><span class=MsoHyperlink><span
-style='color:windowtext'><a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.pdf">http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.pdf</a></span></span></p>
-
-<p class=Titlepageinfo>Previous version:</p>
-
-<p class=TitlepageinfodescriptionCxSpFirst><span class=MsoHyperlink><a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/cs01/pkcs11-base-v2.40-cs01.doc">http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/cs01/pkcs11-base-v2.40-cs01.doc</a>
-</span><span class=MsoHyperlink><span style='color:black'>(Authoritative)</span></span></p>
-
-<p class=TitlepageinfodescriptionCxSpMiddle><span class=MsoHyperlink><a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/cs01/pkcs11-base-v2.40-cs01.html">http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/cs01/pkcs11-base-v2.40-cs01.html</a></span></p>
-
-<p class=TitlepageinfodescriptionCxSpLast><span class=MsoHyperlink><a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/cs01/pkcs11-base-v2.40-cs01.pdf">http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/cs01/pkcs11-base-v2.40-cs01.pdf</a></span></p>
-
-<p class=Titlepageinfo>Latest version:</p>
-
-<p class=TitlepageinfodescriptionCxSpFirst><span style='color:#0000EE'><a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.doc">http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.doc</a>
-</span><span style='color:black'>(Authoritative)</span></p>
-
-<p class=TitlepageinfodescriptionCxSpMiddle><span style='color:#0000EE'><a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html">http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html</a></span></p>
-
-<p class=TitlepageinfodescriptionCxSpLast><span style='color:#0000EE'><a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.pdf">http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.pdf</a></span></p>
-
-<p class=Titlepageinfo>Technical Committee:</p>
-
-<p class=Titlepageinfodescription><span style='color:#0000EE'><a
-href="https://www.oasis-open.org/committees/pkcs11/">OASIS PKCS 11 TC</a></span></p>
-
-<p class=Titlepageinfo>Chairs:</p>
-
-<p class=ContributorCxSpFirst>Robert Griffin (<a
-href="mailto:robert.griffin@rsa.com">robert.griffin@rsa.com</a>), <a
-href="http://www.emc.com/">EMC Corporation</a></p>
-
-<p class=ContributorCxSpLast>Valerie Fenwick (<a
-href="mailto:valerie.fenwick@oracle.com">valerie.fenwick@oracle.com</a>), <a
-href="http://www.oracle.com/">Oracle</a></p>
-
-<p class=Titlepageinfo>Editors:</p>
-
-<p class=ContributorCxSpFirst>Susan Gleeson (<a
-href="mailto:susan.gleeson@oracle.com">susan.gleeson@oracle.com</a>), <a
-href="http://www.oracle.com/">Oracle</a></p>
-
-<p class=ContributorCxSpLast>Chris Zimman (<a href="mailto:chris@wmpp.com">chris@wmpp.com</a>),
-Individual</p>
-
-<p class=Titlepageinfo>Related work:</p>
-
-<p class=Titlepageinfodescription>This specification replaces or supersedes:</p>
-
-<p class=RelatedWork><span style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>PKCS #11 Base Functionality v2.30: Cryptoki – Draft 4. <a
-href="http://www.cryptsoft.com/pkcs11doc/STANDARD/pkcs-11v2-30b-d5.doc">http://www.cryptsoft.com/pkcs11doc/STANDARD/pkcs-11v2-30b-d5.doc</a>.</p>
-
-<p class=Titlepageinfodescription>This specification is related to:</p>
-
-<p class=RelatedWorkCxSpFirst><span style='font-family:Symbol'>·<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><i>PKCS #11 Cryptographic Token Interface Profiles Version 2.40</i>.
-Edited by Tim Hudson. <span lang=DE-CH>Latest version. </span><a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-profiles/v2.40/pkcs11-profiles-v2.40.html"><span
-lang=DE-CH>http://docs.oasis-open.org/pkcs11/pkcs11-profiles/v2.40/pkcs11-profiles-v2.40.html</span></a><span
-lang=DE-CH>.</span></p>
-
-<p class=RelatedWorkCxSpMiddle><span style='font-family:Symbol'>·<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><i>PKCS #11 Cryptographic Token Interface Current Mechanisms
-Specification Version 2.40</i>. Edited by Susan Gleeson and Chris Zimman.
-Latest version. <a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/pkcs11-curr-v2.40.html">http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/pkcs11-curr-v2.40.html</a>.</p>
-
-<p class=RelatedWorkCxSpMiddle><span style='font-family:Symbol'>·<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><i>PKCS #11 Cryptographic Token Interface Historical Mechanisms
-Specification Version 2.40</i>. Edited by Susan Gleeson and Chris Zimman.
-Latest version. <a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-hist/v2.40/pkcs11-hist-v2.40.html">http://docs.oasis-open.org/pkcs11/pkcs11-hist/v2.40/pkcs11-hist-v2.40.html</a>.</p>
-
-<p class=RelatedWorkCxSpLast><span lang=DE-CH style='font-family:Symbol'>·<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><i>PKCS #11 Cryptographic Token Interface Usage Guide Version
-2.40</i>. Edited by John Leiseboer and Robert Griffin. <span lang=DE-CH>Latest
-version. </span><a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/pkcs11-ug-v2.40.html"><span
-lang=DE-CH>http://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/pkcs11-ug-v2.40.html</span></a><span
-lang=DE-CH>.</span></p>
-
-<p class=Titlepageinfo>Abstract:</p>
-
-<p class=Abstract>This document defines data types, functions and other basic
-components of the PKCS #11 Cryptoki interface.</p>
-
-<p class=Titlepageinfo>Status:</p>
-
-<p class=Abstract>This document was last revised or approved by the membership
-of OASIS on the above date. The level of approval is also listed above. Check
-the “Latest version” location noted above for possible later revisions of this document.
-Any other numbered Versions and other technical work produced by the Technical Committee
-(TC) are listed at <a
-href="https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=pkcs11#technical">https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=pkcs11#technical</a>.</p>
-
-<p class=Abstract>TC members should send comments on this specification to the
-TC’s email list. Others should send comments to the TC’s public comment list,
-after subscribing to it by following the instructions at the “<span
-class=MsoHyperlink><span style='color:windowtext'><a
-href="https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=pkcs11">Send
-A Comment</a></span></span>” button on the TC’s web page at <span
-class=MsoHyperlink><span style='color:windowtext'><a
-href="https://www.oasis-open.org/committees/pkcs11/">https://www.oasis-open.org/committees/pkcs11/</a></span></span><span
-class=MsoHyperlink><span style='color:black'>.</span></span></p>
-
-<p class=Abstract>For information on whether any patents have been disclosed
-that may be essential to implementing this specification, and any offers of
-patent licensing terms, please refer to the Intellectual Property Rights
-section of the Technical Committee web page (<span class=MsoHyperlink><span
-style='color:windowtext'><a
-href="https://www.oasis-open.org/committees/pkcs11/ipr.php">https://www.oasis-open.org/committees/pkcs11/ipr.php</a></span></span><span
-class=MsoHyperlink><span style='color:black'>).</span></span></p>
-
-<p class=Titlepageinfo>Citation format:</p>
-
-<p class=Abstract>When referencing this specification the following citation
-format should be used:</p>
-
-<p class=Abstract><span class=Refterm>[PKCS11-base-v2.40]</span></p>
-
-<p class=Abstract><i>PKCS #11 Cryptographic Token Interface Base Specification
-Version 2.40. </i>Edited by Susan Gleeson and Chris Zimman. 14 April 2015. OASIS
-Standard. <a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html">http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html</a>.
-Latest version: <a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html">http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html</a>.</p>
-
-<p class=Abstract>&nbsp;</p>
-
-<div style='border:none;border-top:solid gray 1.0pt;padding:1.0pt 0in 0in 0in'>
-
-<p class=Notices>Notices</p>
-
-</div>
-
-<p class=MsoNormal>Copyright © OASIS Open 2015. All Rights Reserved.</p>
-
-<p class=MsoNormal>All capitalized terms in the following text have the
-meanings assigned to them in the OASIS Intellectual Property Rights Policy (the
-&quot;OASIS IPR Policy&quot;). The full <a
-href="https://www.oasis-open.org/policies-guidelines/ipr">Policy</a> may be
-found at the OASIS website.</p>
-
-<p class=MsoNormal>This document and translations of it may be copied and
-furnished to others, and derivative works that comment on or otherwise explain
-it or assist in its implementation may be prepared, copied, published, and
-distributed, in whole or in part, without restriction of any kind, provided
-that the above copyright notice and this section are included on all such
-copies and derivative works. However, this document itself may not be modified
-in any way, including by removing the copyright notice or references to OASIS,
-except as needed for the purpose of developing any document or deliverable
-produced by an OASIS Technical Committee (in which case the rules applicable to
-copyrights, as set forth in the OASIS IPR Policy, must be followed) or as
-required to translate it into languages other than English.</p>
-
-<p class=MsoNormal>The limited permissions granted above are perpetual and will
-not be revoked by OASIS or its successors or assigns.</p>
-
-<p class=MsoNormal>This document and the information contained herein is
-provided on an &quot;AS IS&quot; basis and OASIS DISCLAIMS ALL WARRANTIES,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
-THE INFORMATION HEREIN WILL NOT INFRINGE ANY OWNERSHIP RIGHTS OR ANY IMPLIED
-WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.</p>
-
-<p class=MsoNormal>OASIS requests that any OASIS Party or any other party that
-believes it has patent claims that would necessarily be infringed by
-implementations of this OASIS Committee Specification or OASIS Standard, to
-notify OASIS TC Administrator and provide an indication of its willingness to
-grant patent licenses to such patent claims in a manner consistent with the IPR
-Mode of the OASIS Technical Committee that produced this specification.</p>
-
-<p class=MsoNormal>OASIS invites any party to contact the OASIS TC
-Administrator if it is aware of a claim of ownership of any patent claims that
-would necessarily be infringed by implementations of this specification by a
-patent holder that is not willing to provide a license to such patent claims in
-a manner consistent with the IPR Mode of the OASIS Technical Committee that
-produced this specification. OASIS may include such claims on its website, but
-disclaims any obligation to do so.</p>
-
-<p class=MsoNormal>OASIS takes no position regarding the validity or scope of
-any intellectual property or other rights that might be claimed to pertain to
-the implementation or use of the technology described in this document or the
-extent to which any license under such rights might or might not be available;
-neither does it represent that it has made any effort to identify any such
-rights. Information on OASIS' procedures with respect to rights in any document
-or deliverable produced by an OASIS Technical Committee can be found on the
-OASIS website. Copies of claims of rights made available for publication and
-any assurances of licenses to be made available, or the result of an attempt
-made to obtain a general license or permission for the use of such proprietary
-rights by implementers or users of this OASIS Committee Specification or OASIS
-Standard, can be obtained from the OASIS TC Administrator. OASIS makes no
-representation that any information or list of intellectual property rights
-will at any time be complete, or that any claims in such list are, in fact,
-Essential Claims.</p>
-
-<p class=MsoNormal>The name &quot;OASIS&quot; is a trademark of <a
-href="https://www.oasis-open.org/">OASIS</a>, the owner and developer of this
-specification, and should be used only to refer to the organization and its
-official outputs. OASIS welcomes reference to, and implementation and use of,
-specifications, while reserving the right to enforce its marks against
-misleading uses. Please see <span class=MsoHyperlink><a
-href="https://www.oasis-open.org/policies-guidelines/trademark">https://www.oasis-open.org/policies-guidelines/trademark</a></span>
-for above guidance.</p>
-
-<p class=MsoNormal><u><span style='text-decoration:none'>&nbsp;</span></u></p>
-
-<div style='border:none;border-top:solid gray 1.0pt;padding:1.0pt 0in 0in 0in'>
-
-<p class=Notices>Table of Contents</p>
-
-</div>
-
-<p class=MsoToc1><span class=MsoHyperlink><a href="#_Toc416959676">1<span
-style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:windowtext'>        </span>Introduction<span
-style='color:windowtext;display:none'>. </span><span
-style='color:windowtext;display:none'>6</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959677">1.1
-Terminology<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>6</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959678">1.2
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>6</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959679">1.3 Symbols
-and abbreviations<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>7</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959680">1.4
-Normative References<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>10</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959681">1.5
-Non-Normative References<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>11</span></a></span></p>
-
-<p class=MsoToc1><span class=MsoHyperlink><a href="#_Toc416959682">2<span
-style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:windowtext'>        </span>Platform-
-and compiler-dependent directives for C or C++<span style='color:windowtext;
-display:none'>. </span><span
-style='color:windowtext;display:none'>13</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959683">2.1
-Structure packing<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>13</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959684">2.2
-Pointer-related macros<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>13</span></a></span></p>
-
-<p class=MsoToc1><span class=MsoHyperlink><a href="#_Toc416959685">3<span
-style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:windowtext'>        </span>General
-data types<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>15</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959686">3.1 General
-information<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>15</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959687">3.2 Slot and
-token types<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>16</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959688">3.3 Session
-types<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>22</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959689">3.4 Object
-types<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>23</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959690">3.5 Data
-types for mechanisms<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>27</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959691">3.6 Function
-types<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>29</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959692">3.7
-Locking-related types<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>32</span></a></span></p>
-
-<p class=MsoToc1><span class=MsoHyperlink><a href="#_Toc416959693">4<span
-style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:windowtext'>        </span>Objects<span
-style='color:windowtext;display:none'>. </span><span
-style='color:windowtext;display:none'>35</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959694">4.1
-Creating, modifying, and copying objects<span style='color:windowtext;
-display:none'>. </span><span
-style='color:windowtext;display:none'>36</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc416959695">4.1.1
-Creating objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>36</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc416959696">4.1.2
-Modifying objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>37</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc416959697">4.1.3
-Copying objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>37</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959698">4.2 Common
-attributes<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>38</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959699">4.3 Hardware
-Feature Objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>38</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc416959700">4.3.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>38</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc416959701">4.3.2
-Overview<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>38</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc416959702">4.3.3 Clock<span
-style='color:windowtext;display:none'>. </span><span
-style='color:windowtext;display:none'>39</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc416959703">4.3.4
-Monotonic Counter Objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>39</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc416959704">4.3.5 User
-Interface Objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>39</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959705">4.4 Storage
-Objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>40</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959706">4.5 Data
-objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>41</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc416959707">4.5.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>41</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc416959708">4.5.2
-Overview<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>41</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959709">4.6
-Certificate objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>42</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc416959710">4.6.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>42</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc416959711">4.6.2
-Overview<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>42</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc416959712">4.6.3 X.509
-public key certificate objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>43</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc416959713">4.6.4 WTLS
-public key certificate objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>45</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc416959714">4.6.5 X.509
-attribute certificate objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>47</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959715">4.7 Key
-objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>48</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc416959716">4.7.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>48</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc416959717">4.7.2
-Overview<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>48</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959718">4.8 Public
-key objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>49</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959719">4.9 Private
-key objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>50</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc416959720">4.9.1 RSA
-private key objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>52</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959721">4.10 Secret
-key objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>53</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959722">4.11 Domain
-parameter objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>56</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc416959723">4.11.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>56</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc416959724">4.11.2
-Overview<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>56</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959725">4.12
-Mechanism objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>56</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc416959726">4.12.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>56</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc416959727">4.12.2
-Overview<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>56</span></a></span></p>
-
-<p class=MsoToc1><span class=MsoHyperlink><a href="#_Toc416959728">5<span
-style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:windowtext'>        </span>Functions<span
-style='color:windowtext;display:none'>. </span><span
-style='color:windowtext;display:none'>58</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959729">5.1 Function
-return values<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>61</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc416959730">5.1.1
-Universal Cryptoki function return values<span style='color:windowtext;
-display:none'>. </span><span
-style='color:windowtext;display:none'>61</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc416959731">5.1.2
-Cryptoki function return values for functions that use a session handle<span
-style='color:windowtext;display:none'>. </span><span
-style='color:windowtext;display:none'>62</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc416959732">5.1.3
-Cryptoki function return values for functions that use a token<span
-style='color:windowtext;display:none'>. </span><span
-style='color:windowtext;display:none'>62</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc416959733">5.1.4
-Special return value for application-supplied callbacks<span style='color:windowtext;
-display:none'>. </span><span
-style='color:windowtext;display:none'>62</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc416959734">5.1.5
-Special return values for mutex-handling functions<span style='color:windowtext;
-display:none'>. </span><span
-style='color:windowtext;display:none'>63</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc416959735">5.1.6 All
-other Cryptoki function return values<span style='color:windowtext;display:
-none'>. </span><span
-style='color:windowtext;display:none'>63</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc416959736">5.1.7 More
-on relative priorities of Cryptoki errors<span style='color:windowtext;
-display:none'>. </span><span
-style='color:windowtext;display:none'>68</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc416959737">5.1.8 Error
-code “gotchas”<span style='color:windowtext;display:none'> </span><span style='color:windowtext;display:none'>68</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959738">5.2
-Conventions for functions returning output in a variable-length buffer<span
-style='color:windowtext;display:none'> </span><span
-style='color:windowtext;display:none'>68</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959739">5.3
-Disclaimer concerning sample code<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>69</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959740">5.4
-General-purpose functions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>69</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959741">5.5 Slot and
-token management functions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>72</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959742">5.6 Session
-management functions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>81</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959743">5.7 Object
-management functions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>89</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959744">5.8
-Encryption functions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>98</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959745">5.9
-Decryption functions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>102</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959746">5.10 Message
-digesting functions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>105</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959747">5.11 Signing
-and MACing functions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>108</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959748">5.12
-Dual-function cryptographic functions<span style='color:windowtext;display:
-none'>. </span><span
-style='color:windowtext;display:none'>116</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959749">5.13 Key
-management functions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>127</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959750">5.14 Random
-number generation functions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>135</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959751">5.15
-Parallel function management functions<span style='color:windowtext;display:
-none'>. </span><span
-style='color:windowtext;display:none'>136</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc416959752">5.16
-Callback functions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>137</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc416959753">5.16.1
-Surrender callbacks<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>137</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc416959754">5.16.2
-Vendor-defined callbacks<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>137</span></a></span></p>
-
-<p class=MsoToc1><span class=MsoHyperlink><a href="#_Toc416959755">6<span
-style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:windowtext'>        </span>PKCS
-#11 Implementation Conformance<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>138</span></a></span></p>
-
-<p class=MsoToc1><span class=MsoHyperlink><a href="#_Toc416959756">Appendix A.<span
-style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:windowtext'>       </span>Acknowledgments<span
-style='color:windowtext;display:none'>. </span><span
-style='color:windowtext;display:none'>139</span></a></span></p>
-
-<p class=MsoToc1><span class=MsoHyperlink><a href="#_Toc416959757">Appendix B.<span
-style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:windowtext'>       </span>Manifest
-constants<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>142</span></a></span></p>
-
-<p class=MsoToc1><span class=MsoHyperlink><a href="#_Toc416959758">Appendix C.<span
-style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:windowtext'>       </span>Revision
-History<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>149</span></a></span></p>
-
-<p class=TextBody>&nbsp;</p>
-
-<p class=TextBody>&nbsp;</p>
-
-</div>
-
-<span style='font-size:10.0pt;font-family:"Arial","sans-serif"'><br clear=all
-style='page-break-before:always'>
-</span>
-
-<div class=WordSection2>
-
-<div style='border:none;border-top:solid gray 1.0pt;padding:6.0pt 0in 0in 0in'>
-
-<h1><a name="_Toc416959676"></a><a name="_Toc395183749"></a><a
-name="_Toc391468753"></a><a name="_Toc370633959">1<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span>Introduction</a></h1>
-
-</div>
-
-<p class=MsoNormal><a name="_Toc287332007"></a><a name="_Toc85472893">This
-document describes the basic PKCS#11 token interface and token behavior.</a></p>
-
-<p class=MsoNormal>The PKCS#11 standard specifies an application programming
-interface (API), called “Cryptoki,” for devices that hold cryptographic
-information and perform cryptographic functions.  Cryptoki follows a simple
-object based approach, addressing the goals of technology independence (any
-kind of device) and resource sharing (multiple applications accessing multiple
-devices), presenting to applications a common, logical view of the device
-called a “cryptographic token”.</p>
-
-<p class=MsoNormal>This document specifies the data types and functions
-available to an application requiring cryptographic services using the ANSI C
-programming language.  The supplier of a Cryptoki library implementation
-typically provides these data types and functions via ANSI C header files. 
-Generic ANSI C header files for Cryptoki are available from the PKCS#11 web
-page.  This document and up-to-date errata for Cryptoki will also be available
-from the same place.</p>
-
-<p class=MsoNormal>Additional documents may provide a generic, language-independent
-Cryptoki interface and/or bindings between Cryptoki and other programming
-languages.</p>
-
-<p class=MsoNormal>Cryptoki isolates an application from the details of the
-cryptographic device.  The application does not have to change to interface to
-a different type of device or to run in a different environment; thus, the
-application is portable.  How Cryptoki provides this isolation is beyond the
-scope of this document, although some conventions for the support of multiple
-types of device will be addressed here and possibly in a separate document.</p>
-
-<p class=MsoNormal>Details of cryptographic mechanisms (algorithms) may be
-found in the associated PKCS#11 Mechanisms documents.</p>
-
-<h2><a name="_Toc416959677"></a><a name="_Toc395183750"></a><a
-name="_Toc391468754"></a><a name="_Toc370633960">1.1 Terminology</a></h2>
-
-<p class=MsoNormal>The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”,
-“SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in
-this document are to be interpreted as described in <span
-class=Refterm><span style='font-size:12.0pt'>[RFC2119]</span></span>.</p>
-
-<h2><a name="_Toc416959678"></a><a name="_Toc395183751"></a><a
-name="_Toc391468755"></a><a name="_Toc370633961">1.2 Definitions</a></h2>
-
-<p class=MsoNormal>For the purposes of this standard, the following definitions
-apply:</p>
-
-<p class=definition0 style='margin-bottom:6.0pt'><b>                                           API</b>       Application
-programming interface.</p>
-
-<p class=definition0 style='margin-bottom:6.0pt'><b>                              Application</b>       Any
-computer program that calls the Cryptoki interface.</p>
-
-<p class=definition0 style='margin-bottom:6.0pt'><b>                                       ASN.1</b>       Abstract
-Syntax Notation One, as defined in X.680.</p>
-
-<p class=definition0 style='margin-bottom:6.0pt'><b>                                   Attribute       </b>A
-characteristic of an object.</p>
-
-<p class=definition0 style='margin-bottom:6.0pt'><b>                                         BER</b>       Basic
-Encoding Rules, as defined in X.690.</p>
-
-<p class=definition0 style='margin-bottom:6.0pt'><b>                                         CBC       </b>Cipher-Block
-Chaining mode, as defined in FIPS PUB 81.</p>
-
-<p class=definition0 style='margin-bottom:6.0pt'><b>                                 Certificate</b>       A
-signed message binding a subject name and a public key, or a subject name and a
-set of attributes.</p>
-
-<p class=definition0 style='margin-bottom:6.0pt'><b>                                         CMS       </b>Cryptographic
-Message Syntax (see RFC 5652)</p>
-
-<p class=definition0 style='margin-bottom:6.0pt'><b>               Cryptographic
-Device</b>       A device storing cryptographic information and possibly performing
-cryptographic functions.  May be implemented as a smart card, smart disk,
-PCMCIA card, or with some other technology, including software-only.</p>
-
-<p class=definition0 style='margin-bottom:6.0pt'><b>                                   Cryptoki       </b>The
-Cryptographic Token Interface defined in this standard.</p>
-
-<p class=definition0 style='margin-bottom:6.0pt'><b>                        Cryptoki
-library</b>       A library that implements the functions specified in this
-standard.</p>
-
-<p class=definition0 style='margin-bottom:6.0pt'><b>                                         DER</b>       Distinguished
-Encoding Rules, as defined in X.690.</p>
-
-<p class=definition0 style='margin-bottom:6.0pt'><b>                                         DES       </b>Data
-Encryption Standard, as defined in FIPS PUB 46-3.</p>
-
-<p class=definition0 style='margin-bottom:6.0pt'><b>                                         DSA       </b>Digital
-Signature Algorithm, as defined in FIPS PUB 186-4.</p>
-
-<p class=definition0 style='margin-bottom:6.0pt'>                                            <b>EC</b>       Elliptic
-Curve</p>
-
-<p class=definition0 style='margin-bottom:6.0pt'><b>                                         ECB</b>       Electronic
-Codebook mode, as defined in FIPS PUB 81.</p>
-
-<p class=definition0 style='margin-bottom:6.0pt'><b>                                             IV       </b>Initialization
-Vector.</p>
-
-<p class=definition0 style='margin-bottom:6.0pt'><b>                                         MAC</b>       Message
-Authentication Code.</p>
-
-<p class=definition0 style='margin-bottom:6.0pt'><b>                              Mechanism</b>       A
-process for implementing a cryptographic operation.</p>
-
-<p class=definition0 style='margin-bottom:6.0pt'><b>                                      Object</b>       An
-item that is stored on a token.  May be data, a certificate, or a key.</p>
-
-<p class=definition0 style='margin-bottom:6.0pt'><b>                                           PIN</b>       Personal
-Identification Number.</p>
-
-<p class=definition0 style='margin-bottom:6.0pt'><b>                                       PKCS</b>       Public-Key
-Cryptography Standards.</p>
-
-<p class=definition0 style='margin-bottom:6.0pt'><b>                                          PRF</b>       Pseudo
-random function.</p>
-
-<p class=definition0 style='margin-bottom:6.0pt'><b>                                          PTD       </b>Personal
-Trusted Device, as defined in MeT-PTD</p>
-
-<p class=definition0 style='margin-bottom:6.0pt'><b>                                         RSA</b>       The
-RSA public-key cryptosystem.</p>
-
-<p class=definition0 style='margin-bottom:6.0pt'><b>                                     Reader</b>       The
-means by which information is exchanged with a device.</p>
-
-<p class=definition0 style='margin-bottom:6.0pt'><b>                                    Session</b>       A
-logical connection between an application and a token.</p>
-
-<p class=definition0 style='margin-bottom:6.0pt'><b>                                          Slot</b>       A
-logical reader that potentially contains a token.</p>
-
-<p class=definition0 style='margin-bottom:6.0pt'>                                          <b>SSL</b>       The
-Secure Sockets Layer 3.0 protocol.</p>
-
-<p class=definition0 style='margin-bottom:6.0pt'>                           <b>Subject
-Name</b>       The X.500 distinguished name of the entity to which a key is assigned.</p>
-
-<p class=definition0 style='margin-bottom:6.0pt'><b>                                           SO</b>       A
-Security Officer user.</p>
-
-<p class=definition0 style='margin-bottom:6.0pt'><b>                                          TLS</b>       Transport
-Layer Security.</p>
-
-<p class=definition0 style='margin-bottom:6.0pt'><b>                                       Token</b>       The
-logical view of a cryptographic device defined by Cryptoki.</p>
-
-<p class=definition0 style='margin-bottom:6.0pt'><b>                                         User</b>       The
-person using an application that interfaces to Cryptoki.</p>
-
-<p class=definition0 style='margin-bottom:6.0pt'><b>                                       UTF-8       </b>Universal
-Character Set (UCS) transformation format (UTF) that represents ISO 10646 and
-UNICODE strings with a variable number of octets.</p>
-
-<p class=definition0 style='margin-bottom:6.0pt'><b>                                         WIM</b>       Wireless
-Identification Module.</p>
-
-<p class=definition0><b>                                       WTLS</b>       Wireless
-Transport Layer Security.</p>
-
-<p class=definition0>&nbsp;</p>
-
-<h2><a name="_Toc416959679"></a><a name="_Toc395183752"></a><a
-name="_Toc391468756"></a><a name="_Toc370633962"></a><a name="_Toc235002204"></a><a
-name="_Toc72655990"></a><a name="_Toc405794607"></a><a name="_Toc385057786"></a><a
-name="_Toc383864799"></a><a name="_Toc323610788"></a><a name="_Toc323205359"></a><a
-name="_Toc323024028"></a><a name="_Toc323000668"></a><a name="_Toc322945055"></a><a
-name="_Toc322855259"></a><a name="_Ref320327683"></a><a name="_Toc319315662"></a><a
-name="_Toc319313669"></a><a name="_Toc319313476"></a><a name="_Toc319287635">1.3
-Symbols and abbreviations</a></h2>
-
-<p class=MsoNormal style='page-break-after:avoid'>The following symbols are
-used in this standard:</p>
-
-<p class=MsoCaption><a name="_Toc225305933"></a><a name="_Toc405794963">Table </a>1, Symbols</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='border-collapse:collapse;border:none'>
- <tr>
-  <td valign=top style='border:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal><b>Symbol</b></p>
-  </td>
-  <td valign=top style='border:solid windowtext 1.0pt;border-left:none;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal><b>Definition</b></p>
-  </td>
- </tr>
- <tr>
-  <td valign=top style='border:solid windowtext 1.0pt;border-top:none;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>N/A</p>
-  </td>
-  <td valign=top style='border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;
-  border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Not applicable</p>
-  </td>
- </tr>
- <tr>
-  <td valign=top style='border:solid windowtext 1.0pt;border-top:none;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>R/O</p>
-  </td>
-  <td valign=top style='border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;
-  border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Read-only</p>
-  </td>
- </tr>
- <tr>
-  <td valign=top style='border:solid windowtext 1.0pt;border-top:none;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>R/W</p>
-  </td>
-  <td valign=top style='border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;
-  border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Read/write</p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal style='margin-top:12.0pt;page-break-after:avoid'>The
-following prefixes are used in this standard:</p>
-
-<p class=MsoCaption><a name="_Toc225305934"></a><a name="_Toc405794964">Table </a>2, Prefixes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=62 valign=top style='width:46.55pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-family:
-   "Arial","sans-serif"'>Prefix</span></b></p>
-   </td>
-   <td width=220 valign=top style='width:164.95pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-family:
-   "Arial","sans-serif"'>Description</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=62 valign=top style='width:46.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>C_</span></p>
-  </td>
-  <td width=220 valign=top style='width:164.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Function</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=62 valign=top style='width:46.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_</span></p>
-  </td>
-  <td width=220 valign=top style='width:164.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Data
-  type or general constant</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=62 valign=top style='width:46.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKA_</span></p>
-  </td>
-  <td width=220 valign=top style='width:164.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Attribute</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=62 valign=top style='width:46.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKC_</span></p>
-  </td>
-  <td width=220 valign=top style='width:164.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Certificate
-  type</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=62 valign=top style='width:46.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKD_</span></p>
-  </td>
-  <td width=220 valign=top style='width:164.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Key
-  derivation function</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=62 valign=top style='width:46.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span lang=SV style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKF_</span></p>
-  </td>
-  <td width=220 valign=top style='width:164.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span lang=SV style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Bit
-  flag</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=62 valign=top style='width:46.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKG_</span></p>
-  </td>
-  <td width=220 valign=top style='width:164.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Mask
-  generation function</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=62 valign=top style='width:46.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKH_</span></p>
-  </td>
-  <td width=220 valign=top style='width:164.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Hardware
-  feature type</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=62 valign=top style='width:46.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKK_</span></p>
-  </td>
-  <td width=220 valign=top style='width:164.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Key
-  type</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=62 valign=top style='width:46.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKM_</span></p>
-  </td>
-  <td width=220 valign=top style='width:164.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Mechanism
-  type</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=62 valign=top style='width:46.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKN_</span></p>
-  </td>
-  <td width=220 valign=top style='width:164.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Notification</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=62 valign=top style='width:46.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKO_</span></p>
-  </td>
-  <td width=220 valign=top style='width:164.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Object
-  class</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=62 valign=top style='width:46.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKP_</span></p>
-  </td>
-  <td width=220 valign=top style='width:164.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Pseudo-random
-  function</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=62 valign=top style='width:46.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKS_</span></p>
-  </td>
-  <td width=220 valign=top style='width:164.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Session
-  state</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=62 valign=top style='width:46.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKR_</span></p>
-  </td>
-  <td width=220 valign=top style='width:164.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Return
-  value</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=62 valign=top style='width:46.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKU_</span></p>
-  </td>
-  <td width=220 valign=top style='width:164.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>User
-  type</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=62 valign=top style='width:46.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKZ_</span></p>
-  </td>
-  <td width=220 valign=top style='width:164.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Salt/Encoding
-  parameter source</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=62 valign=top style='width:46.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>h</span></p>
-  </td>
-  <td width=220 valign=top style='width:164.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>a
-  handle</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=62 valign=top style='width:46.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>ul</span></p>
-  </td>
-  <td width=220 valign=top style='width:164.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>a
-  CK_ULONG</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=62 valign=top style='width:46.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>p</span></p>
-  </td>
-  <td width=220 valign=top style='width:164.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>a
-  pointer</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=62 valign=top style='width:46.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>pb</span></p>
-  </td>
-  <td width=220 valign=top style='width:164.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>a
-  pointer to a CK_BYTE</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=62 valign=top style='width:46.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>ph</span></p>
-  </td>
-  <td width=220 valign=top style='width:164.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>a
-  pointer to a handle</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=62 valign=top style='width:46.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>pul</span></p>
-  </td>
-  <td width=220 valign=top style='width:164.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>a
-  pointer to a CK_ULONG</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<p class=MsoNormal>Cryptoki is based on ANSI C types, and defines the following
-data types<a name="CK_BYTE"></a>:</p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>/* an
-unsigned 8-bit value */</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-unsigned char CK_BYTE;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>&nbsp;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>/* an
-unsigned 8-bit character */</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-CK_BYTE CK_CHAR;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>&nbsp;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>/* an
-8-bit UTF-8 character */</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-CK_BYTE CK_UTF8CHAR;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>&nbsp;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>/* a
-BYTE-sized Boolean flag */</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-CK_BYTE CK_BBOOL;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>&nbsp;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>/* an
-unsigned value, at least 32 bits long */</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-unsigned long int CK_ULONG;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>&nbsp;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>/* a
-signed value, the same size as a CK_ULONG */</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-long int CK_LONG;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>&nbsp;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>/* at
-least 32 bits; each bit is a Boolean flag */</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-CK_ULONG CK_FLAGS;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-</div>
-
-<p class=MsoNormal>Cryptoki also uses pointers to some of these data types, as
-well as to the type void, which are implementation-dependent.  These pointer
-types are:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_BYTE_PTR     
-/* Pointer to a CK_BYTE */</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_CHAR_PTR     
-/* Pointer to a CK_CHAR */</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_UTF8CHAR_PTR 
-/* Pointer to a CK_UTF8CHAR */ </p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_ULONG_PTR    
-/* Pointer to a CK_ULONG */</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_VOID_PTR     
-/* Pointer to a void */</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-</div>
-
-<p class=MsoNormal>Cryptoki also defines a pointer to a CK_VOID_PTR, which is
-implementation-dependent:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_VOID_PTR_PTR 
-/* Pointer to a CK_VOID_PTR */</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-</div>
-
-<p class=MsoNormal>In addition, Cryptoki defines a C-style NULL pointer, which
-is distinct from any valid pointer:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>NULL_PTR        
-/* A NULL pointer */</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-</div>
-
-<p class=MsoNormal>It follows that many of the data and pointer types will vary
-somewhat from one environment to another (<i>e.g.</i>, a CK_ULONG will
-sometimes be 32 bits, and sometimes perhaps 64 bits).  However, these details
-should not affect an application, assuming it is compiled with Cryptoki header
-files consistent with the Cryptoki library to which the application is linked.</p>
-
-<p class=MsoNormal>All numbers and values expressed in this document are
-decimal, unless they are preceded by “0x”, in which case they are hexadecimal
-values.</p>
-
-<p class=MsoNormal>The <b>CK_CHAR</b> data type holds characters from the
-following table, taken from ANSI C:</p>
-
-<p class=MsoCaption><a name="_Toc225305935"></a><a name="_Toc405794965"></a><a
-name="_Toc383864504"></a><a name="_Toc323204874"></a><a name="_Ref320504353"></a><a
-name="_Ref383947636">Table </a>3, Character Set</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=138 valign=top style='width:103.5pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Category</span></b></p>
-   </td>
-   <td width=396 valign=top style='width:297.0pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Characters</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=138 valign=top style='width:103.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Letters</span></p>
-  </td>
-  <td width=396 valign=top style='width:297.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>A B C D E F G H I J K L M N O P Q R S T U V
-  W X Y Z a b c d e f g h i j k l m n o p q r s t u v w x y z</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=138 valign=top style='width:103.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Numbers</span></p>
-  </td>
-  <td width=396 valign=top style='width:297.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0 1 2 3 4 5 6 7 8 9</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=138 valign=top style='width:103.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Graphic characters</span></p>
-  </td>
-  <td width=396 valign=top style='width:297.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>! “ # % &amp; ‘ ( ) * + , - . / : ; &lt; =
-  &gt; ? [ \ ] ^ _ { | } ~</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=138 valign=top style='width:103.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Blank
-  character</span></p>
-  </td>
-  <td width=396 valign=top style='width:297.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>‘
-  ‘</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>The <b>CK_UTF8CHAR</b> data type holds UTF-8 encoded Unicode
-characters as specified in RFC2279. UTF-8 allows internationalization while
-maintaining backward compatibility with the Local String definition of PKCS #11
-version 2.01. </p>
-
-<p class=MsoNormal>In Cryptoki, the <b>CK_BBOOL</b> data type is a Boolean type
-that can be true or false.  A zero value means false, and a nonzero value means
-true.  Similarly, an individual bit flag, <b>CKF_</b>..., can also be set
-(true) or unset (false). For convenience, Cryptoki defines the following macros
-for use with values of type <b>CK_BBOOL</b>:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>#define
-CK_FALSE 0</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>#define
-CK_TRUE  1</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;page-break-after:avoid;
-background:#D9D9D9'><span style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-</div>
-
-<p class=MsoNormal>For backwards compatibility, header files for this version
-of Cryptoki also define TRUE and FALSE as (CK_DISABLE_TRUE_FALSE may be set by
-the application vendor):</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>#ifndef
-CK_DISABLE_TRUE_FALSE</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>#ifndef
-FALSE</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>#define
-FALSE CK_FALSE</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>#endif</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>&nbsp;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>#ifndef
-TRUE</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>#define
-TRUE CK_TRUE</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>#endif</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>#endif</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-</div>
-
-<h2><a name="_Toc416959680"></a><a name="_Toc395183753"></a><a
-name="_Toc391468757"></a><a name="_Toc370633963"></a><a name="_Toc287332008"></a><a
-name="_Toc85472894"></a><a name="_Toc12011611"></a><a name="_Ref7502892">1.4 Normative</a>
-References</h2>
-
-<p class=Ref style='margin-left:0in;text-indent:.25in'><b> [FIPS PUB 46-3]</b>     NIST. 
-<i>FIPS 46-3: Data Encryption Standard.  </i><span lang=SV>October 1999. </span></p>
-
-<p class=Ref style='text-indent:0in'><span lang=SV>URL:  <a
-href="http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf">http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf</a></span></p>
-
-<p class=Ref><b>[FIPS PUB 81]</b>        NIST.  <i>FIPS 81: DES Modes of
-Operation.  </i><span lang=SV>December 1980. </span></p>
-
-<p class=Ref style='text-indent:0in'><span lang=SV>URL:  <a
-href="http://csrc.nist.gov/publications/fips/fips81/fips81.htm">http://csrc.nist.gov/publications/fips/fips81/fips81.htm</a></span></p>
-
-<p class=Ref><b>[FIPS PUB 186-4]    </b>NIST.  FIPS 186-4:  Digital Signature
-Standard.  July, 2013.</p>
-
-<p class=Ref><b>                              </b>URL:  <a
-href="http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf">http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf</a></p>
-
-<p class=Ref><b><span style='color:windowtext'>[PKCS11-Curr]</span></b><span
-class=Refterm><span style='font-weight:normal'>        <i>PKCS #11
-Cryptographic Token Interface Current Mechanisms Specification Version 2.40</i>.
-Edited by Susan Gleeson and Chris Zimman. 14 April 2015. OASIS Standard. <a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/os/pkcs11-curr-v2.40-os.html">http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/os/pkcs11-curr-v2.40-os.html</a>.
-Latest version: <a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/pkcs11-curr-v2.40.html">http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/pkcs11-curr-v2.40.html</a>.</span></span></p>
-
-<p class=Ref><b><span style='color:#3B006F'> </span></b><b><span
-style='color:windowtext'>[PKCS11-Hist]</span></b><span class=Refterm><span
-style='font-weight:normal'>        <i>PKCS #11 Cryptographic Token Interface
-Historical Mechanisms Specification Version 2.40</i>. Edited by Susan Gleeson
-and Chris Zimman. 14 April 2015. OASIS Standard. <a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-hist/v2.40/os/pkcs11-hist-v2.40-os.html">http://docs.oasis-open.org/pkcs11/pkcs11-hist/v2.40/os/pkcs11-hist-v2.40-os.html</a>.
-Latest version: <a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-hist/v2.40/pkcs11-hist-v2.40.html">http://docs.oasis-open.org/pkcs11/pkcs11-hist/v2.40/pkcs11-hist-v2.40.html</a>.</span></span></p>
-
-<p class=Ref><b><span style='color:windowtext'> [PKCS11-Prof]</span></b><span
-class=Refterm><span style='font-weight:normal'>       <i>PKCS #11 Cryptographic
-Token Interface Profiles Version 2.40</i>. Edited by Tim Hudson. 14 April 2015.
-OASIS Standard. <a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-profiles/v2.40/os/pkcs11-profiles-v2.40-os.html">http://docs.oasis-open.org/pkcs11/pkcs11-profiles/v2.40/os/pkcs11-profiles-v2.40-os.html</a>.
-Latest version: <a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-profiles/v2.40/pkcs11-profiles-v2.40.html">http://docs.oasis-open.org/pkcs11/pkcs11-profiles/v2.40/pkcs11-profiles-v2.40.html</a>.</span></span></p>
-
-<p class=Ref><b> [PKCS #1]</b>              RSA Laboratories.  <i>RSA
-Cryptography Standard. </i> v2.1, June 14, 2002.</p>
-
-<p class=Ref>                              URL: 
-ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf </p>
-
-<p class=Ref><b>[PKCS #3]</b>               RSA Laboratories.  <i>Diffie-Hellman
-Key-Agreement Standard.</i>  v1.4, November 1993. </p>
-
-<p class=Ref><b>                              </b>URL: 
-ftp://ftp.rsasecurity.com/pub/pkcs/doc/pkcs-3.doc</p>
-
-<p class=Ref><b>[PKCS #5]</b>               RSA Laboratories.  <i>Password-Based
-Encryption Standard</i>.  v2.0, March 25, 1999 </p>
-
-<p class=Ref><b>                              </b>URL:  ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-5v2/pkcs5v2-0.pdf</p>
-
-<p class=Ref><b><span lang=FR-CH>[PKCS #7]               </span></b><span
-lang=FR-CH>RSA </span><span lang=FR>Laboratories.  <i>Cryptographic Message
-Syntax Standard.</i>  </span>v1.5, November 1993</p>
-
-<p class=Ref><b>                              </b>URL&nbsp;: 
-ftp://ftp.rsasecurity.com/pub/pkcs/doc/pkcs-7.doc</p>
-
-<p class=Ref><b>[PKCS #8]</b>               RSA Laboratories.  <i>Private-Key
-Information Syntax Standard</i>.  v1.2, November 1993. </p>
-
-<p class=Ref><b>                              </b>URL:  ftp://ftp.rsasecurity.com/pub/pkcs/doc/pkcs-8.doc</p>
-
-<p class=Ref><b><span style='color:windowtext'>[PKCS11-UG]</span></b><span
-class=Refterm><span style='font-weight:normal'>          </span></span><i>PKCS
-#11 Cryptographic Token Interface Usage Guide Version 2.40</i>. Edited by John
-Leiseboer and Robert Griffin. 16 November 2014. OASIS Committee Note 02. <a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/cn02/pkcs11-ug-v2.40-cn02.html">http://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/cn02/pkcs11-ug-v2.40-cn02.html</a>.
-Latest version: <a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/pkcs11-ug-v2.40.html">http://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/pkcs11-ug-v2.40.html</a>.
-</p>
-
-<p class=Ref><b><span lang=FR-CH>[PKCS #12]</span></b><span lang=FR-CH>             RSA
-Laboratories.  <i>Personal</i></span><i><span lang=FR> Information Exchange
-Syntax Standard</span></i><span lang=FR>.  </span>v1.0,  June 1999.</p>
-
-<p class=Ref><a name=rfc2119><span class=Refterm>[RFC2119]</span></a>               Bradner,
-S., “Key words for use in RFCs to Indicate Requirement Levels”, BCP 14, RFC
-2119, March 1997. </p>
-
-<p class=Ref style='text-indent:0in'><span lang=FR-CH>URL:  </span><a
-href="http://www.ietf.org/rfc/rfc2119.txt"><span lang=FR-CH>http://www.ietf.org/rfc/rfc2119.txt</span></a><span
-lang=FR-CH>.</span></p>
-
-<p class=Ref><b><span lang=FR-CH>[RFC 2279]</span></b><span lang=FR-CH>              F.
-Yergeau.  </span><i>RFC 2279: </i>UTF-8, a transformation format of ISO 10646
-Alis Technologies, January 1998.<span lang=EN-AU> URL: </span><a
-href="http://ietf.org/rfc/rfc2279.txt"><span lang=EN-AU>http://www.ietf.org/rfc/rfc2279.txt</span></a></p>
-
-<p class=Ref><b><span lang=EN-AU>[RFC 2534]</span></b><span lang=EN-AU>              Masinter,
-L., Wing, D., Mutz, A., and K. Holtman. <i>RFC 2534: Media Features for
-Display, Print, and Fax.</i> March 1999. URL: <a
-href="http://ietf.org/rfc/rfc2534.txt">http://www.ietf.org/rfc/rfc2534.txt</a></span></p>
-
-<p class=Ref><b>[TLS]</b>                      IETF. <i>RFC 2246: The TLS
-Protocol Version 1.0 .</i> January 1999. </p>
-
-<p class=Ref style='text-indent:0in'>URL:  <u><a href="http://www.ietf.org/"><span
-lang=EN-AU>http://www.ietf.org/rfc/rfc2246.txt</span></a></u></p>
-
-<p class=Ref><b>[RFC 5652]              </b><span lang=EN-AU>R.</span> Housley.
-<i>RFC 5652: Cryptographic Message Syntax</i>. Septmber 2009. URL: <span
-lang=IT><a href="http://www.ietf.org/rfc/rfc5652.txt"><span lang=EN-US>http://www.ietf.org/rfc/rfc5652.txt</span></a></span></p>
-
-<p class=Ref><b>[X.500]</b>                    ITU-T. Information Technology —
-Open Systems Interconnection — The Directory: Overview of Concepts, Models and
-Services.  February 2001. Identical to ISO/IEC 9594-1</p>
-
-<p class=Ref><b>[X.509]</b>                    ITU-T. Information Technology —
-Open Systems Interconnection — The Directory: Public-key and Attribute
-Certificate Frameworks.  March 2000.</p>
-
-<p class=Ref>                              Identical to ISO/IEC 9594-8</p>
-
-<p class=Ref><b>[X.680]</b>                    ITU-T. Information Technology —
-Abstract Syntax Notation One (ASN.1): Specification of Basic Notation.  July
-2002.</p>
-
-<p class=Ref>                              Identical to ISO/IEC 8824-1</p>
-
-<p class=Ref><b>[X.690]</b>                    ITU-T. Information Technology —
-ASN.1 Encoding Rules: Specification of Basic Encoding Rules (BER), Canonical
-Encoding Rules (CER), and Distinguished Encoding Rules (DER).  July 2002.</p>
-
-<p class=Ref>                              Identical to ISO/IEC 8825-1</p>
-
-<p class=Ref style='margin-left:0in;text-indent:0in'>&nbsp;</p>
-
-<h2><a name="_Toc416959681"></a><a name="_Toc395183754"></a><a
-name="_Toc391468758"></a><a name="_Toc370633964"></a><a name="_Toc287332009"></a><a
-name="_Toc85472895">1.5 Non-Normative References</a></h2>
-
-<p class=Ref><b>[ANSI C]</b>                 ANSI/ISO.  American National
-Standard for Programming Languages – C.  1990.</p>
-
-<p class=Ref><b>[CC/PP]</b>                  W3C. <i>Composite
-Capability/Preference Profiles (CC/PP): Structure and Vocabularies</i>. World
-Wide Web Consortium, January 2004. </p>
-
-<p class=Ref style='text-indent:0in'>URL:  <a
-href="http://www.w3.org/TR/CCPP-struct-vocab/">http://www.w3.org/TR/CCPP-struct-vocab/</a></p>
-
-<p class=Ref><b>[CDPD</b>]                   Ameritech Mobile Communications et
-al.  Cellular Digital Packet Data System Specifications: Part 406: Airlink
-Security.  1993.</p>
-
-<p class=Ref><b> [GCS-API]</b>              X/Open Company Ltd.  Generic
-Cryptographic Service API (GCS-API), Base - Draft 2.  February 14, 1995.</p>
-
-<p class=Ref><b>[ISO/IEC 7816-1]</b>     ISO. Information Technology —
-Identification Cards — Integrated Circuit(s) with Contacts — Part 1: Physical
-Characteristics.  1998.</p>
-
-<p class=Ref><b>[ISO/IEC 7816-4]</b>     ISO. Information Technology —
-Identification Cards — Integrated Circuit(s) with Contacts — Part 4:
-Interindustry Commands for Interchange.  1995.</p>
-
-<p class=Ref><b>[ISO/IEC 8824-1]</b>     ISO. Information Technology-- Abstract
-Syntax Notation One (ASN.1): Specification of Basic Notation.  2002.</p>
-
-<p class=Ref><b>[ISO/IEC 8825-1]</b>     ISO. Information Technology—ASN.1
-Encoding Rules: Specification of Basic Encoding Rules (BER), Canonical Encoding
-Rules (CER), and Distinguished Encoding Rules (DER).  2002.</p>
-
-<p class=Ref><b>[ISO/IEC 9594-1]</b>     ISO. Information Technology — Open
-Systems Interconnection — The Directory: Overview of Concepts, Models and
-Services.  2001.</p>
-
-<p class=Ref><b>[ISO/IEC 9594-8]</b>     ISO. Information Technology — Open
-Systems Interconnection — The Directory: Public-key and Attribute Certificate
-Frameworks.  2001</p>
-
-<p class=Ref><b>[ISO/IEC 9796-2]</b>     ISO.  Information Technology —
-Security Techniques — Digital Signature Scheme Giving Message Recovery — Part
-2: Integer factorization based mechanisms.  2002.</p>
-
-<p class=Ref>&nbsp;</p>
-
-<p class=Ref><b>[Java MIDP]</b>            Java Community Process.  <i>Mobile
-Information Device Profile for Java 2 Micro Edition.</i> November 2002. </p>
-
-<p class=Ref style='text-indent:0in'>URL: <a
-href="http://jcp.org/jsr/detail/118.jsp">http://jcp.org/jsr/detail/118.jsp</a></p>
-
-<p class=Ref><b>[MeT-PTD]</b>              MeT. <i>MeT PTD Definition –
-Personal Trusted Device Definition</i>, Version 1.0, February 2003. </p>
-
-<p class=Ref style='text-indent:0in'>URL: <span lang=SV><a
-href="http://www.mobiletransaction.org/"><span lang=EN-US>http://www.mobiletransaction.org</span></a></span></p>
-
-<p class=Ref><b>[PCMCIA]</b>               Personal Computer Memory Card
-International Association.  <i>PC Card Standard,</i>  Release 2.1,. July 1993.</p>
-
-<p class=Ref><b>[SEC 1]</b>                   Standards for Efficient
-Cryptography Group (SECG).  <i>Standards for Efficient Cryptography (SEC) 1:
-Elliptic Curve Cryptography</i>.  Version 1.0, September 20, 2000.</p>
-
-<p class=Ref><b>[SEC 2]</b>                   Standards for Efficient
-Cryptography Group (SECG).  Standards for Efficient Cryptography (SEC) 2:
-Recommended Elliptic Curve Domain Parameters.  Version 1.0, September 20, 2000.</p>
-
-<p class=Ref><b>[WIM]</b>                     WAP. <i>Wireless Identity Module.
-</i><i>— WAP-260-WIM-20010712-a. </i>July 2001. </p>
-
-<p class=Ref style='text-indent:0in'>URL:  <a
-href="http://technical.openmobilealliance.org/tech/affiliates/LicenseAgreement.asp?DocName=/wap/wap-260-wim-20010712-a.pdf">http://technical.openmobilealliance.org/tech/affiliates/LicenseAgreement.asp?DocName=/wap/wap-260-wim-20010712-a.pdf</a></p>
-
-<p class=Ref><b>[WPKI]</b>                    Wireless Application Protocol:
-Public Key Infrastructure Definition<i>. </i><i>— WAP-217-WPKI-20010424-a</i>. <span
-lang=SV>April 2001. </span></p>
-
-<p class=Ref style='text-indent:0in'><span lang=SV>URL: <a
-href="http://technical.openmobilealliance.org/tech/affiliates/LicenseAgreement.asp?DocName=/wap/wap-217-wpki-20010424-a.pdf">http://technical.openmobilealliance.org/tech/affiliates/LicenseAgreement.asp?DocName=/wap/wap-217-wpki-20010424-a.pdf</a></span></p>
-
-<p class=Ref><b>[WTLS]</b>                   WAP. <i>Wireless Transport Layer
-Security Version </i><i>— WAP-261-WTLS-20010406-a.</i> April 2001. </p>
-
-<p class=Ref style='text-indent:0in'>URL:  <a
-href="http://technical.openmobilealliance.org/tech/affiliates/LicenseAgreement.asp?DocName=/wap/wap-261-wtls-20010406-a.pdf">http://technical.openmobilealliance.org/tech/affiliates/LicenseAgreement.asp?DocName=/wap/wap-261-wtls-20010406-a.pdf</a></p>
-
-<p class=Ref>&nbsp;</p>
-
-<p class=Ref>&nbsp;</p>
-
-<div style='border:none;border-top:solid gray 1.0pt;padding:6.0pt 0in 0in 0in'>
-
-<h1><a name="_Toc405794626"></a><a name="_Toc385057803"></a><a
-name="_Toc383864814"></a><a name="_Toc323610800"></a><a name="_Toc323205371"></a><a
-name="_Toc323024040"></a><a name="_Toc323000680"></a><a name="_Toc322945097"></a><a
-name="_Toc322855271"></a><a name="_Toc319315675"></a><a name="_Toc319313682"></a><a
-name="_Toc319313489"></a><a name="_Toc319287648"></a><a name="_Toc416959682"></a><a
-name="_Toc395183755"></a><a name="_Toc391468759"></a><a name="_Toc370633965"></a><a
-name="_Toc235002225"></a><a name="_Toc72656010"></a><a name="_Ref406237056"></a><a
-name=Functions></a>2<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span>Platform- and compiler-dependent directives for C or C++</h1>
-
-</div>
-
-<p class=MsoNormal>There is a large array of Cryptoki-related data types that
-are defined in the Cryptoki header files. Certain packing and pointer-related
-aspects of these types are platform and compiler-dependent; these aspects are
-therefore resolved on a platform-by-platform (or compiler-by-compiler) basis
-outside of the Cryptoki header files by means of preprocessor directives.</p>
-
-<p class=MsoNormal>This means that when writing C or C++ code, certain
-preprocessor directives MUST be issued before including a Cryptoki header
-file.  These directives are described in the remainder of Section 6.</p>
-
-<h2><a name="_Toc416959683"></a><a name="_Toc395183756"></a><a
-name="_Toc391468760"></a><a name="_Toc370633966"></a><a name="_Toc235002226"></a><a
-name="_Toc72656011">2.1 Structure packing</a></h2>
-
-<p class=MsoNormal>Cryptoki structures are packed to occupy as little space as
-is possible.  Cryptoki structures SHALL be packed with 1-byte alignment.</p>
-
-<h2><a name="_Toc416959684"></a><a name="_Toc395183757"></a><a
-name="_Toc391468761"></a><a name="_Toc370633967"></a><a name="_Toc235002227"></a><a
-name="_Toc72656012">2.2 Pointer-related macros</a></h2>
-
-<p class=MsoNormal>Because different platforms and compilers have different
-ways of dealing with different types of pointers, the following 6 macros SHALL be
-set outside the scope of Cryptoki:</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002228"></a><a name="_Toc72656013"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>CK_PTR</span></a></p>
-
-<p class=MsoNormal><span style='font-family:"Courier New"'>CK_PTR</span> is the
-“indirection string” a given platform and compiler uses to make a pointer to an
-object.  It is used in the following fashion:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-CK_BYTE CK_PTR CK_BYTE_PTR;</p>
-
-</div>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002229"></a><a name="_Toc72656014"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>CK_DEFINE_FUNCTION</span></a></p>
-
-<p class=MsoNormal><span style='font-family:"Courier New"'>CK_DEFINE_FUNCTION(returnType,
-name)</span>, when followed by a parentheses-enclosed list of arguments and a
-function definition, defines a Cryptoki API function in a Cryptoki library. 
-returnType is the return type of the function, and name is its name.  It SHALL
-be used in the following fashion:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_DEFINE_FUNCTION(CK_RV,
-C_Initialize)(</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_VOID_PTR pReserved</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>)</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>{</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>  ...</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>}</p>
-
-</div>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002230"></a><a name="_Toc72656015"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>CK_DECLARE_FUNCTION</span></a></p>
-
-<p class=MsoNormal><span style='font-size:12.0pt;font-family:"Courier New"'>CK_DECLARE_FUNCTION(returnType,
-name)</span><span style='font-size:12.0pt'>, </span>when followed by a
-parentheses-enclosed list of arguments and a semicolon, declares a Cryptoki API
-function in a Cryptoki library.  returnType is the return type of the function,
-and name is its name.  It SHALL be used in the following fashion<span
-style='font-size:12.0pt'>:</span></p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_DECLARE_FUNCTION(CK_RV,
-C_Initialize)(</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_VOID_PTR pReserved</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>);</p>
-
-</div>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002231"></a><a name="_Toc72656016"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>CK_DECLARE_FUNCTION_POINTER</span></a></p>
-
-<p class=MsoNormal><span style='font-size:12.0pt;font-family:"Courier New"'>CK_DECLARE_FUNCTION_POINTER(returnType,
-name</span>),  when followed by a parentheses-enclosed list of arguments and a
-semicolon, declares a variable or type which is a pointer to a Cryptoki API
-function in a Cryptoki library.  returnType is the return type of the function,
-and name is its name.  It SHALL be used in either of the following fashions to
-define a function pointer variable, myC_Initialize, which can point to a
-C_Initialize function in a Cryptoki library (note that neither of the following
-code snippets actually assigns a value to myC_Initialize):</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_DECLARE_FUNCTION_POINTER(CK_RV,
-myC_Initialize)(</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_VOID_PTR pReserved</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>);</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>&nbsp;</p>
-
-</div>
-
-<p class=MsoNormal>or:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-CK_DECLARE_FUNCTION_POINTER(CK_RV, myC_InitializeType)(</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_VOID_PTR pReserved</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>);</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>myC_InitializeType
-myC_Initialize;</p>
-
-</div>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002232"></a><a name="_Toc72656017"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>CK_CALLBACK_FUNCTION</span></a></p>
-
-<p class=MsoNormal><span style='font-size:12.0pt;font-family:"Courier New"'>CK_CALLBACK_FUNCTION(returnType,
-name)</span><span style='font-size:12.0pt'>, </span>when followed by a
-parentheses-enclosed list of arguments and a semicolon, declares a variable or
-type which is a pointer to an application callback function that can be used by
-a Cryptoki API function in a Cryptoki library.  returnType is the return type
-of the function, and name is its name.  It SHALL be used in either of the
-following fashions to define a function pointer variable, myCallback, which can
-point to an application callback which takes arguments args and returns a CK_RV
-(note that neither of the following code snippets actually assigns a value to
-myCallback):</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_CALLBACK_FUNCTION(CK_RV,
-myCallback)(args);</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>&nbsp;</p>
-
-</div>
-
-<p class=MsoNormal>or:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-CK_CALLBACK_FUNCTION(CK_RV, myCallbackType)(args);</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>myCallbackType
-myCallback;</p>
-
-</div>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002233"></a><a name="_Toc72656018"><span lang=SV style='font-family:
-Symbol;font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span lang=SV style='font-family:"Arial","sans-serif"'>NULL_PTR</span></a></p>
-
-<p class=MsoNormal><span style='font-size:12.0pt;font-family:"Courier New"'>NULL_PTR</span><span
-style='font-size:12.0pt'> </span>is the value of a NULL pointer.  In any ANSI C
-environment—and in many others as well—<span style='font-family:"Courier New"'>NULL_PTR</span>
-SHALL be defined simply as 0.</p>
-
-<div style='border:none;border-top:solid gray 1.0pt;padding:6.0pt 0in 0in 0in'>
-
-<h1><a name="_Toc416959685"></a><a name="_Toc395183758"></a><a
-name="_Toc391468762"></a><a name="_Toc370633971"></a><a name="_Toc235002238"></a><a
-name="_Toc72656023">3<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span>General data types</a></h1>
-
-</div>
-
-<p class=MsoNormal>The general Cryptoki data types are described in the
-following subsections.  The data types for holding parameters for various
-mechanisms, and the pointers to those parameters, are not described here; these
-types are described with the information on the mechanisms themselves, in
-Section 12.</p>
-
-<p class=MsoNormal>A C or C++ source file in a Cryptoki application or library
-can define all these types (the types described here and the types that are
-specifically used for particular mechanism parameters) by including the
-top-level Cryptoki include file, pkcs11.h.  pkcs11.h, in turn, includes the
-other Cryptoki include files, pkcs11t.h and pkcs11f.h.  A source file can also
-include just pkcs11t.h (instead of pkcs11.h); this defines most (but not all)
-of the types specified here.</p>
-
-<p class=MsoNormal>When including either of these header files, a source file MUST
-specify the preprocessor directives indicated in Section 2.</p>
-
-<h2><a name="_Toc416959686"></a><a name="_Toc395183759"></a><a
-name="_Toc391468763"></a><a name="_Toc370633972"></a><a name="_Toc235002239"></a><a
-name="_Toc72656024"></a><a name="_Toc405794627"></a><a name="_Toc385057804"></a><a
-name="_Toc383864815"></a><a name="_Toc323610801"></a><a name="_Toc323205372"></a><a
-name="_Toc323024041"></a><a name="_Toc323000681"></a><a name="_Toc322945098"></a><a
-name="_Toc322855272"></a><a name="_Toc319315676"></a><a name="_Toc319313683"></a><a
-name="_Toc319313490"></a><a name="_Toc319287649">3.1 General information</a></h2>
-
-<p class=MsoNormal>Cryptoki represents general information with the following
-types:</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002240"></a><a name="_Toc72656025"></a><a name="_Toc405794628"></a><a
-name="_Toc385057805"></a><a name="_Toc383864816"></a><a name="_Toc323610802"></a><a
-name="_Toc323205373"></a><a name="_Toc323024042"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>CK_VERSION</span></a><span
-style='font-family:"Arial","sans-serif"'>; CK_VERSION_PTR</span></p>
-
-<p class=MsoNormal><b>CK_VERSION</b> is a structure that describes the version
-of a Cryptoki interface, a Cryptoki library, or an SSL implementation, or the
-hardware or firmware version of a slot or token.  It is defined as follows:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-struct CK_VERSION {</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_BYTE major;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_BYTE minor;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>}
-CK_VERSION;</p>
-
-<p class=Code style='margin-top:0in;margin-right:0in;margin-bottom:0in;
-margin-left:.8in;margin-bottom:.0001pt;text-indent:-.8in;background:#D9D9D9'><span
-lang=SV style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-</div>
-
-<p class=MsoNormal>The fields of the structure have the following meanings:</p>
-
-<p class=MsoNormal>            <i>major</i>    major version number (the
-integer portion of the version)</p>
-
-<p class=MsoNormal>            <i>minor</i>    minor version number (the
-hundredths portion of the version)</p>
-
-<p class=MsoNormal>Example: For version 1.0, <i>major</i> = 1 and <i>minor</i>
-= 0.  For version 2.10, <i>major</i> = 2 and <i>minor</i> = 10. Table 4 below lists the major and minor version values for the officially published
-Cryptoki specifications. </p>
-
-<p class=MsoCaption><a name="_Toc225305941"></a><a name="_Ref514351075">Table </a>4, Major and minor version values for published Cryptoki specifications</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='border-collapse:collapse;border:none'>
- <tr>
-  <td width=79 valign=top style='width:59.4pt;border-top:1.5pt;border-left:
-  1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:windowtext;
-  border-style:solid;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><b><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Version</span></b></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:solid windowtext 1.5pt;
-  border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><b><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>major</span></b></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:solid windowtext 1.5pt;
-  border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><b><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>minor</span></b></p>
-  </td>
- </tr>
- <tr>
-  <td width=79 valign=top style='width:59.4pt;border-top:none;border-left:solid windowtext 1.5pt;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>1.0</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x01</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=79 valign=top style='width:59.4pt;border-top:none;border-left:solid windowtext 1.5pt;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>2.01</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x02</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x01</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=79 valign=top style='width:59.4pt;border-top:none;border-left:solid windowtext 1.5pt;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>2.10</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x02</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x0a</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=79 valign=top style='width:59.4pt;border-top:none;border-left:solid windowtext 1.5pt;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>2.11</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x02</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x0b</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=79 valign=top style='width:59.4pt;border-top:none;border-left:solid windowtext 1.5pt;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>2.20</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x02</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x14</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=79 valign=top style='width:59.4pt;border-top:none;border-left:solid windowtext 1.5pt;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>2.30</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x02</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x1e</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=79 valign=top style='width:59.4pt;border-top:none;border-left:solid windowtext 1.5pt;
-  border-bottom:solid windowtext 1.5pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>2.40</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.5pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x02</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.5pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x28</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>Minor revisions of the Cryptoki standard are always upwardly
-compatible within the same major version number.</p>
-
-<p class=MsoNormal><b>CK_VERSION_PTR</b> is a pointer to a <b>CK_VERSION</b>.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002241"></a><a name="_Toc72656026"></a><a name="_Toc405794629"></a><a
-name="_Toc385057807"></a><a name="_Toc383864817"></a><a name="_Toc323610803"></a><a
-name="_Toc323205374"></a><a name="_Toc323024043"><span lang=SV
-style='font-family:Symbol;font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span lang=SV style='font-family:"Arial","sans-serif"'>CK_INFO</span></a><span
-lang=SV style='font-family:"Arial","sans-serif"'>; CK_INFO_PTR</span></p>
-
-<p class=MsoNormal><b>CK_INFO</b> provides general information about Cryptoki. 
-It is defined as follows:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-struct CK_INFO {</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_VERSION cryptokiVersion;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_UTF8CHAR manufacturerID[32];</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_FLAGS flags;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_UTF8CHAR libraryDescription[32];</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>  CK_VERSION
-libraryVersion;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>}
-CK_INFO;<br>
-<br>
-</p>
-
-</div>
-
-<p class=MsoNormal>The fields of the structure have the following meanings:</p>
-
-<p class=definition0>                          <i>cryptokiVersion</i>       Cryptoki
-interface version number, for compatibility with future revisions of this
-interface</p>
-
-<p class=definition0>                          <i>manufacturerID</i>       ID
-of the Cryptoki library manufacturer.  MUST be padded with the blank character
-(‘ ‘).  Should <i>not</i> be null-terminated.</p>
-
-<p class=definition0>                                         <i>flags</i>       bit
-flags reserved for future versions.  MUST be zero for this version</p>
-
-<p class=definition0>                       <i>libraryDescription</i>       character-string
-description of the library.  MUST be padded with the blank character (‘ ‘). 
-Should <i>not</i> be null-terminated.</p>
-
-<p class=definition0>                            <i>libraryVersion</i>       Cryptoki
-library version number</p>
-
-<p class=MsoNormal>For libraries written to this document, the value of <i>cryptokiVersion</i>
-should match the version of this specification; the value of <i>libraryVersion</i>
-is the version number of the library software itself.</p>
-
-<p class=MsoNormal><b>CK_INFO_PTR</b> is a pointer to a <b>CK_INFO</b>.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002242"></a><a name="_Toc72656027"></a><a name="_Toc405794630"></a><a
-name="_Toc385057809"></a><a name="_Toc383864819"></a><a name="_Toc323610805"></a><a
-name="_Toc323205376"></a><a name="_Toc323024045"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>CK_NOTIFICATION</span></a></p>
-
-<p class=MsoNormal><b>CK_NOTIFICATION</b> holds the types of notifications that
-Cryptoki provides to an application.  It is defined as follows:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-CK_ULONG CK_NOTIFICATION;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-</div>
-
-<p class=MsoNormal>For this version of Cryptoki, the following types of
-notifications are defined:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CKN_SURRENDER</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-</div>
-
-<p class=MsoNormal>The notifications have the following meanings:</p>
-
-<p class=definition0>                   <i>CKN_SURRENDER</i>       Cryptoki is
-surrendering the execution of a function executing in a session so that the
-application may perform other operations.  After performing any desired
-operations, the application should indicate to Cryptoki whether to continue or
-cancel the function (see Section 5.16.1).</p>
-
-<h2><a name="_Toc416959687"></a><a name="_Toc395183760"></a><a
-name="_Toc391468764"></a><a name="_Toc370633973"></a><a name="_Toc235002243"></a><a
-name="_Toc72656028">3.2 Slot and token types</a></h2>
-
-<p class=MsoNormal>Cryptoki represents slot and token information with the
-following types:</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002244"></a><a name="_Toc72656029"></a><a name="_Toc405794632"></a><a
-name="_Toc385057811"></a><a name="_Toc383864821"></a><a name="_Toc323610807"></a><a
-name="_Toc323205378"></a><a name="_Toc323024047"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>CK_SLOT_ID</span></a><span
-style='font-family:"Arial","sans-serif"'>; CK_SLOT_ID_PTR</span></p>
-
-<p class=MsoNormal><b>CK_SLOT_ID</b> is a Cryptoki-assigned value that
-identifies a slot.  It is defined as follows:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-CK_ULONG CK_SLOT_ID;</p>
-
-<p class=Code style='margin-top:0in;margin-right:0in;margin-bottom:0in;
-margin-left:.8in;margin-bottom:.0001pt;text-indent:-.8in;background:#D9D9D9'><span
-style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-</div>
-
-<p class=MsoNormal>A list of <b>CK_SLOT_ID</b>s is returned by <b>C_GetSlotList</b>. 
-A priori, <i>any</i> value of <b>CK_SLOT_ID</b> can be a valid slot
-identifier—in particular, a system may have a slot identified by the value 0. 
-It need not have such a slot, however.</p>
-
-<p class=MsoNormal><b>CK_SLOT_ID_PTR</b> is a pointer to a <b>CK_SLOT_ID</b>.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002245"></a><a name="_Toc72656030"></a><a name="_Toc405794633"></a><a
-name="_Toc385057813"></a><a name="_Toc383864823"></a><a name="_Toc323610809"></a><a
-name="_Toc323205380"></a><a name="_Toc323024049"><span lang=SV
-style='font-family:Symbol;font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span lang=SV style='font-family:"Arial","sans-serif"'>CK_SLOT_INFO</span></a><span
-lang=SV style='font-family:"Arial","sans-serif"'>; CK_SLOT_INFO_PTR</span></p>
-
-<p class=MsoNormal><b>CK_SLOT_INFO</b> provides information about a slot.  It
-is defined as follows:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-struct CK_SLOT_INFO {</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_UTF8CHAR slotDescription[64];</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_UTF8CHAR manufacturerID[32];</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>  <span
-lang=DE-CH>CK_FLAGS flags;</span></p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-lang=DE-CH>  CK_VERSION hardwareVersion;</span></p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-lang=DE-CH>  </span>CK_VERSION firmwareVersion;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>}
-CK_SLOT_INFO;</p>
-
-<p class=Code style='margin-top:0in;margin-right:0in;margin-bottom:0in;
-margin-left:.8in;margin-bottom:.0001pt;text-indent:-.8in;background:#D9D9D9'><span
-style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-</div>
-
-<p class=MsoNormal>The fields of the structure have the following meanings:</p>
-
-<p class=definition0>                           <i>slotDescription</i>       character-string
-description of the slot.  MUST be padded with the blank character (‘ ‘).  MUST
-NOT be null-terminated.</p>
-
-<p class=definition0>                          <i>manufacturerID</i>       ID
-of the slot manufacturer.  MUST be padded with the blank character (‘ ‘).  MUST
-NOT be null-terminated.</p>
-
-<p class=definition0>                                         <i>flags</i>       bits
-flags that provide capabilities of the slot.  The flags are defined below</p>
-
-<p class=definition0><i>                        hardwareVersion       </i>version
-number of the slot’s hardware</p>
-
-<p class=definition0><i>                         firmwareVersion       </i>version
-number of the slot’s firmware</p>
-
-<p class=MsoNormal>The following table defines the <i>flags</i> field:</p>
-
-<p class=MsoCaption><a name="_Toc225305942"></a><a name="_Toc405794971"></a><a
-name="_Toc383864510"><span lang=SV>Table </span></a><span
-lang=SV>5</span><span lang=SV>, Slot Information Flags</span></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=222 valign=top style='width:166.5pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=MsoNormal><b><span lang=SV>Bit Flag</span></b></p>
-   </td>
-   <td width=96 valign=top style='width:1.0in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=MsoNormal><b><span lang=SV>Mask</span></b></p>
-   </td>
-   <td width=264 valign=top style='width:2.75in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=MsoNormal><b>Meaning</b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=222 valign=top style='width:166.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>CKF_TOKEN_PRESENT</p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>0x00000001</p>
-  </td>
-  <td width=264 valign=top style='width:2.75in;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>True if a token is present in the slot (<i>e.g.</i>, a
-  device is in the reader)</p>
-  </td>
- </tr>
- <tr>
-  <td width=222 valign=top style='width:166.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>CKF_REMOVABLE_DEVICE</p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>0x00000002</p>
-  </td>
-  <td width=264 valign=top style='width:2.75in;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>True if the reader supports removable devices</p>
-  </td>
- </tr>
- <tr>
-  <td width=222 valign=top style='width:166.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>CKF_HW_SLOT</p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>0x00000004</p>
-  </td>
-  <td width=264 valign=top style='width:2.75in;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>True if the slot is a hardware slot, as opposed to a
-  software slot implementing a “soft token”</p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>For a given slot, the value of the <b>CKF_REMOVABLE_DEVICE</b>
-flag <i>never changes</i>.  In addition, if this flag is not set for a given
-slot, then the <b>CKF_TOKEN_PRESENT</b> flag for that slot is <i>always</i>
-set.  That is, if a slot does not support a removable device, then that slot
-always has a token in it.</p>
-
-<p class=MsoNormal><b>CK_SLOT_INFO_PTR</b> is a pointer to a <b>CK_SLOT_INFO</b>.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002246"></a><a name="_Toc72656031"></a><a name="_Toc405794634"></a><a
-name="_Toc385057815"></a><a name="_Toc383864825"></a><a name="_Toc323610811"></a><a
-name="_Toc323205382"></a><a name="_Toc323024051"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>CK_TOKEN_INFO</span></a><span
-style='font-family:"Arial","sans-serif"'>; CK_TOKEN_INFO_PTR</span></p>
-
-<p class=MsoNormal><b>CK_TOKEN_INFO</b> provides information about a token.  It
-is defined as follows:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-struct CK_TOKEN_INFO {</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_UTF8CHAR label[32];</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_UTF8CHAR manufacturerID[32];</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_UTF8CHAR model[16];</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_CHAR serialNumber[16];</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_FLAGS flags;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_ULONG ulMaxSessionCount;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_ULONG ulSessionCount;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_ULONG ulMaxRwSessionCount;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_ULONG ulRwSessionCount;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_ULONG ulMaxPinLen;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_ULONG ulMinPinLen;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_ULONG ulTotalPublicMemory;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_ULONG ulFreePublicMemory;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_ULONG ulTotalPrivateMemory;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_ULONG ulFreePrivateMemory;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_VERSION hardwareVersion;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_VERSION firmwareVersion;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_CHAR utcTime[16];</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>}
-CK_TOKEN_INFO;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>&nbsp;</p>
-
-</div>
-
-<p class=MsoNormal>The fields of the structure have the following meanings:</p>
-
-<p class=definition0>                                         <i>label</i>       application-defined
-label, assigned during token initialization.  MUST be padded with the blank
-character (‘ ‘).  MUST NOT be null-terminated.</p>
-
-<p class=definition0>                          <i>manufacturerID</i>       ID
-of the device manufacturer.  MUST be padded with the blank character (‘ ‘).  MUST
-NOT be null-terminated.</p>
-
-<p class=definition0>                                       <i>model</i>       model
-of the device.  MUST be padded with the blank character (‘ ‘).  MUST NOT be
-null-terminated.</p>
-
-<p class=definition0>                             <i>serialNumber</i>       character-string
-serial number of the device.  MUST be padded with the blank character (‘ ‘).  MUST
-NOT be null-terminated.</p>
-
-<p class=definition0>                                         <i>flags</i>       bit
-flags indicating capabilities and status of the device as defined below</p>
-
-<p class=definition0><i>                   ulMaxSessionCount</i>       maximum
-number of sessions that can be opened with the token at one time by a single
-application (see <b>CK_TOKEN_INFO Note</b> below)</p>
-
-<p class=definition0><i>                         ulSessionCount</i>       number
-of sessions that this application currently has open with the token (see <b>CK_TOKEN_INFO
-Note</b> below)</p>
-
-<p class=definition0><i>               ulMaxRwSessionCount</i>       maximum
-number of read/write sessions that can be opened with the token at one time by
-a single application (see <b>CK_TOKEN_INFO Note</b> below)</p>
-
-<p class=definition0><i>                     ulRwSessionCount</i>       number
-of read/write sessions that this application currently has open with the token
-(see <b>CK_TOKEN_INFO Note</b> below)</p>
-
-<p class=definition0><i>                             ulMaxPinLen</i>       maximum
-length in bytes of the PIN</p>
-
-<p class=definition0><i>                              ulMinPinLen</i>       minimum
-length in bytes of the PIN</p>
-
-<p class=definition0>                  <i>ulTotalPublicMemory</i>       the
-total amount of memory on the token in bytes in which public objects may be
-stored (see <b>CK_TOKEN_INFO Note</b> below)</p>
-
-<p class=definition0>                  <i>ulFreePublicMemory</i>       the
-amount of free (unused) memory on the token in bytes for public objects (see <b>CK_TOKEN_INFO
-Note</b> below)</p>
-
-<p class=definition0>                <i>ulTotalPrivateMemory</i>       the
-total amount of memory on the token in bytes in which private objects may be
-stored (see <b>CK_TOKEN_INFO Note</b> below)</p>
-
-<p class=definition0>                 <i>ulFreePrivateMemory</i>       the
-amount of free (unused) memory on the token in bytes for private objects (see <b>CK_TOKEN_INFO
-Note</b> below)</p>
-
-<p class=definition0><i>                        hardwareVersion       </i>version
-number of hardware</p>
-
-<p class=definition0><i>                         firmwareVersion       </i>version
-number of firmware</p>
-
-<p class=definition0><i>                                    utcTime       </i>current
-time as a character-string of length 16, represented in the format
-YYYYMMDDhhmmssxx (4 characters for the year;  2 characters each for the month,
-the day, the hour, the minute, and the second; and 2 additional reserved ‘0’
-characters).  The value of this field only makes sense for tokens equipped with
-a clock, as indicated in the token information flags (see below)</p>
-
-<p class=MsoNormal>The following table defines the <i>flags</i> field:</p>
-
-<p class=MsoCaption><a name="_Toc225305943"></a><a name="_Toc405794972"></a><a
-name="_Toc383864511"></a><a name="_Ref398089151"><span lang=SV>Table </span></a><span lang=SV>6</span><span lang=SV>, Token Information Flags</span></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr style='page-break-inside:avoid'>
-   <td width=281 valign=top style='width:210.55pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span lang=SV
-   style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Bit Flag</span></b></p>
-   </td>
-   <td width=104 valign=top style='width:77.95pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span lang=SV
-   style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Mask</span></b></p>
-   </td>
-   <td width=197 valign=top style='width:148.0pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr style='page-break-inside:avoid'>
-  <td width=281 valign=top style='width:210.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKF_RNG</span></p>
-  </td>
-  <td width=104 valign=top style='width:77.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00000001</span></p>
-  </td>
-  <td width=197 valign=top style='width:148.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>True if the token has its own random number
-  generator</span></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=281 valign=top style='width:210.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKF_WRITE_PROTECTED</span></p>
-  </td>
-  <td width=104 valign=top style='width:77.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00000002</span></p>
-  </td>
-  <td width=197 valign=top style='width:148.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>True if the token is write-protected (see
-  below)</span></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=281 valign=top style='width:210.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKF_LOGIN_REQUIRED</span></p>
-  </td>
-  <td width=104 valign=top style='width:77.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00000004</span></p>
-  </td>
-  <td width=197 valign=top style='width:148.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>True if there are some cryptographic
-  functions that a user MUST be logged in to perform</span></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=281 valign=top style='width:210.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKF_USER_PIN_INITIALIZED</span></p>
-  </td>
-  <td width=104 valign=top style='width:77.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00000008</span></p>
-  </td>
-  <td width=197 valign=top style='width:148.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>True if the normal user’s PIN has been
-  initialized</span></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=281 valign=top style='width:210.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKF_RESTORE_KEY_NOT_NEEDED</span></p>
-  </td>
-  <td width=104 valign=top style='width:77.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00000020</span></p>
-  </td>
-  <td width=197 valign=top style='width:148.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>True if a successful save of a session’s
-  cryptographic operations state <i>always</i> contains all keys needed to
-  restore the state of the session</span></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=281 valign=top style='width:210.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKF_CLOCK_ON_TOKEN</span></p>
-  </td>
-  <td width=104 valign=top style='width:77.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00000040</span></p>
-  </td>
-  <td width=197 valign=top style='width:148.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>True if token has its own hardware clock</span></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=281 valign=top style='width:210.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKF_PROTECTED_AUTHENTICATION_PATH</span></p>
-  </td>
-  <td width=104 valign=top style='width:77.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00000100</span></p>
-  </td>
-  <td width=197 valign=top style='width:148.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>True if token has a “protected
-  authentication path”, whereby a user can log into the token without passing a
-  PIN through the Cryptoki library</span></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=281 valign=top style='width:210.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKF_DUAL_CRYPTO_OPERATIONS</span></p>
-  </td>
-  <td width=104 valign=top style='width:77.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00000200</span></p>
-  </td>
-  <td width=197 valign=top style='width:148.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>True if a single session with the token can
-  perform dual cryptographic operations (see Section </span><span
-  style='font-size:10.0pt;font-family:"Arial","sans-serif"'>5.12</span><span
-  style='font-size:10.0pt;font-family:"Arial","sans-serif"'>)</span></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=281 valign=top style='width:210.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKF_TOKEN_INITIALIZED</span></p>
-  </td>
-  <td width=104 valign=top style='width:77.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00000400</span></p>
-  </td>
-  <td width=197 valign=top style='width:148.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>True if the token has been initialized
-  using C_InitToken or an equivalent mechanism outside the scope of this
-  standard. Calling C_InitToken when this flag is set will cause the token to
-  be reinitialized.</span></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=281 valign=top style='width:210.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif";layout-grid-mode:line'>CKF_</span><span
-  style='font-size:10.0pt;font-family:"Arial","sans-serif"'>SECONDARY<span
-  style='layout-grid-mode:line'>_AUTHENTICATION</span></span></p>
-  </td>
-  <td width=104 valign=top style='width:77.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00000800</span></p>
-  </td>
-  <td width=197 valign=top style='width:148.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>True if the token supports secondary
-  authentication for private key objects. (Deprecated; new implementations MUST
-  NOT set this flag)</span></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=281 valign=top style='width:210.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif";layout-grid-mode:line'>CKF_USER_PIN_COUNT_LOW</span></p>
-  </td>
-  <td width=104 valign=top style='width:77.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00010000</span></p>
-  </td>
-  <td width=197 valign=top style='width:148.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>True if an incorrect user login PIN has
-  been entered at least once since the last successful authentication.</span></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=281 valign=top style='width:210.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif";layout-grid-mode:line'>CKF_USER_PIN_FINAL_TRY</span></p>
-  </td>
-  <td width=104 valign=top style='width:77.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00020000</span></p>
-  </td>
-  <td width=197 valign=top style='width:148.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>True if supplying an incorrect user PIN
-  will cause it to become locked.</span></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=281 valign=top style='width:210.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif";layout-grid-mode:line'>CKF_USER_PIN_LOCKED</span></p>
-  </td>
-  <td width=104 valign=top style='width:77.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00040000</span></p>
-  </td>
-  <td width=197 valign=top style='width:148.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>True if the user PIN has been locked. User
-  login to the token is not possible.</span></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=281 valign=top style='width:210.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif";layout-grid-mode:line'>CKF_USER_PIN_TO_BE_CHANGED</span></p>
-  </td>
-  <td width=104 valign=top style='width:77.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00080000</span></p>
-  </td>
-  <td width=197 valign=top style='width:148.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>True if the user PIN value is the default
-  value set by token initialization or manufacturing, or the PIN has been
-  expired by the card. </span></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=281 valign=top style='width:210.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif";layout-grid-mode:line'>CKF_SO_PIN_COUNT_LOW</span></p>
-  </td>
-  <td width=104 valign=top style='width:77.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00100000</span></p>
-  </td>
-  <td width=197 valign=top style='width:148.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>True if an incorrect SO login PIN has been
-  entered at least once since the last successful authentication.</span></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=281 valign=top style='width:210.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif";layout-grid-mode:line'>CKF_SO_PIN_FINAL_TRY</span></p>
-  </td>
-  <td width=104 valign=top style='width:77.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00200000</span></p>
-  </td>
-  <td width=197 valign=top style='width:148.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>True if supplying an incorrect SO PIN will
-  cause it to become locked.</span></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=281 valign=top style='width:210.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif";layout-grid-mode:line'>CKF_SO_PIN_LOCKED</span></p>
-  </td>
-  <td width=104 valign=top style='width:77.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00400000</span></p>
-  </td>
-  <td width=197 valign=top style='width:148.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>True if the SO PIN has been locked. SO
-  login to the token is not possible.</span></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=281 valign=top style='width:210.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif";layout-grid-mode:line'>CKF_SO_PIN_TO_BE_CHANGED</span></p>
-  </td>
-  <td width=104 valign=top style='width:77.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00800000</span></p>
-  </td>
-  <td width=197 valign=top style='width:148.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>True if the SO PIN value is the default
-  value set by token initialization or manufacturing, or the PIN has been
-  expired by the card. </span></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid' style='page-break-inside:avoid !msorm'>
-  <td width=281 valign=top style='width:210.55pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;border-top:none !msorm;border-left:solid black 1.5pt !msorm;
-  border-bottom:solid black 1.5pt !msorm;border-right:solid black 1.0pt !msorm;
-  padding:0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt;text-autospace:
-  none'>CKF_ERROR_STATE</p>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif";layout-grid-mode:line'>&nbsp;</span></p>
-  </td>
-  <td width=104 valign=top style='width:77.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;border-top:none !msorm;border-left:none !msorm;
-  border-bottom:solid black 1.5pt !msorm;border-right:solid black 1.0pt !msorm;
-  padding:0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x01000000</span></p>
-  </td>
-  <td width=197 valign=top style='width:148.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt;border-top:none !msorm;border-left:none !msorm;
-  border-bottom:solid black 1.5pt !msorm;border-right:solid black 1.5pt !msorm;
-  padding:0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>True if the token failed a FIPS 140-2
-  self-test and entered an error state.</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>Exactly what the <b>CKF_WRITE_PROTECTED</b> flag means is
-not specified in Cryptoki.  An application may be unable to perform certain
-actions on a write-protected token; these actions can include any of the
-following, among others:</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>Creating/modifying/deleting any object on the token.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>Creating/modifying/deleting a token object on the token.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>Changing the SO’s PIN.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>Changing the normal user’s PIN.</p>
-
-<p class=MsoNormal>The token may change the value of the <b>CKF_WRITE_PROTECTED</b>
-flag depending on the session state to implement its object management policy.
-For instance, the token may set the <b>CKF_WRITE_PROTECTED</b> flag unless the
-session state is R/W SO or R/W User to implement a policy that does not allow
-any objects, public or private, to be created, modified, or deleted unless the
-user has successfully called C_Login.</p>
-
-<p class=MsoNormal>The <b>CKF_USER_PIN_COUNT_LOW</b>, <b>CKF_USER_PIN_COUNT_LOW</b>,
-<b>CKF_USER_PIN_FINAL_TRY</b>, and <b>CKF_SO_PIN_FINAL_TRY </b>flags may always
-be set to false if the token does not support the functionality or will not
-reveal the information because of its security policy.</p>
-
-<p class=MsoNormal>The <b>CKF_USER_PIN_TO_BE_CHANGED</b> and <b>CKF_SO_PIN_TO_BE_CHANGED
-</b>flags may always be set to false if the token does not support the
-functionality. If a PIN is set to the default value, or has expired, the
-appropriate <b>CKF_USER_PIN_TO_BE_CHANGED</b> or <b>CKF_SO_PIN_TO_BE_CHANGED</b>
-flag is set to true. When either of these flags are true, logging in with the
-corresponding PIN will succeed, but only the C_SetPIN function can be called.
-Calling any other function that required the user to be logged in will cause
-CKR_PIN_EXPIRED to be returned until C_SetPIN is called successfully.</p>
-
-<p class=MsoNormal><b>CK_TOKEN_INFO Note</b>: The fields ulMaxSessionCount,
-ulSessionCount, ulMaxRwSessionCount, ulRwSessionCount, ulTotalPublicMemory,
-ulFreePublicMemory, ulTotalPrivateMemory, and ulFreePrivateMemory can have the
-special value CK_UNAVAILABLE_INFORMATION, which means that the token and/or
-library is unable or unwilling to provide that information.  In addition, the
-fields ulMaxSessionCount and ulMaxRwSessionCount can have the special value
-CK_EFFECTIVELY_INFINITE, which means that there is no practical limit on the
-number of sessions (resp. R/W sessions) an application can have open with the
-token.</p>
-
-<p class=MsoNormal>It is important to check these fields for these special
-values.  This is particularly true for CK_EFFECTIVELY_INFINITE, since an
-application seeing this value in the ulMaxSessionCount or ulMaxRwSessionCount
-field would otherwise conclude that it can’t open any sessions with the token,
-which is far from being the case.</p>
-
-<p class=MsoNormal>The upshot of all this is that the correct way to interpret
-(for example) the ulMaxSessionCount field is something along the lines of the
-following:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_TOKEN_INFO
-info;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>.</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>.</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>if
-((CK_LONG) info.ulMaxSessionCount</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>   
-== CK_UNAVAILABLE_INFORMATION) {</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>  /*
-Token refuses to give value of ulMaxSessionCount */</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>  .</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>  .</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>}
-else if (info.ulMaxSessionCount == CK_EFFECTIVELY_INFINITE) {</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>  /*
-Application can open as many sessions as it wants */</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>  .</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>  .</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>}
-else {</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>  /*
-ulMaxSessionCount really does contain what it should */</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>  .</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>  .</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>}</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-</div>
-
-<p class=MsoNormal>CK_TOKEN_INFO_PTR is a pointer to a CK_TOKEN_INFO.</p>
-
-<h2><a name="_Toc416959688"></a><a name="_Toc395183761"></a><a
-name="_Toc391468765"></a><a name="_Toc370633974"></a><a name="_Toc235002247"></a><a
-name="_Toc72656032"></a><a name="_Toc405794635"></a><a name="_Toc385057817"></a><a
-name="_Toc383864827"></a><a name="_Toc323610813"></a><a name="_Toc323205384"></a><a
-name="_Toc323024053"></a><a name="_Toc323000683"></a><a name="_Toc322945100"></a><a
-name="_Toc322855274"></a><a name="_Toc319315679"></a><a name="_Toc319313686"></a><a
-name="_Toc319313493"></a><a name="_Toc319287652">3.3 Session types</a></h2>
-
-<p class=MsoNormal>Cryptoki represents session information with the following
-types:</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002248"></a><a name="_Toc72656033"></a><a name="_Toc405794636"></a><a
-name="_Toc385057818"></a><a name="_Toc383864828"></a><a name="_Toc323610814"></a><a
-name="_Toc323205385"></a><a name="_Toc323024054"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>CK_SESSION_HANDLE</span></a><span
-style='font-family:"Arial","sans-serif"'>; CK_SESSION_HANDLE_PTR</span></p>
-
-<p class=MsoNormal><b>CK_SESSION_HANDLE</b> is a Cryptoki-assigned value that
-identifies a session.  It is defined as follows:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-CK_ULONG CK_SESSION_HANDLE;</p>
-
-<p class=Code style='margin-top:0in;margin-right:0in;margin-bottom:0in;
-margin-left:.8in;margin-bottom:.0001pt;text-indent:-.8in;background:#D9D9D9'><span
-style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-</div>
-
-<p class=MsoNormal><a name="_Toc385057819"></a><a name="_Toc383864829"></a><a
-name="_Toc323610815"></a><a name="_Toc323205386"></a><a name="_Toc323024055"><i>Valid
-session handles in Cryptoki always have nonzero values.</i>  For developers’
-convenience, Cryptoki defines the following symbolic value:</a></p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_INVALID_HANDLE</p>
-
-<p class=Code style='margin-top:0in;margin-right:0in;margin-bottom:0in;
-margin-left:.8in;margin-bottom:.0001pt;text-indent:-.8in;background:#D9D9D9'><span
-style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-</div>
-
-<p class=MsoNormal>CK_SESSION_HANDLE_PTR is a pointer to a CK_SESSION_HANDLE.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002249"></a><a name="_Toc72656034"></a><a name="_Toc405794637"></a><a
-name="_Toc385057820"></a><a name="_Toc383864830"></a><a name="_Toc323610816"></a><a
-name="_Toc323205387"></a><a name="_Toc323024057"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>CK_USER_TYPE</span></a></p>
-
-<p class=MsoNormal><b>CK_USER_TYPE</b> holds the types of Cryptoki users
-described in <b><span style='color:#3B006F'>[PKCS11-UG] </span></b>and, in
-addition, a context-specific type described in Section 4.9.  It is defined as follows:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-CK_ULONG CK_USER_TYPE;</p>
-
-<p class=Code style='margin-top:0in;margin-right:0in;margin-bottom:0in;
-margin-left:.8in;margin-bottom:.0001pt;text-indent:-.8in;background:#D9D9D9'><span
-style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-</div>
-
-<p class=MsoNormal>For this version of Cryptoki, the following types of users
-are defined:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CKU_SO</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CKU_USER</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CKU_CONTEXT_SPECIFIC</p>
-
-</div>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc323024058"></a><a name="_Toc235002250"></a><a name="_Toc72656035"></a><a
-name="_Toc405794638"></a><a name="_Toc385057821"></a><a name="_Toc383864831"></a><a
-name="_Toc323610817"></a><a name="_Toc323205388"></a><a name="_Toc323024056"><span
-style='font-family:Symbol;font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>CK_STATE</span></a></p>
-
-<p class=MsoNormal><b>CK_STATE</b> holds the session state, as described in <b><span
-style='color:#3B006F'>[PKCS11-UG]</span></b>. It is defined as follows:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-CK_ULONG CK_STATE;</p>
-
-<p class=Code style='margin-top:0in;margin-right:0in;margin-bottom:0in;
-margin-left:.8in;margin-bottom:.0001pt;text-indent:-.8in;background:#D9D9D9'><span
-style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-</div>
-
-<p class=MsoNormal>For this version of Cryptoki, the following session states
-are defined:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CKS_RO_PUBLIC_SESSION</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CKS_RO_USER_FUNCTIONS</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CKS_RW_PUBLIC_SESSION</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CKS_RW_USER_FUNCTIONS</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CKS_RW_SO_FUNCTIONS 
-</p>
-
-</div>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002251"></a><a name="_Toc72656036"></a><a name="_Toc405794639"></a><a
-name="_Toc385057822"></a><a name="_Toc383864832"></a><a name="_Toc323610818"></a><a
-name="_Toc323205389"><span style='font-family:Symbol;font-weight:normal'>¨<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><span
-style='font-family:"Arial","sans-serif"'>CK_SESSION_INFO</span></a><span
-style='font-family:"Arial","sans-serif"'>; CK_SESSION_INFO_PTR</span></p>
-
-<p class=MsoNormal><b>CK_SESSION_INFO</b> provides information about a
-session.  It is defined as follows:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-struct CK_SESSION_INFO {</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_SLOT_ID slotID;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_STATE state;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_FLAGS flags;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_ULONG ulDeviceError;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>}
-CK_SESSION_INFO;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>&nbsp;</p>
-
-</div>
-
-<p class=MsoNormal>The fields of the structure have the following meanings:</p>
-
-<p class=definition0>                                        <i>slotID</i>       ID
-of the slot that interfaces with the token</p>
-
-<p class=definition0><i>                                         state</i>       the
-state of the session</p>
-
-<p class=definition0><i>                                         flags</i>       bit
-flags that define the type of session; the flags are defined below</p>
-
-<p class=definition0>                             <i>ulDeviceError</i>       an
-error code defined by the cryptographic device.  Used for errors not covered by
-Cryptoki.</p>
-
-<p class=MsoNormal>The following table defines the <i>flags</i> field:</p>
-
-<p class=MsoCaption><a name="_Toc225305944"></a><a name="_Toc405794973"></a><a
-name="_Toc383864512">Table </a>7, Session Information Flags</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=192 valign=top style='width:2.0in;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><a name="_Toc319315680"></a><a
-   name="_Toc319313687"></a><a name="_Toc319313494"></a><a name="_Toc319287653"><b><span
-   style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Bit Flag</span></b></a></p>
-   </td>
-   <td width=96 valign=top style='width:1.0in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Mask</span></b></p>
-   </td>
-   <td width=294 valign=top style='width:220.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=192 valign=top style='width:2.0in;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKF_RW_SESSION</span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00000002</span></p>
-  </td>
-  <td width=294 valign=top style='width:220.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>True if the session is read/write; false if
-  the session is read-only</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=192 valign=top style='width:2.0in;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKF_SERIAL_SESSION</span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00000004</span></p>
-  </td>
-  <td width=294 valign=top style='width:220.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>This flag is provided for backward
-  compatibility, and should always be set to true</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><a name="_Toc385057823"></a><a name="_Toc383864833"></a><a
-name="_Toc323610819"></a><a name="_Toc323205390"></a><a name="_Toc323024059">CK_SESSION_INFO_PTR
-is a pointer to a CK_SESSION_INFO.</a></p>
-
-<h2><a name="_Toc416959689"></a><a name="_Toc395183762"></a><a
-name="_Toc391468766"></a><a name="_Toc370633975"></a><a name="_Toc235002252"></a><a
-name="_Toc72656037"></a><a name="_Ref26861179"></a><a name="_Toc405794640"></a><a
-name="_Toc385057824"></a><a name="_Toc383864834"></a><a name="_Toc323610820"></a><a
-name="_Toc323205391"></a><a name="_Toc323024060"></a><a name="_Toc323000684"></a><a
-name="_Toc322945101"></a><a name="_Toc322855275">3.4 Object types</a></h2>
-
-<p class=MsoNormal>Cryptoki represents object information with the following
-types:</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002253"></a><a name="_Toc72656038"></a><a name="_Toc405794641"></a><a
-name="_Toc385057825"></a><a name="_Toc383864835"></a><a name="_Toc323610821"></a><a
-name="_Toc323205392"></a><a name="_Toc323024061"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>CK_OBJECT_HANDLE</span></a><span
-style='font-family:"Arial","sans-serif"'>; CK_OBJECT_HANDLE_PTR</span></p>
-
-<p class=MsoNormal><b>CK_OBJECT_HANDLE</b> is a token-specific identifier for
-an object.  It is defined as follows:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-CK_ULONG CK_OBJECT_HANDLE;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>&nbsp;</p>
-
-</div>
-
-<p class=MsoNormal>When an object is created or found on a token by an
-application, Cryptoki assigns it an object handle for that application’s
-sessions to use to access it.  A particular object on a token does not
-necessarily have a handle which is fixed for the lifetime of the object;
-however, if a particular session can use a particular handle to access a
-particular object, then that session will continue to be able to use that
-handle to access that object as long as the session continues to exist, the
-object continues to exist, and the object continues to be accessible to the
-session.</p>
-
-<p class=MsoNormal><a name="_Toc385057826"></a><a name="_Toc383864836"></a><a
-name="_Toc323610822"></a><a name="_Toc323205393"></a><a name="_Toc323024062"><i>Valid
-object handles in Cryptoki always have nonzero values.</i>  For developers’
-convenience, Cryptoki defines the following symbolic value:</a></p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_INVALID_HANDLE</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>&nbsp;</p>
-
-</div>
-
-<p class=MsoNormal>CK_OBJECT_HANDLE_PTR is a pointer to a CK_OBJECT_HANDLE.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002254"></a><a name="_Toc72656039"></a><a name="_Toc405794642"></a><a
-name="_Toc385057827"></a><a name="_Toc383864837"></a><a name="_Toc323610823"></a><a
-name="_Toc323205394"></a><a name="_Toc323024063"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>CK_OBJECT_CLASS</span></a><span
-style='font-family:"Arial","sans-serif"'>; CK_OBJECT_CLASS_PTR</span></p>
-
-<p class=MsoNormal style='page-break-after:avoid'>CK_OBJECT_CLASS is a value
-that identifies the classes (or types) of objects that Cryptoki recognizes.  It
-is defined as follows<span style='font-size:12.0pt'>:</span></p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-CK_ULONG CK_OBJECT_CLASS;</p>
-
-<p class=Code style='margin-top:0in;margin-right:0in;margin-bottom:0in;
-margin-left:.8in;margin-bottom:.0001pt;text-indent:-.8in;background:#D9D9D9'><span
-style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-</div>
-
-<p class=MsoNormal>Object classes are defined with the objects that use them.
-The type is specified on an object through the CKA_CLASS attribute of the
-object.</p>
-
-<p class=MsoNormal>Vendor defined values for this type may also be specified.</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CKO_VENDOR_
-DEFINED   </p>
-
-<p class=Code style='margin-top:0in;margin-right:0in;margin-bottom:0in;
-margin-left:.8in;margin-bottom:.0001pt;text-indent:-.8in;background:#D9D9D9'><span
-style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-</div>
-
-<p class=MsoNormal>Object classes <b>CKO_VENDOR_DEFINED</b> and above are
-permanently reserved for token vendors.  For interoperability, vendors should
-register their object classes through the PKCS process.</p>
-
-<p class=MsoNormal><b>CK_OBJECT_CLASS_PTR</b> is a pointer to a <b>CK_OBJECT_CLASS</b>.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002255"></a><a name="_Toc72656040"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>CK_HW_FEATURE_TYPE</span></a></p>
-
-<p class=MsoNormal><b>CK_HW_FEATURE_TYPE</b> is a value that identifies a
-hardware feature type of a device. It is defined as follows:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-CK_ULONG CK_HW_FEATURE_TYPE;</p>
-
-<p class=Code style='margin-top:0in;margin-right:0in;margin-bottom:0in;
-margin-left:.8in;margin-bottom:.0001pt;text-indent:-.8in;background:#D9D9D9'><span
-style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-</div>
-
-<p class=MsoNormal>Hardware feature types are defined with the objects that use
-them. The type is specified on an object through the CKA_HW_FEATURE_TYPE
-attribute of the object.</p>
-
-<p class=MsoNormal>Vendor defined values for this type may also be specified.</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CKH_VENDOR_DEFINED   
-</p>
-
-<p class=Code style='margin-top:0in;margin-right:0in;margin-bottom:0in;
-margin-left:.8in;margin-bottom:.0001pt;text-indent:-.8in;background:#D9D9D9'><span
-style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-</div>
-
-<p class=MsoNormal>Feature types <b>CKH_VENDOR_DEFINED</b> and above are
-permanently reserved for token vendors.  For interoperability, vendors should
-register their feature types through the PKCS process.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc323205396"></a><a name="_Toc323024065"></a><a name="_Toc235002256"></a><a
-name="_Toc72656041"></a><a name="_Toc405794643"></a><a name="_Toc385057829"></a><a
-name="_Toc383864839"></a><a name="_Toc323610825"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>CK_KEY_TYPE</span></a></p>
-
-<p class=MsoNormal><b>CK_KEY_TYPE</b> is a value that identifies a key type. It
-is defined as follows:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin-top:0in;margin-right:0in;margin-bottom:0in;
-margin-left:.8in;margin-bottom:.0001pt;text-indent:-.8in;background:#D9D9D9'><span
-style='font-family:"Arial","sans-serif"'>typedef CK_ULONG CK_KEY_TYPE;</span></p>
-
-<p class=Code style='margin-top:0in;margin-right:0in;margin-bottom:0in;
-margin-left:.8in;margin-bottom:.0001pt;text-indent:-.8in;background:#D9D9D9'><span
-style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-</div>
-
-<p class=MsoNormal>Key types are defined with the objects and mechanisms that
-use them. The key type is specified on an object through the CKA_KEY_TYPE
-attribute of the object.</p>
-
-<p class=MsoNormal>Vendor defined values for this type may also be specified.</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CKK_VENDOR_DEFINED 
-</p>
-
-<p class=Code style='margin-top:0in;margin-right:0in;margin-bottom:0in;
-margin-left:.8in;margin-bottom:.0001pt;text-indent:-.8in;background:#D9D9D9'><span
-style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-</div>
-
-<p class=MsoNormal>Key types <b>CKK_VENDOR_DEFINED</b> and above are
-permanently reserved for token vendors.  For interoperability, vendors should
-register their key types through the PKCS process.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002257"></a><a name="_Toc72656042"></a><a name="_Toc405794644"></a><a
-name="_Toc385057830"></a><a name="_Toc383864840"></a><a name="_Toc323610826"><span
-style='font-family:Symbol;font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>CK_CERTIFICATE_TYPE</span></a></p>
-
-<p class=MsoNormal><b>CK_CERTIFICATE_TYPE</b> is a value that identifies a
-certificate type. It is defined as follows:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-CK_ULONG CK_CERTIFICATE_TYPE;</p>
-
-<p class=Code style='margin-top:0in;margin-right:0in;margin-bottom:0in;
-margin-left:.8in;margin-bottom:.0001pt;text-indent:-.8in;background:#D9D9D9'><span
-style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-</div>
-
-<p class=MsoNormal>Certificate types are defined with the objects and
-mechanisms that use them. The certificate type is specified on an object
-through the CKA_CERTIFICATE_TYPE attribute of the object.</p>
-
-<p class=MsoNormal>Vendor defined values for this type may also be specified.</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CKC_VENDOR_DEFINED</p>
-
-<p class=Code style='margin-top:0in;margin-right:0in;margin-bottom:0in;
-margin-left:.8in;margin-bottom:.0001pt;text-indent:-.8in;background:#D9D9D9'><span
-style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-</div>
-
-<p class=MsoNormal><a name="_Toc323024066">Certificate types <b>CKC_VENDOR_DEFINED</b>
-and above are permanently reserved for token vendors.  For interoperability,
-vendors should register their certificate types through the PKCS process.</a></p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol;font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>CK_CERTIFICATE_CATEGORY</span></p>
-
-<p class=MsoNormal><b>CK_CERTIFICATE_CATEGORY</b> is a value that identifies a
-certificate category. It is defined as follows:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-CK_ULONG CK_CERTIFICATE_CATEGORY;</p>
-
-<p class=Code style='margin-top:0in;margin-right:0in;margin-bottom:0in;
-margin-left:.8in;margin-bottom:.0001pt;text-indent:-.8in;background:#D9D9D9'><span
-style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-</div>
-
-<p class=MsoNormal>For this version of Cryptoki, the following certificate
-categories are defined:</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=320 valign=top style='width:239.9pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><b><span lang=SV
-   style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Constant</span></b></p>
-   </td>
-   <td width=106 valign=top style='width:79.35pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><b><span lang=SV
-   style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Value</span></b></p>
-   </td>
-   <td width=158 valign=top style='width:118.85pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=320 valign=top style='width:239.9pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_CERTIFICATE_CATEGORY_UNSPECIFIED</span></p>
-  </td>
-  <td width=106 valign=top style='width:79.35pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00000000UL</span></p>
-  </td>
-  <td width=158 valign=top style='width:118.85pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>No category specified</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=320 valign=top style='width:239.9pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_CERTIFICATE_CATEGORY_TOKEN_USER</span></p>
-  </td>
-  <td width=106 valign=top style='width:79.35pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00000001UL</span></p>
-  </td>
-  <td width=158 valign=top style='width:118.85pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Certificate belongs to owner of the token</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=320 valign=top style='width:239.9pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_CERTIFICATE_CATEGORY_AUTHORITY</span></p>
-  </td>
-  <td width=106 valign=top style='width:79.35pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00000002UL</span></p>
-  </td>
-  <td width=158 valign=top style='width:118.85pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Certificate belongs to a certificate authority</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=320 valign=top style='width:239.9pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_CERTIFICATE_CATEGORY_OTHER_ENTITY</span></p>
-  </td>
-  <td width=106 valign=top style='width:79.35pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00000003UL</span></p>
-  </td>
-  <td width=158 valign=top style='width:118.85pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Certificate belongs to an end entity (i.e.:
-  not a CA)</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002258"></a><a name="_Toc72656043"></a><a name="_Toc405794645"></a><a
-name="_Toc385057831"></a><a name="_Toc383864841"></a><a name="_Toc323610827"></a><a
-name="_Toc323205397"><span style='font-family:Symbol;font-weight:normal'>¨<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><span
-style='font-family:"Arial","sans-serif"'>CK_ATTRIBUTE_TYPE</span></a><span
-style='font-family:"Arial","sans-serif"'> </span></p>
-
-<p class=MsoNormal><b>CK_ATTRIBUTE_TYPE</b> is a value that identifies an
-attribute type. It is defined as follows:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-CK_ULONG CK_ATTRIBUTE_TYPE;</p>
-
-<p class=Code style='margin-top:0in;margin-right:0in;margin-bottom:0in;
-margin-left:.8in;margin-bottom:.0001pt;text-indent:-.8in;background:#D9D9D9'><span
-style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-</div>
-
-<p class=MsoNormal>Attributes are defined with the objects and mechanisms that
-use them. Attributes are specified on an object as a list of type, length value
-items. These are often specified as an attribute template.</p>
-
-<p class=MsoNormal>Vendor defined values for this type may also be specified.</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CKA_VENDOR_DEFINED</p>
-
-<p class=Code style='margin-top:0in;margin-right:0in;margin-bottom:0in;
-margin-left:.8in;margin-bottom:.0001pt;text-indent:-.8in;background:#D9D9D9'><span
-style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-</div>
-
-<p class=MsoNormal>Attribute types <b>CKA_VENDOR_DEFINED</b> and above are
-permanently reserved for token vendors.  For interoperability, vendors should
-register their attribute types through the PKCS process.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002259"></a><a name="_Toc72656044"></a><a name="_Toc405794646"></a><a
-name="_Toc385057832"></a><a name="_Toc383864842"></a><a name="_Toc323610828"></a><a
-name="_Toc323205398"></a><a name="_Toc323024067"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>CK_ATTRIBUTE</span></a><span
-style='font-family:"Arial","sans-serif"'>; CK_ATTRIBUTE_PTR</span></p>
-
-<p class=MsoNormal><b>CK_ATTRIBUTE </b>is a structure that includes the type,
-value, and length of an attribute.  It is defined as follows:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-struct CK_ATTRIBUTE {</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_ATTRIBUTE_TYPE type;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_VOID_PTR pValue;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_ULONG ulValueLen;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>}
-CK_ATTRIBUTE;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>&nbsp;</p>
-
-</div>
-
-<p class=MsoNormal>The fields of the structure have the following meanings:</p>
-
-<p class=definition0>                                          <i>type</i>       the
-attribute type</p>
-
-<p class=definition0>                                      <i>pValue</i>       pointer
-to the value of the attribute</p>
-
-<p class=definition0>                                <i>ulValueLen</i>       length
-in bytes of the value</p>
-
-<p class=MsoNormal>If an attribute has no value, then <i>ulValueLen</i> = 0,
-and the value of <i>pValue</i> is irrelevant. An array of <b>CK_ATTRIBUTE</b>s
-is called a “template” and is used for creating, manipulating and searching for
-objects.  The order of the attributes in a template <i>never</i> matters, even
-if the template contains vendor-specific attributes.  Note that <i>pValue</i>
-is a “void” pointer, facilitating the passing of arbitrary values.  Both the
-application and Cryptoki library MUST ensure that the pointer can be safely
-cast to the expected type (<i>i.e.</i>, without word-alignment errors).</p>
-
-<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
-style='font-family:"Courier New";color:black'>&nbsp;</span></p>
-
-<p class=MsoNormal style='margin:0in;margin-bottom:.0001pt'><span
-style='color:black'>The constant CK_UNAVAILABLE_INFORMATION is used in the
-ulValueLen field to denote an invalid or unavailable value. See
-C_GetAttributeValue for further details.</span></p>
-
-<p class=MsoNormal><b>&nbsp;</b></p>
-
-<p class=MsoNormal><b>CK_ATTRIBUTE_PTR</b> is a pointer to a <b>CK_ATTRIBUTE</b>.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc322855276"></a><a name="_Toc319315681"></a><a name="_Toc319313688"></a><a
-name="_Toc319313495"></a><a name="_Toc319287654"></a><a name="_Toc235002260"></a><a
-name="_Toc72656045"></a><a name="_Toc405794647"></a><a name="_Toc385057834"></a><a
-name="_Toc383864844"></a><a name="_Toc323610830"></a><a name="_Toc323205400"></a><a
-name="_Toc323024069"><span style='font-family:Symbol;font-weight:normal'>¨<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><span
-style='font-family:"Arial","sans-serif"'>CK_DATE</span></a></p>
-
-<p class=MsoNormal><b>CK_DATE </b>is a structure that defines a date. It is
-defined as follows:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-struct CK_DATE {</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_CHAR year[4];</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_CHAR month[2];</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_CHAR day[2];</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>}
-CK_DATE;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-</div>
-
-<p class=MsoNormal>The fields of the structure have the following meanings:</p>
-
-<p class=definition0>                                          <i>year</i>       the
-year (“1900” - “9999”)</p>
-
-<p class=definition0>                                       <i>month</i>       the
-month (“01” - “12”)</p>
-
-<p class=definition0>                                           <i>day</i>       the
-day (“01” - “31”)</p>
-
-<p class=MsoNormal><a name="_Toc323024070"></a><a name="_Toc323000685"></a><a
-name="_Toc322945102">The fields hold numeric characters from the character set
-in </a>Table 3, not the literal byte values.</p>
-
-<p class=MsoNormal>When a Cryptoki object carries an attribute of this type,
-and the default value of the attribute is specified to be &quot;empty,&quot;
-then Cryptoki libraries SHALL set the attribute's <i>ulValueLen</i> to 0.</p>
-
-<p class=MsoNormal>Note that implementations of previous versions of Cryptoki
-may have used other methods to identify an &quot;empty&quot; attribute of type
-CK_DATE, and applications that needs to interoperate with these libraries
-therefore have to be flexible in what they accept as an empty value.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol;font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>CK_JAVA_MIDP_SECURITY_DOMAIN</span></p>
-
-<p class=name style='margin-left:0in;text-indent:0in'><span style='font-size:
-10.0pt;font-family:"Arial","sans-serif"'>CK_JAVA_MIDP_SECURITY_DOMAIN </span><span
-style='font-size:10.0pt;font-family:"Arial","sans-serif";font-weight:normal'>is
-a value that identifies the Java MIDP security domain of a certificate.  It is
-defined as follows:</span></p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-CK_ULONG CK_JAVA_MIDP_SECURITY_DOMAIN;</p>
-
-</div>
-
-<p class=name style='margin-left:0in;text-indent:0in'><span style='font-size:
-10.0pt;font-family:"Arial","sans-serif";font-weight:normal'>For this version of
-Cryptoki, the following security domains are defined.  See the Java MIDP
-specification for further information:</span></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=320 valign=top style='width:239.9pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><b><span lang=SV
-   style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Constant</span></b></p>
-   </td>
-   <td width=106 valign=top style='width:79.35pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><b><span lang=SV
-   style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Value</span></b></p>
-   </td>
-   <td width=158 valign=top style='width:118.85pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=320 valign=top style='width:239.9pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_SECURITY_DOMAIN_UNSPECIFIED</span></p>
-  </td>
-  <td width=106 valign=top style='width:79.35pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00000000UL</span></p>
-  </td>
-  <td width=158 valign=top style='width:118.85pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>No domain specified</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=320 valign=top style='width:239.9pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_SECURITY_DOMAIN_MANUFACTURER</span></p>
-  </td>
-  <td width=106 valign=top style='width:79.35pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00000001UL</span></p>
-  </td>
-  <td width=158 valign=top style='width:118.85pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Manufacturer protection domain</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=320 valign=top style='width:239.9pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_SECURITY_DOMAIN_OPERATOR</span></p>
-  </td>
-  <td width=106 valign=top style='width:79.35pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00000002UL</span></p>
-  </td>
-  <td width=158 valign=top style='width:118.85pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Operator protection domain</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=320 valign=top style='width:239.9pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_SECURITY_DOMAIN_THIRD_PARTY</span></p>
-  </td>
-  <td width=106 valign=top style='width:79.35pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00000003UL</span></p>
-  </td>
-  <td width=158 valign=top style='width:118.85pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Third party protection domain</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=name style='margin-left:0in;text-indent:0in'><span style='font-size:
-10.0pt;font-family:"Arial","sans-serif";font-weight:normal'>&nbsp;</span></p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<h2><a name="_Ref319978509"></a><a name="_Toc319315682"></a><a
-name="_Toc319313689"></a><a name="_Toc319313496"></a><a name="_Toc319287655"></a><a
-name="_Toc383864845"></a><a name="_Ref372962897"></a><a name="_Toc323610839"></a><a
-name="_Toc323205409"></a><a name="_Toc323024078"></a><a name="_Toc323000686"></a><a
-name="_Toc322945103"></a><a name="_Toc322855277"></a><a name="_Toc416959690"></a><a
-name="_Toc395183763"></a><a name="_Toc391468767"></a><a name="_Toc370633976"></a><a
-name="_Toc235002261"></a><a name="_Toc72656046"></a><a name="_Toc405794648"></a><a
-name="_Toc385057835"></a><a name="_Toc383864940"></a><a name="_Toc323610831"></a><a
-name="_Toc323205401">3.5 Data types for mechanisms</a></h2>
-
-<p class=MsoNormal>Cryptoki supports the following types for describing
-mechanisms and parameters to them:</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002262"></a><a name="_Toc72656047"></a><a name="_Toc405794649"></a><a
-name="_Toc385057836"></a><a name="_Toc383864941"></a><a name="_Toc323610832"></a><a
-name="_Toc323205402"></a><a name="_Toc323024071"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>CK_MECHANISM_TYPE</span></a><span
-style='font-family:"Arial","sans-serif"'>; CK_MECHANISM_TYPE_PTR</span></p>
-
-<p class=MsoNormal><b>CK_MECHANISM_TYPE </b>is a value that identifies a
-mechanism type. It is defined as follows:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-CK_ULONG CK_MECHANISM_TYPE;</p>
-
-<p class=Code style='margin-top:0in;margin-right:0in;margin-bottom:0in;
-margin-left:.8in;margin-bottom:.0001pt;text-indent:-.8in;background:#D9D9D9'><span
-style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-</div>
-
-<p class=MsoNormal>Mechanism types are defined with the objects and mechanism
-descriptions that use them.</p>
-
-<p class=MsoNormal>Vendor defined values for this type may also be specified.</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CKM_VENDOR_DEFINED</p>
-
-<p class=Code style='margin-top:0in;margin-right:0in;margin-bottom:0in;
-margin-left:.8in;margin-bottom:.0001pt;text-indent:-.8in;background:#D9D9D9'><span
-style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-</div>
-
-<p class=MsoNormal><a name="_Toc323024072">Mechanism types <b>CKM_VENDOR_DEFINED</b>
-and above are permanently reserved for token vendors.  For interoperability,
-vendors should register their mechanism types through the PKCS process.</a></p>
-
-<p class=MsoNormal><b>CK_MECHANISM_TYPE_PTR</b> is a pointer to a <b>CK_MECHANISM_TYPE</b>.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002263"></a><a name="_Toc72656048"></a><a name="_Toc405794650"></a><a
-name="_Toc385057838"></a><a name="_Toc383864943"></a><a name="_Toc323610834"></a><a
-name="_Toc323205404"></a><a name="_Toc323024073"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>CK_MECHANISM</span></a><span
-style='font-family:"Arial","sans-serif"'>; CK_MECHANISM_PTR</span></p>
-
-<p class=MsoNormal><b>CK_MECHANISM</b> is a structure that specifies a
-particular mechanism and any parameters it requires.  It is defined as follows:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-struct CK_MECHANISM {</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_MECHANISM_TYPE mechanism;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_VOID_PTR pParameter;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_ULONG ulParameterLen;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>}
-CK_MECHANISM;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>&nbsp;</p>
-
-</div>
-
-<p class=MsoNormal>The fields of the structure have the following meanings:</p>
-
-<p class=definition0>                               <i>mechanism</i>       the
-type of mechanism</p>
-
-<p class=definition0>                               <i>pParameter</i>       pointer
-to the parameter if required by the mechanism</p>
-
-<p class=definition0>                         <i>ulParameterLen</i>       length
-in bytes of the parameter</p>
-
-<p class=MsoNormal><a name="_Toc323024074">Note that <i>pParameter</i> is a
-“void” pointer, facilitating the passing of arbitrary values.  Both the
-application and the Cryptoki library MUST ensure that the pointer can be safely
-cast to the expected type (<i>i.e.</i>, without word-alignment errors).</a></p>
-
-<p class=MsoNormal><b>CK_MECHANISM_PTR</b> is a pointer to a <b>CK_MECHANISM</b>.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002264"></a><a name="_Toc72656049"></a><a name="_Toc405794651"></a><a
-name="_Toc385057840"></a><a name="_Toc383864945"></a><a name="_Toc323610836"></a><a
-name="_Toc323205406"></a><a name="_Toc323024075"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>CK_MECHANISM_INFO</span></a><span
-style='font-family:"Arial","sans-serif"'>; CK_MECHANISM_INFO_PTR</span></p>
-
-<p class=MsoNormal><b>CK_MECHANISM_INFO</b> is a structure that provides
-information about a particular mechanism.  It is defined as follows:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-struct CK_MECHANISM_INFO {</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_ULONG ulMinKeySize;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_ULONG ulMaxKeySize;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_FLAGS flags;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>}
-CK_MECHANISM_INFO;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>&nbsp;</p>
-
-</div>
-
-<p class=MsoNormal>The fields of the structure have the following meanings:</p>
-
-<p class=definition0>                            <i>ulMinKeySize</i>       the
-minimum size of the key for the mechanism (whether this is measured in bits or
-in bytes is mechanism-dependent)</p>
-
-<p class=definition0>                           <i>ulMaxKeySize</i>       the
-maximum size of the key for the mechanism (whether this is measured in bits or
-in bytes is mechanism-dependent)</p>
-
-<p class=definition0>                                         <i>flags</i>       bit
-flags specifying mechanism capabilities</p>
-
-<p class=MsoNormal>For some mechanisms, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields have meaningless values.</p>
-
-<p class=MsoNormal>The following table defines the <i>flags</i> field:</p>
-
-<p class=MsoCaption><a name="_Toc225305945"></a><a name="_Toc405794974"></a><a
-name="_Toc383864547">Table </a>8, Mechanism Information Flags</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=228 valign=top style='width:171.0pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><b><span lang=SV
-   style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Bit Flag</span></b></p>
-   </td>
-   <td width=96 valign=top style='width:1.0in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><b><span lang=SV
-   style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Mask</span></b></p>
-   </td>
-   <td width=252 valign=top style='width:189.0pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=228 valign=top style='width:171.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKF_HW</span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00000001</span></p>
-  </td>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>True if the mechanism is performed by the
-  device; false if the mechanism is performed in software</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=228 valign=top style='width:171.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKF_ENCRYPT</span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00000100</span></p>
-  </td>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>True if the mechanism can be used with <b>C_EncryptInit</b></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=228 valign=top style='width:171.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKF_DECRYPT</span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00000200</span></p>
-  </td>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>True if the mechanism can be used with <b>C_DecryptInit</b></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=228 valign=top style='width:171.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKF_DIGEST</span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00000400</span></p>
-  </td>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>True if the mechanism can be used with <b>C_DigestInit</b></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=228 valign=top style='width:171.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKF_SIGN</span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00000800</span></p>
-  </td>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>True if the mechanism can be used with <b>C_SignInit</b></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=228 valign=top style='width:171.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKF_SIGN_RECOVER</span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00001000</span></p>
-  </td>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>True if the mechanism can be used with <b>C_SignRecoverInit</b></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=228 valign=top style='width:171.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKF_VERIFY</span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00002000</span></p>
-  </td>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>True if the mechanism can be used with <b>C_VerifyInit</b></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=228 valign=top style='width:171.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKF_VERIFY_RECOVER</span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00004000</span></p>
-  </td>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>True if the mechanism can be used with <b>C_VerifyRecoverInit</b></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=228 valign=top style='width:171.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKF_GENERATE</span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00008000</span></p>
-  </td>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>True if the mechanism can be used with <b>C_GenerateKey</b></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=228 valign=top style='width:171.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKF_GENERATE_KEY_PAIR</span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00010000</span></p>
-  </td>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>True if the mechanism can be used with <b>C_GenerateKeyPair</b></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=228 valign=top style='width:171.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKF_WRAP</span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00020000</span></p>
-  </td>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>True if the mechanism can be used with <b>C_WrapKey</b></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=228 valign=top style='width:171.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKF_UNWRAP</span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00040000</span></p>
-  </td>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>True if the mechanism can be used with <b>C_UnwrapKey</b></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=228 valign=top style='width:171.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKF_DERIVE</span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00080000</span></p>
-  </td>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>True if the mechanism can be used with <b>C_DeriveKey</b></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=228 valign=top style='width:171.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKF_EXTENSION</span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x80000000</span></p>
-  </td>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>True if there is an extension to the flags;
-  false if no extensions.  MUST be false for this version.</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal style='margin-top:12.0pt'><a name="_Toc385057841"></a><a
-name="_Toc383864946"></a><a name="_Toc323610837"></a><a name="_Toc323205407"></a><a
-name="_Toc323024076">CK_MECHANISM_INFO_PTR is a pointer to a CK_MECHANISM_INFO</a><span
-style='font-size:12.0pt'>.</span></p>
-
-<h2><a name="_Toc416959691"></a><a name="_Toc395183764"></a><a
-name="_Toc391468768"></a><a name="_Toc370633977"></a><a name="_Toc235002265"></a><a
-name="_Toc72656050"></a><a name="_Toc405794652"></a><a name="_Toc385057842"></a><a
-name="_Ref384634468">3.6 Function</a> types</h2>
-
-<p class=MsoNormal>Cryptoki represents information about functions with the
-following data types:</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002266"></a><a name="_Toc72656051"></a><a name="_Toc405794654"></a><a
-name="_Toc385057844"></a><a name="_Toc383864847"></a><a name="_Toc323610841"></a><a
-name="_Toc323205411"></a><a name="_Toc323024080"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>CK_RV</span></a></p>
-
-<p class=MsoNormal><b>CK_RV</b> is a value that identifies the return value of
-a Cryptoki function. It is defined as follows:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-CK_ULONG CK_RV;</p>
-
-<p class=Code style='margin-top:0in;margin-right:0in;margin-bottom:0in;
-margin-left:.8in;margin-bottom:.0001pt;text-indent:-.8in;background:#D9D9D9'><span
-style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-</div>
-
-<p class=MsoNormal>Vendor defined values for this type may also be specified.</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CKR_VENDOR_DEFINED</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>&nbsp;</p>
-
-</div>
-
-<p class=MsoNormal>Section 5.1 defines the meaning of each <b>CK_RV</b> value.
-Return values <b>CKR_VENDOR_DEFINED</b> and above are permanently reserved for
-token vendors.  For interoperability, vendors should register their return
-values through the PKCS process.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002267"></a><a name="_Toc72656052"></a><a name="_Toc405794655"></a><a
-name="_Toc385057845"><span style='font-family:Symbol;font-weight:normal'>¨<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><span
-style='font-family:"Arial","sans-serif"'>CK_NOTIFY</span></a></p>
-
-<p class=MsoNormal><b>CK_NOTIFY</b> is the type of a pointer to a function used
-by Cryptoki to perform notification callbacks.  It is defined as follows:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-CK_CALLBACK_FUNCTION(CK_RV, CK_NOTIFY)(</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_SESSION_HANDLE hSession,</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_NOTIFICATION event,</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_VOID_PTR pApplication</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>);</p>
-
-<p class=Code style='margin-top:0in;margin-right:0in;margin-bottom:0in;
-margin-left:.8in;margin-bottom:.0001pt;text-indent:-.8in;background:#D9D9D9'><span
-style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-</div>
-
-<p class=MsoNormal>The arguments to a notification callback function have the
-following meanings:</p>
-
-<p class=definition0>                                   <i>hSession</i>       The
-handle of the session performing the callback</p>
-
-<p class=definition0>                                        <i>event</i>       The
-type of notification callback</p>
-
-<p class=definition0>                              <i>pApplication</i>       An
-application-defined value.  This is the same value as was passed to <b>C_OpenSession</b>
-to open the session performing the callback</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002268"></a><a name="_Toc72656053"></a><a name="_Toc405794656"><span
-style='font-family:Symbol;font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>CK_C_XXX</span></a></p>
-
-<p class=MsoNormal>Cryptoki also defines an entire family of other function
-pointer types.  For each function <b>C_XXX</b> in the Cryptoki API (see Section
-4.12 for detailed information about each of them), Cryptoki defines a type <b>CK_C_XXX</b>,
-which is a pointer to a function with the same arguments and return value as <b>C_XXX</b>
-has.  An appropriately-set variable of type <b>CK_C_XXX</b> may be used by an
-application to call the Cryptoki function <b>C_XXX</b>.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002269"></a><a name="_Toc72656054"></a><a name="_Toc405794657"></a><a
-name="_Toc385057846"><span style='font-family:Symbol;font-weight:normal'>¨<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><span
-style='font-family:"Arial","sans-serif"'>CK_FUNCTION_LIST</span></a><span
-style='font-family:"Arial","sans-serif"'>; CK_FUNCTION_LIST_PTR;
-CK_FUNCTION_LIST_PTR_PTR</span></p>
-
-<p class=MsoNormal><b>CK_FUNCTION_LIST</b> is a structure which contains a
-Cryptoki version and a function pointer to each function in the Cryptoki API. 
-It is defined as follows:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-struct CK_FUNCTION_LIST {</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_VERSION version;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_C_Initialize C_Initialize;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_C_Finalize C_Finalize;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_C_GetInfo C_GetInfo;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_C_GetFunctionList C_GetFunctionList;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>  <span
-lang=DE-CH>CK_C_GetSlotList C_GetSlotList;</span></p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-lang=DE-CH>  </span>CK_C_GetSlotInfo C_GetSlotInfo;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_C_GetTokenInfo C_GetTokenInfo;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>  <span
-lang=DE>CK_C_GetMechanismList C_GetMechanismList;</span></p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-lang=DE>  CK_C_GetMechanismInfo C_GetMechanismInfo;</span></p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-lang=DE>  CK_C_InitToken C_InitToken;</span></p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-lang=DE>  CK_C_InitPIN C_InitPIN;</span></p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-lang=DE>  CK_C_SetPIN C_SetPIN;</span></p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-lang=DE>  </span>CK_C_OpenSession C_OpenSession;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_C_CloseSession C_CloseSession;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_C_CloseAllSessions C_CloseAllSessions;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_C_GetSessionInfo C_GetSessionInfo;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_C_GetOperationState C_GetOperationState;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_C_SetOperationState C_SetOperationState;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_C_Login C_Login;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>  <span
-lang=FR-CH>CK_C_Logout C_Logout;</span></p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-lang=FR-CH>  </span>CK_C_CreateObject C_CreateObject;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_C_CopyObject C_CopyObject;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_C_DestroyObject C_DestroyObject;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_C_GetObjectSize C_GetObjectSize;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>  CK_C_GetAttributeValue
-C_GetAttributeValue;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_C_SetAttributeValue C_SetAttributeValue;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>  CK_C_FindObjectsInit
-C_FindObjectsInit;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_C_FindObjects C_FindObjects;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_C_FindObjectsFinal C_FindObjectsFinal;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>  <span
-lang=FR>CK_C_EncryptInit C_EncryptInit;</span></p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-lang=FR>  CK_C_Encrypt C_Encrypt;</span></p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-lang=FR>  CK_C_EncryptUpdate C_EncryptUpdate;</span></p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-lang=FR>  CK_C_EncryptFinal C_EncryptFinal;</span></p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-lang=FR>  CK_C_DecryptInit C_DecryptInit;</span></p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-lang=FR>  CK_C_Decrypt C_Decrypt;</span></p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-lang=FR>  </span>CK_C_DecryptUpdate C_DecryptUpdate;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_C_DecryptFinal C_DecryptFinal;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>  <span
-lang=DE-CH>CK_C_DigestInit C_DigestInit;</span></p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-lang=DE-CH>  </span><span lang=DE>CK_C_Digest C_Digest;</span></p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-lang=DE>  CK_C_DigestUpdate C_DigestUpdate;</span></p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-lang=DE>  CK_C_DigestKey C_DigestKey;</span></p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-lang=DE>  CK_C_DigestFinal C_DigestFinal;</span></p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-lang=DE>  </span><span lang=SV>CK_C_SignInit C_SignInit;</span></p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-lang=SV>  </span>CK_C_Sign C_Sign;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_C_SignUpdate C_SignUpdate;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_C_SignFinal C_SignFinal;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_C_SignRecoverInit C_SignRecoverInit;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_C_SignRecover C_SignRecover;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_C_VerifyInit C_VerifyInit;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_C_Verify C_Verify;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>  <span
-lang=IT>CK_C_VerifyUpdate C_VerifyUpdate;</span></p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-lang=IT>  CK_C_VerifyFinal C_VerifyFinal;</span></p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-lang=IT>  </span>CK_C_VerifyRecoverInit C_VerifyRecoverInit;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_C_VerifyRecover C_VerifyRecover;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>  <span
-lang=DE>CK_C_DigestEncryptUpdate C_DigestEncryptUpdate;</span></p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-lang=DE>  CK_C_DecryptDigestUpdate C_DecryptDigestUpdate;</span></p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-lang=DE>  CK_C_SignEncryptUpdate C_SignEncryptUpdate;</span></p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-lang=DE>  CK_C_DecryptVerifyUpdate C_DecryptVerifyUpdate;</span></p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-lang=DE>  </span>CK_C_GenerateKey C_GenerateKey;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_C_GenerateKeyPair C_GenerateKeyPair;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_C_WrapKey C_WrapKey;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_C_UnwrapKey C_UnwrapKey;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_C_DeriveKey C_DeriveKey;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>  <span
-lang=SV>CK_C_SeedRandom C_SeedRandom;</span></p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-lang=SV>  CK_C_GenerateRandom C_GenerateRandom;</span></p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-lang=SV>  </span>CK_C_GetFunctionStatus C_GetFunctionStatus;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_C_CancelFunction C_CancelFunction;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_C_WaitForSlotEvent C_WaitForSlotEvent;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>}
-CK_FUNCTION_LIST;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-</div>
-
-<p class=MsoNormal>Each Cryptoki library has a static <b>CK_FUNCTION_LIST</b>
-structure, and a pointer to it (or to a copy of it which is also owned by the
-library) may be obtained by the <b>C_GetFunctionList</b> function (see Section 5.2).  The value that this pointer points to can be used by an application to quickly
-find out where the executable code for each function in the Cryptoki API is
-located.  Every function in the Cryptoki API MUST have an entry point defined
-in the Cryptoki library’s <b>CK_FUNCTION_LIST</b> structure.  If a particular
-function in the Cryptoki API is not supported by a library, then the function
-pointer for that function in the library’s <b>CK_FUNCTION_LIST</b> structure
-should point to a function stub which simply returns
-CKR_FUNCTION_NOT_SUPPORTED.</p>
-
-<p class=MsoNormal>In this structure ‘version’ is the cryptoki specification
-version number. It should match the value of ‘cryptokiVersion’ returned in the
-CK_INFO structure.</p>
-
-<p class=MsoNormal>An application may or may not be able to modify a Cryptoki
-library’s static <b>CK_FUNCTION_LIST</b> structure.  Whether or not it can, it
-should never attempt to do so.</p>
-
-<p class=MsoNormal><b>CK_FUNCTION_LIST_PTR</b> is a pointer to a <b>CK_FUNCTION_LIST</b>.</p>
-
-<p class=MsoNormal><b>CK_FUNCTION_LIST_PTR_PTR</b> is a pointer to a <b>CK_FUNCTION_LIST_PTR</b>.</p>
-
-<h2><a name="_Ref320349815"></a><a name="_Toc319315696"></a><a
-name="_Toc319313703"></a><a name="_Toc319313510"></a><a name="_Toc319287669"></a><a
-name="_Toc385057849"></a><a name="_Toc383864848"></a><a name="_Toc323610842"></a><a
-name="_Toc323205412"></a><a name="_Toc323024081"></a><a name="_Toc323000687"></a><a
-name="_Toc322945120"></a><a name="_Toc322855278"></a><a name="_Ref320512055"></a><a
-name="_Toc416959692"></a><a name="_Toc395183765"></a><a name="_Toc391468769"></a><a
-name="_Toc370633978"></a><a name="_Toc235002270"></a><a name="_Toc72656055"></a><a
-name="_Ref407445939"></a><a name="_Toc405794658">3.7 Locking-related types</a></h2>
-
-<p class=MsoNormal>The types in this section are provided solely for
-applications which need to access Cryptoki from multiple threads
-simultaneously.  <i>Applications which will not do this need not use any of
-these types.</i></p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002271"></a><a name="_Toc72656056"></a><a name="_Toc405794659"><span
-style='font-family:Symbol;font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>CK_CREATEMUTEX</span></a></p>
-
-<p class=MsoNormal><b>CK_CREATEMUTEX</b> is the type of a pointer to an
-application-supplied function which creates a new mutex object and returns a
-pointer to it.  It is defined as follows:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-CK_CALLBACK_FUNCTION(CK_RV, CK_CREATEMUTEX)(</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_VOID_PTR_PTR ppMutex</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>);</p>
-
-<p class=Code style='margin-top:0in;margin-right:0in;margin-bottom:0in;
-margin-left:.8in;margin-bottom:.0001pt;text-indent:-.8in;background:#D9D9D9'><span
-style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-</div>
-
-<p class=MsoNormal>Calling a CK_CREATEMUTEX function returns the pointer to the
-new mutex object in the location pointed to by ppMutex.  Such a function should
-return one of the following values:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CKR_OK,
-CKR_GENERAL_ERROR</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CKR_HOST_MEMORY</p>
-
-</div>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002272"></a><a name="_Toc72656057"></a><a name="_Toc405794660"><span
-style='font-family:Symbol;font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>CK_DESTROYMUTEX</span></a></p>
-
-<p class=MsoNormal><b>CK_DESTROYMUTEX</b> is the type of a pointer to an
-application-supplied function which destroys an existing mutex object.  It is
-defined as follows:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-CK_CALLBACK_FUNCTION(CK_RV, CK_DESTROYMUTEX)(</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_VOID_PTR pMutex</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>);</p>
-
-<p class=Code style='margin-top:0in;margin-right:0in;margin-bottom:0in;
-margin-left:.8in;margin-bottom:.0001pt;text-indent:-.8in;background:#D9D9D9'><span
-style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-</div>
-
-<p class=MsoNormal>The argument to a CK_DESTROYMUTEX function is a pointer to
-the mutex object to be destroyed.  Such a function should return one of the
-following values:<span style='font-size:12.0pt'> </span></p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CKR_OK,
-CKR_GENERAL_ERROR</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CKR_HOST_MEMORY</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CKR_MUTEX_BAD</p>
-
-</div>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002273"></a><a name="_Toc72656058"></a><a name="_Toc405794661"><span
-style='font-family:Symbol;font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>CK_LOCKMUTEX</span></a><span
-style='font-family:"Arial","sans-serif"'> and CK_UNLOCKMUTEX</span></p>
-
-<p class=MsoNormal><b>CK_LOCKMUTEX</b> is the type of a pointer to an
-application-supplied function which locks an existing mutex object.  <b>CK_UNLOCKMUTEX</b>
-is the type of a pointer to an application-supplied function which unlocks an
-existing mutex object.  The proper behavior for these types of functions is as
-follows:</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If a CK_LOCKMUTEX function is called on a mutex which is not
-locked, the calling thread obtains a lock on that mutex and returns.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If a CK_LOCKMUTEX function is called on a mutex which is locked
-by some thread other than the calling thread, the calling thread blocks and
-waits for that mutex to be unlocked.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If a CK_LOCKMUTEX function is called on a mutex which is locked
-by the calling thread, the behavior of the function call is undefined.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If a CK_UNLOCKMUTEX function is called on a mutex which is locked
-by the calling thread, that mutex is unlocked and the function call returns. 
-Furthermore:</p>
-
-<p class=MsoNormal style='margin-left:.75in;text-indent:-.25in'><span
-style='font-family:"Courier New"'>o<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;
-</span></span>If exactly one thread was blocking on that particular mutex, then
-that thread stops blocking, obtains a lock on that mutex, and its CK_LOCKMUTEX
-call returns.</p>
-
-<p class=MsoNormal style='margin-left:.75in;text-indent:-.25in'><span
-style='font-family:"Courier New"'>o<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;
-</span></span>If more than one thread was blocking on that particular mutex,
-then exactly one of the blocking threads is selected somehow.  That lucky
-thread stops blocking, obtains a lock on the mutex, and its CK_LOCKMUTEX call
-returns.  All other threads blocking on that particular mutex continue to
-block.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If a CK_UNLOCKMUTEX function is called on a mutex which is not
-locked, then the function call returns the error code CKR_MUTEX_NOT_LOCKED.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If a CK_UNLOCKMUTEX function is called on a mutex which is locked
-by some thread other than the calling thread, the behavior of the function call
-is undefined.</p>
-
-<p class=MsoNormal><b>CK_LOCKMUTEX</b> is defined as follows:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-CK_CALLBACK_FUNCTION(CK_RV, CK_LOCKMUTEX)(</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_VOID_PTR pMutex</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>);</p>
-
-<p class=Code style='margin-top:0in;margin-right:0in;margin-bottom:0in;
-margin-left:.8in;margin-bottom:.0001pt;text-indent:-.8in;background:#D9D9D9'><span
-style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-</div>
-
-<p class=MsoNormal>The argument to a CK_LOCKMUTEX function is a pointer to the
-mutex object to be locked.  Such a function should return one of the following
-values:<span style='font-size:12.0pt'> </span></p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CKR_OK,
-CKR_GENERAL_ERROR</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CKR_HOST_MEMORY,</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CKR_MUTEX_BAD</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>&nbsp;</p>
-
-</div>
-
-<p class=MsoNormal><b>CK_UNLOCKMUTEX</b> is defined as follows:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-CK_CALLBACK_FUNCTION(CK_RV, CK_UNLOCKMUTEX)(</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_VOID_PTR pMutex</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>);</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>&nbsp;</p>
-
-</div>
-
-<p class=MsoNormal>The argument to a CK_UNLOCKMUTEX function is a pointer to
-the mutex object to be unlocked.  Such a function should return one of the
-following values:<span style='font-size:12.0pt'> </span></p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CKR_OK,
-CKR_GENERAL_ERROR</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CKR_HOST_MEMORY</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CKR_MUTEX_BAD</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CKR_MUTEX_NOT_LOCKED</p>
-
-</div>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002274"></a><a name="_Toc72656059"></a><a name="_Toc405794663"><span
-style='font-family:Symbol;font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>CK_C_INITIALIZE_ARGS</span></a><span
-style='font-family:"Arial","sans-serif"'>; CK_C_INITIALIZE_ARGS_PTR</span></p>
-
-<p class=MsoNormal><b>CK_C_INITIALIZE_ARGS</b> is a structure containing the
-optional arguments for the <b>C_Initialize</b> function.  For this version of
-Cryptoki, these optional arguments are all concerned with the way the library
-deals with threads.  <b>CK_C_INITIALIZE_ARGS</b> is defined as follows:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>typedef
-struct CK_C_INITIALIZE_ARGS {</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_CREATEMUTEX CreateMutex;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_DESTROYMUTEX DestroyMutex;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_LOCKMUTEX LockMutex;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_UNLOCKMUTEX UnlockMutex;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_FLAGS flags;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-CK_VOID_PTR pReserved;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>}
-CK_C_INITIALIZE_ARGS;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'><span
-style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-</div>
-
-<p class=MsoNormal>The fields of the structure have the following meanings:</p>
-
-<p class=definition0>                              <i>CreateMutex</i>       pointer
-to a function to use for creating mutex objects</p>
-
-<p class=definition0>                            <i>DestroyMutex</i>       pointer
-to a function to use for destroying mutex objects</p>
-
-<p class=definition0>                                <i>LockMutex</i>       pointer
-to a function to use for locking mutex objects</p>
-
-<p class=definition0>                             <i>UnlockMutex</i>       pointer
-to a function to use for unlocking mutex objects</p>
-
-<p class=definition0>                                         <i>flags</i>       bit
-flags specifying options for <b>C_Initialize</b>; the flags are defined below</p>
-
-<p class=definition0>                                 <i>pReserved</i>       reserved
-for future use.  Should be NULL_PTR for this version of Cryptoki</p>
-
-<p class=MsoNormal style='page-break-after:avoid'>The following table defines
-the flags field<span style='font-size:12.0pt'>:</span></p>
-
-<p class=MsoCaption><a name="_Toc225305946"></a><a name="_Toc405794975">Table </a>9, C_Initialize Parameter Flags</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=360 valign=top style='width:3.75in;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><b><span lang=SV
-   style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Bit Flag</span></b></p>
-   </td>
-   <td width=96 valign=top style='width:1.0in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><b><span lang=SV
-   style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Mask</span></b></p>
-   </td>
-   <td width=126 valign=top style='width:94.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=360 valign=top style='width:3.75in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKF_LIBRARY_CANT_CREATE_OS_THREADS</span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00000001</span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>True if application threads which are
-  executing calls to the library may <i>not</i> use native operating system
-  calls to spawn new threads; false if they may</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=360 valign=top style='width:3.75in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKF_OS_LOCKING_OK</span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>0x00000002</span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>True if the library can use the native
-  operation system threading model for locking; false otherwise</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><a name="_Toc405794664"></a><a name="_Ref398028757">CK_C_INITIALIZE_ARGS_PTR
-is a pointer to a CK_C_INITIALIZE_ARGS.</a></p>
-
-<div style='border:none;border-top:solid gray 1.0pt;padding:6.0pt 0in 0in 0in'>
-
-<h1><a name="_Toc416959693"></a><a name="_Toc395183766"></a><a
-name="_Toc391468770"></a><a name="_Toc370633979"></a><a name="_Toc235002275"></a><a
-name="_Toc72656060"></a><a name="_Ref457115175">4<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span>Objects</a></h1>
-
-</div>
-
-<p class=MsoNormal>Cryptoki recognizes a number of classes of objects, as
-defined in the <b>CK_OBJECT_CLASS</b> data type.  An object consists of a set
-of attributes, each of which has a given value. Each attribute that an object
-possesses has precisely one value.  The following figure illustrates the
-high-level hierarchy of the Cryptoki objects and some of the attributes they
-support:</p>
-
-<p class=MsoNormal align=center style='text-align:center;page-break-after:avoid'><img
-border=0 width=529 height=385 src="pkcs11-base-v2.40-os_files/image002.png"></p>
-
-<p class=MsoCaption><a name="_Toc225305929">Figure </a>1, Object Attribute
-Hierarchy</p>
-
-<p class=MsoNormal>Cryptoki provides functions for creating, destroying, and
-copying objects in general, and for obtaining and modifying the values of their
-attributes.  Some of the cryptographic functions (<i>e.g.</i>, <b>C_GenerateKey</b>)
-also create key objects to hold their results.</p>
-
-<p class=MsoNormal>Objects are always “well-formed” in Cryptoki—that is, an
-object always contains all required attributes, and the attributes are always
-consistent with one another from the time the object is created.  This
-contrasts with some object-based paradigms where an object has no attributes
-other than perhaps a class when it is created, and is uninitialized for some
-time.  In Cryptoki, objects are always initialized.</p>
-
-<p class=MsoNormal>Tables throughout most of Section 4 define each Cryptoki attribute in terms of the data type of the attribute value and the meaning of the
-attribute, which may include a default initial value.  Some of the data types
-are defined explicitly by Cryptoki (<i>e.g.</i>, <b>CK_OBJECT_CLASS</b>). 
-Attribute values may also take the following types:</p>
-
-<p class=definition0>                                 Byte array       an
-arbitrary string (array) of <b>CK_BYTE</b>s</p>
-
-<p class=definition0>                                Big integer       a string
-of <b>CK_BYTE</b>s representing an unsigned integer of arbitrary size,
-most-significant byte first (<i>e.g.</i>, the integer 32768 is represented as
-the 2-byte string 0x80 0x00)</p>
-
-<p class=definition0>                               Local string       an
-unpadded string of <b>CK_CHAR</b>s (see Table 3) with no null-termination</p>
-
-<p class=definition0>                         RFC2279 string       an unpadded
-string of <strong>CK_UTF8CHARs</strong> with no null-termination</p>
-
-<p class=MsoNormal>A token can hold several identical objects, <i>i.e.</i>, it
-is permissible for two or more objects to have exactly the same values for all
-their attributes.</p>
-
-<p class=MsoNormal>In most cases each type of object in the Cryptoki
-specification possesses a completely well-defined set of Cryptoki attributes.
-Some of these attributes possess default values, and need not be specified when
-creating an object; some of these default values may even be the empty string
-(“”).  Nonetheless, the object possesses these attributes.  A given object has
-a single value for each attribute it possesses, even if the attribute is a
-vendor-specific attribute whose meaning is outside the scope of Cryptoki.</p>
-
-<p class=MsoNormal>In addition to possessing Cryptoki attributes, objects may
-possess additional vendor-specific attributes whose meanings and values are not
-specified by Cryptoki.</p>
-
-<h2><a name="_Toc416959694"></a><a name="_Toc395183767"></a><a
-name="_Toc391468771"></a><a name="_Toc370633980"></a><a name="_Toc235002276"></a><a
-name="_Toc72656061"></a><a name="_Toc405794665"></a><a name="_Ref399824797"></a><a
-name="_Ref399824759"></a><a name="_Ref399824691">4.1 Creating, modifying, and
-copying objects</a></h2>
-
-<p class=MsoNormal>All Cryptoki functions that create, modify, or copy objects
-take a template as one of their arguments, where the template specifies
-attribute values.  Cryptographic functions that create objects (see Section 5.13) may also contribute some additional attribute values themselves; which
-attributes have values contributed by a cryptographic function call depends on
-which cryptographic mechanism is being performed (see [PKCS11-Curr] and
-[PKCS11-Hist] for specification of mechanisms for PKCS #11).  In any case, all
-the required attributes supported by an object class that do not have default
-values MUST be specified when an object is created, either in the template or
-by the function itself.</p>
-
-<h3><a name="_Toc416959695"></a><a name="_Toc395183768"></a><a
-name="_Toc391468772"></a><a name="_Toc370633981"></a><a name="_Toc235002277"></a><a
-name="_Toc72656062"></a><a name="_Toc405794666"></a><a name="_Ref399215106">4.1.1
-Creating objects</a></h3>
-
-<p class=MsoNormal>Objects may be created with the Cryptoki functions <b>C_CreateObject</b>
-(see Section 5.7), <b>C_GenerateKey</b>, <b>C_GenerateKeyPair</b>, <b>C_UnwrapKey</b>,
-and <b>C_DeriveKey</b> (see Section 5.13).  In addition, copying an existing
-object (with the function <b>C_CopyObject</b>) also creates a new object, but
-we consider this type of object creation separately in Section 4.1.3.</p>
-
-<p class=MsoNormal>Attempting to create an object with any of these functions
-requires an appropriate template to be supplied.</p>
-
-<p class=MsoNormal style='margin-top:0in;margin-right:0in;margin-bottom:12.0pt;
-margin-left:.25in;text-align:justify;text-indent:-.25in'>1.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>If the
-supplied template specifies a value for an invalid attribute, then the attempt
-should fail with the error code CKR_ATTRIBUTE_TYPE_INVALID.  An attribute is
-valid if it is either one of the attributes described in the Cryptoki
-specification or an additional vendor-specific attribute supported by the
-library and token.</p>
-
-<p class=MsoList><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>2.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span></span><span
-style='font-size:10.0pt;font-family:"Arial","sans-serif"'>If the supplied
-template specifies an invalid value for a valid attribute, then the attempt
-should fail with the error code CKR_ATTRIBUTE_VALUE_INVALID.  The valid values
-for Cryptoki attributes are described in the Cryptoki specification.</span></p>
-
-<p class=MsoNormal style='margin-top:0in;margin-right:0in;margin-bottom:12.0pt;
-margin-left:.25in;text-align:justify;text-indent:-.25in'>3.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>If the
-supplied template specifies a value for a read-only attribute, then the attempt
-should fail with the error code CKR_ATTRIBUTE_READ_ONLY.  Whether or not a
-given Cryptoki attribute is read-only is explicitly stated in the Cryptoki
-specification; however, a particular library and token may be even more
-restrictive than Cryptoki specifies.  In other words, an attribute which
-Cryptoki says is not read-only may nonetheless be read-only under certain
-circumstances (<i>i.e.</i>, in conjunction with some combinations of other
-attributes) for a particular library and token.  Whether or not a given
-non-Cryptoki attribute is read-only is obviously outside the scope of Cryptoki.</p>
-
-<p class=MsoNormal style='margin-top:0in;margin-right:0in;margin-bottom:12.0pt;
-margin-left:.25in;text-align:justify;text-indent:-.25in'>4.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>If the
-attribute values in the supplied template, together with any default attribute
-values and any attribute values contributed to the object by the
-object-creation function itself, are insufficient to fully specify the object
-to create, then the attempt should fail with the error code
-CKR_TEMPLATE_INCOMPLETE.</p>
-
-<p class=MsoNormal style='margin-top:0in;margin-right:0in;margin-bottom:12.0pt;
-margin-left:.25in;text-align:justify;text-indent:-.25in'>5.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>If the
-attribute values in the supplied template, together with any default attribute
-values and any attribute values contributed to the object by the
-object-creation function itself, are inconsistent, then the attempt should fail
-with the error code CKR_TEMPLATE_INCONSISTENT.  A set of attribute values is
-inconsistent if not all of its members can be satisfied simultaneously <i>by
-the token</i>, although each value individually is valid in Cryptoki. One
-example of an inconsistent template would be using a template which specifies
-two different values for the same attribute.  Another example would be trying
-to create a secret key object with an attribute which is appropriate for
-various types of public keys or private keys, but not for secret keys.  A final
-example would be a template with an attribute that violates some token specific
-requirement.  Note that this final example of an inconsistent template is
-token-dependent—on a different token, such a template might <i>not</i> be
-inconsistent.</p>
-
-<p class=MsoNormal style='margin-top:0in;margin-right:0in;margin-bottom:12.0pt;
-margin-left:.25in;text-align:justify;text-indent:-.25in'>6.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>If the
-supplied template specifies the same value for a particular attribute more than
-once (or the template specifies the same value for a particular attribute that
-the object-creation function itself contributes to the object), then the
-behavior of Cryptoki is not completely specified.  The attempt to create an
-object can either succeed—thereby creating the same object that would have been
-created if the multiply-specified attribute had only appeared once—or it can
-fail with error code CKR_TEMPLATE_INCONSISTENT.  Library developers are
-encouraged to make their libraries behave as though the attribute had only
-appeared once in the template; application developers are strongly encouraged
-never to put a particular attribute into a particular template more than once.</p>
-
-<p class=MsoNormal>If more than one of the situations listed above applies to
-an attempt to create an object, then the error code returned from the attempt
-can be any of the error codes from above that applies.</p>
-
-<h3><a name="_Toc416959696"></a><a name="_Toc395183769"></a><a
-name="_Toc391468773"></a><a name="_Toc370633982"></a><a name="_Toc235002278"></a><a
-name="_Ref226351743"></a><a name="_Toc72656063"></a><a name="_Toc405794667">4.1.2
-Modifying objects</a></h3>
-
-<p class=MsoNormal>Objects may be modified with the Cryptoki function <b>C_SetAttributeValue</b>
-(see Section 5.7).  The template supplied to <b>C_SetAttributeValue</b> can
-contain new values for attributes which the object already possesses; values
-for attributes which the object does not yet possess; or both.</p>
-
-<p class=MsoNormal>Some attributes of an object may be modified after the
-object has been created, and some may not.  In addition, attributes which
-Cryptoki specifies are modifiable may actually <i>not</i> be modifiable on some
-tokens.  That is, if a Cryptoki attribute is described as being modifiable,
-that really means only that it is modifiable <i>insofar as the Cryptoki
-specification is concerned</i>.  A particular token might not actually support
-modification of some such attributes.  Furthermore, whether or not a particular
-attribute of an object on a particular token is modifiable might depend on the
-values of certain attributes of the object.  For example, a secret key object’s
-<b>CKA_SENSITIVE</b> attribute can be changed from CK_FALSE to CK_TRUE, but not
-the other way around.</p>
-
-<p class=MsoNormal>All the scenarios in Section 4.1.1—and the error codes they return—apply to modifying objects with <b>C_SetAttributeValue</b>, except
-for the possibility of a template being incomplete.</p>
-
-<h3><a name="_Toc416959697"></a><a name="_Toc395183770"></a><a
-name="_Toc391468774"></a><a name="_Toc370633983"></a><a name="_Toc235002279"></a><a
-name="_Toc72656064"></a><a name="_Toc405794668"></a><a name="_Ref399147407">4.1.3
-Copying objects</a></h3>
-
-<p class=MsoNormal><span style='color:black'>Unless an object's CKA_COPYABLE
-(see table 21) attribute is set to CK_FALSE, it </span>may be copied with the
-Cryptoki function <b>C_CopyObject</b> (see Section 5.7).  In the process of copying an object, <b>C_CopyObject</b> also modifies the attributes of the
-newly-created copy according to an application-supplied template.</p>
-
-<p class=MsoNormal>The Cryptoki attributes which can be modified during the
-course of a <b>C_CopyObject</b> operation are the same as the Cryptoki
-attributes which are described as being modifiable, plus the three special
-attributes <b>CKA_TOKEN</b>, <b>CKA_PRIVATE</b>, <b>CKA_MODIFIABLE and
-CKA_DESTROYABLE</b>.  To be more precise, these attributes are modifiable
-during the course of a <b>C_CopyObject</b> operation <i>insofar as the Cryptoki
-specification is concerned</i>.  A particular token might not actually support
-modification of some such attributes during the course of a <b>C_CopyObject</b>
-operation.  Furthermore, whether or not a particular attribute of an object on
-a particular token is modifiable during the course of a <b>C_CopyObject</b>
-operation might depend on the values of certain attributes of the object.  For
-example, a secret key object’s <b>CKA_SENSITIVE</b> attribute can be changed
-from CK_FALSE to CK_TRUE during the course of a <b>C_CopyObject</b> operation,
-but not the other way around.</p>
-
-<p class=MsoNormal><a name="_Toc385057850"></a><a name="_Toc383864849"></a><a
-name="_Toc323610843"></a><a name="_Toc323205413"></a><a name="_Toc323024082"></a><a
-name="_Toc323000688"></a><a name="_Toc322945121"></a><a name="_Toc322855279"><span
-style='color:black'>If the CKA_COPYABLE attribute of the object to be copied is
-set to CK_FALSE, C_CopyObject returns CKR_ACTION_PROHIBITED.  Otherwise, the
-scenarios described in 10.1.1 - and the error codes they return - apply to
-copying objects with C_CopyObject, except for the possibility of a template
-being incomplete</span>.</a></p>
-
-<h2><a name="_Toc416959698"></a><a name="_Toc395183771"></a><a
-name="_Toc391468775"></a><a name="_Toc370633984"></a><a name="_Toc235002280"></a><a
-name="_Toc72656065"></a><a name="_Toc405794669"></a><a name="_Common_attributes"></a>4.2
-Common attributes</h2>
-
-<p class=MsoCaption><a name="_Toc225305947"></a><a name="_Toc405794980"></a><a
-name="_Ref62896792">Table </a>10, Common footnotes for object attribute tables</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <tr>
-  <td width=576 valign=top style='width:6.0in;border:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal><sup><span style='font-size:12.0pt'>1</span></sup><span
-  style='font-size:12.0pt'> </span>MUST be specified when object is created
-  with <b>C_CreateObject</b>.</p>
-  <p class=MsoNormal><sup>2</sup> MUST <i>not</i> be specified when object is
-  created with <b>C_CreateObject</b>.</p>
-  <p class=MsoNormal><sup>3</sup> MUST be specified when object is generated
-  with <b>C_GenerateKey</b> or <b>C_GenerateKeyPair</b>.</p>
-  <p class=MsoNormal><sup>4</sup> MUST <i>not</i> be specified when object is
-  generated with <b>C_GenerateKey</b> or <b>C_GenerateKeyPair</b>.</p>
-  <p class=MsoNormal><sup>5</sup> MUST be specified when object is unwrapped
-  with <b>C_UnwrapKey</b>.</p>
-  <p class=MsoNormal><sup>6</sup> MUST <i>not</i> be specified when object is
-  unwrapped with <b>C_UnwrapKey</b>.</p>
-  <p class=MsoNormal><sup>7</sup> Cannot be revealed if object has its <b>CKA_SENSITIVE</b>
-  attribute set to CK_TRUE or its <b>CKA_EXTRACTABLE</b> attribute set to
-  CK_FALSE.</p>
-  <p class=MsoNormal><sup>8</sup> May be modified after object is created with
-  a <b>C_SetAttributeValue</b> call, or in the process of copying object with a
-  <b>C_CopyObject</b> call.  However, it is possible that a particular token
-  may not permit modification of the attribute during the course of a <b>C_CopyObject</b>
-  call.</p>
-  <p class=MsoNormal><sup>9</sup> Default value is token-specific, and may
-  depend on the values of other attributes.</p>
-  <p class=MsoNormal><sup>10 </sup>Can only be set to CK_TRUE by the SO user.</p>
-  <p class=MsoNormal><sup>11</sup> Attribute cannot be changed once set to
-  CK_TRUE. It becomes a read only attribute.</p>
-  <p class=MsoNormal><sup>12</sup> Attribute cannot be changed once set to
-  CK_FALSE. It becomes a read only attribute.</p>
-  <p class=MsoNormal>&nbsp;</p>
-  </td>
- </tr>
-</table>
-
-<p class=space><span style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-<p class=MsoCaption><a name="_Toc225305948"></a><a name="_Ref457120194"></a><a
-name="_Ref457120199">Table </a>11, Common Object Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=156 valign=top style='width:117.0pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Attribute</span></b></p>
-   </td>
-   <td width=162 valign=top style='width:121.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Data Type</span></b></p>
-   </td>
-   <td width=265 valign=top style='width:198.9pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=156 valign=top style='width:117.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_CLASS<sup>1</sup></span></p>
-  </td>
-  <td width=162 valign=top style='width:121.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_OBJECT_CLASS</span></p>
-  </td>
-  <td width=265 valign=top style='width:198.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Object class (type)</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup> </sup>Refer to Table 10 for footnotes</p>
-
-<p class=MsoNormal>The above table defines the attributes common to all
-objects.</p>
-
-<h2><a name="_Toc416959699"></a><a name="_Toc395183772"></a><a
-name="_Toc391468776"></a><a name="_Toc370633985"></a><a name="_Toc235002281"></a><a
-name="_Toc72656066">4.3 Hardware Feature Objects</a></h2>
-
-<h3><a name="_Toc416959700"></a><a name="_Toc395183773"></a><a
-name="_Toc391468777"></a><a name="_Toc370633986"></a><a name="_Toc235002282"></a><a
-name="_Toc72656067">4.3.1 Definitions</a></h3>
-
-<p class=MsoNormal>This section defines the object class CKO_HW_FEATURE for
-type CK_OBJECT_CLASS as used in the CKA_CLASS attribute of  objects.</p>
-
-<h3><a name="_Toc416959701"></a><a name="_Toc395183774"></a><a
-name="_Toc391468778"></a><a name="_Toc370633987"></a><a name="_Toc235002283"></a><a
-name="_Toc72656068">4.3.2 Overview</a></h3>
-
-<p class=MsoNormal>Hardware feature objects (<b>CKO_HW_FEATURE</b>) represent
-features of the device. They provide an easily expandable method for
-introducing new value-based features to the Cryptoki interface.</p>
-
-<p class=MsoNormal>When searching for objects using <b>C_FindObjectsInit</b>
-and <b>C_FindObjects</b>, hardware feature objects are not returned unless the <b>CKA_CLASS</b>
-attribute in the template has the value <b>CKO_HW_FEATURE</b>. This protects
-applications written to previous versions of Cryptoki from finding objects that
-they do not understand.</p>
-
-<p class=MsoCaption><a name="_Toc225305949">Table </a>12, Hardware Feature
-Common Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <tr>
-  <td width=216 valign=top style='width:2.25in;border:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><b><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Attribute</span></b></p>
-  </td>
-  <td width=180 valign=top style='width:135.0pt;border:solid windowtext 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><b><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Data Type</span></b></p>
-  </td>
-  <td width=187 valign=top style='width:1.95in;border:solid windowtext 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><b><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Meaning</span></b></p>
-  </td>
- </tr>
- <tr>
-  <td width=216 valign=top style='width:2.25in;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_HW_FEATURE_TYPE<sup>1</sup></span></p>
-  </td>
-  <td width=180 valign=top style='width:135.0pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_HW_FEATURE_TYPE</span></p>
-  </td>
-  <td width=187 valign=top style='width:1.95in;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Hardware feature (type)</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>- </sup>Refer to Table 10 for footnotes</p>
-
-<h3><a name="_Toc416959702"></a><a name="_Toc395183775"></a><a
-name="_Toc391468779"></a><a name="_Toc370633988"></a><a name="_Toc235002284">4.3.3
-Clock</a></h3>
-
-<h4>4.3.3.1 Definition</h4>
-
-<p class=MsoNormal>The CKA_HW_FEATURE_TYPE attribute takes the value CKH_CLOCK
-of type CK_HW_FEATURE.</p>
-
-<h4>4.3.3.2 Description</h4>
-
-<p class=MsoNormal>Clock objects represent real-time clocks that exist on the
-device. This represents the same clock source as the <b>utcTime</b> field in
-the <b>CK_TOKEN_INFO</b> structure.</p>
-
-<p class=MsoCaption><a name="_Toc225305950">Table </a>13, Clock Object
-Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><b><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Attribute</span></b></p>
-  </td>
-  <td width=120 valign=top style='width:1.25in;border:solid windowtext 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><b><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Data Type</span></b></p>
-  </td>
-  <td width=349 valign=top style='width:261.9pt;border:solid windowtext 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><b><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Meaning</span></b></p>
-  </td>
- </tr>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_VALUE</span></p>
-  </td>
-  <td width=120 valign=top style='width:1.25in;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_CHAR[16]</span></p>
-  </td>
-  <td width=349 valign=top style='width:261.9pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Current time as a character-string of
-  length 16, represented in the format YYYYMMDDhhmmssxx (4 characters for the
-  year;  2 characters each for the month, the day, the hour, the minute, and
-  the second; and 2 additional reserved ‘0’ characters).</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>The <b>CKA_VALUE</b> attribute may be set using the <b>C_SetAttributeValue</b>
-function if permitted by the device. The session used to set the time MUST be
-logged in. The device may require the SO to be the user logged in to modify the
-time value. <b>C_SetAttributeValue</b> will return the error
-CKR_USER_NOT_LOGGED_IN to indicate that a different user type is required to
-set the value.</p>
-
-<h3><a name="_Toc416959703"></a><a name="_Toc395183776"></a><a
-name="_Toc391468780"></a><a name="_Toc370633989"></a><a name="_Toc235002285">4.3.4
-Monotonic Counter Objects</a></h3>
-
-<h4>4.3.4.1 Definition</h4>
-
-<p class=MsoNormal>The CKA_HW_FEATURE_TYPE attribute takes the value CKH_MONOTONIC_COUNTER
-of type CK_HW_FEATURE.</p>
-
-<h4>4.3.4.2 Description</h4>
-
-<p class=MsoNormal>Monotonic counter objects represent hardware counters that
-exist on the device. The counter is guaranteed to increase each time its value
-is read, but not necessarily by one. This might be used by an application for
-generating serial numbers to get some assurance of uniqueness per token.</p>
-
-<p class=MsoCaption><a name="_Toc225305951">Table </a>14, Monotonic Counter
-Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <tr>
-  <td width=186 valign=top style='width:139.5pt;border:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><b><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Attribute</span></b></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border:solid windowtext 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><b><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Data Type</span></b></p>
-  </td>
-  <td width=295 valign=top style='width:221.4pt;border:solid windowtext 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><b><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Meaning</span></b></p>
-  </td>
- </tr>
- <tr>
-  <td width=186 valign=top style='width:139.5pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_RESET_ON_INIT<sup>1</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-  </td>
-  <td width=295 valign=top style='width:221.4pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>The value of the counter will reset to a
-  previously returned value if the token is initialized using <b>C_InitToken</b>.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=186 valign=top style='width:139.5pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_HAS_RESET<sup>1</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-  </td>
-  <td width=295 valign=top style='width:221.4pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>The value of the counter has been reset at
-  least once at some point in time.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=186 valign=top style='width:139.5pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_VALUE<sup>1</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Byte Array</span></p>
-  </td>
-  <td width=295 valign=top style='width:221.4pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>The current version of the monotonic
-  counter. The value is returned in big endian order.</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>1</sup>Read Only</p>
-
-<p class=MsoNormal>The <b>CKA_VALUE</b> attribute may not be set by the client.</p>
-
-<h3><a name="_Toc416959704"></a><a name="_Toc395183777"></a><a
-name="_Toc391468781"></a><a name="_Toc370633990"></a><a name="_Toc235002286">4.3.5
-User Interface Objects</a></h3>
-
-<h4>4.3.5.1 Definition</h4>
-
-<p class=MsoNormal>The CKA_HW_FEATURE_TYPE attribute takes the value
-CKH_USER_INTERFACE of type CK_HW_FEATURE.</p>
-
-<h4>4.3.5.2 Description</h4>
-
-<p class=MsoNormal>User interface objects represent the presentation
-capabilities of the device.</p>
-
-<p class=MsoCaption><a name="_Toc225305952">Table </a>15, User Interface Object
-Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr style='page-break-inside:avoid;height:8.5pt'>
-   <td width=217 valign=top style='width:163.05pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.75pt 0in 5.75pt;height:8.5pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif";layout-grid-mode:line'>Attribute</span></b></p>
-   </td>
-   <td width=104 valign=top style='width:77.95pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt;height:8.5pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Data type</span></b></p>
-   </td>
-   <td width=261 valign=top style='width:195.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt;height:8.5pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Meaning</span></b></p>
-   </td>
-  </tr>
-  <tr>
-   <td width=217 valign=top style='width:163.05pt;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><span lang=EN-AU
-   style='font-size:10.0pt;font-family:"Arial","sans-serif";layout-grid-mode:
-   line'>CKA_PIXEL_X</span></p>
-   </td>
-   <td width=104 valign=top style='width:77.95pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-   font-family:"Arial","sans-serif"'>CK_ULONG</span></p>
-   </td>
-   <td width=261 valign=top style='width:195.5pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-   font-family:"Arial","sans-serif"'>Screen resolution (in pixels) in X-axis
-   (e.g. 1280)</span></p>
-   </td>
-  </tr>
-  <tr style='page-break-inside:avoid'>
-   <td width=217 valign=top style='width:163.05pt;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><span lang=SV
-   style='font-size:10.0pt;font-family:"Arial","sans-serif";layout-grid-mode:
-   line'>CKA_PIXEL_Y</span></p>
-   </td>
-   <td width=104 valign=top style='width:77.95pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-   font-family:"Arial","sans-serif"'>CK_ULONG</span></p>
-   </td>
-   <td width=261 valign=top style='width:195.5pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-   font-family:"Arial","sans-serif"'>Screen resolution (in pixels) in Y-axis
-   (e.g. 1024)</span></p>
-   </td>
-  </tr>
-  <tr style='page-break-inside:avoid'>
-   <td width=217 valign=top style='width:163.05pt;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><span lang=EN-AU
-   style='font-size:10.0pt;font-family:"Arial","sans-serif";layout-grid-mode:
-   line'>CKA_RESOLUTION</span></p>
-   </td>
-   <td width=104 valign=top style='width:77.95pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-   font-family:"Arial","sans-serif"'>CK_ULONG</span></p>
-   </td>
-   <td width=261 valign=top style='width:195.5pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-   font-family:"Arial","sans-serif"'>DPI, pixels per inch</span></p>
-   </td>
-  </tr>
-  <tr>
-   <td width=217 valign=top style='width:163.05pt;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-   font-family:"Arial","sans-serif";layout-grid-mode:line'>CKA_CHAR_ROWS</span></p>
-   </td>
-   <td width=104 valign=top style='width:77.95pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-   font-family:"Arial","sans-serif"'>CK_ULONG</span></p>
-   </td>
-   <td width=261 valign=top style='width:195.5pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-   font-family:"Arial","sans-serif"'>For character-oriented displays; number of
-   character rows (e.g. 24)</span></p>
-   </td>
-  </tr>
-  <tr>
-   <td width=217 valign=top style='width:163.05pt;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-   font-family:"Arial","sans-serif";layout-grid-mode:line'>CKA_CHAR_COLUMNS</span></p>
-   </td>
-   <td width=104 valign=top style='width:77.95pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-   font-family:"Arial","sans-serif"'>CK_ULONG</span></p>
-   </td>
-   <td width=261 valign=top style='width:195.5pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-   font-family:"Arial","sans-serif"'>For character-oriented displays: number of
-   character columns (e.g. 80). If display is of proportional-font type, this
-   is the width of the display in “em”-s (letter “M”), see CC/PP Struct.</span></p>
-   </td>
-  </tr>
-  <tr>
-   <td width=217 valign=top style='width:163.05pt;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-   font-family:"Arial","sans-serif";layout-grid-mode:line'>CKA_COLOR</span></p>
-   </td>
-   <td width=104 valign=top style='width:77.95pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-   font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-   </td>
-   <td width=261 valign=top style='width:195.5pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-   font-family:"Arial","sans-serif"'>Color support</span></p>
-   </td>
-  </tr>
-  <tr>
-   <td width=217 valign=top style='width:163.05pt;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-   font-family:"Arial","sans-serif";layout-grid-mode:line'>CKA_BITS_PER_PIXEL</span></p>
-   </td>
-   <td width=104 valign=top style='width:77.95pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-   font-family:"Arial","sans-serif"'>CK_ULONG</span></p>
-   </td>
-   <td width=261 valign=top style='width:195.5pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>The
-   number of bits of color or grayscale information per pixel.</span></p>
-   </td>
-  </tr>
-  <tr>
-   <td width=217 valign=top style='width:163.05pt;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><span lang=SV
-   style='font-size:10.0pt;font-family:"Arial","sans-serif";layout-grid-mode:
-   line'>CKA_CHAR_SETS</span></p>
-   </td>
-   <td width=104 valign=top style='width:77.95pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-   font-family:"Arial","sans-serif"'>RFC 2279 string</span></p>
-   </td>
-   <td width=261 valign=top style='width:195.5pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-   font-family:"Arial","sans-serif"'>String indicating supported character
-   sets, as defined by IANA MIBenum sets (</span><a href="http://www.iana.org/"><span
-   style='font-size:10.0pt;font-family:"Arial","sans-serif"'>www.iana.org</span></a><span
-   style='font-size:10.0pt;font-family:"Arial","sans-serif"'>). Supported
-   character sets are separated with “;”. E.g. a token supporting iso-8859-1
-   and US-ASCII would set the attribute value to “4;3”.</span></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=217 valign=top style='width:163.05pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif";layout-grid-mode:line'>CKA_ENCODING_METHODS</span></p>
-  </td>
-  <td width=104 valign=top style='width:77.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>RFC 2279 string</span></p>
-  </td>
-  <td width=261 valign=top style='width:195.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>String indicating supported content
-  transfer encoding methods, as defined by IANA (</span><a
-  href="http://www.iana.org/"><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>www.iana.org</span></a><span
-  style='font-size:10.0pt;font-family:"Arial","sans-serif"'>). Supported
-  methods are separated with “;”. E.g. a token supporting 7bit, 8bit and base64
-  could set the attribute value to “7bit;8bit;base64”.</span></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=217 valign=top style='width:163.05pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif";layout-grid-mode:line'>CKA_MIME_TYPES</span></p>
-  </td>
-  <td width=104 valign=top style='width:77.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>RFC 2279 string</span></p>
-  </td>
-  <td width=261 valign=top style='width:195.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>String indicating supported (presentable)
-  MIME-types, as defined by IANA (</span><a href="http://www.iana.org/"><span
-  style='font-size:10.0pt;font-family:"Arial","sans-serif"'>www.iana.org</span></a><span
-  style='font-size:10.0pt;font-family:"Arial","sans-serif"'>). Supported types
-  are separated with “;”. E.g. a token supporting MIME types &quot;a/b&quot;,
-  &quot;a/c&quot; and &quot;a/d&quot; would set the attribute value to
-  “a/b;a/c;a/d”.</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>The selection of attributes, and associated data types, has
-been done in an attempt to stay as aligned with RFC 2534 and CC/PP Struct as
-possible. The special value CK_UNAVAILABLE_INFORMATION may be used for
-CK_ULONG-based attributes when information is not available or applicable.</p>
-
-<p class=MsoNormal>None of the attribute values may be set by an application.</p>
-
-<p class=MsoNormal>The value of the <b>CKA_ENCODING_METHODS</b> attribute may
-be used when the application needs to send MIME objects with encoded content to
-the token.</p>
-
-<h2><a name="_Toc416959705"></a><a name="_Toc395183778"></a><a
-name="_Toc391468782"></a><a name="_Toc370633991"></a><a name="_Toc235002287"></a><a
-name="_Toc72656069">4.4 Storage Objects</a></h2>
-
-<p class=MsoNormal>This is not an object class; hence no CKO_ definition is
-required. It is a category of object classes with common attributes for the
-object classes that follow.</p>
-
-<p class=MsoCaption><a name="_Toc225305953"></a><a name="_Toc405794976"></a><a
-name="_Ref384017029"></a><a name="_Toc383864513"></a><a name="_Ref323704643"></a><a
-name="_Toc323204879"></a><a name="_Toc319315838"></a><a name="_Toc319314966"></a><a
-name="_Toc319314551"></a><a name="_Toc319314009"></a><a name="_Ref383948268">Table
-</a>16, Common Storage Object Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=156 valign=top style='width:117.0pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Attribute</span></b></p>
-   </td>
-   <td width=162 valign=top style='width:121.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Data Type</span></b></p>
-   </td>
-   <td width=265 valign=top style='width:198.9pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=156 valign=top style='width:117.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_TOKEN</span></p>
-  </td>
-  <td width=162 valign=top style='width:121.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-  </td>
-  <td width=265 valign=top style='width:198.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_TRUE if object is a token object; CK_FALSE
-  if object is a session object. Default is CK_FALSE.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=156 valign=top style='width:117.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_PRIVATE</span></p>
-  </td>
-  <td width=162 valign=top style='width:121.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-  </td>
-  <td width=265 valign=top style='width:198.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_TRUE if object is a private object;
-  CK_FALSE if object is a public object.  Default value is token-specific, and
-  may depend on the values of other attributes of the object.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=156 valign=top style='width:117.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_MODIFIABLE</span></p>
-  </td>
-  <td width=162 valign=top style='width:121.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-  </td>
-  <td width=265 valign=top style='width:198.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_TRUE if object can be modified Default
-  is CK_TRUE.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=156 valign=top style='width:117.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial","sans-serif"'>CKA_LABEL</span></p>
-  </td>
-  <td width=162 valign=top style='width:121.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial","sans-serif"'>RFC2279 string</span></p>
-  </td>
-  <td width=265 valign=top style='width:198.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Description of the object (default empty).</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=156 valign=top style='width:117.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial","sans-serif"'>CKA_COPYABLE</span></p>
-  </td>
-  <td width=162 valign=top style='width:121.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-  </td>
-  <td width=265 valign=top style='width:198.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif";color:black'>CK_TRUE if object can be copied
-  using C_CopyObject. Defaults to CK_TRUE.</span><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'> Can’t be set to TRUE once it is set to
-  FALSE.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=156 valign=top style='width:117.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial","sans-serif"'>CKA_DESTROYABLE</span></p>
-  </td>
-  <td width=162 valign=top style='width:121.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-  </td>
-  <td width=265 valign=top style='width:198.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif";color:black'>CK_TRUE if the object can be
-  destroyed using C_DestroyObject.  Default is CK_TRUE.</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>Only the <b>CKA_LABEL</b> attribute can be modified after
-the object is created. (The <b>CKA_TOKEN</b>, <b>CKA_PRIVATE</b>, and <b>CKA_MODIFIABLE</b>
-attributes can be changed in the process of copying an object, however.)</p>
-
-<p class=MsoNormal>The <b>CKA_TOKEN</b> attribute identifies whether the object
-is a token object or a session object.</p>
-
-<p class=MsoNormal>When the <b>CKA_PRIVATE</b> attribute is CK_TRUE, a user may
-not access the object until the user has been authenticated to the token.</p>
-
-<p class=MsoNormal>The value of the <b>CKA_MODIFIABLE</b> attribute determines
-whether or not an object is read-only.  </p>
-
-<p class=MsoNormal>The <b>CKA_LABEL</b> attribute is intended to assist users
-in browsing.</p>
-
-<p class=MsoNormal><span style='color:black'>The value of the CKA_COPYABLE
-attribute determines whether or not an object can be copied.  This attribute
-can be used in conjunction with CKA_MODIFIABLE to prevent changes to the
-permitted usages of keys and other objects.</span></p>
-
-<p class=MsoNormal><span style='color:black'>The value of the CKA_DESTROYABLE
-attribute determines whether the object can be destroyed using C_DestroyObject.</span></p>
-
-<h2><a name="_Ref317568626"></a><a name="_Toc416959706"></a><a
-name="_Toc395183779"></a><a name="_Toc391468783"></a><a name="_Toc370633992"></a><a
-name="_Toc235002288"></a><a name="_Toc72656070"></a><a name="_Toc405794670"></a><a
-name="_Toc385057851"></a><a name="_Toc383864850"></a><a name="_Toc323610844"></a><a
-name="_Toc323205414"></a><a name="_Toc323024083"></a><a name="_Toc323000689"></a><a
-name="_Toc322945122"></a><a name="_Toc322855280"></a><a name="_Toc319315683"></a><a
-name="_Toc319313690"></a><a name="_Toc319313497"></a><a name="_Toc319287656">4.5
-Data object</a>s</h2>
-
-<h3><a name="_Toc416959707"></a><a name="_Toc395183780"></a><a
-name="_Toc391468784"></a><a name="_Toc370633993"></a><a name="_Toc235002289"></a><a
-name="_Toc72656071">4.5.1 Definitions</a></h3>
-
-<p class=MsoNormal>This section defines the object class CKO_DATA for type
-CK_OBJECT_CLASS as used in the CKA_CLASS attribute of objects.</p>
-
-<h3><a name="_Toc416959708"></a><a name="_Toc395183781"></a><a
-name="_Toc391468785"></a><a name="_Toc370633994"></a><a name="_Toc235002290"></a><a
-name="_Toc72656072">4.5.2 Overview</a></h3>
-
-<p class=MsoNormal>Data objects (object class <b>CKO_DATA</b>) hold information
-defined by an application. Other than providing access to it, Cryptoki does not
-attach any special meaning to a data object. The following table lists the
-attributes supported by data objects, in addition to the common attributes
-defined for this object class:</p>
-
-<p class=MsoCaption><a name="_Toc225305954"></a><a name="_Toc405794977"></a><a
-name="_Toc383864514"></a><a name="_Toc323204880"></a><a name="_Toc319315839"></a><a
-name="_Toc319314967"></a><a name="_Toc319314552"></a><a name="_Toc319314010">Table
-</a>17, Data Object Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=162 valign=top style='width:121.5pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Attribute</span></b></p>
-   </td>
-   <td width=90 valign=top style='width:67.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Data type</span></b></p>
-   </td>
-   <td width=331 valign=top style='width:3.45in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=162 valign=top style='width:121.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_APPLICATION</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>RFC2279 string</span></p>
-  </td>
-  <td width=331 valign=top style='width:3.45in;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Description of the application that manages
-  the object (default empty)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=162 valign=top style='width:121.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_OBJECT_ID</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Byte Array</span></p>
-  </td>
-  <td width=331 valign=top style='width:3.45in;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>DER-encoding of the object identifier
-  indicating the data object type (default empty)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=162 valign=top style='width:121.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_VALUE</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Byte array</span></p>
-  </td>
-  <td width=331 valign=top style='width:3.45in;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Value of the object (default empty)</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>The <b>CKA_APPLICATION</b> attribute provides a means for
-applications to indicate ownership of the data objects they manage. Cryptoki
-does not provide a means of ensuring that only a particular application has
-access to a data object, however.</p>
-
-<p class=MsoNormal>The <b>CKA_OBJECT_ID</b> attribute provides an application
-independent and expandable way to indicate the type of the data object value.
-Cryptoki does not provide a means of insuring that the data object identifier
-matches the data value.</p>
-
-<p class=MsoNormal>The following is a sample template containing attributes for
-creating a data object:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_OBJECT_CLASS
-class = CKO_DATA;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_UTF8CHAR
-label[] = “A data object”;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_UTF8CHAR
-application[] = “An application”;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_BYTE
-data[] = “Sample data”;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_BBOOL
-true = CK_TRUE;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_ATTRIBUTE
-template[] = {</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-{CKA_CLASS, &amp;class, sizeof(class)},</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-{CKA_TOKEN, &amp;true, sizeof(true)},</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-{CKA_LABEL, label, sizeof(label)-1},</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-{CKA_APPLICATION, application, sizeof(application)-1},</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>  {CKA_VALUE,
-data, sizeof(data)}</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>};</p>
-
-</div>
-
-<h2><a name="_Toc416959709"></a><a name="_Toc395183782"></a><a
-name="_Toc391468786"></a><a name="_Toc370633995"></a><a name="_Toc235002291"></a><a
-name="_Toc72656073"></a><a name="_Toc405794671"></a><a name="_Ref388965223"></a><a
-name="_Toc385057852"></a><a name="_Toc383864851"></a><a name="_Ref383856511"></a><a
-name="_Toc323610845"></a><a name="_Toc323205415"></a><a name="_Toc323024084"></a><a
-name="_Toc323000690"></a><a name="_Toc322945123"></a><a name="_Toc322855281"></a><a
-name="_Toc319315684"></a><a name="_Toc319313691"></a><a name="_Toc319313498"></a><a
-name="_Toc319287657">4.6 Certificate objects</a></h2>
-
-<h3><a name="_Toc416959710"></a><a name="_Toc395183783"></a><a
-name="_Toc391468787"></a><a name="_Toc370633996"></a><a name="_Toc235002292"></a><a
-name="_Toc72656074">4.6.1 Definitions</a></h3>
-
-<p class=MsoNormal>This section defines the object class CKO_CERTIFICATE for
-type CK_OBJECT_CLASS as used in the CKA_CLASS attribute of objects.</p>
-
-<h3><a name="_Toc416959711"></a><a name="_Toc395183784"></a><a
-name="_Toc391468788"></a><a name="_Toc370633997"></a><a name="_Toc235002293"></a><a
-name="_Toc72656075">4.6.2 Overview</a></h3>
-
-<p class=MsoNormal>Certificate objects (object class <b>CKO_CERTIFICATE</b>)
-hold public-key or attribute certificates. Other than providing access to
-certificate objects, Cryptoki does not attach any special meaning to
-certificates. The following table defines the common certificate object
-attributes, in addition to the common attributes defined for this object class:</p>
-
-<p class=MsoCaption><a name="_Toc225305955"></a><a name="_Toc405794978"></a><a
-name="_Toc383864515"></a><a name="_Ref383948332">Table </a>18, Common Certificate Object Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=222 valign=top style='width:166.5pt;border:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-family:
-   "Arial","sans-serif"'>Attribute</span></b></p>
-   </td>
-   <td width=222 valign=top style='width:166.5pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-family:
-   "Arial","sans-serif"'>Data type</span></b></p>
-   </td>
-   <td width=138 valign=top style='width:103.5pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-family:
-   "Arial","sans-serif"'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=222 valign=top style='width:166.5pt;border:solid black 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKA_CERTIFICATE_TYPE<sup>1</sup></span></p>
-  </td>
-  <td width=222 valign=top style='width:166.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_CERTIFICATE_TYPE</span></p>
-  </td>
-  <td width=138 valign=top style='width:103.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Type
-  of certificate</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=222 valign=top style='width:166.5pt;border:solid black 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKA_TRUSTED<sup>10</sup></span></p>
-  </td>
-  <td width=222 valign=top style='width:166.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-  </td>
-  <td width=138 valign=top style='width:103.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>The
-  certificate can be trusted for the application that it was created.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=222 valign=top style='width:166.5pt;border:solid black 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKA_CERTIFICATE_CATEGORY</span></p>
-  </td>
-  <td width=222 valign=top style='width:166.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=center style='text-align:center'>CKA_CERTIFICATE_CATEGORY
-  </p>
-  </td>
-  <td width=138 valign=top style='width:103.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>(default
-  CK_CERTIFICATE_CATEGORY_UNSPECIFIED)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=222 valign=top style='width:166.5pt;border:solid black 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKA_CHECK_VALUE</span></p>
-  </td>
-  <td width=222 valign=top style='width:166.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Byte
-  array</span></p>
-  </td>
-  <td width=138 valign=top style='width:103.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Checksum</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=222 valign=top style='width:166.5pt;border:solid black 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKA_START_DATE</span></p>
-  </td>
-  <td width=222 valign=top style='width:166.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_DATE</span></p>
-  </td>
-  <td width=138 valign=top style='width:103.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Start
-  date for the certificate (default empty)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=222 valign=top style='width:166.5pt;border:solid black 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_END_DATE </span></p>
-  </td>
-  <td width=222 valign=top style='width:166.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_DATE
-  </span></p>
-  </td>
-  <td width=138 valign=top style='width:103.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>End
-  date for the certificate (default empty)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=222 valign=top style='width:166.5pt;border:solid black 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_PUBLIC_KEY_INFO</span></p>
-  </td>
-  <td width=222 valign=top style='width:166.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Byte
-  Array</span></p>
-  </td>
-  <td width=138 valign=top style='width:103.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>DER-encoding
-  of the SubjectPublicKeyInfo for the public key contained in this certificate
-  (default empty)</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>- </sup>Refer to Table 10 for footnotes</p>
-
-<p class=MsoNormal>Cryptoki does not enforce the relationship of the
-CKA_PUBLIC_KEY_INFO to the public key in the certificate, but does recommend
-that the key be extracted from the certificate to create this value.</p>
-
-<p class=MsoNormal>The <b>CKA_CERTIFICATE_TYPE</b> attribute may not be modified
-after an object is created. This version of Cryptoki supports the following
-certificate types:</p>
-
-<p class=MsoList2 style='margin-bottom:0in;margin-bottom:.0001pt'><span
-style='font-size:10.0pt;font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>X.509
-public key certificate</span></p>
-
-<ul style='margin-top:0in' type=disc>
- <li class=MsoNormal style='margin-top:0in;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>WTLS public key certificate</li>
-</ul>
-
-<p class=MsoList2><span style='font-size:10.0pt;font-family:Symbol'>·<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>X.509
-attribute certificate</span></p>
-
-<p class=MsoNormal>The <b>CKA_TRUSTED</b> attribute cannot be set to CK_TRUE by
-an application. It MUST be set by a token initialization application or by the
-token’s SO. Trusted certificates cannot be modified.</p>
-
-<p class=MsoNormal><a name="_Toc319315685"></a><a name="_Toc319313692"></a><a
-name="_Toc319313499"></a><a name="_Toc319287658"></a><a name="_Toc323024085"></a><a
-name="_Toc323000691"></a><a name="_Toc322945124"></a><a name="_Toc322855282"></a><a
-name="_Toc405794673"></a><a name="_Toc385057854"></a><a name="_Toc383864853"></a><a
-name="_Toc323610846"></a><a name="_Toc323205416">The <b>CKA_CERTIFICATE_CATEGORY</b>
-attribute is used to indicate if a stored certificate is a user certificate for
-which the corresponding private key is available on the token (“token user”), a
-CA certificate (“authority”), or another end-entity certificate (“other
-entity”). This attribute may not be modified after an object is created. </a></p>
-
-<p class=MsoNormal>The <b>CKA_CERTIFICATE_CATEGORY</b> and <b>CKA_TRUSTED</b>
-attributes will together be used to map to the categorization of the
-certificates. </p>
-
-<p class=MsoNormal><b>CKA_CHECK_VALUE</b>: The value of this attribute is
-derived from the certificate by taking the first three bytes of the SHA-1 hash
-of the certificate object’s CKA_VALUE attribute.</p>
-
-<p class=MsoNormal>The <b>CKA_START_DATE</b> and <b>CKA_END_DATE</b> attributes
-are for reference only; Cryptoki does not attach any special meaning to them.
-When present, the application is responsible to set them to values that match
-the certificate’s encoded “not before” and “not after” fields (if any).</p>
-
-<h3><a name="_Toc416959712"></a><a name="_Toc395183785"></a><a
-name="_Toc391468789"></a><a name="_Toc370633998"></a><a name="_Toc235002294"></a><a
-name="_Toc72656076">4.6.3 X.509 public key certificate objects</a></h3>
-
-<p class=MsoNormal>X.509 certificate objects (certificate type <b>CKC_X_509</b>)
-hold X.509 public key certificates.  The following table defines the X.509
-certificate object attributes, in addition to the common attributes defined for
-this object class:</p>
-
-<p class=MsoCaption><a name="_Toc225305956">Table </a>19, X.509 Certificate
-Object Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=216 valign=top style='width:2.25in;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Attribute</span></b></p>
-   </td>
-   <td width=84 valign=top style='width:63.0pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Data type</span></b></p>
-   </td>
-   <td width=242 valign=top style='width:181.65pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_SUBJECT<sup>1</sup></span></p>
-  </td>
-  <td width=84 valign=top style='width:63.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Byte array</span></p>
-  </td>
-  <td width=242 valign=top style='width:181.65pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>DER-encoding of the certificate subject
-  name</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial","sans-serif"'>CKA_ID</span></p>
-  </td>
-  <td width=84 valign=top style='width:63.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial","sans-serif"'>Byte array</span></p>
-  </td>
-  <td width=242 valign=top style='width:181.65pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Key identifier for public/private key pair
-  (default empty)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_ISSUER</span></p>
-  </td>
-  <td width=84 valign=top style='width:63.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Byte array</span></p>
-  </td>
-  <td width=242 valign=top style='width:181.65pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>DER-encoding of the certificate issuer name
-  (default empty)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_SERIAL_NUMBER</span></p>
-  </td>
-  <td width=84 valign=top style='width:63.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Byte array</span></p>
-  </td>
-  <td width=242 valign=top style='width:181.65pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>DER-encoding of the certificate serial
-  number (default empty)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_VALUE<sup>2</sup></span></p>
-  </td>
-  <td width=84 valign=top style='width:63.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Byte array</span></p>
-  </td>
-  <td width=242 valign=top style='width:181.65pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>BER-encoding of the certificate</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoFootnoteText style='page-break-after:avoid'>CKA_URL<sup>3</sup></p>
-  </td>
-  <td width=84 valign=top style='width:63.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoFootnoteText style='page-break-after:avoid'>RFC2279 string</p>
-  </td>
-  <td width=242 valign=top style='width:181.65pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoFootnoteText style='page-break-after:avoid'>If not empty this
-  attribute gives the URL where the complete certificate can be obtained 
-  (default empty)</p>
-  </td>
- </tr>
- <tr>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoFootnoteText style='page-break-after:avoid'>CKA_HASH_OF_SUBJECT_PUBLIC_KEY<sup>4</sup></p>
-  </td>
-  <td width=84 valign=top style='width:63.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoFootnoteText style='page-break-after:avoid'>Byte array</p>
-  </td>
-  <td width=242 valign=top style='width:181.65pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoFootnoteText style='page-break-after:avoid'>Hash of the subject
-  public key (default empty). Hash algorithm is defined by
-  CKA_NAME_HASH_ALGORITHM</p>
-  </td>
- </tr>
- <tr>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoFootnoteText style='page-break-after:avoid'>CKA_HASH_OF_ISSUER_PUBLIC_KEY<sup>4</sup></p>
-  </td>
-  <td width=84 valign=top style='width:63.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoFootnoteText style='page-break-after:avoid'>Byte array</p>
-  </td>
-  <td width=242 valign=top style='width:181.65pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoFootnoteText style='page-break-after:avoid'>Hash of the issuer
-  public key (default empty). Hash algorithm is defined by
-  CKA_NAME_HASH_ALGORITHM</p>
-  </td>
- </tr>
- <tr>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoFootnoteText style='page-break-after:avoid'>CKA_JAVA_MIDP_SECURITY_DOMAIN</p>
-  </td>
-  <td width=84 valign=top style='width:63.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoFootnoteText style='page-break-after:avoid'>CK_JAVA_MIDP_SECURITY_DOMAIN</p>
-  </td>
-  <td width=242 valign=top style='width:181.65pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoFootnoteText style='page-break-after:avoid'>Java MIDP security
-  domain.  (default CK_SECURITY_DOMAIN_UNSPECIFIED)</p>
-  </td>
- </tr>
- <tr>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoFootnoteText style='page-break-after:avoid'>CKA_NAME_HASH_ALGORITHM</p>
-  </td>
-  <td width=84 valign=top style='width:63.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoFootnoteText style='page-break-after:avoid'>CK_MECHANISM_TYPE</p>
-  </td>
-  <td width=242 valign=top style='width:181.65pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoFootnoteText style='page-break-after:avoid'>Defines the mechanism
-  used to calculate CKA_HASH_OF_SUBJECT_PUBLIC_KEY and
-  CKA_HASH_OF_ISSUER_PUBLIC_KEY. If the attribute is not present then the type
-  defaults to SHA-1.</p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>1</sup>MUST be specified when the object is created.<sup><br>
-2</sup>MUST be specified when the object is created.  MUST be non-empty if
-CKA_URL is empty.</p>
-
-<p class=MsoNormal><sup>3</sup>MUST be non-empty if CKA_VALUE is empty. </p>
-
-<p class=MsoNormal><sup>4</sup>Can only be empty if CKA_URL is empty.</p>
-
-<p class=MsoNormal>Only the <b>CKA_ID</b>, <b>CKA_ISSUER</b>, and <b>CKA_SERIAL_NUMBER</b>
-attributes may be modified after the object is created.</p>
-
-<p class=MsoNormal>The <b>CKA_ID</b> attribute is intended as a means of
-distinguishing multiple public-key/private-key pairs held by the same subject
-(whether stored in the same token or not). (Since the keys are distinguished by
-subject name as well as identifier, it is possible that keys for different
-subjects may have the same <b>CKA_ID</b> value without introducing any
-ambiguity.)</p>
-
-<p class=MsoNormal>It is intended in the interests of interoperability that the
-subject name and key identifier for a certificate will be the same as those for
-the corresponding public and private keys (though it is not required that all
-be stored in the same token). However, Cryptoki does not enforce this
-association, or even the uniqueness of the key identifier for a given subject;
-in particular, an application may leave the key identifier empty.</p>
-
-<p class=MsoNormal>The <b>CKA_ISSUER</b> and <b>CKA_SERIAL_NUMBER</b>
-attributes are for compatibility with PKCS #7 and Privacy Enhanced Mail
-(RFC1421). Note that with the version 3 extensions to X.509 certificates, the
-key identifier may be carried in the certificate. It is intended that the <b>CKA_ID</b>
-value be identical to the key identifier in such a certificate extension,
-although this will not be enforced by Cryptoki.</p>
-
-<p class=MsoNormal>The <b>CKA_URL</b> attribute enables the support for storage
-of the URL where the certificate can be found instead of the certificate
-itself. Storage of a URL instead of the complete certificate is often used in
-mobile environments. </p>
-
-<p class=MsoNormal>The <b>CKA_HASH_OF_SUBJECT_PUBLIC_KEY</b> and <b>CKA_HASH_OF_ISSUER_PUBLIC_KEY</b>
-attributes are used to store the hashes of the public keys of the subject and
-the issuer. They are particularly important when only the URL is available to
-be able to correlate a certificate with a private key and when searching for
-the certificate of the issuer. The hash algorithm is defined by
-CKA_NAME_HASH_ALGORITHM.</p>
-
-<p class=MsoNormal>The <b>CKA_JAVA_MIDP_SECURITY_DOMAIN</b> attribute
-associates a certificate with a Java MIDP security domain.</p>
-
-<p class=MsoNormal>The following is a sample template for creating an X.509
-certificate object:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_OBJECT_CLASS
-class = CKO_CERTIFICATE;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_CERTIFICATE_TYPE
-certType = CKC_X_509;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_UTF8CHAR
-label[] = “A certificate object”;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_BYTE
-subject[] = {...};</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_BYTE
-id[] = {123};</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_BYTE
-certificate[] = {...};</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_BBOOL
-true = CK_TRUE;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_ATTRIBUTE
-template[] = {</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-{CKA_CLASS, &amp;class, sizeof(class)},</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-{CKA_CERTIFICATE_TYPE, &amp;certType, sizeof(certType)};</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-{CKA_TOKEN, &amp;true, sizeof(true)},</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-{CKA_LABEL, label, sizeof(label)-1},</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-{CKA_SUBJECT, subject, sizeof(subject)},</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-{CKA_ID, id, sizeof(id)},</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-{CKA_VALUE, certificate, sizeof(certificate)}</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>};</p>
-
-</div>
-
-<h3><a name="_Toc416959713"></a><a name="_Toc395183786"></a><a
-name="_Toc391468790"></a><a name="_Toc370633999"></a><a name="_Toc235002295"></a><a
-name="_Toc72656077">4.6.4 WTLS public key certificate objects</a></h3>
-
-<p class=MsoNormal>WTLS certificate objects (certificate type <b>CKC_WTLS</b>)
-hold WTLS public key certificates. The following table defines the WTLS
-certificate object attributes, in addition to the common attributes defined for
-this object class.</p>
-
-<p class=MsoCaption><a name="_Toc225305957">Table </a>20: WTLS Certificate
-Object Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0 width=548
- style='width:411.1pt;margin-left:6.85pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=208 valign=top style='width:155.95pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Attribute</span></b></p>
-   </td>
-   <td width=104 valign=top style='width:77.95pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Data type</span></b></p>
-   </td>
-   <td width=236 valign=top style='width:177.2pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=208 valign=top style='width:155.95pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_SUBJECT<sup>1</sup></span></p>
-  </td>
-  <td width=104 valign=top style='width:77.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Byte array</span></p>
-  </td>
-  <td width=236 valign=top style='width:177.2pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>WTLS-encoding (Identifier type) of the
-  certificate subject </span></p>
-  </td>
- </tr>
- <tr>
-  <td width=208 valign=top style='width:155.95pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_ISSUER</span></p>
-  </td>
-  <td width=104 valign=top style='width:77.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Byte array</span></p>
-  </td>
-  <td width=236 valign=top style='width:177.2pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>WTLS-encoding (Identifier type) of the
-  certificate issuer (default empty)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=208 valign=top style='width:155.95pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_VALUE<sup>2</sup></span></p>
-  </td>
-  <td width=104 valign=top style='width:77.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Byte array</span></p>
-  </td>
-  <td width=236 valign=top style='width:177.2pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>WTLS-encoding of the certificate</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=208 valign=top style='width:155.95pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_URL<sup>3</sup></span></p>
-  </td>
-  <td width=104 valign=top style='width:77.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>RFC2279 string</span></p>
-  </td>
-  <td width=236 valign=top style='width:177.2pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>If not empty this attribute gives the URL
-  where the complete certificate can be obtained</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=208 valign=top style='width:155.95pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_HASH_OF_SUBJECT_PUBLIC_KEY<sup>4</sup></span></p>
-  </td>
-  <td width=104 valign=top style='width:77.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Byte array</span></p>
-  </td>
-  <td width=236 valign=top style='width:177.2pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>SHA-1 hash of the subject public key
-  (default empty). Hash algorithm is defined by CKA_NAME_HASH_ALGORITHM</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=208 valign=top style='width:155.95pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_HASH_OF_ISSUER_PUBLIC_KEY<sup>4</sup></span></p>
-  </td>
-  <td width=104 valign=top style='width:77.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Byte array</span></p>
-  </td>
-  <td width=236 valign=top style='width:177.2pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>SHA-1 hash of the issuer public key
-  (default empty). Hash algorithm is defined by CKA_NAME_HASH_ALGORITHM</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=208 valign=top style='width:155.95pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_NAME_HASH_ALGORITHM</span></p>
-  </td>
-  <td width=104 valign=top style='width:77.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_MECHANISM_TYPE</span></p>
-  </td>
-  <td width=236 valign=top style='width:177.2pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Defines the mechanism used to calculate
-  CKA_HASH_OF_SUBJECT_PUBLIC_KEY and CKA_HASH_OF_ISSUER_PUBLIC_KEY. If the
-  attribute is not present then the type defaults to SHA-1.</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>1</sup>MUST be specified when the object is created.
-Can only be empty if CKA_VALUE is empty.</p>
-
-<p class=MsoNormal><sup>2</sup>MUST be specified when the object is created. MUST
-be non-empty if CKA_URL is empty.</p>
-
-<p class=MsoNormal><sup>3</sup>MUST be non-empty if CKA_VALUE is empty. </p>
-
-<p class=MsoNormal><sup>4</sup>Can only be empty if CKA_URL is empty. </p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<p class=MsoNormal>Only the <b>CKA_ISSUER</b> attribute may be modified after
-the object has been created.</p>
-
-<p class=MsoNormal>The encoding for the <b>CKA_SUBJECT</b>, <b>CKA_ISSUER</b>,
-and <b>CKA_VALUE</b> attributes can be found in [WTLS] (see <a
-href="#_References">References</a>).</p>
-
-<p class=MsoNormal>The <b>CKA_URL</b> attribute enables the support for storage
-of the URL where the certificate can be found instead of the certificate
-itself. Storage of a URL instead of the complete certificate is often used in
-mobile environments.</p>
-
-<p class=MsoNormal>The <b>CKA_HASH_OF_SUBJECT_PUBLIC_KEY</b> and <b>CKA_HASH_OF_ISSUER_PUBLIC_KEY</b>
-attributes are used to store the hashes of the public keys of the subject and
-the issuer. They are particularly important when only the URL is available to
-be able to correlate a certificate with a private key and when searching for
-the certificate of the issuer. The hash algorithm is defined by
-CKA_NAME_HASH_ALGORITHM.</p>
-
-<p class=MsoNormal>The following is a sample template for creating a WTLS
-certificate object:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_OBJECT_CLASS
-class = CKO_CERTIFICATE;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_CERTIFICATE_TYPE
-certType = CKC_WTLS;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_UTF8CHAR
-label[] = “A certificate object”;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_BYTE
-subject[] = {...};</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_BYTE
-certificate[] = {...};</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_BBOOL
-true = CK_TRUE;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_ATTRIBUTE
-template[] =</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>{</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-{CKA_CLASS, &amp;class, sizeof(class)},</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-{CKA_CERTIFICATE_TYPE, &amp;certType, sizeof(certType)};</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-{CKA_TOKEN, &amp;true, sizeof(true)},</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-{CKA_LABEL, label, sizeof(label)-1},</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-{CKA_SUBJECT, subject, sizeof(subject)},</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-{CKA_VALUE, certificate, sizeof(certificate)}</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>};</p>
-
-</div>
-
-<h3><a name="_Toc416959714"></a><a name="_Toc395183787"></a><a
-name="_Toc391468791"></a><a name="_Toc370634000"></a><a name="_Toc235002296"></a><a
-name="_Toc72656078">4.6.5 X.509 attribute certificate objects</a></h3>
-
-<p class=MsoNormal>X.509 attribute certificate objects (certificate type <b>CKC_X_509_ATTR_CERT</b>)
-hold X.509 attribute certificates. The following table defines the X.509
-attribute certificate object attributes, in addition to the common attributes
-defined for this object class: </p>
-
-<p class=MsoCaption><a name="_Toc225305958">Table </a>21, X.509 Attribute
-Certificate Object Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:.75pt;border-collapse:collapse;border:none'>
- <tr>
-  <td width=180 valign=top style='width:135.0pt;border-top:1.5pt;border-left:
-  1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:windowtext;
-  border-style:solid;padding:0in 0in 0in 0in'>
-  <p class=Table style='page-break-after:avoid'><b><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Attribute</span></b></p>
-  </td>
-  <td width=84 valign=top style='width:63.0pt;border-top:solid windowtext 1.5pt;
-  border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-  style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Data Type</span></b></p>
-  </td>
-  <td width=312 valign=top style='width:3.25in;border-top:solid windowtext 1.5pt;
-  border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 0in 0in 0in'>
-  <p class=Table style='margin-left:4.5pt;page-break-after:avoid'><b><span
-  style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Meaning</span></b></p>
-  </td>
- </tr>
- <tr>
-  <td width=180 valign=top style='width:135.0pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.0pt;border-right:
-  solid windowtext 1.0pt;padding:0in 0in 0in 0in'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_OWNER<sup>1</sup></span></p>
-  </td>
-  <td width=84 valign=top style='width:63.0pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Byte Array</span></p>
-  </td>
-  <td width=312 valign=top style='width:3.25in;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 0in 0in 0in'>
-  <p class=Table style='margin-left:4.5pt;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial","sans-serif"'>DER-encoding of the
-  attribute certificate's subject field. This is distinct from the CKA_SUBJECT
-  attribute contained in CKC_X_509 certificates because the ASN.1 syntax and
-  encoding are different.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=180 valign=top style='width:135.0pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.0pt;border-right:
-  solid windowtext 1.0pt;padding:0in 0in 0in 0in'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_AC_ISSUER</span></p>
-  </td>
-  <td width=84 valign=top style='width:63.0pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Byte Array</span></p>
-  </td>
-  <td width=312 valign=top style='width:3.25in;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 0in 0in 0in'>
-  <p class=Table style='margin-left:4.5pt;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial","sans-serif"'>DER-encoding of the
-  attribute certificate's issuer field. This is distinct from the CKA_ISSUER
-  attribute contained in CKC_X_509 certificates because the ASN.1 syntax and
-  encoding are different. (default empty)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=180 valign=top style='width:135.0pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.0pt;border-right:
-  solid windowtext 1.0pt;padding:0in 0in 0in 0in'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_SERIAL_NUMBER</span></p>
-  </td>
-  <td width=84 valign=top style='width:63.0pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Byte Array</span></p>
-  </td>
-  <td width=312 valign=top style='width:3.25in;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 0in 0in 0in'>
-  <p class=Table style='margin-left:4.5pt;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial","sans-serif"'>DER-encoding of the
-  certificate serial number. (default empty)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=180 valign=top style='width:135.0pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.0pt;border-right:
-  solid windowtext 1.0pt;padding:0in 0in 0in 0in'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_ATTR_TYPES</span></p>
-  </td>
-  <td width=84 valign=top style='width:63.0pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Byte Array</span></p>
-  </td>
-  <td width=312 valign=top style='width:3.25in;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 0in 0in 0in'>
-  <p class=Table style='margin-left:4.5pt;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial","sans-serif"'>BER-encoding of a
-  sequence of object identifier values corresponding to the attribute types
-  contained in the certificate. <span style='layout-grid-mode:line'>When
-  present, this field offers an opportunity for applications to search for a particular
-  attribute certificate without fetching and parsing the certificate itself.</span>
-  (default empty)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=180 valign=top style='width:135.0pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.5pt;border-right:
-  solid windowtext 1.0pt;padding:0in 0in 0in 0in'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_VALUE<sup>1</sup></span></p>
-  </td>
-  <td width=84 valign=top style='width:63.0pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.5pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Byte Array</span></p>
-  </td>
-  <td width=312 valign=top style='width:3.25in;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.5pt;border-right:solid windowtext 1.5pt;
-  padding:0in 0in 0in 0in'>
-  <p class=Table style='margin-left:4.5pt;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial","sans-serif"'>BER-encoding of the
-  certificate.</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>1</sup>MUST be specified when the object is created </p>
-
-<p class=MsoNormal>Only the <b>CKA_AC_ISSUER</b>, <b>CKA_SERIAL_NUMBER</b> and <b>CKA_ATTR_TYPES
-</b>attributes may be modified after the object is created. </p>
-
-<p class=MsoNormal>The following is a sample template for creating an X.509
-attribute certificate object: </p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_OBJECT_CLASS
-class = CKO_CERTIFICATE;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_CERTIFICATE_TYPE
-certType = CKC_X_509_ATTR_CERT;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_UTF8CHAR
-label[] = &quot;An attribute certificate object&quot;;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_BYTE
-owner[] = {...};</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_BYTE
-certificate[] = {...};</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_BBOOL
-true = CK_TRUE;</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_ATTRIBUTE
-template[] = {</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-{CKA_CLASS, &amp;class, sizeof(class)},</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-{CKA_CERTIFICATE_TYPE, &amp;certType, sizeof(certType)};</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>  {CKA_TOKEN,
-&amp;true, sizeof(true)},</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-{CKA_LABEL, label, sizeof(label)-1},</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-{CKA_OWNER, owner, sizeof(owner)},</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'> 
-{CKA_VALUE, certificate, sizeof(certificate)}</p>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>};</p>
-
-</div>
-
-<h2><a name="_Toc416959715"></a><a name="_Toc395183788"></a><a
-name="_Toc391468792"></a><a name="_Toc370634001"></a><a name="_Toc235002297"></a><a
-name="_Toc72656079">4.7 Key </a>objects</h2>
-
-<h3><a name="_Toc416959716"></a><a name="_Toc395183789"></a><a
-name="_Toc391468793"></a><a name="_Toc370634002"></a><a name="_Toc235002298"></a><a
-name="_Toc72656080">4.7.1 Definitions</a></h3>
-
-<p class=MsoNormal>There is no CKO_ definition for the base key object class,
-only for the key types derived from it.</p>
-
-<p class=MsoNormal>This section defines the object class CKO_PUBLIC_KEY,
-CKO_PRIVATE_KEY and  CKO_SECRET_KEY for type CK_OBJECT_CLASS as used in the
-CKA_CLASS attribute of  objects.</p>
-
-<h3><a name="_Toc416959717"></a><a name="_Toc395183790"></a><a
-name="_Toc391468794"></a><a name="_Toc370634003"></a><a name="_Toc235002299"></a><a
-name="_Toc72656081">4.7.2 Overview</a></h3>
-
-<p class=MsoNormal>Key objects hold encryption or authentication keys, which can
-be public keys, private keys, or secret keys.  The following common footnotes
-apply to all the tables describing attributes of keys:</p>
-
-<p class=MsoNormal>The following table defines the attributes common to public
-key, private key and secret key classes, in addition to the common attributes
-defined for this object class:</p>
-
-<p class=MsoCaption><a name="_Toc225305959"></a><a name="_Toc405794981"></a><a
-name="_Toc383864517"></a><a name="_Toc323204882"></a><a name="_Ref323111513"></a><a
-name="_Ref384003113">Table </a>22, <a name="_Ref323111519">Common Key
-Attributes</a></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=192 valign=top style='width:2.0in;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Attribute</span></b></p>
-   </td>
-   <td width=126 valign=top style='width:94.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Data Type</span></b></p>
-   </td>
-   <td width=258 valign=top style='width:193.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=192 valign=top style='width:2.0in;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKA_KEY_TYPE<sup>1,5</sup></span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_KEY_TYPE</span></p>
-  </td>
-  <td width=258 valign=top style='width:193.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Type
-  of key</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=192 valign=top style='width:2.0in;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span lang=SV style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKA_ID<sup>8</sup></span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span lang=SV style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Byte
-  array</span></p>
-  </td>
-  <td width=258 valign=top style='width:193.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Key
-  identifier for key (default empty)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=192 valign=top style='width:2.0in;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKA_START_DATE<sup>8</sup></span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_DATE</span></p>
-  </td>
-  <td width=258 valign=top style='width:193.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Start
-  date for the key (default empty)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=192 valign=top style='width:2.0in;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKA_END_DATE<sup>8</sup></span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_DATE</span></p>
-  </td>
-  <td width=258 valign=top style='width:193.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>End
-  date for the key (default empty)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=192 valign=top style='width:2.0in;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKA_DERIVE<sup>8</sup></span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-  </td>
-  <td width=258 valign=top style='width:193.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_TRUE
-  if key supports key derivation (<i>i.e.</i>, if other keys can be derived
-  from this one (default CK_FALSE)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=192 valign=top style='width:2.0in;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKA_LOCAL<sup>2,4,6</sup></span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-  </td>
-  <td width=258 valign=top style='width:193.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_TRUE
-  only if key was either</span></p>
-  <p class=Table style='margin-left:.25in;text-indent:-.25in'><span
-  style='font-size:10.0pt;font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-  </span></span><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>generated
-  locally (<i>i.e.</i>, on the token) with a <b>C_GenerateKey</b> or <b>C_GenerateKeyPair</b>
-  call</span></p>
-  <p class=Table style='margin-left:.25in;text-indent:-.25in'><span
-  style='font-size:10.0pt;font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-  </span></span><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>created
-  with a <b>C_CopyObject</b> call as a copy of a key which had its <b>CKA_LOCAL</b>
-  attribute set to CK_TRUE</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=192 valign=top style='width:2.0in;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKA_KEY_GEN_<br>
-  MECHANISM<sup>2,4,6</sup></span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_MECHANISM_TYPE</span></p>
-  </td>
-  <td width=258 valign=top style='width:193.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Identifier
-  of the mechanism used to generate the key material.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=192 valign=top style='width:2.0in;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif";color:black'>CKA_ALLOWED_MECHANISMS</span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=EN-GB
-  style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_MECHANISM_TYPE
-  _PTR, pointer to a CK_MECHANISM_TYPE array</span></p>
-  </td>
-  <td width=258 valign=top style='width:193.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>A list of mechanisms allowed to be used
-  with this key. The number of mechanisms in the array is the <i>ulValueLen</i>
-  component of the attribute divided by the size</span></p>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>of CK_MECHANISM_TYPE.</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>- </sup>Refer to Table 10 for footnotes</p>
-
-<p class=MsoNormal>The <b>CKA_ID</b> field is intended to distinguish among
-multiple keys. In the case of public and private keys, this field assists in
-handling multiple keys held by the same subject; the key identifier for a
-public key and its corresponding private key should be the same. The key
-identifier should also be the same as for the corresponding certificate, if one
-exists. Cryptoki does not enforce these associations, however. (See Section 4.6 for further commentary.)</p>
-
-<p class=MsoNormal>In the case of secret keys, the meaning of the <b>CKA_ID</b>
-attribute is up to the application.</p>
-
-<p class=MsoNormal>Note that the <b>CKA_START_DATE</b> and <b>CKA_END_DATE</b>
-attributes are for reference only; Cryptoki does not attach any special meaning
-to them. In particular, it does not restrict usage of a key according to the
-dates; doing this is up to the application.</p>
-
-<p class=MsoNormal>The <b>CKA_DERIVE</b> attribute has the value CK_TRUE if and
-only if it is possible to derive other keys from the key.</p>
-
-<p class=MsoNormal>The <b>CKA_LOCAL</b> attribute has the value CK_TRUE if and
-only if the value of the key was originally generated on the token by a <b>C_GenerateKey</b>
-or <b>C_GenerateKeyPair</b> call.</p>
-
-<p class=MsoNormal>The <b>CKA_KEY_GEN_MECHANISM</b> attribute identifies the
-key generation mechanism used to generate the key material. It contains a valid
-value only if the <b>CKA_LOCAL</b> attribute has the value CK_TRUE. If <b>CKA_LOCAL</b>
-has the value CK_FALSE, the value of the attribute is CK_UNAVAILABLE_INFORMATION.</p>
-
-<h2><a name="_Toc416959718"></a><a name="_Toc395183791"></a><a
-name="_Toc391468795"></a><a name="_Toc370634004"></a><a name="_Toc235002300"></a><a
-name="_Toc72656082"></a><a name="_Toc405794674"></a><a name="_Ref399153796"></a><a
-name="_Toc385057855"></a><a name="_Toc383864854"></a><a name="_Toc323610847"></a><a
-name="_Toc323205417">4.8 Public key </a>objects</h2>
-
-<p class=MsoNormal>Public key objects (object class <b>CKO_PUBLIC_KEY</b>) hold
-public keys.   The following table defines the attributes common to all public
-keys, in addition to the common attributes defined for this object class:</p>
-
-<p class=MsoCaption><a name="_Toc225305960"></a><a name="_Toc405794982"></a><a
-name="_Toc383864518"></a><a name="_Toc323204883"></a><a name="_Ref384003159">Table
-</a>23, Common Public Key Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0 width=576
- style='width:6.0in;margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=204 valign=top style='width:153.0pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Attribute</span></b></p>
-   </td>
-   <td width=102 valign=top style='width:76.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Data type</span></b></p>
-   </td>
-   <td width=270 valign=top style='width:202.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=204 valign=top style='width:153.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKA_SUBJECT<sup>8</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Byte
-  array</span></p>
-  </td>
-  <td width=270 valign=top style='width:202.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>DER-encoding
-  of the key subject name (default empty)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=204 valign=top style='width:153.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKA_ENCRYPT<sup>8</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-  </td>
-  <td width=270 valign=top style='width:202.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_TRUE
-  if key supports encryption<sup>9</sup></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=204 valign=top style='width:153.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKA_VERIFY<sup>8</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-  </td>
-  <td width=270 valign=top style='width:202.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_TRUE
-  if key supports verification where the signature is an appendix to the data<sup>9</sup></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=204 valign=top style='width:153.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKA_VERIFY_RECOVER<sup>8</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-  </td>
-  <td width=270 valign=top style='width:202.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_TRUE
-  if key supports verification where the data is recovered from the signature<sup>9</sup></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=204 valign=top style='width:153.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKA_WRAP<sup>8</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-  </td>
-  <td width=270 valign=top style='width:202.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_TRUE
-  if key supports wrapping (<i>i.e.</i>, can be used to wrap other keys)<sup>9</sup></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=204 valign=top style='width:153.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><a name="_Toc323024086"></a><a name="_Toc323000692"></a><a
-  name="_Toc322945125"></a><a name="_Toc322855283"><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_TRUSTED<sup>10</sup></span></a></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-  </td>
-  <td width=270 valign=top style='width:202.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>The
-  key can be trusted for the application that it was created.</span></p>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>The
-  wrapping key can be used to wrap keys with  CKA_WRAP_WITH_TRUSTED set to
-  CK_TRUE.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=204 valign=top style='width:153.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_WRAP_TEMPLATE</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_ATTRIBUTE_PTR</span></p>
-  </td>
-  <td width=270 valign=top style='width:202.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>For wrapping keys. The attribute template
-  to match against any keys wrapped using this wrapping key. Keys that do not
-  match cannot be wrapped. The number of attributes in the array is the <i>ulValueLen</i>
-  component of the attribute divided by the size of CK_ATTRIBUTE.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=204 valign=top style='width:153.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_PUBLIC_KEY_INFO</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Byte array</span></p>
-  </td>
-  <td width=270 valign=top style='width:202.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>DER-encoding of the SubjectPublicKeyInfo
-  for this public key.  (MAY be empty, DEFAULT derived from the underlying
-  public key data)</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>- </sup>Refer to Table 10 for footnotes</p>
-
-<p class=MsoNormal>It is intended in the interests of interoperability that the
-subject name and key identifier for a public key will be the same as those for
-the corresponding certificate and private key.  However, Cryptoki does not
-enforce this, and it is not required that the certificate and private key also
-be stored on the token.</p>
-
-<p class=MsoNormal><span style='layout-grid-mode:line'>To </span>map<span
-style='layout-grid-mode:line'> between ISO/IEC 9594-8 (X.509) <b>keyUsage </b>flags
-for public keys and the PKCS #11 attributes for public keys, use the following
-table.</span></p>
-
-<p class=MsoCaption><a name="_Toc225305961">Table </a>24, Mapping of X.509 key
-usage flags to Cryptoki attributes for public keys</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0 align=left
- style='border-collapse:collapse;border:none;margin-left:6.75pt;margin-right:
- 6.75pt'>
- <tr>
-  <td width=288 valign=top style='width:3.0in;border-top:1.5pt;border-left:
-  1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:windowtext;
-  border-style:solid;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><b><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Key usage flags for public keys in X.509
-  public key certificates</span></b></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:solid windowtext 1.5pt;
-  border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><b><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Corresponding cryptoki attributes for
-  public keys.</span></b></p>
-  </td>
- </tr>
- <tr>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:solid windowtext 1.5pt;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>dataEncipherment</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_ENCRYPT</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:solid windowtext 1.5pt;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>digitalSignature, keyCertSign, cRLSign</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_VERIFY</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:solid windowtext 1.5pt;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>digitalSignature, keyCertSign, cRLSign</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_VERIFY_RECOVER</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:solid windowtext 1.5pt;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>keyAgreement</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_DERIVE</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:solid windowtext 1.5pt;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>keyEncipherment</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_WRAP</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:solid windowtext 1.5pt;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>nonRepudiation</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_VERIFY</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:solid windowtext 1.5pt;
-  border-bottom:solid windowtext 1.5pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>nonRepudiation</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.5pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_VERIFY_RECOVER</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><span style='layout-grid-mode:line'>The value of the
-CKA_PUBLIC_KEY_INFO attribute is the DER encoded value of SubjectPublicKeyInfo:</span></p>
-
-<p class=MsoNormal><span style='layout-grid-mode:line'>            SubjectPublicKeyInfo    <b>::</b>=
-SEQUENCE {</span></p>
-
-<p class=MsoNormal><span style='layout-grid-mode:line'>                        algorithm                      AlgorithmIdentifier,</span></p>
-
-<p class=MsoNormal><span style='layout-grid-mode:line'>                        subjectPublicKey          BIT_STRING
-}</span></p>
-
-<p class=MsoNormal><span style='layout-grid-mode:line'>The encodings for the
-subjectPublicKey field are specified in the description of the public key types
-in the appropriate </span>[PKCS11-Curr]<b> </b><span style='layout-grid-mode:
-line'>document for the key types defined within this specification.</span></p>
-
-<h2><a name="_Toc319315688"></a><a name="_Toc319313695"></a><a
-name="_Toc319313502"></a><a name="_Toc319287661"></a><a name="_Toc416959719"></a><a
-name="_Toc395183792"></a><a name="_Toc391468796"></a><a name="_Toc370634005"></a><a
-name="_Toc235002301"></a><a name="_Toc72656083"></a><a name="_Ref72646937"></a><a
-name="_Ref72646759"></a><a name="_Ref72643709"></a><a name="_Ref457140239"></a><a
-name="_Ref457140112"></a><a name="_Ref457139268"></a><a name="_Toc405794680"></a><a
-name="_Ref399153802"></a><a name="_Toc385057862"></a><a name="_Toc383864858"></a><a
-name="_Toc323610851"></a><a name="_Toc323205421"></a><a name="_Toc323024089"></a><a
-name="_Toc323000695"></a><a name="_Toc322945128"></a><a name="_Toc322855286">4.9
-Private key </a>objects</h2>
-
-<p class=MsoNormal>Private key objects (object class <b>CKO_PRIVATE_KEY</b>)
-hold private keys. The following table defines the attributes common to all
-private keys, in addition to the common attributes defined for this object
-class:</p>
-
-<p class=MsoCaption><a name="_Toc225305962"></a><a name="_Toc405794988"></a><a
-name="_Toc383864522"></a><a name="_Toc323204887"></a><a name="_Ref320440894"></a><a
-name="_Ref384003347">Table </a>25, Common Private Key Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=258 valign=top style='width:193.5pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Attribute</span></b></p>
-   </td>
-   <td width=102 valign=top style='width:76.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Data type</span></b></p>
-   </td>
-   <td width=216 valign=top style='width:2.25in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=258 valign=top style='width:193.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_SUBJECT<sup>8</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Byte array</span></p>
-  </td>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>DER-encoding of certificate subject name
-  (default empty)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=258 valign=top style='width:193.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKA_SENSITIVE<sup>8,11</sup>
-  </span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-  </td>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_TRUE
-  if key is sensitive<sup>9 </sup></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=258 valign=top style='width:193.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKA_DECRYPT<sup>8</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-  </td>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_TRUE
-  if key supports decryption<sup>9</sup></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=258 valign=top style='width:193.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKA_SIGN<sup>8</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-  </td>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_TRUE
-  if key supports signatures where the signature is an appendix to the data<sup>9</sup></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=258 valign=top style='width:193.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKA_SIGN_RECOVER<sup>8</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-  </td>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_TRUE
-  if key supports signatures where the data can be recovered from the signature<sup>9</sup></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=258 valign=top style='width:193.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKA_UNWRAP<sup>8</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-  </td>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_TRUE
-  if key supports unwrapping (<i>i.e.</i>, can be used to unwrap other keys)<sup>9</sup></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=258 valign=top style='width:193.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKA_EXTRACTABLE<sup>8,12</sup>
-  </span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-  </td>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_TRUE
-  if key is extractable and can be wrapped<sup> 9</sup></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=258 valign=top style='width:193.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKA_ALWAYS_SENSITIVE<sup>2,4,6</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-  </td>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_TRUE
-  if key has <i>always</i> had the CKA_SENSITIVE attribute set to CK_TRUE</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=258 valign=top style='width:193.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKA_NEVER_EXTRACTABLE<sup>2,4,6</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-  </td>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_TRUE
-  if key has <i>never</i> had the CKA_EXTRACTABLE attribute set to CK_TRUE</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=258 valign=top style='width:193.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKA_WRAP_WITH_TRUSTED<sup>11</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-  </td>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_TRUE
-  if the key can only be wrapped with a wrapping key that has CKA_TRUSTED set
-  to CK_TRUE.</span></p>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Default
-  is CK_FALSE.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=258 valign=top style='width:193.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKA_UNWRAP_TEMPLATE</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_ATTRIBUTE_PTR</span></p>
-  </td>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>For
-  wrapping keys. The attribute template to apply to any keys unwrapped using
-  this wrapping key. Any user supplied template is applied after this template
-  as if the object has already been created. The number of attributes in the
-  array is the <i>ulValueLen</i> component of the attribute divided by the size
-  of</span></p>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_ATTRIBUTE.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=258 valign=top style='width:193.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKA_ALWAYS_AUTHENTICATE</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-  </td>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>If
-  CK_TRUE, the user has to supply the PIN for each use (sign or decrypt) with
-  the key. Default is CK_FALSE.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=258 valign=top style='width:193.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKA_PUBLIC_KEY_INFO<sup>8</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Byte
-  Array</span></p>
-  </td>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>DER-encoding
-  of the SubjectPublicKeyInfo for the associated public key (MAY be empty;
-  DEFAULT derived from the underlying private key data; MAY be manually set for
-  specific key types; if set; MUST be consistent with the underlying private
-  key data)</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>- </sup>Refer to Table 10 for footnotes</p>
-
-<p class=MsoNormal><a name="_Toc385057863"></a><a name="_Ref384871793"></a><a
-name="_Ref384665978"></a><a name="_Toc383864859"></a><a name="_Toc323610852"></a><a
-name="_Toc323205422"></a><a name="_Toc323024090"></a><a name="_Toc323000696"></a><a
-name="_Toc322945129"></a><a name="_Toc322855287">It is intended in the
-interests of interoperability that the subject name and key identifier for a
-private key will be the same as those for the corresponding certificate and
-public key.  However, this is not enforced by Cryptoki, and it is not required
-that the certificate and public key also be stored on the token.</a></p>
-
-<p class=MsoNormal>If the <b>CKA_SENSITIVE</b> attribute is CK_TRUE, or if the <b>CKA_EXTRACTABLE</b>
-attribute is CK_FALSE, then certain attributes of the private key cannot be
-revealed in plaintext outside the token.  Which attributes these are is
-specified for each type of private key in the attribute table in the section
-describing that type of key.</p>
-
-<p class=MsoNormal>The <b>CKA_ALWAYS_AUTHENTICATE</b> attribute can be used to
-force re-authentication (i.e. force the user to provide a PIN) for each use of
-a private key. “Use” in this case means a cryptographic operation such as sign
-or decrypt. This attribute may only be set to CK_TRUE when <b>CKA_PRIVATE</b>
-is also CK_TRUE. </p>
-
-<p class=MsoNormal>Re-authentication occurs by calling <b>C_Login</b> with <i>userType</i>
-set to <b>CKU_CONTEXT_SPECIFIC</b> immediately after a cryptographic operation
-using the key has been initiated (e.g. after <b>C_SignInit</b>). In this call,
-the actual user type is implicitly given by the usage requirements of the
-active key. If <b>C_Login</b> returns CKR_OK the user was successfully
-authenticated and this sets the active key in an authenticated state that lasts
-until the cryptographic operation has successfully or unsuccessfully been
-completed (e.g. by <b>C_Sign</b>, <b>C_SignFinal</b>,..). A return value
-CKR_PIN_INCORRECT from <b>C_Login</b> means that the user was denied permission
-to use the key and continuing the cryptographic operation will result in a
-behavior as if <b>C_Login</b> had not been called. In both of these cases the
-session state will remain the same, however repeated failed re-authentication
-attempts may cause the PIN to be locked. <b>C_Login</b> returns in this case
-CKR_PIN_LOCKED and this also logs the user out from the token. Failing or
-omitting to re-authenticate when CKA_ALWAYS_AUTHENTICATE is set to CK_TRUE will
-result in CKR_USER_NOT_LOGGED_IN to be returned from calls using the key. <b>C_Login</b>
-will return CKR_OPERATION_NOT_INITIALIZED, but the active cryptographic
-operation will not be affected, if an attempt is made to re-authenticate when
-CKA_ALWAYS_AUTHENTICATE is set to CK_FALSE.</p>
-
-<p class=MsoNormal>The <b>CKA_PUBLIC_KEY_INFO</b> attribute represents the
-public key associated with this private key.  The data it represents may either
-be stored as part of the private key data, or regenerated as needed from the
-private key.</p>
-
-<p class=MsoNormal>If this attribute is supplied as part of a template for <b>C_CreateObject,
-C_CopyObject </b>or C<b>_SetAttributeValue</b> for a private key, the token
-MUST verify correspondence between the private key data and the public key data
-as supplied in <b>CKA_PUBLIC_KEY_INFO</b>. This can be done either by deriving
-a public key from the private key and comparing the values, or by doing a sign
-and verify operation. If there is a mismatch, the command SHALL return <b>CKR_ATTRIBUTE_VALUE_INVALID.</b>
-A token MAY choose not to support the <b>CKA_PUBLIC_KEY_INFO </b>attribute for
-commands which create new private keys. If it does not support the attribute,
-the command SHALL return <b>CKR_ATTRIBUTE_TYPE_INVALID</b>.</p>
-
-<p class=MsoNormal>As a general guideline, private keys of any type SHOULD
-store sufficient information to retrieve the public key information.  In
-particular, the RSA private key description has been modified in &lt;this
-version&gt; to add the CKA_PUBLIC_EXPONENT to the list of attributes required
-for an RSA private key.  All other private key types described in this
-specification contain sufficient information to recover the associated public
-key.</p>
-
-<h3><a name="_Toc416959720"></a><a name="_Toc395183793"></a><a
-name="_Toc391468797"></a><a name="_Toc370634006"></a><a name="_Toc72656200"></a><a
-name="_Toc235853652">4.9.1 RSA private key objects</a></h3>
-
-<p class=MsoNormal>RSA private key objects (object class <b>CKO_PRIVATE_KEY, </b>key
-type <b>CKK_RSA</b>) hold RSA private keys.  The following table defines the
-RSA private key object attributes, in addition to the common attributes defined
-for this object class:</p>
-
-<p class=MsoCaption><a name="_Toc323204888"></a><a name="_Toc383864523"></a><a
-name="_Toc405794989"></a><a name="_Toc235853988"></a><a name="_Toc319314015"></a><a
-name="_Toc319314557"></a><a name="_Toc319314972"></a><a name="_Toc319315844"></a><a
-name="_Ref384613038">Table </a>26, RSA Private Key Object Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=246 valign=top style='width:184.5pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='line-height:115%;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif"'>Attribute</span></b></p>
-   </td>
-   <td width=90 valign=top style='width:67.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='line-height:115%;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif"'>Data
-   type</span></b></p>
-   </td>
-   <td width=240 valign=top style='width:2.5in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='line-height:115%;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif"'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=246 valign=top style='width:184.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='line-height:115%;page-break-after:avoid'><span
-  style='font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif"'>CKA_MODULUS<sup><span
-  style='background:yellow'>1,</span>4,6</sup></span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='line-height:115%;page-break-after:avoid'><span
-  style='font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif"'>Big
-  integer</span></p>
-  </td>
-  <td width=240 valign=top style='width:2.5in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='line-height:115%;page-break-after:avoid'><span
-  style='font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif"'>Modulus
-  <i>n</i></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=246 valign=top style='width:184.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='line-height:115%;page-break-after:avoid'><span
-  style='font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif"'>CKA_PUBLIC_EXPONENT<sup>1,4,6</sup></span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='line-height:115%;page-break-after:avoid'><span
-  style='font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif"'>Big
-  integer</span></p>
-  </td>
-  <td width=240 valign=top style='width:2.5in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='line-height:115%;page-break-after:avoid'><span
-  style='font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif"'>Public
-  exponent <i>e</i></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=246 valign=top style='width:184.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='line-height:115%;page-break-after:avoid'><span
-  style='font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif"'>CKA_PRIVATE_EXPONENT<sup>1,4,6,7</sup></span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='line-height:115%;page-break-after:avoid'><span
-  style='font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif"'>Big
-  integer</span></p>
-  </td>
-  <td width=240 valign=top style='width:2.5in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='line-height:115%;page-break-after:avoid'><span
-  style='font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif"'>Private
-  exponent <i>d</i></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=246 valign=top style='width:184.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='line-height:115%;page-break-after:avoid'><span
-  style='font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif"'>CKA_PRIME_1<sup>4,6,7</sup></span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='line-height:115%;page-break-after:avoid'><span
-  style='font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif"'>Big
-  integer</span></p>
-  </td>
-  <td width=240 valign=top style='width:2.5in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='line-height:115%;page-break-after:avoid'><span
-  style='font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif"'>Prime
-  <i>p</i></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=246 valign=top style='width:184.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='line-height:115%;page-break-after:avoid'><span
-  style='font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif"'>CKA_PRIME_2<sup>4,6,7</sup></span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='line-height:115%;page-break-after:avoid'><span
-  style='font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif"'>Big
-  integer</span></p>
-  </td>
-  <td width=240 valign=top style='width:2.5in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='line-height:115%;page-break-after:avoid'><span
-  style='font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif"'>Prime
-  <i>q</i></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=246 valign=top style='width:184.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='line-height:115%;page-break-after:avoid'><span lang=SV
-  style='font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif"'>CKA_EXPONENT_1<sup>4,6,7</sup></span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='line-height:115%;page-break-after:avoid'><span lang=SV
-  style='font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif"'>Big
-  integer</span></p>
-  </td>
-  <td width=240 valign=top style='width:2.5in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='line-height:115%;page-break-after:avoid'><span
-  style='font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif"'>Private
-  exponent <i>d</i> modulo <i>p</i>-1 </span></p>
-  </td>
- </tr>
- <tr>
-  <td width=246 valign=top style='width:184.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='line-height:115%;page-break-after:avoid'><span lang=SV
-  style='font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif"'>CKA_EXPONENT_2<sup>4,6,7</sup></span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='line-height:115%;page-break-after:avoid'><span lang=SV
-  style='font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif"'>Big
-  integer</span></p>
-  </td>
-  <td width=240 valign=top style='width:2.5in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='line-height:115%;page-break-after:avoid'><span
-  style='font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif"'>Private
-  exponent <i>d</i> modulo <i>q</i>-1 </span></p>
-  </td>
- </tr>
- <tr>
-  <td width=246 valign=top style='width:184.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='line-height:115%;page-break-after:avoid'><span
-  style='font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif"'>CKA_COEFFICIENT<sup>4,6,7</sup></span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='line-height:115%;page-break-after:avoid'><span
-  style='font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif"'>Big
-  integer</span></p>
-  </td>
-  <td width=240 valign=top style='width:2.5in;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='line-height:115%;page-break-after:avoid'><span lang=FR
-  style='font-size:10.0pt;line-height:115%;font-family:"Arial","sans-serif"'>CRT
-  coefficient <i>q</i><sup>-1</sup> mod <i>p</i>  </span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup><span lang=FR-CH> </span></sup>Refer to Table 10 for
-footnotes</p>
-
-<p class=MsoNormal>Depending on the token, there may be limits on the length of
-the key components.  See PKCS #1 for more information on RSA keys.</p>
-
-<p class=MsoNormal>Tokens vary in what they actually store for RSA private
-keys.  Some tokens store all of the above attributes, which can assist in
-performing rapid RSA computations.  Other tokens might store only the <b>CKA_MODULUS</b>
-and <b>CKA_PRIVATE_EXPONENT</b> values. Effective with version 2.40, tokens MUST
-also store CKA_PUBLIC_EXPONENT.  This permits the retrieval of sufficient data
-to reconstitute the associated public key.</p>
-
-<p class=MsoNormal>Because of this, Cryptoki is flexible in dealing with RSA
-private key objects.  When a token generates an RSA private key, it stores
-whichever of the fields in Table 26 it keeps track of.  Later, if an
-application asks for the values of the key’s various attributes, Cryptoki
-supplies values only for attributes whose values it can obtain (<i>i.e.</i>, if
-Cryptoki is asked for the value of an attribute it cannot obtain, the request
-fails).  Note that a Cryptoki implementation may or may not be able and/or
-willing to supply various attributes of RSA private keys which are not actually
-stored on the token.  <i>E.g.</i>, if a particular token stores values only for
-the <b>CKA_PRIVATE_EXPONENT, CKA_PUBLIC_EXPONENT</b>, <b>CKA_PRIME_1</b>, and <b>CKA_PRIME_2</b>
-attributes, then Cryptoki is certainly <i>able</i> to report values for all the
-attributes above (since they can all be computed efficiently from these four
-values).  However, a Cryptoki implementation may or may not actually do this
-extra computation.  The only attributes from Table 26 for which a Cryptoki
-implementation is <i>required</i> to be able to return values are <b>CKA_MODULUS,
-CKA_PRIVATE_EXPONENT, and CKA_PUBLIC_EXPONENT</b>.  A token SHOULD also be able
-to return <b>CKA_PUBLIC_KEY_INFO </b>for an RSA private key.  See the general
-guidance for Private Keys above.</p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<h2><a name="_Toc319315691"></a><a name="_Toc319313698"></a><a
-name="_Toc319313505"></a><a name="_Toc319287664"></a><a name="_Toc416959721"></a><a
-name="_Toc395183794"></a><a name="_Toc391468798"></a><a name="_Toc370634007"></a><a
-name="_Toc235002302"></a><a name="_Toc72656084"></a><a name="_Toc405794686"></a><a
-name="_Toc385057869"></a><a name="_Toc383864862"></a><a name="_Toc323610855"></a><a
-name="_Toc323205425"></a><a name="_Toc323024093"></a><a name="_Toc323000699"></a><a
-name="_Toc322945132"></a><a name="_Toc322855290">4.10 Secret key objects</a></h2>
-
-<p class=MsoNormal>Secret key objects (object class <b>CKO_SECRET_KEY</b>) hold
-secret keys.  The following table defines the attributes common to all secret
-keys, in addition to the common attributes defined for this object class:</p>
-
-<p class=MsoCaption><a name="_Toc225305963"></a><a name="_Toc405794994"></a><a
-name="_Toc383864526"></a><a name="_Toc323204891"></a><a name="_Ref384003560">Table
-</a>27, Common Secret Key Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0 width=588
- style='width:441.0pt;margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=252 valign=top style='width:189.0pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Attribute</span></b></p>
-   </td>
-   <td width=102 valign=top style='width:76.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Data type</span></b></p>
-   </td>
-   <td width=234 valign=top style='width:175.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_SENSITIVE<sup>8,11</sup> </span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-  </td>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_TRUE if object is sensitive (default
-  CK_FALSE)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_ENCRYPT<sup>8</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-  </td>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_TRUE if key supports encryption<sup>9</sup></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_DECRYPT<sup>8</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-  </td>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_TRUE if key supports decryption<sup>9</sup></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_SIGN<sup>8</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-  </td>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_TRUE if key supports signatures (<i>i.e.</i>,
-  authentication codes) where the signature is an appendix to the data<sup>9</sup></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_VERIFY<sup>8</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-  </td>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_TRUE if key supports verification (<i>i.e.</i>,
-  of authentication codes) where the signature is an appendix to the data<sup>9</sup></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_WRAP<sup>8</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-  </td>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_TRUE if key supports wrapping (<i>i.e.</i>,
-  can be used to wrap other keys)<sup>9</sup></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_UNWRAP<sup>8</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-  </td>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_TRUE if key supports unwrapping (<i>i.e.</i>,
-  can be used to unwrap other keys)<sup>9</sup></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_EXTRACTABLE<sup>8,12</sup> </span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-  </td>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_TRUE if key is extractable and can be
-  wrapped <sup>9</sup></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_ALWAYS_SENSITIVE<sup>2,4,6</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-  </td>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_TRUE if key has <i>always</i> had the
-  CKA_SENSITIVE attribute set to CK_TRUE</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_NEVER_EXTRACTABLE<sup>2,4,6</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-  </td>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_TRUE if key has <i>never</i> had the
-  CKA_EXTRACTABLE attribute set to CK_TRUE</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_CHECK_VALUE</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial","sans-serif"'>Byte array</span></p>
-  </td>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Key checksum</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_WRAP_WITH_TRUSTED<sup>11</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-  </td>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_TRUE if the key can only be wrapped with
-  a wrapping key that has CKA_TRUSTED set to CK_TRUE.</span></p>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Default is CK_FALSE.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_TRUSTED<sup>10</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-  </td>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>The wrapping key can be used to wrap keys
-  with  CKA_WRAP_WITH_TRUSTED set to CK_TRUE.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_WRAP_TEMPLATE</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_ATTRIBUTE_PTR</span></p>
-  </td>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>For wrapping keys. The attribute template
-  to match against any keys wrapped using this wrapping key. Keys that do not
-  match cannot be wrapped. The number of attributes in the array is the</span></p>
-  <p class=Table style='page-break-after:avoid'><i><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>ulValueLen</span></i><span
-  style='font-size:10.0pt;font-family:"Arial","sans-serif"'> component of the
-  attribute divided by the size of</span></p>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_ATTRIBUTE</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_UNWRAP_TEMPLATE</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_ATTRIBUTE_PTR</span></p>
-  </td>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>For wrapping keys. The attribute template
-  to apply to any keys unwrapped using this wrapping key. Any user supplied
-  template is applied after this template as if the object has already been
-  created. The number of attributes in the array is the <i>ulValueLen</i>
-  component of the attribute divided by the size of</span></p>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_ATTRIBUTE.</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>- </sup>Refer to Table 10 for footnotes</p>
-
-<p class=MsoNormal>If the <b>CKA_SENSITIVE</b> attribute is CK_TRUE, or if the <b>CKA_EXTRACTABLE</b>
-attribute is CK_FALSE, then certain attributes of the secret key cannot be
-revealed in plaintext outside the token.  Which attributes these are is
-specified for each type of secret key in the attribute table in the section
-describing that type of key.</p>
-
-<p class=MsoNormal><a name="_Toc383864869"></a><a name="_Toc323610862"></a><a
-name="_Toc323205432"></a><a name="_Toc323024100"></a><a name="_Toc323000706"></a><a
-name="_Toc322945139"></a><a name="_Toc322855297"></a><a name="_Ref320515101">The
-key check value (KCV) attribute for symmetric key objects to be called <b>CKA_CHECK_VALUE,</b>
-of type byte array, length 3 bytes, operates like a fingerprint, or checksum of
-the key. They are intended to be used to cross-check symmetric keys against
-other systems where the same key is shared, and as a validity check after
-manual key entry or restore from backup. Refer to object definitions of
-specific key types for KCV algorithms.</a></p>
-
-<p class=MsoNormal>Properties:</p>
-
-<ol style='margin-top:0in' start=1 type=1>
- <li class=MsoNormal style='margin-top:0in;margin-bottom:12.0pt;text-align:
-     justify'>For two keys that are cryptographically identical the value of
-     this attribute should be identical.</li>
- <li class=MsoNormal style='margin-top:0in;margin-bottom:12.0pt;text-align:
-     justify'>CKA_CHECK_VALUE should not be usable to obtain any part of the
-     key value.</li>
- <li class=MsoNormal style='margin-top:0in;margin-bottom:12.0pt;text-align:
-     justify'>Non-uniqueness. Two different keys can have the same
-     CKA_CHECK_VALUE. This is unlikely (the probability can easily be
-     calculated) but possible.</li>
-</ol>
-
-<p class=MsoNormal>The attribute is optional, but if supported, regardless of
-how the key object is created or derived, the value of the attribute is always
-supplied. It SHALL be supplied even if the encryption operation for the key is
-forbidden (i.e. when CKA_ENCRYPT is set to CK_FALSE).</p>
-
-<p class=MsoNormal>If a value is supplied in the application template (allowed
-but never necessary) then, if supported, it MUST match what the library
-calculates it to be or the library returns a CKR_ATTRIBUTE_VALUE_INVALID. If
-the library does not support the attribute then it should ignore it. Allowing
-the attribute in the template this way does no harm and allows the attribute to
-be treated like any other attribute for the purposes of key wrap and unwrap
-where the attributes are preserved also.</p>
-
-<p class=MsoNormal>The generation of the KCV may be prevented by the
-application supplying the attribute in the template as a no-value (0 length)
-entry. The application can query the value at any time like any other attribute
-using C_GetAttributeValue. C_SetAttributeValue may be used to destroy the
-attribute, by supplying no-value.</p>
-
-<p class=MsoNormal>Unless otherwise specified for the object definition, the
-value of this attribute is derived from the key object by taking the first
-three bytes of an encryption of a single block of null (0x00) bytes, using the
-default cipher and mode (e.g. ECB) associated with the key type of the secret
-key object.</p>
-
-<span style='font-size:10.0pt;font-family:"Arial","sans-serif"'><br clear=all
-style='page-break-before:always'>
-</span>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<h2><a name="_Toc416959722"></a><a name="_Toc395183795"></a><a
-name="_Toc391468799"></a><a name="_Toc370634008"></a><a name="_Toc235002303"></a><a
-name="_Toc72656085">4.11 Domain parameter objects</a></h2>
-
-<h3><a name="_Toc416959723"></a><a name="_Toc395183796"></a><a
-name="_Toc391468800"></a><a name="_Toc370634009"></a><a name="_Toc235002304"></a><a
-name="_Toc72656086">4.11.1 Definitions</a></h3>
-
-<p class=MsoNormal>This section defines the object class CKO_DOMAIN_PARAMETERS
-for type CK_OBJECT_CLASS as used in the CKA_CLASS attribute of  objects.</p>
-
-<h3><a name="_Toc416959724"></a><a name="_Toc395183797"></a><a
-name="_Toc391468801"></a><a name="_Toc370634010"></a><a name="_Toc235002305"></a><a
-name="_Toc72656087">4.11.2 Overview</a></h3>
-
-<p class=MsoNormal>This object class was created to support the storage of
-certain algorithm's extended parameters. DSA and DH both use domain parameters
-in the key-pair generation step. In particular, some libraries support the
-generation of domain parameters (originally out of scope for PKCS11) so the
-object class was added.</p>
-
-<p class=MsoNormal>To use a domain parameter object you MUST extract the
-attributes into a template and supply them (still in the template) to the
-corresponding key-pair generation function.</p>
-
-<p class=MsoNormal>Domain parameter objects (object class <b>CKO_DOMAIN_PARAMETERS</b>)
-hold public domain parameters. </p>
-
-<p class=MsoNormal>The following table defines the attributes common to domain
-parameter objects in addition to the common attributes defined for this object
-class:</p>
-
-<p class=MsoCaption><a name="_Toc225305964"></a><a name="_Ref505614849">Table</a>
-28, Common Domain Parameter Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=168 valign=top style='width:1.75in;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Attribute</span></b></p>
-   </td>
-   <td width=132 valign=top style='width:99.0pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Data Type</span></b></p>
-   </td>
-   <td width=276 valign=top style='width:207.0pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=168 valign=top style='width:1.75in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_KEY_TYPE<sup>1</sup></span></p>
-  </td>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_KEY_TYPE</span></p>
-  </td>
-  <td width=276 valign=top style='width:207.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Type of key the domain parameters can be
-  used to generate.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=168 valign=top style='width:1.75in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_LOCAL<sup>2,4</sup></span></p>
-  </td>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_BBOOL</span></p>
-  </td>
-  <td width=276 valign=top style='width:207.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_TRUE only if domain parameters were
-  either</span></p>
-  <p class=Table style='margin-left:.25in;text-indent:-.25in;page-break-after:
-  avoid'><span style='font-size:10.0pt;font-family:Symbol'>·<span
-  style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-  </span></span><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>generated
-  locally (<i>i.e.</i>, on the token) with a <b>C_GenerateKey</b></span></p>
-  <p class=Table style='margin-left:.25in;text-indent:-.25in;page-break-after:
-  avoid'><span style='font-size:10.0pt;font-family:Symbol'>·<span
-  style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-  </span></span><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>created
-  with a <b>C_CopyObject</b> call as a copy of domain parameters which had its <b>CKA_LOCAL</b>
-  attribute set to CK_TRUE</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>- </sup>Refer to Table 10 for footnotes</p>
-
-<p class=MsoNormal>The <b>CKA_LOCAL</b> attribute has the value CK_TRUE if and
-only if the values of the domain parameters were originally generated on the
-token by a <b>C_GenerateKey</b> call.</p>
-
-<h2><a name="_Toc405794702"></a><a name="_Toc385057885"></a><a
-name="_Ref384459053"></a><a name="_Toc416959725"></a><a name="_Toc395183798"></a><a
-name="_Toc391468802"></a><a name="_Toc370634011"></a><a name="_Toc235002306"></a><a
-name="_Toc72656088">4.12 Mechanism objects</a></h2>
-
-<h3><a name="_Toc416959726"></a><a name="_Toc395183799"></a><a
-name="_Toc391468803"></a><a name="_Toc370634012"></a><a name="_Toc235002307"></a><a
-name="_Toc72656089">4.12.1 Definitions</a></h3>
-
-<p class=MsoNormal>This section defines the object class CKO_MECHANISM for type
-CK_OBJECT_CLASS as used in the CKA_CLASS attribute of  objects.</p>
-
-<h3><a name="_Toc416959727"></a><a name="_Toc395183800"></a><a
-name="_Toc391468804"></a><a name="_Toc370634013"></a><a name="_Toc235002308"></a><a
-name="_Toc72656090">4.12.2 Overview</a></h3>
-
-<p class=MsoNormal>Mechanism objects provide information about mechanisms
-supported by a device beyond that given by the <b>CK_MECHANISM_INFO</b>
-structure.</p>
-
-<p class=MsoNormal>When searching for objects using <b>C_FindObjectsInit</b>
-and <b>C_FindObjects</b>, mechanism objects are not returned unless the <b>CKA_CLASS</b>
-attribute in the template has the value <b>CKO_MECHANISM</b>. This protects
-applications written to previous versions of Cryptoki from finding objects that
-they do not understand.</p>
-
-<p class=MsoCaption><a name="_Toc225305965">Table 29, Common Mechanism
-Attributes</a></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <tr>
-  <td width=208 valign=top style='width:155.95pt;border:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><b><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Attribute</span></b></p>
-  </td>
-  <td width=198 valign=top style='width:148.85pt;border:solid windowtext 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><b><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Data Type</span></b></p>
-  </td>
-  <td width=177 valign=top style='width:132.6pt;border:solid windowtext 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><b><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Meaning</span></b></p>
-  </td>
- </tr>
- <tr>
-  <td width=208 valign=top style='width:155.95pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CKA_MECHANISM_TYPE</span></p>
-  </td>
-  <td width=198 valign=top style='width:148.85pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>CK_MECHANISM_TYPE</span></p>
-  </td>
-  <td width=177 valign=top style='width:132.6pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>The type of mechanism object</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>The <b>CKA_MECHANISM_TYPE</b> attribute may not be set.</p>
-
-<div style='border:none;border-top:solid gray 1.0pt;padding:6.0pt 0in 0in 0in'>
-
-<h1><a name="_Toc416959728"></a><a name="_Toc395183801"></a><a
-name="_Toc391468805"></a><a name="_Toc370634014"></a><a name="_Toc235002309"></a><a
-name="_Toc72656091">5<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span>Functions</a></h1>
-
-</div>
-
-<p class=MsoNormal>Cryptoki's functions are organized into the following
-categories:</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>general-purpose functions (4 functions)</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>slot and token management functions (9 functions)</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>session management functions (8 functions)</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>object management functions (9 functions)</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>encryption functions (4 functions)</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>decryption functions (4 functions)</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>message digesting functions (5 functions)</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>signing and MACing functions (6 functions)</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>functions for verifying signatures and MACs (6 functions)</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>dual-purpose cryptographic functions (4 functions)</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>key management functions (5 functions)</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>random number generation functions (2 functions)</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>parallel function management functions (2 functions)</p>
-
-<p class=MsoNormal style='margin-left:.25in'>&nbsp;</p>
-
-<p class=MsoNormal>In addition to these functions, Cryptoki can use
-application-supplied callback functions to notify an application of certain
-events, and can also use application-supplied functions to handle mutex objects
-for safe multi-threaded library access.</p>
-
-<p class=MsoNormal>The Cryptoki API functions are presented in the following
-table:</p>
-
-<p class=MsoCaption>Table 30, Summary of Cryptoki Functions</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=116 valign=top style='width:87.1pt;border-top:black 1.5pt;
-   border-left:black 1.5pt;border-bottom:windowtext 1.0pt;border-right:black 1.0pt;
-   border-style:solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table><b><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Category</span></b></p>
-   </td>
-   <td width=178 valign=top style='width:133.4pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table><b><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Function</span></b></p>
-   </td>
-   <td width=288 valign=top style='width:3.0in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table><b><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Description</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>General</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_Initialize</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>initializes
-  Cryptoki</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>purpose
-  functions</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_Finalize</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>clean
-  up miscellaneous Cryptoki-associated resources</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_GetInfo</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>obtains
-  general information about Cryptoki</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_GetFunctionList</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>obtains
-  entry points of Cryptoki library functions</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:solid black 1.0pt;
-  border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Slot
-  and token</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_GetSlotList</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>obtains
-  a list of slots in the system</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>management</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_GetSlotInfo</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>obtains
-  information about a particular slot</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>functions</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_GetTokenInfo</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>obtains
-  information about a particular token</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_WaitForSlotEvent</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>waits
-  for a slot event (token insertion, removal, etc.) to occur</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_GetMechanismList</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>obtains
-  a list of mechanisms supported by a token</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_GetMechanismInfo</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>obtains
-  information about a particular mechanism</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_InitToken</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>initializes
-  a token</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_InitPIN</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>initializes
-  the normal user’s PIN</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_SetPIN</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>modifies
-  the PIN of the current user</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Session
-  management functions</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_OpenSession</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>opens
-  a connection between an application and a particular token or sets up an
-  application callback for token insertion</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_CloseSession</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>closes
-  a session</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_CloseAllSessions</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>closes
-  all sessions with a token</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_GetSessionInfo</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>obtains
-  information about the session</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_GetOperationState</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>obtains
-  the cryptographic operations state of a session</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_SetOperationState</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>sets
-  the cryptographic operations state of a session</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_Login</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>logs
-  into a token</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_Logout</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>logs
-  out from a token</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:solid black 1.0pt;
-  border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Object</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_CreateObject</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>creates
-  an object</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>management</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_CopyObject</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>creates
-  a copy of an object</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>functions</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_DestroyObject</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>destroys
-  an object</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_GetObjectSize</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>obtains
-  the size of an object in bytes</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_GetAttributeValue</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>obtains
-  an attribute value of an object</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_SetAttributeValue</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>modifies
-  an attribute value of an object</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_FindObjectsInit</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>initializes
-  an object search operation</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_FindObjects</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>continues
-  an object search operation</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_FindObjectsFinal</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>finishes
-  an object search operation</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Encryption</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_EncryptInit</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>initializes
-  an encryption operation</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>functions</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_Encrypt</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>encrypts
-  single-part data</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_EncryptUpdate</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>continues
-  a multiple-part encryption operation</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_EncryptFinal</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>finishes
-  a multiple-part encryption operation</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Decryption</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_DecryptInit</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>initializes
-  a decryption operation</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>functions</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_Decrypt</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>decrypts
-  single-part encrypted data</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_DecryptUpdate</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>continues
-  a multiple-part decryption operation</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_DecryptFinal</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>finishes
-  a multiple-part decryption operation</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:solid black 1.0pt;
-  border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Message</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_DigestInit</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>initializes
-  a message-digesting operation</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span lang=SV style='font-size:10.0pt;font-family:"Arial","sans-serif"'>digesting</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span lang=SV style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_Digest</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>digests
-  single-part data</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>functions</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_DigestUpdate</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>continues
-  a multiple-part digesting operation</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_DigestKey</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>digests
-  a key</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_DigestFinal</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>finishes
-  a multiple-part digesting operation</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:solid black 1.0pt;
-  border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial","sans-serif"'>Signing</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial","sans-serif"'>C_SignInit</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>initializes a signature operation</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>and MACing</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>C_Sign</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>signs single-part data</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>functions</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>C_SignUpdate</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>continues a multiple-part signature
-  operation</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>C_SignFinal</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>finishes a multiple-part signature
-  operation</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>C_SignRecoverInit</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>initializes a signature operation, where
-  the data can be recovered from the signature</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>C_SignRecover</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>signs single-part data, where the data can
-  be recovered from the signature</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Functions for verifying</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>C_VerifyInit</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>initializes a verification operation</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>signatures</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>C_Verify</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>verifies a signature on single-part data</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>and MACs</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>C_VerifyUpdate</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>continues a multiple-part verification
-  operation</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>C_VerifyFinal</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>finishes a multiple-part verification
-  operation</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>C_VerifyRecoverInit</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>initializes a verification operation where
-  the data is recovered from the signature</span></p>
-  </td>
- </tr>
- <tr style='height:27.6pt'>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:27.6pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:27.6pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>C_VerifyRecover</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt;
-  height:27.6pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>verifies a signature on single-part data,
-  where the data is recovered from the signature</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:solid black 1.0pt;
-  border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Dual-purpose cryptographic</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>C_DigestEncryptUpdate</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>continues simultaneous multiple-part
-  digesting and encryption operations</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>functions</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>C_DecryptDigestUpdate</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>continues simultaneous multiple-part
-  decryption and digesting operations</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>C_SignEncryptUpdate</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>continues simultaneous multiple-part
-  signature and encryption operations</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>C_DecryptVerifyUpdate</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>continues simultaneous multiple-part
-  decryption and verification operations</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:solid black 1.0pt;
-  border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Key</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_GenerateKey</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>generates
-  a secret key</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>management</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_GenerateKeyPair</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>generates
-  a public-key/private-key pair</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>functions</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_WrapKey</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>wraps
-  (encrypts) a key</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_UnwrapKey</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>unwraps
-  (decrypts) a key</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_DeriveKey</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>derives
-  a key from a base key</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial","sans-serif"'>Random number generation</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>C_SeedRandom</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>mixes in additional seed material to the
-  random number generator</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>functions</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>C_GenerateRandom</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>generates random data</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:solid black 1.0pt;
-  border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>Parallel function management</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>C_GetFunctionStatus</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>legacy function which always returns
-  CKR_FUNCTION_NOT_PARALLEL</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>functions</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>C_CancelFunction</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>legacy function which always returns
-  CKR_FUNCTION_NOT_PARALLEL</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=116 valign=top style='width:87.1pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Callback
-  function</span></p>
-  </td>
-  <td width=178 valign=top style='width:133.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=288 valign=top style='width:3.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>application-supplied
-  function to process notifications from Cryptoki</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<p class=MsoNormal>Execution of a Cryptoki function call is in general an
-all-or-nothing affair, <i>i.e.</i>, a function call accomplishes either its
-entire goal, or nothing at all.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If a Cryptoki function executes successfully, it returns the
-value CKR_OK.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If a Cryptoki function does not execute successfully, it returns
-some value other than CKR_OK, and the token is in the same state as it was in
-prior to the function call.  If the function call was supposed to modify the
-contents of certain memory addresses on the host computer, these memory
-addresses may have been modified, despite the failure of the function.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>In unusual (and extremely unpleasant!) circumstances, a function
-can fail with the return value CKR_GENERAL_ERROR.  When this happens, the token
-and/or host computer may be in an inconsistent state, and the goals of the
-function may have been partially achieved.</p>
-
-<p class=MsoNormal>There are a small number of Cryptoki functions whose return
-values do not behave precisely as described above; these exceptions are
-documented individually with the description of the functions themselves.</p>
-
-<p class=MsoNormal>A Cryptoki library need not support every function in the
-Cryptoki API.  However, even an unsupported function MUST have a “stub” in the
-library which simply returns the value CKR_FUNCTION_NOT_SUPPORTED.  The
-function’s entry in the library’s <b>CK_FUNCTION_LIST</b> structure (as
-obtained by <b>C_GetFunctionList</b>) should point to this stub function (see
-Section 3.6).</p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<h2><a name="_Toc416959729"></a><a name="_Toc395183802"></a><a
-name="_Toc391468806"></a><a name="_Toc370634015"></a><a name="_Toc235002310"></a><a
-name="_Toc72656092"></a><a name="_Toc405794703"></a><a name="_Toc385057886"></a><a
-name="_Ref384634295">5.1 Function return values</a></h2>
-
-<p class=MsoNormal>The Cryptoki interface possesses a large number of functions
-and return values.  In Section 5.1, we enumerate the various possible return
-values for Cryptoki functions; most of the remainder of Section 5.1 details the behavior of Cryptoki functions, including what values each of them
-may return.</p>
-
-<p class=MsoNormal>Because of the complexity of the Cryptoki specification, it
-is recommended that Cryptoki applications attempt to give some leeway when
-interpreting Cryptoki functions’ return values.  We have attempted to specify
-the behavior of Cryptoki functions as completely as was feasible; nevertheless,
-there are presumably some gaps.  For example, it is possible that a particular
-error code which might apply to a particular Cryptoki function is unfortunately
-not actually listed in the description of that function as a possible error
-code.  It is conceivable that the developer of a Cryptoki library might
-nevertheless permit his/her implementation of that function to return that
-error code.  It would clearly be somewhat ungraceful if a Cryptoki application
-using that library were to terminate by abruptly dumping core upon receiving
-that error code for that function.  It would be far preferable for the
-application to examine the function’s return value, see that it indicates some
-sort of error (even if the application doesn’t know precisely <i>what</i> kind
-of error), and behave accordingly.</p>
-
-<p class=MsoNormal>See Section 5.1.8 for some specific details on how a
-developer might attempt to make an application that accommodates a range of
-behaviors from Cryptoki libraries.</p>
-
-<h3><a name="_Toc383864870"></a><a name="_Toc323610863"></a><a
-name="_Toc323205433"></a><a name="_Toc323024101"></a><a name="_Toc323000707"></a><a
-name="_Toc322945140"></a><a name="_Toc322855298"></a><a name="_Toc319315697"></a><a
-name="_Toc319313704"></a><a name="_Toc319313511"></a><a name="_Toc405794704"></a><a
-name="_Toc385057887"></a><a name="_Ref384823451">5.1.1  </a><a
-name="_Toc416959730"></a><a name="_Toc395183803"></a><a name="_Toc391468807"></a><a
-name="_Toc370634016"></a><a name="_Toc235002311"></a><a name="_Toc72656093">Universal
-Cryptoki function return values</a></h3>
-
-<p class=MsoNormal>Any Cryptoki function can return any of the following
-values:</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_GENERAL_ERROR: Some horrible, unrecoverable error has
-occurred.  In the worst case, it is possible that the function only partially
-succeeded, and that the computer and/or token is in an inconsistent state.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_HOST_MEMORY: The computer that the Cryptoki library is
-running on has insufficient memory to perform the requested function.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_FUNCTION_FAILED: The requested function could not be
-performed, but detailed information about why not is not available in this
-error return.  If the failed function uses a session, it is possible that the <b>CK_SESSION_INFO</b>
-structure that can be obtained by calling <b>C_GetSessionInfo</b> will hold
-useful information about what happened in its <i>ulDeviceError</i> field.  In
-any event, although the function call failed, the situation is not necessarily
-totally hopeless, as it is likely to be when CKR_GENERAL_ERROR is returned. 
-Depending on what the root cause of the error actually was, it is possible that
-an attempt to make the exact same function call again would succeed.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_OK: The function executed successfully.  Technically, CKR_OK
-is not <i>quite</i> a “universal” return value; in particular, the legacy
-functions <b>C_GetFunctionStatus</b> and <b>C_CancelFunction</b> (see Section 5.15) cannot return CKR_OK.</p>
-
-<p class=MsoNormal>The relative priorities of these errors are in the order
-listed above, <i>e.g.</i>, if either of CKR_GENERAL_ERROR or CKR_HOST_MEMORY
-would be an appropriate error return, then CKR_GENERAL_ERROR should be
-returned.</p>
-
-<h3><a name="_Toc405794705"></a><a name="_Toc385057888"></a><a
-name="_Ref384823481">5.1.2  </a><a name="_Toc416959731"></a><a
-name="_Toc395183804"></a><a name="_Toc391468808"></a><a name="_Toc370634017"></a><a
-name="_Toc235002312"></a><a name="_Toc72656094">Cryptoki function return values
-for functions that use a session handle</a></h3>
-
-<p class=MsoNormal>Any Cryptoki function that takes a session handle as one of
-its arguments (i.e., any Cryptoki function except for C_Initialize, C_Finalize,
-C_GetInfo, C_GetFunctionList, C_GetSlotList, C_GetSlotInfo, C_GetTokenInfo,
-C_WaitForSlotEvent, C_GetMechanismList, C_GetMechanismInfo, C_InitToken,
-C_OpenSession, and C_CloseAllSessions) can return the following values<span
-style='font-size:12.0pt'>:</span></p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_SESSION_HANDLE_INVALID: The specified session handle was
-invalid <i>at the time that the function was invoked</i>.  Note that this can
-happen if the session’s token is removed before the function invocation, since
-removing a token closes all sessions with it.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_DEVICE_REMOVED: The token was removed from its slot <i>during
-the execution of the function</i>.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_SESSION_CLOSED: The session was closed <i>during the
-execution of the function</i>.  Note that, as stated in <b><span
-style='color:#3B006F'>[PKCS11-UG]</span></b>, the behavior of Cryptoki is <i>undefined</i>
-if multiple threads of an application attempt to access a common Cryptoki
-session simultaneously.  Therefore, there is actually no guarantee that a
-function invocation could ever return the value CKR_SESSION_CLOSED.  An example
-of multiple threads accessing a common session simultaneously is where one thread
-is using a session when another thread closes that same session.</p>
-
-<p class=MsoNormal>The relative priorities of these errors are in the order
-listed above, <i>e.g.</i>, if either of CKR_SESSION_HANDLE_INVALID or
-CKR_DEVICE_REMOVED would be an appropriate error return, then
-CKR_SESSION_HANDLE_INVALID should be returned.</p>
-
-<p class=MsoNormal>In practice, it is often not crucial (or possible) for a
-Cryptoki library to be able to make a distinction between a token being removed
-<i>before</i> a function invocation and a token being removed <i>during</i> a
-function execution.</p>
-
-<h3><a name="_Toc405794706"></a><a name="_Toc385057889"></a><a
-name="_Ref384823523">5.1.3  </a><a name="_Toc416959732"></a><a
-name="_Toc395183805"></a><a name="_Toc391468809"></a><a name="_Toc370634018"></a><a
-name="_Toc235002313"></a><a name="_Toc72656095">Cryptoki function return values
-for functions that use a token</a></h3>
-
-<p class=MsoNormal>Any Cryptoki function that uses a particular token (<i>i.e.</i>,
-any Cryptoki function except for <b>C_Initialize</b>, <b>C_Finalize</b>, <b>C_GetInfo</b>,
-<b>C_GetFunctionList</b>, <b>C_GetSlotList</b>, <b>C_GetSlotInfo</b>, or<b>
-C_WaitForSlotEvent</b>) can return any of the following values:</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_DEVICE_MEMORY: The token does not have sufficient memory to
-perform the requested function.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_DEVICE_ERROR: Some problem has occurred with the token and/or
-slot.  This error code can be returned by more than just the functions
-mentioned above; in particular, it is possible for <b>C_GetSlotInfo</b> to
-return CKR_DEVICE_ERROR.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_TOKEN_NOT_PRESENT: The token was not present in its slot <i>at
-the time that the function was invoked</i>.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_DEVICE_REMOVED: The token was removed from its slot <i>during
-the execution of the function</i>.</p>
-
-<p class=MsoNormal>The relative priorities of these errors are in the order
-listed above, <i>e.g.</i>, if either of CKR_DEVICE_MEMORY or CKR_DEVICE_ERROR
-would be an appropriate error return, then CKR_DEVICE_MEMORY should be
-returned.</p>
-
-<p class=MsoNormal>In practice, it is often not critical (or possible) for a
-Cryptoki library to be able to make a distinction between a token being removed
-<i>before</i> a function invocation and a token being removed <i>during</i> a
-function execution.</p>
-
-<h3><a name="_Ref385060159"></a><a name="_Toc385057890"></a><a
-name="_Toc405794707">5.1.4  </a><a name="_Toc416959733"></a><a
-name="_Toc395183806"></a><a name="_Toc391468810"></a><a name="_Toc370634019"></a><a
-name="_Toc235002314"></a><a name="_Toc72656096">Special return value for
-application-supplied callbacks</a></h3>
-
-<p class=MsoNormal>There is a special-purpose return value which is not
-returned by any function in the actual Cryptoki API, but which may be returned
-by an application-supplied callback function.  It is:</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_CANCEL: When a function executing in serial with an
-application decides to give the application a chance to do some work, it calls
-an application-supplied function with a CKN_SURRENDER callback (see Section 5.16).  If the callback returns the value CKR_CANCEL, then the function aborts and
-returns CKR_FUNCTION_CANCELED.</p>
-
-<h3><a name="_Toc405794708">5.1.5  </a><a name="_Toc416959734"></a><a
-name="_Toc395183807"></a><a name="_Toc391468811"></a><a name="_Toc370634020"></a><a
-name="_Toc235002315"></a><a name="_Toc72656097">Special return values for
-mutex-handling functions</a></h3>
-
-<p class=MsoNormal>There are two other special-purpose return values which are
-not returned by any actual Cryptoki functions.  These values may be returned by
-application-supplied mutex-handling functions, and they may safely be ignored
-by application developers who are not using their own threading model.  They
-are:</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_MUTEX_BAD: This error code can be returned by mutex-handling
-functions that are passed a bad mutex object as an argument.  Unfortunately, it
-is possible for such a function not to recognize a bad mutex object.  There is
-therefore no guarantee that such a function will successfully detect bad mutex
-objects and return this value.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_MUTEX_NOT_LOCKED: This error code can be returned by
-mutex-unlocking functions.  It indicates that the mutex supplied to the
-mutex-unlocking function was not locked.</p>
-
-<h3><a name="_Toc405794709"></a><a name="_Ref395516454">5.1.6  </a><a
-name="_Toc416959735"></a><a name="_Toc395183808"></a><a name="_Toc391468812"></a><a
-name="_Toc370634021"></a><a name="_Toc235002316"></a><a name="_Toc72656098">All
-other Cryptoki function return values</a></h3>
-
-<p class=MsoNormal>Descriptions of the other Cryptoki function return values
-follow.  Except as mentioned in the descriptions of particular error codes,
-there are in general no particular priorities among the errors listed below, <i>i.e.</i>,
-if more than one error code might apply to an execution of a function, then the
-function may return any applicable error code.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_ACTION_PROHIBITED:  This value can only be returned by
-C_CopyObject, C_SetAttributeValue and C_DestroyObject. It denotes that the
-action may not be taken, either because of underlying policy restrictions on
-the token, or because the object has the the relevant CKA_COPYABLE,
-CKA_MODIFIABLE or CKA_DESTROYABLE policy attribute set to CK_FALSE.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_ARGUMENTS_BAD: This is a rather generic error code which
-indicates that the arguments supplied to the Cryptoki function were in some way
-not appropriate.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_ATTRIBUTE_READ_ONLY: An attempt was made to set a value for
-an attribute which may not be set by the application, or which may not be
-modified by the application.  See Section 4.1 for more information.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_ATTRIBUTE_SENSITIVE: An attempt was made to obtain the value
-of an attribute of an object which cannot be satisfied because the object is
-either sensitive or un-extractable.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_ATTRIBUTE_TYPE_INVALID: An invalid attribute type was
-specified in a template.  See Section 4.1 for more information.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_ATTRIBUTE_VALUE_INVALID: An invalid value was specified for a
-particular attribute in a template.  See Section 4.1 for more information.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_BUFFER_TOO_SMALL: The output of the function is too large to
-fit in the supplied buffer.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_CANT_LOCK: This value can only be returned by <b>C_Initialize</b>. 
-It means that the type of locking requested by the application for
-thread-safety is not available in this library, and so the application cannot
-make use of this library in the specified fashion.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_CRYPTOKI_ALREADY_INITIALIZED: This value can only be returned
-by <b>C_Initialize</b>.  It means that the Cryptoki library has already been
-initialized (by a previous call to <b>C_Initialize</b> which did not have a
-matching <b>C_Finalize</b> call).</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_CRYPTOKI_NOT_INITIALIZED: This value can be returned by any
-function other than <b>C_Initialize</b> and <b>C_GetFunctionList</b>.  It
-indicates that the function cannot be executed because the Cryptoki library has
-not yet been initialized by a call to <b>C_Initialize</b>.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_CURVE_NOT_SUPPORTED:  This curve is not supported by this
-token.  Used with Elliptic Curve mechanisms.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_DATA_INVALID: The plaintext input data to a cryptographic
-operation is invalid.  This return value has lower priority than
-CKR_DATA_LEN_RANGE.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_DATA_LEN_RANGE: The plaintext input data to a cryptographic
-operation has a bad length.  Depending on the operation’s mechanism, this could
-mean that the plaintext data is too short, too long, or is not a multiple of
-some particular block size.  This return value has higher priority than
-CKR_DATA_INVALID.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_DOMAIN_PARAMS_INVALID: Invalid or unsupported domain
-parameters were supplied to the function.  Which representation methods of
-domain parameters are supported by a given mechanism can vary from token to
-token.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_ENCRYPTED_DATA_INVALID: The encrypted input to a decryption
-operation has been determined to be invalid ciphertext.  This return value has
-lower priority than CKR_ENCRYPTED_DATA_LEN_RANGE.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_ENCRYPTED_DATA_LEN_RANGE: The ciphertext input to a
-decryption operation has been determined to be invalid ciphertext solely on the
-basis of its length.  Depending on the operation’s mechanism, this could mean
-that the ciphertext is too short, too long, or is not a multiple of some
-particular block size.  This return value has higher priority than
-CKR_ENCRYPTED_DATA_INVALID.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_EXCEEDED_MAX_ITERATIONS: An iterative algorithm (for key pair
-generation, domain parameter generation etc.) failed because we have exceeded
-the maximum number of iterations.  This error code has precedence over
-CKR_FUNCTION_FAILED. Examples of iterative algorithms include DSA signature
-generation (retry if either r = 0 or s = 0) and generation of DSA primes p and
-q specified in FIPS 186-4.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_FIPS_SELF_TEST_FAILED: A FIPS 140-2 power-up self-test or
-conditional self-test failed.  The token entered an error state.  Future calls
-to cryptographic functions on the token will return CKR_GENERAL_ERROR. 
-CKR_FIPS_SELF_TEST_FAILED has a higher precedence over CKR_GENERAL_ERROR. This
-error may be returned by C_Initialize, if a power-up self-test  failed, by
-C_GenerateRandom or C_SeedRandom, if the continuous random number generator
-test failed, or by C_GenerateKeyPair, if the pair-wise consistency test failed.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_FUNCTION_CANCELED: The function was canceled in
-mid-execution.  This happens to a cryptographic function if the function makes
-a <b>CKN_SURRENDER</b> application callback which returns CKR_CANCEL (see
-CKR_CANCEL). It also happens to a function that performs PIN entry through a
-protected path. The method used to cancel a protected path PIN entry operation
-is device dependent.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_FUNCTION_NOT_PARALLEL: There is currently no function
-executing in parallel in the specified session.  This is a legacy error code
-which is only returned by the legacy functions <b>C_GetFunctionStatus</b> and <b>C_CancelFunction</b>.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_FUNCTION_NOT_SUPPORTED: The requested function is not
-supported by this Cryptoki library.  Even unsupported functions in the Cryptoki
-API should have a “stub” in the library; this stub should simply return the
-value CKR_FUNCTION_NOT_SUPPORTED.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_FUNCTION_REJECTED: The signature request is rejected by the
-user.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_INFORMATION_SENSITIVE: The information requested could not be
-obtained because the token considers it sensitive, and is not able or willing
-to reveal it.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_KEY_CHANGED: This value is only returned by <b>C_SetOperationState</b>. 
-It indicates that one of the keys specified is not the same key that was being
-used in the original saved session.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_KEY_FUNCTION_NOT_PERMITTED: An attempt has been made to use a
-key for a cryptographic purpose that the key’s attributes are not set to allow
-it to do.  For example, to use a key for performing encryption, that key MUST
-have its <b>CKA_ENCRYPT</b> attribute set to CK_TRUE (the fact that the key MUST
-have a <b>CKA_ENCRYPT</b> attribute implies that the key cannot be a private
-key).  This return value has lower priority than CKR_KEY_TYPE_INCONSISTENT.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_KEY_HANDLE_INVALID: The specified key handle is not valid. 
-It may be the case that the specified handle is a valid handle for an object
-which is not a key.  We reiterate here that 0 is never a valid key handle.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_KEY_INDIGESTIBLE: This error code can only be returned by <b>C_DigestKey</b>. 
-It indicates that the value of the specified key cannot be digested for some
-reason (perhaps the key isn’t a secret key, or perhaps the token simply can’t
-digest this kind of key).</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_KEY_NEEDED: This value is only returned by <b>C_SetOperationState</b>. 
-It indicates that the session state cannot be restored because <b>C_SetOperationState</b>
-needs to be supplied with one or more keys that were being used in the original
-saved session.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_KEY_NOT_NEEDED: An extraneous key was supplied to <b>C_SetOperationState</b>. 
-For example, an attempt was made to restore a session that had been performing
-a message digesting operation, and an encryption key was supplied.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_KEY_NOT_WRAPPABLE: Although the specified private or secret
-key does not have its CKA_EXTRACTABLE attribute set to CK_FALSE, Cryptoki (or
-the token) is unable to wrap the key as requested (possibly the token can only
-wrap a given key with certain types of keys, and the wrapping key specified is
-not one of these types).  Compare with CKR_KEY_UNEXTRACTABLE.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_KEY_SIZE_RANGE: Although the requested keyed cryptographic
-operation could in principle be carried out, this Cryptoki library (or the
-token) is unable to actually do it because the supplied key‘s size is outside
-the range of key sizes that it can handle.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_KEY_TYPE_INCONSISTENT: The specified key is not the correct
-type of key to use with the specified mechanism.  This return value has a
-higher priority than CKR_KEY_FUNCTION_NOT_PERMITTED.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_KEY_UNEXTRACTABLE: The specified private or secret key can’t
-be wrapped because its CKA_EXTRACTABLE attribute is set to CK_FALSE.  Compare
-with CKR_KEY_NOT_WRAPPABLE.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol;color:black'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_LIBRARY_LOAD_FAILED: The Cryptoki library could not load <span
-style='color:black'>a dependent shared library.</span></p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_MECHANISM_INVALID: An invalid mechanism was specified to the
-cryptographic operation.  This error code is an appropriate return value if an
-unknown mechanism was specified or if the mechanism specified cannot be used in
-the selected token with the selected function.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_MECHANISM_PARAM_INVALID: Invalid parameters were supplied to
-the mechanism specified to the cryptographic operation.  Which parameter values
-are supported by a given mechanism can vary from token to token.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_NEED_TO_CREATE_THREADS: This value can only be returned by <b>C_Initialize</b>. 
-It is returned when two conditions hold:</p>
-
-<ol style='margin-top:0in' start=1 type=1>
- <li class=MsoNormal>The application called <b>C_Initialize</b> in a way which
-     tells the Cryptoki library that application threads executing calls to the
-     library cannot use native operating system methods to spawn new threads.</li>
- <li class=MsoNormal>The library cannot function properly without being able to
-     spawn new threads in the above fashion.</li>
-</ol>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_NO_EVENT: This value can only be returned by <b>C_GetSlotEvent</b>. 
-It is returned when <b>C_GetSlotEvent</b> is called in non-blocking mode and
-there are no new slot events to return.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_OBJECT_HANDLE_INVALID: The specified object handle is not
-valid.  We reiterate here that 0 is never a valid object handle.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_OPERATION_ACTIVE: There is already an active operation (or
-combination of active operations) which prevents Cryptoki from activating the
-specified operation.  For example, an active object-searching operation would
-prevent Cryptoki from activating an encryption operation with <b>C_EncryptInit</b>. 
-Or, an active digesting operation and an active encryption operation would
-prevent Cryptoki from activating a signature operation.  Or, on a token which
-doesn’t support simultaneous dual cryptographic operations in a session (see
-the description of the <b>CKF_DUAL_CRYPTO_OPERATIONS</b> flag in the <b>CK_TOKEN_INFO</b>
-structure), an active signature operation would prevent Cryptoki from
-activating an encryption operation.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_OPERATION_NOT_INITIALIZED: There is no active operation of an
-appropriate type in the specified session.  For example, an application cannot
-call <b>C_Encrypt</b> in a session without having called <b>C_EncryptInit</b>
-first to activate an encryption operation.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_PIN_EXPIRED: The specified PIN has expired, and the requested
-operation cannot be carried out unless C_SetPIN is called to change the PIN
-value.  Whether or not the normal user’s PIN on a token ever expires varies from
-token to token.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_PIN_INCORRECT: The specified PIN is incorrect, <i>i.e.</i>,
-does not match the PIN stored on the token.  More generally-- when
-authentication to the token involves something other than a PIN-- the attempt
-to authenticate the user has failed.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_PIN_INVALID: The specified PIN has invalid characters in it. 
-This return code only applies to functions which attempt to set a PIN.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_PIN_LEN_RANGE: The specified PIN is too long or too short. 
-This return code only applies to functions which attempt to set a PIN.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_PIN_LOCKED: The specified PIN is “locked”, and cannot be
-used.  That is, because some particular number of failed authentication
-attempts has been reached, the token is unwilling to permit further attempts at
-authentication.  Depending on the token, the specified PIN may or may not
-remain locked indefinitely.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_PIN_TOO_WEAK: The specified PIN is too weak so that it could
-be easy to guess.  If the PIN is too short, CKR_PIN_LEN_RANGE should be
-returned instead. This return code only applies to functions which attempt to
-set a PIN.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_PUBLIC_KEY_INVALID: The public key fails a public key
-validation.  For example, an EC public key fails the public key validation
-specified in Section 5.2.2 of ANSI X9.62. This error code may be returned by
-C_CreateObject, when the public key is created, or by C_VerifyInit or
-C_VerifyRecoverInit, when the public key is used.  It may also be returned by
-C_DeriveKey, in preference to  CKR_MECHANISM_PARAM_INVALID, if the other
-party's public key specified in the mechanism's parameters is invalid.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_RANDOM_NO_RNG: This value can be returned by <b>C_SeedRandom</b>
-and <b>C_GenerateRandom</b>.  It indicates that the specified token doesn’t
-have a random number generator.  This return value has higher priority than
-CKR_RANDOM_SEED_NOT_SUPPORTED.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_RANDOM_SEED_NOT_SUPPORTED: This value can only be returned by
-<b>C_SeedRandom</b>.  It indicates that the token’s random number generator
-does not accept seeding from an application.  This return value has lower
-priority than CKR_RANDOM_NO_RNG.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_SAVED_STATE_INVALID: This value can only be returned by <b>C_SetOperationState</b>. 
-It indicates that the supplied saved cryptographic operations state is invalid,
-and so it cannot be restored to the specified session.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_SESSION_COUNT: This value can only be returned by <b>C_OpenSession</b>. 
-It indicates that the attempt to open a session failed, either because the
-token has too many sessions already open, or because the token has too many
-read/write sessions already open.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_SESSION_EXISTS: This value can only be returned by <b>C_InitToken</b>. 
-It indicates that a session with the token is already open, and so the token
-cannot be initialized.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_SESSION_PARALLEL_NOT_SUPPORTED: The specified token does not
-support parallel sessions.  This is a legacy error code—in Cryptoki Version
-2.01 and up, <i>no</i> token supports parallel sessions. 
-CKR_SESSION_PARALLEL_NOT_SUPPORTED can only be returned by <b>C_OpenSession</b>,
-and it is only returned when <b>C_OpenSession</b> is called in a particular
-[deprecated] way.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_SESSION_READ_ONLY: The specified session was unable to
-accomplish the desired action because it is a read-only session.  This return
-value has lower priority than CKR_TOKEN_WRITE_PROTECTED.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_SESSION_READ_ONLY_EXISTS: A read-only session already exists,
-and so the SO cannot be logged in.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_SESSION_READ_WRITE_SO_EXISTS: A read/write SO session already
-exists, and so a read-only session cannot be opened.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_SIGNATURE_LEN_RANGE: The provided signature/MAC can be seen
-to be invalid solely on the basis of its length.  This return value has higher
-priority than CKR_SIGNATURE_INVALID.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_SIGNATURE_INVALID: The provided signature/MAC is invalid. 
-This return value has lower priority than CKR_SIGNATURE_LEN_RANGE.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_SLOT_ID_INVALID: The specified slot ID is not valid.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_STATE_UNSAVEABLE: The cryptographic operations state of the
-specified session cannot be saved for some reason (possibly the token is simply
-unable to save the current state).  This return value has lower priority than
-CKR_OPERATION_NOT_INITIALIZED.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_TEMPLATE_INCOMPLETE: The template specified for creating an
-object is incomplete, and lacks some necessary attributes.  See Section 4.1 for more information.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_TEMPLATE_INCONSISTENT: The template specified for creating an
-object has conflicting attributes.  See Section 4.1 for more information.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_TOKEN_NOT_RECOGNIZED: The Cryptoki library and/or slot does
-not recognize the token in the slot.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_TOKEN_WRITE_PROTECTED: The requested action could not be
-performed because the token is write-protected.  This return value has higher
-priority than CKR_SESSION_READ_ONLY.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_UNWRAPPING_KEY_HANDLE_INVALID: This value can only be
-returned by <b>C_UnwrapKey</b>.  It indicates that the key handle specified to
-be used to unwrap another key is not valid.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_UNWRAPPING_KEY_SIZE_RANGE: This value can only be returned by
-<b>C_UnwrapKey</b>.  It indicates that although the requested unwrapping
-operation could in principle be carried out, this Cryptoki library (or the
-token) is unable to actually do it because the supplied key’s size is outside
-the range of key sizes that it can handle.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT: This value can only be
-returned by <b>C_UnwrapKey</b>.  It indicates that the type of the key specified
-to unwrap another key is not consistent with the mechanism specified for
-unwrapping.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_USER_ALREADY_LOGGED_IN: This value can only be returned by <b>C_Login</b>. 
-It indicates that the specified user cannot be logged into the session, because
-it is already logged into the session.  For example, if an application has an
-open SO session, and it attempts to log the SO into it, it will receive this
-error code.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_USER_ANOTHER_ALREADY_LOGGED_IN: This value can only be
-returned by <b>C_Login</b>.  It indicates that the specified user cannot be
-logged into the session, because another user is already logged into the
-session.  For example, if an application has an open SO session, and it
-attempts to log the normal user into it, it will receive this error code.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_USER_NOT_LOGGED_IN: The desired action cannot be performed
-because the appropriate user (or <i>an</i> appropriate user) is not logged in. 
-One example is that a session cannot be logged out unless it is logged in. 
-Another example is that a private object cannot be created on a token unless
-the session attempting to create it is logged in as the normal user.  A final
-example is that cryptographic operations on certain tokens cannot be performed
-unless the normal user is logged in.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_USER_PIN_NOT_INITIALIZED: This value can only be returned by <b>C_Login</b>. 
-It indicates that the normal user’s PIN has not yet been initialized with <b>C_InitPIN</b>.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_USER_TOO_MANY_TYPES: An attempt was made to have more
-distinct users simultaneously logged into the token than the token and/or
-library permits.  For example, if some application has an open SO session, and
-another application attempts to log the normal user into a session, the attempt
-may return this error.  It is not required to, however.  Only if the
-simultaneous distinct users cannot be supported does <b>C_Login</b> have to
-return this value.  Note that this error code generalizes to true multi-user
-tokens.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_USER_TYPE_INVALID: An invalid value was specified as a <b>CK_USER_TYPE</b>. 
-Valid types are <b>CKU_SO</b>, <b>CKU_USER</b>, and <b>CKU_CONTEXT_SPECIFIC</b>.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_WRAPPED_KEY_INVALID: This value can only be returned by <b>C_UnwrapKey</b>. 
-It indicates that the provided wrapped key is not valid.  If a call is made to <b>C_UnwrapKey</b>
-to unwrap a particular type of key (<i>i.e.</i>, some particular key type is
-specified in the template provided to <b>C_UnwrapKey</b>), and the wrapped key
-provided to <b>C_UnwrapKey</b> is recognizably not a wrapped key of the proper
-type, then <b>C_UnwrapKey</b> should return CKR_WRAPPED_KEY_INVALID.  This
-return value has lower priority than CKR_WRAPPED_KEY_LEN_RANGE.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_WRAPPED_KEY_LEN_RANGE: This value can only be returned by <b>C_UnwrapKey</b>. 
-It indicates that the provided wrapped key can be seen to be invalid solely on
-the basis of its length.  This return value has higher priority than
-CKR_WRAPPED_KEY_INVALID.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_WRAPPING_KEY_HANDLE_INVALID: This value can only be returned
-by <b>C_WrapKey</b>.  It indicates that the key handle specified to be used to
-wrap another key is not valid.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_WRAPPING_KEY_SIZE_RANGE: This value can only be returned by <b>C_WrapKey</b>. 
-It indicates that although the requested wrapping operation could in principle
-be carried out, this Cryptoki library (or the token) is unable to actually do
-it because the supplied wrapping key’s size is outside the range of key sizes
-that it can handle.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_WRAPPING_KEY_TYPE_INCONSISTENT: This value can only be
-returned by <b>C_WrapKey</b>.  It indicates that the type of the key specified
-to wrap another key is not consistent with the mechanism specified for
-wrapping.</p>
-
-<h3><a name="_Toc405794710"></a><a name="_Toc385057891">5.1.7  </a><a
-name="_Toc416959736"></a><a name="_Toc395183809"></a><a name="_Toc391468813"></a><a
-name="_Toc370634022"></a><a name="_Toc235002317"></a><a name="_Toc72656099">More
-on relative priorities of Cryptoki errors</a></h3>
-
-<p class=MsoNormal>In general, when a Cryptoki call is made, error codes from
-Section 5.1.1 (other than CKR_OK) take precedence over error codes from Section
-5.1.2, which take precedence over error codes from Section 5.1.3, which take precedence over error codes from Section 5.1.6.  One minor implication of this is
-that functions that use a session handle (<i>i.e.</i>, <i>most</i> functions!)
-never return the error code CKR_TOKEN_NOT_PRESENT (they return
-CKR_SESSION_HANDLE_INVALID instead).  Other than these precedences, if more
-than one error code applies to the result of a Cryptoki call, any of the
-applicable error codes may be returned.  Exceptions to this rule will be
-explicitly mentioned in the descriptions of functions.</p>
-
-<h3><a name="_Ref406906262">5.1.8  </a><a name="_Toc416959737"></a><a
-name="_Toc395183810"></a><a name="_Toc391468814"></a><a name="_Toc370634023"></a><a
-name="_Toc235002318"></a><a name="_Toc72656100">Error code “gotchas”</a></h3>
-
-<p class=MsoNormal>Here is a short list of a few particular things about return
-values that Cryptoki developers might want to be aware of:</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'>1.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>As
-mentioned in Sections 5.1.2 and 5.1.3, a Cryptoki library may not be able to
-make a distinction between a token being removed <i>before</i> a function
-invocation and a token being removed <i>during</i> a function invocation.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'>2.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>As
-mentioned in Section 5.1.2, an application should never count on getting a
-CKR_SESSION_CLOSED error.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'>3.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>The
-difference between CKR_DATA_INVALID and CKR_DATA_LEN_RANGE can be somewhat
-subtle.  Unless an application <i>needs</i> to be able to distinguish between
-these return values, it is best to always treat them equivalently.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'>4.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>Similarly,
-the difference between CKR_ENCRYPTED_DATA_INVALID and
-CKR_ENCRYPTED_DATA_LEN_RANGE, and between CKR_WRAPPED_KEY_INVALID and
-CKR_WRAPPED_KEY_LEN_RANGE, can be subtle, and it may be best to treat these
-return values equivalently.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'>5.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>Even with
-the guidance of Section 4.1, it can be difficult for a Cryptoki library
-developer to know which of CKR_ATTRIBUTE_VALUE_INVALID,
-CKR_TEMPLATE_INCOMPLETE, or CKR_TEMPLATE_INCONSISTENT to return.  When
-possible, it is recommended that application developers be generous in their
-interpretations of these error codes.</p>
-
-<h2><a name="_Ref384632513"></a><a name="_Toc416959738"></a><a
-name="_Toc395183811"></a><a name="_Toc391468815"></a><a name="_Toc370634024"></a><a
-name="_Toc235002319"></a><a name="_Toc72656101"></a><a name="_Toc405794711"></a><a
-name="_Toc385057892"></a><a name="_Ref384959982"></a><a name="_Ref384895442">5.2
-Conventions for functions returning </a>output in a variable-length buffer</h2>
-
-<p class=MsoNormal>A number of the functions defined in Cryptoki return output
-produced by some cryptographic mechanism.  The amount of output returned by
-these functions is returned in a variable-length application-supplied buffer. 
-An example of a function of this sort is <b>C_Encrypt</b>, which takes some
-plaintext as an argument, and outputs a buffer full of ciphertext.</p>
-
-<p class=MsoNormal>These functions have some common calling conventions, which
-we describe here.  Two of the arguments to the function are a pointer to the
-output buffer (say <i>pBuf</i>) and a pointer to a location which will hold the
-length of the output produced (say <i>pulBufLen</i>).  There are two ways for
-an application to call such a function:</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'>1.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>If <i>pBuf</i>
-is NULL_PTR, then all that the function does is return (in *<i>pulBufLen</i>) a
-number of bytes which would suffice to hold the cryptographic output produced
-from the input to the function.  This number may somewhat exceed the precise
-number of bytes needed, but should not exceed it by a large amount.  CKR_OK is
-returned by the function.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'>2.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>If <i>pBuf</i>
-is not NULL_PTR, then *<i>pulBufLen</i> MUST contain the size in bytes of the
-buffer pointed to by <i>pBuf</i>.  If that buffer is large enough to hold the
-cryptographic output produced from the input to the function, then that
-cryptographic output is placed there, and CKR_OK is returned by the function. 
-If the buffer is not large enough, then CKR_BUFFER_TOO_SMALL is returned.  In
-either case, *<i>pulBufLen</i> is set to hold the <i>exact</i> number of bytes
-needed to hold the cryptographic output produced from the input to the
-function.</p>
-
-<p class=MsoNormal>All functions which use the above convention will explicitly
-say so.</p>
-
-<p class=MsoNormal>Cryptographic functions which return output in a
-variable-length buffer should always return as much output as can be computed
-from what has been passed in to them thus far.  As an example, consider a
-session which is performing a multiple-part decryption operation with DES in
-cipher-block chaining mode with PKCS padding.  Suppose that, initially, 8 bytes
-of ciphertext are passed to the <b>C_DecryptUpdate</b> function.  The block
-size of DES is 8 bytes, but the PKCS padding makes it unclear at this stage
-whether the ciphertext was produced from encrypting a 0-byte string, or from
-encrypting some string of length at least 8 bytes.  Hence the call to <b>C_DecryptUpdate</b>
-should return 0 bytes of plaintext.  If a single additional byte of ciphertext
-is supplied by a subsequent call to <b>C_DecryptUpdate</b>, then that call
-should return 8 bytes of plaintext (one full DES block).</p>
-
-<h2><a name="_Toc416959739"></a><a name="_Toc395183812"></a><a
-name="_Toc391468816"></a><a name="_Toc370634025"></a><a name="_Toc235002320"></a><a
-name="_Toc72656102"></a><a name="_Toc405794712"></a><a name="_Toc385057893">5.3
-Disclaimer concerning sample code</a></h2>
-
-<p class=MsoNormal>For the remainder of this section, we enumerate the various
-functions defined in Cryptoki.  Most functions will be shown in use in at least
-one sample code snippet.  For the sake of brevity, sample code will frequently
-be somewhat incomplete.  In particular, sample code will generally ignore
-possible error returns from C library functions, and also will not deal with
-Cryptoki error returns in a realistic fashion.</p>
-
-<h2><a name="_Toc416959740"></a><a name="_Toc395183813"></a><a
-name="_Toc391468817"></a><a name="_Toc370634026"></a><a name="_Toc235002321"></a><a
-name="_Toc72656103"></a><a name="_Toc405794713"></a><a name="_Ref394217726"></a><a
-name="_Ref394217698"></a><a name="_Toc385057894">5.4 General-purpose</a>
-functions</h2>
-
-<p class=MsoNormal>Cryptoki provides the following general-purpose functions:</p>
-
-<ul style='margin-top:0in' type=disc>
- <li class=MsoNormal><a name="_Toc235002322"></a><a name="_Toc72656104"></a><a
-     name="_Toc405794714"></a><a name="_Toc385057895"></a><a
-     name="_Toc383864871"></a><a name="_Toc323610864"></a><a
-     name="_Toc323205434"></a><a name="_Toc323024102"><strong><span
-     style='font-size:12.0pt'>C_Initialize</span></strong></a></li>
-</ul>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_Initialize) {</p>
-
-<p class=BoxedCode>      CK_VOID_PTR pInitArgs</p>
-
-<p class=BoxedCode>);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_Initialize</b> initializes the Cryptoki library.  <i>pInitArgs</i>
-either has the value NULL_PTR or points to a <b>CK_C_INITIALIZE_ARGS</b>
-structure containing information on how the library should deal with multi-threaded
-access.  If an application will not be accessing Cryptoki through multiple
-threads simultaneously, it can generally supply the value NULL_PTR to <b>C_Initialize</b>
-(the consequences of supplying this value will be explained below).</p>
-
-<p class=MsoNormal>If <i>pInitArgs</i> is non-NULL_PTR, <b>C_Initialize</b>
-should cast it to a <b>CK_C_INITIALIZE_ARGS_PTR</b> and then dereference the
-resulting pointer to obtain the <b>CK_C_INITIALIZE_ARGS</b> fields <i>CreateMutex</i>,
-<i>DestroyMutex</i>, <i>LockMutex</i>, <i>UnlockMutex</i>, <i>flags</i>, and <i>pReserved</i>. 
-For this version of Cryptoki, the value of <i>pReserved</i> thereby obtained MUST
-be NULL_PTR; if it’s not, then <b>C_Initialize</b> should return with the value
-CKR_ARGUMENTS_BAD.</p>
-
-<p class=MsoNormal>If the <b>CKF_LIBRARY_CANT_CREATE_OS_THREADS</b> flag in the
-<i>flags</i> field is set, that indicates that application threads which are
-executing calls to the Cryptoki library are not permitted to use the native
-operation system calls to spawn off new threads.  In other words, the library’s
-code may not create its own threads.  If the library is unable to function
-properly under this restriction, <b>C_Initialize</b> should return with the
-value CKR_NEED_TO_CREATE_THREADS.</p>
-
-<p class=MsoNormal>A call to <b>C_Initialize</b> specifies one of four
-different ways to support multi-threaded access via the value of the <b>CKF_OS_LOCKING_OK</b>
-flag in the <i>flags</i> field and the values of the <i>CreateMutex</i>, <i>DestroyMutex</i>,
-<i>LockMutex</i>, and <i>UnlockMutex</i> function pointer fields:</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'>1.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>If the
-flag <i>isn’t</i> set, and the function pointer fields <i>aren’t</i> supplied (<i>i.e.</i>,
-they all have the value NULL_PTR), that means that the application <i>won’t</i>
-be accessing the Cryptoki library from multiple threads simultaneously.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'>2.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>If the
-flag <i>is</i> set, and the function pointer fields <i>aren’t</i> supplied (<i>i.e.</i>,
-they all have the value NULL_PTR), that means that the application <i>will</i>
-be performing multi-threaded Cryptoki access, and the library needs to use the
-native operating system primitives to ensure safe multi-threaded access.  If
-the library is unable to do this, <b>C_Initialize</b> should return with the
-value CKR_CANT_LOCK.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'>3.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>If the
-flag <i>isn’t</i> set, and the function pointer fields <i>are</i> supplied (<i>i.e.</i>,
-they all have non-NULL_PTR values), that means that the application <i>will</i>
-be performing multi-threaded Cryptoki access, and the library needs to use the
-supplied function pointers for mutex-handling to ensure safe multi-threaded
-access.  If the library is unable to do this, <b>C_Initialize</b> should return
-with the value CKR_CANT_LOCK.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'>4.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>If the
-flag <i>is</i> set, and the function pointer fields <i>are</i> supplied (<i>i.e.</i>,
-they all have non-NULL_PTR values), that means that the application <i>will</i>
-be performing multi-threaded Cryptoki access, and the library needs to use
-either the native operating system primitives or the supplied function pointers
-for mutex-handling to ensure safe multi-threaded access.  If the library is
-unable to do this, <b>C_Initialize</b> should return with the value
-CKR_CANT_LOCK.</p>
-
-<p class=MsoNormal>If some, but not all, of the supplied function pointers to <b>C_Initialize</b>
-are non-NULL_PTR, then <b>C_Initialize</b> should return with the value
-CKR_ARGUMENTS_BAD.</p>
-
-<p class=MsoNormal>A call to <b>C_Initialize</b> with <i>pInitArgs</i> set to
-NULL_PTR is treated like a call to <b>C_Initialize</b> with <i>pInitArgs</i>
-pointing to a <b>CK_C_INITIALIZE_ARGS</b> which has the <i>CreateMutex</i>, <i>DestroyMutex</i>,
-<i>LockMutex</i>, <i>UnlockMutex</i>, and <i>pReserved</i> fields set to
-NULL_PTR, and has the <i>flags</i> field set to 0.</p>
-
-<p class=MsoNormal><b>C_Initialize</b> should be the first Cryptoki call made by
-an application, except for calls to <b>C_GetFunctionList</b>.  What this
-function actually does is implementation-dependent; typically, it might cause
-Cryptoki to initialize its internal memory buffers, or any other resources it
-requires.</p>
-
-<p class=MsoNormal>If several applications are using Cryptoki, each one should
-call <b>C_Initialize</b>.  Every call to <b>C_Initialize</b> should
-(eventually) be succeeded by a single call to <b>C_Finalize</b>.  See <b><span
-style='color:#3B006F'>[PKCS11-UG]</span></b> for further details.</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD, CKR_CANT_LOCK,
-CKR_CRYPTOKI_ALREADY_INITIALIZED, CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR,
-CKR_HOST_MEMORY, CKR_NEED_TO_CREATE_THREADS, CKR_OK.</p>
-
-<p class=MsoNormal>Example: see <b>C_GetInfo</b>.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc383864872"></a><a name="_Toc323610865"></a><a name="_Toc323205435"></a><a
-name="_Toc323024103"></a><a name="_Toc235002323"></a><a name="_Toc72656105"></a><a
-name="_Toc405794715"></a><a name="_Toc385057896"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_Finalize</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_Finalize)(</p>
-
-<p class=BoxedCode>      CK_VOID_PTR pReserved</p>
-
-<p class=BoxedCode><span style='font-family:"Arial","sans-serif"'>);</span></p>
-
-</div>
-
-<p class=MsoNormal><b>C_Finalize</b> is called to indicate that an application
-is finished with the Cryptoki library.  It should be the last Cryptoki call
-made by an application.  The <i>pReserved</i> parameter is reserved for future
-versions; for this version, it should be set to NULL_PTR (if <b>C_Finalize</b>
-is called with a non-NULL_PTR value for <i>pReserved</i>, it should return the
-value CKR_ARGUMENTS_BAD.</p>
-
-<p class=MsoNormal>If several applications are using Cryptoki, each one should
-call <b>C_Finalize</b>.  Each application’s call to <b>C_Finalize</b> should be
-preceded by a single call to <b>C_Initialize</b>; in between the two calls, an
-application can make calls to other Cryptoki functions.  See <b><span
-style='color:#3B006F'>[PKCS11-UG] </span></b>for further details.</p>
-
-<p class=MsoNormal><i>Despite the fact that the parameters supplied to <b>C_Initialize</b>
-can in general allow for safe multi-threaded access to a Cryptoki library, the
-behavior of <b>C_Finalize</b> is nevertheless undefined if it is called by an
-application while other threads of the application are making Cryptoki calls. 
-The exception to this exceptional behavior of <b>C_Finalize</b> occurs when a
-thread calls <b>C_Finalize</b> while another of the application’s threads is
-blocking on Cryptoki’s <b>C_WaitForSlotEvent</b> function.  When this happens,
-the blocked thread becomes unblocked and returns the value
-CKR_CRYPTOKI_NOT_INITIALIZED.  See <b>C_WaitForSlotEvent</b> for more
-information.</i></p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR,
-CKR_HOST_MEMORY, CKR_OK.</p>
-
-<p class=MsoNormal>Example: see <b>C_GetInfo</b>.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002324"></a><a name="_Toc72656106"></a><a name="_Toc405794716"></a><a
-name="_Toc385057897"><span style='font-family:Symbol;font-weight:normal'>¨<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><span
-style='font-family:"Arial","sans-serif"'>C_GetInfo</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_GetInfo)(</p>
-
-<p class=BoxedCode>      CK_INFO_PTR pInfo</p>
-
-<p class=BoxedCode>);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_GetInfo</b> returns general information about
-Cryptoki.  <i>pInfo</i> points to the location that receives the information.</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR,
-CKR_HOST_MEMORY, CKR_OK.</p>
-
-<p class=MsoNormal>Example:</p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_INFO info;</p>
-
-<p class=BoxedCode>CK_RV rv;</p>
-
-<p class=BoxedCode>CK_C_INITIALIZE_ARGS InitArgs;</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>InitArgs.CreateMutex = &amp;MyCreateMutex;</p>
-
-<p class=BoxedCode>InitArgs.DestroyMutex = &amp;MyDestroyMutex;</p>
-
-<p class=BoxedCode>InitArgs.LockMutex = &amp;MyLockMutex;</p>
-
-<p class=BoxedCode>InitArgs.UnlockMutex = &amp;MyUnlockMutex;</p>
-
-<p class=BoxedCode>InitArgs.flags = CKF_OS_LOCKING_OK;</p>
-
-<p class=BoxedCode>InitArgs.pReserved = NULL_PTR;</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>rv = C_Initialize((CK_VOID_PTR)&amp;InitArgs);</p>
-
-<p class=BoxedCode>assert(rv == CKR_OK);</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>rv = C_GetInfo(&amp;info);</p>
-
-<p class=BoxedCode>assert(rv == CKR_OK);</p>
-
-<p class=BoxedCode>if(info.version.major == 2) {</p>
-
-<p class=BoxedCode>  /* Do lots of interesting cryptographic things with the
-token */</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>}</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>rv = C_Finalize(NULL_PTR);</p>
-
-<p class=BoxedCode>assert(rv == CKR_OK);</p>
-
-</div>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc383864873"></a><a name="_Toc323610866"></a><a name="_Toc323205436"></a><a
-name="_Toc323024104"></a><a name="_Toc323000708"></a><a name="_Toc322945141"></a><a
-name="_Toc322855299"></a><a name="_Toc319315698"></a><a name="_Toc319313705"></a><a
-name="_Toc319313512"></a><a name="_Toc319287671"></a><a name="_Toc235002325"></a><a
-name="_Toc72656107"></a><a name="_Toc405794717"></a><a name="_Toc385057898"><span
-style='font-family:Symbol;font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_GetFunctionList</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_GetFunctionList)(</p>
-
-<p class=BoxedCode>      CK_FUNCTION_LIST_PTR_PTR ppFunctionList</p>
-
-<p class=BoxedCode>);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_GetFunctionList</b> obtains a pointer to the Cryptoki
-library’s list of function pointers.  <i>ppFunctionList</i> points to a value
-which will receive a pointer to the library’s <b>CK_FUNCTION_LIST</b>
-structure, which in turn contains function pointers for all the Cryptoki API
-routines in the library.  <i>The pointer thus obtained may point into memory
-which is owned by the Cryptoki library, and which may or may not be writable</i>. 
-Whether or not this is the case, no attempt should be made to write to this
-memory.</p>
-
-<p class=MsoNormal><b>C_GetFunctionList</b> is the only Cryptoki function which
-an application may call before calling <b>C_Initialize</b>.  It is provided to
-make it easier and faster for applications to use shared Cryptoki libraries and
-to use more than one Cryptoki library simultaneously.</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD, CKR_FUNCTION_FAILED,
-CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK.</p>
-
-<p class=MsoNormal>Example:</p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_FUNCTION_LIST_PTR pFunctionList;</p>
-
-<p class=BoxedCode>CK_C_Initialize pC_Initialize;</p>
-
-<p class=BoxedCode>CK_RV rv;</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>/* It’s OK to call C_GetFunctionList before calling
-C_Initialize */</p>
-
-<p class=BoxedCode>rv = C_GetFunctionList(&amp;pFunctionList);</p>
-
-<p class=BoxedCode>assert(rv == CKR_OK);</p>
-
-<p class=BoxedCode>pC_Initialize = pFunctionList -&gt; C_Initialize;</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>/* Call the C_Initialize function in the library */</p>
-
-<p class=BoxedCode>rv = (*pC_Initialize)(NULL_PTR);</p>
-
-</div>
-
-<h2><a name="_Toc416959741"></a><a name="_Toc395183814"></a><a
-name="_Toc391468818"></a><a name="_Toc370634027"></a><a name="_Toc235002326"></a><a
-name="_Toc72656108"></a><a name="_Toc405794718"></a><a name="_Toc385057899">5.5
-Slot and token management</a> functions</h2>
-
-<p class=MsoNormal>Cryptoki provides the following functions for slot and token
-management:</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002327"></a><a name="_Toc72656109"></a><a name="_Toc405794719"></a><a
-name="_Toc385057900"></a><a name="_Toc383864874"></a><a name="_Toc323610867"></a><a
-name="_Toc323205437"></a><a name="_Toc323024105"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_GetSlotList</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_GetSlotList)(</p>
-
-<p class=BoxedCode>      CK_BBOOL tokenPresent,</p>
-
-<p class=BoxedCode>      CK_SLOT_ID_PTR pSlotList,</p>
-
-<p class=BoxedCode>      CK_ULONG_PTR pulCount</p>
-
-<p class=BoxedCode>);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_GetSlotList</b> is used to obtain a list of slots in
-the system. <i>tokenPresent</i> indicates whether the list obtained includes
-only those slots with a token present (CK_TRUE), or all slots (CK_FALSE); <i>pulCount</i>
-points to the location that receives the number of slots.</p>
-
-<p class=MsoNormal>There are two ways for an application to call <b>C_GetSlotList</b>:</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'>1.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>If <i>pSlotList</i>
-is NULL_PTR, then all that <b>C_GetSlotList</b> does is return (in *<i>pulCount</i>)
-the number of slots, without actually returning a list of slots.  The contents
-of the buffer pointed to by <i>pulCount</i> on entry to <b>C_GetSlotList</b>
-has no meaning in this case, and the call returns the value CKR_OK.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'>2.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>If <i>pSlotList</i>
-is not NULL_PTR, then *<i>pulCount</i> MUST contain the size (in terms of <b>CK_SLOT_ID</b>
-elements) of the buffer pointed to by <i>pSlotList</i>.  If that buffer is
-large enough to hold the list of slots, then the list is returned in it, and
-CKR_OK is returned.  If not, then the call to <b>C_GetSlotList</b> returns the
-value CKR_BUFFER_TOO_SMALL.  In either case, the value *<i>pulCount</i> is set
-to hold the number of slots.</p>
-
-<p class=MsoNormal>Because <b>C_GetSlotList</b> does not allocate any space of
-its own, an application will often call <b>C_GetSlotList</b> twice (or
-sometimes even more times—if an application is trying to get a list of all
-slots with a token present, then the number of such slots can (unfortunately)
-change between when the application asks for how many such slots there are and
-when the application asks for the slots themselves).  However, multiple calls
-to <b>C_GetSlotList</b> are by no means <i>required</i>.</p>
-
-<p class=MsoNormal><span style='color:black'>All slots which <b>C_GetSlotList</b>
-reports MUST be able to be queried as valid slots by <b>C_GetSlotInfo</b>. 
-Furthermore, the set of slots accessible through a Cryptoki library is checked
-at the time that <b>C_GetSlotList,</b> for list length prediction (NULL
-pSlotList argument) is called. If an application calls <b>C_GetSlotList</b>
-with a non-NULL pSlotList, and <i>then</i> the user adds or removes a hardware
-device, the changed slot list will only be visible and effective if <b>C_GetSlotList</b>
-is called again with NULL. Even if <b>C_ GetSlotList</b> is successfully called
-this way, it may or may not be the case that the changed slot list will be
-successfully recognized depending on the library implementation.  On some
-platforms, or earlier PKCS11 compliant libraries, it may be necessary to
-successfully call <b>C_Initialize</b> or to restart the entire system.</span></p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD, CKR_BUFFER_TOO_SMALL,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR,
-CKR_HOST_MEMORY, CKR_OK.</p>
-
-<p class=MsoNormal>Example:</p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_ULONG ulSlotCount, ulSlotWithTokenCount;</p>
-
-<p class=BoxedCode>CK_SLOT_ID_PTR pSlotList, pSlotWithTokenList;</p>
-
-<p class=BoxedCode>CK_RV rv;</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>/* Get list of all slots */</p>
-
-<p class=BoxedCode>rv = C_GetSlotList(CK_FALSE, NULL_PTR, &amp;ulSlotCount);</p>
-
-<p class=BoxedCode>if (rv == CKR_OK) {</p>
-
-<p class=BoxedCode>  pSlotList =</p>
-
-<p class=BoxedCode>    (CK_SLOT_ID_PTR) malloc(ulSlotCount*sizeof(CK_SLOT_ID));</p>
-
-<p class=BoxedCode>  rv = C_GetSlotList(CK_FALSE, pSlotList, &amp;ulSlotCount);</p>
-
-<p class=BoxedCode>  if (rv == CKR_OK) {</p>
-
-<p class=BoxedCode>    /* Now use that list of all slots */</p>
-
-<p class=BoxedCode>    .</p>
-
-<p class=BoxedCode>    .</p>
-
-<p class=BoxedCode>  }</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>  free(pSlotList);</p>
-
-<p class=BoxedCode>}</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>/* Get list of all slots with a token present */</p>
-
-<p class=BoxedCode>pSlotWithTokenList = (CK_SLOT_ID_PTR) malloc(0);</p>
-
-<p class=BoxedCode>ulSlotWithTokenCount = 0;</p>
-
-<p class=BoxedCode>while (1) {</p>
-
-<p class=BoxedCode>  rv = C_GetSlotList(</p>
-
-<p class=BoxedCode>    CK_TRUE, pSlotWithTokenList, ulSlotWithTokenCount);</p>
-
-<p class=BoxedCode>  if (rv != CKR_BUFFER_TOO_SMALL)</p>
-
-<p class=BoxedCode>    break;</p>
-
-<p class=BoxedCode>  pSlotWithTokenList = realloc(</p>
-
-<p class=BoxedCode>    pSlotWithTokenList,</p>
-
-<p class=BoxedCode>    ulSlotWithTokenList*sizeof(CK_SLOT_ID));</p>
-
-<p class=BoxedCode>}</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>if (rv == CKR_OK) {</p>
-
-<p class=BoxedCode>  /* Now use that list of all slots with a token present */</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>}</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>free(pSlotWithTokenList);</p>
-
-</div>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002328"></a><a name="_Toc72656110"></a><a name="_Toc405794720"></a><a
-name="_Toc385057901"></a><a name="_Toc383864875"></a><a name="_Toc323610868"></a><a
-name="_Toc323205438"></a><a name="_Toc323024106"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_GetSlotInfo</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_GetSlotInfo)(</p>
-
-<p class=BoxedCode>      CK_SLOT_ID slotID,</p>
-
-<p class=BoxedCode>      CK_SLOT_INFO_PTR pInfo</p>
-
-<p class=BoxedCode>);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_GetSlotInfo</b> obtains information about a particular
-slot in the system. <i>slotID</i> is the ID of the slot; <i>pInfo</i> points to
-the location that receives the slot information.</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DEVICE_ERROR, CKR_FUNCTION_FAILED,
-CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK, CKR_SLOT_ID_INVALID.</p>
-
-<p class=MsoNormal>Example: see <b>C_GetTokenInfo.</b></p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002329"></a><a name="_Toc72656111"></a><a name="_Toc405794721"></a><a
-name="_Toc385057902"></a><a name="_Toc383864876"></a><a name="_Toc323610869"></a><a
-name="_Toc323205439"></a><a name="_Toc323024107"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_GetTokenInfo</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_GetTokenInfo)(</p>
-
-<p class=BoxedCode>      CK_SLOT_ID slotID,</p>
-
-<p class=BoxedCode>      CK_TOKEN_INFO_PTR pInfo</p>
-
-<p class=BoxedCode>);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_GetTokenInfo</b> obtains information about a particular
-token in the system.  <i>slotID</i> is the ID of the token’s slot; <i>pInfo</i>
-points to the location that receives the token information.</p>
-
-<p class=MsoNormal>Return values: CKR_CRYPTOKI_NOT_INITIALIZED,
-CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_FAILED,
-CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK, CKR_SLOT_ID_INVALID,
-CKR_TOKEN_NOT_PRESENT, CKR_TOKEN_NOT_RECOGNIZED, CKR_ARGUMENTS_BAD.</p>
-
-<p class=MsoNormal><span style='font-size:12.0pt'>Example:</span></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_ULONG ulCount;</p>
-
-<p class=BoxedCode>CK_SLOT_ID_PTR pSlotList;</p>
-
-<p class=BoxedCode>CK_SLOT_INFO slotInfo;</p>
-
-<p class=BoxedCode>CK_TOKEN_INFO tokenInfo;</p>
-
-<p class=BoxedCode>CK_RV rv;</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>rv = C_GetSlotList(CK_FALSE, NULL_PTR, &amp;ulCount);</p>
-
-<p class=BoxedCode>if ((rv == CKR_OK) &amp;&amp; (ulCount &gt; 0)) {</p>
-
-<p class=BoxedCode>  pSlotList = (CK_SLOT_ID_PTR)
-malloc(ulCount*sizeof(CK_SLOT_ID));</p>
-
-<p class=BoxedCode>  rv = C_GetSlotList(CK_FALSE, pSlotList, &amp;ulCount);</p>
-
-<p class=BoxedCode>  assert(rv == CKR_OK);</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>  /* Get slot information for first slot */</p>
-
-<p class=BoxedCode>  rv = C_GetSlotInfo(pSlotList[0], &amp;slotInfo);</p>
-
-<p class=BoxedCode>  assert(rv == CKR_OK);</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>  /* Get token information for first slot */</p>
-
-<p class=BoxedCode>  rv = C_GetTokenInfo(pSlotList[0], &amp;tokenInfo);</p>
-
-<p class=BoxedCode>  if (rv == CKR_TOKEN_NOT_PRESENT) {</p>
-
-<p class=BoxedCode>    .</p>
-
-<p class=BoxedCode>    .</p>
-
-<p class=BoxedCode>  }</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  free(pSlotList);</p>
-
-<p class=BoxedCode>}</p>
-
-</div>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc385057903"></a><a name="_Toc383864877"></a><a name="_Toc323610870"></a><a
-name="_Toc323205440"></a><a name="_Toc323024108"></a><a name="_Toc235002330"></a><a
-name="_Toc72656112"></a><a name="_Toc405794722"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_WaitForSlotEvent</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_WaitForSlotEvent)(</p>
-
-<p class=BoxedCode>      CK_FLAGS flags,</p>
-
-<p class=BoxedCode>      CK_SLOT_ID_PTR pSlot,</p>
-
-<p class=BoxedCode>      CK_VOID_PTR pReserved</p>
-
-<p class=BoxedCode>);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_WaitForSlotEvent</b> waits for a slot event, such as
-token insertion or token removal, to occur.  <i>flags</i> determines whether or
-not the <b>C_WaitForSlotEvent</b> call blocks (<i>i.e.</i>, waits for a slot
-event to occur); <i>pSlot</i> points to a location which will receive the ID of
-the slot that the event occurred in.  <i>pReserved</i> is reserved for future
-versions; for this version of Cryptoki, it should be NULL_PTR.</p>
-
-<p class=MsoNormal>At present, the only flag defined for use in the <i>flags</i>
-argument is <b>CKF_DONT_BLOCK</b>:</p>
-
-<p class=MsoNormal>Internally, each Cryptoki application has a flag for each
-slot which is used to track whether or not any unrecognized events involving
-that slot have occurred.  When an application initially calls <b>C_Initialize</b>,
-every slot’s event flag is cleared.  Whenever a slot event occurs, the flag
-corresponding to the slot in which the event occurred is set.</p>
-
-<p class=MsoNormal>If <b>C_WaitForSlotEvent</b> is called with the <b>CKF_DONT_BLOCK</b>
-flag set in the <i>flags</i> argument, and some slot’s event flag is set, then
-that event flag is cleared, and the call returns with the ID of that slot in
-the location pointed to by <i>pSlot</i>.  If more than one slot’s event flag is
-set at the time of the call, one such slot is chosen by the library to have its
-event flag cleared and to have its slot ID returned.</p>
-
-<p class=MsoNormal>If <b>C_WaitForSlotEvent</b> is called with the <b>CKF_DONT_BLOCK</b>
-flag set in the <i>flags</i> argument, and no slot’s event flag is set, then
-the call returns with the value CKR_NO_EVENT.  In this case, the contents of
-the location pointed to by <i>pSlot</i> when <b>C_WaitForSlotEvent</b> are
-undefined.</p>
-
-<p class=MsoNormal>If <b>C_WaitForSlotEvent</b> is called with the <b>CKF_DONT_BLOCK</b>
-flag clear in the <i>flags</i> argument, then the call behaves as above, except
-that it will block.  That is, if no slot’s event flag is set at the time of the
-call, <b>C_WaitForSlotEvent</b> will wait until some slot’s event flag becomes
-set.  If a thread of an application has a <b>C_WaitForSlotEvent</b> call
-blocking when another thread of that application calls <b>C_Finalize</b>, the <b>C_WaitForSlotEvent</b>
-call returns with the value CKR_CRYPTOKI_NOT_INITIALIZED.</p>
-
-<p class=MsoNormal><i>Although the parameters supplied to <b>C_Initialize</b>
-can in general allow for safe multi-threaded access to a Cryptoki library, <b>C_WaitForSlotEvent</b>
-is exceptional in that the behavior of Cryptoki is undefined if multiple
-threads of a single application make simultaneous calls to <b>C_WaitForSlotEvent</b>.</i></p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR,
-CKR_HOST_MEMORY, CKR_NO_EVENT, CKR_OK.</p>
-
-<p class=MsoNormal>Example:</p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_FLAGS flags = 0;</p>
-
-<p class=BoxedCode>CK_SLOT_ID slotID;</p>
-
-<p class=BoxedCode>CK_SLOT_INFO slotInfo;</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>/* Block and wait for a slot event */</p>
-
-<p class=BoxedCode>rv = C_WaitForSlotEvent(flags, &amp;slotID, NULL_PTR);</p>
-
-<p class=BoxedCode>assert(rv == CKR_OK);</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>/* See what’s up with that slot */</p>
-
-<p class=BoxedCode>rv = C_GetSlotInfo(slotID, &amp;slotInfo);</p>
-
-<p class=BoxedCode>assert(rv == CKR_OK);</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-</div>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002331"></a><a name="_Toc72656113"></a><a name="_Toc405794723"><span
-style='font-family:Symbol;font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_GetMechanismList</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_GetMechanismList)(</p>
-
-<p class=BoxedCode>      CK_SLOT_ID slotID,</p>
-
-<p class=BoxedCode>      CK_MECHANISM_TYPE_PTR pMechanismList,</p>
-
-<p class=BoxedCode>      CK_ULONG_PTR pulCount</p>
-
-<p class=BoxedCode>);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_GetMechanismList</b> is used to obtain a list of
-mechanism types supported by a token.  <i>SlotID</i> is the ID of the token’s
-slot; <i>pulCount</i> points to the location that receives the number of
-mechanisms.</p>
-
-<p class=MsoNormal>There are two ways for an application to call <b>C_GetMechanismList</b>:</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'>1.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>If <i>pMechanismList</i>
-is NULL_PTR, then all that <b>C_GetMechanismList</b> does is return (in *<i>pulCount</i>)
-the number of mechanisms, without actually returning a list of mechanisms.  The
-contents of *<i>pulCount</i> on entry to <b>C_GetMechanismList</b> has no
-meaning in this case, and the call returns the value CKR_OK.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'>2.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>If <i>pMechanismList</i>
-is not NULL_PTR, then *<i>pulCount</i> MUST contain the size (in terms of <b>CK_MECHANISM_TYPE</b>
-elements) of the buffer pointed to by <i>pMechanismList</i>.  If that buffer is
-large enough to hold the list of mechanisms, then the list is returned in it,
-and CKR_OK is returned.  If not, then the call to <b>C_GetMechanismList</b>
-returns the value CKR_BUFFER_TOO_SMALL.  In either case, the value *<i>pulCount</i>
-is set to hold the number of mechanisms.</p>
-
-<p class=MsoNormal>Because <b>C_GetMechanismList</b> does not allocate any
-space of its own, an application will often call <b>C_GetMechanismList</b>
-twice.  However, this behavior is by no means required.</p>
-
-<p class=MsoNormal>Return values: CKR_BUFFER_TOO_SMALL,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY,
-CKR_DEVICE_REMOVED, CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY,
-CKR_OK, CKR_SLOT_ID_INVALID, CKR_TOKEN_NOT_PRESENT, CKR_TOKEN_NOT_RECOGNIZED,
-CKR_ARGUMENTS_BAD.</p>
-
-<p class=MsoNormal>Example:</p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_SLOT_ID slotID;</p>
-
-<p class=BoxedCode>CK_ULONG ulCount;</p>
-
-<p class=BoxedCode>CK_MECHANISM_TYPE_PTR pMechanismList;</p>
-
-<p class=BoxedCode>CK_RV rv;</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>rv = C_GetMechanismList(slotID, NULL_PTR, &amp;ulCount);</p>
-
-<p class=BoxedCode>if ((rv == CKR_OK) &amp;&amp; (ulCount &gt; 0)) {</p>
-
-<p class=BoxedCode>  pMechanismList =</p>
-
-<p class=BoxedCode>    (CK_MECHANISM_TYPE_PTR)</p>
-
-<p class=BoxedCode>    malloc(ulCount*sizeof(CK_MECHANISM_TYPE));</p>
-
-<p class=BoxedCode>  rv = C_GetMechanismList(slotID, pMechanismList,
-&amp;ulCount);</p>
-
-<p class=BoxedCode>  if (rv == CKR_OK) {</p>
-
-<p class=BoxedCode>    .</p>
-
-<p class=BoxedCode>    .</p>
-
-<p class=BoxedCode>  }</p>
-
-<p class=BoxedCode>  free(pMechanismList);</p>
-
-</div>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002332"></a><a name="_Toc72656114"></a><a name="_Toc405794724"></a><a
-name="_Toc385057904"></a><a name="_Toc383864878"></a><a name="_Toc323610871"></a><a
-name="_Toc323205441"></a><a name="_Toc323024109"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_GetMechanismInfo</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_GetMechanismInfo)(</p>
-
-<p class=BoxedCode>      CK_SLOT_ID slotID,</p>
-
-<p class=BoxedCode>      CK_MECHANISM_TYPE type,</p>
-
-<p class=BoxedCode>      CK_MECHANISM_INFO_PTR pInfo</p>
-
-<p class=BoxedCode>);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_GetMechanismInfo</b> obtains information about a
-particular mechanism possibly supported by a token. <i>slotID</i> is the ID of
-the token’s slot; <i>type</i> is the type of mechanism; <i>pInfo</i> points to
-the location that receives the mechanism information.</p>
-
-<p class=MsoNormal>Return values: CKR_CRYPTOKI_NOT_INITIALIZED,
-CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_FAILED,
-CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_MECHANISM_INVALID, CKR_OK,
-CKR_SLOT_ID_INVALID, CKR_TOKEN_NOT_PRESENT, CKR_TOKEN_NOT_RECOGNIZED,
-CKR_ARGUMENTS_BAD.</p>
-
-<p class=MsoNormal><span style='font-size:12.0pt'>Example:</span></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_SLOT_ID slotID;</p>
-
-<p class=BoxedCode>CK_MECHANISM_INFO info;</p>
-
-<p class=BoxedCode>CK_RV rv;</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>/* Get information about the CKM_MD2 mechanism for this
-token */</p>
-
-<p class=BoxedCode>rv = C_GetMechanismInfo(slotID, CKM_MD2, &amp;info);</p>
-
-<p class=BoxedCode>if (rv == CKR_OK) {</p>
-
-<p class=BoxedCode>  if (info.flags &amp; CKF_DIGEST) {</p>
-
-<p class=BoxedCode>    .</p>
-
-<p class=BoxedCode>    .</p>
-
-<p class=BoxedCode>  }</p>
-
-<p class=BoxedCode>}</p>
-
-</div>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002333"></a><a name="_Toc72656115"></a><a name="_Toc405794725"></a><a
-name="_Toc385057905"></a><a name="_Toc383864879"></a><a name="_Toc323610872"></a><a
-name="_Toc323205442"></a><a name="_Toc323024110"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_InitToken</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_InitToken)(</p>
-
-<p class=BoxedCode>      CK_SLOT_ID slotID,</p>
-
-<p class=BoxedCode>      CK_UTF8CHAR_PTR pPin,</p>
-
-<p class=BoxedCode>      CK_ULONG ulPinLen,</p>
-
-<p class=BoxedCode>      CK_UTF8CHAR_PTR pLabel</p>
-
-<p class=BoxedCode>);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_InitToken</b> initializes a token. <i>slotID</i> is the
-ID of the token’s slot; <i>pPin</i> points to the SO’s initial PIN (which need <i>not</i>
-be null-terminated); <i>ulPinLen</i> is the length in bytes of the PIN; <i>pLabel</i>
-points to the 32-byte label of the token (which MUST be padded with blank
-characters, and which MUST <i>not</i> be null-terminated). This standard allows
-PIN values to contain any valid UTF8 character, but the token may impose subset
-restrictions.</p>
-
-<p class=MsoNormal>If the token has not been initialized (i.e. new from the
-factory), then the <i>pPin </i>parameter becomes the initial value of the SO
-PIN. If the token is being reinitialized, the <i>pPin</i> parameter is checked
-against the existing SO PIN to authorize the initialization operation. In both
-cases, the SO PIN is the value <i>pPin</i> after the function completes
-successfully. If the SO PIN is lost, then the card MUST be reinitialized using
-a mechanism outside the scope of this standard. The <b>CKF_TOKEN_INITIALIZED </b>flag
-in the <b>CK_TOKEN_INFO</b> structure indicates the action that will result
-from calling <b>C_InitToken</b>. If set, the token will be reinitialized, and
-the client MUST supply the existing SO password in <i>pPin</i>.</p>
-
-<p class=MsoNormal>When a token is initialized, all objects that can be
-destroyed are destroyed (<i>i.e.</i>, all except for “indestructible” objects
-such as keys built into the token).  Also, access by the normal user is
-disabled until the SO sets the normal user’s PIN.  Depending on the token, some
-“default” objects may be created, and attributes of some objects may be set to
-default values.</p>
-
-<p class=MsoNormal>If the token has a “protected authentication path”, as
-indicated by the <b>CKF_PROTECTED_AUTHENTICATION_PATH</b> flag in its <b>CK_TOKEN_INFO</b>
-being set, then that means that there is some way for a user to be
-authenticated to the token without having the application send a PIN through
-the Cryptoki library.  One such possibility is that the user enters a PIN on a
-PINpad on the token itself, or on the slot device.  To initialize a token with
-such a protected authentication path, the <i>pPin</i> parameter to <b>C_InitToken</b>
-should be NULL_PTR.  During the execution of <b>C_InitToken</b>, the SO’s PIN
-will be entered through the protected authentication path.</p>
-
-<p class=MsoNormal>If the token has a protected authentication path other than
-a PINpad, then it is token-dependent whether or not <b>C_InitToken</b> can be
-used to initialize the token.</p>
-
-<p class=MsoNormal>A token cannot be initialized if Cryptoki detects that <i>any</i>
-application has an open session with it; when a call to <b>C_InitToken</b> is
-made under such circumstances, the call fails with error CKR_SESSION_EXISTS. 
-Unfortunately, it may happen when <b>C_InitToken</b> is called that some other
-application <i>does</i> have an open session with the token, but Cryptoki
-cannot detect this, because it cannot detect anything about other applications
-using the token.  If this is the case, then the consequences of the <b>C_InitToken</b>
-call are undefined.</p>
-
-<p class=MsoNormal>The <b>C_InitToken</b> function may not be sufficient to
-properly initialize complex tokens. In these situations, an initialization
-mechanism outside the scope of Cryptoki MUST be employed. The definition of
-“complex token” is product specific.</p>
-
-<p class=MsoNormal>Return values: CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DEVICE_ERROR,
-CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED,
-CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK,
-CKR_PIN_INCORRECT, CKR_PIN_LOCKED, CKR_SESSION_EXISTS, CKR_SLOT_ID_INVALID,
-CKR_TOKEN_NOT_PRESENT, CKR_TOKEN_NOT_RECOGNIZED, CKR_TOKEN_WRITE_PROTECTED,
-CKR_ARGUMENTS_BAD.</p>
-
-<p class=MsoNormal>Example:</p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_SLOT_ID slotID;</p>
-
-<p class=BoxedCode>CK_UTF8CHAR_PTR pin = “MyPIN”;</p>
-
-<p class=BoxedCode>CK_UTF8CHAR label[32];</p>
-
-<p class=BoxedCode>CK_RV rv;</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>memset(label, ‘ ’, sizeof(label));</p>
-
-<p class=BoxedCode>memcpy(label, “My first token”, strlen(“My first token”));</p>
-
-<p class=BoxedCode>rv = C_InitToken(slotID, pin, strlen(pin), label);</p>
-
-<p class=BoxedCode>if (rv == CKR_OK) {</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>}</p>
-
-</div>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002334"></a><a name="_Toc72656116"></a><a name="_Toc405794726"></a><a
-name="_Toc385057906"></a><a name="_Toc383864880"></a><a name="_Toc323610873"></a><a
-name="_Toc323205443"></a><a name="_Toc323024111"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_InitPIN</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_InitPIN)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_UTF8CHAR_PTR pPin,<br>
-  CK_ULONG ulPinLen<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_InitPIN</b> initializes the normal user’s PIN.  <i>hSession</i>
-is the session’s handle; <i>pPin</i> points to the normal user’s PIN;<i>
-ulPinLen</i> is the length in bytes of the PIN. This standard allows PIN values
-to contain any valid UTF8 character, but the token may impose subset
-restrictions.</p>
-
-<p class=MsoNormal><b>C_InitPIN</b> can only be called in the “R/W SO
-Functions” state.  An attempt to call it from a session in any other state
-fails with error CKR_USER_NOT_LOGGED_IN.</p>
-
-<p class=MsoNormal>If the token has a “protected authentication path”, as
-indicated by the CKF_PROTECTED_AUTHENTICATION_PATH flag in its <b>CK_TOKEN_INFO</b>
-being set, then that means that there is some way for a user to be
-authenticated to the token without having to send a PIN through the Cryptoki
-library.  One such possibility is that the user enters a PIN on a PIN pad on
-the token itself, or on the slot device.  To initialize the normal user’s PIN
-on a token with such a protected authentication path, the <i>pPin</i> parameter
-to <b>C_InitPIN</b> should be NULL_PTR.  During the execution of <b>C_InitPIN</b>,
-the SO will enter the new PIN through the protected authentication path.</p>
-
-<p class=MsoNormal>If the token has a protected authentication path other than
-a PIN pad, then it is token-dependent whether or not <b>C_InitPIN</b> can be
-used to initialize the normal user’s token access.</p>
-
-<p class=MsoNormal>Return values: CKR_CRYPTOKI_NOT_INITIALIZED,
-CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED,
-CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK,
-CKR_PIN_INVALID, CKR_PIN_LEN_RANGE, CKR_SESSION_CLOSED, CKR_SESSION_READ_ONLY,
-CKR_SESSION_HANDLE_INVALID, CKR_TOKEN_WRITE_PROTECTED, CKR_USER_NOT_LOGGED_IN,
-CKR_ARGUMENTS_BAD.</p>
-
-<p class=MsoNormal>Example:</p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_SESSION_HANDLE hSession;</p>
-
-<p class=BoxedCode>CK_UTF8CHAR newPin[]= {“NewPIN”};</p>
-
-<p class=BoxedCode>CK_RV rv;</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>rv = C_InitPIN(hSession, newPin, sizeof(newPin)-1);</p>
-
-<p class=BoxedCode>if (rv == CKR_OK) {</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>}</p>
-
-</div>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002335"></a><a name="_Toc72656117"></a><a name="_Toc405794727"></a><a
-name="_Toc385057907"></a><a name="_Toc383864881"></a><a name="_Toc323610874"></a><a
-name="_Toc323205444"></a><a name="_Toc323024112"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_SetPIN</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_SetPIN)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_UTF8CHAR_PTR pOldPin,<br>
-  CK_ULONG ulOldLen,<br>
-  CK_UTF8CHAR_PTR pNewPin,<br>
-  CK_ULONG ulNewLen<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_SetPIN</b> modifies the PIN of the user that is
-currently logged in, or the CKU_USER PIN if the session is not logged in.  <i>hSession</i>
-is the session’s handle; <i>pOldPin</i> points to the old PIN; <i>ulOldLen</i>
-is the length in bytes of the old PIN;<i> pNewPin</i> points to the new PIN; <i>ulNewLen</i>
-is the length in bytes of the new PIN. This standard allows PIN values to
-contain any valid UTF8 character, but the token may impose subset restrictions.</p>
-
-<p class=MsoNormal><b>C_SetPIN</b> can only be called in the “R/W Public
-Session” state, “R/W SO Functions” state, or “R/W User Functions” state.  An
-attempt to call it from a session in any other state fails with error
-CKR_SESSION_READ_ONLY.</p>
-
-<p class=MsoNormal>If the token has a “protected authentication path”, as
-indicated by the CKF_PROTECTED_AUTHENTICATION_PATH flag in its <b>CK_TOKEN_INFO</b>
-being set, then that means that there is some way for a user to be
-authenticated to the token without having to send a PIN through the Cryptoki
-library.  One such possibility is that the user enters a PIN on a PIN pad on
-the token itself, or on the slot device.  To modify the current user’s PIN on a
-token with such a protected authentication path, the <i>pOldPin</i> and <i>pNewPin</i>
-parameters to <b>C_SetPIN</b> should be NULL_PTR.  During the execution of <b>C_SetPIN</b>,
-the current user will enter the old PIN and the new PIN through the protected
-authentication path.  It is not specified how the PIN pad should be used to
-enter <i>two</i> PINs; this varies.</p>
-
-<p class=MsoNormal>If the token has a protected authentication path other than
-a PIN pad, then it is token-dependent whether or not <b>C_SetPIN</b> can be
-used to modify the current user’s PIN.</p>
-
-<p class=MsoNormal>Return values: CKR_CRYPTOKI_NOT_INITIALIZED,
-CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED,
-CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK,
-CKR_PIN_INCORRECT, CKR_PIN_INVALID, CKR_PIN_LEN_RANGE, CKR_PIN_LOCKED,
-CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID, CKR_SESSION_READ_ONLY,
-CKR_TOKEN_WRITE_PROTECTED, CKR_ARGUMENTS_BAD.</p>
-
-<p class=MsoNormal>Example:</p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_SESSION_HANDLE hSession;</p>
-
-<p class=BoxedCode>CK_UTF8CHAR oldPin[] = {“OldPIN”};</p>
-
-<p class=BoxedCode>CK_UTF8CHAR newPin[] = {“NewPIN”};</p>
-
-<p class=BoxedCode>CK_RV rv;</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>rv = C_SetPIN(</p>
-
-<p class=BoxedCode>  hSession, oldPin, sizeof(oldPin)-1, newPin,
-sizeof(newPin)-1);</p>
-
-<p class=BoxedCode>if (rv == CKR_OK) {</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>}</p>
-
-</div>
-
-<h2><a name="_Toc416959742"></a><a name="_Toc395183815"></a><a
-name="_Toc391468819"></a><a name="_Toc370634028"></a><a name="_Toc235002336"></a><a
-name="_Toc72656118"></a><a name="_Toc405794728"></a><a name="_Toc385057908"></a><a
-name="_Toc383864882"></a><a name="_Toc323610875"></a><a name="_Toc323205445"></a><a
-name="_Toc323024113"></a><a name="_Toc323000709"></a><a name="_Toc322945142"></a><a
-name="_Toc322855300"></a><a name="_Toc319315699"></a><a name="_Toc319313706"></a><a
-name="_Toc319313513"></a><a name="_Toc319287673">5.6 Session management</a>
-functions</h2>
-
-<p class=MsoNormal>A typical application might perform the following series of
-steps to make use of a token (note that there are other reasonable sequences of
-events that an application might perform):</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'>1.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>Select a
-token.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'>2.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>Make one
-or more calls to <b>C_OpenSession</b> to obtain one or more sessions with the
-token.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'>3.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>Call <b>C_Login</b>
-to log the user into the token.  Since all sessions an application has with a
-token have a shared login state, <b>C_Login</b> only needs to be called for one
-of the sessions.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'>4.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>Perform
-cryptographic operations using the sessions with the token.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'>5.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>Call <b>C_CloseSession</b>
-once for each session that the application has with the token, or call <b>C_CloseAllSessions</b>
-to close all the application’s sessions simultaneously.</p>
-
-<p class=MsoNormal>As has been observed, an application may have concurrent
-sessions with more than one token.  It is also possible for a token to have
-concurrent sessions with more than one application.</p>
-
-<p class=MsoNormal><a name="_Toc405794729"></a><a name="_Toc385057909"></a><a
-name="_Toc383864883"></a><a name="_Toc323610876"></a><a name="_Toc323205446"></a><a
-name="_Toc323024114">Cryptoki provides the following functions for session
-management:</a></p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002337"></a><a name="_Toc72656119"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_OpenSession</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_OpenSession)(<br>
-  CK_SLOT_ID slotID,<br>
-  CK_FLAGS flags,<br>
-  CK_VOID_PTR pApplication,<br>
-  CK_NOTIFY Notify,<br>
-  CK_SESSION_HANDLE_PTR phSession<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_OpenSession</b> opens a session between an application
-and a token in a particular slot.  <i>slotID</i> is the slot’s ID; <i>flags</i>
-indicates the type of session; <i>pApplication</i> is an application-defined
-pointer to be passed to the notification callback; <i>Notify</i> is the address
-of the notification callback function (see Section 5.16); <i>phSession</i> points to the location that receives the handle for the new session.</p>
-
-<p class=MsoNormal>When opening a session with <b>C_OpenSession</b>, the <i>flags</i>
-parameter consists of the logical OR of zero or more bit flags defined in the <b>CK_SESSION_INFO</b>
-data type.  For legacy reasons, the <b>CKF_SERIAL_SESSION</b> bit MUST always
-be set; if a call to <b>C_OpenSession</b> does not have this bit set, the call
-should return unsuccessfully with the error code
-CKR_SESSION_PARALLEL_NOT_SUPPORTED.</p>
-
-<p class=MsoNormal>There may be a limit on the number of concurrent sessions an
-application may have with the token, which may depend on whether the session is
-“read-only” or “read/write”.  An attempt to open a session which does not
-succeed because there are too many existing sessions of some type should return
-CKR_SESSION_COUNT.</p>
-
-<p class=MsoNormal>If the token is write-protected (as indicated in the <b>CK_TOKEN_INFO</b>
-structure), then only read-only sessions may be opened with it.</p>
-
-<p class=MsoNormal>If the application calling <b>C_OpenSession</b> already has
-a R/W SO session open with the token, then any attempt to open a R/O session
-with the token fails with error code CKR_SESSION_READ_WRITE_SO_EXISTS (see <b><span
-style='color:#3B006F'>[PKCS11-UG] </span></b>for further details).</p>
-
-<p class=MsoNormal>The <i>Notify</i> callback function is used by Cryptoki to
-notify the application of certain events.  If the application does not wish to
-support callbacks, it should pass a value of NULL_PTR as the <i>Notify</i>
-parameter.  See Section 5.16 for more information about application callbacks.</p>
-
-<p class=MsoNormal>Return values: CKR_CRYPTOKI_NOT_INITIALIZED,
-CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_FAILED,
-CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK, CKR_SESSION_COUNT,
-CKR_SESSION_PARALLEL_NOT_SUPPORTED, CKR_SESSION_READ_WRITE_SO_EXISTS,
-CKR_SLOT_ID_INVALID, CKR_TOKEN_NOT_PRESENT, CKR_TOKEN_NOT_RECOGNIZED,
-CKR_TOKEN_WRITE_PROTECTED, CKR_ARGUMENTS_BAD.</p>
-
-<p class=MsoNormal>Example: see <b>C_CloseSession</b>.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002338"></a><a name="_Toc72656120"></a><a name="_Toc405794730"></a><a
-name="_Toc385057910"></a><a name="_Toc383864884"></a><a name="_Toc323610877"></a><a
-name="_Toc323205447"></a><a name="_Toc323024115"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_CloseSession</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_CloseSession)(<br>
-  CK_SESSION_HANDLE hSession<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_CloseSession</b> closes a session between an
-application and a token.  <i>hSession</i> is the session’s handle.</p>
-
-<p class=MsoNormal>When a session is closed, all session objects created by the
-session are destroyed automatically, even if the application has other sessions
-“using” the objects (see <b><span style='color:#3B006F'>[PKCS11-UG] </span></b>for
-further details).</p>
-
-<p class=MsoNormal>If this function is successful and it closes the last
-session between the application and the token, the login state of the token for
-the application returns to public sessions. Any new sessions to the token
-opened by the application will be either R/O Public or R/W Public sessions.</p>
-
-<p class=MsoNormal>Depending on the token, when the last open session any
-application has with the token is closed, the token may be “ejected” from its
-reader (if this capability exists).</p>
-
-<p class=MsoNormal>Despite the fact this <b>C_CloseSession</b> is supposed to
-close a session, the return value CKR_SESSION_CLOSED is an <i>error</i>
-return.  It actually indicates the (probably somewhat unlikely) event that
-while this function call was executing, another call was made to <b>C_CloseSession</b>
-to close this particular session, and that call finished executing first.  Such
-uses of sessions are a bad idea, and Cryptoki makes little promise of what will
-occur in general if an application indulges in this sort of behavior.</p>
-
-<p class=MsoNormal>Return values: CKR_CRYPTOKI_NOT_INITIALIZED,
-CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_FAILED,
-CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK, CKR_SESSION_CLOSED,
-CKR_SESSION_HANDLE_INVALID.</p>
-
-<p class=MsoNormal>Example:</p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_SLOT_ID slotID;</p>
-
-<p class=BoxedCode>CK_BYTE application;</p>
-
-<p class=BoxedCode>CK_NOTIFY MyNotify;</p>
-
-<p class=BoxedCode>CK_SESSION_HANDLE hSession;</p>
-
-<p class=BoxedCode>CK_RV rv;</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>application = 17;</p>
-
-<p class=BoxedCode>MyNotify = &amp;EncryptionSessionCallback;</p>
-
-<p class=BoxedCode>rv = C_OpenSession(</p>
-
-<p class=BoxedCode>  slotID, CKF_SERIAL_SESSION | CKF_RW_SESSION,</p>
-
-<p class=BoxedCode>            (CK_VOID_PTR) &amp;application, MyNotify,</p>
-
-<p class=BoxedCode>  &amp;hSession);</p>
-
-<p class=BoxedCode>if (rv == CKR_OK) {</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  C_CloseSession(hSession);</p>
-
-<p class=BoxedCode>}</p>
-
-</div>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002339"></a><a name="_Toc72656121"></a><a name="_Toc405794731"></a><a
-name="_Toc385057911"></a><a name="_Toc383864885"></a><a name="_Toc323610878"></a><a
-name="_Toc323205448"></a><a name="_Toc323024116"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_CloseAllSessions</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_CloseAllSessions)(<br>
-  CK_SLOT_ID slotID<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_CloseAllSessions</b> closes all sessions an application
-has with a token. <i>slotID</i> specifies the token’s slot.</p>
-
-<p class=MsoNormal>When a session is closed, all session objects created by the
-session are destroyed automatically.</p>
-
-<p class=MsoNormal>After successful execution of this function, the login state
-of the token for the application returns to public sessions. Any new sessions
-to the token opened by the application will be either R/O Public or R/W Public
-sessions.</p>
-
-<p class=MsoNormal>Depending on the token, when the last open session any
-application has with the token is closed, the token may be “ejected” from its
-reader (if this capability exists).</p>
-
-<p class=MsoNormal>Return values: CKR_CRYPTOKI_NOT_INITIALIZED,
-CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_FAILED,
-CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK, CKR_SLOT_ID_INVALID,
-CKR_TOKEN_NOT_PRESENT.</p>
-
-<p class=MsoNormal>Example:</p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_SLOT_ID slotID;</p>
-
-<p class=BoxedCode><span lang=SV>CK_RV rv;</span></p>
-
-<p class=BoxedCode><span lang=SV>&nbsp;</span></p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>rv = C_CloseAllSessions(slotID);</p>
-
-</div>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002340"></a><a name="_Toc72656122"></a><a name="_Toc405794732"></a><a
-name="_Toc385057912"></a><a name="_Toc383864886"></a><a name="_Toc323610879"></a><a
-name="_Toc323205449"></a><a name="_Toc323024117"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_GetSessionInfo</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_GetSessionInfo)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_SESSION_INFO_PTR pInfo<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_GetSessionInfo</b> obtains information about a
-session.  <i>hSession</i> is the session’s handle; <i>pInfo</i> points to the
-location that receives the session information.</p>
-
-<p class=MsoNormal>Return values: CKR_CRYPTOKI_NOT_INITIALIZED,
-CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_FAILED,
-CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK, CKR_SESSION_CLOSED,
-CKR_SESSION_HANDLE_INVALID, CKR_ARGUMENTS_BAD.</p>
-
-<p class=MsoNormal>Example:</p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_SESSION_HANDLE hSession;</p>
-
-<p class=BoxedCode><span lang=IT>CK_SESSION_INFO info;</span></p>
-
-<p class=BoxedCode><span lang=IT>CK_RV rv;</span></p>
-
-<p class=BoxedCode><span lang=IT>&nbsp;</span></p>
-
-<p class=BoxedCode><span lang=IT>.</span></p>
-
-<p class=BoxedCode><span lang=IT>.</span></p>
-
-<p class=BoxedCode><span lang=IT>rv = C_GetSessionInfo(hSession, &amp;info);</span></p>
-
-<p class=BoxedCode>if (rv == CKR_OK) {</p>
-
-<p class=BoxedCode>  if (info.state == CKS_RW_USER_FUNCTIONS) {</p>
-
-<p class=BoxedCode>    .</p>
-
-<p class=BoxedCode>    .</p>
-
-<p class=BoxedCode>  }</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>}</p>
-
-</div>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002341"></a><a name="_Toc72656123"></a><a name="_Toc405794733"></a><a
-name="_Toc385057913"><span style='font-family:Symbol;font-weight:normal'>¨<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><span
-style='font-family:"Arial","sans-serif"'>C_GetOperationState</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_GetOperationState)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_BYTE_PTR pOperationState,<br>
-  CK_ULONG_PTR pulOperationStateLen<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_GetOperationState</b> obtains a copy of the
-cryptographic operations state of a session, encoded as a string of bytes.  <i>hSession</i>
-is the session’s handle; <i>pOperationState</i> points to the location that
-receives the state; <i>pulOperationStateLen</i> points to the location that receives
-the length in bytes of the state.</p>
-
-<p class=MsoNormal>Although the saved state output by <b>C_GetOperationState</b>
-is not really produced by a “cryptographic mechanism”, <b>C_GetOperationState</b>
-nonetheless uses the convention described in Section 5.2 on producing output.</p>
-
-<p class=MsoNormal>Precisely what the “cryptographic operations state” this
-function saves is varies from token to token; however, this state is what is
-provided as input to <b>C_SetOperationState</b> to restore the cryptographic
-activities of a session.</p>
-
-<p class=MsoNormal>Consider a session which is performing a message digest
-operation using SHA-1 (<i>i.e.</i>, the session is using the <b>CKM_SHA_1</b>
-mechanism).  Suppose that the message digest operation was initialized
-properly, and that precisely 80 bytes of data have been supplied so far as
-input to SHA-1.  The application now wants to “save the state” of this digest
-operation, so that it can continue it later.  In this particular case, since
-SHA-1 processes 512 bits (64 bytes) of input at a time, the cryptographic
-operations state of the session most likely consists of three distinct parts:
-the state of SHA-1’s 160-bit internal chaining variable; the 16 bytes of
-unprocessed input data; and some administrative data indicating that this saved
-state comes from a session which was performing SHA-1 hashing.  Taken together,
-these three pieces of information suffice to continue the current hashing
-operation at a later time.</p>
-
-<p class=MsoNormal>Consider next a session which is performing an encryption
-operation with DES (a block cipher with a block size of 64 bits) in CBC
-(cipher-block chaining) mode (<i>i.e.</i>, the session is using the <b>CKM_DES_CBC</b>
-mechanism).  Suppose that precisely 22 bytes of data (in addition to an IV for
-the CBC mode) have been supplied so far as input to DES, which means that the
-first two 8-byte blocks of ciphertext have already been produced and output. 
-In this case, the cryptographic operations state of the session most likely
-consists of three or four distinct parts: the second 8-byte block of ciphertext
-(this will be used for cipher-block chaining to produce the next block of
-ciphertext); the 6 bytes of data still awaiting encryption; some administrative
-data indicating that this saved state comes from a session which was performing
-DES encryption in CBC mode; and possibly the DES key being used for encryption
-(see <b>C_SetOperationState</b> for more information on whether or not the key
-is present in the saved state).</p>
-
-<p class=MsoNormal>If a session is performing two cryptographic operations
-simultaneously (see Section 5.12), then the cryptographic operations state of
-the session will contain all the necessary information to restore both
-operations.</p>
-
-<p class=MsoNormal>An attempt to save the cryptographic operations state of a
-session which does not currently have some active savable cryptographic
-operation(s) (encryption, decryption, digesting, signing without message
-recovery, verification without message recovery, or some legal combination of
-two of these) should fail with the error CKR_OPERATION_NOT_INITIALIZED.</p>
-
-<p class=MsoNormal>An attempt to save the cryptographic operations state of a
-session which is performing an appropriate cryptographic operation (or two),
-but which cannot be satisfied for any of various reasons (certain necessary
-state information and/or key information can’t leave the token, for example)
-should fail with the error CKR_STATE_UNSAVEABLE.</p>
-
-<p class=MsoNormal>Return values: CKR_BUFFER_TOO_SMALL,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY,
-CKR_DEVICE_REMOVED, CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY,
-CKR_OK, CKR_OPERATION_NOT_INITIALIZED, CKR_SESSION_CLOSED,
-CKR_SESSION_HANDLE_INVALID, CKR_STATE_UNSAVEABLE, CKR_ARGUMENTS_BAD.</p>
-
-<p class=MsoNormal>Example: see <b>C_SetOperationState</b>.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002342"></a><a name="_Toc72656124"></a><a name="_Toc405794734"></a><a
-name="_Toc385057914"><span style='font-family:Symbol;font-weight:normal'>¨<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><span
-style='font-family:"Arial","sans-serif"'>C_SetOperationState</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_SetOperationState)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_BYTE_PTR pOperationState,<br>
-  CK_ULONG ulOperationStateLen,<br>
-  CK_OBJECT_HANDLE hEncryptionKey,<br>
-  CK_OBJECT_HANDLE hAuthenticationKey<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><a name="_Toc383864887"></a><a name="_Toc323610880"></a><a
-name="_Toc323205450"></a><a name="_Toc323024118"><b>C_SetOperationState</b>
-restores the cryptographic operations state of a session from a string of bytes
-obtained with <b>C_GetOperationState</b>.  <i>hSession</i> is the session’s
-handle; <i>pOperationState</i> points to the location holding the saved state; <i>ulOperationStateLen</i>
-holds the length of the saved state; <i>hEncryptionKey</i> holds a handle to
-the key which will be used for an ongoing encryption or decryption operation in
-the restored session (or 0 if no encryption or decryption key is needed, either
-because no such operation is ongoing in the stored session or because all the
-necessary key information is present in the saved state); <i>hAuthenticationKey</i>
-holds a handle to the key which will be used for an ongoing signature, MACing,
-or verification operation in the restored session (or 0 if no such key is
-needed, either because no such operation is ongoing in the stored session or
-because all the necessary key information is present in the saved state).</a></p>
-
-<p class=MsoNormal>The state need not have been obtained from the same session
-(the “source session”) as it is being restored to (the “destination session”). 
-However, the source session and destination session should have a common
-session state (<i>e.g.</i>, CKS_RW_USER_FUNCTIONS), and should be with a common
-token.  There is also no guarantee that cryptographic operations state may be
-carried across logins, or across different Cryptoki implementations.</p>
-
-<p class=MsoNormal>If <b>C_SetOperationState</b> is supplied with alleged saved
-cryptographic operations state which it can determine is not valid saved state
-(or is cryptographic operations state from a session with a different session
-state, or is cryptographic operations state from a different token), it fails with
-the error CKR_SAVED_STATE_INVALID.</p>
-
-<p class=MsoNormal>Saved state obtained from calls to <b>C_GetOperationState</b>
-may or may not contain information about keys in use for ongoing cryptographic
-operations.  If a saved cryptographic operations state has an ongoing
-encryption or decryption operation, and the key in use for the operation is not
-saved in the state, then it MUST be supplied to <b>C_SetOperationState</b> in
-the <i>hEncryptionKey</i> argument.  If it is not, then <b>C_SetOperationState</b>
-will fail and return the error CKR_KEY_NEEDED.  If the key in use for the
-operation <i>is</i> saved in the state, then it <i>can</i> be supplied in the <i>hEncryptionKey</i>
-argument, but this is not required.</p>
-
-<p class=MsoNormal>Similarly, if a saved cryptographic operations state has an
-ongoing signature, MACing, or verification operation, and the key in use for
-the operation is not saved in the state, then it MUST be supplied to <b>C_SetOperationState</b>
-in the <i>hAuthenticationKey</i> argument.  If it is not, then <b>C_SetOperationState</b>
-will fail with the error CKR_KEY_NEEDED.  If the key in use for the operation <i>is</i>
-saved in the state, then it <i>can</i> be supplied in the <i>hAuthenticationKey</i>
-argument, but this is not required.</p>
-
-<p class=MsoNormal>If an <i>irrelevant</i> key is supplied to <b>C_SetOperationState</b>
-call (<i>e.g.</i>, a nonzero key handle is submitted in the <i>hEncryptionKey</i>
-argument, but the saved cryptographic operations state supplied does not have
-an ongoing encryption or decryption operation, then <b>C_SetOperationState</b>
-fails with the error CKR_KEY_NOT_NEEDED.</p>
-
-<p class=MsoNormal>If a key is supplied as an argument to <b>C_SetOperationState</b>,
-and <b>C_SetOperationState</b> can somehow detect that this key was not the key
-being used in the source session for the supplied cryptographic operations
-state (it may be able to detect this if the key or a hash of the key is present
-in the saved state, for example), then <b>C_SetOperationState</b> fails with
-the error CKR_KEY_CHANGED.</p>
-
-<p class=MsoNormal>An application can look at the <b>CKF_RESTORE_KEY_NOT_NEEDED</b>
-flag in the flags field of the <b>CK_TOKEN_INFO</b> field for a token to
-determine whether or not it needs to supply key handles to <b>C_SetOperationState</b>
-calls.  If this flag is true, then a call to <b>C_SetOperationState</b> <i>never</i>
-needs a key handle to be supplied to it.  If this flag is false, then at least
-some of the time, <b>C_SetOperationState</b> requires a key handle, and so the
-application should probably <i>always</i> pass in any relevant key handles when
-restoring cryptographic operations state to a session.</p>
-
-<p class=MsoNormal><b>C_SetOperationState</b> can successfully restore
-cryptographic operations state to a session even if that session has active
-cryptographic or object search operations when <b>C_SetOperationState</b> is
-called (the ongoing operations are abruptly cancelled).</p>
-
-<p class=MsoNormal>Return values: CKR_CRYPTOKI_NOT_INITIALIZED,
-CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_FAILED,
-CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_KEY_CHANGED, CKR_KEY_NEEDED,
-CKR_KEY_NOT_NEEDED, CKR_OK, CKR_SAVED_STATE_INVALID, CKR_SESSION_CLOSED,
-CKR_SESSION_HANDLE_INVALID, CKR_ARGUMENTS_BAD.</p>
-
-<p class=MsoNormal>Example:</p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_SESSION_HANDLE hSession;</p>
-
-<p class=BoxedCode>CK_MECHANISM digestMechanism;</p>
-
-<p class=BoxedCode>CK_ULONG ulStateLen;</p>
-
-<p class=BoxedCode>CK_BYTE data1[] = {0x01, 0x03, 0x05, 0x07};</p>
-
-<p class=BoxedCode>CK_BYTE data2[] = {0x02, 0x04, 0x08};</p>
-
-<p class=BoxedCode><span lang=IT>CK_BYTE data3[] = {0x10, 0x0F, 0x0E, 0x0D,
-0x0C};</span></p>
-
-<p class=BoxedCode><span lang=SV>CK_BYTE pDigest[20];</span></p>
-
-<p class=BoxedCode><span lang=SV>CK_ULONG ulDigestLen;</span></p>
-
-<p class=BoxedCode><span lang=SV>CK_RV rv;</span></p>
-
-<p class=BoxedCode><span lang=SV>&nbsp;</span></p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>/* Initialize hash operation */</p>
-
-<p class=BoxedCode><span lang=DE-CH>rv = C_DigestInit(hSession,
-&amp;digestMechanism);</span></p>
-
-<p class=BoxedCode>assert(rv == CKR_OK);</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>/* Start hashing */</p>
-
-<p class=BoxedCode>rv = C_DigestUpdate(hSession, data1, sizeof(data1));</p>
-
-<p class=BoxedCode>assert(rv == CKR_OK);</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>/* Find out how big the state might be */</p>
-
-<p class=BoxedCode>rv = C_GetOperationState(hSession, NULL_PTR,
-&amp;ulStateLen);</p>
-
-<p class=BoxedCode>assert(rv == CKR_OK);</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>/* Allocate some memory and then get the state */</p>
-
-<p class=BoxedCode>pState = (CK_BYTE_PTR) malloc(ulStateLen);</p>
-
-<p class=BoxedCode>rv = C_GetOperationState(hSession, pState, &amp;ulStateLen);</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>/* Continue hashing */</p>
-
-<p class=BoxedCode>rv = C_DigestUpdate(hSession, data2, sizeof(data2));</p>
-
-<p class=BoxedCode>assert(rv == CKR_OK);</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>/* Restore state.  No key handles needed */</p>
-
-<p class=BoxedCode>rv = C_SetOperationState(hSession, pState, ulStateLen, 0,
-0);</p>
-
-<p class=BoxedCode>assert(rv == CKR_OK);</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>/* Continue hashing from where we saved state */</p>
-
-<p class=BoxedCode>rv = C_DigestUpdate(hSession, data3, sizeof(data3));</p>
-
-<p class=BoxedCode>assert(rv == CKR_OK);</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>/* Conclude hashing operation */</p>
-
-<p class=BoxedCode>ulDigestLen = sizeof(pDigest);</p>
-
-<p class=BoxedCode><span lang=DE>rv = C_DigestFinal(hSession, pDigest,
-&amp;ulDigestLen);</span></p>
-
-<p class=BoxedCode>if (rv == CKR_OK) {</p>
-
-<p class=BoxedCode>  /* pDigest[] now contains the hash of 0x01030507100F0E0D0C
-*/</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>}</p>
-
-</div>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002343"></a><a name="_Toc72656125"></a><a name="_Toc405794735"></a><a
-name="_Toc385057915"><span style='font-family:Symbol;font-weight:normal'>¨<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><span
-style='font-family:"Arial","sans-serif"'>C_Login</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_Login)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_USER_TYPE userType,<br>
-  CK_UTF8CHAR_PTR pPin,<br>
-  CK_ULONG ulPinLen<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_Login</b> logs a user into a token.  <i>hSession</i> is
-a session handle; <i>userType</i> is the user type; <i>pPin</i> points to the
-user’s PIN;<i> ulPinLen</i> is the length of the PIN. This standard allows PIN
-values to contain any valid UTF8 character, but the token may impose subset
-restrictions.</p>
-
-<p class=MsoNormal>When the user type is either CKU_SO or CKU_USER, if the call
-succeeds, each of the application's sessions will enter either the &quot;R/W SO
-Functions&quot; state, the &quot;R/W User Functions&quot; state, or the
-&quot;R/O User Functions&quot; state. If the user type is CKU_CONTEXT_SPECIFIC
-, the behavior of C_Login depends on the context in which it is called.
-Improper use of this user type will result in a return value 
-CKR_OPERATION_NOT_INITIALIZED..</p>
-
-<p class=MsoNormal>If the token has a “protected authentication path”, as
-indicated by the <b>CKF_PROTECTED_AUTHENTICATION_PATH</b> flag in its <b>CK_TOKEN_INFO</b>
-being set, then that means that there is some way for a user to be
-authenticated to the token without having to send a PIN through the Cryptoki
-library.  One such possibility is that the user enters a PIN on a PIN pad on
-the token itself, or on the slot device.  Or the user might not even use a
-PIN—authentication could be achieved by some fingerprint-reading device, for
-example.  To log into a token with a protected authentication path, the <i>pPin</i>
-parameter to <b>C_Login</b> should be NULL_PTR.  When <b>C_Login</b> returns,
-whatever authentication method supported by the token will have been performed;
-a return value of CKR_OK means that the user was successfully authenticated,
-and a return value of CKR_PIN_INCORRECT means that the user was denied access.</p>
-
-<p class=MsoNormal>If there are any active cryptographic or object finding
-operations in an application’s session, and then <b>C_Login</b> is successfully
-executed by that application, it may or may not be the case that those
-operations are still active.  Therefore, before logging in, any active
-operations should be finished.</p>
-
-<p class=MsoNormal>If the application calling <b>C_Login</b> has a R/O session
-open with the token, then it will be unable to log the SO into a session (see <b><span
-style='color:#3B006F'>[PKCS11-UG] </span></b>for further details).  An attempt
-to do this will result in the error code CKR_SESSION_READ_ONLY_EXISTS.</p>
-
-<p class=MsoNormal>C_Login may be called repeatedly, without intervening <b>C_Logout</b>
-calls, if (and only if) a key with the CKA_ALWAYS_AUTHENTICATE attribute set to
-CK_TRUE exists, and the user needs to do cryptographic operation on this key.
-See further Section 4.9.</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY,
-CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED, CKR_FUNCTION_FAILED,
-CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK, CKR_OPERATION_NOT_INITIALIZED, CKR_PIN_INCORRECT,
-CKR_PIN_LOCKED, CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID, CKR_SESSION_READ_ONLY_EXISTS,
-CKR_USER_ALREADY_LOGGED_IN, CKR_USER_ANOTHER_ALREADY_LOGGED_IN,
-CKR_USER_PIN_NOT_INITIALIZED, CKR_USER_TOO_MANY_TYPES, CKR_USER_TYPE_INVALID.</p>
-
-<p class=MsoNormal>Example: see <b>C_Logout</b>.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002344"></a><a name="_Toc72656126"></a><a name="_Toc405794736"></a><a
-name="_Toc385057916"></a><a name="_Toc383864888"></a><a name="_Toc323610881"></a><a
-name="_Toc323205451"></a><a name="_Toc323024119"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_Logout</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_Logout)(<br>
-  CK_SESSION_HANDLE hSession<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_Logout</b> logs a user out from a token.  <i>hSession</i>
-is the session’s handle.</p>
-
-<p class=MsoNormal>Depending on the current user type, if the call succeeds,
-each of the application’s sessions will enter either the “R/W Public Session”
-state or the “R/O Public Session” state.</p>
-
-<p class=MsoNormal>When <b>C_Logout</b> successfully executes, any of the
-application’s handles to private objects become invalid (even if a user is
-later logged back into the token, those handles remain invalid).  In addition,
-all private session objects from sessions belonging to the application are
-destroyed.</p>
-
-<p class=MsoNormal>If there are any active cryptographic or object-finding
-operations in an application’s session, and then <b>C_Logout</b> is
-successfully executed by that application, it may or may not be the case that
-those operations are still active.  Therefore, before logging out, any active
-operations should be finished.</p>
-
-<p class=MsoNormal>Return values: CKR_CRYPTOKI_NOT_INITIALIZED,
-CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_FAILED,
-CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK, CKR_SESSION_CLOSED,
-CKR_SESSION_HANDLE_INVALID, CKR_USER_NOT_LOGGED_IN.</p>
-
-<p class=MsoNormal>Example:</p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_SESSION_HANDLE hSession;</p>
-
-<p class=BoxedCode>CK_UTF8CHAR userPIN[] = {“MyPIN”};</p>
-
-<p class=BoxedCode>CK_RV rv;</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>rv = C_Login(hSession, CKU_USER, userPIN,
-sizeof(userPIN)-1);</p>
-
-<p class=BoxedCode>if (rv == CKR_OK) {</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  rv == C_Logout(hSession);</p>
-
-<p class=BoxedCode>  if (rv == CKR_OK) {</p>
-
-<p class=BoxedCode>    .</p>
-
-<p class=BoxedCode>    .</p>
-
-<p class=BoxedCode>  }</p>
-
-<p class=BoxedCode>}</p>
-
-</div>
-
-<h2><a name="_Toc416959743"></a><a name="_Toc395183816"></a><a
-name="_Toc391468820"></a><a name="_Toc370634029"></a><a name="_Toc235002345"></a><a
-name="_Toc72656127"></a><a name="_Ref457140255"></a><a name="_Toc405794737"></a><a
-name="_Ref399147217"></a><a name="_Ref398614471"></a><a name="_Ref398614396"></a><a
-name="_Toc385057917"></a><a name="_Toc383864889"></a><a name="_Toc323610882"></a><a
-name="_Toc323205452"></a><a name="_Toc323024120"></a><a name="_Toc323000710"></a><a
-name="_Toc322945143"></a><a name="_Toc322855301"></a><a name="_Toc319315700"></a><a
-name="_Toc319313707"></a><a name="_Toc319313514"></a><a name="_Toc319287674">5.7
-Object management</a> functions</h2>
-
-<p class=MsoNormal>Cryptoki provides the following functions for managing
-objects.  Additional functions provided specifically for managing key objects
-are described in Section 5.13.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002346"></a><a name="_Toc72656128"></a><a name="_Toc405794738"></a><a
-name="_Toc385057918"></a><a name="_Toc383864890"></a><a name="_Toc323610883"></a><a
-name="_Toc323205453"></a><a name="_Toc323024121"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_CreateObject</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_CreateObject)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_ATTRIBUTE_PTR pTemplate,<br>
-  CK_ULONG ulCount,<br>
-  CK_OBJECT_HANDLE_PTR phObject<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_CreateObject</b> creates a new object. <i>hSession</i>
-is the session’s handle; <i>pTemplate</i> points to the object’s template; <i>ulCount</i>
-is the number of attributes in the template; <i>phObject</i> points to the
-location that receives the new object’s handle.</p>
-
-<p class=MsoNormal>If a call to <b>C_CreateObject</b> cannot support the
-precise template supplied to it, it will fail and return without creating any
-object.</p>
-
-<p class=MsoNormal>If <b>C_CreateObject</b> is used to create a key object, the
-key object will have its <b>CKA_LOCAL</b> attribute set to CK_FALSE. If that
-key object is a secret or private key then the new key will have the <b>CKA_ALWAYS_SENSITIVE</b>
-attribute set to CK_FALSE, and the <b>CKA_NEVER_EXTRACTABLE</b> attribute set
-to CK_FALSE.</p>
-
-<p class=MsoNormal>Only session objects can be created during a read-only
-session.  Only public objects can be created unless the normal user is logged
-in.</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD, CKR_ATTRIBUTE_READ_ONLY,
-CKR_ATTRIBUTE_TYPE_INVALID, CKR_ATTRIBUTE_VALUE_INVALID,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_CURVE_NOT_SUPPORTED, CKR_DEVICE_ERROR,
-CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_DOMAIN_PARAMS_INVALID,
-CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK,
-CKR_PIN_EXPIRED, CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID,
-CKR_SESSION_READ_ONLY, CKR_TEMPLATE_INCOMPLETE, CKR_TEMPLATE_INCONSISTENT,
-CKR_TOKEN_WRITE_PROTECTED, CKR_USER_NOT_LOGGED_IN.</p>
-
-<p class=MsoNormal>Example:</p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_SESSION_HANDLE hSession;</p>
-
-<p class=BoxedCode>CK_OBJECT_HANDLE</p>
-
-<p class=BoxedCode>  hData,</p>
-
-<p class=BoxedCode>  hCertificate,</p>
-
-<p class=BoxedCode>  hKey;</p>
-
-<p class=BoxedCode>CK_OBJECT_CLASS</p>
-
-<p class=BoxedCode>  dataClass = CKO_DATA,</p>
-
-<p class=BoxedCode>  certificateClass = CKO_CERTIFICATE,</p>
-
-<p class=BoxedCode>  keyClass = CKO_PUBLIC_KEY;</p>
-
-<p class=BoxedCode>CK_KEY_TYPE keyType = CKK_RSA;</p>
-
-<p class=BoxedCode>CK_UTF8CHAR application[] = {“My Application”};</p>
-
-<p class=BoxedCode>CK_BYTE dataValue[] = {...};</p>
-
-<p class=BoxedCode>CK_BYTE subject[] = {...};</p>
-
-<p class=BoxedCode>CK_BYTE id[] = {...};</p>
-
-<p class=BoxedCode>CK_BYTE certificateValue[] = {...};</p>
-
-<p class=BoxedCode>CK_BYTE modulus[] = {...};</p>
-
-<p class=BoxedCode>CK_BYTE exponent[] = {...};</p>
-
-<p class=BoxedCode>CK_BBOOL true = CK_TRUE;</p>
-
-<p class=BoxedCode>CK_ATTRIBUTE dataTemplate[] = {</p>
-
-<p class=BoxedCode>  {CKA_CLASS, &amp;dataClass, sizeof(dataClass)},</p>
-
-<p class=BoxedCode>  {CKA_TOKEN, &amp;true, sizeof(true)},</p>
-
-<p class=BoxedCode>  {CKA_APPLICATION, application, sizeof(application)-1},</p>
-
-<p class=BoxedCode>  {CKA_VALUE, dataValue, sizeof(dataValue)}</p>
-
-<p class=BoxedCode>};</p>
-
-<p class=BoxedCode>CK_ATTRIBUTE certificateTemplate[] = {</p>
-
-<p class=BoxedCode>  {CKA_CLASS, &amp;certificateClass,
-sizeof(certificateClass)},</p>
-
-<p class=BoxedCode>  {CKA_TOKEN, &amp;true, sizeof(true)},</p>
-
-<p class=BoxedCode>  {CKA_SUBJECT, subject, sizeof(subject)},</p>
-
-<p class=BoxedCode>  {CKA_ID, id, sizeof(id)},</p>
-
-<p class=BoxedCode>  {CKA_VALUE, certificateValue, sizeof(certificateValue)}</p>
-
-<p class=BoxedCode>};</p>
-
-<p class=BoxedCode>CK_ATTRIBUTE keyTemplate[] = {</p>
-
-<p class=BoxedCode>  {CKA_CLASS, &amp;keyClass, sizeof(keyClass)},</p>
-
-<p class=BoxedCode>  {CKA_KEY_TYPE, &amp;keyType, sizeof(keyType)},</p>
-
-<p class=BoxedCode>  {CKA_WRAP, &amp;true, sizeof(true)},</p>
-
-<p class=BoxedCode>  {CKA_MODULUS, modulus, sizeof(modulus)},</p>
-
-<p class=BoxedCode>  {CKA_PUBLIC_EXPONENT, exponent, sizeof(exponent)}</p>
-
-<p class=BoxedCode>};</p>
-
-<p class=BoxedCode>CK_RV rv;</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>/* Create a data object */</p>
-
-<p class=BoxedCode>rv = C_CreateObject(hSession, &amp;dataTemplate, 4, &amp;hData);</p>
-
-<p class=BoxedCode>if (rv == CKR_OK) {</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>}</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>/* Create a certificate object */</p>
-
-<p class=BoxedCode>rv = C_CreateObject(</p>
-
-<p class=BoxedCode>  hSession, &amp;certificateTemplate, 5, &amp;hCertificate);</p>
-
-<p class=BoxedCode>if (rv == CKR_OK) {</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>}</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>/* Create an RSA public key object */</p>
-
-<p class=BoxedCode>rv = C_CreateObject(hSession, &amp;keyTemplate, 5,
-&amp;hKey);</p>
-
-<p class=BoxedCode>if (rv == CKR_OK) {</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>}</p>
-
-</div>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002347"></a><a name="_Toc72656129"></a><a name="_Toc405794739"></a><a
-name="_Toc385057919"></a><a name="_Toc383864891"></a><a name="_Toc323610884"></a><a
-name="_Toc323205454"></a><a name="_Toc323024122"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_CopyObject</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_CopyObject)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_OBJECT_HANDLE hObject,<br>
-  CK_ATTRIBUTE_PTR pTemplate,<br>
-  CK_ULONG ulCount,<br>
-  CK_OBJECT_HANDLE_PTR phNewObject<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_CopyObject</b> copies an object, creating a new object
-for the copy.  <i>hSession</i> is the session’s handle; <i>hObject</i> is the
-object’s handle; <i>pTemplate</i> points to the template for the new object; <i>ulCount</i>
-is the number of attributes in the template; <i>phNewObject</i> points to the
-location that receives the handle for the copy of the object.</p>
-
-<p class=MsoNormal>The template may specify new values for any attributes of
-the object that can ordinarily be modified (<i>e.g.</i>, in the course of
-copying a secret key, a key’s <b>CKA_EXTRACTABLE</b> attribute may be changed from
-CK_TRUE to CK_FALSE, but not the other way around.  If this change is made, the
-new key’s <b>CKA_NEVER_EXTRACTABLE</b> attribute will have the value CK_FALSE. 
-Similarly, the template may specify that the new key’s <b>CKA_SENSITIVE</b>
-attribute be CK_TRUE; the new key will have the same value for its <b>CKA_ALWAYS_SENSITIVE</b>
-attribute as the original key).  It may also specify new values of the <b>CKA_TOKEN</b>
-and <b>CKA_PRIVATE</b> attributes (<i>e.g.</i>, to copy a session object to a
-token object).  If the template specifies a value of an attribute which is
-incompatible with other existing attributes of the object, the call fails with
-the return code CKR_TEMPLATE_INCONSISTENT.</p>
-
-<p class=MsoNormal>If a call to <b>C_CopyObject</b> cannot support the precise
-template supplied to it, it will fail and return without creating any object.
-If the object indicated by hObject has its CKA_COPYABLE attribute set to
-CK_FALSE, C_CopyObject will return CKR_ACTION_PROHIBITED.</p>
-
-<p class=MsoNormal>Only session objects can be created during a read-only
-session.  Only public objects can be created unless the normal user is logged
-in.</p>
-
-<p class=MsoNormal>Return values: , CKR_ACTION_PROHIBITED, CKR_ARGUMENTS_BAD,
-CKR_ATTRIBUTE_READ_ONLY, CKR_ATTRIBUTE_TYPE_INVALID,
-CKR_ATTRIBUTE_VALUE_INVALID, CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DEVICE_ERROR,
-CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR,
-CKR_HOST_MEMORY, CKR_OBJECT_HANDLE_INVALID, CKR_OK, CKR_PIN_EXPIRED,
-CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID, CKR_SESSION_READ_ONLY,
-CKR_TEMPLATE_INCONSISTENT, CKR_TOKEN_WRITE_PROTECTED, CKR_USER_NOT_LOGGED_IN.</p>
-
-<p class=MsoNormal> Example:</p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_SESSION_HANDLE hSession;</p>
-
-<p class=BoxedCode>CK_OBJECT_HANDLE hKey, hNewKey;</p>
-
-<p class=BoxedCode>CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;</p>
-
-<p class=BoxedCode>CK_KEY_TYPE keyType = CKK_DES;</p>
-
-<p class=BoxedCode>CK_BYTE id[] = {...};</p>
-
-<p class=BoxedCode>CK_BYTE keyValue[] = {...};</p>
-
-<p class=BoxedCode>CK_BBOOL false = CK_FALSE;</p>
-
-<p class=BoxedCode>CK_BBOOL true = CK_TRUE;</p>
-
-<p class=BoxedCode>CK_ATTRIBUTE keyTemplate[] = {</p>
-
-<p class=BoxedCode>  {CKA_CLASS, &amp;keyClass, sizeof(keyClass)},</p>
-
-<p class=BoxedCode>  {CKA_KEY_TYPE, &amp;keyType, sizeof(keyType)},</p>
-
-<p class=BoxedCode>  <span lang=SV>{CKA_TOKEN, &amp;false, sizeof(false)},</span></p>
-
-<p class=BoxedCode><span lang=SV>  </span>{CKA_ID, id, sizeof(id)},</p>
-
-<p class=BoxedCode>  {CKA_VALUE, keyValue, sizeof(keyValue)}</p>
-
-<p class=BoxedCode>};</p>
-
-<p class=BoxedCode>CK_ATTRIBUTE copyTemplate[] = {</p>
-
-<p class=BoxedCode>  {CKA_TOKEN, &amp;true, sizeof(true)}</p>
-
-<p class=BoxedCode>};</p>
-
-<p class=BoxedCode>CK_RV rv;</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>/* Create a DES secret key session object */</p>
-
-<p class=BoxedCode>rv = C_CreateObject(hSession, &amp;keyTemplate, 5,
-&amp;hKey);</p>
-
-<p class=BoxedCode>if (rv == CKR_OK) {</p>
-
-<p class=BoxedCode>  /* Create a copy which is a token object */</p>
-
-<p class=BoxedCode>  rv = C_CopyObject(hSession, hKey, &amp;copyTemplate, 1,
-&amp;hNewKey);</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>}</p>
-
-</div>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002348"></a><a name="_Toc72656130"></a><a name="_Toc405794740"></a><a
-name="_Toc385057920"></a><a name="_Toc383864892"></a><a name="_Toc323610885"></a><a
-name="_Toc323205455"></a><a name="_Toc323024123"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_DestroyObject</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_DestroyObject)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_OBJECT_HANDLE hObject<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_DestroyObject</b> destroys an object.  <i>hSession</i>
-is the session’s handle;  and <i>hObject</i> is the object’s handle.</p>
-
-<p class=MsoNormal>Only session objects can be destroyed during a read-only
-session.  Only public objects can be destroyed unless the normal user is logged
-in.</p>
-
-<p class=MsoNormal>Certain objects may not be destroyed. Calling
-C_DestroyObject on such objects will result in the CKR_ACTION_PROHIBITED error
-code. An application can consult the object's CKA_DESTROYABLE attribute to
-determine if an object may be destroyed or not.</p>
-
-<p class=MsoNormal>Return values: , CKR_ACTION_PROHIBITED, CKR_CRYPTOKI_NOT_INITIALIZED,
-CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_FAILED,
-CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OBJECT_HANDLE_INVALID, CKR_OK,
-CKR_PIN_EXPIRED, CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID,
-CKR_SESSION_READ_ONLY, CKR_TOKEN_WRITE_PROTECTED.</p>
-
-<p class=MsoNormal> Example: see <b>C_GetObjectSize</b>.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002349"></a><a name="_Toc72656131"></a><a name="_Toc405794741"></a><a
-name="_Toc385057921"></a><a name="_Toc383864893"></a><a name="_Toc323610886"></a><a
-name="_Toc323205456"></a><a name="_Toc323024124"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_GetObjectSize</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_GetObjectSize)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_OBJECT_HANDLE hObject,<br>
-  CK_ULONG_PTR pulSize<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_GetObjectSize</b> gets the size of an object in bytes. 
-<i>hSession</i> is the session’s handle; <i>hObject</i> is the object’s handle;
-<i>pulSize</i> points to the location that receives the size in bytes of the
-object.</p>
-
-<p class=MsoNormal>Cryptoki does not specify what the precise meaning of an
-object’s size is.  Intuitively, it is some measure of how much token memory the
-object takes up.  If an application deletes (say) a private object of size S,
-it might be reasonable to assume that the <i>ulFreePrivateMemory</i> field of
-the token’s <b>CK_TOKEN_INFO</b> structure increases by approximately S.</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY,
-CKR_DEVICE_REMOVED, CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY,
-CKR_INFORMATION_SENSITIVE, CKR_OBJECT_HANDLE_INVALID, CKR_OK,
-CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID.</p>
-
-<p class=MsoNormal>Example:</p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_SESSION_HANDLE hSession;</p>
-
-<p class=BoxedCode>CK_OBJECT_HANDLE hObject;</p>
-
-<p class=BoxedCode>CK_OBJECT_CLASS dataClass = CKO_DATA;</p>
-
-<p class=BoxedCode>CK_UTF8CHAR application[] = {“My Application”};</p>
-
-<p class=BoxedCode>CK_BYTE dataValue[] = {...};</p>
-
-<p class=BoxedCode>CK_BYTE value[] = {...};</p>
-
-<p class=BoxedCode>CK_BBOOL true = CK_TRUE;</p>
-
-<p class=BoxedCode>CK_ATTRIBUTE template[] = {</p>
-
-<p class=BoxedCode>  {CKA_CLASS, &amp;dataClass, sizeof(dataClass)},</p>
-
-<p class=BoxedCode>  {CKA_TOKEN, &amp;true, sizeof(true)},</p>
-
-<p class=BoxedCode>  {CKA_APPLICATION, application, sizeof(application)-1},</p>
-
-<p class=BoxedCode>  {CKA_VALUE, value, sizeof(value)}</p>
-
-<p class=BoxedCode>};</p>
-
-<p class=BoxedCode>CK_ULONG ulSize;</p>
-
-<p class=BoxedCode>CK_RV rv;</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>rv = C_CreateObject(hSession, &amp;template, 4,
-&amp;hObject);</p>
-
-<p class=BoxedCode>if (rv == CKR_OK) {</p>
-
-<p class=BoxedCode>  rv = C_GetObjectSize(hSession, hObject, &amp;ulSize);</p>
-
-<p class=BoxedCode>  if (rv != CKR_INFORMATION_SENSITIVE) {</p>
-
-<p class=BoxedCode>    .</p>
-
-<p class=BoxedCode>    .</p>
-
-<p class=BoxedCode>  }</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>  rv = C_DestroyObject(hSession, hObject);</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>}</p>
-
-</div>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002350"></a><a name="_Toc72656132"></a><a name="_Toc405794742"></a><a
-name="_Toc385057922"></a><a name="_Toc383864894"></a><a name="_Toc323610887"></a><a
-name="_Toc323205457"></a><a name="_Toc323024125"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_GetAttributeValue</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_GetAttributeValue)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_OBJECT_HANDLE hObject,<br>
-  CK_ATTRIBUTE_PTR pTemplate,<br>
-  CK_ULONG ulCount<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_GetAttributeValue</b> obtains the value of one or more
-attributes of an object.  <i>hSession</i> is the session’s handle; <i>hObject</i>
-is the object’s handle; <i>pTemplate</i> points to a template that specifies
-which attribute values are to be obtained, and receives the attribute values; <i>ulCount</i>
-is the number of attributes in the template.</p>
-
-<p class=MsoNormal>For each (<i>type</i>, <i>pValue</i>, <i>ulValueLen</i>)
-triple in the template, <b>C_GetAttributeValue</b> performs the following
-algorithm:</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'>1.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>If the
-specified attribute (i.e., the attribute specified by the type field) for the
-object cannot be revealed because the object is sensitive or unextractable,
-then the ulValueLen field in that triple is modified to hold the value
-CK_UNAVAILABLE_INFORMATION.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'>2.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>Otherwise,
-if the specified value for the object is invalid (the object does not possess
-such an attribute), then the ulValueLen field in that triple is modified to
-hold the value CK_UNAVAILABLE_INFORMATION.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'>3.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>Otherwise,
-if the <i>pValue</i> field has the value NULL_PTR, then the <i>ulValueLen</i>
-field is modified to hold the exact length of the specified attribute for the
-object.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'>4.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>Otherwise,
-if the length specified in <i>ulValueLen</i> is large enough to hold the value
-of the specified attribute for the object, then that attribute is copied into
-the buffer located at <i>pValue</i>, and the <i>ulValueLen</i> field is
-modified to hold the exact length of the attribute.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'>5.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>Otherwise,
-the ulValueLen field is modified to hold the value CK_UNAVAILABLE_INFORMATION.</p>
-
-<p class=MsoNormal>If case 1 applies to any of the requested attributes, then
-the call should return the value CKR_ATTRIBUTE_SENSITIVE.  If case 2 applies to
-any of the requested attributes, then the call should return the value
-CKR_ATTRIBUTE_TYPE_INVALID.  If case 5 applies to any of the requested
-attributes, then the call should return the value CKR_BUFFER_TOO_SMALL.  As
-usual, if more than one of these error codes is applicable, Cryptoki may return
-any of them.  Only if none of them applies to any of the requested attributes
-will CKR_OK be returned.</p>
-
-<p class=MsoNormal>In the special case of an attribute whose value is an array
-of attributes, for example CKA_WRAP_TEMPLATE, where it is passed in with pValue
-not NULL, then if the pValue of elements within the array is NULL_PTR then the
-ulValueLen of elements within the array will be set to the required length. If
-the pValue of elements within the array is not NULL_PTR, then the ulValueLen
-element of attributes within the array MUST reflect the space that the
-corresponding pValue points to, and pValue is filled in if there is sufficient
-room. Therefore it is important to initialize the contents of a buffer before
-calling C_GetAttributeValue to get such an array value. If any ulValueLen
-within the array isn't large enough, it will be set to
-CK_UNAVAILABLE_INFORMATION and the function will return CKR_BUFFER_TOO_SMALL,
-as it does if an attribute in the pTemplate argument has ulValueLen too small.
-Note that any attribute whose value is an array of attributes is identifiable
-by virtue of the attribute type having the CKF_ARRAY_ATTRIBUTE bit set.</p>
-
-<p class=MsoNormal>Note that the error codes CKR_ATTRIBUTE_SENSITIVE,
-CKR_ATTRIBUTE_TYPE_INVALID, and CKR_BUFFER_TOO_SMALL  do not denote true errors
-for <b>C_GetAttributeValue</b>.  If a call to <b>C_GetAttributeValue</b>
-returns any of these three values, then the call MUST nonetheless have
-processed <i>every</i> attribute in the template supplied to <b>C_GetAttributeValue</b>. 
-Each attribute in the template whose value <i>can be</i> returned by the call
-to <b>C_GetAttributeValue</b> <i>will be</i> returned by the call to <b>C_GetAttributeValue</b>.</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD, CKR_ATTRIBUTE_SENSITIVE,
-CKR_ATTRIBUTE_TYPE_INVALID, CKR_BUFFER_TOO_SMALL, CKR_CRYPTOKI_NOT_INITIALIZED,
-CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_FAILED,
-CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OBJECT_HANDLE_INVALID, CKR_OK,
-CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID.</p>
-
-<p class=MsoNormal>Example:</p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_SESSION_HANDLE hSession;</p>
-
-<p class=BoxedCode>CK_OBJECT_HANDLE hObject;</p>
-
-<p class=BoxedCode>CK_BYTE_PTR pModulus, pExponent;</p>
-
-<p class=BoxedCode>CK_ATTRIBUTE template[] = {</p>
-
-<p class=BoxedCode>  {CKA_MODULUS, NULL_PTR, 0},</p>
-
-<p class=BoxedCode>  {CKA_PUBLIC_EXPONENT, NULL_PTR, 0}</p>
-
-<p class=BoxedCode>};</p>
-
-<p class=BoxedCode>CK_RV rv;</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>rv = C_GetAttributeValue(hSession, hObject, &amp;template,
-2);</p>
-
-<p class=BoxedCode>if (rv == CKR_OK) {</p>
-
-<p class=BoxedCode>  pModulus = (CK_BYTE_PTR) malloc(template[0].ulValueLen);</p>
-
-<p class=BoxedCode>  template[0].pValue = pModulus;</p>
-
-<p class=BoxedCode>  /* template[0].ulValueLen was set by C_GetAttributeValue
-*/</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>  pExponent = (CK_BYTE_PTR) malloc(template[1].ulValueLen);</p>
-
-<p class=BoxedCode>  template[1].pValue = pExponent;</p>
-
-<p class=BoxedCode>  /* template[1].ulValueLen was set by C_GetAttributeValue
-*/</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>  rv = C_GetAttributeValue(hSession, hObject, &amp;template,
-2);</p>
-
-<p class=BoxedCode>  if (rv == CKR_OK) {</p>
-
-<p class=BoxedCode>    .</p>
-
-<p class=BoxedCode>    .</p>
-
-<p class=BoxedCode>  }</p>
-
-<p class=BoxedCode>  free(pModulus);</p>
-
-<p class=BoxedCode>  free(pExponent);</p>
-
-<p class=BoxedCode>}</p>
-
-</div>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002351"></a><a name="_Toc72656133"></a><a name="_Toc405794743"></a><a
-name="_Toc385057923"></a><a name="_Toc383864895"></a><a name="_Toc323610888"></a><a
-name="_Toc323205458"></a><a name="_Toc323024126"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_SetAttributeValue</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_SetAttributeValue)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_OBJECT_HANDLE hObject,<br>
-  CK_ATTRIBUTE_PTR pTemplate,<br>
-  CK_ULONG ulCount<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_SetAttributeValue</b> modifies the value of one or more
-attributes of an object.  <i>hSession</i> is the session’s handle; <i>hObject</i>
-is the object’s handle; <i>pTemplate</i> points to a template that specifies
-which attribute values are to be modified and their new values; <i>ulCount</i>
-is the number of attributes in the template.</p>
-
-<p class=MsoNormal>Certain objects may not be modified. Calling
-C_SetAttributeValue on such objects will result in the CKR_ACTION_PROHIBITED
-error code. An application can consult the object's CKA_MODIFIABLE attribute to
-determine if an object may be modified or not.</p>
-
-<p class=MsoNormal>Only session objects can be modified during a read-only
-session.</p>
-
-<p class=MsoNormal>The template may specify new values for any attributes of
-the object that can be modified.  If the template specifies a value of an
-attribute which is incompatible with other existing attributes of the object,
-the call fails with the return code CKR_TEMPLATE_INCONSISTENT.</p>
-
-<p class=MsoNormal>Not all attributes can be modified; see Section 4.1.2 for more details.</p>
-
-<p class=MsoNormal>Return values: CKR_ACTION_PROHIBITED, CKR_ARGUMENTS_BAD,
-CKR_ATTRIBUTE_READ_ONLY, CKR_ATTRIBUTE_TYPE_INVALID,
-CKR_ATTRIBUTE_VALUE_INVALID, CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DEVICE_ERROR,
-CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR,
-CKR_HOST_MEMORY, CKR_OBJECT_HANDLE_INVALID, CKR_OK, CKR_SESSION_CLOSED,
-CKR_SESSION_HANDLE_INVALID, CKR_SESSION_READ_ONLY, CKR_TEMPLATE_INCONSISTENT,
-CKR_TOKEN_WRITE_PROTECTED, CKR_USER_NOT_LOGGED_IN.</p>
-
-<p class=MsoNormal>Example:</p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_SESSION_HANDLE hSession;</p>
-
-<p class=BoxedCode>CK_OBJECT_HANDLE hObject;</p>
-
-<p class=BoxedCode>CK_UTF8CHAR label[] = {“New label”};</p>
-
-<p class=BoxedCode>CK_ATTRIBUTE template[] = {</p>
-
-<p class=BoxedCode>  CKA_LABEL, label, sizeof(label)-1</p>
-
-<p class=BoxedCode>};</p>
-
-<p class=BoxedCode>CK_RV rv;</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>rv = C_SetAttributeValue(hSession, hObject, &amp;template,
-1);</p>
-
-<p class=BoxedCode>if (rv == CKR_OK) {</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>}</p>
-
-</div>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002352"></a><a name="_Toc72656134"></a><a name="_Toc405794744"></a><a
-name="_Toc385057924"></a><a name="_Toc383864896"></a><a name="_Toc323610889"></a><a
-name="_Toc323205460"><span style='font-family:Symbol;font-weight:normal'>¨<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><span
-style='font-family:"Arial","sans-serif"'>C_FindObjectsInit</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_FindObjectsInit)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_ATTRIBUTE_PTR pTemplate,<br>
-  CK_ULONG ulCount<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_FindObjectsInit</b> initializes a search for token and
-session objects that match a template. <i>hSession</i> is the session’s handle;
-<i>pTemplate</i> points to a search template that specifies the attribute
-values to match; <i>ulCount</i> is the number of attributes in the search
-template. The matching criterion is an exact byte-for-byte match with all
-attributes in the template. To find all objects, set <i>ulCount</i> to 0.</p>
-
-<p class=MsoNormal>After calling <b>C_FindObjectsInit</b>, the application may
-call <b>C_FindObjects</b> one or more times to obtain handles for objects
-matching the template, and then eventually call <b>C_FindObjectsFinal</b> to
-finish the active search operation.  At most one search operation may be active
-at a given time in a given session.</p>
-
-<p class=MsoNormal>The object search operation will only find objects that the
-session can view.  For example, an object search in an “R/W Public Session”
-will not find any private objects (even if one of the attributes in the search
-template specifies that the search is for private objects).</p>
-
-<p class=MsoNormal>If a search operation is active, and objects are created or
-destroyed which fit the search template for the active search operation, then
-those objects may or may not be found by the search operation.  Note that this
-means that, under these circumstances, the search operation may return invalid
-object handles.</p>
-
-<p class=MsoNormal>Even though <b>C_FindObjectsInit</b> can return the values
-CKR_ATTRIBUTE_TYPE_INVALID and CKR_ATTRIBUTE_VALUE_INVALID, it is not required
-to.  For example, if it is given a search template with nonexistent attributes
-in it, it can return CKR_ATTRIBUTE_TYPE_INVALID, or it can initialize a search
-operation which will match no objects and return CKR_OK.</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD,
-CKR_ATTRIBUTE_TYPE_INVALID, CKR_ATTRIBUTE_VALUE_INVALID, CKR_CRYPTOKI_NOT_INITIALIZED,
-CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_FAILED,
-CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK, CKR_OPERATION_ACTIVE,
-CKR_PIN_EXPIRED, CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID.</p>
-
-<p class=MsoNormal>Example: see <b>C_FindObjectsFinal</b>.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002353"></a><a name="_Toc72656135"></a><a name="_Toc405794745"></a><a
-name="_Toc385057925"></a><a name="_Toc383864897"></a><a name="_Toc323610890"></a><a
-name="_Toc323205461"><span style='font-family:Symbol;font-weight:normal'>¨<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><span
-style='font-family:"Arial","sans-serif"'>C_FindObjects</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_FindObjects)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_OBJECT_HANDLE_PTR phObject,<br>
-  CK_ULONG ulMaxObjectCount,<br>
-  CK_ULONG_PTR pulObjectCount<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_FindObjects</b> continues a search for token and
-session objects that match a template, obtaining additional object handles. <i>hSession</i>
-is the session’s handle; <i>phObject</i> points to the location that receives
-the list (array) of additional object handles; <i>ulMaxObjectCount</i> is the
-maximum number of object handles to be returned; <i>pulObjectCount</i> points
-to the location that receives the actual number of object handles returned.</p>
-
-<p class=MsoNormal>If there are no more objects matching the template, then the
-location that <i>pulObjectCount</i> points to receives the value 0.</p>
-
-<p class=MsoNormal>The search MUST have been initialized with <b>C_FindObjectsInit</b>.</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY,
-CKR_DEVICE_REMOVED, CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY,
-CKR_OK, CKR_OPERATION_NOT_INITIALIZED, CKR_SESSION_CLOSED,
-CKR_SESSION_HANDLE_INVALID.</p>
-
-<p class=MsoNormal>Example: see <b>C_FindObjectsFinal</b>.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002354"></a><a name="_Toc72656136"></a><a name="_Toc405794746"></a><a
-name="_Toc385057926"><span style='font-family:Symbol;font-weight:normal'>¨<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><span
-style='font-family:"Arial","sans-serif"'>C_FindObjectsFinal</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_FindObjectsFinal)(<br>
-  CK_SESSION_HANDLE hSession<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_FindObjectsFinal</b> terminates a search for token and
-session objects.  <i>hSession</i> is the session’s handle.</p>
-
-<p class=MsoNormal>Return values: CKR_CRYPTOKI_NOT_INITIALIZED,
-CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_FAILED,
-CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK, CKR_OPERATION_NOT_INITIALIZED,
-CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID.</p>
-
-<p class=MsoNormal>Example:</p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_SESSION_HANDLE hSession;</p>
-
-<p class=BoxedCode>CK_OBJECT_HANDLE hObject;</p>
-
-<p class=BoxedCode>CK_ULONG ulObjectCount;</p>
-
-<p class=BoxedCode>CK_RV rv;</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>rv = C_FindObjectsInit(hSession, NULL_PTR, 0);</p>
-
-<p class=BoxedCode>assert(rv == CKR_OK);</p>
-
-<p class=BoxedCode>while (1) {</p>
-
-<p class=BoxedCode>  rv = C_FindObjects(hSession, &amp;hObject, 1,
-&amp;ulObjectCount);</p>
-
-<p class=BoxedCode>  if (rv != CKR_OK || ulObjectCount == 0)</p>
-
-<p class=BoxedCode>    break;</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>}</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>rv = C_FindObjectsFinal(hSession);</p>
-
-<p class=BoxedCode>assert(rv == CKR_OK);</p>
-
-</div>
-
-<h2><a name="_Ref319839546"></a><a name="_Toc319315701"></a><a
-name="_Toc319313708"></a><a name="_Toc319313515"></a><a name="_Toc319287675"></a><a
-name="_Toc416959744"></a><a name="_Toc395183817"></a><a name="_Toc391468821"></a><a
-name="_Toc370634030"></a><a name="_Toc235002355"></a><a name="_Toc72656137"></a><a
-name="_Toc405794747"></a><a name="_Toc385057927"></a><a name="_Toc383864898"></a><a
-name="_Toc323610891"></a><a name="_Toc323205462"></a><a name="_Toc323024128"></a><a
-name="_Toc323000711"></a><a name="_Toc322945144"></a><a name="_Toc322855302"></a><a
-name="_Toc319315702"></a><a name="_Toc319313709"></a><a name="_Toc319313516"></a><a
-name="_Toc319287676">5.8 Encryption</a> functions</h2>
-
-<p class=MsoNormal>Cryptoki provides the following functions for encrypting
-data:<b> </b></p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002356"></a><a name="_Toc72656138"></a><a name="_Toc405794748"></a><a
-name="_Toc385057928"></a><a name="_Toc383864899"></a><a name="_Toc323610892"></a><a
-name="_Toc323205463"></a><a name="_Toc323024129"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_EncryptInit</span></a><a
-name=encryptinit></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_EncryptInit)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_MECHANISM_PTR pMechanism,<br>
-  CK_OBJECT_HANDLE hKey<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_EncryptInit</b> initializes an encryption operation. <i>hSession</i>
-is the session’s handle; <i>pMechanism</i> points to the encryption mechanism; <i>hKey</i>
-is the handle of the encryption key.</p>
-
-<p class=MsoNormal>The <b>CKA_ENCRYPT</b> attribute of the encryption key,
-which indicates whether the key supports encryption, MUST be CK_TRUE.</p>
-
-<p class=MsoNormal>After calling <b>C_EncryptInit</b>, the application can
-either call <b>C_Encrypt</b> to encrypt data in a single part; or call <b>C_EncryptUpdate</b>
-zero or more times, followed by <b>C_EncryptFinal</b>, to encrypt data in
-multiple parts.  The encryption operation is active until the application uses
-a call to <b>C_Encrypt</b> or <b>C_EncryptFinal</b> <i>to actually obtain</i>
-the final piece of ciphertext.  To process additional data (in single or
-multiple parts), the application MUST call <b>C_EncryptInit</b> again.</p>
-
-<p class=MsoNormal>Return values: CKR_CRYPTOKI_NOT_INITIALIZED,
-CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED,
-CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY,
-CKR_KEY_FUNCTION_NOT_PERMITTED, CKR_KEY_HANDLE_INVALID, CKR_KEY_SIZE_RANGE,
-CKR_KEY_TYPE_INCONSISTENT, CKR_MECHANISM_INVALID, CKR_MECHANISM_PARAM_INVALID,
-CKR_OK, CKR_OPERATION_ACTIVE, CKR_PIN_EXPIRED, CKR_SESSION_CLOSED,
-CKR_SESSION_HANDLE_INVALID, CKR_USER_NOT_LOGGED_IN.</p>
-
-<p class=MsoNormal>Example:  see <b>C_EncryptFinal</b>.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002357"></a><a name="_Toc72656139"></a><a name="_Toc405794749"></a><a
-name="_Toc385057929"></a><a name="_Toc383864900"></a><a name="_Toc323610893"></a><a
-name="_Toc323205464"></a><a name="_Toc323024130"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_Encrypt</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_Encrypt)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_BYTE_PTR pData,<br>
-  CK_ULONG ulDataLen,<br>
-  CK_BYTE_PTR pEncryptedData,<br>
-  CK_ULONG_PTR pulEncryptedDataLen<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_Encrypt</b> encrypts single-part data. <i>hSession</i>
-is the session’s handle; <i>pData</i> points to the data; <i>ulDataLen</i> is
-the length in bytes of the data; <i>pEncryptedData</i> points to the location
-that receives the encrypted data; <i>pulEncryptedDataLen</i> points to the
-location that holds the length in bytes of the encrypted data.</p>
-
-<p class=MsoNormal><b>C_Encrypt</b> uses the convention described in Section 5.2 on producing output.</p>
-
-<p class=MsoNormal>The encryption operation MUST have been initialized with <b>C_EncryptInit</b>. 
-A call to <b>C_Encrypt</b> always terminates the active encryption operation
-unless it returns CKR_BUFFER_TOO_SMALL or is a successful call (<i>i.e.</i>,
-one which returns CKR_OK) to determine the length of the buffer needed to hold
-the ciphertext.</p>
-
-<p class=MsoNormal><b>C_Encrypt<i> </i></b>cannot be used to terminate a multi-part
-operation, and MUST be called after <b>C_EncryptInit</b> without intervening <b>C_EncryptUpdate</b>
-calls.</p>
-
-<p class=MsoNormal>For some encryption mechanisms, the input plaintext data has
-certain length constraints (either because the mechanism can only encrypt
-relatively short pieces of plaintext, or because the mechanism’s input data MUST
-consist of an integral number of blocks).  If these constraints are not
-satisfied, then <b>C_Encrypt</b> will fail with return code CKR_DATA_LEN_RANGE.</p>
-
-<p class=MsoNormal>The plaintext and ciphertext can be in the same place, <i>i.e.</i>,
-it is OK if <i>pData</i> and <i>pEncryptedData</i> point to the same location.</p>
-
-<p class=MsoNormal>For most mechanisms, <b>C_Encrypt</b> is equivalent to a
-sequence of <b>C_EncryptUpdate</b> operations followed by <b>C_EncryptFinal</b>.</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD, CKR_BUFFER_TOO_SMALL,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DATA_INVALID, CKR_DATA_LEN_RANGE,
-CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED,
-CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK,
-CKR_OPERATION_NOT_INITIALIZED, CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID.</p>
-
-<p class=MsoNormal>Example: see <b>C_EncryptFinal</b> for an example of similar
-functions.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002358"></a><a name="_Toc72656140"></a><a name="_Toc405794750"></a><a
-name="_Toc385057930"></a><a name="_Toc383864901"></a><a name="_Toc323610894"></a><a
-name="_Toc323205465"></a><a name="_Toc323024131"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_EncryptUpdate</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_EncryptUpdate)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_BYTE_PTR pPart,<br>
-  CK_ULONG ulPartLen,<br>
-  CK_BYTE_PTR pEncryptedPart,<br>
-  CK_ULONG_PTR pulEncryptedPartLen<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_EncryptUpdate</b> continues a multiple-part encryption
-operation, processing another data part. <i>hSession</i> is the session’s
-handle; <i>pPart</i> points to the data part; <i>ulPartLen</i> is the length of
-the data part; <i>pEncryptedPart</i> points to the location that receives the
-encrypted data part; <i>pulEncryptedPartLen</i> points to the location that
-holds the length in bytes of the encrypted data part.</p>
-
-<p class=MsoNormal><b>C_EncryptUpdate</b> uses the convention described in
-Section 5.2 on producing output.</p>
-
-<p class=MsoNormal>The encryption operation MUST have been initialized with <b>C_EncryptInit</b>. 
-This function may be called any number of times in succession.  A call to <b>C_EncryptUpdate</b>
-which results in an error other than CKR_BUFFER_TOO_SMALL terminates the
-current encryption operation.</p>
-
-<p class=MsoNormal>The plaintext and ciphertext can be in the same place, <i>i.e.</i>,
-it is OK if <i>pPart</i> and <i>pEncryptedPart</i> point to the same location.</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD, CKR_BUFFER_TOO_SMALL,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DATA_LEN_RANGE, CKR_DEVICE_ERROR,
-CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED,
-CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK,
-CKR_OPERATION_NOT_INITIALIZED, CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID.</p>
-
-<p class=MsoNormal>Example:  see <b>C_EncryptFinal.</b></p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002359"></a><a name="_Toc72656141"></a><a name="_Toc405794751"></a><a
-name="_Toc385057931"></a><a name="_Toc383864902"></a><a name="_Toc323610895"></a><a
-name="_Toc323205466"></a><a name="_Toc323024132"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_EncryptFinal</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_EncryptFinal)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_BYTE_PTR pLastEncryptedPart,<br>
-  CK_ULONG_PTR pulLastEncryptedPartLen<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_EncryptFinal</b> finishes a multiple-part encryption
-operation. <i>hSession</i> is the session’s handle; <i>pLastEncryptedPart</i>
-points to the location that receives the last encrypted data part, if any; <i>pulLastEncryptedPartLen</i>
-points to the location that holds the length of the last encrypted data part.</p>
-
-<p class=MsoNormal><b>C_EncryptFinal</b> uses the convention described in
-Section 5.2 on producing output.</p>
-
-<p class=MsoNormal>The encryption operation MUST have been initialized with <b>C_EncryptInit</b>. 
-A call to <b>C_EncryptFinal</b> always terminates the active encryption
-operation unless it returns CKR_BUFFER_TOO_SMALL or is a successful call (<i>i.e.</i>,
-one which returns CKR_OK) to determine the length of the buffer needed to hold
-the ciphertext.</p>
-
-<p class=MsoNormal>For some multi-part encryption mechanisms, the input
-plaintext data has certain length constraints, because the mechanism’s input
-data MUST consist of an integral number of blocks.  If these constraints are
-not satisfied, then <b>C_EncryptFinal</b> will fail with return code
-CKR_DATA_LEN_RANGE.</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD, CKR_BUFFER_TOO_SMALL,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DATA_LEN_RANGE, CKR_DEVICE_ERROR,
-CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED,
-CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK,
-CKR_OPERATION_NOT_INITIALIZED, CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID.</p>
-
-<p class=MsoNormal>Example:</p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>#define PLAINTEXT_BUF_SZ 200</p>
-
-<p class=BoxedCode>#define CIPHERTEXT_BUF_SZ 256</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>CK_ULONG firstPieceLen, secondPieceLen;</p>
-
-<p class=BoxedCode>CK_SESSION_HANDLE hSession;</p>
-
-<p class=BoxedCode>CK_OBJECT_HANDLE hKey;</p>
-
-<p class=BoxedCode>CK_BYTE iv[8];</p>
-
-<p class=BoxedCode>CK_MECHANISM mechanism = {</p>
-
-<p class=BoxedCode>  CKM_DES_CBC_PAD, iv, sizeof(iv)</p>
-
-<p class=BoxedCode>};</p>
-
-<p class=BoxedCode>CK_BYTE data[PLAINTEXT_BUF_SZ];</p>
-
-<p class=BoxedCode>CK_BYTE encryptedData[CIPHERTEXT_BUF_SZ];</p>
-
-<p class=BoxedCode>CK_ULONG ulEncryptedData1Len;</p>
-
-<p class=BoxedCode>CK_ULONG ulEncryptedData2Len;</p>
-
-<p class=BoxedCode><span lang=SV>CK_ULONG ulEncryptedData3Len;</span></p>
-
-<p class=BoxedCode><span lang=SV>CK_RV rv;</span></p>
-
-<p class=BoxedCode><span lang=SV>&nbsp;</span></p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>firstPieceLen = 90;</p>
-
-<p class=BoxedCode>secondPieceLen = PLAINTEXT_BUF_SZ-firstPieceLen;</p>
-
-<p class=BoxedCode>rv = C_EncryptInit(hSession, &amp;mechanism, hKey);</p>
-
-<p class=BoxedCode>if (rv == CKR_OK) {</p>
-
-<p class=BoxedCode>  /* Encrypt first piece */</p>
-
-<p class=BoxedCode>  ulEncryptedData1Len = sizeof(encryptedData);</p>
-
-<p class=BoxedCode>  rv = C_EncryptUpdate(</p>
-
-<p class=BoxedCode>    hSession,</p>
-
-<p class=BoxedCode>    &amp;data[0], firstPieceLen,</p>
-
-<p class=BoxedCode>    &amp;encryptedData[0], &amp;ulEncryptedData1Len);</p>
-
-<p class=BoxedCode>  if (rv != CKR_OK) {</p>
-
-<p class=BoxedCode>     .</p>
-
-<p class=BoxedCode>     .</p>
-
-<p class=BoxedCode>  }</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>  /* Encrypt second piece */</p>
-
-<p class=BoxedCode>  ulEncryptedData2Len =
-sizeof(encryptedData)-ulEncryptedData1Len;</p>
-
-<p class=BoxedCode>  rv = C_EncryptUpdate(</p>
-
-<p class=BoxedCode>    hSession,</p>
-
-<p class=BoxedCode>    &amp;data[firstPieceLen], secondPieceLen,</p>
-
-<p class=BoxedCode>    &amp;encryptedData[ulEncryptedData1Len],
-&amp;ulEncryptedData2Len);</p>
-
-<p class=BoxedCode>  if (rv != CKR_OK) {</p>
-
-<p class=BoxedCode>     .</p>
-
-<p class=BoxedCode>     .</p>
-
-<p class=BoxedCode>  }</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>  /* Get last little encrypted bit */</p>
-
-<p class=BoxedCode>  ulEncryptedData3Len =</p>
-
-<p class=BoxedCode>   
-sizeof(encryptedData)-ulEncryptedData1Len-ulEncryptedData2Len;</p>
-
-<p class=BoxedCode>  rv = C_EncryptFinal(</p>
-
-<p class=BoxedCode>    hSession,</p>
-
-<p class=BoxedCode>   
-&amp;encryptedData[ulEncryptedData1Len+ulEncryptedData2Len],</p>
-
-<p class=BoxedCode>    &amp;ulEncryptedData3Len);</p>
-
-<p class=BoxedCode>  if (rv != CKR_OK) {</p>
-
-<p class=BoxedCode>     .</p>
-
-<p class=BoxedCode>     .</p>
-
-<p class=BoxedCode>  }</p>
-
-<p class=BoxedCode>}</p>
-
-</div>
-
-<h2><a name="_Toc416959745"></a><a name="_Toc395183818"></a><a
-name="_Toc391468822"></a><a name="_Toc370634031"></a><a name="_Toc235002360"></a><a
-name="_Toc72656142"></a><a name="_Toc405794752"></a><a name="_Toc385057932">5.9
-Decryption functions</a></h2>
-
-<p class=MsoNormal style='page-break-after:avoid'><a name="_Toc383864903"></a><a
-name="_Toc323610896"></a><a name="_Toc323205467"></a><a name="_Toc323024133">Cryptoki
-provides the following functions for decrypting data</a><span style='font-size:
-12.0pt'>:<b> </b></span></p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002361"></a><a name="_Toc72656143"></a><a name="_Toc405794753"></a><a
-name="_Toc385057933"><span style='font-family:Symbol;font-weight:normal'>¨<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><span
-style='font-family:"Arial","sans-serif"'>C_DecryptInit</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_DecryptInit)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_MECHANISM_PTR pMechanism,<br>
-  CK_OBJECT_HANDLE hKey<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_DecryptInit</b> initializes a decryption operation. <i>hSession</i>
-is the session’s handle; <i>pMechanism</i> points to the decryption mechanism; <i>hKey</i>
-is the handle of the decryption key.</p>
-
-<p class=MsoNormal>The <b>CKA_DECRYPT</b> attribute of the decryption key,
-which indicates whether the key supports decryption, MUST be CK_TRUE.</p>
-
-<p class=MsoNormal>After calling <b>C_DecryptInit</b>, the application can
-either call <b>C_Decrypt</b> to decrypt data in a single part; or call <b>C_DecryptUpdate</b>
-zero or more times, followed by <b>C_DecryptFinal</b>, to decrypt data in
-multiple parts.  The decryption operation is active until the application uses
-a call to <b>C_Decrypt</b> or <b>C_DecryptFinal</b> <i>to actually obtain</i>
-the final piece of plaintext.  To process additional data (in single or
-multiple parts), the application MUST call <b>C_DecryptInit</b> again</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY,
-CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED, CKR_FUNCTION_FAILED,
-CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_KEY_FUNCTION_NOT_PERMITTED,
-CKR_KEY_HANDLE_INVALID, CKR_KEY_SIZE_RANGE, CKR_KEY_TYPE_INCONSISTENT,
-CKR_MECHANISM_INVALID, CKR_MECHANISM_PARAM_INVALID, CKR_OK,
-CKR_OPERATION_ACTIVE, CKR_PIN_EXPIRED, CKR_SESSION_CLOSED,
-CKR_SESSION_HANDLE_INVALID, CKR_USER_NOT_LOGGED_IN.</p>
-
-<p class=MsoNormal>Example:  see <b>C_DecryptFinal</b>.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002362"></a><a name="_Toc72656144"></a><a name="_Toc405794754"></a><a
-name="_Toc385057934"></a><a name="_Toc383864904"></a><a name="_Toc323610897"></a><a
-name="_Toc323205468"></a><a name="_Toc323024134"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_Decrypt</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_Decrypt)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_BYTE_PTR pEncryptedData,<br>
-  CK_ULONG ulEncryptedDataLen,<br>
-  CK_BYTE_PTR pData,<br>
-  CK_ULONG_PTR pulDataLen<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_Decrypt</b> decrypts encrypted data in a single part. <i>hSession</i>
-is the session’s handle; <i>pEncryptedData</i> points to the encrypted data; <i>ulEncryptedDataLen</i>
-is the length of the encrypted data; <i>pData</i> points to the location that
-receives the recovered data; <i>pulDataLen</i> points to the location that
-holds the length of the recovered data.</p>
-
-<p class=MsoNormal><b>C_Decrypt</b> uses the convention described in Section 5.2 on producing output.</p>
-
-<p class=MsoNormal>The decryption operation MUST have been initialized with <b>C_DecryptInit</b>. 
-A call to <b>C_Decrypt</b> always terminates the active decryption operation
-unless it returns CKR_BUFFER_TOO_SMALL or is a successful call (<i>i.e.</i>,
-one which returns CKR_OK) to determine the length of the buffer needed to hold
-the plaintext.</p>
-
-<p class=MsoNormal><b>C_Decrypt<i> </i></b>cannot be used to terminate a
-multi-part operation, and MUST be called after <b>C_DecryptInit</b> without
-intervening <b>C_DecryptUpdate</b> calls.</p>
-
-<p class=MsoNormal>The ciphertext and plaintext can be in the same place, <i>i.e.</i>,
-it is OK if <i>pEncryptedData</i> and <i>pData</i> point to the same location.</p>
-
-<p class=MsoNormal>If the input ciphertext data cannot be decrypted because it
-has an inappropriate length, then either CKR_ENCRYPTED_DATA_INVALID or
-CKR_ENCRYPTED_DATA_LEN_RANGE may be returned.</p>
-
-<p class=MsoNormal>For most mechanisms, <b>C_Decrypt</b> is equivalent to a
-sequence of <b>C_DecryptUpdate</b> operations followed by <b>C_DecryptFinal</b>.</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD, CKR_BUFFER_TOO_SMALL,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY,
-CKR_DEVICE_REMOVED, CKR_ENCRYPTED_DATA_INVALID, CKR_ENCRYPTED_DATA_LEN_RANGE,
-CKR_FUNCTION_CANCELED, CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY,
-CKR_OK, CKR_OPERATION_NOT_INITIALIZED, CKR_SESSION_CLOSED,
-CKR_SESSION_HANDLE_INVALID, CKR_USER_NOT_LOGGED_IN.</p>
-
-<p class=MsoNormal><a name="_Toc383864905"></a><a name="_Toc323610898"></a><a
-name="_Toc323205469"></a><a name="_Toc323024135">Example: see <b>C_DecryptFinal</b>
-for an example of similar functions.</a></p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002363"></a><a name="_Toc72656145"></a><a name="_Toc405794755"></a><a
-name="_Toc385057935"><span style='font-family:Symbol;font-weight:normal'>¨<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><span
-style='font-family:"Arial","sans-serif"'>C_DecryptUpdate</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_DecryptUpdate)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_BYTE_PTR pEncryptedPart,<br>
-  CK_ULONG ulEncryptedPartLen,<br>
-  CK_BYTE_PTR pPart,<br>
-  CK_ULONG_PTR pulPartLen<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_DecryptUpdate</b> continues a multiple-part decryption
-operation, processing another encrypted data part. <i>hSession</i> is the
-session’s handle; <i>pEncryptedPart</i> points to the encrypted data part; <i>ulEncryptedPartLen</i>
-is the length of the encrypted data part; <i>pPart</i> points to the location
-that receives the recovered data part; <i>pulPartLen</i> points to the location
-that holds the length of the recovered data part.</p>
-
-<p class=MsoNormal><a name="_Toc319287678"><b>C_DecryptUpdate</b> uses the
-convention described in Section </a>5.2 on producing output.</p>
-
-<p class=MsoNormal>The decryption operation MUST have been initialized with <b>C_DecryptInit</b>. 
-This function may be called any number of times in succession.  A call to <b>C_DecryptUpdate</b>
-which results in an error other than CKR_BUFFER_TOO_SMALL terminates the
-current decryption operation.</p>
-
-<p class=MsoNormal>The ciphertext and plaintext can be in the same place, <i>i.e.</i>,
-it is OK if <i>pEncryptedPart</i> and <i>pPart</i> point to the same location.</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD, CKR_BUFFER_TOO_SMALL,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY,
-CKR_DEVICE_REMOVED, CKR_ENCRYPTED_DATA_INVALID, CKR_ENCRYPTED_DATA_LEN_RANGE,
-CKR_FUNCTION_CANCELED, CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY,
-CKR_OK, CKR_OPERATION_NOT_INITIALIZED, CKR_SESSION_CLOSED,
-CKR_SESSION_HANDLE_INVALID, CKR_USER_NOT_LOGGED_IN.</p>
-
-<p class=MsoNormal>Example:  See <b>C_DecryptFinal</b>.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002364"></a><a name="_Toc72656146"></a><a name="_Toc405794756"></a><a
-name="_Toc385057936"></a><a name="_Toc383864906"></a><a name="_Toc323610899"></a><a
-name="_Toc323205470"></a><a name="_Toc323024136"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_DecryptFinal</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_DecryptFinal)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_BYTE_PTR pLastPart,<br>
-  CK_ULONG_PTR pulLastPartLen<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_DecryptFinal</b> finishes a multiple-part decryption
-operation. <i>hSession</i> is the session’s handle; <i>pLastPart</i> points to
-the location that receives the last recovered data part, if any; <i>pulLastPartLen</i>
-points to the location that holds the length of the last recovered data part.</p>
-
-<p class=MsoNormal><b>C_DecryptFinal</b> uses the convention described in
-Section 5.2 on producing output.</p>
-
-<p class=MsoNormal>The decryption operation MUST have been initialized with <b>C_DecryptInit</b>. 
-A call to <b>C_DecryptFinal</b> always terminates the active decryption
-operation unless it returns CKR_BUFFER_TOO_SMALL or is a successful call (<i>i.e.</i>,
-one which returns CKR_OK) to determine the length of the buffer needed to hold
-the plaintext.</p>
-
-<p class=MsoNormal>If the input ciphertext data cannot be decrypted because it
-has an inappropriate length, then either CKR_ENCRYPTED_DATA_INVALID or
-CKR_ENCRYPTED_DATA_LEN_RANGE may be returned.</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD, CKR_BUFFER_TOO_SMALL,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY,
-CKR_DEVICE_REMOVED, CKR_ENCRYPTED_DATA_INVALID, CKR_ENCRYPTED_DATA_LEN_RANGE,
-CKR_FUNCTION_CANCELED, CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY,
-CKR_OK, CKR_OPERATION_NOT_INITIALIZED, CKR_SESSION_CLOSED,
-CKR_SESSION_HANDLE_INVALID, CKR_USER_NOT_LOGGED_IN.</p>
-
-<p class=MsoNormal><a name="_Toc383864907"></a><a name="_Toc323610900"></a><a
-name="_Toc323205471"></a><a name="_Toc323024137"></a><a name="_Toc323000712"></a><a
-name="_Toc322945145"></a><a name="_Toc322855303"></a><a name="_Toc319315705"></a><a
-name="_Toc319313712"></a><a name="_Toc319313519"></a><a name="_Toc319287679">Example:</a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>#define CIPHERTEXT_BUF_SZ 256</p>
-
-<p class=BoxedCode>#define PLAINTEXT_BUF_SZ 256</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>CK_ULONG firstEncryptedPieceLen, secondEncryptedPieceLen;</p>
-
-<p class=BoxedCode>CK_SESSION_HANDLE hSession;</p>
-
-<p class=BoxedCode>CK_OBJECT_HANDLE hKey;</p>
-
-<p class=BoxedCode>CK_BYTE iv[8];</p>
-
-<p class=BoxedCode>CK_MECHANISM mechanism = {</p>
-
-<p class=BoxedCode>  CKM_DES_CBC_PAD, iv, sizeof(iv)</p>
-
-<p class=BoxedCode>};</p>
-
-<p class=BoxedCode>CK_BYTE data[PLAINTEXT_BUF_SZ];</p>
-
-<p class=BoxedCode>CK_BYTE encryptedData[CIPHERTEXT_BUF_SZ];</p>
-
-<p class=BoxedCode><span lang=SV>CK_ULONG ulData1Len, ulData2Len, ulData3Len;</span></p>
-
-<p class=BoxedCode><span lang=SV>CK_RV rv;</span></p>
-
-<p class=BoxedCode><span lang=SV>&nbsp;</span></p>
-
-<p class=BoxedCode><span lang=SV>.</span></p>
-
-<p class=BoxedCode><span lang=SV>.</span></p>
-
-<p class=BoxedCode><span lang=SV>firstEncryptedPieceLen = 90;</span></p>
-
-<p class=BoxedCode><span lang=SV>secondEncryptedPieceLen =
-CIPHERTEXT_BUF_SZ-firstEncryptedPieceLen;</span></p>
-
-<p class=BoxedCode>rv = C_DecryptInit(hSession, &amp;mechanism, hKey);</p>
-
-<p class=BoxedCode>if (rv == CKR_OK) {</p>
-
-<p class=BoxedCode>  /* Decrypt first piece */</p>
-
-<p class=BoxedCode>  ulData1Len = sizeof(data);</p>
-
-<p class=BoxedCode>  rv = C_DecryptUpdate(</p>
-
-<p class=BoxedCode>    hSession,</p>
-
-<p class=BoxedCode>    &amp;encryptedData[0], firstEncryptedPieceLen,</p>
-
-<p class=BoxedCode>    &amp;data[0], &amp;ulData1Len);</p>
-
-<p class=BoxedCode>  if (rv != CKR_OK) {</p>
-
-<p class=BoxedCode>    .</p>
-
-<p class=BoxedCode>    .</p>
-
-<p class=BoxedCode>  }</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>  /* Decrypt second piece */</p>
-
-<p class=BoxedCode>  ulData2Len = sizeof(data)-ulData1Len;</p>
-
-<p class=BoxedCode>  rv = C_DecryptUpdate(</p>
-
-<p class=BoxedCode>    hSession,</p>
-
-<p class=BoxedCode>    &amp;encryptedData[firstEncryptedPieceLen],</p>
-
-<p class=BoxedCode>    secondEncryptedPieceLen,</p>
-
-<p class=BoxedCode>    &amp;data[ulData1Len], &amp;ulData2Len);</p>
-
-<p class=BoxedCode>  if (rv != CKR_OK) {</p>
-
-<p class=BoxedCode>    .</p>
-
-<p class=BoxedCode>    .</p>
-
-<p class=BoxedCode>  }</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>  /* Get last little decrypted bit */</p>
-
-<p class=BoxedCode>  <span lang=SV>ulData3Len =
-sizeof(data)-ulData1Len-ulData2Len;</span></p>
-
-<p class=BoxedCode><span lang=SV>  rv = C_DecryptFinal(</span></p>
-
-<p class=BoxedCode><span lang=SV>    hSession,</span></p>
-
-<p class=BoxedCode><span lang=SV>    &amp;data[ulData1Len+ulData2Len],
-&amp;ulData3Len);</span></p>
-
-<p class=BoxedCode><span lang=SV>  </span>if (rv != CKR_OK) {</p>
-
-<p class=BoxedCode>     .</p>
-
-<p class=BoxedCode>     .</p>
-
-<p class=BoxedCode>  }</p>
-
-<p class=BoxedCode>}</p>
-
-</div>
-
-<h2><a name="_Toc416959746"></a><a name="_Toc395183819"></a><a
-name="_Toc391468823"></a><a name="_Toc370634032"></a><a name="_Toc235002365"></a><a
-name="_Toc72656147"></a><a name="_Toc405794757"></a><a name="_Toc385057937">5.10
-Message digesting</a> functions</h2>
-
-<p class=MsoNormal>Cryptoki provides the following functions for digesting
-data:<b> </b></p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002366"></a><a name="_Toc72656148"></a><a name="_Toc405794758"></a><a
-name="_Toc385057938"></a><a name="_Toc383864908"></a><a name="_Toc323610901"></a><a
-name="_Toc323205472"></a><a name="_Toc323024138"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_DigestInit</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_DigestInit)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_MECHANISM_PTR pMechanism<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_DigestInit</b> initializes a message-digesting
-operation. <i>hSession</i> is the session’s handle; <i>pMechanism</i> points to
-the digesting mechanism.</p>
-
-<p class=MsoNormal>After calling <b>C_DigestInit</b>, the application can
-either call <b>C_Digest</b> to digest data in a single part; or call <b>C_DigestUpdate</b>
-zero or more times, followed by <b>C_DigestFinal</b>, to digest data in
-multiple parts.  The message-digesting operation is active until the
-application uses a call to <b>C_Digest</b> or <b>C_DigestFinal</b> <i>to
-actually obtain</i> the message digest.  To process additional data (in single
-or multiple parts), the application MUST call <b>C_DigestInit</b> again.</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY,
-CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED, CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR,
-CKR_HOST_MEMORY, CKR_MECHANISM_INVALID, CKR_MECHANISM_PARAM_INVALID, CKR_OK,
-CKR_OPERATION_ACTIVE, CKR_PIN_EXPIRED, CKR_SESSION_CLOSED,
-CKR_SESSION_HANDLE_INVALID, CKR_USER_NOT_LOGGED_IN.</p>
-
-<p class=MsoNormal>Example:  see <b>C_DigestFinal</b>.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002367"></a><a name="_Toc72656149"></a><a name="_Toc405794759"></a><a
-name="_Toc385057939"></a><a name="_Toc383864909"></a><a name="_Toc323610902"></a><a
-name="_Toc323205473"></a><a name="_Toc323024139"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_Digest</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_Digest)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_BYTE_PTR pData,<br>
-  CK_ULONG ulDataLen,<br>
-  CK_BYTE_PTR pDigest,<br>
-  CK_ULONG_PTR pulDigestLen<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_Digest</b> digests data in a single part. <i>hSession</i>
-is the session’s handle, <i>pData</i> points to the data; <i>ulDataLen</i> is
-the length of the data; <i>pDigest</i> points to the location that receives the
-message digest; <i>pulDigestLen</i> points to the location that holds the
-length of the message digest.</p>
-
-<p class=MsoNormal><b>C_Digest</b> uses the convention described in Section 5.2 on producing output.</p>
-
-<p class=MsoNormal>The digest operation MUST have been initialized with <b>C_DigestInit</b>. 
-A call to <b>C_Digest</b> always terminates the active digest operation unless
-it returns CKR_BUFFER_TOO_SMALL or is a successful call (<i>i.e.</i>, one which
-returns CKR_OK) to determine the length of the buffer needed to hold the
-message digest.</p>
-
-<p class=MsoNormal><b>C_Digest<i> </i></b>cannot be used to terminate a
-multi-part operation, and MUST be called after <b>C_DigestInit</b> without
-intervening <b>C_DigestUpdate</b> calls.</p>
-
-<p class=MsoNormal>The input data and digest output can be in the same place, <i>i.e.</i>,
-it is OK if <i>pData</i> and <i>pDigest</i> point to the same location.</p>
-
-<p class=MsoNormal><b>C_Digest</b> is equivalent to a sequence of <b>C_DigestUpdate</b>
-operations followed by <b>C_DigestFinal</b>.</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD, CKR_BUFFER_TOO_SMALL,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY,
-CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED, CKR_FUNCTION_FAILED,
-CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK, CKR_OPERATION_NOT_INITIALIZED,
-CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID.</p>
-
-<p class=MsoNormal>Example: see <b>C_DigestFinal</b> for an example of similar
-functions.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002368"></a><a name="_Toc72656150"></a><a name="_Toc405794760"></a><a
-name="_Toc385057940"></a><a name="_Toc383864910"></a><a name="_Toc323610903"></a><a
-name="_Toc323205474"></a><a name="_Toc323024140"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_DigestUpdate</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_DigestUpdate)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_BYTE_PTR pPart,<br>
-  CK_ULONG ulPartLen<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_DigestUpdate</b> continues a multiple-part
-message-digesting operation, processing another data part. <i>hSession</i> is
-the session’s handle, <i>pPart</i> points to the data part; <i>ulPartLen</i> is
-the length of the data part.</p>
-
-<p class=MsoNormal><a name="_Toc319287681">The message-digesting operation MUST
-have been initialized with <b>C_DigestInit</b>. Calls to this function and <b>C_DigestKey</b>
-may be interspersed any number of times in any order.  A call to <b>C_DigestUpdate</b>
-which results in an error terminates the current digest operation.</a></p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY,
-CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED, CKR_FUNCTION_FAILED,
-CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK, CKR_OPERATION_NOT_INITIALIZED,
-CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID.</p>
-
-<p class=MsoNormal>Example:  see <b>C_DigestFinal</b>.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc383864911"></a><a name="_Toc323610904"></a><a name="_Toc323205475"></a><a
-name="_Toc323024141"></a><a name="_Toc235002369"></a><a name="_Toc72656151"></a><a
-name="_Toc405794761"></a><a name="_Toc385057941"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_DigestKey</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_DigestKey)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_OBJECT_HANDLE hKey<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_DigestKey</b> continues a multiple-part
-message-digesting operation by digesting the value of a secret key.  <i>hSession</i>
-is the session’s handle; <i>hKey</i> is the handle of the secret key to be
-digested.</p>
-
-<p class=MsoNormal>The message-digesting operation MUST have been initialized
-with <b>C_DigestInit</b>.  Calls to this function and <b>C_DigestUpdate</b> may
-be interspersed any number of times in any order.</p>
-
-<p class=MsoNormal>If the value of the supplied key cannot be digested purely
-for some reason related to its length, <b>C_DigestKey</b> should return the
-error code CKR_KEY_SIZE_RANGE.</p>
-
-<p class=MsoNormal>Return values: CKR_CRYPTOKI_NOT_INITIALIZED,
-CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED,
-CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_KEY_HANDLE_INVALID,
-CKR_KEY_INDIGESTIBLE, CKR_KEY_SIZE_RANGE, CKR_OK,
-CKR_OPERATION_NOT_INITIALIZED, CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID.</p>
-
-<p class=MsoNormal>Example: see <b>C_DigestFinal</b>.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002370"></a><a name="_Toc72656152"></a><a name="_Toc405794762"></a><a
-name="_Toc385057942"><span style='font-family:Symbol;font-weight:normal'>¨<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><span
-style='font-family:"Arial","sans-serif"'>C_DigestFinal</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_DigestFinal)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_BYTE_PTR pDigest,<br>
-  CK_ULONG_PTR pulDigestLen<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_DigestFinal</b> finishes a multiple-part
-message-digesting operation, returning the message digest. <i>hSession</i> is
-the session’s handle; <i>pDigest</i> points to the location that receives the
-message digest; <i>pulDigestLen</i> points to the location that holds the
-length of the message digest.</p>
-
-<p class=MsoNormal><b>C_DigestFinal</b> uses the convention described in
-Section 5.2 on producing output.</p>
-
-<p class=MsoNormal>The digest operation MUST have been initialized with <b>C_DigestInit</b>. 
-A call to <b>C_DigestFinal</b> always terminates the active digest operation
-unless it returns CKR_BUFFER_TOO_SMALL or is a successful call (<i>i.e.</i>,
-one which returns CKR_OK) to determine the length of the buffer needed to hold
-the message digest.</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD, CKR_BUFFER_TOO_SMALL,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY,
-CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED, CKR_FUNCTION_FAILED,
-CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK, CKR_OPERATION_NOT_INITIALIZED,
-CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID.</p>
-
-<p class=MsoNormal><a name="_Toc319315708"></a><a name="_Toc319313715"></a><a
-name="_Toc319313522"></a><a name="_Toc319287682">Example:</a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_SESSION_HANDLE hSession;</p>
-
-<p class=BoxedCode>CK_MECHANISM mechanism = {</p>
-
-<p class=BoxedCode>  CKM_MD5, NULL_PTR, 0</p>
-
-<p class=BoxedCode>};</p>
-
-<p class=BoxedCode>CK_BYTE data[] = {...};</p>
-
-<p class=BoxedCode>CK_BYTE digest[16];</p>
-
-<p class=BoxedCode><span lang=SV>CK_ULONG ulDigestLen;</span></p>
-
-<p class=BoxedCode><span lang=SV>CK_RV rv;</span></p>
-
-<p class=BoxedCode><span lang=SV>&nbsp;</span></p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>rv = C_DigestInit(hSession, &amp;mechanism);</p>
-
-<p class=BoxedCode>if (rv != CKR_OK) {</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>}</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>rv = C_DigestUpdate(hSession, data, sizeof(data));</p>
-
-<p class=BoxedCode>if (rv != CKR_OK) {</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>}</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>rv = C_DigestKey(hSession, hKey);</p>
-
-<p class=BoxedCode>if (rv != <span lang=DE>CKR_OK) {</span></p>
-
-<p class=BoxedCode><span lang=DE>  .</span></p>
-
-<p class=BoxedCode><span lang=DE>  .</span></p>
-
-<p class=BoxedCode><span lang=DE style='font-family:"Arial","sans-serif"'>}</span></p>
-
-<p class=BoxedCode><span lang=DE style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-
-<p class=BoxedCode><span lang=DE style='font-family:"Arial","sans-serif"'>ulDigestLen
-= sizeof(digest);</span></p>
-
-<p class=BoxedCode><span lang=DE style='font-family:"Arial","sans-serif"'>rv =
-C_DigestFinal(hSession, digest, &amp;ulDigestLen);</span></p>
-
-<p class=BoxedCode><span style='font-family:"Arial","sans-serif"'>.</span></p>
-
-<p class=BoxedCode><span style='font-family:"Arial","sans-serif"'>.</span></p>
-
-</div>
-
-<h2><a name="_Toc416959747"></a><a name="_Toc395183820"></a><a
-name="_Toc391468824"></a><a name="_Toc370634033"></a><a name="_Toc235002371"></a><a
-name="_Toc72656153"></a><a name="_Toc405794763"></a><a name="_Toc385057943"></a><a
-name="_Toc383864912"></a><a name="_Toc323610905"></a><a name="_Toc323205476"></a><a
-name="_Toc323024142"></a><a name="_Toc323000713"></a><a name="_Toc322945146"></a><a
-name="_Toc322855304">5.11 Sign</a>ing and MACing functions</h2>
-
-<p class=MsoNormal>Cryptoki provides the following functions for signing data
-(for the purposes of Cryptoki, these operations also encompass message
-authentication codes):<b> </b></p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002372"></a><a name="_Toc72656154"></a><a name="_Toc405794764"></a><a
-name="_Toc385057944"></a><a name="_Toc383864913"></a><a name="_Toc323610906"></a><a
-name="_Toc323205477"></a><a name="_Toc323024143"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_SignInit</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_SignInit)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_MECHANISM_PTR pMechanism,<br>
-  CK_OBJECT_HANDLE hKey<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_SignInit</b> initializes a signature operation, where
-the signature is an appendix to the data. <i>hSession</i> is the session’s
-handle; <i>pMechanism</i> points to the signature mechanism; <i>hKey</i> is the
-handle of the signature key.</p>
-
-<p class=MsoNormal>The <b>CKA_SIGN</b> attribute of the signature key, which
-indicates whether the key supports signatures with appendix, MUST be CK_TRUE.</p>
-
-<p class=MsoNormal>After calling <b>C_SignInit</b>, the application can either
-call <b>C_Sign</b> to sign in a single part; or call <b>C_SignUpdate</b> one or
-more times, followed by <b>C_SignFinal,</b> to sign data in multiple parts. 
-The signature operation is active until the application uses a call to <b>C_Sign</b>
-or <b>C_SignFinal</b> <i>to actually obtain</i> the signature.  To process
-additional data (in single or multiple parts), the application MUST call <b>C_SignInit</b>
-again.</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY,
-CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED, CKR_FUNCTION_FAILED,
-CKR_GENERAL_ERROR, CKR_HOST_MEMORY,
-CKR_KEY_FUNCTION_NOT_PERMITTED,CKR_KEY_HANDLE_INVALID, CKR_KEY_SIZE_RANGE,
-CKR_KEY_TYPE_INCONSISTENT, CKR_MECHANISM_INVALID, CKR_MECHANISM_PARAM_INVALID,
-CKR_OK, CKR_OPERATION_ACTIVE, CKR_PIN_EXPIRED, CKR_SESSION_CLOSED,
-CKR_SESSION_HANDLE_INVALID, CKR_USER_NOT_LOGGED_IN.</p>
-
-<p class=MsoNormal>Example:  see <b>C_SignFinal</b>.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002373"></a><a name="_Toc72656155"></a><a name="_Toc405794765"></a><a
-name="_Toc385057945"></a><a name="_Toc383864914"></a><a name="_Toc323610907"></a><a
-name="_Toc323205478"></a><a name="_Toc323024144"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_Sign</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_Sign)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_BYTE_PTR pData,<br>
-  CK_ULONG ulDataLen,<br>
-  CK_BYTE_PTR pSignature,<br>
-  CK_ULONG_PTR pulSignatureLen<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_Sign</b> signs data in a single part, where the
-signature is an appendix to the data. <i>hSession</i> is the session’s handle; <i>pData</i>
-points to the data; <i>ulDataLen</i> is the length of the data; <i>pSignature</i>
-points to the location that receives the signature; <i>pulSignatureLen</i>
-points to the location that holds the length of the signature.</p>
-
-<p class=MsoNormal><b>C_Sign</b> uses the convention described in Section 5.2 on producing output.</p>
-
-<p class=MsoNormal>The signing operation MUST have been initialized with <b>C_SignInit</b>. 
-A call to <b>C_Sign</b> always terminates the active signing operation unless
-it returns CKR_BUFFER_TOO_SMALL or is a successful call (<i>i.e.</i>, one which
-returns CKR_OK) to determine the length of the buffer needed to hold the
-signature.</p>
-
-<p class=MsoNormal><b>C_Sign<i> </i></b>cannot be used to terminate a
-multi-part operation, and MUST be called after <b>C_SignInit</b> without
-intervening <b>C_SignUpdate</b> calls.</p>
-
-<p class=MsoNormal>For most mechanisms, <b>C_Sign</b> is equivalent to a
-sequence of <b>C_SignUpdate</b> operations followed by <b>C_SignFinal</b>.</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD, CKR_BUFFER_TOO_SMALL,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DATA_INVALID, CKR_DATA_LEN_RANGE,
-CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED,
-CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK,
-CKR_OPERATION_NOT_INITIALIZED, CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID,
-CKR_USER_NOT_LOGGED_IN, CKR_FUNCTION_REJECTED.</p>
-
-<p class=MsoNormal>Example: see <b>C_SignFinal</b> for an example of similar
-functions.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002374"></a><a name="_Toc72656156"></a><a name="_Toc405794766"></a><a
-name="_Toc385057946"></a><a name="_Toc383864915"></a><a name="_Toc323610908"></a><a
-name="_Toc323205479"></a><a name="_Toc323024145"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_SignUpdate</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_SignUpdate)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_BYTE_PTR pPart,<br>
-  CK_ULONG ulPartLen<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_SignUpdate</b> continues a multiple-part signature
-operation, processing another data part. <i>hSession</i> is the session’s
-handle, <i>pPart</i> points to the data part; <i>ulPartLen</i> is the length of
-the data part.</p>
-
-<p class=MsoNormal>The signature operation MUST have been initialized with <b>C_SignInit</b>.
-This function may be called any number of times in succession.  A call to <b>C_SignUpdate</b>
-which results in an error terminates the current signature operation.</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DATA_LEN_RANGE, CKR_DEVICE_ERROR,
-CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED,
-CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK,
-CKR_OPERATION_NOT_INITIALIZED, CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID,
-CKR_USER_NOT_LOGGED_IN.</p>
-
-<p class=MsoNormal>Example:  see <b>C_SignFinal</b>.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002375"></a><a name="_Toc72656157"></a><a name="_Toc405794767"></a><a
-name="_Toc385057947"></a><a name="_Toc383864916"></a><a name="_Toc323610909"></a><a
-name="_Toc323205480"></a><a name="_Toc323024146"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_SignFinal</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_SignFinal)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_BYTE_PTR pSignature,<br>
-  CK_ULONG_PTR pulSignatureLen<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_SignFinal</b> finishes a multiple-part signature
-operation, returning the signature. <i>hSession</i> is the session’s handle; <i>pSignature</i>
-points to the location that receives the signature; <i>pulSignatureLen</i>
-points to the location that holds the length of the signature.</p>
-
-<p class=MsoNormal><b>C_SignFinal</b> uses the convention described in Section 5.2 on producing output.</p>
-
-<p class=MsoNormal>The signing operation MUST have been initialized with <b>C_SignInit</b>. 
-A call to <b>C_SignFinal</b> always terminates the active signing operation
-unless it returns CKR_BUFFER_TOO_SMALL or is a successful call (<i>i.e.</i>,
-one which returns CKR_OK) to determine the length of the buffer needed to hold
-the signature.</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD, CKR_BUFFER_TOO_SMALL,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DATA_LEN_RANGE, CKR_DEVICE_ERROR,
-CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED, CKR_FUNCTION_FAILED,
-CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK, CKR_OPERATION_NOT_INITIALIZED,
-CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID, CKR_USER_NOT_LOGGED_IN,
-CKR_FUNCTION_REJECTED.</p>
-
-<p class=MsoNormal>Example: </p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_SESSION_HANDLE hSession;</p>
-
-<p class=BoxedCode>CK_OBJECT_HANDLE hKey;</p>
-
-<p class=BoxedCode>CK_MECHANISM mechanism = {</p>
-
-<p class=BoxedCode>  CKM_DES_MAC, NULL_PTR, 0</p>
-
-<p class=BoxedCode>};</p>
-
-<p class=BoxedCode>CK_BYTE data[] = {...};</p>
-
-<p class=BoxedCode>CK_BYTE mac[4];</p>
-
-<p class=BoxedCode>CK_ULONG ulMacLen;</p>
-
-<p class=BoxedCode>CK_RV rv;</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>rv = C_SignInit(hSession, &amp;mechanism, hKey);</p>
-
-<p class=BoxedCode>if (rv == CKR_OK) {</p>
-
-<p class=BoxedCode>  rv = C_SignUpdate(hSession, data, sizeof(data));</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  ulMacLen = sizeof(mac);</p>
-
-<p class=BoxedCode>  rv = C_SignFinal(hSession, mac, &amp;ulMacLen);</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>}</p>
-
-</div>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002376"></a><a name="_Toc72656158"></a><a name="_Toc405794768"></a><a
-name="_Toc385057948"></a><a name="_Toc383864917"></a><a name="_Toc323610910"></a><a
-name="_Toc323205481"></a><a name="_Toc323024147"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_SignRecoverInit</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_SignRecoverInit)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_MECHANISM_PTR pMechanism,<br>
-  CK_OBJECT_HANDLE hKey<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_SignRecoverInit</b> initializes a signature operation,
-where the data can be recovered from the signature. <i>hSession</i> is the
-session’s handle; <i>pMechanism</i> points to the structure that specifies the
-signature mechanism; <i>hKey</i> is the handle of the signature key.</p>
-
-<p class=MsoNormal>The <b>CKA_SIGN_RECOVER </b>attribute of the signature key,
-which indicates whether the key supports signatures where the data can be
-recovered from the signature, MUST be CK_TRUE.</p>
-
-<p class=MsoNormal>After calling <b>C_SignRecoverInit</b>, the application may
-call <b>C_SignRecover</b> to sign in a single part.  The signature operation is
-active until the application uses a call to <b>C_SignRecover</b> <i>to actually
-obtain</i> the signature.  To process additional data in a single part, the
-application MUST call <b>C_SignRecoverInit</b> again.</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD, CKR_CRYPTOKI_NOT_INITIALIZED,
-CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED,
-CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY,
-CKR_KEY_FUNCTION_NOT_PERMITTED, CKR_KEY_HANDLE_INVALID, CKR_KEY_SIZE_RANGE,
-CKR_KEY_TYPE_INCONSISTENT, CKR_MECHANISM_INVALID, CKR_MECHANISM_PARAM_INVALID,
-CKR_OK, CKR_OPERATION_ACTIVE, CKR_PIN_EXPIRED, CKR_SESSION_CLOSED,
-CKR_SESSION_HANDLE_INVALID, CKR_USER_NOT_LOGGED_IN.</p>
-
-<p class=MsoNormal>Example: see <b>C_SignRecover</b>.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002377"></a><a name="_Toc72656159"></a><a name="_Toc405794769"></a><a
-name="_Toc385057949"></a><a name="_Toc383864918"></a><a name="_Toc323610911"></a><a
-name="_Toc323205482"></a><a name="_Toc323024148"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_SignRecover</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_SignRecover)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_BYTE_PTR pData,<br>
-  CK_ULONG ulDataLen,<br>
-  CK_BYTE_PTR pSignature,<br>
-  CK_ULONG_PTR pulSignatureLen<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_SignRecover</b> signs data in a single operation, where
-the data can be recovered from the signature. <i>hSession</i> is the session’s
-handle; <i>pData</i> points to the data; <i>uLDataLen</i> is the length of the
-data; <i>pSignature</i> points to the location that receives the signature; <i>pulSignatureLen</i>
-points to the location that holds the length of the signature.</p>
-
-<p class=MsoNormal><b>C_SignRecover</b> uses the convention described in Section
-5.2 on producing output.</p>
-
-<p class=MsoNormal>The signing operation MUST have been initialized with <b>C_SignRecoverInit</b>. 
-A call to <b>C_SignRecover</b> always terminates the active signing operation
-unless it returns CKR_BUFFER_TOO_SMALL or is a successful call (<i>i.e.</i>,
-one which returns CKR_OK) to determine the length of the buffer needed to hold
-the signature.</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD, CKR_BUFFER_TOO_SMALL,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DATA_INVALID, CKR_DATA_LEN_RANGE, CKR_DEVICE_ERROR,
-CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED,
-CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK,
-CKR_OPERATION_NOT_INITIALIZED, CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID,
-CKR_USER_NOT_LOGGED_IN.</p>
-
-<p class=MsoNormal>Example:</p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_SESSION_HANDLE hSession;</p>
-
-<p class=BoxedCode>CK_OBJECT_HANDLE hKey;</p>
-
-<p class=BoxedCode>CK_MECHANISM mechanism = {</p>
-
-<p class=BoxedCode>  CKM_RSA_9796, NULL_PTR, 0</p>
-
-<p class=BoxedCode>};</p>
-
-<p class=BoxedCode>CK_BYTE data[] = {...};</p>
-
-<p class=BoxedCode>CK_BYTE signature[128];</p>
-
-<p class=BoxedCode>CK_ULONG ulSignatureLen;</p>
-
-<p class=BoxedCode>CK_RV rv;</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>rv = C_SignRecoverInit(hSession, &amp;mechanism, hKey);</p>
-
-<p class=BoxedCode>if (rv == CKR_OK) {</p>
-
-<p class=BoxedCode>  ulSignatureLen = sizeof(signature);</p>
-
-<p class=BoxedCode>  rv = C_SignRecover(</p>
-
-<p class=BoxedCode>    hSession, data, sizeof(data), signature,
-&amp;ulSignatureLen);</p>
-
-<p class=BoxedCode>  if (rv == CKR_OK) {</p>
-
-<p class=BoxedCode>     .</p>
-
-<p class=BoxedCode>     .</p>
-
-<p class=BoxedCode>  }</p>
-
-<p class=BoxedCode>}</p>
-
-<p class=BoxedCode><a name="_Toc235002378"></a><a name="_Toc72656160"></a><a
-name="_Toc405794770"></a><a name="_Toc385057950">Functions for verifying
-signatures and MACs</a></p>
-
-</div>
-
-<p class=MsoNormal>Cryptoki provides the following functions for verifying
-signatures on data (for the purposes of Cryptoki, these operations also
-encompass message authentication codes):<b> </b></p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002379"></a><a name="_Toc72656161"></a><a name="_Toc405794771"></a><a
-name="_Toc385057951"></a><a name="_Toc383864919"></a><a name="_Toc323610912"></a><a
-name="_Toc323205483"></a><a name="_Toc323024149"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_VerifyInit</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_VerifyInit)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_MECHANISM_PTR pMechanism,<br>
-  CK_OBJECT_HANDLE hKey<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_VerifyInit</b> initializes a verification operation,
-where the signature is an appendix to the data. <i>hSession</i> is the
-session’s handle; <i>pMechanism</i> points to the structure that specifies the
-verification mechanism; <i>hKey</i> is the handle of the verification key.</p>
-
-<p class=MsoNormal>The <b>CKA_VERIFY</b> attribute of the verification key,
-which indicates whether the key supports verification where the signature is an
-appendix to the data, MUST be CK_TRUE.</p>
-
-<p class=MsoNormal>After calling <b>C_VerifyInit</b>, the application can
-either call <b>C_Verify</b> to verify a signature on data in a single part; or
-call <b>C_VerifyUpdate</b> one or more times, followed by <b>C_VerifyFinal,</b>
-to verify a signature on data in multiple parts.  The verification operation is
-active until the application calls <b>C_Verify</b> or <b>C_VerifyFinal</b>. To
-process additional data (in single or multiple parts), the application MUST
-call <b>C_VerifyInit</b> again.</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY,
-CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED, CKR_FUNCTION_FAILED,
-CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_KEY_FUNCTION_NOT_PERMITTED,
-CKR_KEY_HANDLE_INVALID, CKR_KEY_SIZE_RANGE, CKR_KEY_TYPE_INCONSISTENT,
-CKR_MECHANISM_INVALID, CKR_MECHANISM_PARAM_INVALID, CKR_OK,
-CKR_OPERATION_ACTIVE, CKR_PIN_EXPIRED, CKR_SESSION_CLOSED,
-CKR_SESSION_HANDLE_INVALID, CKR_USER_NOT_LOGGED_IN.</p>
-
-<p class=MsoNormal>Example:  see <b>C_VerifyFinal</b>.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002380"></a><a name="_Toc72656162"></a><a name="_Toc405794772"></a><a
-name="_Toc385057952"></a><a name="_Toc383864920"></a><a name="_Toc323610913"></a><a
-name="_Toc323205484"></a><a name="_Toc323024150"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_Verify</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_Verify)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_BYTE_PTR pData,<br>
-  CK_ULONG ulDataLen,<br>
-  CK_BYTE_PTR pSignature,<br>
-  CK_ULONG ulSignatureLen<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_Verify</b> verifies a signature in a single-part
-operation, where the signature is an appendix to the data. <i>hSession</i> is
-the session’s handle; <i>pData</i> points to the data; <i>ulDataLen</i> is the
-length of the data; <i>pSignature</i> points to the signature; <i>ulSignatureLen</i>
-is the length of the signature.</p>
-
-<p class=MsoNormal>The verification operation MUST have been initialized with <b>C_VerifyInit</b>. 
-A call to <b>C_Verify</b> always terminates the active verification operation.</p>
-
-<p class=MsoNormal>A successful call to <b>C_Verify</b> should return either
-the value CKR_OK (indicating that the supplied signature is valid) or
-CKR_SIGNATURE_INVALID (indicating that the supplied signature is invalid).  If
-the signature can be seen to be invalid purely on the basis of its length, then
-CKR_SIGNATURE_LEN_RANGE should be returned.  In any of these cases, the active
-signing operation is terminated.</p>
-
-<p class=MsoNormal><b>C_Verify<i> </i></b>cannot be used to terminate a
-multi-part operation, and MUST be called after <b>C_VerifyInit</b> without
-intervening <b>C_VerifyUpdate</b> calls.</p>
-
-<p class=MsoNormal>For most mechanisms, <b>C_Verify</b> is equivalent to a sequence
-of <b>C_VerifyUpdate</b> operations followed by <b>C_VerifyFinal</b>.</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DATA_INVALID, CKR_DATA_LEN_RANGE,
-CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED,
-CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK,
-CKR_OPERATION_NOT_INITIALIZED, CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID,
-CKR_SIGNATURE_INVALID, CKR_SIGNATURE_LEN_RANGE.</p>
-
-<p class=MsoNormal>Example: see <b>C_VerifyFinal</b> for an example of similar
-functions.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002381"></a><a name="_Toc72656163"></a><a name="_Toc405794773"></a><a
-name="_Toc385057953"></a><a name="_Toc383864921"></a><a name="_Toc323610914"></a><a
-name="_Toc323205485"></a><a name="_Toc323024151"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_VerifyUpdate</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_VerifyUpdate)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_BYTE_PTR pPart,<br>
-  CK_ULONG ulPartLen<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_VerifyUpdate</b> continues a multiple-part verification
-operation, processing another data part. <i>hSession</i> is the session’s
-handle, <i>pPart</i> points to the data part; <i>ulPartLen</i> is the length of
-the data part.</p>
-
-<p class=MsoNormal>The verification operation MUST have been initialized with <b>C_VerifyInit</b>.
-This function may be called any number of times in succession.  A call to <b>C_VerifyUpdate</b>
-which results in an error terminates the current verification operation.</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DATA_LEN_RANGE, CKR_DEVICE_ERROR,
-CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED,
-CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK,
-CKR_OPERATION_NOT_INITIALIZED, CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID.</p>
-
-<p class=MsoNormal>Example:  see <b>C_VerifyFinal</b>.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002382"></a><a name="_Toc72656164"></a><a name="_Toc405794774"></a><a
-name="_Toc385057954"></a><a name="_Toc383864922"></a><a name="_Toc323610915"></a><a
-name="_Toc323205486"></a><a name="_Toc323024152"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_VerifyFinal</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_VerifyFinal)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_BYTE_PTR pSignature,<br>
-  CK_ULONG ulSignatureLen<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_VerifyFinal</b> finishes a multiple-part verification
-operation, checking the signature. <i>hSession</i> is the session’s handle; <i>pSignature</i>
-points to the signature; <i>ulSignatureLen</i> is the length of the signature.</p>
-
-<p class=MsoNormal>The verification operation MUST have been initialized with <b>C_VerifyInit</b>. 
-A call to <b>C_VerifyFinal</b> always terminates the active verification
-operation.</p>
-
-<p class=MsoNormal>A successful call to <b>C_VerifyFinal</b> should return
-either the value CKR_OK (indicating that the supplied signature is valid) or
-CKR_SIGNATURE_INVALID (indicating that the supplied signature is invalid).  If
-the signature can be seen to be invalid purely on the basis of its length, then
-CKR_SIGNATURE_LEN_RANGE should be returned.  In any of these cases, the active
-verifying operation is terminated.</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DATA_LEN_RANGE, CKR_DEVICE_ERROR,
-CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED,
-CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK,
-CKR_OPERATION_NOT_INITIALIZED, CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID,
-CKR_SIGNATURE_INVALID, CKR_SIGNATURE_LEN_RANGE.</p>
-
-<p class=MsoNormal>Example:</p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_SESSION_HANDLE hSession;</p>
-
-<p class=BoxedCode>CK_OBJECT_HANDLE hKey;</p>
-
-<p class=BoxedCode>CK_MECHANISM mechanism = {</p>
-
-<p class=BoxedCode>  CKM_DES_MAC, NULL_PTR, 0</p>
-
-<p class=BoxedCode>};</p>
-
-<p class=BoxedCode>CK_BYTE data[] = {...};</p>
-
-<p class=BoxedCode>CK_BYTE mac[4];</p>
-
-<p class=BoxedCode>CK_RV rv;</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>rv = C_VerifyInit(hSession, &amp;mechanism, hKey);</p>
-
-<p class=BoxedCode>if (rv == CKR_OK) {</p>
-
-<p class=BoxedCode>  rv = C_VerifyUpdate(hSession, data, sizeof(data));</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  rv = C_VerifyFinal(hSession, mac, sizeof(mac));</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>}</p>
-
-</div>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002383"></a><a name="_Toc72656165"></a><a name="_Toc405794775"></a><a
-name="_Toc385057955"></a><a name="_Toc383864923"></a><a name="_Toc323610916"></a><a
-name="_Toc323205487"></a><a name="_Toc323024153"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_VerifyRecoverInit</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_VerifyRecoverInit)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_MECHANISM_PTR pMechanism,<br>
-  CK_OBJECT_HANDLE hKey<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_VerifyRecoverInit</b> initializes a signature
-verification operation, where the data is recovered from the signature. <i>hSession</i>
-is the session’s handle; <i>pMechanism</i> points to the structure that
-specifies the verification mechanism; <i>hKey</i> is the handle of the
-verification key.</p>
-
-<p class=MsoNormal>The <b>CKA_VERIFY_RECOVER</b> attribute of the verification
-key, which indicates whether the key supports verification where the data is
-recovered from the signature, MUST be CK_TRUE.</p>
-
-<p class=MsoNormal>After calling <b>C_VerifyRecoverInit</b>, the application
-may call <b>C_VerifyRecover</b> to verify a signature on data in a single
-part.  The verification operation is active until the application uses a call
-to <b>C_VerifyRecover</b> <i>to actually obtain</i> the recovered message.</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY,
-CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED, CKR_FUNCTION_FAILED,
-CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_KEY_FUNCTION_NOT_PERMITTED,
-CKR_KEY_HANDLE_INVALID, CKR_KEY_SIZE_RANGE, CKR_KEY_TYPE_INCONSISTENT,
-CKR_MECHANISM_INVALID, CKR_MECHANISM_PARAM_INVALID, CKR_OK,
-CKR_OPERATION_ACTIVE, CKR_PIN_EXPIRED, CKR_SESSION_CLOSED,
-CKR_SESSION_HANDLE_INVALID, CKR_USER_NOT_LOGGED_IN.</p>
-
-<p class=MsoNormal>Example:  see <b>C_VerifyRecover</b>.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002384"></a><a name="_Toc72656166"></a><a name="_Toc405794776"></a><a
-name="_Toc385057956"></a><a name="_Toc383864924"></a><a name="_Toc323610917"></a><a
-name="_Toc323205488"></a><a name="_Toc323024154"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_VerifyRecover</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_VerifyRecover)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_BYTE_PTR pSignature,<br>
-  CK_ULONG ulSignatureLen,<br>
-  CK_BYTE_PTR pData,<br>
-  CK_ULONG_PTR pulDataLen<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_VerifyRecover</b> verifies a signature in a single-part
-operation, where the data is recovered from the signature. <i>hSession</i> is
-the session’s handle; <i>pSignature</i> points to the signature; <i>ulSignatureLen</i>
-is the length of the signature; <i>pData </i>points to the location that
-receives the recovered data; and <i>pulDataLen</i> points to the location that
-holds the length of the recovered data.</p>
-
-<p class=MsoNormal><a name="_Toc319287684"><b>C_VerifyRecover</b> uses the
-convention described in Section </a>5.2 on producing output.</p>
-
-<p class=MsoNormal>The verification operation MUST have been initialized with <b>C_VerifyRecoverInit</b>. 
-A call to <b>C_VerifyRecover</b> always terminates the active verification
-operation unless it returns CKR_BUFFER_TOO_SMALL or is a successful call (<i>i.e.</i>,
-one which returns CKR_OK) to determine the length of the buffer needed to hold
-the recovered data.</p>
-
-<p class=MsoNormal>A successful call to <b>C_VerifyRecover</b> should return
-either the value CKR_OK (indicating that the supplied signature is valid) or
-CKR_SIGNATURE_INVALID (indicating that the supplied signature is invalid).  If
-the signature can be seen to be invalid purely on the basis of its length, then
-CKR_SIGNATURE_LEN_RANGE should be returned.  The return codes
-CKR_SIGNATURE_INVALID and CKR_SIGNATURE_LEN_RANGE have a higher priority than
-the return code CKR_BUFFER_TOO_SMALL, <i>i.e.</i>, if <b>C_VerifyRecover</b> is
-supplied with an invalid signature, it will never return CKR_BUFFER_TOO_SMALL.</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD, CKR_BUFFER_TOO_SMALL,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DATA_INVALID, CKR_DATA_LEN_RANGE,
-CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED,
-CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK,
-CKR_OPERATION_NOT_INITIALIZED, CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID,
-CKR_SIGNATURE_LEN_RANGE, CKR_SIGNATURE_INVALID.</p>
-
-<p class=MsoNormal>Example:</p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>C<a name="_Ref320412176">K_SESSION_HANDLE hSession;</a></p>
-
-<p class=BoxedCode>CK_OBJECT_HANDLE hKey;</p>
-
-<p class=BoxedCode>CK_MECHANISM mechanism = {</p>
-
-<p class=BoxedCode>  CKM_RSA_9796, NULL_PTR, 0</p>
-
-<p class=BoxedCode>};</p>
-
-<p class=BoxedCode>CK_BYTE data[] = {...};</p>
-
-<p class=BoxedCode>CK_ULONG ulDataLen;</p>
-
-<p class=BoxedCode>CK_BYTE signature[128];</p>
-
-<p class=BoxedCode>CK_RV rv;</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>rv = C_VerifyRecoverInit(hSession, &amp;mechanism, hKey);</p>
-
-<p class=BoxedCode>if (rv == CKR_OK) {</p>
-
-<p class=BoxedCode>  ulDataLen = sizeof(data);</p>
-
-<p class=BoxedCode>  rv = C_VerifyRecover(</p>
-
-<p class=BoxedCode>    hSession, signature, sizeof(signature), data,
-&amp;ulDataLen);</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>}</p>
-
-</div>
-
-<h2><a name="_Toc416959748"></a><a name="_Toc395183821"></a><a
-name="_Toc391468825"></a><a name="_Toc370634034"></a><a name="_Toc235002385"></a><a
-name="_Toc72656167"></a><a name="_Toc405794777"></a><a name="_Toc385057957"></a><a
-name="_Ref384486862"></a><a name="_Ref384459262"></a><a name="_Ref384459019">5.12
-Dual-function cryptographic functions</a></h2>
-
-<p class=MsoNormal>Cryptoki provides the following functions to perform two
-cryptographic operations “simultaneously” within a session.  These functions
-are provided so as to avoid unnecessarily passing data back and forth to and
-from a token.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002386"></a><a name="_Toc72656168"></a><a name="_Toc405794778"></a><a
-name="_Toc385057958"><span style='font-family:Symbol;font-weight:normal'>¨<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><span
-style='font-family:"Arial","sans-serif"'>C_DigestEncryptUpdate</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_DigestEncryptUpdate)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_BYTE_PTR pPart,<br>
-  CK_ULONG ulPartLen,<br>
-  CK_BYTE_PTR pEncryptedPart,<br>
-  CK_ULONG_PTR pulEncryptedPartLen<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_DigestEncryptUpdate</b> continues multiple-part digest
-and encryption operations, processing another data part. <i>hSession</i> is the
-session’s handle; <i>pPart</i> points to the data part; <i>ulPartLen</i> is the
-length of the data part; <i>pEncryptedPart</i> points to the location that
-receives the digested and encrypted data part; <i>pulEncryptedPartLen</i>
-points to the location that holds the length of the encrypted data part.</p>
-
-<p class=MsoNormal><b>C_DigestEncryptUpdate</b> uses the convention described
-in Section 5.2 on producing output.  If a <b>C_DigestEncryptUpdate</b> call
-does not produce encrypted output (because an error occurs, or because <i>pEncryptedPart</i>
-has the value NULL_PTR, or because <i>pulEncryptedPartLen</i> is too small to
-hold the entire encrypted part output), then no plaintext is passed to the
-active digest operation.</p>
-
-<p class=MsoNormal>Digest and encryption operations MUST both be active (they MUST
-have been initialized with <b>C_DigestInit</b> and <b>C_EncryptInit,</b>
-respectively).  This function may be called any number of times in succession,
-and may be interspersed with <b>C_DigestUpdate</b>, <b>C_DigestKey</b>, and <b>C_EncryptUpdate</b>
-calls (it would be somewhat unusual to intersperse calls to <b>C_DigestEncryptUpdate</b>
-with calls to <b>C_DigestKey</b>, however).</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD, CKR_BUFFER_TOO_SMALL,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DATA_LEN_RANGE, CKR_DEVICE_ERROR,
-CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED,
-CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK,
-CKR_OPERATION_NOT_INITIALIZED, CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID.</p>
-
-<p class=MsoNormal>Example:</p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>#define BUF_SZ 512</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>CK_SESSION_HANDLE hSession;</p>
-
-<p class=BoxedCode>CK_OBJECT_HANDLE hKey;</p>
-
-<p class=BoxedCode>CK_BYTE iv[8];</p>
-
-<p class=BoxedCode>CK_MECHANISM digestMechanism = {</p>
-
-<p class=BoxedCode>  CKM_MD5, NULL_PTR, 0</p>
-
-<p class=BoxedCode>};</p>
-
-<p class=BoxedCode>CK_MECHANISM encryptionMechanism = {</p>
-
-<p class=BoxedCode>  <span lang=DE>CKM_DES_ECB, iv, sizeof(iv)</span></p>
-
-<p class=BoxedCode><span lang=DE>};</span></p>
-
-<p class=BoxedCode><span lang=DE>CK_BYTE encryptedData[BUF_SZ];</span></p>
-
-<p class=BoxedCode><span lang=SV>CK_ULONG ulEncryptedDataLen;</span></p>
-
-<p class=BoxedCode><span lang=SV>CK_BYTE digest[16];</span></p>
-
-<p class=BoxedCode><span lang=SV>CK_ULONG ulDigestLen;</span></p>
-
-<p class=BoxedCode><span lang=SV>CK_BYTE data[(2*BUF_SZ)+8];</span></p>
-
-<p class=BoxedCode><span lang=SV>CK_RV rv;</span></p>
-
-<p class=BoxedCode><span lang=SV>int i;</span></p>
-
-<p class=BoxedCode><span lang=SV>&nbsp;</span></p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>memset(iv, 0, sizeof(iv));</p>
-
-<p class=BoxedCode>memset(data, ‘A’, ((2*BUF_SZ)+5));</p>
-
-<p class=BoxedCode>rv = C_EncryptInit(hSession, &amp;encryptionMechanism,
-hKey);</p>
-
-<p class=BoxedCode>if (rv != <span lang=DE-CH>CKR_OK) {</span></p>
-
-<p class=BoxedCode><span lang=DE-CH>  .</span></p>
-
-<p class=BoxedCode><span lang=DE-CH>  .</span></p>
-
-<p class=BoxedCode><span lang=DE-CH>}</span></p>
-
-<p class=BoxedCode><span lang=DE-CH>rv = C_DigestInit(hSession,
-&amp;digestMechanism);</span></p>
-
-<p class=BoxedCode>if (rv != CKR_OK) {</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>}</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>ulEncryptedDataLen = sizeof(encryptedData);</p>
-
-<p class=BoxedCode>rv = C_DigestEncryptUpdate(</p>
-
-<p class=BoxedCode>  hSession,</p>
-
-<p class=BoxedCode>  &amp;data[0], BUF_SZ,</p>
-
-<p class=BoxedCode>  encryptedData, &amp;ulEncryptedDataLen);</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>ulEncryptedDataLen = sizeof(encryptedData);</p>
-
-<p class=BoxedCode>rv = C_DigestEncryptUpdate(</p>
-
-<p class=BoxedCode>  hSession,</p>
-
-<p class=BoxedCode>  &amp;data[BUF_SZ], BUF_SZ,</p>
-
-<p class=BoxedCode>  encryptedData, &amp;ulEncryptedDataLen);</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>/*</p>
-
-<p class=BoxedCode> * The last portion of the buffer needs to be </p>
-
-<p class=BoxedCode> * handled with separate calls to deal with </p>
-
-<p class=BoxedCode> * padding issues in ECB mode</p>
-
-<p class=BoxedCode> */</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>/* First, complete the digest on the buffer */</p>
-
-<p class=BoxedCode><span lang=IT>rv = C_DigestUpdate(hSession,
-&amp;data[BUF_SZ*2], 5);</span></p>
-
-<p class=BoxedCode><span lang=DE>.</span></p>
-
-<p class=BoxedCode><span lang=DE>.</span></p>
-
-<p class=BoxedCode><span lang=DE>ulDigestLen = sizeof(digest);</span></p>
-
-<p class=BoxedCode><span lang=DE>rv = C_DigestFinal(hSession, digest,
-&amp;ulDigestLen);</span></p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>/* Then, pad last part with 3 0x00 bytes, and complete
-encryption */</p>
-
-<p class=BoxedCode>for(i=0;i&lt;3;i++)</p>
-
-<p class=BoxedCode>  data[((BUF_SZ*2)+5)+i] = 0x00;</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>/* Now, get second-to-last piece of ciphertext */</p>
-
-<p class=BoxedCode>ulEncryptedDataLen = sizeof(encryptedData);</p>
-
-<p class=BoxedCode>rv = C_EncryptUpdate(</p>
-
-<p class=BoxedCode>  <span lang=IT>hSession,</span></p>
-
-<p class=BoxedCode><span lang=IT>  &amp;data[BUF_SZ*2], 8,</span></p>
-
-<p class=BoxedCode><span lang=IT>  encryptedData, &amp;ulEncryptedDataLen);</span></p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>/* Get last piece of ciphertext (should have length 0, here)
-*/</p>
-
-<p class=BoxedCode>ulEncryptedDataLen = sizeof(encryptedData);</p>
-
-<p class=BoxedCode>rv = C_EncryptFinal(hSession, encryptedData, &amp;ulEncryptedDataLen);</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-</div>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002387"></a><a name="_Toc72656169"></a><a name="_Toc405794779"></a><a
-name="_Toc385057959"><span style='font-family:Symbol;font-weight:normal'>¨<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><span
-style='font-family:"Arial","sans-serif"'>C_DecryptDigestUpdate</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_DecryptDigestUpdate)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_BYTE_PTR pEncryptedPart,<br>
-  CK_ULONG ulEncryptedPartLen,<br>
-  CK_BYTE_PTR pPart,<br>
-  CK_ULONG_PTR pulPartLen<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_DecryptDigestUpdate</b> continues a multiple-part
-combined decryption and digest operation, processing another data part. <i>hSession</i>
-is the session’s handle; <i>pEncryptedPart</i> points to the encrypted data
-part; <i>ulEncryptedPartLen</i> is the length of the encrypted data part; <i>pPart</i>
-points to the location that receives the recovered data part; <i>pulPartLen</i>
-points to the location that holds the length of the recovered data part.</p>
-
-<p class=MsoNormal><b>C_DecryptDigestUpdate</b> uses the convention described
-in Section 5.2 on producing output. If a <b>C_DecryptDigestUpdate</b> call does
-not produce decrypted output (because an error occurs, or because <i>pPart</i>
-has the value NULL_PTR, or because <i>pulPartLen</i> is too small to hold the
-entire decrypted part output), then no plaintext is passed to the active digest
-operation.</p>
-
-<p class=MsoNormal>Decryption and digesting operations MUST both be active
-(they MUST have been initialized with <b>C_DecryptInit</b> and <b>C_DigestInit,</b>
-respectively).  This function may be called any number of times in succession,
-and may be interspersed with <b>C_DecryptUpdate</b>, <b>C_DigestUpdate</b>, and
-<b>C_DigestKey</b> calls (it would be somewhat unusual to intersperse calls to <b>C_DigestEncryptUpdate</b>
-with calls to <b>C_DigestKey</b>, however).</p>
-
-<p class=MsoNormal>Use of <b>C_DecryptDigestUpdate</b> involves a pipelining
-issue that does not arise when using <b>C_DigestEncryptUpdate</b>, the “inverse
-function” of <b>C_DecryptDigestUpdate</b>.  This is because when <b>C_DigestEncryptUpdate</b>
-is called, precisely the same input is passed to both the active digesting
-operation and the active encryption operation; however, when <b>C_DecryptDigestUpdate</b>
-is called, the input passed to the active digesting operation is the <i>output
-of</i> the active decryption operation.  This issue comes up only when the
-mechanism used for decryption performs padding.</p>
-
-<p class=MsoNormal>In particular, envision a 24-byte ciphertext which was
-obtained by encrypting an 18-byte plaintext with DES in CBC mode with PKCS
-padding.  Consider an application which will simultaneously decrypt this
-ciphertext and digest the original plaintext thereby obtained.</p>
-
-<p class=MsoNormal>After initializing decryption and digesting operations, the
-application passes the 24-byte ciphertext (3 DES blocks) into <b>C_DecryptDigestUpdate</b>. 
-<b>C_DecryptDigestUpdate</b> returns exactly 16 bytes of plaintext, since at
-this point, Cryptoki doesn’t know if there’s more ciphertext coming, or if the
-last block of ciphertext held any padding.  These 16 bytes of plaintext are
-passed into the active digesting operation.</p>
-
-<p class=MsoNormal>Since there is no more ciphertext, the application calls <b>C_DecryptFinal</b>. 
-This tells Cryptoki that there’s no more ciphertext coming, and the call
-returns the last 2 bytes of plaintext.  However, since the active decryption
-and digesting operations are linked <i>only</i> through the <b>C_DecryptDigestUpdate</b>
-call, these 2 bytes of plaintext are <i>not</i> passed on to be digested.</p>
-
-<p class=MsoNormal>A call to <b>C_DigestFinal</b>, therefore, would compute the
-message digest of <i>the first 16 bytes of the plaintext</i>, not the message
-digest of the entire plaintext.  It is crucial that, before <b>C_DigestFinal</b>
-is called, the last 2 bytes of plaintext get passed into the active digesting
-operation via a <b>C_DigestUpdate</b> call.</p>
-
-<p class=MsoNormal>Because of this, it is critical that when an application
-uses a padded decryption mechanism with <b>C_DecryptDigestUpdate</b>, it knows
-exactly how much plaintext has been passed into the active digesting
-operation.  <i>Extreme caution is warranted when using a padded decryption
-mechanism with <b>C_DecryptDigestUpdate</b>.</i></p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD, CKR_BUFFER_TOO_SMALL,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY,
-CKR_DEVICE_REMOVED, CKR_ENCRYPTED_DATA_INVALID, CKR_ENCRYPTED_DATA_LEN_RANGE,
-CKR_FUNCTION_CANCELED, CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY,
-CKR_OK, CKR_OPERATION_NOT_INITIALIZED, CKR_SESSION_CLOSED,
-CKR_SESSION_HANDLE_INVALID.</p>
-
-<p class=MsoNormal>Example:</p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>#define BUF_SZ 512</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>CK_SESSION_HANDLE hSession;</p>
-
-<p class=BoxedCode>CK_OBJECT_HANDLE hKey;</p>
-
-<p class=BoxedCode>CK_BYTE iv[8];</p>
-
-<p class=BoxedCode>CK_MECHANISM decryptionMechanism = {</p>
-
-<p class=BoxedCode>  CKM_DES_ECB, iv, sizeof(iv)</p>
-
-<p class=BoxedCode>};</p>
-
-<p class=BoxedCode>CK_MECHANISM digestMechanism = {</p>
-
-<p class=BoxedCode>  CKM_MD5, NULL_PTR, 0</p>
-
-<p class=BoxedCode>};</p>
-
-<p class=BoxedCode>CK_BYTE encryptedData[(2*BUF_SZ)+8];</p>
-
-<p class=BoxedCode><span lang=SV>CK_BYTE digest[16];</span></p>
-
-<p class=BoxedCode><span lang=SV>CK_ULONG ulDigestLen;</span></p>
-
-<p class=BoxedCode><span lang=SV>CK_BYTE data[BUF_SZ];</span></p>
-
-<p class=BoxedCode><span lang=SV>CK_ULONG ulDataLen, ulLastUpdateSize;</span></p>
-
-<p class=BoxedCode><span lang=SV>CK_RV rv;</span></p>
-
-<p class=BoxedCode><span lang=SV>&nbsp;</span></p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>memset(iv, 0, sizeof(iv));</p>
-
-<p class=BoxedCode>memset(encryptedData, ‘A’, ((2*BUF_SZ)+8));</p>
-
-<p class=BoxedCode>rv = C_DecryptInit(hSession, &amp;decryptionMechanism,
-hKey);</p>
-
-<p class=BoxedCode>if (rv != CKR_OK) {</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>}</p>
-
-<p class=BoxedCode>rv = C_DigestInit(hSession, &amp;digestMechanism);</p>
-
-<p class=BoxedCode>if (rv != CKR_OK){</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>}</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>ulDataLen = sizeof(data);</p>
-
-<p class=BoxedCode>rv = C_DecryptDigestUpdate(</p>
-
-<p class=BoxedCode>  hSession,</p>
-
-<p class=BoxedCode>  &amp;encryptedData[0], BUF_SZ,</p>
-
-<p class=BoxedCode>  <span lang=IT>data, &amp;ulDataLen);</span></p>
-
-<p class=BoxedCode><span lang=IT>.</span></p>
-
-<p class=BoxedCode><span lang=IT>.</span></p>
-
-<p class=BoxedCode><span lang=IT>ulDataLen = sizeof(data);</span></p>
-
-<p class=BoxedCode><span lang=IT>rv = C_DecryptDigestUpdate(</span></p>
-
-<p class=BoxedCode><span lang=IT>  hSession,</span></p>
-
-<p class=BoxedCode><span lang=IT>  &amp;encryptedData[BUF_SZ], BUF_SZ,</span></p>
-
-<p class=BoxedCode><span lang=IT>  </span>data, &amp;ulDataLen);</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>/*</p>
-
-<p class=BoxedCode> * The last portion of the buffer needs to be handled with </p>
-
-<p class=BoxedCode> * separate calls to deal with padding issues in ECB mode</p>
-
-<p class=BoxedCode> */</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>/* First, complete the decryption of the buffer */</p>
-
-<p class=BoxedCode>ulLastUpdateSize = sizeof(data);</p>
-
-<p class=BoxedCode>rv = C_DecryptUpdate(</p>
-
-<p class=BoxedCode>  <span lang=IT>hSession,</span></p>
-
-<p class=BoxedCode><span lang=IT>  &amp;encryptedData[BUF_SZ*2], 8,</span></p>
-
-<p class=BoxedCode><span lang=IT>  data, &amp;ulLastUpdateSize);</span></p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>/* Get last piece of plaintext (should have length 0, here)
-*/</p>
-
-<p class=BoxedCode>ulDataLen = sizeof(data)-ulLastUpdateSize;</p>
-
-<p class=BoxedCode>rv = C_DecryptFinal(hSession, &amp;data[ulLastUpdateSize],
-&amp;ulDataLen);</p>
-
-<p class=BoxedCode>if (rv != CKR_OK) {</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>}</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>/* Digest last bit of plaintext */</p>
-
-<p class=BoxedCode><span lang=IT>rv = C_DigestUpdate(hSession,
-&amp;data[BUF_SZ*2], 5);</span></p>
-
-<p class=BoxedCode><span lang=DE-CH>if (rv != </span><span lang=DE>CKR_OK) {</span></p>
-
-<p class=BoxedCode><span lang=DE>  .</span></p>
-
-<p class=BoxedCode><span lang=DE>  .</span></p>
-
-<p class=BoxedCode><span lang=DE>}</span></p>
-
-<p class=BoxedCode><span lang=DE>ulDigestLen = sizeof(digest);</span></p>
-
-<p class=BoxedCode><span lang=DE>rv = C_DigestFinal(hSession, digest,
-&amp;ulDigestLen);</span></p>
-
-<p class=BoxedCode>if (rv != CKR_OK) {</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>}</p>
-
-</div>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002388"></a><a name="_Toc72656170"></a><a name="_Toc405794780"></a><a
-name="_Toc385057960"><span style='font-family:Symbol;font-weight:normal'>¨<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><span
-style='font-family:"Arial","sans-serif"'>C_SignEncryptUpdate</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_SignEncryptUpdate)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_BYTE_PTR pPart,<br>
-  CK_ULONG ulPartLen,<br>
-  CK_BYTE_PTR pEncryptedPart,<br>
-  CK_ULONG_PTR pulEncryptedPartLen<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_SignEncryptUpdate</b> continues a multiple-part
-combined signature and encryption operation, processing another data part. <i>hSession</i>
-is the session’s handle; <i>pPart</i> points to the data part; <i>ulPartLen</i>
-is the length of the data part; <i>pEncryptedPart</i> points to the location
-that receives the digested and encrypted data part; and <i>pulEncryptedPartLen</i>
-points to the location that holds the length of the encrypted data part.</p>
-
-<p class=MsoNormal><b>C_SignEncryptUpdate</b> uses the convention described in
-Section 5.2 on producing output.  If a <b>C_SignEncryptUpdate</b> call does not
-produce encrypted output (because an error occurs, or because <i>pEncryptedPart</i>
-has the value NULL_PTR, or because <i>pulEncryptedPartLen</i> is too small to
-hold the entire encrypted part output), then no plaintext is passed to the
-active signing operation.</p>
-
-<p class=MsoNormal>Signature and encryption operations MUST both be active
-(they MUST have been initialized with <b>C_SignInit</b> and <b>C_EncryptInit,</b>
-respectively).  This function may be called any number of times in succession,
-and may be interspersed with <b>C_SignUpdate</b> and <b>C_EncryptUpdate</b>
-calls.</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD, CKR_BUFFER_TOO_SMALL,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DATA_LEN_RANGE, CKR_DEVICE_ERROR,
-CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED,
-CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK,
-CKR_OPERATION_NOT_INITIALIZED, CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID,
-CKR_USER_NOT_LOGGED_IN.</p>
-
-<p class=MsoNormal>Example:</p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>#define BUF_SZ 512</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>CK_SESSION_HANDLE hSession;</p>
-
-<p class=BoxedCode>CK_OBJECT_HANDLE hEncryptionKey, hMacKey;</p>
-
-<p class=BoxedCode>CK_BYTE iv[8];</p>
-
-<p class=BoxedCode>CK_MECHANISM signMechanism = {</p>
-
-<p class=BoxedCode>  CKM_DES_MAC, NULL_PTR, 0</p>
-
-<p class=BoxedCode>};</p>
-
-<p class=BoxedCode>CK_MECHANISM encryptionMechanism = {</p>
-
-<p class=BoxedCode>  CKM_DES_ECB, iv, sizeof(iv)</p>
-
-<p class=BoxedCode>};</p>
-
-<p class=BoxedCode>CK_BYTE encryptedData[BUF_SZ];</p>
-
-<p class=BoxedCode>CK_ULONG ulEncryptedDataLen;</p>
-
-<p class=BoxedCode>CK_BYTE MAC[4];</p>
-
-<p class=BoxedCode>CK_ULONG ulMacLen;</p>
-
-<p class=BoxedCode>CK_BYTE data[(2*BUF_SZ)+8];</p>
-
-<p class=BoxedCode><span lang=SV>CK_RV rv;</span></p>
-
-<p class=BoxedCode><span lang=SV>int i;</span></p>
-
-<p class=BoxedCode><span lang=SV>&nbsp;</span></p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>memset(iv, 0, sizeof(iv));</p>
-
-<p class=BoxedCode>memset(data, ‘A’, ((2*BUF_SZ)+5));</p>
-
-<p class=BoxedCode>rv = C_EncryptInit(hSession, &amp;encryptionMechanism,
-hEncryptionKey);</p>
-
-<p class=BoxedCode>if (rv != CKR_OK) {</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>}</p>
-
-<p class=BoxedCode>rv = C_SignInit(hSession, &amp;signMechanism, hMacKey);</p>
-
-<p class=BoxedCode>if (rv != CKR_OK) {</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>}</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>ulEncryptedDataLen = sizeof(encryptedData);</p>
-
-<p class=BoxedCode>rv = C_SignEncryptUpdate(</p>
-
-<p class=BoxedCode>  hSession,</p>
-
-<p class=BoxedCode>  &amp;data[0], BUF_SZ,</p>
-
-<p class=BoxedCode>  encryptedData, &amp;ulEncryptedDataLen);</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>ulEncryptedDataLen = sizeof(encryptedData);</p>
-
-<p class=BoxedCode>rv = C_SignEncryptUpdate(</p>
-
-<p class=BoxedCode>  hSession,</p>
-
-<p class=BoxedCode>  &amp;data[BUF_SZ], BUF_SZ,</p>
-
-<p class=BoxedCode>  encryptedData, &amp;ulEncryptedDataLen);</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>/*</p>
-
-<p class=BoxedCode> * The last portion of the buffer needs to be handled with </p>
-
-<p class=BoxedCode> * separate calls to deal with padding issues in ECB mode</p>
-
-<p class=BoxedCode> */</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>/* First, complete the signature on the buffer */</p>
-
-<p class=BoxedCode><span lang=IT>rv = C_SignUpdate(hSession, &amp;data[BUF_SZ*2],
-5);</span></p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>ulMacLen = sizeof(MAC);</p>
-
-<p class=BoxedCode>rv = C_SignFinal(hSession, MAC, &amp;ulMacLen);</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>/* Then pad last part with 3 0x00 bytes, and complete
-encryption */</p>
-
-<p class=BoxedCode>for(i=0;i&lt;3;i++)</p>
-
-<p class=BoxedCode>  data[((BUF_SZ*2)+5)+i] = 0x00;</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>/* Now, get second-to-last piece of ciphertext */</p>
-
-<p class=BoxedCode>ulEncryptedDataLen = sizeof(encryptedData);</p>
-
-<p class=BoxedCode>rv = C_EncryptUpdate(</p>
-
-<p class=BoxedCode>  <span lang=IT>hSession,</span></p>
-
-<p class=BoxedCode><span lang=IT>  &amp;data[BUF_SZ*2], 8,</span></p>
-
-<p class=BoxedCode><span lang=IT>  encryptedData, &amp;ulEncryptedDataLen);</span></p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>/* Get last piece of ciphertext (should have length 0, here)
-*/</p>
-
-<p class=BoxedCode>ulEncryptedDataLen = sizeof(encryptedData);</p>
-
-<p class=BoxedCode>rv = C_EncryptFinal(hSession, encryptedData,
-&amp;ulEncryptedDataLen);</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-</div>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002389"></a><a name="_Toc72656171"></a><a name="_Toc405794781"></a><a
-name="_Toc385057961"><span style='font-family:Symbol;font-weight:normal'>¨<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><span
-style='font-family:"Arial","sans-serif"'>C_DecryptVerifyUpdate</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_DecryptVerifyUpdate)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_BYTE_PTR pEncryptedPart,<br>
-  CK_ULONG ulEncryptedPartLen,<br>
-  CK_BYTE_PTR pPart,<br>
-  CK_ULONG_PTR pulPartLen<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><a name="_Toc383864925"></a><a name="_Toc323610918"></a><a
-name="_Toc323205489"></a><a name="_Toc323024155"></a><a name="_Toc323000714"></a><a
-name="_Toc322945147"></a><a name="_Toc322855305"></a><a name="_Ref320514967"><b>C_DecryptVerifyUpdate</b>
-continues a multiple-part combined decryption and verification operation,
-processing another data part. <i>hSession</i> is the session’s handle; <i>pEncryptedPart</i>
-points to the encrypted data; <i>ulEncryptedPartLen</i> is the length of the
-encrypted data; <i>pPart</i> points to the location that receives the recovered
-data; and <i>pulPartLen</i> points to the location that holds the length of the
-recovered data.</a></p>
-
-<p class=MsoNormal><b>C_DecryptVerifyUpdate</b> uses the convention described
-in Section 5.2 on producing output.  If a <b>C_DecryptVerifyUpdate</b> call
-does not produce decrypted output (because an error occurs, or because <i>pPart</i>
-has the value NULL_PTR, or because <i>pulPartLen</i> is too small to hold the
-entire encrypted part output), then no plaintext is passed to the active
-verification operation.</p>
-
-<p class=MsoNormal>Decryption and signature operations MUST both be active
-(they MUST have been initialized with <b>C_DecryptInit</b> and <b>C_VerifyInit,</b>
-respectively).  This function may be called any number of times in succession,
-and may be interspersed with <b>C_DecryptUpdate</b> and <b>C_VerifyUpdate</b>
-calls.</p>
-
-<p class=MsoNormal>Use of <b>C_DecryptVerifyUpdate</b> involves a pipelining
-issue that does not arise when using <b>C_SignEncryptUpdate</b>, the “inverse
-function” of <b>C_DecryptVerifyUpdate</b>.  This is because when <b>C_SignEncryptUpdate</b>
-is called, precisely the same input is passed to both the active signing
-operation and the active encryption operation; however, when <b>C_DecryptVerifyUpdate</b>
-is called, the input passed to the active verifying operation is the <i>output
-of</i> the active decryption operation.  This issue comes up only when the
-mechanism used for decryption performs padding.</p>
-
-<p class=MsoNormal>In particular, envision a 24-byte ciphertext which was
-obtained by encrypting an 18-byte plaintext with DES in CBC mode with PKCS
-padding.  Consider an application which will simultaneously decrypt this
-ciphertext and verify a signature on the original plaintext thereby obtained.</p>
-
-<p class=MsoNormal>After initializing decryption and verification operations,
-the application passes the 24-byte ciphertext (3 DES blocks) into <b>C_DecryptVerifyUpdate</b>. 
-<b>C_DecryptVerifyUpdate</b> returns exactly 16 bytes of plaintext, since at
-this point, Cryptoki doesn’t know if there’s more ciphertext coming, or if the
-last block of ciphertext held any padding.  These 16 bytes of plaintext are
-passed into the active verification operation.</p>
-
-<p class=MsoNormal>Since there is no more ciphertext, the application calls <b>C_DecryptFinal</b>. 
-This tells Cryptoki that there’s no more ciphertext coming, and the call
-returns the last 2 bytes of plaintext.  However, since the active decryption
-and verification operations are linked <i>only</i> through the <b>C_DecryptVerifyUpdate</b>
-call, these 2 bytes of plaintext are <i>not</i> passed on to the verification
-mechanism.</p>
-
-<p class=MsoNormal>A call to <b>C_VerifyFinal</b>, therefore, would verify
-whether or not the signature supplied is a valid signature on <i>the first 16
-bytes of the plaintext</i>, not on the entire plaintext.  It is crucial that,
-before <b>C_VerifyFinal</b> is called, the last 2 bytes of plaintext get passed
-into the active verification operation via a <b>C_VerifyUpdate</b> call.</p>
-
-<p class=MsoNormal>Because of this, it is critical that when an application
-uses a padded decryption mechanism with <b>C_DecryptVerifyUpdate</b>, it knows
-exactly how much plaintext has been passed into the active verification
-operation.  <i>Extreme caution is warranted when using a padded decryption
-mechanism with <b>C_DecryptVerifyUpdate</b>.</i></p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD, CKR_BUFFER_TOO_SMALL,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DATA_LEN_RANGE, CKR_DEVICE_ERROR,
-CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_ENCRYPTED_DATA_INVALID,
-CKR_ENCRYPTED_DATA_LEN_RANGE, CKR_FUNCTION_CANCELED, CKR_FUNCTION_FAILED,
-CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK, CKR_OPERATION_NOT_INITIALIZED,
-CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID.</p>
-
-<p class=MsoNormal>Example:</p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>#define BUF_SZ 512</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>CK_SESSION_HANDLE hSession;</p>
-
-<p class=BoxedCode>CK_OBJECT_HANDLE hDecryptionKey, hMacKey;</p>
-
-<p class=BoxedCode>CK_BYTE iv[8];</p>
-
-<p class=BoxedCode>CK_MECHANISM decryptionMechanism = {</p>
-
-<p class=BoxedCode>  <span lang=DE>CKM_DES_ECB, iv, sizeof(iv)</span></p>
-
-<p class=BoxedCode>};</p>
-
-<p class=BoxedCode>CK_MECHANISM verifyMechanism = {</p>
-
-<p class=BoxedCode>  CKM_DES_MAC, NULL_PTR, 0</p>
-
-<p class=BoxedCode>};</p>
-
-<p class=BoxedCode>CK_BYTE encryptedData[(2*BUF_SZ)+8];</p>
-
-<p class=BoxedCode>CK_BYTE MAC[4];</p>
-
-<p class=BoxedCode>CK_ULONG ulMacLen;</p>
-
-<p class=BoxedCode>CK_BYTE data[BUF_SZ];</p>
-
-<p class=BoxedCode><span lang=SV>CK_ULONG ulDataLen, ulLastUpdateSize;</span></p>
-
-<p class=BoxedCode><span lang=SV>CK_RV rv;</span></p>
-
-<p class=BoxedCode><span lang=SV>&nbsp;</span></p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>memset(iv, 0, sizeof(iv));</p>
-
-<p class=BoxedCode>memset(encryptedData, ‘A’, ((2*BUF_SZ)+8));</p>
-
-<p class=BoxedCode>rv = C_DecryptInit(hSession, &amp;decryptionMechanism,
-hDecryptionKey);</p>
-
-<p class=BoxedCode>if (rv != CKR_OK) {</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>}</p>
-
-<p class=BoxedCode>rv = C_VerifyInit(hSession, &amp;verifyMechanism, hMacKey);</p>
-
-<p class=BoxedCode>if (rv != CKR_OK){</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>}</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>ulDataLen = sizeof(data);</p>
-
-<p class=BoxedCode>rv = C_DecryptVerifyUpdate(</p>
-
-<p class=BoxedCode>  hSession,</p>
-
-<p class=BoxedCode>  &amp;encryptedData[0], BUF_SZ,</p>
-
-<p class=BoxedCode>  <span lang=IT>data, &amp;ulDataLen);</span></p>
-
-<p class=BoxedCode><span lang=IT>.</span></p>
-
-<p class=BoxedCode><span lang=IT>.</span></p>
-
-<p class=BoxedCode><span lang=IT>ulDataLen = sizeof(data);</span></p>
-
-<p class=BoxedCode><span lang=IT>rv = C_DecryptVerifyUpdate(</span></p>
-
-<p class=BoxedCode><span lang=IT>  hSession,</span></p>
-
-<p class=BoxedCode><span lang=IT>  &amp;encryptedData[BUF_SZ], BUF_SZ,</span></p>
-
-<p class=BoxedCode><span lang=IT>  </span>data, &amp;uldataLen);</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>/*</p>
-
-<p class=BoxedCode> * The last portion of the buffer needs to be handled with </p>
-
-<p class=BoxedCode> * separate calls to deal with padding issues in ECB mode</p>
-
-<p class=BoxedCode> */</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>/* First, complete the decryption of the buffer */</p>
-
-<p class=BoxedCode>ulLastUpdateSize = sizeof(data);</p>
-
-<p class=BoxedCode>rv = C_DecryptUpdate(</p>
-
-<p class=BoxedCode>  <span lang=IT>hSession,</span></p>
-
-<p class=BoxedCode><span lang=IT>  &amp;encryptedData[BUF_SZ*2], 8,</span></p>
-
-<p class=BoxedCode><span lang=IT>  data, &amp;ulLastUpdateSize);</span></p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>/* Get last little piece of plaintext.  Should have length 0
-*/</p>
-
-<p class=BoxedCode>ulDataLen = sizeof(data)-ulLastUpdateSize;</p>
-
-<p class=BoxedCode>rv = C_DecryptFinal(hSession, &amp;data[ulLastUpdateSize],
-&amp;ulDataLen);</p>
-
-<p class=BoxedCode>if (rv != CKR_OK) {</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>}</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>/* Send last bit of plaintext to verification operation */</p>
-
-<p class=BoxedCode><span lang=IT>rv = C_VerifyUpdate(hSession,
-&amp;data[BUF_SZ*2], 5);</span></p>
-
-<p class=BoxedCode>if (rv != CKR_OK) {</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>}</p>
-
-<p class=BoxedCode>rv = C_VerifyFinal(hSession, MAC, ulMacLen);</p>
-
-<p class=BoxedCode>if (rv == CKR_SIGNATURE_INVALID) {</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>}</p>
-
-</div>
-
-<h2><a name="_Toc416959749"></a><a name="_Toc395183822"></a><a
-name="_Toc391468826"></a><a name="_Toc370634035"></a><a name="_Toc235002390"></a><a
-name="_Toc72656172"></a><a name="_Ref457140170"></a><a name="_Toc405794782"></a><a
-name="_Ref399147279"></a><a name="_Ref399141071"></a><a name="_Ref385149143"></a><a
-name="_Toc385057962">5.13 Key management</a> functions</h2>
-
-<p class=MsoNormal>Cryptoki provides the following functions for key
-management:</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002391"></a><a name="_Toc72656173"></a><a name="_Toc405794783"></a><a
-name="_Toc385057963"></a><a name="_Toc383864926"></a><a name="_Toc323610919"></a><a
-name="_Toc323205490"></a><a name="_Toc323024156"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_GenerateKey</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_GenerateKey)(<br>
-  CK_SESSION_HANDLE hSession<br>
-  CK_MECHANISM_PTR pMechanism,<br>
-  CK_ATTRIBUTE_PTR pTemplate,<br>
-  CK_ULONG ulCount,<br>
-  CK_OBJECT_HANDLE_PTR phKey<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_GenerateKey</b> generates a secret key or set of domain
-parameters, creating a new object. <i>hSession</i> is the session’s handle; <i>pMechanism</i>
-points to the generation mechanism; <i>pTemplate</i> points to the template for
-the new key or set of domain parameters; <i>ulCount</i> is the number of
-attributes in the template; <i>phKey</i> points to the location that receives
-the handle of the new key or set of domain parameters.</p>
-
-<p class=MsoNormal>If the generation mechanism is for domain parameter
-generation, the <b>CKA_CLASS</b> attribute will have the value
-CKO_DOMAIN_PARAMETERS; otherwise, it will have the value CKO_SECRET_KEY.</p>
-
-<p class=MsoNormal>Since the type of key or domain parameters to be generated
-is implicit in the generation mechanism, the template does not need to supply a
-key type.  If it does supply a key type which is inconsistent with the
-generation mechanism, <b>C_GenerateKey</b> fails and returns the error code
-CKR_TEMPLATE_INCONSISTENT.  The CKA_CLASS attribute is treated similarly.</p>
-
-<p class=MsoNormal>If a call to <b>C_GenerateKey</b> cannot support the precise
-template supplied to it, it will fail and return without creating an object.</p>
-
-<p class=MsoNormal>The object created by a successful call to <b>C_GenerateKey</b>
-will have its <b>CKA_LOCAL</b> attribute set to CK_TRUE.</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD, CKR_ATTRIBUTE_READ_ONLY,
-CKR_ATTRIBUTE_TYPE_INVALID, CKR_ATTRIBUTE_VALUE_INVALID,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_CURVE_NOT_SUPPORTED, CKR_DEVICE_ERROR,
-CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED,
-CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_MECHANISM_INVALID,
-CKR_MECHANISM_PARAM_INVALID, CKR_OK, CKR_OPERATION_ACTIVE, CKR_PIN_EXPIRED,
-CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID, CKR_SESSION_READ_ONLY,
-CKR_TEMPLATE_INCOMPLETE, CKR_TEMPLATE_INCONSISTENT, CKR_TOKEN_WRITE_PROTECTED,
-CKR_USER_NOT_LOGGED_IN.</p>
-
-<p class=MsoNormal>Example:</p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_SESSION_HANDLE hSession;</p>
-
-<p class=BoxedCode>CK_OBJECT_HANDLE hKey;</p>
-
-<p class=BoxedCode>CK_MECHANISM mechanism = {</p>
-
-<p class=BoxedCode>  CKM_DES_KEY_GEN, NULL_PTR, 0</p>
-
-<p class=BoxedCode>};</p>
-
-<p class=BoxedCode>CK_RV rv;</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>rv = C_GenerateKey(hSession, &amp;mechanism, NULL_PTR, 0,
-&amp;hKey);</p>
-
-<p class=BoxedCode>if (rv == CKR_OK) {</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>}</p>
-
-</div>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002392"></a><a name="_Toc72656174"></a><a name="_Toc405794784"></a><a
-name="_Toc385057964"></a><a name="_Toc383864927"></a><a name="_Toc323610920"></a><a
-name="_Toc323205491"></a><a name="_Toc323024157"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_GenerateKeyPair</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_GenerateKeyPair)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_MECHANISM_PTR pMechanism,<br>
-  CK_ATTRIBUTE_PTR pPublicKeyTemplate,<br>
-  CK_ULONG ulPublicKeyAttributeCount,<br>
-  CK_ATTRIBUTE_PTR pPrivateKeyTemplate,<br>
-  CK_ULONG ulPrivateKeyAttributeCount,<br>
-  CK_OBJECT_HANDLE_PTR phPublicKey,<br>
-  CK_OBJECT_HANDLE_PTR phPrivateKey<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_GenerateKeyPair</b> generates a public/private key
-pair, creating new key objects.  <i>hSession</i> is the session’s handle; <i>pMechanism</i>
-points to the key generation mechanism; <i>pPublicKeyTemplate</i> points to the
-template for the public key; <i>ulPublicKeyAttributeCount</i> is the number of
-attributes in the public-key template; <i>pPrivateKeyTemplate</i> points to the
-template for the private key; <i>ulPrivateKeyAttributeCount</i> is the number
-of attributes in the private-key template; <i>phPublicKey</i> points to the
-location that receives the handle of the new public key; <i>phPrivateKey</i>
-points to the location that receives the handle of the new private key.</p>
-
-<p class=MsoNormal>Since the types of keys to be generated are implicit in the
-key pair generation mechanism, the templates do not need to supply key types. 
-If one of the templates does supply a key type which is inconsistent with the
-key generation mechanism, <b>C_GenerateKeyPair</b> fails and returns the error
-code CKR_TEMPLATE_INCONSISTENT.  The CKA_CLASS attribute is treated similarly.</p>
-
-<p class=MsoNormal>If a call to <b>C_GenerateKeyPair</b> cannot support the
-precise templates supplied to it, it will fail and return without creating any
-key objects.</p>
-
-<p class=MsoNormal>A call to <b>C_GenerateKeyPair</b> will never create just
-one key and return.  A call can fail, and create no keys; or it can succeed,
-and create a matching public/private key pair.</p>
-
-<p class=MsoNormal>The key objects created by a successful call to <b>C_GenerateKeyPair</b>
-will have their <b>CKA_LOCAL</b> attributes set to CK_TRUE.</p>
-
-<p class=MsoNormal><i>Note carefully the order of the arguments to <b>C_GenerateKeyPair</b>. 
-The last two arguments do not have the same order as they did in the original
-Cryptoki Version 1.0 document.  The order of these two arguments has caused
-some unfortunate confusion.</i></p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD, CKR_ATTRIBUTE_READ_ONLY,
-CKR_ATTRIBUTE_TYPE_INVALID, CKR_ATTRIBUTE_VALUE_INVALID,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_CURVE_NOT_SUPPORTED, CKR_DEVICE_ERROR,
-CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_DOMAIN_PARAMS_INVALID,
-CKR_FUNCTION_CANCELED, CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY,
-CKR_MECHANISM_INVALID, CKR_MECHANISM_PARAM_INVALID, CKR_OK,
-CKR_OPERATION_ACTIVE, CKR_PIN_EXPIRED, CKR_SESSION_CLOSED,
-CKR_SESSION_HANDLE_INVALID, CKR_SESSION_READ_ONLY, CKR_TEMPLATE_INCOMPLETE,
-CKR_TEMPLATE_INCONSISTENT, CKR_TOKEN_WRITE_PROTECTED, CKR_USER_NOT_LOGGED_IN.</p>
-
-<p class=MsoNormal>Example:</p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_SESSION_HANDLE hSession;</p>
-
-<p class=BoxedCode>CK_OBJECT_HANDLE hPublicKey, hPrivateKey;</p>
-
-<p class=BoxedCode>CK_MECHANISM mechanism = {</p>
-
-<p class=BoxedCode>  CKM_RSA_PKCS_KEY_PAIR_GEN, NULL_PTR, 0</p>
-
-<p class=BoxedCode>};</p>
-
-<p class=BoxedCode>CK_ULONG modulusBits = 768;</p>
-
-<p class=BoxedCode>CK_BYTE publicExponent[] = { 3 };</p>
-
-<p class=BoxedCode>CK_BYTE subject[] = {...};</p>
-
-<p class=BoxedCode>CK_BYTE id[] = {123};</p>
-
-<p class=BoxedCode>CK_BBOOL true = CK_TRUE;</p>
-
-<p class=BoxedCode>CK_ATTRIBUTE publicKeyTemplate[] = {</p>
-
-<p class=BoxedCode>  {CKA_ENCRYPT, &amp;true, sizeof(true)},</p>
-
-<p class=BoxedCode>  {CKA_VERIFY, &amp;true, sizeof(true)},</p>
-
-<p class=BoxedCode>  {CKA_WRAP, &amp;true, sizeof(true)},</p>
-
-<p class=BoxedCode>  {CKA_MODULUS_BITS, &amp;modulusBits, sizeof(modulusBits)},</p>
-
-<p class=BoxedCode>  {CKA_PUBLIC_EXPONENT, publicExponent, sizeof
-(publicExponent)}</p>
-
-<p class=BoxedCode>};</p>
-
-<p class=BoxedCode>CK_ATTRIBUTE privateKeyTemplate[] = {</p>
-
-<p class=BoxedCode>  {CKA_TOKEN, &amp;true, sizeof(true)},</p>
-
-<p class=BoxedCode>  {CKA_PRIVATE, &amp;true, sizeof(true)},</p>
-
-<p class=BoxedCode>  {CKA_SUBJECT, subject, sizeof(subject)},</p>
-
-<p class=BoxedCode>  {CKA_ID, id, sizeof(id)},</p>
-
-<p class=BoxedCode>  {CKA_SENSITIVE, &amp;true, sizeof(true)},</p>
-
-<p class=BoxedCode>  {CKA_DECRYPT, &amp;true, sizeof(true)},</p>
-
-<p class=BoxedCode>  {CKA_SIGN, &amp;true, sizeof(true)},</p>
-
-<p class=BoxedCode>  {CKA_UNWRAP, &amp;true, sizeof(true)}</p>
-
-<p class=BoxedCode><span lang=SV>};</span></p>
-
-<p class=BoxedCode><span lang=SV>CK_RV rv;</span></p>
-
-<p class=BoxedCode><span lang=SV>&nbsp;</span></p>
-
-<p class=BoxedCode><span lang=SV>rv = C_GenerateKeyPair(</span></p>
-
-<p class=BoxedCode><span lang=SV>  </span>hSession, &amp;mechanism,</p>
-
-<p class=BoxedCode>  publicKeyTemplate, 5,</p>
-
-<p class=BoxedCode>  privateKeyTemplate, 8,</p>
-
-<p class=BoxedCode>  &amp;hPublicKey, &amp;hPrivateKey);</p>
-
-<p class=BoxedCode>if (rv == CKR_OK) {</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>}</p>
-
-</div>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002393"></a><a name="_Toc72656175"></a><a name="_Toc405794785"></a><a
-name="_Toc385057965"></a><a name="_Toc383864928"></a><a name="_Toc323610921"></a><a
-name="_Toc323205492"></a><a name="_Toc323024158"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_WrapKey</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_WrapKey)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_MECHANISM_PTR pMechanism,<br>
-  CK_OBJECT_HANDLE hWrappingKey,<br>
-  CK_OBJECT_HANDLE hKey,<br>
-  CK_BYTE_PTR pWrappedKey,<br>
-  CK_ULONG_PTR pulWrappedKeyLen<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_WrapKey</b> wraps (<i>i.e.</i>, encrypts) a private or
-secret key. <i>hSession</i> is the session’s handle; <i>pMechanism</i> points
-to the wrapping mechanism; <i>hWrappingKey</i> is the handle of the wrapping
-key;<i> hKey</i> is the handle of the key to be wrapped; <i>pWrappedKey</i>
-points to the location that receives the wrapped key; and<i> pulWrappedKeyLen</i>
-points to the location that receives the length of the wrapped key.</p>
-
-<p class=MsoNormal><b>C_WrapKey</b> uses the convention described in Section 5.2 on producing output.</p>
-
-<p class=MsoNormal>The <b>CKA_WRAP</b> attribute of the wrapping key, which
-indicates whether the key supports wrapping, MUST be CK_TRUE.  The <b>CKA_EXTRACTABLE</b>
-attribute of the key to be wrapped MUST also be CK_TRUE.</p>
-
-<p class=MsoNormal>If the key to be wrapped cannot be wrapped for some
-token-specific reason, despite its having its <b>CKA_EXTRACTABLE</b> attribute
-set to CK_TRUE, then <b>C_WrapKey</b> fails with error code
-CKR_KEY_NOT_WRAPPABLE.  If it cannot be wrapped with the specified wrapping key
-and mechanism solely because of its length, then <b>C_WrapKey</b> fails with
-error code CKR_KEY_SIZE_RANGE.</p>
-
-<p class=MsoNormal><b>C_WrapKey</b> can be used in the following situations:</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>To wrap any secret key with a public key that supports encryption
-and decryption.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>To wrap any secret key with any other secret key. Consideration MUST
-be given to key size and mechanism strength or the token may not allow the
-operation.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>To wrap a private key with any secret key.</p>
-
-<p class=MsoNormal>Of course, tokens vary in which types of keys can actually
-be wrapped with which mechanisms.</p>
-
-<p class=MsoNormal>To partition the wrapping keys so they can only wrap a
-subset of extractable keys the attribute CKA_WRAP_TEMPLATE can be used on the
-wrapping key to specify an attribute set that will be compared against the
-attributes of the key to be wrapped. If all attributes match according to the
-C_FindObject rules of attribute matching then the wrap will proceed. The value
-of this attribute is an attribute template and the size is the number of items
-in the template times the size of CK_ATTRIBUTE. If this attribute is not
-supplied then any template is acceptable. If an attribute is not present, it
-will not be checked. If any attribute mismatch occurs on an attempt to wrap a
-key then the function SHALL return CKR_KEY_HANDLE_INVALID.</p>
-
-<p class=MsoNormal>Return Values: CKR_ARGUMENTS_BAD, CKR_BUFFER_TOO_SMALL,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY,
-CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED, CKR_FUNCTION_FAILED,
-CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_KEY_HANDLE_INVALID,
-CKR_KEY_NOT_WRAPPABLE, CKR_KEY_SIZE_RANGE, CKR_KEY_UNEXTRACTABLE,
-CKR_MECHANISM_INVALID, CKR_MECHANISM_PARAM_INVALID, CKR_OK,
-CKR_OPERATION_ACTIVE, CKR_PIN_EXPIRED, CKR_SESSION_CLOSED,
-CKR_SESSION_HANDLE_INVALID, CKR_USER_NOT_LOGGED_IN, CKR_WRAPPING_KEY_HANDLE_INVALID,
-CKR_WRAPPING_KEY_SIZE_RANGE, CKR_WRAPPING_KEY_TYPE_INCONSISTENT.</p>
-
-<p class=MsoNormal>Example:</p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_SESSION_HANDLE hSession;</p>
-
-<p class=BoxedCode>CK_OBJECT_HANDLE hWrappingKey, hKey;</p>
-
-<p class=BoxedCode>CK_MECHANISM mechanism = {</p>
-
-<p class=BoxedCode>  CKM_DES3_ECB, NULL_PTR, 0</p>
-
-<p class=BoxedCode>};</p>
-
-<p class=BoxedCode>CK_BYTE wrappedKey[8];</p>
-
-<p class=BoxedCode>CK_ULONG ulWrappedKeyLen;</p>
-
-<p class=BoxedCode>CK_RV rv;</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>ulWrappedKeyLen = sizeof(wrappedKey);</p>
-
-<p class=BoxedCode>rv = C_WrapKey(</p>
-
-<p class=BoxedCode>  hSession, &amp;mechanism,</p>
-
-<p class=BoxedCode>  hWrappingKey, hKey,</p>
-
-<p class=BoxedCode>  wrappedKey, &amp;ulWrappedKeyLen);</p>
-
-<p class=BoxedCode>if (rv == CKR_OK) {</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>}</p>
-
-</div>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002394"></a><a name="_Toc72656176"></a><a name="_Toc405794786"></a><a
-name="_Toc385057966"></a><a name="_Toc383864929"></a><a name="_Toc323610922"></a><a
-name="_Toc323205493"></a><a name="_Toc323024159"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_UnwrapKey</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_UnwrapKey)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_MECHANISM_PTR pMechanism,<br>
-  CK_OBJECT_HANDLE hUnwrappingKey,<br>
-  CK_BYTE_PTR pWrappedKey,<br>
-  CK_ULONG ulWrappedKeyLen,<br>
-  CK_ATTRIBUTE_PTR pTemplate,<br>
-  CK_ULONG ulAttributeCount,<br>
-  CK_OBJECT_HANDLE_PTR phKey<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_UnwrapKey</b> unwraps (<i>i.e.</i> decrypts) a wrapped
-key, creating a new private key or secret key object. <i>hSession</i> is the
-session’s handle; <i>pMechanism</i> points to the unwrapping mechanism; <i>hUnwrappingKey</i>
-is the handle of the unwrapping key;<i> pWrappedKey</i> points to the wrapped
-key; <i>ulWrappedKeyLen</i> is the length of the wrapped key; <i>pTemplate</i>
-points to the template for the new key; <i>ulAttributeCount</i> is the number
-of attributes in the template; <i>phKey</i> points to the location that
-receives the handle of the recovered key.</p>
-
-<p class=MsoNormal>The <b>CKA_UNWRAP</b> attribute of the unwrapping key, which
-indicates whether the key supports unwrapping, MUST be CK_TRUE.</p>
-
-<p class=MsoNormal>The new key will have the <b>CKA_ALWAYS_SENSITIVE</b>
-attribute set to CK_FALSE, and the <b>CKA_NEVER_EXTRACTABLE</b> attribute set
-to CK_FALSE. The <b>CKA_EXTRACTABLE</b> attribute is by default set to CK_TRUE.</p>
-
-<p class=MsoNormal>Some mechanisms may modify, or attempt to modify. the
-contents of the pMechanism structure at the same time that the key is
-unwrapped.</p>
-
-<p class=MsoNormal>If a call to <b>C_UnwrapKey</b> cannot support the precise
-template supplied to it, it will fail and return without creating any key
-object.</p>
-
-<p class=MsoNormal>The key object created by a successful call to <b>C_UnwrapKey</b>
-will have its <b>CKA_LOCAL</b> attribute set to CK_FALSE.</p>
-
-<p class=MsoNormal>To partition the unwrapping keys so they can only unwrap a
-subset of keys the attribute CKA_UNWRAP_TEMPLATE can be used on the unwrapping
-key to specify an attribute set that will be added to attributes of the key to
-be unwrapped. If the attributes do not conflict with the user supplied
-attribute template, in ‘pTemplate’, then the unwrap will proceed. The value of
-this attribute is an attribute template and the size is the number of items in
-the template times the size of CK_ATTRIBUTE. If this attribute is not present
-on the unwrapping key then no additional attributes will be added. If any
-attribute conflict occurs on an attempt to unwrap a key then the function SHALL
-return CKR_TEMPLATE_INCONSISTENT.</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD, CKR_ATTRIBUTE_READ_ONLY,
-CKR_ATTRIBUTE_TYPE_INVALID, CKR_ATTRIBUTE_VALUE_INVALID, CKR_BUFFER_TOO_SMALL,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_CURVE_NOT_SUPPORTED, CKR_DEVICE_ERROR,
-CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_DOMAIN_PARAMS_INVALID,
-CKR_FUNCTION_CANCELED, CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY,
-CKR_MECHANISM_INVALID, CKR_MECHANISM_PARAM_INVALID, CKR_OK, CKR_OPERATION_ACTIVE,
-CKR_PIN_EXPIRED, CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID,
-CKR_SESSION_READ_ONLY, CKR_TEMPLATE_INCOMPLETE, CKR_TEMPLATE_INCONSISTENT,
-CKR_TOKEN_WRITE_PROTECTED, CKR_UNWRAPPING_KEY_HANDLE_INVALID,
-CKR_UNWRAPPING_KEY_SIZE_RANGE, CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT,
-CKR_USER_NOT_LOGGED_IN, CKR_WRAPPED_KEY_INVALID, CKR_WRAPPED_KEY_LEN_RANGE.</p>
-
-<p class=MsoNormal>Example:</p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_SESSION_HANDLE hSession;</p>
-
-<p class=BoxedCode>CK_OBJECT_HANDLE hUnwrappingKey, hKey;</p>
-
-<p class=BoxedCode>CK_MECHANISM mechanism = {</p>
-
-<p class=BoxedCode>  CKM_DES3_ECB, NULL_PTR, 0</p>
-
-<p class=BoxedCode>};</p>
-
-<p class=BoxedCode>CK_BYTE wrappedKey[8] = {...};</p>
-
-<p class=BoxedCode>CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;</p>
-
-<p class=BoxedCode>CK_KEY_TYPE keyType = CKK_DES;</p>
-
-<p class=BoxedCode>CK_BBOOL true = CK_TRUE;</p>
-
-<p class=BoxedCode>CK_ATTRIBUTE template[] = {</p>
-
-<p class=BoxedCode>  {CKA_CLASS, &amp;keyClass, sizeof(keyClass)},</p>
-
-<p class=BoxedCode>  {CKA_KEY_TYPE, &amp;keyType, sizeof(keyType)},</p>
-
-<p class=BoxedCode>  {CKA_ENCRYPT, &amp;true, sizeof(true)},</p>
-
-<p class=BoxedCode>  {CKA_DECRYPT, &amp;true, sizeof(true)}</p>
-
-<p class=BoxedCode>};</p>
-
-<p class=BoxedCode>CK_RV rv;</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>rv = C_UnwrapKey(</p>
-
-<p class=BoxedCode>  hSession, &amp;mechanism, hUnwrappingKey,</p>
-
-<p class=BoxedCode>  wrappedKey, sizeof(wrappedKey), template, 4, &amp;hKey);</p>
-
-<p class=BoxedCode>if (rv == CKR_OK) {</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>}</p>
-
-</div>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002395"></a><a name="_Toc72656177"></a><a name="_Toc405794787"></a><a
-name="_Toc385057967"></a><a name="_Toc383864930"></a><a name="_Toc323610923"></a><a
-name="_Toc323205494"></a><a name="_Toc323024160"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_DeriveKey</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_DeriveKey)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_MECHANISM_PTR pMechanism,<br>
-  CK_OBJECT_HANDLE hBaseKey,<br>
-  CK_ATTRIBUTE_PTR pTemplate,<br>
-  CK_ULONG ulAttributeCount,<br>
-  CK_OBJECT_HANDLE_PTR phKey<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_DeriveKey</b> derives a key from a base key, creating a
-new key object. <i>hSession</i> is the session’s handle; <i>pMechanism</i>
-points to a structure that specifies the key derivation mechanism;  <i>hBaseKey</i>
-is the handle of the base key; <i>pTemplate</i> points to the template for the
-new key; <i>ulAttributeCount</i> is the number of  attributes in the template;
-and <i>phKey</i> points to the location that receives the handle of the derived
-key.</p>
-
-<p class=MsoNormal>The values of the <b>CKA_SENSITIVE</b>, <b>CKA_ALWAYS_SENSITIVE</b>,
-<b>CKA_EXTRACTABLE</b>, and <b>CKA_NEVER_EXTRACTABLE</b> attributes for the
-base key affect the values that these attributes can hold for the newly-derived
-key.  See the description of each particular key-derivation mechanism in
-Section 5.16.2 for any constraints of this type.</p>
-
-<p class=MsoNormal>If a call to <b>C_DeriveKey</b> cannot support the precise
-template supplied to it, it will fail and return without creating any key
-object.</p>
-
-<p class=MsoNormal>The key object created by a successful call to <b>C_DeriveKey</b>
-will have its <b>CKA_LOCAL</b> attribute set to CK_FALSE.</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD, CKR_ATTRIBUTE_READ_ONLY,
-CKR_ATTRIBUTE_TYPE_INVALID, CKR_ATTRIBUTE_VALUE_INVALID,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_CURVE_NOT_SUPPORTED, CKR_DEVICE_ERROR,
-CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED, CKR_DOMAIN_PARAMS_INVALID,
-CKR_FUNCTION_CANCELED, CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY,
-CKR_KEY_HANDLE_INVALID, CKR_KEY_SIZE_RANGE, CKR_KEY_TYPE_INCONSISTENT,
-CKR_MECHANISM_INVALID, CKR_MECHANISM_PARAM_INVALID, CKR_OK,
-CKR_OPERATION_ACTIVE, CKR_PIN_EXPIRED, CKR_SESSION_CLOSED,
-CKR_SESSION_HANDLE_INVALID, CKR_SESSION_READ_ONLY, CKR_TEMPLATE_INCOMPLETE,
-CKR_TEMPLATE_INCONSISTENT, CKR_TOKEN_WRITE_PROTECTED, CKR_USER_NOT_LOGGED_IN.</p>
-
-<p class=MsoNormal>Example:</p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_SESSION_HANDLE hSession;</p>
-
-<p class=BoxedCode>CK_OBJECT_HANDLE hPublicKey, hPrivateKey, hKey;</p>
-
-<p class=BoxedCode>CK_MECHANISM keyPairMechanism = {</p>
-
-<p class=BoxedCode>  CKM_DH_PKCS_KEY_PAIR_GEN, NULL_PTR, 0</p>
-
-<p class=BoxedCode>};</p>
-
-<p class=BoxedCode>CK_BYTE prime[] = {...};</p>
-
-<p class=BoxedCode>CK_BYTE base[] = {...};</p>
-
-<p class=BoxedCode>CK_BYTE publicValue[128];</p>
-
-<p class=BoxedCode>CK_BYTE otherPublicValue[128];</p>
-
-<p class=BoxedCode>CK_MECHANISM mechanism = {</p>
-
-<p class=BoxedCode>  CKM_DH_PKCS_DERIVE, otherPublicValue,
-sizeof(otherPublicValue)</p>
-
-<p class=BoxedCode>};</p>
-
-<p class=BoxedCode>CK_ATTRIBUTE pTemplate[] = {</p>
-
-<p class=BoxedCode>  CKA_VALUE, &amp;publicValue, sizeof(publicValue)}</p>
-
-<p class=BoxedCode>};</p>
-
-<p class=BoxedCode>CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;</p>
-
-<p class=BoxedCode>CK_KEY_TYPE keyType = CKK_DES;</p>
-
-<p class=BoxedCode>CK_BBOOL true = CK_TRUE;</p>
-
-<p class=BoxedCode>CK_ATTRIBUTE publicKeyTemplate[] = {</p>
-
-<p class=BoxedCode>  {CKA_PRIME, prime, sizeof(prime)},</p>
-
-<p class=BoxedCode>  <span lang=IT>{CKA_BASE, base, sizeof(base)}</span></p>
-
-<p class=BoxedCode>};</p>
-
-<p class=BoxedCode>CK_ATTRIBUTE privateKeyTemplate[] = {</p>
-
-<p class=BoxedCode>  {CKA_DERIVE, &amp;true, sizeof(true)}</p>
-
-<p class=BoxedCode>};</p>
-
-<p class=BoxedCode>CK_ATTRIBUTE template[] = {</p>
-
-<p class=BoxedCode>  {CKA_CLASS, &amp;keyClass, sizeof(keyClass)},</p>
-
-<p class=BoxedCode>  {CKA_KEY_TYPE, &amp;keyType, sizeof(keyType)},</p>
-
-<p class=BoxedCode>  {CKA_ENCRYPT, &amp;true, sizeof(true)},</p>
-
-<p class=BoxedCode>  {CKA_DECRYPT, &amp;true, sizeof(true)}</p>
-
-<p class=BoxedCode><span lang=SV>};</span></p>
-
-<p class=BoxedCode><span lang=SV>CK_RV rv;</span></p>
-
-<p class=BoxedCode><span lang=SV>&nbsp;</span></p>
-
-<p class=BoxedCode><span lang=SV>.</span></p>
-
-<p class=BoxedCode><span lang=SV>.</span></p>
-
-<p class=BoxedCode><span lang=SV>rv = C_GenerateKeyPair(</span></p>
-
-<p class=BoxedCode><span lang=SV>  </span>hSession, &amp;keyPairMechanism,</p>
-
-<p class=BoxedCode>  publicKeyTemplate, 2,</p>
-
-<p class=BoxedCode>  privateKeyTemplate, 1,</p>
-
-<p class=BoxedCode>  &amp;hPublicKey, &amp;hPrivateKey);</p>
-
-<p class=BoxedCode>if (rv == CKR_OK) {</p>
-
-<p class=BoxedCode>  rv = C_GetAttributeValue(hSession, hPublicKey,
-&amp;pTemplate, 1);</p>
-
-<p class=BoxedCode>  if (rv == CKR_OK) {</p>
-
-<p class=BoxedCode>    /* Put other guy’s public value in otherPublicValue */</p>
-
-<p class=BoxedCode>    .</p>
-
-<p class=BoxedCode>    .</p>
-
-<p class=BoxedCode>    rv = C_DeriveKey(</p>
-
-<p class=BoxedCode>      hSession, &amp;mechanism,</p>
-
-<p class=BoxedCode>      hPrivateKey, template, 4, &amp;hKey);</p>
-
-<p class=BoxedCode>    if (rv == CKR_OK) {</p>
-
-<p class=BoxedCode>      .</p>
-
-<p class=BoxedCode>      .</p>
-
-<p class=BoxedCode>    }</p>
-
-<p class=BoxedCode>  }</p>
-
-<p class=BoxedCode>}</p>
-
-</div>
-
-<h2><a name="_Toc323024162"></a><a name="_Toc416959750"></a><a
-name="_Toc395183823"></a><a name="_Toc391468827"></a><a name="_Toc370634036"></a><a
-name="_Toc235002396"></a><a name="_Toc72656178"></a><a name="_Toc405794788"></a><a
-name="_Toc385057968"></a><a name="_Toc383864931"></a><a name="_Toc323610924"></a><a
-name="_Toc323205495">5.14 Random number generation</a> functions</h2>
-
-<p class=MsoNormal><a name="_Toc323205496">Cryptoki provides the following
-functions for generating random numbers:</a></p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002397"></a><a name="_Toc72656179"></a><a name="_Toc405794789"></a><a
-name="_Toc385057969"></a><a name="_Toc383864932"></a><a name="_Toc323610925"><span
-style='font-family:Symbol;font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_SeedRandom</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_SeedRandom)(<br>
-  CK_SESSION_HANDLE hSession,<br>
-  CK_BYTE_PTR pSeed,<br>
-  CK_ULONG ulSeedLen<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal><b>C_SeedRandom</b> mixes additional seed material into the
-token’s random number generator. <i>hSession</i> is the session’s handle; <i>pSeed</i>
-points to the seed material; and<i> ulSeedLen</i> is the length in bytes of the
-seed material.</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY,
-CKR_DEVICE_REMOVED, CKR_FUNCTION_CANCELED, CKR_FUNCTION_FAILED,
-CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK, CKR_OPERATION_ACTIVE,
-CKR_RANDOM_SEED_NOT_SUPPORTED, CKR_RANDOM_NO_RNG, CKR_SESSION_CLOSED,
-CKR_SESSION_HANDLE_INVALID, CKR_USER_NOT_LOGGED_IN.</p>
-
-<p class=MsoNormal>Example: see <b>C_GenerateRandom</b>.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002398"></a><a name="_Toc72656180"></a><a name="_Toc405794790"></a><a
-name="_Toc385057970"></a><a name="_Toc383864933"></a><a name="_Toc323610926"></a><a
-name="_Toc323205497"></a><a name="_Toc323024163"><span lang=SV
-style='font-family:Symbol;font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span lang=SV style='font-family:"Arial","sans-serif"'>C_GenerateRandom</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode><span lang=SV>CK_DEFINE_FUNCTION(CK_RV, C_GenerateRandom)(</span></p>
-
-<p class=BoxedCode><span lang=SV>  </span>CK_SESSION_HANDLE hSession,</p>
-
-<p class=BoxedCode>  <span lang=SV>CK_BYTE_PTR pRandomData,</span></p>
-
-<p class=BoxedCode><span lang=SV>  CK_ULONG ulRandomLen</span></p>
-
-<p class=BoxedCode><span lang=SV>);</span></p>
-
-</div>
-
-<p class=MsoNormal><b>C_GenerateRandom</b> generates random or pseudo-random
-data. <i>hSession</i> is the session’s handle; <i>pRandomData</i> points to the
-location that receives the random data; and<i> ulRandomLen</i> is the length in
-bytes of the random or pseudo-random data to be generated.</p>
-
-<p class=MsoNormal>Return values: CKR_ARGUMENTS_BAD,
-CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY, CKR_DEVICE_REMOVED,
-CKR_FUNCTION_CANCELED, CKR_FUNCTION_FAILED, CKR_GENERAL_ERROR, CKR_HOST_MEMORY,
-CKR_OK, CKR_OPERATION_ACTIVE, CKR_RANDOM_NO_RNG, CKR_SESSION_CLOSED,
-CKR_SESSION_HANDLE_INVALID, CKR_USER_NOT_LOGGED_IN.</p>
-
-<p class=MsoNormal>Example:</p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_SESSION_HANDLE hSession;</p>
-
-<p class=BoxedCode>CK_BYTE seed[] = {...};</p>
-
-<p class=BoxedCode>CK_BYTE randomData[] = {...};</p>
-
-<p class=BoxedCode>CK_RV rv;</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>.</p>
-
-<p class=BoxedCode>rv = C_SeedRandom(hSession, seed, sizeof(seed));</p>
-
-<p class=BoxedCode>if (rv != CKR_OK) {</p>
-
-<p class=BoxedCode>  <span lang=SV>.</span></p>
-
-<p class=BoxedCode><span lang=SV>  .</span></p>
-
-<p class=BoxedCode><span lang=SV>}</span></p>
-
-<p class=BoxedCode><span lang=SV>rv = C_GenerateRandom(hSession, randomData,
-sizeof(randomData));</span></p>
-
-<p class=BoxedCode>if (rv == CKR_OK) {</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>  .</p>
-
-<p class=BoxedCode>}</p>
-
-</div>
-
-<h2><a name="_Toc416959751"></a><a name="_Toc395183824"></a><a
-name="_Toc391468828"></a><a name="_Toc370634037"></a><a name="_Toc235002399"></a><a
-name="_Toc72656181"></a><a name="_Toc405794791"></a><a name="_Ref399575137"></a><a
-name="_Toc385057971"></a><a name="_Toc383864934"></a><a name="_Toc323610927"></a><a
-name="_Toc323205498"></a><a name="_Toc323024164"></a><a name="_Toc323000716"></a><a
-name="_Toc322945149"></a><a name="_Toc322855307">5.15 Parallel function
-management</a> functions</h2>
-
-<p class=MsoNormal>Cryptoki provides the following functions for managing
-parallel execution of cryptographic functions.  These functions exist only for
-backwards compatibility.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002400"></a><a name="_Toc72656182"></a><a name="_Toc405794792"></a><a
-name="_Toc385057972"></a><a name="_Toc383864935"></a><a name="_Toc323610928"></a><a
-name="_Toc323205499"></a><a name="_Toc323024165"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_GetFunctionStatus</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_GetFunctionStatus)(<br>
-  CK_SESSION_HANDLE hSession<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal>In previous versions of Cryptoki, <b>C_GetFunctionStatus</b>
-obtained the status of a function running in parallel with an application. 
-Now, however, <b>C_GetFunctionStatus</b> is a legacy function which should
-simply return the value CKR_FUNCTION_NOT_PARALLEL.</p>
-
-<p class=MsoNormal>Return values: CKR_CRYPTOKI_NOT_INITIALIZED,
-CKR_FUNCTION_FAILED, CKR_FUNCTION_NOT_PARALLEL, CKR_GENERAL_ERROR,
-CKR_HOST_MEMORY, CKR_SESSION_HANDLE_INVALID, CKR_SESSION_CLOSED.   </p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc235002401"></a><a name="_Toc72656183"></a><a name="_Toc405794793"></a><a
-name="_Toc385057973"></a><a name="_Toc383864936"></a><a name="_Toc323610929"></a><a
-name="_Toc323205500"></a><a name="_Toc323024166"><span style='font-family:Symbol;
-font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial","sans-serif"'>C_CancelFunction</span></a></p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>CK_DEFINE_FUNCTION(CK_RV, C_CancelFunction)(<br>
-  CK_SESSION_HANDLE hSession<br>
-);</p>
-
-</div>
-
-<p class=MsoNormal>In previous versions of Cryptoki, <b>C_CancelFunction</b>
-cancelled a function running in parallel with an application.  Now, however, <b>C_CancelFunction</b>
-is a legacy function which should simply return the value CKR_FUNCTION_NOT_PARALLEL.</p>
-
-<p class=MsoNormal>Return values: CKR_CRYPTOKI_NOT_INITIALIZED,
-CKR_FUNCTION_FAILED, CKR_FUNCTION_NOT_PARALLEL, CKR_GENERAL_ERROR,
-CKR_HOST_MEMORY, CKR_SESSION_HANDLE_INVALID, CKR_SESSION_CLOSED.  </p>
-
-<h2><a name="_Ref319997130"></a><a name="_Toc416959752"></a><a
-name="_Toc395183825"></a><a name="_Toc391468829"></a><a name="_Toc370634038"></a><a
-name="_Toc235002402"></a><a name="_Toc72656184"></a><a name="_Toc405794794"></a><a
-name="_Ref385351071"></a><a name="_Toc385057974"></a><a name="_Ref384828675"></a><a
-name="_Toc383864937"></a><a name="_Toc323610930"></a><a name="_Toc323205501"></a><a
-name="_Toc323024167"></a><a name="_Toc323000717"></a><a name="_Toc322945150"></a><a
-name="_Ref322938213"></a><a name="_Toc322855308"></a><a name="_Ref320505795">5.16
-Callback function</a>s</h2>
-
-<p class=MsoNormal>Cryptoki sessions can use function pointers of type <b>CK_NOTIFY</b>
-to notify the application of certain events.</p>
-
-<h3><a name="_Toc416959753"></a><a name="_Toc395183826"></a><a
-name="_Toc391468830"></a><a name="_Toc370634039"></a><a name="_Toc235002403"></a><a
-name="_Toc72656185"></a><a name="_Toc405794795"></a><a name="_Ref394400826">5.16.1
-Surrender callbacks</a></h3>
-
-<p class=MsoNormal>Cryptographic functions (<i>i.e.</i>, any functions falling
-under one of these categories: encryption functions; decryption functions;
-message digesting functions; signing and MACing functions; functions for
-verifying signatures and MACs; dual-purpose cryptographic functions; key
-management functions; random number generation functions) executing in Cryptoki
-sessions can periodically surrender control to the application who called them
-if the session they are executing in had a notification callback function
-associated with it when it was opened.  They do this by calling the session’s
-callback with the arguments (hSession, CKN_SURRENDER, pApplication), where
-hSession is the session’s handle and pApplication was supplied to <b>C_OpenSession</b>
-when the session was opened.  Surrender callbacks should return either the
-value CKR_OK (to indicate that Cryptoki should continue executing the function)
-or the value CKR_CANCEL (to indicate that Cryptoki should abort execution of
-the function).  Of course, before returning one of these values, the callback
-function can perform some computation, if desired.</p>
-
-<p class=MsoNormal>A typical use of a surrender callback might be to give an
-application user feedback during a lengthy key pair generation operation.  Each
-time the application receives a callback, it could display an additional “.” to
-the user.  It might also examine the keyboard’s activity since the last
-surrender callback, and abort the key pair generation operation (probably by
-returning the value CKR_CANCEL) if the user hit &lt;ESCAPE&gt;.</p>
-
-<p class=MsoNormal>A Cryptoki library is not <i>required</i> to make <i>any</i>
-surrender callbacks.</p>
-
-<h3><a name="_Toc385057976"></a><a name="_Toc383864939"></a><a
-name="_Toc323610932"></a><a name="_Toc323205503"></a><a name="_Toc323024169"></a><a
-name="_Toc323000718"></a><a name="_Toc322945151"></a><a name="_Toc322855309"></a><a
-name="_Ref320514897"></a><a name="_Toc416959754"></a><a name="_Toc395183827"></a><a
-name="_Toc391468831"></a><a name="_Toc370634040"></a><a name="_Toc235002404"></a><a
-name="_Toc72656186"></a><a name="_Toc405794796">5.16.2 Vendor-defined callbacks</a></h3>
-
-<p class=MsoNormal>Library vendors can also define additional types of
-callbacks.  Because of this extension capability, application-supplied
-notification callback routines should examine each callback they receive, and
-if they are unfamiliar with the type of that callback, they should immediately
-give control back to the library by returning with the value CKR_OK.</p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<div style='border:none;border-top:solid gray 1.0pt;padding:6.0pt 0in 0in 0in'>
-
-<h1><a name="_Toc416959755"></a><a name="_Toc395183828"></a><a
-name="_Toc391468832"></a><a name="_Toc370634041">6<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span>PKCS #11 Implementation Conformance</a></h1>
-
-</div>
-
-<p class=MsoNormal>An implementation is a conforming implementation if it meets
-the conditions specified in one or more server profiles specified in <b>[PKCS
-#11-Prof]</b>.</p>
-
-<p class=MsoNormal>If a PKCS #11 implementation claims support for a particular
-profile, then the implementation SHALL conform to all normative statements
-within the clauses specified for that profile and for any subclauses to each of
-those clauses<span style='font-family:"Courier New"'>.</span></p>
-
-<div style='border:none;border-top:solid gray 1.0pt;padding:6.0pt 0in 0in 0in'>
-
-<p class=AppendixHeading1><a name="_Ref72659766"></a><a name="_Ref72659745"></a><a
-name="_Ref72658945"></a><a name="_Ref72658937"></a><a name="_Toc72656531"></a><a
-name="_Toc405794955"></a><a name="_Toc383864976"></a><a name="_Toc323610960"></a><a
-name="_Toc235002410">Appendix A.<span style='font:7.0pt "Times New Roman"'> </span> </a><a
-name="_Toc416959756"></a><a name="_Toc395183829"></a><a name="_Toc391468833"></a><a
-name="_Toc370634042">Acknowledgments</a></p>
-
-</div>
-
-<p class=MsoNormal>The following individuals have participated in the creation
-of this specification and are gratefully acknowledged:</p>
-
-<p class=Titlepageinfo>&nbsp;</p>
-
-<p class=Titlepageinfo>Participants:</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>&nbsp;</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Gil Abel,
-Athena Smartcard Solutions, Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Warren
-Armstrong, QuintessenceLabs</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Jeff
-Bartell, Semper Foris Solutions LLC</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Peter
-Bartok, Venafi, Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Anthony
-Berglas, Cryptsoft </p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Joseph
-Brand, Semper Fortis Solutions LLC</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Kelley
-Burgin, National Security Agency</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Robert
-Burns, Thales e-Security</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Wan-Teh
-Chang, Google Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Hai-May
-Chao, Oracle</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Janice
-Cheng, Vormetric, Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Sangrae Cho,
-Electronics and Telecommunications Research Institute (ETRI)</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Doron Cohen,
-SafeNet, Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Fadi Cotran,
-Futurex</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Tony Cox,
-Cryptsoft </p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Christopher
-Duane, EMC</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Chris Dunn,
-SafeNet, Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Valerie
-Fenwick, Oracle</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Terry
-Fletcher, SafeNet, Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Susan
-Gleeson, Oracle</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Sven Gossel,
-Charismathics</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>John Green,
-QuintessenceLabs</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Robert Griffin,
-EMC</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Paul
-Grojean, Individual</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Peter
-Gutmann, Individual</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Dennis E.
-Hamilton, Individual</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Thomas
-Hardjono, M.I.T.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Tim Hudson,
-Cryptsoft</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Gershon
-Janssen, Individual</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Seunghun
-Jin, Electronics and Telecommunications Research Institute (ETRI)</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Wang
-Jingman, Feitan Technologies</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Andrey
-Jivsov, Symantec Corp.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Mark Joseph,
-P6R</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Stefan
-Kaesar, Infineon Technologies</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Greg
-Kazmierczak, Wave Systems Corp.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Mark Knight,
-Thales e-Security</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=DE-CH>Darren Krahn, Google Inc.</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=DE-CH>Alex Krasnov, Infineon Technologies AG</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Dina
-Kurktchi-Nimeh, Oracle</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Mark
-Lambiase, SecureAuth Corporation</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Lawrence
-Lee, GoTrust Technology Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=FR-CH>John Leiseboer, QuintessenceLabs </span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=FR-CH>Sean Leon, Infineon Technologies</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=FR-CH>Geoffrey Li, Infineon Technologies</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=FR-CH>Howie Liu, Infineon Technologies</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Hal
-Lockhart, Oracle</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Robert
-Lockhart, Thales e-Security</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Dale Moberg,
-Axway Software</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Darren
-Moffat, Oracle</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Valery
-Osheter, SafeNet, Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Sean
-Parkinson, EMC</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Rob
-Philpott, EMC</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Mark Powers,
-Oracle</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Ajai Puri,
-SafeNet, Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Robert
-Relyea, Red Hat</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Saikat Saha,
-Oracle</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=IT>Subhash Sankuratripati, NetApp</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=IT>Anthony Scarpino, Oracle</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Johann
-Schoetz, Infineon Technologies AG</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Rayees
-Shamsuddin, Wave Systems Corp.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=IT>Radhika Siravara, Oracle</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=IT>Brian Smith, Mozilla Corporation</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>David Smith,
-Venafi, Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Ryan Smith,
-Futurex</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Jerry Smith,
-US Department of Defense (DoD)</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Oscar So,
-Oracle</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Graham
-Steel, Cryptosense</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Michael
-Stevens, QuintessenceLabs </p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Michael
-StJohns, Individual</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Jim Susoy,
-P6R</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Sander
-Temme, Thales e-Security</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Kiran Thota,
-VMware, Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Walter-John
-Turnes, Gemini Security Solutions, Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=DE-CH>Stef Walter, Red Hat</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=DE-CH>James Wang, Vormetric</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=DE-CH>Jeff Webb, Dell</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=DE-CH>Peng Yu, Feitian Technologies</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=DE-CH>Magda Zdunkiewicz, Cryptsoft </span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Chris
-Zimman, Individual</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>.</p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<div style='border:none;border-top:solid gray 1.0pt;padding:6.0pt 0in 0in 0in'>
-
-<p class=AppendixHeading1><a name="_Toc416959757"></a><a name="_Toc395183830"></a><a
-name="_Toc391468834"></a><a name="_Toc370634043">Appendix B.<span
-style='font:7.0pt "Times New Roman"'> </span>Manifest constants</a></p>
-
-</div>
-
-<p class=MsoNormal>The following definitions can be found in the appropriate
-header file.  Also, refer <b>[PKCS11_Curr] and [PKCS11_HIST] </b>for additional
-definitions.</p>
-
-<p class=MsoNormal style='page-break-after:avoid'>&nbsp;</p>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt'>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>/*</p>
-
-<p class=BoxedCode> * Copyright © Oasis Open 2013.  All right reserved.</p>
-
-<p class=BoxedCode> * OASIS trademark, IPR and other policies apply.</p>
-
-<p class=BoxedCode> * <a
-href="http://www.oasis-open.org/policies-guidelines/ipr">http://www.oasis-open.org/policies-guidelines/ipr</a></p>
-
-<p class=BoxedCode> */</p>
-
-<p class=BoxedCode>#define CK_INVALID_HANDLE                 0UL</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>#define CKN_SURRENDER                     0UL</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>#define CK_UNAVAILABLE_INFORMATION        (~0UL)</p>
-
-<p class=BoxedCode>#define CK_EFFECTIVELY_INFINITE           0UL</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>#define CKF_DONT_BLOCK 1</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode><span lang=IT>#define CKF_ARRAY_ATTRIBUTE               0x40000000UL</span></p>
-
-<p class=BoxedCode><span lang=IT>&nbsp;</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKU_SO                            0UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKU_USER                          1UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKU_CONTEXT_SPECIFIC              2UL</span></p>
-
-<p class=BoxedCode><span lang=IT>&nbsp;</span></p>
-
-<p class=BoxedCode>#define CKS_RO_PUBLIC_SESSION             0UL</p>
-
-<p class=BoxedCode>#define CKS_RO_USER_FUNCTIONS             1UL</p>
-
-<p class=BoxedCode>#define CKS_RW_PUBLIC_SESSION             2UL</p>
-
-<p class=BoxedCode>#define CKS_RW_USER_FUNCTIONS             3UL</p>
-
-<p class=BoxedCode>#define CKS_RW_SO_FUNCTIONS               4UL</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode><span lang=IT>#define CKO_DATA                          0x00000000UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKO_CERTIFICATE                   0x00000001UL</span></p>
-
-<p class=BoxedCode>#define CKO_PUBLIC_KEY                    0x00000002UL</p>
-
-<p class=BoxedCode>#define CKO_PRIVATE_KEY                   0x00000003UL</p>
-
-<p class=BoxedCode>#define CKO_SECRET_KEY                    0x00000004UL</p>
-
-<p class=BoxedCode>#define CKO_HW_FEATURE                    0x00000005UL</p>
-
-<p class=BoxedCode>#define CKO_DOMAIN_PARAMETERS             0x00000006UL</p>
-
-<p class=BoxedCode>#define CKO_MECHANISM                     0x00000007UL</p>
-
-<p class=BoxedCode>#define CKO_VENDOR_DEFINED                0x80000000UL</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>#define CKH_MONOTONIC_COUNTER             0x00000001UL</p>
-
-<p class=BoxedCode>#define CKH_CLOCK                         0x00000002UL</p>
-
-<p class=BoxedCode><span lang=IT>#define CKH_USER_INTERFACE                0x00000003UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKH_VENDOR_DEFINED                0x80000000UL</span></p>
-
-<span lang=IT style='font-size:10.0pt;font-family:"Courier New"'><br clear=all
-style='page-break-before:always'>
-</span>
-
-<p class=BoxedCode><span lang=IT>&nbsp;</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_CLASS                         0x00000000UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_TOKEN                         0x00000001UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_PRIVATE                       0x00000002UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_LABEL                         0x00000003UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_APPLICATION                   0x00000010UL</span></p>
-
-<p class=BoxedCode>#define CKA_VALUE                         0x00000011UL</p>
-
-<p class=BoxedCode>#define CKA_OBJECT_ID                     0x00000012UL</p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_CERTIFICATE_TYPE              0x00000080UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_ISSUER                        0x00000081UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_SERIAL_NUMBER                 0x00000082UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_AC_ISSUER                     0x00000083UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_OWNER                         0x00000084UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_ATTR_TYPES                    0x00000085UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_TRUSTED                       0x00000086UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_CERTIFICATE_CATEGORY          0x00000087UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_JAVA_MIDP_SECURITY_DOMAIN     0x00000088UL</span></p>
-
-<p class=BoxedCode>#define CKA_URL                           0x00000089UL</p>
-
-<p class=BoxedCode>#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY    0x0000008AUL</p>
-
-<p class=BoxedCode>#define CKA_HASH_OF_ISSUER_PUBLIC_KEY     0x0000008BUL</p>
-
-<p class=BoxedCode>#define CKA_NAME_HASH_ALGORITHM           0x0000008CUL</p>
-
-<p class=BoxedCode>#define CKA_CHECK_VALUE                   0x00000090UL</p>
-
-<p class=BoxedCode>#define CKA_KEY_TYPE                      0x00000100UL</p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_SUBJECT                       0x00000101UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_ID                            0x00000102UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_SENSITIVE                     0x00000103UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_ENCRYPT                       0x00000104UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_DECRYPT                       0x00000105UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_WRAP                          0x00000106UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_UNWRAP                        0x00000107UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_SIGN                          0x00000108UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_SIGN_RECOVER                  0x00000109UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_VERIFY                        0x0000010AUL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_VERIFY_RECOVER                0x0000010BUL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_DERIVE                        0x0000010CUL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_START_DATE                    0x00000110UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_END_DATE                      0x00000111UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_MODULUS                       0x00000120UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_MODULUS_BITS                  0x00000121UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_PUBLIC_EXPONENT               0x00000122UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_PRIVATE_EXPONENT              0x00000123UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_PRIME_1                       0x00000124UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_PRIME_2                       0x00000125UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_EXPONENT_1                    0x00000126UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_EXPONENT_2                    0x00000127UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_COEFFICIENT                   0x00000128UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_PRIME                         0x00000130UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_SUBPRIME                      0x00000131UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_BASE                          0x00000132UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_PRIME_BITS                    0x00000133UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_SUBPRIME_BITS                 0x00000134UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_VALUE_BITS                    0x00000160UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_VALUE_LEN                     0x00000161UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_EXTRACTABLE                   0x00000162UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_LOCAL                         0x00000163UL</span></p>
-
-<p class=BoxedCode>#define CKA_NEVER_EXTRACTABLE             0x00000164UL</p>
-
-<p class=BoxedCode>#define CKA_ALWAYS_SENSITIVE              0x00000165UL</p>
-
-<p class=BoxedCode>#define CKA_KEY_GEN_MECHANISM             0x00000166UL</p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_MODIFIABLE                    0x00000170UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_COPYABLE                      0x00000171UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_DESTROYABLE                   0x00000172UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_ECDSA_PARAMS                  0x00000180UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_EC_PARAMS                     0x00000180UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_EC_POINT                      0x00000181UL</span></p>
-
-<p class=BoxedCode>#define CKA_SECONDARY_AUTH                0x00000200UL /*
-Deprecated */</p>
-
-<p class=BoxedCode>#define CKA_AUTH_PIN_FLAGS                0x00000201UL /*
-Deprecated */</p>
-
-<p class=BoxedCode>#define CKA_ALWAYS_AUTHENTICATE           0x00000202UL</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>#define CKA_WRAP_WITH_TRUSTED             0x00000210UL</p>
-
-<p class=BoxedCode>#define CKA_WRAP_TEMPLATE                 (CKF_ARRAY_ATTRIBUTE|0x00000211UL)</p>
-
-<p class=BoxedCode>   #define CKA_UNWRAP_TEMPLATE            (CKF_ARRAY_ATTRIBUTE|0x00000212UL)</p>
-
-<p class=BoxedCode>#define CKA_HW_FEATURE_TYPE               0x00000300UL</p>
-
-<p class=BoxedCode>#define CKA_RESET_ON_INIT                 0x00000301UL</p>
-
-<p class=BoxedCode>#define CKA_HAS_RESET                     0x00000302UL</p>
-
-<p class=BoxedCode>#define CKA_PIXEL_X                       0x00000400UL</p>
-
-<p class=BoxedCode>#define CKA_PIXEL_Y                       0x00000401UL</p>
-
-<p class=BoxedCode>#define CKA_RESOLUTION                    0x00000402UL</p>
-
-<p class=BoxedCode>#define CKA_CHAR_ROWS                     0x00000403UL</p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_CHAR_COLUMNS                  0x00000404UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_COLOR                         0x00000405UL</span></p>
-
-<p class=BoxedCode><span lang=SV>#define CKA_BITS_PER_PIXEL                0x00000406UL</span></p>
-
-<p class=BoxedCode><span lang=SV>#define CKA_CHAR_SETS                     0x00000480UL</span></p>
-
-<p class=BoxedCode><span lang=SV>#define CKA_ENCODING_METHODS              0x00000481UL</span></p>
-
-<p class=BoxedCode><span lang=SV>#define CKA_MIME_TYPES                    0x00000482UL</span></p>
-
-<p class=BoxedCode><span lang=SV>#define CKA_MECHANISM_TYPE                0x00000500UL</span></p>
-
-<p class=BoxedCode>#define CKA_REQUIRED_CMS_ATTRIBUTES       0x00000501UL</p>
-
-<p class=BoxedCode>#define CKA_DEFAULT_CMS_ATTRIBUTES        0x00000502UL</p>
-
-<p class=BoxedCode>#define CKA_SUPPORTED_CMS_ATTRIBUTES      0x00000503UL</p>
-
-<p class=BoxedCode>#define CKA_ALLOWED_MECHANISMS            (CKF_ARRAY_ATTRIBUTE|0x00000600UL)</p>
-
-<p class=BoxedCode><span lang=IT>#define CKA_VENDOR_DEFINED                0x80000000UL</span></p>
-
-<p class=BoxedCode><span lang=IT>&nbsp;</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKR_OK                           
-0x00000000UL</span></p>
-
-<p class=BoxedCode>#define CKR_CANCEL                        0x00000001UL</p>
-
-<p class=BoxedCode>#define CKR_HOST_MEMORY                   0x00000002UL</p>
-
-<p class=BoxedCode>#define CKR_SLOT_ID_INVALID               0x00000003UL</p>
-
-<p class=BoxedCode>#define CKR_GENERAL_ERROR                 0x00000005UL</p>
-
-<p class=BoxedCode>#define CKR_FUNCTION_FAILED               0x00000006UL</p>
-
-<p class=BoxedCode>#define CKR_ARGUMENTS_BAD                 0x00000007UL</p>
-
-<p class=BoxedCode>#define CKR_NO_EVENT                      0x00000008UL</p>
-
-<p class=BoxedCode>#define CKR_NEED_TO_CREATE_THREADS        0x00000009UL</p>
-
-<p class=BoxedCode>#define CKR_CANT_LOCK                     0x0000000AUL</p>
-
-<p class=BoxedCode>#define CKR_ATTRIBUTE_READ_ONLY           0x00000010UL</p>
-
-<p class=BoxedCode>#define CKR_ATTRIBUTE_SENSITIVE           0x00000011UL</p>
-
-<p class=BoxedCode>#define CKR_ATTRIBUTE_TYPE_INVALID        0x00000012UL</p>
-
-<p class=BoxedCode>#define CKR_ATTRIBUTE_VALUE_INVALID       0x00000013UL</p>
-
-<p class=BoxedCode>#define <span style='color:black'>CKR_COPY_PROHIBITED               </span>0x0000001AUL</p>
-
-<p class=BoxedCode>#define CKR_ACTION_PROHIBITED             0x0000001BUL</p>
-
-<p class=BoxedCode>#define CKR_DATA_INVALID                  0x00000020UL</p>
-
-<p class=BoxedCode>#define CKR_DATA_LEN_RANGE                0x00000021UL</p>
-
-<p class=BoxedCode>#define CKR_DEVICE_ERROR                  0x00000030UL</p>
-
-<p class=BoxedCode>#define CKR_DEVICE_MEMORY                 0x00000031UL</p>
-
-<p class=BoxedCode>#define CKR_DEVICE_REMOVED                0x00000032UL</p>
-
-<p class=BoxedCode>#define CKR_ENCRYPTED_DATA_INVALID        0x00000040UL</p>
-
-<p class=BoxedCode>#define CKR_ENCRYPTED_DATA_LEN_RANGE      0x00000041UL</p>
-
-<p class=BoxedCode>#define CKR_FUNCTION_CANCELED             0x00000050UL</p>
-
-<p class=BoxedCode>#define CKR_FUNCTION_NOT_PARALLEL         0x00000051UL</p>
-
-<p class=BoxedCode>#define CKR_FUNCTION_NOT_SUPPORTED        0x00000054UL</p>
-
-<p class=BoxedCode>#define CKR_KEY_HANDLE_INVALID            0x00000060UL</p>
-
-<p class=BoxedCode>#define CKR_KEY_SIZE_RANGE                0x00000062UL</p>
-
-<p class=BoxedCode>#define CKR_KEY_TYPE_INCONSISTENT         0x00000063UL</p>
-
-<p class=BoxedCode>#define CKR_KEY_NOT_NEEDED                0x00000064UL</p>
-
-<p class=BoxedCode>#define CKR_KEY_CHANGED                   0x00000065UL</p>
-
-<p class=BoxedCode>#define CKR_KEY_NEEDED                    0x00000066UL</p>
-
-<p class=BoxedCode>#define CKR_KEY_INDIGESTIBLE              0x00000067UL</p>
-
-<p class=BoxedCode>#define CKR_KEY_FUNCTION_NOT_PERMITTED    0x00000068UL</p>
-
-<p class=BoxedCode>#define CKR_KEY_NOT_WRAPPABLE             0x00000069UL</p>
-
-<p class=BoxedCode>#define CKR_KEY_UNEXTRACTABLE             0x0000006AUL</p>
-
-<p class=BoxedCode>#define CKR_MECHANISM_INVALID             0x00000070UL</p>
-
-<p class=BoxedCode>#define CKR_MECHANISM_PARAM_INVALID       0x00000071UL</p>
-
-<p class=BoxedCode>#define CKR_OBJECT_HANDLE_INVALID         0x00000082UL</p>
-
-<p class=BoxedCode>#define CKR_OPERATION_ACTIVE              0x00000090UL</p>
-
-<p class=BoxedCode>#define CKR_OPERATION_NOT_INITIALIZED     0x00000091UL</p>
-
-<p class=BoxedCode>#define CKR_PIN_INCORRECT                 0x000000A0UL</p>
-
-<p class=BoxedCode>#define CKR_PIN_INVALID                   0x000000A1UL</p>
-
-<p class=BoxedCode>#define CKR_PIN_LEN_RANGE                 0x000000A2UL</p>
-
-<p class=BoxedCode>#define CKR_PIN_EXPIRED                   0x000000A3UL</p>
-
-<p class=BoxedCode>#define CKR_PIN_LOCKED                    0x000000A4UL</p>
-
-<p class=BoxedCode>#define CKR_SESSION_CLOSED                0x000000B0UL</p>
-
-<p class=BoxedCode>#define CKR_SESSION_COUNT                 0x000000B1UL</p>
-
-<p class=BoxedCode>#define CKR_SESSION_HANDLE_INVALID        0x000000B3UL</p>
-
-<p class=BoxedCode>#define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4UL</p>
-
-<p class=BoxedCode>#define CKR_SESSION_READ_ONLY             0x000000B5UL</p>
-
-<p class=BoxedCode>#define CKR_SESSION_EXISTS                0x000000B6UL</p>
-
-<p class=BoxedCode>#define CKR_SESSION_READ_ONLY_EXISTS      0x000000B7UL</p>
-
-<p class=BoxedCode>#define CKR_SESSION_READ_WRITE_SO_EXISTS  0x000000B8UL</p>
-
-<p class=BoxedCode><span lang=IT>#define CKR_SIGNATURE_INVALID            
-0x000000C0UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKR_SIGNATURE_LEN_RANGE          
-0x000000C1UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKR_TEMPLATE_INCOMPLETE          
-0x000000D0UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKR_TEMPLATE_INCONSISTENT         0x000000D1UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKR_TOKEN_NOT_PRESENT            
-0x000000E0UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKR_TOKEN_NOT_RECOGNIZED         
-0x000000E1UL</span></p>
-
-<p class=BoxedCode><span lang=IT>#define CKR_TOKEN_WRITE_PROTECTED        
-0x000000E2UL</span></p>
-
-<p class=BoxedCode>#define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0UL</p>
-
-<p class=BoxedCode>#define CKR_UNWRAPPING_KEY_SIZE_RANGE     0x000000F1UL</p>
-
-<p class=BoxedCode>#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT  0x000000F2UL</p>
-
-<p class=BoxedCode>#define CKR_USER_ALREADY_LOGGED_IN        0x00000100UL</p>
-
-<p class=BoxedCode>#define CKR_USER_NOT_LOGGED_IN            0x00000101UL</p>
-
-<p class=BoxedCode>#define CKR_USER_PIN_NOT_INITIALIZED      0x00000102UL</p>
-
-<p class=BoxedCode>#define CKR_USER_TYPE_INVALID             0x00000103UL</p>
-
-<p class=BoxedCode>#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104UL</p>
-
-<p class=BoxedCode>#define CKR_USER_TOO_MANY_TYPES           0x00000105UL</p>
-
-<p class=BoxedCode>#define CKR_WRAPPED_KEY_INVALID           0x00000110UL</p>
-
-<p class=BoxedCode>#define CKR_WRAPPED_KEY_LEN_RANGE         0x00000112UL</p>
-
-<p class=BoxedCode>#define CKR_WRAPPING_KEY_HANDLE_INVALID   0x00000113UL</p>
-
-<p class=BoxedCode>#define CKR_WRAPPING_KEY_SIZE_RANGE       0x00000114UL</p>
-
-<p class=BoxedCode>#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115UL</p>
-
-<p class=BoxedCode>#define CKR_RANDOM_SEED_NOT_SUPPORTED     0x00000120UL</p>
-
-<p class=BoxedCode>#define CKR_RANDOM_NO_RNG                 0x00000121UL</p>
-
-<p class=BoxedCode>#define CKR_DOMAIN_PARAMS_INVALID         0x00000130UL</p>
-
-<p class=BoxedCode>#define CKR_CURVE_NOT_SUPPORTED           0x00000140UL</p>
-
-<p class=BoxedCode>#define CKR_BUFFER_TOO_SMALL              0x00000150UL</p>
-
-<p class=BoxedCode>#define CKR_SAVED_STATE_INVALID           0x00000160UL</p>
-
-<p class=BoxedCode>#define CKR_INFORMATION_SENSITIVE         0x00000170UL</p>
-
-<p class=BoxedCode>#define CKR_STATE_UNSAVEABLE              0x00000180UL</p>
-
-<p class=BoxedCode>#define CKR_CRYPTOKI_NOT_INITIALIZED      0x00000190UL</p>
-
-<p class=BoxedCode>#define CKR_CRYPTOKI_ALREADY_INITIALIZED  0x00000191UL</p>
-
-<p class=BoxedCode>#define CKR_MUTEX_BAD                     0x000001A0UL</p>
-
-<p class=BoxedCode>#define CKR_MUTEX_NOT_LOCKED              0x000001A1UL</p>
-
-<p class=BoxedCode>#define CKR_FUNCTION_REJECTED             0x00000200UL</p>
-
-<p class=BoxedCode>#define CKR_VENDOR_DEFINED                0x80000000UL</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>#define CK_CERTIFICATE_CATEGORY_UNSPECIFIED     0UL</p>
-
-<p class=BoxedCode>#define CK_CERTIFICATE_CATEGORY_TOKEN_USER      1UL</p>
-
-<p class=BoxedCode>#define CK_CERTIFICATE_CATEGORY_AUTHORITY       2UL</p>
-
-<p class=BoxedCode>#define CK_CERTIFICATE_CATEGORY_OTHER_ENTITY    3UL</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-<p class=BoxedCode>#define CK_SECURITY_DOMAIN_UNSPECIFIED          0UL</p>
-
-<p class=BoxedCode>#define CK_SECURITY_DOMAIN_MANUFACTURER         1UL</p>
-
-<p class=BoxedCode>#define CK_SECURITY_DOMAIN_OPERATOR             2UL</p>
-
-<p class=BoxedCode>#define CK_SECURITY_DOMAIN_THIRD_PARTY          3UL</p>
-
-<p class=BoxedCode>&nbsp;</p>
-
-</div>
-
-<div style='border:none;border-top:solid gray 1.0pt;padding:6.0pt 0in 0in 0in'>
-
-<p class=AppendixHeading1><a name="_Toc416959758"></a><a name="_Toc395183831"></a><a
-name="_Toc391468835"></a><a name="_Toc370634044"></a><a name="_Toc287332014"></a><a
-name="_Toc85472898">Appendix C.<span style='font:7.0pt "Times New Roman"'> </span>Revision
-History</a></p>
-
-</div>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0 width=643
- style='width:482.3pt;border-collapse:collapse;border:none'>
- <tr style='height:20.1pt'>
-  <td width=104 valign=top style='width:77.95pt;border:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:20.1pt'>
-  <p class=MsoNormal align=center style='text-align:center'><b>Revision</b></p>
-  </td>
-  <td width=97 valign=top style='width:72.55pt;border:solid windowtext 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt;height:20.1pt'>
-  <p class=MsoNormal align=center style='text-align:center'><b>Date</b></p>
-  </td>
-  <td width=145 valign=top style='width:108.8pt;border:solid windowtext 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt;height:20.1pt'>
-  <p class=MsoNormal align=center style='text-align:center'><b>Editor</b></p>
-  </td>
-  <td width=297 valign=top style='width:223.0pt;border:solid windowtext 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt;height:20.1pt'>
-  <p class=MsoNormal><b>Changes Made</b></p>
-  </td>
- </tr>
- <tr style='height:20.1pt'>
-  <td width=104 valign=top style='width:77.95pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt;height:20.1pt'>
-  <p class=MsoNormal>wd01</p>
-  </td>
-  <td width=97 valign=top style='width:72.55pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:20.1pt'>
-  <p class=MsoNormal>Apr 30 2013</p>
-  </td>
-  <td width=145 valign=top style='width:108.8pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:20.1pt'>
-  <p class=MsoNormal>Chris Zimman</p>
-  </td>
-  <td width=297 valign=top style='width:223.0pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:20.1pt'>
-  <p class=MsoNormal>Initial import into OASIS template</p>
-  </td>
- </tr>
- <tr style='height:31.95pt'>
-  <td width=104 valign=top style='width:77.95pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>wd02</p>
-  </td>
-  <td width=97 valign=top style='width:72.55pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>July 7 2013</p>
-  </td>
-  <td width=145 valign=top style='width:108.8pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>Chris Zimman</p>
-  </td>
-  <td width=297 valign=top style='width:223.0pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>Move explanatory material to PKCS #11 Usage Guide v2.40
-  wd02</p>
-  </td>
- </tr>
- <tr style='height:20.1pt'>
-  <td width=104 valign=top style='width:77.95pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt;height:20.1pt'>
-  <p class=MsoNormal>wd03</p>
-  </td>
-  <td width=97 valign=top style='width:72.55pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:20.1pt'>
-  <p class=MsoNormal>Aug 16 2013</p>
-  </td>
-  <td width=145 valign=top style='width:108.8pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:20.1pt'>
-  <p class=MsoNormal>Chris Zimman</p>
-  </td>
-  <td width=297 valign=top style='width:223.0pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:20.1pt'>
-  <p class=MsoNormal>Incorporation of recent ballot items</p>
-  </td>
- </tr>
- <tr style='height:31.95pt'>
-  <td width=104 valign=top style='width:77.95pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>wd04</p>
-  </td>
-  <td width=97 valign=top style='width:72.55pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>Oct 1 2013</p>
-  </td>
-  <td width=145 valign=top style='width:108.8pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>Chris Zimman</p>
-  </td>
-  <td width=297 valign=top style='width:223.0pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>Incorporation of ballot items, prep for Committee
-  Specification Draft promotion</p>
-  </td>
- </tr>
- <tr style='height:43.8pt'>
-  <td width=104 valign=top style='width:77.95pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt;height:43.8pt'>
-  <p class=MsoNormal>wd05</p>
-  </td>
-  <td width=97 valign=top style='width:72.55pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:43.8pt'>
-  <p class=MsoNormal>Oct 7 2013</p>
-  </td>
-  <td width=145 valign=top style='width:108.8pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:43.8pt'>
-  <p class=MsoNormal>Chris Zimman</p>
-  </td>
-  <td width=297 valign=top style='width:223.0pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:43.8pt'>
-  <p class=MsoNormal>Typo correction and proof.  This is the candidate for promotion
-  to Committee Specification Draft.</p>
-  </td>
- </tr>
- <tr style='height:31.95pt'>
-  <td width=104 valign=top style='width:77.95pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>wd06</p>
-  </td>
-  <td width=97 valign=top style='width:72.55pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>Oct 27 2013</p>
-  </td>
-  <td width=145 valign=top style='width:108.8pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>Robert Griffin</p>
-  </td>
-  <td width=297 valign=top style='width:223.0pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>Final participant list and other editorial changes for
-  Committee Specification Draft</p>
-  </td>
- </tr>
- <tr style='height:31.95pt'>
-  <td width=104 valign=top style='width:77.95pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>csd01</p>
-  </td>
-  <td width=97 valign=top style='width:72.55pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>Oct 30 2013</p>
-  </td>
-  <td width=145 valign=top style='width:108.8pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>OASIS</p>
-  </td>
-  <td width=297 valign=top style='width:223.0pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>Committee Specification Draft</p>
-  </td>
- </tr>
- <tr style='height:31.95pt'>
-  <td width=104 valign=top style='width:77.95pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>wd07</p>
-  </td>
-  <td width=97 valign=top style='width:72.55pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>Feb 17 2014</p>
-  </td>
-  <td width=145 valign=top style='width:108.8pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>Chris Zimman</p>
-  </td>
-  <td width=297 valign=top style='width:223.0pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>Incorporation of comments and changes from public feedback
-  and review</p>
-  </td>
- </tr>
- <tr style='height:31.95pt'>
-  <td width=104 valign=top style='width:77.95pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>wd08</p>
-  </td>
-  <td width=97 valign=top style='width:72.55pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>Feb 27 2014</p>
-  </td>
-  <td width=145 valign=top style='width:108.8pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>Chris Zimman</p>
-  </td>
-  <td width=297 valign=top style='width:223.0pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>Incorporation of comments and changes from public feedback
-  and review</p>
-  </td>
- </tr>
- <tr style='height:31.95pt'>
-  <td width=104 valign=top style='width:77.95pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>csd02</p>
-  </td>
-  <td width=97 valign=top style='width:72.55pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>Apr 23 2014</p>
-  </td>
-  <td width=145 valign=top style='width:108.8pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>OASIS</p>
-  </td>
-  <td width=297 valign=top style='width:223.0pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>Committee Specification Draft</p>
-  </td>
- </tr>
- <tr style='height:31.95pt'>
-  <td width=104 valign=top style='width:77.95pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>wd09</p>
-  </td>
-  <td width=97 valign=top style='width:72.55pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>May 2 2014</p>
-  </td>
-  <td width=145 valign=top style='width:108.8pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>Chris Zimman</p>
-  </td>
-  <td width=297 valign=top style='width:223.0pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>Incorporated changes from PKCS 11 TC face-to-face meeting</p>
-  </td>
- </tr>
- <tr style='height:31.95pt'>
-  <td width=104 valign=top style='width:77.95pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>wd10</p>
-  </td>
-  <td width=97 valign=top style='width:72.55pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>Jul 2 2014</p>
-  </td>
-  <td width=145 valign=top style='width:108.8pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>Chris Zimman</p>
-  </td>
-  <td width=297 valign=top style='width:223.0pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>Corrected manifest constants</p>
-  </td>
- </tr>
- <tr style='height:31.95pt'>
-  <td width=104 valign=top style='width:77.95pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>csd03</p>
-  </td>
-  <td width=97 valign=top style='width:72.55pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>Jul 16 2014</p>
-  </td>
-  <td width=145 valign=top style='width:108.8pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>OASIS</p>
-  </td>
-  <td width=297 valign=top style='width:223.0pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>Committee Specification Draft</p>
-  </td>
- </tr>
- <tr style='height:31.95pt'>
-  <td width=104 valign=top style='width:77.95pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>csd03a</p>
-  </td>
-  <td width=97 valign=top style='width:72.55pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>Sep 3 2014</p>
-  </td>
-  <td width=145 valign=top style='width:108.8pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>Robert Griffin</p>
-  </td>
-  <td width=297 valign=top style='width:223.0pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>Updated revision history and participant list in
-  preparation for Committee Specification ballot</p>
-  </td>
- </tr>
- <tr style='height:31.95pt'>
-  <td width=104 valign=top style='width:77.95pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>wd11</p>
-  </td>
-  <td width=97 valign=top style='width:72.55pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>Nov 3 2014</p>
-  </td>
-  <td width=145 valign=top style='width:108.8pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>Robert Griffin</p>
-  </td>
-  <td width=297 valign=top style='width:223.0pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:31.95pt'>
-  <p class=MsoNormal>Editorial corrections</p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>&nbsp;</p>
-
-</div>
-
-</body>
-
-</html>
diff --git a/pkcs11-docs/pkcs11-v240-curr-mechs.html b/pkcs11-docs/pkcs11-v240-curr-mechs.html
deleted file mode 100644
index 837a22a..0000000
--- a/pkcs11-docs/pkcs11-v240-curr-mechs.html
+++ /dev/null
@@ -1,42903 +0,0 @@
-<html>
-
-<head>
-<base href="http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/errata01/os/pkcs11-curr-v2.40-errata01-os-complete.html">
-<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
-<meta name=Generator content="Microsoft Word 15 (filtered)">
-<title>PKCS #11 Cryptographic Token Interface Current Mechanisms Specification
-Version 2.40</title>
-<style>
-<!--
- /* Font Definitions */
- @font-face
-	{font-family:Helvetica;
-	panose-1:2 11 6 4 2 2 2 2 2 4;}
-@font-face
-	{font-family:Courier;
-	panose-1:2 7 4 9 2 2 5 2 4 4;}
-@font-face
-	{font-family:"Tms Rmn";
-	panose-1:2 2 6 3 4 5 5 2 3 4;}
-@font-face
-	{font-family:Helv;
-	panose-1:2 11 6 4 2 2 2 3 2 4;}
-@font-face
-	{font-family:"New York";
-	panose-1:2 4 5 3 6 5 6 2 3 4;}
-@font-face
-	{font-family:System;
-	panose-1:0 0 0 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:Wingdings;
-	panose-1:5 0 0 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"MS Mincho";
-	panose-1:2 2 6 9 4 2 5 8 3 4;}
-@font-face
-	{font-family:Batang;
-	panose-1:2 3 6 0 0 1 1 1 1 1;}
-@font-face
-	{font-family:SimSun;
-	panose-1:2 1 6 0 3 1 1 1 1 1;}
-@font-face
-	{font-family:PMingLiU;
-	panose-1:2 2 5 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"MS Gothic";
-	panose-1:2 11 6 9 7 2 5 8 2 4;}
-@font-face
-	{font-family:Dotum;
-	panose-1:2 11 6 0 0 1 1 1 1 1;}
-@font-face
-	{font-family:SimHei;
-	panose-1:2 1 6 9 6 1 1 1 1 1;}
-@font-face
-	{font-family:MingLiU;
-	panose-1:2 2 5 9 0 0 0 0 0 0;}
-@font-face
-	{font-family:Mincho;
-	panose-1:2 2 6 9 4 3 5 8 3 5;}
-@font-face
-	{font-family:Gulim;
-	panose-1:2 11 6 0 0 1 1 1 1 1;}
-@font-face
-	{font-family:Century;
-	panose-1:2 4 6 4 5 5 5 2 3 4;}
-@font-face
-	{font-family:"Angsana New";
-	panose-1:2 2 6 3 5 4 5 2 3 4;}
-@font-face
-	{font-family:"Cordia New";
-	panose-1:2 11 3 4 2 2 2 2 2 4;}
-@font-face
-	{font-family:Mangal;
-	panose-1:2 4 5 3 5 2 3 3 2 2;}
-@font-face
-	{font-family:Latha;
-	panose-1:2 11 6 4 2 2 2 2 2 4;}
-@font-face
-	{font-family:Sylfaen;
-	panose-1:1 10 5 2 5 3 6 3 3 3;}
-@font-face
-	{font-family:Vrinda;
-	panose-1:2 11 5 2 4 2 4 2 2 3;}
-@font-face
-	{font-family:Raavi;
-	panose-1:2 11 5 2 4 2 4 2 2 3;}
-@font-face
-	{font-family:Shruti;
-	panose-1:2 11 5 2 4 2 4 2 2 3;}
-@font-face
-	{font-family:Sendnya;
-	panose-1:0 0 4 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:Gautami;
-	panose-1:2 11 5 2 4 2 4 2 2 3;}
-@font-face
-	{font-family:Tunga;
-	panose-1:2 11 5 2 4 2 4 2 2 3;}
-@font-face
-	{font-family:"Estrangelo Edessa";
-	panose-1:3 8 6 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"Cambria Math";
-	panose-1:2 4 5 3 5 4 6 3 2 4;}
-@font-face
-	{font-family:"Yu Gothic";
-	panose-1:2 11 4 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:DengXian;
-	panose-1:2 1 6 0 3 1 1 1 1 1;}
-@font-face
-	{font-family:"Arial Unicode MS";
-	panose-1:2 11 6 4 2 2 2 2 2 4;}
-@font-face
-	{font-family:"Calibri Light";
-	panose-1:2 15 3 2 2 2 4 3 2 4;}
-@font-face
-	{font-family:Calibri;
-	panose-1:2 15 5 2 2 2 4 3 2 4;}
-@font-face
-	{font-family:Cambria;
-	panose-1:2 4 5 3 5 4 6 3 2 4;}
-@font-face
-	{font-family:Tahoma;
-	panose-1:2 11 6 4 3 5 4 4 2 4;}
-@font-face
-	{font-family:Times;
-	panose-1:2 2 6 3 5 4 5 2 3 4;}
-@font-face
-	{font-family:Palatino;
-	panose-1:2 4 5 2 5 5 5 3 3 4;}
-@font-face
-	{font-family:"TimesNewRoman\,Bold";
-	panose-1:0 0 0 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:TimesNewRoman;
-	panose-1:0 0 0 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"TimesNewRoman\,Italic";
-	panose-1:0 0 0 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:OpenSymbol;
-	panose-1:5 1 0 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:MingLiU-ExtB;
-	panose-1:2 2 5 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"Courier Std";
-	panose-1:2 7 4 9 2 2 5 2 4 4;}
-@font-face
-	{font-family:"Minion Pro";
-	panose-1:2 4 5 3 5 3 6 2 2 3;}
-@font-face
-	{font-family:"Myriad Pro";
-	panose-1:2 11 5 3 3 4 3 2 2 4;}
-@font-face
-	{font-family:"Symbol Std";
-	panose-1:5 2 1 2 1 0 0 0 0 0;}
-@font-face
-	{font-family:Marlett;
-	panose-1:0 0 0 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"Arial Black";
-	panose-1:2 11 10 4 2 1 2 2 2 4;}
-@font-face
-	{font-family:Candara;
-	panose-1:2 14 5 2 3 3 3 2 2 4;}
-@font-face
-	{font-family:"Comic Sans MS";
-	panose-1:3 15 7 2 3 3 2 2 2 4;}
-@font-face
-	{font-family:Consolas;
-	panose-1:2 11 6 9 2 2 4 3 2 4;}
-@font-face
-	{font-family:Constantia;
-	panose-1:2 3 6 2 5 3 6 3 3 3;}
-@font-face
-	{font-family:Corbel;
-	panose-1:2 11 5 3 2 2 4 2 2 4;}
-@font-face
-	{font-family:Ebrima;
-	panose-1:2 0 0 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"Franklin Gothic Medium";
-	panose-1:2 11 6 3 2 1 2 2 2 4;}
-@font-face
-	{font-family:Gabriola;
-	panose-1:4 4 6 5 5 16 2 2 13 2;}
-@font-face
-	{font-family:Gadugi;
-	panose-1:2 11 5 2 4 2 4 2 2 3;}
-@font-face
-	{font-family:Georgia;
-	panose-1:2 4 5 2 5 4 5 2 3 3;}
-@font-face
-	{font-family:Impact;
-	panose-1:2 11 8 6 3 9 2 5 2 4;}
-@font-face
-	{font-family:"Javanese Text";
-	panose-1:2 0 0 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"Leelawadee UI";
-	panose-1:2 11 5 2 4 2 4 2 2 3;}
-@font-face
-	{font-family:"Leelawadee UI Semilight";
-	panose-1:2 11 4 2 4 2 4 2 2 3;}
-@font-face
-	{font-family:"Lucida Console";
-	panose-1:2 11 6 9 4 5 4 2 2 4;}
-@font-face
-	{font-family:"Lucida Sans Unicode";
-	panose-1:2 11 6 2 3 5 4 2 2 4;}
-@font-face
-	{font-family:"Malgun Gothic";
-	panose-1:2 11 5 3 2 0 0 2 0 4;}
-@font-face
-	{font-family:"\@Malgun Gothic";
-	panose-1:2 11 5 3 2 0 0 2 0 4;}
-@font-face
-	{font-family:"Malgun Gothic Semilight";
-	panose-1:2 11 5 2 4 2 4 2 2 3;}
-@font-face
-	{font-family:"\@Malgun Gothic Semilight";
-	panose-1:2 11 5 2 4 2 4 2 2 3;}
-@font-face
-	{font-family:"Microsoft Himalaya";
-	panose-1:1 1 1 0 1 1 1 1 1 1;}
-@font-face
-	{font-family:"Microsoft JhengHei";
-	panose-1:2 11 6 4 3 5 4 4 2 4;}
-@font-face
-	{font-family:"\@Microsoft JhengHei";
-	panose-1:2 11 6 4 3 5 4 4 2 4;}
-@font-face
-	{font-family:"Microsoft JhengHei UI";
-	panose-1:2 11 6 4 3 5 4 4 2 4;}
-@font-face
-	{font-family:"\@Microsoft JhengHei UI";
-	panose-1:2 11 6 4 3 5 4 4 2 4;}
-@font-face
-	{font-family:"Microsoft JhengHei Light";
-	panose-1:2 11 3 4 3 5 4 4 2 4;}
-@font-face
-	{font-family:"\@Microsoft JhengHei Light";
-	panose-1:2 11 3 4 3 5 4 4 2 4;}
-@font-face
-	{font-family:"Microsoft JhengHei UI Light";
-	panose-1:2 11 3 4 3 5 4 4 2 4;}
-@font-face
-	{font-family:"\@Microsoft JhengHei UI Light";
-	panose-1:2 11 3 4 3 5 4 4 2 4;}
-@font-face
-	{font-family:"Microsoft New Tai Lue";
-	panose-1:2 11 5 2 4 2 4 2 2 3;}
-@font-face
-	{font-family:"Microsoft PhagsPa";
-	panose-1:2 11 5 2 4 2 4 2 2 3;}
-@font-face
-	{font-family:"Microsoft Sans Serif";
-	panose-1:2 11 6 4 2 2 2 2 2 4;}
-@font-face
-	{font-family:"Microsoft Tai Le";
-	panose-1:2 11 5 2 4 2 4 2 2 3;}
-@font-face
-	{font-family:"Microsoft YaHei";
-	panose-1:2 11 5 3 2 2 4 2 2 4;}
-@font-face
-	{font-family:"\@Microsoft YaHei";
-	panose-1:2 11 5 3 2 2 4 2 2 4;}
-@font-face
-	{font-family:"Microsoft YaHei UI";
-	panose-1:2 11 5 3 2 2 4 2 2 4;}
-@font-face
-	{font-family:"\@Microsoft YaHei UI";
-	panose-1:2 11 5 3 2 2 4 2 2 4;}
-@font-face
-	{font-family:"Microsoft YaHei Light";
-	panose-1:2 11 5 2 4 2 4 2 2 3;}
-@font-face
-	{font-family:"\@Microsoft YaHei Light";
-	panose-1:2 11 5 2 4 2 4 2 2 3;}
-@font-face
-	{font-family:"Microsoft YaHei UI Light";
-	panose-1:2 11 5 2 4 2 4 2 2 3;}
-@font-face
-	{font-family:"\@Microsoft YaHei UI Light";
-	panose-1:2 11 5 2 4 2 4 2 2 3;}
-@font-face
-	{font-family:"Microsoft Yi Baiti";
-	panose-1:3 0 5 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"\@MingLiU-ExtB";
-	panose-1:2 2 5 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:PMingLiU-ExtB;
-	panose-1:2 2 5 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"\@PMingLiU-ExtB";
-	panose-1:2 2 5 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:MingLiU_HKSCS-ExtB;
-	panose-1:2 2 5 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"\@MingLiU_HKSCS-ExtB";
-	panose-1:2 2 5 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"Mongolian Baiti";
-	panose-1:3 0 5 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"MV Boli";
-	panose-1:2 0 5 0 3 2 0 9 0 0;}
-@font-face
-	{font-family:"Myanmar Text";
-	panose-1:2 11 5 2 4 2 4 2 2 3;}
-@font-face
-	{font-family:"Nirmala UI";
-	panose-1:2 11 5 2 4 2 4 2 2 3;}
-@font-face
-	{font-family:"Nirmala UI Semilight";
-	panose-1:2 11 4 2 4 2 4 2 2 3;}
-@font-face
-	{font-family:"Palatino Linotype";
-	panose-1:2 4 5 2 5 5 5 3 3 4;}
-@font-face
-	{font-family:"Segoe MDL2 Assets";
-	panose-1:5 10 1 2 1 1 1 1 1 1;}
-@font-face
-	{font-family:"Segoe Print";
-	panose-1:2 0 6 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"Segoe Script";
-	panose-1:3 11 5 4 2 0 0 0 0 3;}
-@font-face
-	{font-family:"Segoe UI";
-	panose-1:2 11 5 2 4 2 4 2 2 3;}
-@font-face
-	{font-family:"Segoe UI Black";
-	panose-1:2 11 10 2 4 2 4 2 2 3;}
-@font-face
-	{font-family:"Segoe UI Emoji";
-	panose-1:2 11 5 2 4 2 4 2 2 3;}
-@font-face
-	{font-family:"Segoe UI Historic";
-	panose-1:2 11 5 2 4 2 4 2 2 3;}
-@font-face
-	{font-family:"Segoe UI Light";
-	panose-1:2 11 5 2 4 2 4 2 2 3;}
-@font-face
-	{font-family:"Segoe UI Semibold";
-	panose-1:2 11 7 2 4 2 4 2 2 3;}
-@font-face
-	{font-family:"Segoe UI Semilight";
-	panose-1:2 11 4 2 4 2 4 2 2 3;}
-@font-face
-	{font-family:"Segoe UI Symbol";
-	panose-1:2 11 5 2 4 2 4 2 2 3;}
-@font-face
-	{font-family:"\@SimSun";
-	panose-1:2 1 6 0 3 1 1 1 1 1;}
-@font-face
-	{font-family:NSimSun;
-	panose-1:2 1 6 9 3 1 1 1 1 1;}
-@font-face
-	{font-family:"\@NSimSun";
-	panose-1:2 1 6 9 3 1 1 1 1 1;}
-@font-face
-	{font-family:SimSun-ExtB;
-	panose-1:2 1 6 9 6 1 1 1 1 1;}
-@font-face
-	{font-family:"\@SimSun-ExtB";
-	panose-1:2 1 6 9 6 1 1 1 1 1;}
-@font-face
-	{font-family:"Sitka Small";
-	panose-1:2 0 5 5 0 0 0 2 0 4;}
-@font-face
-	{font-family:"Sitka Text";
-	panose-1:2 0 5 5 0 0 0 2 0 4;}
-@font-face
-	{font-family:"Sitka Subheading";
-	panose-1:2 0 5 5 0 0 0 2 0 4;}
-@font-face
-	{font-family:"Sitka Heading";
-	panose-1:2 0 5 5 0 0 0 2 0 4;}
-@font-face
-	{font-family:"Sitka Display";
-	panose-1:2 0 5 5 0 0 0 2 0 4;}
-@font-face
-	{font-family:"Sitka Banner";
-	panose-1:2 0 5 5 0 0 0 2 0 4;}
-@font-face
-	{font-family:"Trebuchet MS";
-	panose-1:2 11 6 3 2 2 2 2 2 4;}
-@font-face
-	{font-family:Verdana;
-	panose-1:2 11 6 4 3 5 4 4 2 4;}
-@font-face
-	{font-family:Webdings;
-	panose-1:5 3 1 2 1 5 9 6 7 3;}
-@font-face
-	{font-family:"\@Yu Gothic";
-	panose-1:2 11 4 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"Yu Gothic UI";
-	panose-1:2 11 5 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"\@Yu Gothic UI";
-	panose-1:2 11 5 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"Yu Gothic UI Semibold";
-	panose-1:2 11 7 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"\@Yu Gothic UI Semibold";
-	panose-1:2 11 7 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"Yu Gothic Light";
-	panose-1:2 11 3 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"\@Yu Gothic Light";
-	panose-1:2 11 3 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"Yu Gothic UI Light";
-	panose-1:2 11 3 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"\@Yu Gothic UI Light";
-	panose-1:2 11 3 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"Yu Gothic Medium";
-	panose-1:2 11 5 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"\@Yu Gothic Medium";
-	panose-1:2 11 5 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"Yu Gothic UI Semilight";
-	panose-1:2 11 4 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"\@Yu Gothic UI Semilight";
-	panose-1:2 11 4 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"AR BERKLEY";
-	panose-1:2 0 0 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"AR BLANCA";
-	panose-1:2 0 0 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"AR BONNIE";
-	panose-1:2 0 0 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"AR CARTER";
-	panose-1:2 0 0 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"AR CENA";
-	panose-1:2 0 0 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"AR CHRISTY";
-	panose-1:2 0 0 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"AR DARLING";
-	panose-1:2 0 0 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"AR DECODE";
-	panose-1:2 0 0 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"AR DELANEY";
-	panose-1:2 0 0 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"AR DESTINE";
-	panose-1:2 0 0 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"AR ESSENCE";
-	panose-1:2 0 0 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"AR HERMANN";
-	panose-1:2 0 0 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"AR JULIAN";
-	panose-1:2 0 0 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"MT Extra";
-	panose-1:5 5 1 2 1 2 5 2 2 2;}
-@font-face
-	{font-family:"\@Arial Unicode MS";
-	panose-1:2 11 6 4 2 2 2 2 2 4;}
-@font-face
-	{font-family:"Wingdings 2";
-	panose-1:5 2 1 2 1 5 7 7 7 7;}
-@font-face
-	{font-family:"Wingdings 3";
-	panose-1:5 4 1 2 1 8 7 7 7 7;}
-@font-face
-	{font-family:"Book Antiqua";
-	panose-1:2 4 6 2 5 3 5 3 3 4;}
-@font-face
-	{font-family:"Century Gothic";
-	panose-1:2 11 5 2 2 2 2 2 2 4;}
-@font-face
-	{font-family:Garamond;
-	panose-1:2 2 4 4 3 3 1 1 8 3;}
-@font-face
-	{font-family:"Monotype Corsiva";
-	panose-1:3 1 1 1 1 2 1 1 1 1;}
-@font-face
-	{font-family:Algerian;
-	panose-1:4 2 7 5 4 10 2 6 7 2;}
-@font-face
-	{font-family:"Baskerville Old Face";
-	panose-1:2 2 6 2 8 5 5 2 3 3;}
-@font-face
-	{font-family:"Bauhaus 93";
-	panose-1:4 3 9 5 2 11 2 2 12 2;}
-@font-face
-	{font-family:"Bell MT";
-	panose-1:2 2 5 3 6 3 5 2 3 3;}
-@font-face
-	{font-family:"Berlin Sans FB";
-	panose-1:2 14 6 2 2 5 2 2 3 6;}
-@font-face
-	{font-family:"Bernard MT Condensed";
-	panose-1:2 5 8 6 6 9 5 2 4 4;}
-@font-face
-	{font-family:"Bodoni MT Poster Compressed";
-	panose-1:2 7 7 6 8 6 1 5 2 4;}
-@font-face
-	{font-family:"Britannic Bold";
-	panose-1:2 11 9 3 6 7 3 2 2 4;}
-@font-face
-	{font-family:Broadway;
-	panose-1:4 4 9 5 8 11 2 2 5 2;}
-@font-face
-	{font-family:"Brush Script MT";
-	panose-1:3 6 8 2 4 4 6 7 3 4;}
-@font-face
-	{font-family:"Californian FB";
-	panose-1:2 7 4 3 6 8 11 3 2 4;}
-@font-face
-	{font-family:Centaur;
-	panose-1:2 3 5 4 5 2 5 2 3 4;}
-@font-face
-	{font-family:Chiller;
-	panose-1:4 2 4 4 3 16 7 2 6 2;}
-@font-face
-	{font-family:"Colonna MT";
-	panose-1:4 2 8 5 6 2 2 3 2 3;}
-@font-face
-	{font-family:"Cooper Black";
-	panose-1:2 8 9 4 4 3 11 2 4 4;}
-@font-face
-	{font-family:"Footlight MT Light";
-	panose-1:2 4 6 2 6 3 10 2 3 4;}
-@font-face
-	{font-family:"Freestyle Script";
-	panose-1:3 8 4 2 3 2 5 11 4 4;}
-@font-face
-	{font-family:"Harlow Solid Italic";
-	panose-1:4 3 6 4 2 15 2 2 13 2;}
-@font-face
-	{font-family:Harrington;
-	panose-1:4 4 5 5 5 10 2 2 7 2;}
-@font-face
-	{font-family:"High Tower Text";
-	panose-1:2 4 5 2 5 5 6 3 3 3;}
-@font-face
-	{font-family:Jokerman;
-	panose-1:4 9 6 5 6 13 6 2 7 2;}
-@font-face
-	{font-family:"Juice ITC";
-	panose-1:4 4 4 3 4 10 2 2 2 2;}
-@font-face
-	{font-family:"Kristen ITC";
-	panose-1:3 5 5 2 4 2 2 3 2 2;}
-@font-face
-	{font-family:"Kunstler Script";
-	panose-1:3 3 4 2 2 6 7 13 13 6;}
-@font-face
-	{font-family:"Lucida Bright";
-	panose-1:2 4 6 2 5 5 5 2 3 4;}
-@font-face
-	{font-family:"Lucida Calligraphy";
-	panose-1:3 1 1 1 1 1 1 1 1 1;}
-@font-face
-	{font-family:"Lucida Fax";
-	panose-1:2 6 6 2 5 5 5 2 2 4;}
-@font-face
-	{font-family:"Lucida Handwriting";
-	panose-1:3 1 1 1 1 1 1 1 1 1;}
-@font-face
-	{font-family:Magneto;
-	panose-1:4 3 8 5 5 8 2 2 13 2;}
-@font-face
-	{font-family:"Matura MT Script Capitals";
-	panose-1:3 2 8 2 6 6 2 7 2 2;}
-@font-face
-	{font-family:Mistral;
-	panose-1:3 9 7 2 3 4 7 2 4 3;}
-@font-face
-	{font-family:"Modern No\. 20";
-	panose-1:2 7 7 4 7 5 5 2 3 3;}
-@font-face
-	{font-family:"Niagara Engraved";
-	panose-1:4 2 5 2 7 7 3 3 2 2;}
-@font-face
-	{font-family:"Niagara Solid";
-	panose-1:4 2 5 2 7 7 2 2 2 2;}
-@font-face
-	{font-family:"Old English Text MT";
-	panose-1:3 4 9 2 4 5 8 3 8 6;}
-@font-face
-	{font-family:Onyx;
-	panose-1:4 5 6 2 8 7 2 2 2 3;}
-@font-face
-	{font-family:Parchment;
-	panose-1:3 4 6 2 4 7 8 4 8 4;}
-@font-face
-	{font-family:Playbill;
-	panose-1:4 5 6 3 10 6 2 2 2 2;}
-@font-face
-	{font-family:"Poor Richard";
-	panose-1:2 8 5 2 5 5 5 2 7 2;}
-@font-face
-	{font-family:Ravie;
-	panose-1:4 4 8 5 5 8 9 2 6 2;}
-@font-face
-	{font-family:"Informal Roman";
-	panose-1:3 6 4 2 3 4 6 11 2 4;}
-@font-face
-	{font-family:"Showcard Gothic";
-	panose-1:4 2 9 4 2 1 2 2 6 4;}
-@font-face
-	{font-family:"Snap ITC";
-	panose-1:4 4 10 7 6 10 2 2 2 2;}
-@font-face
-	{font-family:Stencil;
-	panose-1:4 4 9 5 13 8 2 2 4 4;}
-@font-face
-	{font-family:"Tempus Sans ITC";
-	panose-1:4 2 4 4 3 13 7 2 2 2;}
-@font-face
-	{font-family:"Viner Hand ITC";
-	panose-1:3 7 5 2 3 5 2 2 2 3;}
-@font-face
-	{font-family:Vivaldi;
-	panose-1:3 2 6 2 5 5 6 9 8 4;}
-@font-face
-	{font-family:"Vladimir Script";
-	panose-1:3 5 4 2 4 4 7 7 3 5;}
-@font-face
-	{font-family:"Wide Latin";
-	panose-1:2 10 10 7 5 5 5 2 4 4;}
-@font-face
-	{font-family:Pristina;
-	panose-1:3 6 4 2 4 4 6 8 2 4;}
-@font-face
-	{font-family:Papyrus;
-	panose-1:3 7 5 2 6 5 2 3 2 5;}
-@font-face
-	{font-family:"French Script MT";
-	panose-1:3 2 4 2 4 6 7 4 6 5;}
-@font-face
-	{font-family:"Bradley Hand ITC";
-	panose-1:3 7 4 2 5 3 2 3 2 3;}
-@font-face
-	{font-family:"Bookman Old Style";
-	panose-1:2 5 6 4 5 5 5 2 2 4;}
-@font-face
-	{font-family:"Bookshelf Symbol 7";
-	panose-1:5 1 1 1 1 1 1 1 1 1;}
-@font-face
-	{font-family:"MS Reference Sans Serif";
-	panose-1:2 11 6 4 3 5 4 4 2 4;}
-@font-face
-	{font-family:"MS Reference Specialty";
-	panose-1:5 0 5 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"Berlin Sans FB Demi";
-	panose-1:2 14 8 2 2 5 2 2 3 6;}
-@font-face
-	{font-family:"Arial Narrow";
-	panose-1:2 11 6 6 2 2 2 3 2 4;}
-@font-face
-	{font-family:"Albertus Medium";
-	panose-1:2 14 6 2 3 3 4 2 3 4;}
-@font-face
-	{font-family:Albertus;
-	panose-1:2 14 7 2 4 3 4 2 2 4;}
-@font-face
-	{font-family:"Albertus Extra Bold";
-	panose-1:2 14 8 2 4 3 4 2 2 4;}
-@font-face
-	{font-family:"ITC Avant Garde Gothic";
-	panose-1:2 11 6 2 2 2 2 2 2 4;}
-@font-face
-	{font-family:"ITC Avant Garde Gothic Demi";
-	panose-1:2 11 8 2 2 2 2 2 2 4;}
-@font-face
-	{font-family:"ITC Bookman Light";
-	panose-1:2 5 6 4 5 5 5 2 2 4;}
-@font-face
-	{font-family:"ITC Bookman Demi";
-	panose-1:2 5 8 4 4 5 5 2 2 4;}
-@font-face
-	{font-family:"CG Omega";
-	panose-1:2 11 5 2 5 5 8 2 3 4;}
-@font-face
-	{font-family:"CG Times";
-	panose-1:2 2 6 3 5 4 5 2 3 4;}
-@font-face
-	{font-family:"ITC Zapf Chancery";
-	panose-1:3 2 7 2 4 4 3 8 8 4;}
-@font-face
-	{font-family:Clarendon;
-	panose-1:2 4 6 4 4 5 5 2 2 4;}
-@font-face
-	{font-family:"Clarendon Condensed";
-	panose-1:2 4 7 6 4 7 5 4 2 4;}
-@font-face
-	{font-family:"Clarendon Extended";
-	panose-1:2 4 8 5 5 5 5 2 2 4;}
-@font-face
-	{font-family:Coronet;
-	panose-1:3 3 5 2 4 4 6 7 6 5;}
-@font-face
-	{font-family:CourierPS;
-	panose-1:2 7 6 9 2 2 5 2 4 4;}
-@font-face
-	{font-family:"ITC Zapf Dingbats";
-	panose-1:5 2 1 2 1 7 4 2 6 9;}
-@font-face
-	{font-family:"Helvetica Narrow";
-	panose-1:2 11 6 6 2 2 2 3 2 4;}
-@font-face
-	{font-family:"Letter Gothic";
-	panose-1:2 11 4 9 2 2 2 3 2 4;}
-@font-face
-	{font-family:Marigold;
-	panose-1:3 2 7 2 4 4 2 2 5 4;}
-@font-face
-	{font-family:"New Century Schoolbook";
-	panose-1:2 4 6 3 5 7 5 2 3 4;}
-@font-face
-	{font-family:"Antique Olive";
-	panose-1:2 11 6 3 2 2 4 3 2 4;}
-@font-face
-	{font-family:"Antique Olive Compact";
-	panose-1:2 11 9 4 3 5 4 3 2 4;}
-@font-face
-	{font-family:SymbolPS;
-	panose-1:5 5 1 2 1 6 7 2 6 7;}
-@font-face
-	{font-family:Univers;
-	panose-1:2 11 6 3 2 2 2 3 2 4;}
-@font-face
-	{font-family:"Univers Condensed";
-	panose-1:2 11 6 6 2 2 2 6 2 4;}
-@font-face
-	{font-family:Arimo;
-	panose-1:2 11 6 4 2 2 2 2 2 4;}
-@font-face
-	{font-family:"Gentium Basic";
-	panose-1:2 0 5 3 6 0 0 2 0 4;}
-@font-face
-	{font-family:"Gentium Book Basic";
-	panose-1:2 0 5 3 6 0 0 2 0 4;}
-@font-face
-	{font-family:"Liberation Sans Narrow";
-	panose-1:2 11 6 6 2 2 2 3 2 4;}
-@font-face
-	{font-family:"Linux Biolinum G";
-	panose-1:2 0 5 3 0 0 0 0 0 0;}
-@font-face
-	{font-family:"Open Sans";
-	panose-1:2 11 6 6 3 5 4 2 2 4;}
-@font-face
-	{font-family:"Source Sans Pro Black";
-	panose-1:2 11 8 3 3 4 3 2 2 4;}
-@font-face
-	{font-family:"Liberation Mono";
-	panose-1:2 7 4 9 2 2 5 2 4 4;}
-@font-face
-	{font-family:"DejaVu Sans";
-	panose-1:2 11 6 3 3 8 4 2 2 4;}
-@font-face
-	{font-family:"PT Serif";
-	panose-1:2 10 6 3 4 5 5 2 2 4;}
-@font-face
-	{font-family:"Source Code Pro";
-	panose-1:2 11 5 9 3 4 3 2 2 4;}
-@font-face
-	{font-family:Caladea;
-	panose-1:2 4 5 3 5 4 6 3 2 4;}
-@font-face
-	{font-family:"DejaVu Sans Light";
-	panose-1:2 11 2 3 3 8 4 2 2 4;}
-@font-face
-	{font-family:"DejaVu Sans Condensed";
-	panose-1:2 11 6 6 3 8 4 2 2 4;}
-@font-face
-	{font-family:"DejaVu Sans Mono";
-	panose-1:2 11 6 9 3 8 4 2 2 4;}
-@font-face
-	{font-family:"DejaVu Serif";
-	panose-1:2 6 6 3 5 6 5 2 2 4;}
-@font-face
-	{font-family:"DejaVu Serif Condensed";
-	panose-1:2 6 6 6 5 6 5 2 2 4;}
-@font-face
-	{font-family:"Liberation Sans";
-	panose-1:2 11 6 4 2 2 2 2 2 4;}
-@font-face
-	{font-family:"Liberation Serif";
-	panose-1:2 2 6 3 5 4 5 2 3 4;}
-@font-face
-	{font-family:"Linux Libertine Display G";
-	panose-1:2 0 5 3 0 0 0 0 0 0;}
-@font-face
-	{font-family:"Linux Libertine G";
-	panose-1:2 0 5 3 0 0 0 0 0 0;}
-@font-face
-	{font-family:"Source Sans Pro";
-	panose-1:2 11 5 3 3 4 3 2 2 4;}
-@font-face
-	{font-family:"Source Sans Pro ExtraLight";
-	panose-1:2 11 3 3 3 4 3 2 2 4;}
-@font-face
-	{font-family:"Source Sans Pro Light";
-	panose-1:2 11 4 3 3 4 3 2 2 4;}
-@font-face
-	{font-family:"Source Sans Pro Semibold";
-	panose-1:2 11 6 3 3 4 3 2 2 4;}
-@font-face
-	{font-family:"\@MS Gothic";
-	panose-1:2 11 6 9 7 2 5 8 2 4;}
-@font-face
-	{font-family:"MS UI Gothic";
-	panose-1:2 11 6 0 7 2 5 8 2 4;}
-@font-face
-	{font-family:"\@MS UI Gothic";
-	panose-1:2 11 6 0 7 2 5 8 2 4;}
-@font-face
-	{font-family:"MS PGothic";
-	panose-1:2 11 6 0 7 2 5 8 2 4;}
-@font-face
-	{font-family:"\@MS PGothic";
-	panose-1:2 11 6 0 7 2 5 8 2 4;}
-@font-face
-	{font-family:Leelawadee;
-	panose-1:2 11 5 2 4 2 4 2 2 3;}
-@font-face
-	{font-family:"Microsoft Uighur";
-	panose-1:2 0 0 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"\@PMingLiU";
-	panose-1:2 2 5 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"\@MS Mincho";
-	panose-1:2 2 6 9 4 2 5 8 3 4;}
- /* Style Definitions */
- p.MsoNormal, li.MsoNormal, div.MsoNormal
-	{margin-top:4.0pt;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:0in;
-	font-size:10.0pt;
-	font-family:"Arial",sans-serif;}
-h1
-	{mso-style-name:"Heading 1\,h1\,Level 1 Topic Heading";
-	mso-style-link:"Heading 1 Char\,h1 Char1\,Level 1 Topic Heading Char1";
-	margin-top:24.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:.3in;
-	text-indent:-.3in;
-	page-break-before:always;
-	page-break-after:avoid;
-	border:none;
-	padding:0in;
-	font-size:18.0pt;
-	font-family:"Arial",sans-serif;
-	color:#3B006F;
-	font-weight:bold;}
-h2
-	{mso-style-name:"Heading 2\,H2\,h2\,Level 2 Topic Heading";
-	mso-style-link:"Heading 2 Char\,H2 Char1\,h2 Char1\,Level 2 Topic Heading Char1";
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:.4in;
-	text-indent:-.4in;
-	page-break-after:avoid;
-	font-size:14.0pt;
-	font-family:"Arial",sans-serif;
-	color:#3B006F;
-	font-weight:bold;}
-h3
-	{mso-style-name:"Heading 3\,H3\,h3\,Level 3 Topic Heading";
-	mso-style-link:"Heading 3 Char\,H3 Char\,h3 Char\,Level 3 Topic Heading Char";
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:.5in;
-	text-indent:-.5in;
-	page-break-after:avoid;
-	font-size:13.0pt;
-	font-family:"Arial",sans-serif;
-	color:#3B006F;
-	font-weight:bold;}
-h4
-	{mso-style-name:"Heading 4\,H4\,h4\,First Subheading";
-	mso-style-link:"Heading 4 Char\,H4 Char1\,h4 Char1\,First Subheading Char1";
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:.6in;
-	text-indent:-.6in;
-	page-break-after:avoid;
-	font-size:12.0pt;
-	font-family:"Arial",sans-serif;
-	color:#3B006F;
-	font-weight:bold;}
-h5
-	{mso-style-name:"Heading 5\,h5\,Second Subheading";
-	mso-style-link:"Heading 5 Char\,h5 Char1\,Second Subheading Char1";
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:.7in;
-	text-indent:-.7in;
-	page-break-after:avoid;
-	font-size:12.0pt;
-	font-family:"Arial",sans-serif;
-	color:#3B006F;
-	font-weight:bold;}
-h6
-	{mso-style-name:"Heading 6\,h6\,Third Subheading";
-	mso-style-link:"Heading 6 Char\,h6 Char1\,Third Subheading Char1";
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:.8in;
-	text-indent:-.8in;
-	page-break-after:avoid;
-	font-size:11.0pt;
-	font-family:"Arial",sans-serif;
-	color:#3B006F;
-	font-weight:bold;}
-p.MsoHeading7, li.MsoHeading7, div.MsoHeading7
-	{mso-style-name:"Heading 7\,DON\0027T USE 7";
-	mso-style-link:"Heading 7 Char\,DON\0027T USE 7 Char1";
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:.9in;
-	text-indent:-.9in;
-	page-break-after:avoid;
-	font-size:11.0pt;
-	font-family:"Arial",sans-serif;
-	color:#3B006F;
-	font-weight:bold;}
-p.MsoHeading8, li.MsoHeading8, div.MsoHeading8
-	{mso-style-name:"Heading 8\,DON\0027T USE 8";
-	mso-style-link:"Heading 8 Char\,DON\0027T USE 8 Char1";
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:1.0in;
-	text-indent:-1.0in;
-	page-break-after:avoid;
-	font-size:11.0pt;
-	font-family:"Arial",sans-serif;
-	color:#3B006F;
-	font-weight:bold;
-	font-style:italic;}
-p.MsoHeading9, li.MsoHeading9, div.MsoHeading9
-	{mso-style-name:"Heading 9\,DON\0027T USE 9";
-	mso-style-link:"Heading 9 Char\,DON\0027T USE 9 Char1";
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:1.1in;
-	text-indent:-1.1in;
-	page-break-after:avoid;
-	font-size:11.0pt;
-	font-family:"Arial",sans-serif;
-	color:#3B006F;
-	font-weight:bold;
-	font-style:italic;}
-p.MsoIndex1, li.MsoIndex1, div.MsoIndex1
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:2.0in;
-	margin-bottom:.0001pt;
-	text-align:justify;
-	text-indent:-.25in;
-	page-break-after:avoid;
-	font-size:10.0pt;
-	font-family:"Arial",sans-serif;
-	font-weight:bold;}
-p.MsoIndex2, li.MsoIndex2, div.MsoIndex2
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:.25in;
-	text-align:justify;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;}
-p.MsoIndex3, li.MsoIndex3, div.MsoIndex3
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	text-align:justify;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;}
-p.MsoIndex4, li.MsoIndex4, div.MsoIndex4
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:.75in;
-	text-align:justify;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;}
-p.MsoIndex5, li.MsoIndex5, div.MsoIndex5
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:1.0in;
-	text-align:justify;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;}
-p.MsoIndex6, li.MsoIndex6, div.MsoIndex6
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:1.25in;
-	text-align:justify;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;}
-p.MsoIndex7, li.MsoIndex7, div.MsoIndex7
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:1.5in;
-	text-align:justify;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;}
-p.MsoToc1, li.MsoToc1, div.MsoToc1
-	{margin-top:3.0pt;
-	margin-right:0in;
-	margin-bottom:3.0pt;
-	margin-left:0in;
-	font-size:10.0pt;
-	font-family:"Arial",sans-serif;}
-p.MsoToc2, li.MsoToc2, div.MsoToc2
-	{margin-top:3.0pt;
-	margin-right:0in;
-	margin-bottom:3.0pt;
-	margin-left:12.0pt;
-	font-size:10.0pt;
-	font-family:"Arial",sans-serif;}
-p.MsoToc3, li.MsoToc3, div.MsoToc3
-	{margin-top:3.0pt;
-	margin-right:0in;
-	margin-bottom:3.0pt;
-	margin-left:24.0pt;
-	font-size:10.0pt;
-	font-family:"Arial",sans-serif;}
-p.MsoToc4, li.MsoToc4, div.MsoToc4
-	{margin-top:3.0pt;
-	margin-right:0in;
-	margin-bottom:3.0pt;
-	margin-left:.5in;
-	font-size:9.0pt;
-	font-family:"Arial",sans-serif;}
-p.MsoToc5, li.MsoToc5, div.MsoToc5
-	{margin-top:3.0pt;
-	margin-right:0in;
-	margin-bottom:3.0pt;
-	margin-left:48.0pt;
-	font-size:9.0pt;
-	font-family:"Arial",sans-serif;}
-p.MsoToc6, li.MsoToc6, div.MsoToc6
-	{margin-top:4.0pt;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:60.0pt;
-	font-size:9.0pt;
-	font-family:"Arial",sans-serif;}
-p.MsoToc7, li.MsoToc7, div.MsoToc7
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:1.0in;
-	font-size:10.0pt;
-	font-family:"Arial",sans-serif;}
-p.MsoToc8, li.MsoToc8, div.MsoToc8
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:70.0pt;
-	margin-bottom:.0001pt;
-	font-size:10.0pt;
-	font-family:"Cambria",serif;}
-p.MsoToc9, li.MsoToc9, div.MsoToc9
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:80.0pt;
-	margin-bottom:.0001pt;
-	font-size:10.0pt;
-	font-family:"Cambria",serif;}
-p.MsoNormalIndent, li.MsoNormalIndent, div.MsoNormalIndent
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	text-align:justify;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;}
-p.MsoFootnoteText, li.MsoFootnoteText, div.MsoFootnoteText
-	{mso-style-link:"Footnote Text Char";
-	margin-top:4.0pt;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:0in;
-	font-size:10.0pt;
-	font-family:"Arial",sans-serif;}
-p.MsoCommentText, li.MsoCommentText, div.MsoCommentText
-	{mso-style-link:"Comment Text Char";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	text-align:justify;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;}
-p.MsoHeader, li.MsoHeader, div.MsoHeader
-	{mso-style-name:"Header\,header odd\,header odd1\,header odd2\,header odd11\,header odd3\,header odd12\,header odd21\,header odd111";
-	mso-style-link:"Header Char\,header odd Char\,header odd1 Char\,header odd2 Char\,header odd11 Char\,header odd3 Char\,header odd12 Char\,header odd21 Char\,header odd111 Char";
-	margin-top:4.0pt;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:0in;
-	font-size:10.0pt;
-	font-family:"Arial",sans-serif;}
-p.MsoFooter, li.MsoFooter, div.MsoFooter
-	{mso-style-link:"Footer Char";
-	margin-top:4.0pt;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:0in;
-	font-size:10.0pt;
-	font-family:"Arial",sans-serif;}
-p.MsoIndexHeading, li.MsoIndexHeading, div.MsoIndexHeading
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	text-align:justify;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;}
-p.MsoCaption, li.MsoCaption, div.MsoCaption
-	{margin-top:6.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:0in;
-	font-size:9.0pt;
-	font-family:"Arial",sans-serif;
-	font-style:italic;}
-p.MsoTof, li.MsoTof, div.MsoTof
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:20.0pt;
-	margin-bottom:.0001pt;
-	text-indent:-20.0pt;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;
-	font-variant:small-caps;}
-span.MsoFootnoteReference
-	{vertical-align:super;}
-span.MsoEndnoteReference
-	{vertical-align:super;}
-p.MsoEndnoteText, li.MsoEndnoteText, div.MsoEndnoteText
-	{mso-style-link:"Endnote Text Char";
-	margin-top:4.0pt;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:0in;
-	font-size:10.0pt;
-	font-family:"Arial",sans-serif;}
-p.MsoList, li.MsoList, div.MsoList
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:.25in;
-	text-align:justify;
-	text-indent:-.25in;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;}
-p.MsoListBullet, li.MsoListBullet, div.MsoListBullet
-	{margin-top:4.0pt;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:.25in;
-	text-indent:-.25in;
-	font-size:10.0pt;
-	font-family:"Arial",sans-serif;}
-p.MsoListNumber, li.MsoListNumber, div.MsoListNumber
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:.5in;
-	text-align:justify;
-	text-indent:-.5in;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;}
-p.MsoList2, li.MsoList2, div.MsoList2
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:.5in;
-	text-align:justify;
-	text-indent:-.25in;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;}
-p.MsoListBullet2, li.MsoListBullet2, div.MsoListBullet2
-	{margin-top:4.0pt;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:.5in;
-	text-indent:-.25in;
-	font-size:10.0pt;
-	font-family:"Arial",sans-serif;}
-p.MsoTitle, li.MsoTitle, div.MsoTitle
-	{mso-style-link:"Title Char";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	border:none;
-	padding:0in;
-	font-size:24.0pt;
-	font-family:"Arial",sans-serif;
-	color:#3B006F;
-	font-weight:bold;}
-p.MsoBodyText, li.MsoBodyText, div.MsoBodyText
-	{mso-style-link:"Body Text Char";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:0in;
-	text-align:justify;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;}
-p.MsoBodyTextIndent, li.MsoBodyTextIndent, div.MsoBodyTextIndent
-	{mso-style-link:"Body Text Indent Char";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:1.5in;
-	text-align:justify;
-	text-indent:-1.5in;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;}
-p.MsoListContinue2, li.MsoListContinue2, div.MsoListContinue2
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:.5in;
-	text-align:justify;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;}
-p.MsoMessageHeader, li.MsoMessageHeader, div.MsoMessageHeader
-	{mso-style-link:"Message Header Char";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:.75in;
-	text-align:justify;
-	text-indent:-.75in;
-	background:#CCCCCC;
-	border:none;
-	padding:0in;
-	font-size:12.0pt;
-	font-family:"Arial",sans-serif;}
-p.MsoSubtitle, li.MsoSubtitle, div.MsoSubtitle
-	{mso-style-link:"Subtitle Char";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	border:none;
-	padding:0in;
-	font-size:18.0pt;
-	font-family:"Arial",sans-serif;
-	color:#3B006F;
-	font-weight:bold;}
-p.MsoDate, li.MsoDate, div.MsoDate
-	{mso-style-link:"Date Char";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	text-align:center;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;
-	font-style:italic;}
-p.MsoNoteHeading, li.MsoNoteHeading, div.MsoNoteHeading
-	{mso-style-link:"Note Heading Char";
-	margin-top:4.0pt;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:0in;
-	font-size:10.0pt;
-	font-family:"Arial",sans-serif;}
-p.MsoBodyText2, li.MsoBodyText2, div.MsoBodyText2
-	{mso-style-link:"Body Text 2 Char";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	text-align:justify;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;}
-p.MsoBodyTextIndent3, li.MsoBodyTextIndent3, div.MsoBodyTextIndent3
-	{mso-style-link:"Body Text Indent 3 Char";
-	margin-top:6.0pt;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:170.1pt;
-	margin-bottom:.0001pt;
-	text-align:justify;
-	text-indent:-134.1pt;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;}
-a:link, span.MsoHyperlink
-	{color:#0000EE;
-	text-decoration:none;}
-a:visited, span.MsoHyperlinkFollowed
-	{color:purple;
-	text-decoration:underline;}
-p.MsoDocumentMap, li.MsoDocumentMap, div.MsoDocumentMap
-	{mso-style-link:"Document Map Char";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	text-align:justify;
-	background:navy;
-	font-size:12.0pt;
-	font-family:"Tahoma",sans-serif;}
-p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
-	{mso-style-link:"Plain Text Char";
-	margin:0in;
-	margin-bottom:.0001pt;
-	font-size:10.0pt;
-	font-family:"Calibri",sans-serif;}
-p
-	{margin-right:0in;
-	margin-left:0in;
-	font-size:10.0pt;
-	font-family:"Arial Unicode MS",sans-serif;}
-pre
-	{mso-style-link:"HTML Preformatted Char";
-	margin:0in;
-	margin-bottom:.0001pt;
-	font-size:10.0pt;
-	font-family:"Arial Unicode MS",sans-serif;}
-tt
-	{font-family:"Arial Unicode MS",sans-serif;}
-p.MsoCommentSubject, li.MsoCommentSubject, div.MsoCommentSubject
-	{mso-style-link:"Comment Subject Char";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	text-align:justify;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;
-	font-weight:bold;}
-p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
-	{mso-style-link:"Balloon Text Char";
-	margin:0in;
-	margin-bottom:.0001pt;
-	font-size:8.0pt;
-	font-family:"Tahoma",sans-serif;}
-p.MsoTocHeading, li.MsoTocHeading, div.MsoTocHeading
-	{margin-top:24.0pt;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:0in;
-	margin-bottom:.0001pt;
-	line-height:115%;
-	page-break-after:avoid;
-	font-size:14.0pt;
-	font-family:"Calibri",sans-serif;
-	color:#365F91;
-	font-weight:bold;}
-p.Titlepageinfo, li.Titlepageinfo, div.Titlepageinfo
-	{mso-style-name:"Title page info";
-	margin:0in;
-	margin-bottom:.0001pt;
-	page-break-after:avoid;
-	font-size:10.0pt;
-	font-family:"Arial",sans-serif;
-	color:#3B006F;
-	font-weight:bold;}
-p.Titlepageinfodescription, li.Titlepageinfodescription, div.Titlepageinfodescription
-	{mso-style-name:"Title page info description";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:.5in;
-	font-size:10.0pt;
-	font-family:"Arial",sans-serif;}
-p.TitlepageinfodescriptionCxSpFirst, li.TitlepageinfodescriptionCxSpFirst, div.TitlepageinfodescriptionCxSpFirst
-	{mso-style-name:"Title page info descriptionCxSpFirst";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:.5in;
-	margin-bottom:.0001pt;
-	font-size:10.0pt;
-	font-family:"Arial",sans-serif;}
-p.TitlepageinfodescriptionCxSpMiddle, li.TitlepageinfodescriptionCxSpMiddle, div.TitlepageinfodescriptionCxSpMiddle
-	{mso-style-name:"Title page info descriptionCxSpMiddle";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:.5in;
-	margin-bottom:.0001pt;
-	font-size:10.0pt;
-	font-family:"Arial",sans-serif;}
-p.TitlepageinfodescriptionCxSpLast, li.TitlepageinfodescriptionCxSpLast, div.TitlepageinfodescriptionCxSpLast
-	{mso-style-name:"Title page info descriptionCxSpLast";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:.5in;
-	font-size:10.0pt;
-	font-family:"Arial",sans-serif;}
-p.Contributor, li.Contributor, div.Contributor
-	{mso-style-name:Contributor;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:.5in;
-	font-size:10.0pt;
-	font-family:"Arial",sans-serif;}
-p.ContributorCxSpFirst, li.ContributorCxSpFirst, div.ContributorCxSpFirst
-	{mso-style-name:ContributorCxSpFirst;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:.5in;
-	margin-bottom:.0001pt;
-	font-size:10.0pt;
-	font-family:"Arial",sans-serif;}
-p.ContributorCxSpMiddle, li.ContributorCxSpMiddle, div.ContributorCxSpMiddle
-	{mso-style-name:ContributorCxSpMiddle;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:.5in;
-	margin-bottom:.0001pt;
-	font-size:10.0pt;
-	font-family:"Arial",sans-serif;}
-p.ContributorCxSpLast, li.ContributorCxSpLast, div.ContributorCxSpLast
-	{mso-style-name:ContributorCxSpLast;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:.5in;
-	font-size:10.0pt;
-	font-family:"Arial",sans-serif;}
-p.Legalnotice, li.Legalnotice, div.Legalnotice
-	{mso-style-name:"Legal notice";
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:0in;
-	font-size:10.0pt;
-	font-family:"Arial",sans-serif;}
-p.LegalnoticeCxSpFirst, li.LegalnoticeCxSpFirst, div.LegalnoticeCxSpFirst
-	{mso-style-name:"Legal noticeCxSpFirst";
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:0in;
-	margin-bottom:.0001pt;
-	font-size:10.0pt;
-	font-family:"Arial",sans-serif;}
-p.LegalnoticeCxSpMiddle, li.LegalnoticeCxSpMiddle, div.LegalnoticeCxSpMiddle
-	{mso-style-name:"Legal noticeCxSpMiddle";
-	margin:0in;
-	margin-bottom:.0001pt;
-	font-size:10.0pt;
-	font-family:"Arial",sans-serif;}
-p.LegalnoticeCxSpLast, li.LegalnoticeCxSpLast, div.LegalnoticeCxSpLast
-	{mso-style-name:"Legal noticeCxSpLast";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:0in;
-	font-size:10.0pt;
-	font-family:"Arial",sans-serif;}
-span.Datatype
-	{mso-style-name:Datatype;
-	font-family:"Courier New";}
-p.Code, li.Code, div.Code
-	{mso-style-name:Code;
-	margin-top:0in;
-	margin-right:.3in;
-	margin-bottom:0in;
-	margin-left:.3in;
-	margin-bottom:.0001pt;
-	background:#D9D9D9;
-	border:none;
-	padding:0in;
-	font-size:9.0pt;
-	font-family:"Courier New";}
-p.AppendixHeading2, li.AppendixHeading2, div.AppendixHeading2
-	{mso-style-name:AppendixHeading2;
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:.4in;
-	text-indent:-.4in;
-	page-break-after:avoid;
-	font-size:14.0pt;
-	font-family:"Arial",sans-serif;
-	color:#3B006F;
-	font-weight:bold;}
-span.Element
-	{mso-style-name:Element;
-	font-family:"Courier New";}
-span.Attribute
-	{mso-style-name:Attribute;
-	font-family:"Courier New";}
-span.Keyword
-	{mso-style-name:Keyword;
-	font-family:"Courier New";}
-p.Note, li.Note, div.Note
-	{mso-style-name:Note;
-	margin-top:6.0pt;
-	margin-right:.5in;
-	margin-bottom:6.0pt;
-	margin-left:.5in;
-	font-size:10.0pt;
-	font-family:"Arial",sans-serif;}
-p.Definitionterm, li.Definitionterm, div.Definitionterm
-	{mso-style-name:"Definition term";
-	margin-top:4.0pt;
-	margin-right:2.0in;
-	margin-bottom:4.0pt;
-	margin-left:0in;
-	font-size:10.0pt;
-	font-family:"Arial",sans-serif;
-	font-weight:bold;}
-p.Definition, li.Definition, div.Definition
-	{mso-style-name:Definition;
-	margin-top:4.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:.5in;
-	font-size:10.0pt;
-	font-family:"Arial",sans-serif;}
-p.Ref, li.Ref, div.Ref
-	{mso-style-name:Ref;
-	margin-top:2.0pt;
-	margin-right:0in;
-	margin-bottom:2.0pt;
-	margin-left:1.5in;
-	text-indent:-1.25in;
-	font-size:10.0pt;
-	font-family:"Arial",sans-serif;
-	color:black;}
-p.AppendixHeading1, li.AppendixHeading1, div.AppendixHeading1
-	{mso-style-name:AppendixHeading1;
-	mso-style-link:"AppendixHeading1 Char";
-	margin-right:0in;
-	margin-left:.25in;
-	text-indent:-.25in;
-	page-break-before:always;
-	page-break-after:avoid;
-	border:none;
-	padding:0in;
-	font-size:18.0pt;
-	font-family:"Arial",sans-serif;
-	color:#3B006F;
-	font-weight:bold;}
-span.Refterm
-	{mso-style-name:"Ref term";
-	font-weight:bold;}
-p.Example, li.Example, div.Example
-	{mso-style-name:Example;
-	margin-top:0in;
-	margin-right:.3in;
-	margin-bottom:0in;
-	margin-left:.3in;
-	margin-bottom:.0001pt;
-	background:#E6E6E6;
-	font-size:9.0pt;
-	font-family:"Courier New";}
-span.CODEtemp
-	{mso-style-name:"CODE temp";
-	font-family:"Courier New";}
-p.Codesmall, li.Codesmall, div.Codesmall
-	{mso-style-name:"Code small";
-	margin-top:0in;
-	margin-right:.3in;
-	margin-bottom:0in;
-	margin-left:.3in;
-	margin-bottom:.0001pt;
-	background:#E6E6E6;
-	border:none;
-	padding:0in;
-	font-size:8.0pt;
-	font-family:"Courier New";}
-p.Examplesmall, li.Examplesmall, div.Examplesmall
-	{mso-style-name:"Example small";
-	margin-top:0in;
-	margin-right:.3in;
-	margin-bottom:0in;
-	margin-left:.3in;
-	margin-bottom:.0001pt;
-	background:#E6E6E6;
-	font-size:8.0pt;
-	font-family:"Courier New";}
-span.Variable
-	{mso-style-name:Variable;
-	font-style:italic;}
-span.FootnoteTextChar
-	{mso-style-name:"Footnote Text Char";
-	mso-style-link:"Footnote Text";
-	font-family:"Arial",sans-serif;}
-p.RelatedWork, li.RelatedWork, div.RelatedWork
-	{mso-style-name:"Related Work";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:.75in;
-	text-indent:-.25in;
-	font-size:10.0pt;
-	font-family:"Arial",sans-serif;}
-p.RelatedWorkCxSpFirst, li.RelatedWorkCxSpFirst, div.RelatedWorkCxSpFirst
-	{mso-style-name:"Related WorkCxSpFirst";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:.75in;
-	margin-bottom:.0001pt;
-	text-indent:-.25in;
-	font-size:10.0pt;
-	font-family:"Arial",sans-serif;}
-p.RelatedWorkCxSpMiddle, li.RelatedWorkCxSpMiddle, div.RelatedWorkCxSpMiddle
-	{mso-style-name:"Related WorkCxSpMiddle";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:.75in;
-	margin-bottom:.0001pt;
-	text-indent:-.25in;
-	font-size:10.0pt;
-	font-family:"Arial",sans-serif;}
-p.RelatedWorkCxSpLast, li.RelatedWorkCxSpLast, div.RelatedWorkCxSpLast
-	{mso-style-name:"Related WorkCxSpLast";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:.75in;
-	text-indent:-.25in;
-	font-size:10.0pt;
-	font-family:"Arial",sans-serif;}
-p.Abstract, li.Abstract, div.Abstract
-	{mso-style-name:Abstract;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:.5in;
-	font-size:10.0pt;
-	font-family:"Arial",sans-serif;}
-p.Notices, li.Notices, div.Notices
-	{mso-style-name:Notices;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	page-break-before:always;
-	border:none;
-	padding:0in;
-	font-size:18.0pt;
-	font-family:"Arial",sans-serif;
-	color:#3B006F;
-	font-weight:bold;}
-p.TextBody, li.TextBody, div.TextBody
-	{mso-style-name:"Text Body";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:0in;
-	font-size:10.0pt;
-	font-family:"Arial",sans-serif;}
-p.AppendixHeading3, li.AppendixHeading3, div.AppendixHeading3
-	{mso-style-name:AppendixHeading3;
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:.5in;
-	text-indent:-.5in;
-	page-break-after:avoid;
-	font-size:13.0pt;
-	font-family:"Arial",sans-serif;
-	color:#3B006F;
-	font-weight:bold;}
-span.EndnoteTextChar
-	{mso-style-name:"Endnote Text Char";
-	mso-style-link:"Endnote Text";
-	font-family:"Arial",sans-serif;}
-p.Heading1WP, li.Heading1WP, div.Heading1WP
-	{mso-style-name:"Heading 1 WP";
-	margin-top:24.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:.3in;
-	text-indent:-.3in;
-	page-break-after:avoid;
-	border:none;
-	padding:0in;
-	font-size:18.0pt;
-	font-family:"Arial",sans-serif;
-	color:#3B006F;
-	font-weight:bold;}
-span.FooterChar
-	{mso-style-name:"Footer Char";
-	mso-style-link:Footer;
-	font-family:"Arial",sans-serif;}
-span.BalloonTextChar
-	{mso-style-name:"Balloon Text Char";
-	mso-style-link:"Balloon Text";
-	font-family:"Tahoma",sans-serif;}
-span.AppendixHeading1Char
-	{mso-style-name:"AppendixHeading1 Char";
-	mso-style-link:AppendixHeading1;
-	font-family:"Arial",sans-serif;
-	color:#3B006F;
-	font-weight:bold;}
-span.apple-style-span
-	{mso-style-name:apple-style-span;}
-p.reference, li.reference, div.reference
-	{mso-style-name:reference;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:89.3pt;
-	text-align:justify;
-	text-indent:-89.3pt;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;}
-p.definition0, li.definition0, div.definition0
-	{mso-style-name:definition;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:2.3in;
-	text-indent:-2.3in;
-	font-size:10.0pt;
-	font-family:"Arial",sans-serif;
-	font-style:italic;}
-span.Heading1Char
-	{mso-style-name:"Heading 1 Char\,h1 Char1\,Level 1 Topic Heading Char1";
-	mso-style-link:"Heading 1\,h1\,Level 1 Topic Heading";
-	font-family:"Arial",sans-serif;
-	color:#3B006F;
-	font-weight:bold;}
-span.Heading2Char
-	{mso-style-name:"Heading 2 Char\,H2 Char1\,h2 Char1\,Level 2 Topic Heading Char1";
-	mso-style-link:"Heading 2\,H2\,h2\,Level 2 Topic Heading";
-	font-family:"Arial",sans-serif;
-	color:#3B006F;
-	font-weight:bold;}
-span.Heading3Char
-	{mso-style-name:"Heading 3 Char\,H3 Char\,h3 Char\,Level 3 Topic Heading Char";
-	mso-style-link:"Heading 3\,H3\,h3\,Level 3 Topic Heading";
-	font-family:"Arial",sans-serif;
-	color:#3B006F;
-	font-weight:bold;}
-span.Heading4Char
-	{mso-style-name:"Heading 4 Char\,H4 Char1\,h4 Char1\,First Subheading Char1";
-	mso-style-link:"Heading 4\,H4\,h4\,First Subheading";
-	font-family:"Arial",sans-serif;
-	color:#3B006F;
-	font-weight:bold;}
-span.Heading5Char
-	{mso-style-name:"Heading 5 Char\,h5 Char1\,Second Subheading Char1";
-	mso-style-link:"Heading 5\,h5\,Second Subheading";
-	font-family:"Arial",sans-serif;
-	color:#3B006F;
-	font-weight:bold;}
-span.Heading6Char
-	{mso-style-name:"Heading 6 Char\,h6 Char1\,Third Subheading Char1";
-	mso-style-link:"Heading 6\,h6\,Third Subheading";
-	font-family:"Arial",sans-serif;
-	color:#3B006F;
-	font-weight:bold;}
-span.Heading7Char
-	{mso-style-name:"Heading 7 Char\,DON\0027T USE 7 Char1";
-	mso-style-link:"Heading 7\,DON\0027T USE 7";
-	font-family:"Arial",sans-serif;
-	color:#3B006F;
-	font-weight:bold;}
-span.Heading8Char
-	{mso-style-name:"Heading 8 Char\,DON\0027T USE 8 Char1";
-	mso-style-link:"Heading 8\,DON\0027T USE 8";
-	font-family:"Arial",sans-serif;
-	color:#3B006F;
-	font-weight:bold;
-	font-style:italic;}
-span.Heading9Char
-	{mso-style-name:"Heading 9 Char\,DON\0027T USE 9 Char1";
-	mso-style-link:"Heading 9\,DON\0027T USE 9";
-	font-family:"Arial",sans-serif;
-	color:#3B006F;
-	font-weight:bold;
-	font-style:italic;}
-span.Heading1Char1
-	{mso-style-name:"Heading 1 Char1\,h1 Char\,Level 1 Topic Heading Char";
-	font-family:"Cambria",serif;
-	color:#365F91;
-	font-weight:bold;}
-span.Heading2Char1
-	{mso-style-name:"Heading 2 Char1\,H2 Char\,h2 Char\,Level 2 Topic Heading Char";
-	font-family:"Cambria",serif;
-	color:#4F81BD;
-	font-weight:bold;}
-span.Heading3Char1
-	{mso-style-name:"Heading 3 Char1\,H3 Char1\,h3 Char1\,Level 3 Topic Heading Char1";
-	font-family:"Cambria",serif;
-	color:#4F81BD;
-	font-weight:bold;}
-span.Heading4Char1
-	{mso-style-name:"Heading 4 Char1\,H4 Char\,h4 Char\,First Subheading Char";
-	font-family:"Cambria",serif;
-	color:#4F81BD;
-	font-weight:bold;
-	font-style:italic;}
-span.Heading5Char1
-	{mso-style-name:"Heading 5 Char1\,h5 Char\,Second Subheading Char";
-	font-family:"Cambria",serif;
-	color:#243F60;}
-span.Heading6Char1
-	{mso-style-name:"Heading 6 Char1\,h6 Char\,Third Subheading Char";
-	font-family:"Cambria",serif;
-	color:#243F60;
-	font-style:italic;}
-span.HTMLPreformattedChar
-	{mso-style-name:"HTML Preformatted Char";
-	mso-style-link:"HTML Preformatted";
-	font-family:"Arial Unicode MS",sans-serif;}
-span.Heading7Char1
-	{mso-style-name:"Heading 7 Char1\,DON\0027T USE 7 Char";
-	font-family:"Cambria",serif;
-	color:#404040;
-	font-style:italic;}
-span.Heading8Char1
-	{mso-style-name:"Heading 8 Char1\,DON\0027T USE 8 Char";
-	font-family:"Cambria",serif;
-	color:#404040;}
-span.Heading9Char1
-	{mso-style-name:"Heading 9 Char1\,DON\0027T USE 9 Char";
-	font-family:"Cambria",serif;
-	color:#404040;
-	font-style:italic;}
-span.CommentTextChar
-	{mso-style-name:"Comment Text Char";
-	mso-style-link:"Comment Text";}
-span.HeaderChar
-	{mso-style-name:"Header Char\,header odd Char\,header odd1 Char\,header odd2 Char\,header odd11 Char\,header odd3 Char\,header odd12 Char\,header odd21 Char\,header odd111 Char";
-	mso-style-link:"Header\,header odd\,header odd1\,header odd2\,header odd11\,header odd3\,header odd12\,header odd21\,header odd111";
-	font-family:"Arial",sans-serif;}
-span.HeaderChar1
-	{mso-style-name:"Header Char1\,header odd Char1\,header odd1 Char1\,header odd2 Char1\,header odd11 Char1\,header odd3 Char1\,header odd12 Char1\,header odd21 Char1\,header odd111 Char1";
-	font-family:"Arial",sans-serif;}
-span.TitleChar
-	{mso-style-name:"Title Char";
-	mso-style-link:Title;
-	font-family:"Arial",sans-serif;
-	color:#3B006F;
-	font-weight:bold;}
-span.BodyTextChar
-	{mso-style-name:"Body Text Char";
-	mso-style-link:"Body Text";
-	font-family:"MS Mincho",serif;}
-span.BodyTextIndentChar
-	{mso-style-name:"Body Text Indent Char";
-	mso-style-link:"Body Text Indent";}
-span.MessageHeaderChar
-	{mso-style-name:"Message Header Char";
-	mso-style-link:"Message Header";
-	font-family:"Arial",sans-serif;
-	background:#CCCCCC;}
-span.SubtitleChar
-	{mso-style-name:"Subtitle Char";
-	mso-style-link:Subtitle;
-	font-family:"Arial",sans-serif;
-	color:#3B006F;
-	font-weight:bold;}
-span.DateChar
-	{mso-style-name:"Date Char";
-	mso-style-link:Date;
-	font-style:italic;}
-span.NoteHeadingChar
-	{mso-style-name:"Note Heading Char";
-	mso-style-link:"Note Heading";
-	font-family:"Arial",sans-serif;}
-span.BodyText2Char
-	{mso-style-name:"Body Text 2 Char";
-	mso-style-link:"Body Text 2";}
-span.BodyTextIndent3Char
-	{mso-style-name:"Body Text Indent 3 Char";
-	mso-style-link:"Body Text Indent 3";
-	font-family:"MS Mincho",serif;}
-span.DocumentMapChar
-	{mso-style-name:"Document Map Char";
-	mso-style-link:"Document Map";
-	font-family:"Tahoma",sans-serif;
-	background:navy;}
-span.CommentSubjectChar
-	{mso-style-name:"Comment Subject Char";
-	mso-style-link:"Comment Subject";
-	font-weight:bold;}
-p.equation, li.equation, div.equation
-	{mso-style-name:equation;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	text-align:center;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;}
-p.smallexample, li.smallexample, div.smallexample
-	{mso-style-name:"small example";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:.5in;
-	margin-bottom:.0001pt;
-	border:none;
-	padding:0in;
-	font-size:9.0pt;
-	font-family:"Courier New";}
-p.name, li.name, div.name
-	{mso-style-name:name;
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:.6in;
-	text-align:justify;
-	text-indent:-.6in;
-	page-break-after:avoid;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;
-	font-weight:bold;}
-p.information, li.information, div.information
-	{mso-style-name:information;
-	margin-top:0in;
-	margin-right:.5in;
-	margin-bottom:0in;
-	margin-left:0in;
-	margin-bottom:.0001pt;
-	text-align:justify;
-	font-size:12.0pt;
-	font-family:Courier;
-	color:black;}
-p.headingfunction, li.headingfunction, div.headingfunction
-	{mso-style-name:"heading function";
-	margin-top:0in;
-	margin-right:.5in;
-	margin-bottom:0in;
-	margin-left:0in;
-	margin-bottom:.0001pt;
-	font-size:12.0pt;
-	font-family:"Times",serif;}
-p.description, li.description, div.description
-	{mso-style-name:description;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	text-align:justify;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;}
-p.space, li.space, div.space
-	{mso-style-name:space;
-	margin:0in;
-	margin-bottom:.0001pt;
-	text-align:justify;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;}
-p.Title1, li.Title1, div.Title1
-	{mso-style-name:Title1;
-	margin-top:24.0pt;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	text-align:center;
-	font-size:16.0pt;
-	font-family:"Times New Roman",serif;
-	font-weight:bold;}
-p.Subtitle1, li.Subtitle1, div.Subtitle1
-	{mso-style-name:Subtitle1;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	text-align:center;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;
-	font-style:italic;}
-p.element0, li.element0, div.element0
-	{mso-style-name:element;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:1.0in;
-	text-align:justify;
-	text-indent:-.5in;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;}
-p.subelement, li.subelement, div.subelement
-	{mso-style-name:subelement;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:1.3in;
-	text-align:justify;
-	text-indent:-.5in;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;}
-p.Table, li.Table, div.Table
-	{mso-style-name:Table;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:2.0pt;
-	margin-left:0in;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;}
-span.CCodeChar
-	{mso-style-name:"C_Code Char";
-	mso-style-link:C_Code;
-	font-family:"Courier New";}
-p.CCode, li.CCode, div.CCode
-	{mso-style-name:C_Code;
-	mso-style-link:"C_Code Char";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:1.1in;
-	margin-bottom:.0001pt;
-	text-indent:-.8in;
-	font-size:12.0pt;
-	font-family:"Courier New";}
-p.CFunction, li.CFunction, div.CFunction
-	{mso-style-name:CFunction;
-	margin:0in;
-	margin-bottom:.0001pt;
-	border:none;
-	padding:0in;
-	font-size:12.0pt;
-	font-family:"Courier New";}
-p.TableSmallFont, li.TableSmallFont, div.TableSmallFont
-	{mso-style-name:TableSmallFont;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:2.0pt;
-	margin-left:0in;
-	text-align:center;
-	page-break-after:avoid;
-	font-size:8.0pt;
-	font-family:"Times New Roman",serif;}
-p.Appendix1, li.Appendix1, div.Appendix1
-	{mso-style-name:Appendix1;
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	text-align:justify;
-	page-break-after:avoid;
-	font-size:14.0pt;
-	font-family:"Times New Roman",serif;
-	font-weight:bold;}
-p.Appendix2, li.Appendix2, div.Appendix2
-	{mso-style-name:Appendix2;
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	text-align:justify;
-	page-break-after:avoid;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;
-	font-weight:bold;}
-p.bulletedlist1, li.bulletedlist1, div.bulletedlist1
-	{mso-style-name:"bulleted list 1";
-	margin-top:.1in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:27.0pt;
-	text-align:justify;
-	text-indent:-.25in;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;}
-p.Appendix10, li.Appendix10, div.Appendix10
-	{mso-style-name:"Appendix 1";
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:.3in;
-	text-align:justify;
-	text-indent:-.3in;
-	page-break-after:avoid;
-	font-size:14.0pt;
-	font-family:"Times New Roman",serif;
-	font-weight:bold;}
-p.Preformatted, li.Preformatted, div.Preformatted
-	{mso-style-name:Preformatted;
-	margin:0in;
-	margin-bottom:.0001pt;
-	layout-grid-mode:char;
-	font-size:12.0pt;
-	font-family:"Courier New";}
-p.Appendix20, li.Appendix20, div.Appendix20
-	{mso-style-name:"Appendix 2";
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:.4in;
-	text-align:justify;
-	text-indent:-.4in;
-	page-break-after:avoid;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;
-	font-weight:bold;}
-p.Appendix, li.Appendix, div.Appendix
-	{mso-style-name:Appendix;
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	text-align:justify;
-	page-break-after:avoid;
-	font-size:14.0pt;
-	font-family:"Times New Roman",serif;
-	font-weight:bold;}
-p.Argument, li.Argument, div.Argument
-	{mso-style-name:Argument;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:1.5in;
-	text-align:justify;
-	text-indent:-1.5in;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;}
-p.Step, li.Step, div.Step
-	{mso-style-name:Step;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:.5in;
-	text-align:justify;
-	text-indent:-.5in;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;}
-p.Equation0, li.Equation0, div.Equation0
-	{mso-style-name:Equation;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	text-align:center;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;}
-p.example0, li.example0, div.example0
-	{mso-style-name:example;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	font-size:12.0pt;
-	font-family:"Courier New";}
-p.paragraph, li.paragraph, div.paragraph
-	{mso-style-name:paragraph;
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:0in;
-	margin-bottom:.0001pt;
-	text-align:justify;
-	font-size:10.0pt;
-	font-family:"Times",serif;}
-p.listitem, li.listitem, div.listitem
-	{mso-style-name:"list item";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:27.0pt;
-	margin-bottom:.0001pt;
-	text-align:justify;
-	text-indent:-27.0pt;
-	font-size:10.0pt;
-	font-family:"Times",serif;}
-p.note0, li.note0, div.note0
-	{mso-style-name:note;
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:0in;
-	margin-bottom:.0001pt;
-	text-align:justify;
-	font-size:9.0pt;
-	font-family:"Times",serif;}
-p.Substep, li.Substep, div.Substep
-	{mso-style-name:Substep;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:1.0in;
-	text-align:justify;
-	text-indent:-.5in;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;}
-p.syntax, li.syntax, div.syntax
-	{mso-style-name:syntax;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	font-size:12.0pt;
-	font-family:"Courier New";}
-p.Appendix3, li.Appendix3, div.Appendix3
-	{mso-style-name:"Appendix 3";
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	text-align:justify;
-	text-indent:0in;
-	page-break-after:avoid;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;
-	font-weight:bold;}
-span.ASN1Char
-	{mso-style-name:"ASN\.1 Char";
-	mso-style-link:"ASN\.1";
-	font-family:"Helvetica",sans-serif;
-	font-weight:bold;}
-p.ASN1Cont, li.ASN1Cont, div.ASN1Cont
-	{mso-style-name:"ASN\.1 Cont\.";
-	margin:0in;
-	margin-bottom:.0001pt;
-	font-size:9.0pt;
-	font-family:"Helvetica",sans-serif;
-	font-weight:bold;}
-p.ASN1, li.ASN1, div.ASN1
-	{mso-style-name:"ASN\.1";
-	mso-style-link:"ASN\.1 Char";
-	margin-top:6.8pt;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:0in;
-	margin-bottom:.0001pt;
-	text-align:justify;
-	font-size:9.0pt;
-	font-family:"Helvetica",sans-serif;
-	font-weight:bold;}
-p.Text, li.Text, div.Text
-	{mso-style-name:Text;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:127.6pt;
-	margin-bottom:.0001pt;
-	text-align:justify;
-	font-size:11.0pt;
-	font-family:"Times New Roman",serif;}
-p.21, li.21, div.21
-	{mso-style-name:"\041D\0443\043C\0435\0440\043E\0432\0430\043D\043D\044B\0439 \0441\043F\0438\0441\043E\043A 21";
-	margin-top:1.0pt;
-	margin-right:14.2pt;
-	margin-bottom:2.0pt;
-	margin-left:-34.8pt;
-	text-align:justify;
-	text-indent:0in;
-	line-height:150%;
-	font-size:14.0pt;
-	font-family:"Times New Roman",serif;
-	color:black;}
-p.aExample, li.aExample, div.aExample
-	{mso-style-name:a_Example;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:.5in;
-	margin-bottom:.0001pt;
-	line-height:150%;
-	font-size:10.0pt;
-	font-family:"Courier New";}
-p.Default, li.Default, div.Default
-	{mso-style-name:Default;
-	margin:0in;
-	margin-bottom:.0001pt;
-	text-autospace:none;
-	font-size:12.0pt;
-	font-family:"Arial",sans-serif;
-	color:black;}
-p.TOCHeading1, li.TOCHeading1, div.TOCHeading1
-	{mso-style-name:"TOC Heading1";
-	margin-top:24.0pt;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:0in;
-	margin-bottom:.0001pt;
-	line-height:115%;
-	page-break-after:avoid;
-	font-size:14.0pt;
-	font-family:"Calibri",sans-serif;
-	color:#365F91;
-	font-weight:bold;}
-span.npal
-	{mso-style-name:npal;
-	font-family:"Palatino",serif;}
-span.Typewriter
-	{mso-style-name:Typewriter;
-	font-family:"Courier New";}
-p.bulletedlist2, li.bulletedlist2, div.bulletedlist2
-	{mso-style-name:"bulleted list 2";
-	margin-top:.1in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:45.0pt;
-	text-align:justify;
-	text-indent:-.25in;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;}
-p.numberedlist2, li.numberedlist2, div.numberedlist2
-	{mso-style-name:"numbered list 2";
-	margin-top:.1in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:45.0pt;
-	text-align:justify;
-	text-indent:-.25in;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;}
-p.BoxedCode, li.BoxedCode, div.BoxedCode
-	{mso-style-name:BoxedCode;
-	margin-top:2.0pt;
-	margin-right:0in;
-	margin-bottom:2.0pt;
-	margin-left:1.5in;
-	text-indent:-1.25in;
-	border:none;
-	padding:0in;
-	font-size:10.0pt;
-	font-family:"Courier New";
-	color:black;}
-span.PlainTextChar
-	{mso-style-name:"Plain Text Char";
-	mso-style-link:"Plain Text";
-	font-family:"Calibri",sans-serif;}
-span.FootnoteCharacters
-	{mso-style-name:"Footnote Characters";
-	vertical-align:super;}
-p.tagged, li.tagged, div.tagged
-	{mso-style-name:tagged;
-	mso-style-link:"tagged Char";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:.25in;
-	text-align:justify;
-	text-indent:-.25in;
-	font-size:10.0pt;
-	font-family:"Arial",sans-serif;}
-span.taggedChar
-	{mso-style-name:"tagged Char";
-	mso-style-link:tagged;
-	font-family:"Arial",sans-serif;}
-span.WW8Num52z1
-	{mso-style-name:WW8Num52z1;
-	font-family:"Courier New";}
-span.apple-converted-space
-	{mso-style-name:apple-converted-space;}
-p.title, li.title, div.title
-	{mso-style-name:title;
-	margin-top:24.0pt;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	text-align:center;
-	font-size:16.0pt;
-	font-family:"Times New Roman",serif;
-	font-weight:bold;}
-p.subtitle, li.subtitle, div.subtitle
-	{mso-style-name:subtitle;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	text-align:center;
-	font-size:12.0pt;
-	font-family:"Times New Roman",serif;
-	font-style:italic;}
-span.msoIns
-	{mso-style-name:"";
-	text-decoration:underline;
-	color:teal;}
-span.msoDel
-	{mso-style-name:"";
-	text-decoration:line-through;
-	color:red;}
- /* Page Definitions */
- @page WordSection1
-	{size:8.5in 11.0in;
-	margin:1.0in 1.0in .5in 1.0in;}
-div.WordSection1
-	{page:WordSection1;}
-@page WordSection2
-	{size:8.5in 11.0in;
-	margin:1.0in 1.0in .5in 1.0in;}
-div.WordSection2
-	{page:WordSection2;}
- /* List Definitions */
- ol
-	{margin-bottom:0in;}
-ul
-	{margin-bottom:0in;}
--->
-</style>
-
-</head>
-
-<body lang=EN-US link="#0000EE" vlink=purple>
-
-<div class=WordSection1>
-
-<p class=MsoNormal><a name="_Toc441162319"></a><a name="_Toc437440478"><img
-width=203 height=54 id="Picture 1"
-src="pkcs11-curr-v2.40-errata01-os-complete_files/image001.jpg"
-alt="Description: oasis"></a></p>
-
-<div style='border:none;border-top:solid gray 1.0pt;padding:1.0pt 0in 0in 0in'>
-
-<p class=MsoTitle><span style='font-size:22.0pt'>PKCS #11 Cryptographic Token
-Interface Current Mechanisms Specification Version 2.40 </span><span
-style='font-size:22.0pt;color:red'>Plus Errata 01</span></p>
-
-<p class=MsoSubtitle>OASIS Standard <span style='color:red'>Incorporating Approved
-Errata 01</span></p>
-
-<p class=MsoSubtitle><span style='color:red'>13 May 2016</span></p>
-
-</div>
-
-<p class=Titlepageinfo><span style='font-size:12.0pt'>Specification URIs</span></p>
-
-<p class=Titlepageinfo>This version:</p>
-
-<p class=TitlepageinfodescriptionCxSpFirst><a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/errata01/os/pkcs11-curr-v2.40-errata01-os-complete.doc">http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/errata01/os/pkcs11-curr-v2.40-errata01-os-complete.doc</a>
-<span class=MsoHyperlink><span style='color:windowtext'>(Authoritative)</span></span></p>
-
-<p class=TitlepageinfodescriptionCxSpMiddle><a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/errata01/os/pkcs11-curr-v2.40-errata01-os-complete.html">http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/errata01/os/pkcs11-curr-v2.40-errata01-os-complete.html</a></p>
-
-<p class=TitlepageinfodescriptionCxSpLast><a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/errata01/os/pkcs11-curr-v2.40-errata01-os-complete.pdf">http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/errata01/os/pkcs11-curr-v2.40-errata01-os-complete.pdf</a></p>
-
-<p class=Titlepageinfo>Previous version:</p>
-
-<p class=TitlepageinfodescriptionCxSpFirst><a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/os/pkcs11-curr-v2.40-os.doc">http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/os/pkcs11-curr-v2.40-os.doc</a><span
-class=MsoHyperlink><span style='color:windowtext'> (Authoritative)</span></span></p>
-
-<p class=TitlepageinfodescriptionCxSpMiddle><a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/os/pkcs11-curr-v2.40-os.html">http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/os/pkcs11-curr-v2.40-os.html</a></p>
-
-<p class=TitlepageinfodescriptionCxSpLast><a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/os/pkcs11-curr-v2.40-os.pdf">http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/os/pkcs11-curr-v2.40-os.pdf</a></p>
-
-<p class=Titlepageinfo>Latest version:</p>
-
-<p class=TitlepageinfodescriptionCxSpFirst><a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/pkcs11-curr-v2.40.doc">http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/pkcs11-curr-v2.40.doc</a>
-(Authoritative)</p>
-
-<p class=TitlepageinfodescriptionCxSpMiddle><a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/pkcs11-curr-v2.40.html">http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/pkcs11-curr-v2.40.html</a></p>
-
-<p class=TitlepageinfodescriptionCxSpLast><a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/pkcs11-curr-v2.40.pdf">http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/pkcs11-curr-v2.40.pdf</a></p>
-
-<p class=Titlepageinfo>Technical Committee:</p>
-
-<p class=Titlepageinfodescription><a
-href="https://www.oasis-open.org/committees/pkcs11/">OASIS PKCS 11 TC</a></p>
-
-<p class=Titlepageinfo>Chairs:</p>
-
-<p class=ContributorCxSpFirst>Valerie Fenwick (<a
-href="mailto:valerie.fenwick@oracle.com">valerie.fenwick@oracle.com</a>), <a
-href="http://www.oracle.com/">Oracle</a></p>
-
-<p class=ContributorCxSpLast>Robert Relyea (<a href="mailto:rrelyea@redhat.com">rrelyea@redhat.com</a>),
-<a href="http://www.redhat.com/">Red Hat</a></p>
-
-<p class=Titlepageinfo>Editors:</p>
-
-<p class=ContributorCxSpFirst>Susan Gleeson (<a
-href="mailto:susan.gleeson@oracle.com">susan.gleeson@oracle.com</a>), <a
-href="http://www.oracle.com/">Oracle</a></p>
-
-<p class=ContributorCxSpMiddle>Chris Zimman (<a href="mailto:chris@wmpp.com">chris@wmpp.com</a>),
-Individual</p>
-
-<p class=ContributorCxSpMiddle>Robert Griffin (<a
-href="mailto:robert.griffin@emc.com">robert.griffin@emc.com</a>), <a
-href="http://www.emc.com/">EMC Corporation</a></p>
-
-<p class=ContributorCxSpLast>Tim Hudson (<a href="mailto:tjh@cryptsoft.com">tjh@cryptsoft.com</a>),
-<a href="http://www.cryptsoft.com/">Cryptsoft Pty Ltd</a></p>
-
-<p class=Titlepageinfo>Additional artifacts:</p>
-
-<p class=RelatedWork style='margin-left:.5in;text-indent:0in'>This prose
-specification is one component of a Work Product that also includes:</p>
-
-<p class=MsoTableMediumGrid1Accent2 style='margin-left:.75in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><i>PKCS #11 Cryptographic Token Interface Current Mechanisms
-Specification Version 2.40 Errata 01.</i> Edited by Robert Griffin and Tim
-Hudson. 13 May 2016. OASIS Approved Errata. <a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/errata01/os/pkcs11-curr-v2.40-errata01-os.html">http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/errata01/os/pkcs11-curr-v2.40-errata01-os.html</a>.</p>
-
-<p class=Titlepageinfo><a name=RelatedWork>Related work</a>:</p>
-
-<p class=Titlepageinfodescription>This specification replaces or supersedes:</p>
-
-<p class=RelatedWork><span style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><i>PKCS #11 Cryptographic Token Interface Current Mechanisms
-Specification Version 2.40. </i>Edited by Susan Gleeson and Chris Zimman. 14
-April 2015. OASIS Standard. <a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/os/pkcs11-curr-v2.40-os.html">http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/os/pkcs11-curr-v2.40-os.html</a>.</p>
-
-<p class=Titlepageinfodescription>This specification is related to:</p>
-
-<p class=RelatedWorkCxSpFirst><span style='font-family:Symbol'>·<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>Normative computer language definition files for PKCS #11 v2.40: </p>
-
-<p class=RelatedWorkCxSpMiddle style='margin-left:1.25in'><span
-style='font-family:"Courier New"'>o<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;
-</span></span><a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/errata01/os/include/pkcs11-v2.40/pkcs11.h">http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/errata01/os/include/pkcs11-v2.40/pkcs11.h</a></p>
-
-<p class=RelatedWorkCxSpMiddle style='margin-left:1.25in'><span
-style='font-family:"Courier New"'>o<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;
-</span></span><a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/errata01/os/include/pkcs11-v2.40/pkcs11t.h">http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/errata01/os/include/pkcs11-v2.40/pkcs11t.h</a></p>
-
-<p class=RelatedWorkCxSpMiddle style='margin-left:1.25in'><span
-style='font-family:"Courier New"'>o<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;
-</span></span><a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/errata01/os/include/pkcs11-v2.40/pkcs11f.h">http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/errata01/os/include/pkcs11-v2.40/pkcs11f.h</a></p>
-
-<p class=RelatedWorkCxSpMiddle><span lang=DE-CH style='font-family:Symbol'>·<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><i><span lang=DE-CH>PKCS #11 Cryptographic Token Interface
-Profiles Version 2.40</span></i><span lang=DE-CH>. Edited by Tim Hudson. Latest
-version: <a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-profiles/v2.40/pkcs11-profiles-v2.40.html">http://docs.oasis-open.org/pkcs11/pkcs11-profiles/v2.40/pkcs11-profiles-v2.40.html</a>.</span></p>
-
-<p class=RelatedWorkCxSpMiddle><span lang=DE-CH style='font-family:Symbol'>·<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><i><span lang=DE-CH>PKCS #11 Cryptographic Token Interface
-Historical Mechanisms Specification Version 2.40 Plus Errata 01</span></i><span
-lang=DE-CH>. Edited by Susan Gleeson, Chris Zimman, Robert Griffin, and Tim
-Hudson. <a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-hist/v2.40/errata01/os/pkcs11-hist-v2.40-errata01-os-complete.html">http://docs.oasis-open.org/pkcs11/pkcs11-hist/v2.40/errata01/os/pkcs11-hist-v2.40-errata01-os-complete.html</a>.</span></p>
-
-<p class=RelatedWorkCxSpMiddle><span lang=DE-CH style='font-family:Symbol'>·<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><i><span lang=DE-CH>PKCS #11 Cryptographic Token Interface
-Historical Mechanisms Specification Version 2.40 Errata 01</span></i><span
-lang=DE-CH>. Edited by Robert Griffin and Tim Hudson. <a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-hist/v2.40/errata01/os/pkcs11-hist-v2.40-errata01-os.html">http://docs.oasis-open.org/pkcs11/pkcs11-hist/v2.40/errata01/os/pkcs11-hist-v2.40-errata01-os.html</a>.</span></p>
-
-<p class=RelatedWorkCxSpMiddle><span lang=DE-CH style='font-family:Symbol'>·<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><i><span lang=DE-CH>PKCS #11 Cryptographic Token Interface Base
-Specification Version 2.40 Plus Errata 01</span></i><span lang=DE-CH>. Edited
-by Susan Gleeson, Chris Zimman, Robert Griffin, and Tim Hudson. <a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/errata01/os/pkcs11-base-v2.40-errata01-os-complete.html">http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/errata01/os/pkcs11-base-v2.40-errata01-os-complete.html</a>.</span></p>
-
-<p class=RelatedWorkCxSpMiddle><span lang=DE-CH style='font-family:Symbol'>·<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><i><span lang=DE-CH>PKCS #11 Cryptographic Token Interface Base
-Specification Version 2.40 Errata01</span></i><span lang=DE-CH>. Edited by
-Robert Griffin and Tim Hudson. <a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/errata01/os/pkcs11-base-v2.40-errata01-os.html">http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/errata01/os/pkcs11-base-v2.40-errata01-os.html</a>.</span></p>
-
-<p class=RelatedWorkCxSpLast><span lang=DE-CH style='font-family:Symbol'>·<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><i><span lang=DE-CH>PKCS #11 Cryptographic Token Interface Usage
-Guide Version 2.40</span></i><span lang=DE-CH>. Edited by John Leiseboer and
-Robert Griffin. Latest version: <a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/pkcs11-ug-v2.40.html">http://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/pkcs11-ug-v2.40.html</a>.</span></p>
-
-<p class=Titlepageinfo>Abstract:</p>
-
-<p class=Abstract>This document defines mechanisms that are anticipated for use
-with the current version of PKCS #11.</p>
-
-<p class=Titlepageinfo>Status:</p>
-
-<p class=Abstract>This document was last revised or approved by the OASIS PKCS
-11 TC on the above date. The level of approval is also listed above. Check the
-“Latest version” location noted above for possible later revisions of this
-document. Any other numbered Versions and other technical work produced by the
-Technical Committee (TC) are listed at <a
-href="https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=pkcs11#technical">https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=pkcs11#technical</a>.</p>
-
-<p class=Abstract>TC members should send comments on this specification to the
-TC’s email list. Others should send comments to the TC’s public comment list,
-after subscribing to it by following the instructions at the “<a
-href="https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=pkcs11">Send
-A Comment</a>” button on the TC’s web page at <a
-href="https://www.oasis-open.org/committees/pkcs11/">https://www.oasis-open.org/committees/pkcs11/</a><span
-class=MsoHyperlink><span style='color:black'>.</span></span></p>
-
-<p class=Abstract>For information on whether any patents have been disclosed
-that may be essential to implementing this specification, and any offers of
-patent licensing terms, please refer to the Intellectual Property Rights
-section of the TC’s web page (<a
-href="https://www.oasis-open.org/committees/pkcs11/ipr.php">https://www.oasis-open.org/committees/pkcs11/ipr.php</a><span
-class=MsoHyperlink><span style='color:black'>).</span></span></p>
-
-<p class=Titlepageinfo>Citation format:</p>
-
-<p class=Abstract style='page-break-after:avoid'>When referencing this specification
-the following citation format should be used:</p>
-
-<p class=Abstract style='page-break-after:avoid'><span class=Refterm>[PKCS11-curr-v2.40]</span></p>
-
-<p class=Titlepageinfodescription><i>PKCS #11 Cryptographic Token Interface
-Current Mechanisms Specification Version 2.40 Plus Errata 01. </i>Edited by
-Susan Gleeson, Chris Zimman, Robert Griffin and Tim Hudson. 13 May 2016. OASIS
-Standard Incorporating Approved Errata 01. <a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/errata01/os/pkcs11-curr-v2.40-errata01-os-complete.html">http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/errata01/os/pkcs11-curr-v2.40-errata01-os-complete.html</a>.
-Latest version: <a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/pkcs11-curr-v2.40.pdf">http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/pkcs11-curr-v2.40.pdf</a>.</p>
-
-<div style='border:none;border-top:solid gray 1.0pt;padding:1.0pt 0in 0in 0in'>
-
-<p class=Notices>Notices</p>
-
-</div>
-
-<p class=MsoNormal>Copyright © OASIS Open 2016. All Rights Reserved.</p>
-
-<p class=MsoNormal>All capitalized terms in the following text have the
-meanings assigned to them in the OASIS Intellectual Property Rights Policy (the
-&quot;OASIS IPR Policy&quot;). The full <a
-href="https://www.oasis-open.org/policies-guidelines/ipr">Policy</a> may be
-found at the OASIS website.</p>
-
-<p class=MsoNormal>This document and translations of it may be copied and
-furnished to others, and derivative works that comment on or otherwise explain
-it or assist in its implementation may be prepared, copied, published, and
-distributed, in whole or in part, without restriction of any kind, provided
-that the above copyright notice and this section are included on all such copies
-and derivative works. However, this document itself may not be modified in any
-way, including by removing the copyright notice or references to OASIS, except
-as needed for the purpose of developing any document or deliverable produced by
-an OASIS Technical Committee (in which case the rules applicable to copyrights,
-as set forth in the OASIS IPR Policy, must be followed) or as required to
-translate it into languages other than English.</p>
-
-<p class=MsoNormal>The limited permissions granted above are perpetual and will
-not be revoked by OASIS or its successors or assigns.</p>
-
-<p class=MsoNormal>This document and the information contained herein is
-provided on an &quot;AS IS&quot; basis and OASIS DISCLAIMS ALL WARRANTIES,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
-THE INFORMATION HEREIN WILL NOT INFRINGE ANY OWNERSHIP RIGHTS OR ANY IMPLIED
-WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.</p>
-
-<p class=MsoNormal>OASIS requests that any OASIS Party or any other party that
-believes it has patent claims that would necessarily be infringed by
-implementations of this OASIS Committee Specification or OASIS Standard, to
-notify OASIS TC Administrator and provide an indication of its willingness to
-grant patent licenses to such patent claims in a manner consistent with the IPR
-Mode of the OASIS Technical Committee that produced this specification.</p>
-
-<p class=MsoNormal>OASIS invites any party to contact the OASIS TC
-Administrator if it is aware of a claim of ownership of any patent claims that
-would necessarily be infringed by implementations of this specification by a patent
-holder that is not willing to provide a license to such patent claims in a
-manner consistent with the IPR Mode of the OASIS Technical Committee that
-produced this specification. OASIS may include such claims on its website, but
-disclaims any obligation to do so.</p>
-
-<p class=MsoNormal>OASIS takes no position regarding the validity or scope of
-any intellectual property or other rights that might be claimed to pertain to
-the implementation or use of the technology described in this document or the
-extent to which any license under such rights might or might not be available;
-neither does it represent that it has made any effort to identify any such
-rights. Information on OASIS' procedures with respect to rights in any document
-or deliverable produced by an OASIS Technical Committee can be found on the
-OASIS website. Copies of claims of rights made available for publication and
-any assurances of licenses to be made available, or the result of an attempt
-made to obtain a general license or permission for the use of such proprietary
-rights by implementers or users of this OASIS Committee Specification or OASIS
-Standard, can be obtained from the OASIS TC Administrator. OASIS makes no
-representation that any information or list of intellectual property rights
-will at any time be complete, or that any claims in such list are, in fact,
-Essential Claims.</p>
-
-<p class=MsoNormal>The name &quot;OASIS&quot; is a trademark of <a
-href="https://www.oasis-open.org/">OASIS</a>, the owner and developer of this
-specification, and should be used only to refer to the organization and its
-official outputs. OASIS welcomes reference to, and implementation and use of,
-specifications, while reserving the right to enforce its marks against
-misleading uses. Please see <a
-href="https://www.oasis-open.org/policies-guidelines/trademark">https://www.oasis-open.org/policies-guidelines/trademark</a>
-for above guidance.</p>
-
-<div style='border:none;border-top:solid gray 1.0pt;padding:1.0pt 0in 0in 0in'>
-
-<p class=Notices>Table of Contents</p>
-
-</div>
-
-<p class=MsoToc1><span class=MsoHyperlink><a href="#_Toc441850398">1<span
-style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext'>        </span>Introduction<span
-style='color:windowtext;display:none'>. </span><span
-style='color:windowtext;display:none'>13</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850399">1.1
-Terminology<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>13</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850400">1.2
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>13</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850401">1.3
-Normative References<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>14</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850402">1.4
-Non-Normative References<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>16</span></a></span></p>
-
-<p class=MsoToc1><span class=MsoHyperlink><a href="#_Toc441850403">2<span
-style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext'>        </span>Mechanisms<span
-style='color:windowtext;display:none'>. </span><span
-style='color:windowtext;display:none'>19</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850404">2.1 RSA<span
-style='color:windowtext;display:none'>. </span><span
-style='color:windowtext;display:none'>19</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850405">2.1.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>20</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850406">2.1.2 RSA
-public key objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>21</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850407">2.1.3 RSA
-private key objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>21</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850408">2.1.4 PKCS
-#1 RSA key pair generation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>23</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850409">2.1.5 X9.31
-RSA key pair generation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>24</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850410">2.1.6 PKCS
-#1 v1.5 RSA<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>24</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850411">2.1.7 PKCS
-#1 RSA OAEP mechanism parameters<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>25</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850412">2.1.8 PKCS
-#1 RSA OAEP<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>26</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850413">2.1.9 PKCS #1
-RSA PSS mechanism parameters<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>27</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850414">2.1.10 PKCS
-#1 RSA PSS<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>27</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850415">2.1.11
-ISO/IEC 9796 RSA<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>28</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850416">2.1.12 X.509
-(raw) RSA<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>28</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850417">2.1.13 ANSI
-X9.31 RSA<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>29</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850418">2.1.14 PKCS
-#1 v1.5 RSA signature with MD2, MD5, SHA-1, SHA-256, SHA-384, SHA-512, RIPE-MD
-128 or RIPE-MD 160<span style='color:windowtext;display:none'>  </span><span style='color:windowtext;display:none'>30</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850419">2.1.15 PKCS
-#1 v1.5 RSA signature with SHA-224<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>31</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850420">2.1.16 PKCS
-#1 RSA PSS signature with SHA-224<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>31</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850421">2.1.17 PKCS
-#1 RSA PSS signature with SHA-1, SHA-256, SHA-384 or SHA-512<span
-style='color:windowtext;display:none'>. </span><span
-style='color:windowtext;display:none'>31</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850422">2.1.18 ANSI
-X9.31 RSA signature with SHA-1<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>31</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850423">2.1.19 TPM
-1.1b and TPM 1.2 PKCS #1 v1.5 RSA<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>32</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850424">2.1.20 TPM
-1.1b and TPM 1.2 PKCS #1 RSA OAEP<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>32</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850425">2.1.21 RSA
-AES KEY WRAP<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>33</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850426">2.1.22 RSA
-AES KEY WRAP mechanism parameters<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>34</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850427">2.1.23 FIPS
-186-4<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>35</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850428"><span
-lang=DE-CH>2.2</span> DS<span lang=DE-CH>A</span><span style='color:windowtext;
-display:none'>. </span><span
-style='color:windowtext;display:none'>35</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850429">2.2.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>35</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850430">2.2.2 DSA
-public key objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>36</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850431">2.2.3 DSA
-Key Restrictions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>37</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850432">2.2.4 DSA
-private key objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>37</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850433">2.2.5 DSA
-domain parameter objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>38</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850434">2.2.6 DSA
-key pair generation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>39</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850435">2.2.7 DSA
-domain parameter generation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>39</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850436">2.2.8 DSA
-probabilistic domain parameter generation<span style='color:windowtext;
-display:none'>. </span><span
-style='color:windowtext;display:none'>39</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850437">2.2.9 DSA
-Shawe-Taylor domain parameter generation<span style='color:windowtext;
-display:none'>. </span><span
-style='color:windowtext;display:none'>40</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850438">2.2.10 DSA
-base domain parameter generation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>40</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850439">2.2.11 DSA
-without hashing<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>40</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850440">2.2.12 DSA
-with SHA-1<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>41</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850441">2.2.13 FIPS
-186-4<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>41</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850442">2.2.14 DSA
-with SHA-224<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>41</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850443">2.2.15 DSA
-with SHA-256<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>42</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850444">2.2.16 DSA
-with SHA-384<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>42</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850445">2.2.17 DSA
-with SHA-512<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>43</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850446">2.3 Elliptic
-Curve<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>43</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850447">2.3.1 EC
-Signatures<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>44</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850448">2.3.2
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>45</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850449">2.3.3 ECDSA
-public key objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>45</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850450">2.3.4
-Elliptic curve private key objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>46</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850451">2.3.5
-Elliptic curve key pair generation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>47</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850452">2.3.6 ECDSA
-without hashing<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>47</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850453">2.3.7 ECDSA
-with SHA-1<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>48</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850454">2.3.8 EC
-mechanism parameters<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>48</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850455">2.3.9
-Elliptic curve Diffie-Hellman key derivation<span style='color:windowtext;
-display:none'>. </span><span
-style='color:windowtext;display:none'>51</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850456">2.3.10
-Elliptic curve Diffie-Hellman with cofactor key derivation<span
-style='color:windowtext;display:none'>. </span><span
-style='color:windowtext;display:none'>51</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850457">2.3.11
-Elliptic curve Menezes-Qu-Vanstone key derivation<span style='color:windowtext;
-display:none'>. </span><span
-style='color:windowtext;display:none'>52</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850458">2.3.12 ECDH
-AES KEY WRAP<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>52</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850459">2.3.13 ECDH
-AES KEY WRAP mechanism parameters<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>54</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850460">2.3.14 FIPS
-186-4<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>54</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850461"><span
-lang=DE-CH>2.4</span> Diffie-Hellman<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>54</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850462">2.4.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>55</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850463">2.4.2
-Diffie-Hellman public key objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>55</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850464">2.4.3 X9.42
-Diffie-Hellman public key objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>56</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850465">2.4.4
-Diffie-Hellman private key objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>57</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850466">2.4.5 X9.42
-Diffie-Hellman private key objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>58</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850467">2.4.6
-Diffie-Hellman domain parameter objects<span style='color:windowtext;
-display:none'>. </span><span
-style='color:windowtext;display:none'>59</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850468">2.4.7 X9.42
-Diffie-Hellman domain parameters objects<span style='color:windowtext;
-display:none'>. </span><span
-style='color:windowtext;display:none'>59</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850469">2.4.8 PKCS
-#3 Diffie-Hellman key pair generation<span style='color:windowtext;display:
-none'>. </span><span
-style='color:windowtext;display:none'>60</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850470">2.4.9 PKCS
-#3 Diffie-Hellman domain parameter generation<span style='color:windowtext;
-display:none'>. </span><span
-style='color:windowtext;display:none'>60</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850471">2.4.10 PKCS
-#3 Diffie-Hellman key derivation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>61</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850472">2.4.11 X9.42
-Diffie-Hellman mechanism parameters<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>61</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850473">2.4.12 X9.42
-Diffie-Hellman key pair generation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>64</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850474">2.4.13 X9.42
-Diffie-Hellman domain parameter generation<span style='color:windowtext;
-display:none'>. </span><span
-style='color:windowtext;display:none'>65</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850475">2.4.14 X9.42
-Diffie-Hellman key derivation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>65</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850476">2.4.15 X9.42
-Diffie-Hellman hybrid key derivation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>65</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850477">2.4.16 X9.42
-Diffie-Hellman Menezes-Qu-Vanstone key derivation<span style='color:windowtext;
-display:none'>. </span><span
-style='color:windowtext;display:none'>66</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850478">2.5
-Wrapping/unwrapping private keys<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>67</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850479"><span
-lang=DE-CH>2.6</span> Generic secret key<span style='color:windowtext;
-display:none'>. </span><span
-style='color:windowtext;display:none'>69</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850480">2.6.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>69</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850481">2.6.2
-Generic secret key objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>69</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850482">2.6.3 Generic
-secret key generation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>70</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850483">2.7 HMAC
-mechanisms<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>70</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850484">2.8 AES<span
-style='color:windowtext;display:none'>. </span><span
-style='color:windowtext;display:none'>70</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850485">2.8.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>71</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850486">2.8.2 AES
-secret key objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>71</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850487">2.8.3 AES
-key generation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>72</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850488">2.8.4
-AES-ECB<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>72</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850489">2.8.5
-AES-CBC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>73</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850490">2.8.6
-AES-CBC with PKCS padding<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>74</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850491">2.8.7
-AES-OFB<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>74</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850492">2.8.8
-AES-CFB<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>75</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850493">2.8.9
-General-length AES-MAC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>75</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850494">2.8.10
-AES-MAC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>75</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850495">2.8.11
-AES-XCBC-MAC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>76</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850496">2.8.12
-AES-XCBC-MAC-96<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>76</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850497"><span
-lang=DE-CH>2.9</span> AES with Counter<span style='color:windowtext;display:
-none'> </span><span
-style='color:windowtext;display:none'>76</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850498">2.9.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>76</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850499">2.9.2 AES
-with Counter mechanism parameters<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>77</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850500">2.9.3 AES
-with Counter Encryption / Decryption<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>77</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850501">2.10 AES CBC
-with Cipher Text Stealing CTS<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>78</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850502">2.10.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>78</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850503">2.10.2 AES
-CTS mechanism parameters<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>78</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850504"><span
-lang=DE-CH>2.11</span> Additional AES Mechanisms<span style='color:windowtext;
-display:none'>. </span><span
-style='color:windowtext;display:none'>78</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850505">2.11.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>78</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850506">2.12 AES-GCM
-Authenticated Encryption / Decryption<span style='color:windowtext;display:
-none'>. </span><span
-style='color:windowtext;display:none'>79</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850507">2.12.1
-AES-CCM authenticated Encryption / Decryption<span style='color:windowtext;
-display:none'>. </span><span
-style='color:windowtext;display:none'>79</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850508">2.12.2
-AES-GMAC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>80</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850509">2.12.3 AES
-GCM and CCM Mechanism parameters<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>81</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850510">2.12.4
-AES-GCM authenticated Encryption / Decryption<span style='color:windowtext;
-display:none'>. </span><span
-style='color:windowtext;display:none'>82</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850511">2.12.5
-AES-CCM authenticated Encryption / Decryption<span style='color:windowtext;
-display:none'>. </span><span
-style='color:windowtext;display:none'>82</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850512">2.13 AES
-CMAC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>83</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850513">2.13.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>83</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850514">2.13.2
-Mechanism parameters<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>84</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850515">2.13.3
-General-length AES-CMAC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>84</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850516">2.13.4
-AES-CMAC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>84</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850517"><span
-lang=DE-CH>2.14</span> AES Key Wrap<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>84</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850518">2.14.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>85</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850519">2.14.2 AES
-Key Wrap Mechanism parameters<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>85</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850520">2.14.3 AES
-Key Wrap<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>85</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850521">2.15 Key
-derivation by data encryption – DES &amp; AES<span style='color:windowtext;
-display:none'>. </span><span
-style='color:windowtext;display:none'>85</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850522">2.15.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>86</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850523">2.15.2
-Mechanism Parameters<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>86</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850524">2.15.3
-Mechanism Description<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>87</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850525"><span
-lang=DE-CH>2.16</span> Double and Triple-length DES<span style='color:windowtext;
-display:none'>. </span><span
-style='color:windowtext;display:none'>87</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850526">2.16.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>87</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850527">2.16.2 DES2
-secret key objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>88</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850528">2.16.3 DES3
-secret key objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>88</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850529">2.16.4
-Double-length DES key generation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>89</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850530">2.16.5
-Triple-length DES Order of Operations<span style='color:windowtext;display:
-none'>. </span><span
-style='color:windowtext;display:none'>89</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850531">2.16.6
-Triple-length DES in CBC Mode<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>89</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850532">2.16.7 DES
-and Triple length DES in OFB Mode<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>89</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850533">2.16.8 DES
-and Triple length DES in CFB Mode<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>90</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850534">2.17 Double
-and Triple-length DES CMAC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>90</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850535">2.17.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>91</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850536">2.17.2
-Mechanism parameters<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>91</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850537">2.17.3
-General-length DES3-MAC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>91</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850538">2.17.4
-DES3-CMAC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>91</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850539"><span
-lang=DE-CH>2.18</span> SHA-1<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>92</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850540">2.18.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>92</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850541">2.18.2 SHA-1
-digest<span style='color:windowtext;display:none'> </span><span style='color:windowtext;display:none'>92</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850542">2.18.3
-General-length SHA-1-HMAC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>93</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850543">2.18.4
-SHA-1-HMAC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>93</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850544">2.18.5 SHA-1
-key derivation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>93</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850545"><span
-lang=DE-CH>2.19</span> SHA-224<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>94</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850546">2.19.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>94</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850547">2.19.2
-SHA-224 digest<span style='color:windowtext;display:none'> </span><span style='color:windowtext;display:none'>94</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850548">2.19.3
-General-length SHA-224-HMAC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>94</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850549">2.19.4
-SHA-224-HMAC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>95</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850550">2.19.5
-SHA-224 key derivation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>95</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850551"><span
-lang=DE-CH>2.20</span> SHA-256<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>95</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850552">2.20.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>95</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850553">2.20.2
-SHA-256 digest<span style='color:windowtext;display:none'> </span><span style='color:windowtext;display:none'>95</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850554">2.20.3
-General-length SHA-256-HMAC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>96</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850555">2.20.4
-SHA-256-HMAC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>96</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850556">2.20.5
-SHA-256 key derivation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>96</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850557"><span
-lang=DE-CH>2.21</span> SHA-384<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>96</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850558">2.21.1 Definitions<span
-style='color:windowtext;display:none'>. </span><span
-style='color:windowtext;display:none'>96</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850559">2.21.2
-SHA-384 digest<span style='color:windowtext;display:none'> </span><span style='color:windowtext;display:none'>97</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850560">2.21.3
-General-length SHA-384-HMAC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>97</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850561">2.21.4
-SHA-384-HMAC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>97</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850562">2.21.5
-SHA-384 key derivation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>97</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850563"><span
-lang=DE-CH>2.22</span> SHA-512<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>97</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850564">2.22.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>97</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850565">2.22.2
-SHA-512 digest<span style='color:windowtext;display:none'> </span><span style='color:windowtext;display:none'>98</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850566">2.22.3
-General-length SHA-512-HMAC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>98</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850567">2.22.4
-SHA-512-HMAC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>98</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850568">2.22.5
-SHA-512 key derivation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>98</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850569"><span
-lang=DE-CH>2.23</span> SHA-512/224<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>98</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850570">2.23.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>98</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850571">2.23.2
-SHA-512/224 digest<span style='color:windowtext;display:none'> </span><span style='color:windowtext;display:none'>99</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850572">2.23.3
-General-length SHA-512-HMAC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>99</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850573">2.23.4
-SHA-512/224-HMAC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>99</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850574">2.23.5
-SHA-512/224 key derivation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>99</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850575"><span
-lang=DE-CH>2.24</span> SHA-512/256<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>99</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850576">2.24.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>100</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850577">2.24.2
-SHA-512/256 digest<span style='color:windowtext;display:none'> </span><span style='color:windowtext;display:none'>100</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850578">2.24.3
-General-length SHA-512-HMAC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>100</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850579">2.24.4
-SHA-512/256-HMAC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>100</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850580">2.24.5
-SHA-512/256 key derivation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>100</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850581"><span
-lang=DE-CH>2.25</span> SHA-512/t<span style='color:windowtext;display:none'> </span><span style='color:windowtext;display:none'>100</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850582">2.25.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>101</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850583">2.25.2
-SHA-512/t digest<span style='color:windowtext;display:none'> </span><span style='color:windowtext;display:none'>101</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850584">2.25.3
-General-length SHA-512-HMAC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>101</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850585">2.25.4
-SHA-512/t-HMAC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>101</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850586">2.25.5
-SHA-512/t key derivation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>102</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850587">2.26 PKCS #5
-and PKCS #5-style password-based encryption (PBE)<span style='color:windowtext;
-display:none'> </span><span
-style='color:windowtext;display:none'>102</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850588">2.26.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>102</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850589">2.26.2
-Password-based encryption/authentication mechanism parameters<span
-style='color:windowtext;display:none'>. </span><span
-style='color:windowtext;display:none'>102</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850590">2.26.3 PKCS
-#5 PBKDF2 key generation mechanism parameters<span style='color:windowtext;
-display:none'>. </span><span
-style='color:windowtext;display:none'>103</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850591">2.26.4 PKCS
-#5 PBKD2 key generation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>105</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850592">2.27 PKCS
-#12 password-based encryption/authentication mechanisms<span style='color:windowtext;
-display:none'>. </span><span
-style='color:windowtext;display:none'>105</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850593">2.27.1
-SHA-1-PBE for 3-key triple-DES-CBC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>106</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850594">2.27.2
-SHA-1-PBE for 2-key triple-DES-CBC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>106</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850595">2.27.3
-SHA-1-PBA for SHA-1-HMAC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>106</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850596"><span
-lang=DE-CH>2.28</span> SSL<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>107</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850597">2.28.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>107</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850598">2.28.2 SSL
-mechanism parameters<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>107</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850599">2.28.3
-Pre-master key generation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>109</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850600">2.28.4
-Master key derivation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>110</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850601">2.28.5
-Master key derivation for Diffie-Hellman<span style='color:windowtext;
-display:none'>. </span><span
-style='color:windowtext;display:none'>110</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850602">2.28.6 Key
-and MAC derivation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>111</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850603">2.28.7 MD5
-MACing in SSL 3.0<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>112</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850604">2.28.8 SHA-1
-MACing in SSL 3.0<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>112</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850605">2.29 TLS 1.2
-Mechanisms<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>112</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850606">2.29.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>113</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850607">2.29.2 TLS
-1.2 mechanism parameters<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>113</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850608">2.29.3 TLS
-MAC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>116</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850609">2.29.4
-Master key derivation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>116</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850610">2.29.5
-Master key derivation for Diffie-Hellman<span style='color:windowtext;
-display:none'>. </span><span
-style='color:windowtext;display:none'>117</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850611">2.29.6 Key
-and MAC derivation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>118</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850612">2.29.7
-CKM_TLS12_KEY_SAFE_DERIVE<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>119</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850613">2.29.8
-Generic Key Derivation using the TLS PRF<span style='color:windowtext;
-display:none'>. </span><span
-style='color:windowtext;display:none'>119</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850614">2.30 WTLS<span
-style='color:windowtext;display:none'>. </span><span
-style='color:windowtext;display:none'>119</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850615">2.30.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>120</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850616">2.30.2 WTLS
-mechanism parameters<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>120</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850617">2.30.3 Pre
-master secret key generation for RSA key exchange suite<span style='color:windowtext;
-display:none'>. </span><span
-style='color:windowtext;display:none'>123</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850618">2.30.4
-Master secret key derivation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>123</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850619">2.30.5
-Master secret key derivation for Diffie-Hellman and Elliptic Curve Cryptography<span
-style='color:windowtext;display:none'>. </span><span
-style='color:windowtext;display:none'>124</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850620">2.30.6 WTLS PRF
-(pseudorandom function)<span style='color:windowtext;display:none'> </span><span style='color:windowtext;display:none'>125</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850621">2.30.7
-Server Key and MAC derivation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>125</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850622">2.30.8
-Client key and MAC derivation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>126</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850623"><span
-lang=DE-CH>2.31</span> Miscellaneous simple key derivation mechanisms<span
-style='color:windowtext;display:none'>. </span><span
-style='color:windowtext;display:none'>127</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850624">2.31.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>127</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850625">2.31.2
-Parameters for miscellaneous simple key derivation mechanisms<span
-style='color:windowtext;display:none'>. </span><span
-style='color:windowtext;display:none'>127</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850626">2.31.3
-Concatenation of a base key and another key<span style='color:windowtext;
-display:none'>. </span><span
-style='color:windowtext;display:none'>128</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850627">2.31.4
-Concatenation of a base key and data<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>128</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850628">2.31.5
-Concatenation of data and a base key<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>129</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850629">2.31.6
-XORing of a key and data<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>130</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850630">2.31.7
-Extraction of one key from another key<span style='color:windowtext;display:
-none'>. </span><span
-style='color:windowtext;display:none'>130</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850631"><span
-lang=DE-CH>2.32</span> CMS<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>131</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850632">2.32.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>132</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850633">2.32.2 CMS
-Signature Mechanism Objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>132</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850634">2.32.3 CMS
-mechanism parameters<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>132</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850635">2.32.4 CMS
-signatures<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>133</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850636">2.33
-Blowfish<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>134</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850637">2.33.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>135</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850638">2.33.2
-BLOWFISH secret key objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>135</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850639">2.33.3
-Blowfish key generation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>135</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850640">2.33.4 Blowfish-CBC<span
-style='color:windowtext;display:none'>. </span><span
-style='color:windowtext;display:none'>136</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850641">2.33.5
-Blowfish-CBC with PKCS padding<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>136</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850642">2.34 Twofish<span
-style='color:windowtext;display:none'>. </span><span
-style='color:windowtext;display:none'>137</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850643">2.34.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>137</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850644">2.34.2
-Twofish secret key objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>137</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850645">2.34.3
-Twofish key generation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>138</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850646">2.34.4
-Twofish -CBC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>138</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850647">2.34.5
-Twofish-CBC with PKCS padding<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>138</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850648">2.35
-CAMELLIA<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>138</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850649">2.35.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>139</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850650">2.35.2
-Camellia secret key objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>139</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850651">2.35.3
-Camellia key generation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>139</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850652">2.35.4
-Camellia-ECB<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>140</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850653">2.35.5
-Camellia-CBC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>140</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850654">2.35.6
-Camellia-CBC with PKCS padding<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>141</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850655">2.35.7
-General-length Camellia-MAC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>141</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850656">2.35.8
-Camellia-MAC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>142</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850657">2.36 Key
-derivation by data encryption - Camellia<span style='color:windowtext;
-display:none'>. </span><span
-style='color:windowtext;display:none'>142</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850658">2.36.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>142</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850659">2.36.2
-Mechanism Parameters<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>142</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850660">2.37 ARIA<span
-style='color:windowtext;display:none'>. </span><span
-style='color:windowtext;display:none'>143</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850661">2.37.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>143</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850662">2.37.2 Aria
-secret key objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>143</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850663">2.37.3 ARIA
-key generation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>144</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850664">2.37.4
-ARIA-ECB<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>144</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850665">2.37.5
-ARIA-CBC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>145</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850666">2.37.6
-ARIA-CBC with PKCS padding<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>146</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850667">2.37.7
-General-length ARIA-MAC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>146</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850668">2.37.8
-ARIA-MAC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>146</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850669">2.38 Key
-derivation by data encryption - ARIA<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>147</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850670">2.38.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>147</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850671">2.38.2
-Mechanism Parameters<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>147</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850672">2.39 SEED<span
-style='color:windowtext;display:none'>.. </span><span
-style='color:windowtext;display:none'>147</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850673">2.39.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>148</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850674">2.39.2 SEED
-secret key objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>149</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850675">2.39.3 SEED
-key generation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>149</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850676">2.39.4
-SEED-ECB<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>149</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850677">2.39.5
-SEED-CBC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>150</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850678">2.39.6
-SEED-CBC with PKCS padding<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>150</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850679">2.39.7
-General-length SEED-MAC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>150</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850680">2.39.8
-SEED-MAC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>150</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850681">2.40 Key
-derivation by data encryption - SEED<span style='color:windowtext;display:none'>.. </span><span style='color:windowtext;display:none'>150</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850682">2.40.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>150</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850683">2.40.2
-Mechanism Parameters<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>150</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850684">2.41 OTP<span
-style='color:windowtext;display:none'>. </span><span
-style='color:windowtext;display:none'>151</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850685">2.41.1 Usage
-overview<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>151</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850686">2.41.2 Case
-1: Generation of OTP values<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>151</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850687">2.41.3 Case
-2: Verification of provided OTP values<span style='color:windowtext;display:
-none'>. </span><span
-style='color:windowtext;display:none'>152</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850688">2.41.4 Case
-3: Generation of OTP keys<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>152</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850689">2.41.5 OTP
-objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>153</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850690">2.41.6
-OTP-related notifications<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>156</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850691">2.41.7 OTP
-mechanisms<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>156</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850692">2.41.8 RSA
-SecurID<span style='color:windowtext;display:none'>.. </span><span style='color:windowtext;display:none'>161</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850693">2.41.9 RSA
-SecurID key generation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>162</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850694">2.41.10 RSA
-SecurID OTP generation and validation<span style='color:windowtext;display:
-none'>. </span><span
-style='color:windowtext;display:none'>162</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850695">2.41.11
-Return values<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>162</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850696">2.41.12 OATH
-HOTP<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>162</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850697">2.41.13
-ActivIdentity ACTI<span style='color:windowtext;display:none'> </span><span style='color:windowtext;display:none'>164</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850698">2.41.14 ACTI
-OTP generation and validation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>165</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850699">2.42 CT-KIP<span
-style='color:windowtext;display:none'>. </span><span
-style='color:windowtext;display:none'>165</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850700">2.42.1
-Principles of Operation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>165</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850701">2.42.2
-Mechanisms<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>166</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850702">2.42.3
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>166</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850703">2.42.4
-CT-KIP Mechanism parameters<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>166</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850704">2.42.5
-CT-KIP key derivation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>167</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850705">2.42.6
-CT-KIP key wrap and key unwrap<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>167</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850706">2.42.7
-CT-KIP signature generation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>167</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850707">2.43 GOST<span
-style='color:windowtext;display:none'>. </span><span
-style='color:windowtext;display:none'>167</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850708">2.44 GOST
-28147-89<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>168</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850709">2.44.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>168</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850710">2.44.2 GOST
-28147-89 secret key objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>168</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850711">2.44.3 GOST
-28147-89 domain parameter objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>169</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850712">2.44.4 GOST
-28147-89 key generation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>170</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850713">2.44.5 GOST
-28147-89-ECB<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>170</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850714">2.44.6 GOST
-28147-89 encryption mode except ECB<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>171</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850715">2.44.7 GOST
-28147-89-MAC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>172</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850716">2.44.8
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>173</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850717">2.44.9 GOST
-R 34.11-94 domain parameter objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>173</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850718">2.44.10 GOST
-R 34.11-94 digest<span style='color:windowtext;display:none'> </span><span style='color:windowtext;display:none'>174</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850719">2.44.11 GOST
-R 34.11-94 HMAC<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>174</span></a></span></p>
-
-<p class=MsoToc2><span class=MsoHyperlink><a href="#_Toc441850720">2.45 GOST R
-34.10-2001<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>174</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850721">2.45.1
-Definitions<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>174</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850722">2.45.2 GOST
-R 34.10-2001 public key objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>175</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850723">2.45.3 GOST
-R 34.10-2001 private key objects<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>176</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850724">2.45.4 GOST
-R 34.10-2001 domain parameter objects<span style='color:windowtext;display:
-none'>. </span><span
-style='color:windowtext;display:none'>178</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850725">2.45.5 GOST
-R 34.10-2001 mechanism parameters<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>179</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850726">2.45.6 GOST
-R 34.10-2001 key pair generation<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>181</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850727">2.45.7 GOST
-R 34.10-2001 without hashing<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>181</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850728">2.45.8 GOST
-R 34.10-2001 with GOST R 34.11-94<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>182</span></a></span></p>
-
-<p class=MsoToc3><span class=MsoHyperlink><a href="#_Toc441850729">2.45.9 GOST
-28147-89 keys wrapping/unwrapping with GOST R 34.10-2001<span style='color:
-windowtext;display:none'>. </span><span
-style='color:windowtext;display:none'>182</span></a></span></p>
-
-<p class=MsoToc1><span class=MsoHyperlink><a href="#_Toc441850730">3<span
-style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext'>        </span>PKCS
-#11 Implementation Conformance<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>183</span></a></span></p>
-
-<p class=MsoToc1><span class=MsoHyperlink><a href="#_Toc441850731">Appendix A.<span
-style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext'>        </span>Acknowledgments<span
-style='color:windowtext;display:none'>. </span><span
-style='color:windowtext;display:none'>184</span></a></span></p>
-
-<p class=MsoToc1><span class=MsoHyperlink><a href="#_Toc441850732"><span
-lang=DE-CH>Appendix B.</span><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;
-color:windowtext'>        </span><span lang=DE-CH>Manifest Constants</span><span
-style='color:windowtext;display:none'>. </span><span
-style='color:windowtext;display:none'>187</span></a></span></p>
-
-<p class=MsoToc1><span class=MsoHyperlink><a href="#_Toc441850733">Appendix C.<span
-style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext'>        </span>Revision
-History<span style='color:windowtext;display:none'>. </span><span style='color:windowtext;display:none'>201</span></a></span></p>
-
-<p class=TextBody>&nbsp;</p>
-
-</div>
-
-<span style='font-size:10.0pt;font-family:"Arial",sans-serif'><br clear=all
-style='page-break-before:always'>
-</span>
-
-<div class=WordSection2>
-
-<div style='border:none;border-top:solid gray 1.0pt;padding:6.0pt 0in 0in 0in'>
-
-<h1><a name="_Toc441850398"></a><a name="_Toc441162320"></a><a
-name="_Toc416959961"></a><a name="_Toc437440479"></a><a name="_Toc395187715"></a><a
-name="_Toc391471077"></a><a name="_Toc370634360">1<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span>Introduction</a></h1>
-
-</div>
-
-<p class=MsoNormal>This document defines mechanisms that are anticipated to be
-used with the current version of PKCS #11.</p>
-
-<p class=MsoNormal>All text is normative unless otherwise labeled.</p>
-
-<h2><a name="_Toc441850399"></a><a name="_Toc441162321"></a><a
-name="_Toc416959962"></a><a name="_Toc437440480"></a><a name="_Toc395187716"></a><a
-name="_Toc391471078"></a><a name="_Toc370634361"></a><a name="_Toc287332007"></a><a
-name="_Toc85472893">1.1 Terminology</a></h2>
-
-<p class=MsoNormal>The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL
-NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this
-document are to be interpreted as described in [RFC2119]</p>
-
-<h2><a name="_Toc441850400"></a><a name="_Toc441162322"></a><a
-name="_Toc416959963"></a><a name="_Toc437440481"></a><a name="_Toc395187717"></a><a
-name="_Toc391471079"></a><a name="_Toc370634362"></a><a name="_Toc228894627">1.2
-Definitions</a></h2>
-
-<p class=MsoNormal>For the purposes of this standard, the following definitions
-apply. Please refer to the [PKCS#11-Base] for further definitions:</p>
-
-<p class=definition0><b>                                         AES       </b>Advanced
-Encryption Standard, as defined in FIPS PUB 197.</p>
-
-<p class=definition0><b>                               CAMELLIA       </b>The
-Camellia encryption algorithm, as defined in RFC 3713.</p>
-
-<p class=definition0><b>                               BLOWFISH       </b>The
-Blowfish Encryption Algorithm of Bruce Schneier, <a
-href="http://www.schneier.com/">www.schneier.com</a>.</p>
-
-<p class=definition0><b>                                         CBC       </b>Cipher-Block
-Chaining mode, as defined in FIPS PUB 81.</p>
-
-<p class=definition0><b>                                       CDMF       </b>Commercial
-Data Masking Facility, a block encipherment method specified by International
-Business Machines Corporation and based on DES.</p>
-
-<p class=definition0><b>                                       CMAC       </b>Cipher-based
-Message Authenticate Code as defined in [NIST sp800-38b] and [RFC 4493].</p>
-
-<p class=definition0><b>                                         CMS       </b>Cryptographic
-Message Syntax (see RFC 2630)</p>
-
-<p class=definition0><b>                                     CT-KIP       </b>Cryptographic
-Token Key Initialization Protocol (as defined in [[<b>CT-KIP</b>])</p>
-
-<p class=definition0><b>                                         DES       </b>Data
-Encryption Standard, as defined in FIPS PUB 46-3<b>.</b></p>
-
-<p class=definition0><b>                                         DSA       </b>Digital
-Signature Algorithm, as defined in FIPS PUB 186-2.</p>
-
-<p class=definition0>                                            <b>EC</b>       Elliptic
-Curve</p>
-
-<p class=definition0><b>                                         ECB</b>       Electronic
-Codebook mode, as defined in FIPS PUB 81.</p>
-
-<p class=definition0>                                       <b>ECDH</b>       Elliptic
-Curve Diffie-Hellman.</p>
-
-<p class=definition0>                                     <b>ECDSA</b>       Elliptic
-Curve DSA, as in ANSI X9.62.</p>
-
-<p class=definition0><b>                                    ECMQV       </b>Elliptic
-Curve Menezes-Qu-Vanstone</p>
-
-<p class=MsoNormal style='margin-left:170.1pt;text-indent:-170.1pt'>                        <b>GOST
-28147-89</b>        The encryption algorithm, as defined in Part 2 [GOST
-28147-89] and [RFC 4357] [RFC 4490], and RFC [4491].</p>
-
-<p class=definition0><b>                      GOST R 34.11-94       </b>Hash
-algorithm, as defined in [GOST R 34.11-94] and [RFC 4357], [RFC 4490], and [RFC
-4491].</p>
-
-<p class=definition0><b>                  GOST R 34.10-2001       </b>The
-digital signature algorithm, as defined in [GOST R 34.10-2001] and [RFC 4357],
-[RFC 4490], and [RFC 4491].</p>
-
-<p class=definition0><b>                                             IV       </b>Initialization
-Vector.</p>
-
-<p class=definition0><b>                                         MAC</b>       Message
-Authentication Code.</p>
-
-<p class=definition0><b>                                         MQV       </b>Menezes-Qu-Vanstone</p>
-
-<p class=definition0>                                       <b>OAEP</b>       Optimal
-Asymmetric Encryption Padding for RSA.</p>
-
-<p class=definition0><b>                                       PKCS</b>       Public-Key
-Cryptography Standards.</p>
-
-<p class=definition0><b>                                          PRF</b>       Pseudo
-random function.</p>
-
-<p class=definition0><b>                                          PTD       </b>Personal
-Trusted Device, as defined in MeT-PTD</p>
-
-<p class=definition0><b>                                         RSA</b>       The
-RSA public-key cryptosystem.</p>
-
-<p class=definition0>                                       <b>SHA-1</b>       The
-(revised) Secure Hash Algorithm with a 160-bit message digest, as defined in
-FIPS PUB 180-2.</p>
-
-<p class=definition0><b>                                   SHA-224</b>       The
-Secure Hash Algorithm with a 224-bit message digest, as defined in RFC 3874.
-Also defined in <span style='color:black'>FIPS PUB 180-2 with Change Notice 1.</span></p>
-
-<p class=definition0>                                   <b>SHA-256</b>       The
-Secure Hash Algorithm with a 256-bit message digest, as defined in FIPS PUB
-180-2.</p>
-
-<p class=definition0>                                   <b>SHA-384</b>       The
-Secure Hash Algorithm with a 384-bit message digest, as defined in FIPS PUB
-180-2.</p>
-
-<p class=definition0>                                   <b>SHA-512</b>       The
-Secure Hash Algorithm with a 512-bit message digest, as defined in FIPS PUB
-180-2.</p>
-
-<p class=definition0>                                          <b>SSL</b>       The
-Secure Sockets Layer 3.0 protocol.</p>
-
-<p class=definition0><b>                                           SO</b>       A
-Security Officer user.</p>
-
-<p class=definition0><b>                                          TLS</b>       Transport
-Layer Security.</p>
-
-<p class=definition0><b>                                         WIM</b>       Wireless
-Identification Module.</p>
-
-<p class=definition0><b>                                       WTLS</b>       Wireless
-Transport Layer Security.</p>
-
-<h2><a name="_Toc441850401"></a><a name="_Toc441162323"></a><a
-name="_Toc416959964"></a><a name="_Toc437440482"></a><a name="_Toc395187718"></a><a
-name="_Toc391471080"></a><a name="_Toc370634363"></a><a name="_Toc287332008"></a><a
-name="_Toc85472894"></a><a name="_Toc12011611"></a><a name="_Ref7502892">1.3 Normative</a>
-References</h2>
-
-<p class=Ref><a name=rfc2119><b>[ARIA]</b>                    National Security
-Research Institute, Korea, “Block Cipher Algorithm ARIA”, <br>
-URL: </a><a href="http://tools.ietf.org/html/rfc5794">http://tools.ietf.org/html/rfc5794</a></p>
-
-<p class=Ref><b>[BLOWFISH]</b>           B. Schneier. Description of a New
-Variable-Length Key, 64-Bit Block Cipher (Blowfish), December 1993.<br>
-<span lang=IT>URL:  </span><a
-href="https://www.schneier.com/paper-blowfish-fse.html"><span lang=IT>https://www.schneier.com/paper-blowfish-fse.html</span></a></p>
-
-<p class=Ref><b><span lang=IT>[CAMELLIA]</span></b><span lang=IT>           M.
-Matsui, J. Nakajima, S. Moriai. </span>A Description of the Camellia Encryption
-Algorithm, April 2004.<br>
-URL: <a href="http://www.ietf.org/rfc/rfc3713.txt">http://www.ietf.org/rfc/rfc3713.txt</a></p>
-
-<p class=Ref><b>[CDMF]</b>                   Johnson, D.B  The Commercial Data
-Masking Facility (CDMF) data privacy algorithm, March 1994.<br>
-URL: <a
-href="http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=5389557">http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=5389557</a></p>
-
-<p class=Ref><b>[DH]                        </b>W. Diffie, M. Hellman.  New
-Directions in Cryptography.  Nov, 1976.<br>
-URL:  <a href="http://www-ee.stanford.edu/~hellman/publications/24.pdf">http://www-ee.stanford.edu/~hellman/publications/24.pdf</a></p>
-
-<p class=Ref><b>[FIPS PUB 81]</b>        NIST.  <i>FIPS 81: DES Modes of
-Operation.  </i><span lang=SV>December 1980. </span></p>
-
-<p class=Ref style='text-indent:0in'><span lang=SV>URL:  </span><a
-href="http://csrc.nist.gov/publications/fips/fips81/fips81.htm"><span lang=SV>http://csrc.nist.gov/publications/fips/fips81/fips81.htm</span></a></p>
-
-<p class=Ref><b><span lang=SV>[FIPS PUB 186-4]    </span></b><span lang=SV>NIST. 
-FIPS 186-4:  Digital Signature Standard.  July 2013.<br>
-URL:  </span><a href="http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf"><span
-lang=SV>http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf</span></a></p>
-
-<p class=Ref><b><span lang=IT>[FIPS PUB 197]      </span></b><span lang=IT>NIST. 
-</span>FIPS 197:  Advanced Encryption Standard.  November 26, 2001.<br>
-URL:  <a href="http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf">http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf</a></p>
-
-<p class=Ref><b>[GOST]                   </b>V. Dolmatov, A. Degtyarev.  GOST
-R. 34.11-2012:  Hash Function. <span lang=DE-CH>August 2013. <br>
-URL:  </span><a href="http://tools.ietf.org/html/rfc6986"><span lang=DE-CH>http://tools.ietf.org/html/rfc6986</span></a></p>
-
-<p class=Ref><b><span lang=DE-CH>[MD2]                     </span></b><span
-lang=DE-CH>B. Kaliski.  </span>RSA Laboratories.  The MD2 Message-Digest
-Algorithm. April, 1992. <br>
-URL:  <a href="http://tools.ietf.org/html/rfc1319">http://tools.ietf.org/html/rfc1319</a></p>
-
-<p class=Ref><b>[MD5]                     </b>RSA Data Security.  R. Rivest. 
-The MD5 Message-Digest Algorithm. April, 1992. <br>
-URL:  <a href="http://tools.ietf.org/html/rfc1319">http://tools.ietf.org/html/rfc1319</a></p>
-
-<p class=Ref><b>[OAEP]                   </b>M. Bellare, P. Rogaway.  Optimal
-Asymmetric Encryption – How to Encrypt with RSA.  Nov 19, 1995.<br>
-URL:  <a href="http://cseweb.ucsd.edu/users/mihir/papers/oae.pdf">http://cseweb.ucsd.edu/users/mihir/papers/oae.pdf</a></p>
-
-<p class=MsoNormal style='margin-left:1.5in;text-indent:-1.25in'><span
-class=Refterm>[PKCS #11-Base]    </span><span class=Refterm><i><span
-style='font-weight:normal'>PKCS #11 Cryptographic Token Interface Base
-Specification Version 2.40</span></i></span><span class=Refterm><span
-style='font-weight:normal'>. Edited by Susan Gleeson and Chris Zimman. 14 April
-2015. OASIS Standard. </span></span><a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html">http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html</a><span
-class=Refterm><span style='font-weight:normal'>. Latest version: </span></span><a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html">http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html</a><span
-class=Refterm><span style='font-weight:normal'>.</span></span></p>
-
-<p class=RelatedWorkCxSpFirst style='margin-left:106.35pt;text-indent:-88.35pt'><span
-class=Refterm> [PKCS #11-Hist]    </span><span class=Refterm><i><span
-style='font-weight:normal'>PKCS #11 Cryptographic Token Interface Historical
-Mechanisms Specification Version 2.40</span></i></span><span class=Refterm><span
-style='font-weight:normal'>. Edited by Susan Gleeson and Chris Zimman. 14 April
-2015. OASIS Standard. </span></span><a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-hist/v2.40/os/pkcs11-hist-v2.40-os.html">http://docs.oasis-open.org/pkcs11/pkcs11-hist/v2.40/os/pkcs11-hist-v2.40-os.html</a><span
-class=Refterm><span style='font-weight:normal'>. Latest version: </span></span><a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-hist/v2.40/pkcs11-hist-v2.40.html">http://docs.oasis-open.org/pkcs11/pkcs11-hist/v2.40/pkcs11-hist-v2.40.html</a><span
-class=Refterm><span style='font-weight:normal'>.</span></span></p>
-
-<p class=RelatedWorkCxSpLast style='margin-left:106.35pt;text-indent:-88.35pt'><span
-class=Refterm> [PKCS #11-Prof]    </span><span class=Refterm><i><span
-style='font-weight:normal'>PKCS #11 Cryptographic Token Interface Profiles
-Version 2.40</span></i></span><span class=Refterm><span style='font-weight:
-normal'>. Edited by Tim Hudson. 14 April 2015. OASIS Standard. </span></span><a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-profiles/v2.40/os/pkcs11-profiles-v2.40-os.html">http://docs.oasis-open.org/pkcs11/pkcs11-profiles/v2.40/os/pkcs11-profiles-v2.40-os.html</a><span
-class=Refterm><span style='font-weight:normal'>. Latest version:</span> </span><a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-profiles/v2.40/pkcs11-profiles-v2.40.html">http://docs.oasis-open.org/pkcs11/pkcs11-profiles/v2.40/pkcs11-profiles-v2.40.html</a><span
-class=Refterm>.</span></p>
-
-<p class=Ref><span class=Refterm> [RFC2119]</span>              Bradner, S.,
-“Key words for use in RFCs to Indicate Requirement Levels”, BCP 14, RFC 2119,
-March 1997. <br>
-URL:  <a href="http://www.ietf.org/rfc/rfc2119.txt">http://www.ietf.org/rfc/rfc2119.txt</a>.</p>
-
-<p class=Ref><span class=Refterm>[RIPEMD]               </span><span
-class=Refterm><span style='font-weight:normal'>H. Dobbertin, A. Bosselaers, B.
-Preneel.  The hash function RIPEMD-160, Feb 13, 2012.<br>
-URL:  </span></span><a
-href="http://homes.esat.kuleuven.be/~bosselae/ripemd160.html">http://homes.esat.kuleuven.be/~bosselae/ripemd160.html</a></p>
-
-<p class=Ref><span class=Refterm>[SEED]                   </span><span
-class=Refterm><span style='font-weight:normal'>KISA.  SEED 128 Algorithm
-Specification.  Sep 2003. <br>
-URL:&nbsp;</span></span><a
-href="http://seed.kisa.or.kr/html/egovframework/iwt/ds/ko/ref/%5B2%5D_SEED+128_Specification_english_M.pdf">http://seed.kisa.or.kr/html/egovframework/iwt/ds/ko/ref/%5B2%5D_SEED+128_Specification_english_M.pdf</a></p>
-
-<p class=Ref><span class=Refterm>[SHA-1]                   </span><span
-class=Refterm><span style='font-weight:normal'>NIST.  FIPS 180-4:  Secure Hash
-Standard.  March 2012. <br>
-URL:  </span></span><a
-href="http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf">http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf</a></p>
-
-<p class=Ref><span class=Refterm>[SHA-</span><b>2]</b>                   <span
-class=Refterm><span style='font-weight:normal'>NIST.  FIPS 180-4:  Secure Hash
-Standard.  March 2012. <br>
-URL:  </span></span><a
-href="http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf">http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf</a></p>
-
-<p class=Ref><span class=Refterm>[TWOFISH]             </span><span
-class=Refterm><span style='font-weight:normal'>B. Schneier, J. Kelsey, D.
-Whiting, C. Hall, N. Ferguson. Twofish: A 128-Bit Block Cipher.  June 15, 1998.
-<br>
-URL:  </span></span><a href="https://www.schneier.com/paper-twofish-paper.pdf">https://www.schneier.com/paper-twofish-paper.pdf</a></p>
-
-<h2><a name="_Toc441850402"></a><a name="_Toc437440483"></a><a
-name="_Toc395187719"></a><a name="_Toc391471081"></a><a name="_Toc370634364"></a><a
-name="_Toc287332009"></a><a name="_Toc85472895">1.4 Non-Normative References</a></h2>
-
-<p class=Ref><b>[CAP-1.2]</b><span class=Refterm><span style='font-weight:normal'>                </span></span><i>Common
-Alerting Protocol Version 1.2</i>.  01 July 2010. OASIS Standard. <br>
-URL: <a href="http://docs.oasis-open.org/emergency/cap/v1.2/CAP-v1.2-os.html">http://docs.oasis-open.org/emergency/cap/v1.2/CAP-v1.2-os.html</a></p>
-
-<p class=Ref><a name="_Ref150833903"><b>[AES KEYWRAP]</b>    AES Key Wrap
-Specification (Draft) <br>
-URL: </a><a
-href="http://csrc.nist.gov/groups/ST/toolkit/documents/kms/key-wrap.pdf">http://csrc.nist.gov/groups/ST/toolkit/documents/kms/key-wrap.pdf</a>.</p>
-
-<p class=Ref><b>[ANSI C]</b>                 ANSI/ISO.  American National
-Standard for Programming Languages – C.  1990.</p>
-
-<p class=Ref><b>[ANSI X9.31]</b>           Accredited Standards Committee X9. 
-Digital Signatures Using Reversible Public Key Cryptography for the Financial
-Services Industry (rDSA).  1998.</p>
-
-<p class=Ref><b>[ANSI X9.42]</b>           Accredited Standards Committee X9. 
-Public Key Cryptography for the Financial Services Industry: Agreement of
-Symmetric Keys Using Discrete Logarithm Cryptography.   2003.</p>
-
-<p class=Ref><b>[ANSI X9.62]</b>           Accredited Standards Committee X9. 
-Public Key Cryptography for the Financial Services Industry: The Elliptic Curve
-Digital Signature Algorithm (ECDSA).  1998.</p>
-
-<p class=Ref><b>[ANSI X9.63]</b>           Accredited Standards Committee X9. 
-Public Key Cryptography for the Financial Services Industry: Key Agreement and
-Key Transport Using Elliptic Curve Cryptography.  <span lang=IT>2001. <br>
-URL:  </span><a href="http://webstore.ansi.org/RecordDetail.aspx?sku=X9.63-2011"><span
-lang=IT>http://webstore.ansi.org/RecordDetail.aspx?sku=X9.63-2011</span></a></p>
-
-<p class=Ref><a name="_Ref94434861"></a><a name=CTKIP><b><span lang=IT>[CT-KIP</span></b></a><b><span
-lang=IT>]</span></b><span lang=IT>                 RSA Laboratories. </span>Cryptographic
-Token Key Initialization Protocol. Version 1.0, December 2005. <br>
-URL: <a href="ftp://ftp.rsasecurity.com/pub/otps/ct-kip/ct-kip-v1-0.pdf">ftp://ftp.rsasecurity.com/pub/otps/ct-kip/ct-kip-v1-0.pdf</a>.</p>
-
-<p class=Ref><b>[CC/PP]</b>                  CCPP-STRUCT-VOCAB, G. Klyne, F.
-Reynolds, C. , H. Ohto, J. Hjelm, M. H. Butler, L. Tran, Editors, W3C
-Recommendation, 15 January 2004, <br>
-URL:  <a href="http://www.w3.org/TR/2004/REC-CCPP-struct-vocab-20040115/">http://www.w3.org/TR/2004/REC-CCPP-struct-vocab-20040115/</a><span
-class=MsoHyperlink> <br>
-</span>Latest version available at <a
-href="http://www.w3.org/TR/CCPP-struct-vocab/">http://www.w3.org/TR/CCPP-struct-vocab/</a> 
-</p>
-
-<p class=Ref><b>[NIST AES CTS]     </b>National Institute of Standards and
-Technology, Addendum to NIST Special Publication 800-38A, “Recommendation for
-Block Cipher Modes of Operation:  Three Variants of Ciphertext Stealing for CBC
-Mode” <br>
-URL: <a
-href="http://csrc.nist.gov/publications/nistpubs/800-38a/addendum-to-nist_sp800-38A.pdf">http://csrc.nist.gov/publications/nistpubs/800-38a/addendum-to-nist_sp800-38A.pdf</a></p>
-
-<p class=MsoNormal style='margin-left:1.5in;text-indent:-89.3pt'><span
-class=Refterm>[PKCS #11-UG]       </span><i>PKCS #11 Cryptographic Token
-Interface Usage Guide Version 2.40</i>. Edited by John Leiseboer and Robert
-Griffin. 16 November 2014. OASIS Committee Note 02. <a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/cn02/pkcs11-ug-v2.40-cn02.html">http://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/cn02/pkcs11-ug-v2.40-cn02.html</a>.
-Latest version: <a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/pkcs11-ug-v2.40.html">http://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/pkcs11-ug-v2.40.html</a>.
-</p>
-
-<p class=Ref><a name="_Ref148505765"></a><a name="_Ref76286058"><b> [RFC 2865]</b>            Rigney
-et al, “Remote Authentication Dial In User Service (RADIUS)”, IETF RFC2865,
-June 2000. <br>
-URL: </a><a href="http://ietf.org/rfc/rfc2865.txt">http://www.ietf.org/rfc/rfc2865.txt</a>.</p>
-
-<p class=Ref><b>[RFC 3394]</b>             J. Schaad, R. Housley, Advanced
-Encryption Standard (AES) Key Wrap Algorithm, September 2002. <br>
-URL:  <a href="http://www.ietf.org/rfc/rfc3394.txt">http://www.ietf.org/rfc/rfc3394.txt</a>.</p>
-
-<p class=Ref><a name="_Ref148505832"><b>[RFC 3686]</b>             Housley,
-“Using Advanced Encryption Standard (AES) Counter Mode With IPsec Encapsulating
-Security Payload (ESP),” IETF RFC 3686, January 2004. <br>
-URL: </a><a href="http://ietf.org/rfc/rfc3686.txt">http://www.ietf.org/rfc/rfc3686.txt</a>.</p>
-
-<p class=Ref><a name="_Ref148505996"><b>[RFC 3717]</b>             Matsui, et
-al, ”A Description of the Camellia Encryption Algorithm,” IETF RFC 3717, April
-2004. <br>
-URL: </a><a href="http://ietf.org/rfc/rfc3713.txt">http://www.ietf.org/rfc/rfc3713.txt</a>.</p>
-
-<p class=Ref><a name="_Ref194836282"><b>[RFC 3610]</b>             Whiting, D.,
-Housley, R., and N. Ferguson, “Counter with CBC-MAC (CCM)&quot;, IETF RFC 3610,
-September 2003. <br>
-URL: </a><a href="http://www.ietf.org/rfc/rfc3610.txt">http://www.ietf.org/rfc/rfc3610.txt</a></p>
-
-<p class=Ref><b>[RFC 3874]</b>             Smit et al, “A 224-bit One-way Hash
-Function: SHA-224,” IETF RFC 3874, June 2004. <br>
-URL: <a href="http://ietf.org/rfc/rfc3874.txt">http://www.ietf.org/rfc/rfc3874.txt</a>.</p>
-
-<p class=Ref><a name="_Ref76286068"><b>[RFC 3748]</b>             Aboba et al,
-“Extensible Authentication Protocol (EAP)”, IETF RFC 3748, June 2004. <br>
-URL: </a><a href="http://ietf.org/rfc/rfc3748.txt">http://www.ietf.org/rfc/rfc3748.txt</a>.</p>
-
-<p class=MsoNormal style='margin-left:1.5in;text-indent:-92.85pt'><b>[RFC 4269]</b>              South
-Korean Information Security Agency (KISA) “The SEED Encryption Algorithm”,
-December 2005. <br>
-URL:  <a href="ftp://ftp.rfc-editor.org/in-notes/rfc4269.txt">ftp://ftp.rfc-editor.org/in-notes/rfc4269.txt</a></p>
-
-<p class=Ref><b>[RFC 4309]</b>              Housley, R., “Using Advanced
-Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload
-(ESP),” IETF RFC 4309, December 2005. <br>
-URL: <a href="http://ietf.org/rfc/rfc4309.txt">http://www.ietf.org/rfc/rfc4309.txt</a></p>
-
-<p class=MsoNormal style='margin-left:1.5in;text-indent:-1.25in'><b>[RFC 4357]</b>             V.
-Popov, I. Kurepkin, S. Leontiev “Additional Cryptographic Algorithms for Use
-with GOST 28147-89, GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94
-Algorithms”, January 2006.</p>
-
-<p class=MsoNormal style='margin-left:1.5in;text-indent:-1.25in'><b><span
-lang=IT>[RFC 4490]</span></b><span lang=IT>             S. Leontiev, Ed. G.
-Chudov, Ed.  </span>“Using the GOST 28147-89, GOST R 34.11-94,GOST R 34.10-94,
-and GOST R 34.10-2001 Algorithms with Cryptographic Message Syntax (CMS)”, May
-2006.</p>
-
-<p class=MsoNormal style='margin-left:1.5in;text-indent:-92.85pt'><b>[RFC 4491]</b>              S.
-Leontiev, Ed., D. Shefanovski, Ed., “Using the GOST R 34.10-94, GOST R
-34.10-2001, and GOST R 34.11-94 Algorithms with the Internet X.509 Public Key
-Infrastructure Certificate and CRL Profile”, May 2006.</p>
-
-<p class=Ref><b><span lang=FR>[RFC 4493]</span></b><span lang=FR>             J.
-Song et al.  </span><i>RFC 4493: The AES-CMAC Algorithm.</i>  June 2006. <br>
-<span lang=EN-AU>URL: </span><a href="http://www.ietf.org/rfc/rfc4493.txt"><span
-lang=EN-AU>http://www.ietf.org/rfc/rfc4493.txt</span></a> </p>
-
-<p class=Ref><b>[SEC 1]</b>                  <span style='layout-grid-mode:
-line'>Standards for Efficient Cryptography Group (SECG).  <i>Standards for
-Efficient Cryptography (SEC) 1: Elliptic Curve Cryptography</i>.  Version 1.0,
-September 20, 2000.</span></p>
-
-<p class=Ref><b>[SEC 2]</b>                  Standards for Efficient
-Cryptography Group (SECG).  Standards for Efficient Cryptography (SEC) 2:
-Recommended Elliptic Curve Domain Parameters.  Version 1.0, September 20, 2000.</p>
-
-<p class=Ref><b>[TLS]</b>                      [RFC2246] Dierks, T. and C.
-Allen, &quot;The TLS Protocol Version 1.0&quot;, RFC 2246, January 1999.
-http://www.ietf.org/rfc/rfc2246.txt, superseded by [RFC4346] Dierks, T. and E.
-Rescorla, &quot;The Transport Layer Security (TLS) Protocol Version 1.1&quot;,
-RFC 4346, April 2006. http://www.ietf.org/rfc/rfc4346.txt, which was superseded
-by [5246] Dierks, T. and E. Rescorla, &quot;The Transport Layer Security (TLS)
-Protocol Version 1.2&quot;, RFC 5246, August 2008. <br>
-URL: <a href="http://www.ietf.org/rfc/rfc5246.txt">http://www.ietf.org/rfc/rfc5246.txt</a></p>
-
-<p class=Ref><b>[WIM]                     </b>WAP. <i>Wireless Identity Module.
-</i><i>— WAP-260-WIM-20010712-a. </i>July 2001. <br>
-URL:&nbsp;<a
-href="http://technical.openmobilealliance.org/tech/affiliates/LicenseAgreement.asp?DocName=/wap/wap-260-wim-20010712-a.pdf">http://technical.openmobilealliance.org/tech/affiliates/LicenseAgreement.asp?DocName=/wap/wap-260-wim-20010712-a.pdf</a></p>
-
-<p class=Ref><b>[WPKI]</b>                    Wireless Application Protocol:
-Public Key Infrastructure Definition<i>. </i><i>— WAP-217-WPKI-20010424-a</i>. <span
-lang=SV>April 2001. <br>
-URL:&nbsp;</span><a
-href="http://technical.openmobilealliance.org/tech/affiliates/LicenseAgreement.asp?DocName=/wap/wap-217-wpki-20010424-a.pdf">http://technical.openmobilealliance.org/tech/affiliates/LicenseAgreement.asp?DocName=/wap/wap-217-wpki-20010424-a.pdf</a></p>
-
-<p class=Ref><b>[WTLS]</b>                   WAP. <i>Wireless Transport Layer
-Security Version </i><i>— WAP-261-WTLS-20010406-a.</i> April 2001. <br>
-URL:&nbsp;<a
-href="http://technical.openmobilealliance.org/tech/affiliates/LicenseAgreement.asp?DocName=/wap/wap-261-wtls-20010406-a.pdf">http://technical.openmobilealliance.org/tech/affiliates/LicenseAgreement.asp?DocName=/wap/wap-261-wtls-20010406-a.pdf</a></p>
-
-<p class=Ref><b>[X.500]</b>                    ITU-T. <i>Information Technology
-— Open Systems Interconnection — The Directory: Overview of Concepts, Models
-and Services.</i>  February 2001. Identical to ISO/IEC 9594-1</p>
-
-<p class=Ref><b>[X.509]</b><i>                    </i>ITU-T. <i>Information
-Technology — Open Systems Interconnection — The Directory: Public-key and
-Attribute Certificate Frameworks.</i>  March 2000. Identical to ISO/IEC 9594-8</p>
-
-<p class=Ref><b>[X.680]                    </b>ITU-T. Information Technology —
-Abstract Syntax Notation One (ASN.1): Specification of Basic Notation.  July
-2002. Identical to ISO/IEC 8824-1</p>
-
-<p class=Ref><b>[X.690]</b>                    ITU-T. Information Technology —
-ASN.1 Encoding Rules: Specification of Basic Encoding Rules (BER), Canonical
-Encoding Rules (CER), and Distinguished Encoding Rules (DER).  July 2002. Identical
-to ISO/IEC 8825-1</p>
-
-<div style='border:none;border-top:solid gray 1.0pt;padding:6.0pt 0in 0in 0in'>
-
-<h1><a name="_Toc85472897"></a><a name="_Toc287332012"></a><a
-name="_Ref319997130"></a><a name="_Ref320514897"></a><a name="_Toc322855309"></a><a
-name="_Toc322945151"></a><a name="_Toc323000718"></a><a name="_Toc323024169"></a><a
-name="_Toc323205503"></a><a name="_Toc323610932"></a><a name="_Toc383864939"></a><a
-name="_Toc385057976"></a><a name="_Toc441850403"></a><a name="_Toc441162325"></a><a
-name="_Toc416959966"></a><a name="_Toc437440484"></a><a name="_Toc395187720"></a><a
-name="_Toc391471082"></a><a name="_Toc370634365"></a><a name="_Ref407099471"></a><a
-name="_Toc72656187"></a><a name="_Toc228807150"></a><a name="_Toc228894628">2<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Mechanisms</a></h1>
-
-</div>
-
-<p class=MsoNormal>A mechanism specifies precisely how a certain cryptographic
-process is to be performed.  PKCS #11 implementations MAY use one of more
-mechanisms defined in this document.</p>
-
-<p class=MsoNormal>The following table shows which Cryptoki mechanisms are
-supported by different cryptographic operations.  For any particular token, of
-course, a particular operation may well support only a subset of the mechanisms
-listed.  There is also no guarantee that a token which supports one mechanism
-for some operations supports any other mechanism for any other operation (or
-even supports that same mechanism for any other operation).  For example, even
-if a token is able to create RSA digital signatures with the <b>CKM_RSA_PKCS</b>
-mechanism, it may or may not be the case that the same token can also perform
-RSA encryption with <b>CKM_RSA_PKCS</b>.</p>
-
-<p class=MsoNormal>Each mechanism description is be preceded by a table, of the
-following format, mapping mechanisms to API functions.</p>
-
-<p class=MsoCaption>&nbsp;</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=210 valign=top style='width:157.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><span
-   style='font-size:9.0pt;font-family:"Calibri",sans-serif'>&nbsp;</span></p>
-   </td>
-   <td width=366 colspan=7 valign=top style='width:274.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>Functions</span></b></p>
-   </td>
-  </tr>
-  <tr>
-   <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:9.0pt;font-family:"Arial",sans-serif'>Mechanism</span></b></p>
-   </td>
-   <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>Encrypt</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>Decrypt</span></b></p>
-   </td>
-   <td width=54 valign=top style='width:40.5pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>Sign</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>Verify</span></b></p>
-   </td>
-   <td width=36 valign=top style='width:27.0pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:9.0pt;font-family:
-   "Arial",sans-serif'>SR</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:9.0pt;font-family:
-   "Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:9.0pt;font-family:
-   "Arial",sans-serif'>VR</span></b><sup><span lang=SV style='font-size:9.0pt;
-   font-family:"Arial",sans-serif'>1</span></sup></p>
-   </td>
-   <td width=51 valign=top style='width:38.6pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:9.0pt;font-family:
-   "Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:9.0pt;font-family:
-   "Arial",sans-serif'>Digest</span></b></p>
-   </td>
-   <td width=41 valign=top style='width:30.9pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>Gen.</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:9.0pt;font-family:"Arial",sans-serif'> Key/</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>Key</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>Pair</span></b></p>
-   </td>
-   <td width=63 valign=top style='width:47.5pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>Wrap</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>Unwrap</span></b></p>
-   </td>
-   <td width=54 valign=top style='width:40.5pt;border-top:solid black 1.0pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>Derive</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:9.0pt;font-family:"Calibri",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Calibri",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Calibri",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=36 valign=top style='width:27.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Calibri",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=51 valign=top style='width:38.6pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Calibri",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Calibri",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Calibri",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><sup>1</sup>
-<span class=MsoFootnoteReference>SR = SignRecover, VR = VerifyRecover.</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-class=MsoFootnoteReference>2 Single-part operations only.</span></p>
-
-<p class=MsoNormal><span class=MsoFootnoteReference>3 Mechanism can only be
-used for wrapping, not unwrapping.</span></p>
-
-<p class=MsoNormal><span class=MsoFootnoteReference>The remainder of this
-section will present in detail the mechanisms supported by Cryptoki and the
-parameters which are supplied to them.</span></p>
-
-<p class=MsoNormal><span class=MsoFootnoteReference>In general, if a mechanism
-makes no mention of the ulMinKeyLen and ulMaxKeyLen fields of the
-CK_MECHANISM_INFO structure, then those fields have no meaning for that
-particular mechanism.<a name="_Toc322855310"></a><a name="_Toc322945152"></a><a
-name="_Toc323000719"></a><a name="_Toc323024170"></a><a name="_Toc323205504"></a><a
-name="_Toc323610933"></a><a name="_Toc383864950"></a><a name="_Toc385057977"></a></span></p>
-
-<h2><a name="_Toc441850404"></a><a name="_Toc441162326"></a><a
-name="_Toc416959967"></a><a name="_Toc437440485"></a><a name="_Toc395187721"></a><a
-name="_Toc391471083"></a><a name="_Toc370634366"></a><a name="_Toc405794798"></a><a
-name="_Toc72656197"></a><a name="_Toc228807151"></a><a name="_Toc228894629">2.1
-RSA</a></h2>
-
-<p class=MsoNormal><a name="_Toc323204916"></a><a name="_Toc383864546"></a><a
-name="_Toc405795010"></a><a name="_Toc228807488"><i><span style='font-size:
-9.0pt'>Table </span></i></a><i><span
-style='font-size:9.0pt'>1</span></i><i><span style='font-size:9.0pt'>,
-Mechanisms vs. Functions</span></i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=216 valign=top style='width:2.25in;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'><a name="_Toc385057978"></a><a
-   name="_Toc405794799"></a><a name="_Toc72656198"></a>
-   <p class=TableSmallFont align=left style='text-align:left'><span
-   style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-   </td>
-   <td width=366 colspan=7 valign=top style='width:274.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>Functions</span></b></p>
-   </td>
-  </tr>
-  <tr>
-   <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:9.0pt;font-family:"Arial",sans-serif'>Mechanism</span></b></p>
-   </td>
-   <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>Encrypt</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>Decrypt</span></b></p>
-   </td>
-   <td width=53 valign=top style='width:39.8pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>Sign</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>Verify</span></b></p>
-   </td>
-   <td width=35 valign=top style='width:26.5pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:9.0pt;font-family:
-   "Arial",sans-serif'>SR</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:9.0pt;font-family:
-   "Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:9.0pt;font-family:
-   "Arial",sans-serif'>VR</span></b><sup><span lang=SV style='font-size:9.0pt;
-   font-family:"Arial",sans-serif'>1</span></sup></p>
-   </td>
-   <td width=56 valign=top style='width:41.7pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:9.0pt;font-family:
-   "Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:9.0pt;font-family:
-   "Arial",sans-serif'>Digest</span></b></p>
-   </td>
-   <td width=42 valign=top style='width:31.5pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>Gen.</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:9.0pt;font-family:"Arial",sans-serif'> Key/</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>Key</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>Pair</span></b></p>
-   </td>
-   <td width=60 valign=top style='width:45.0pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>Wrap</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>Unwrap</span></b></p>
-   </td>
-   <td width=54 valign=top style='width:40.5pt;border-top:solid black 1.0pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>Derive</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left'><span
-  style='font-size:9.0pt;font-family:"Arial",sans-serif'>CKM_RSA_PKCS_KEY_PAIR_GEN</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:41.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=42 valign=top style='width:31.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><span style='font-size:9.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>CKM_RSA_X9_31_KEY_PAIR_GEN</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:41.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=42 valign=top style='width:31.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span lang=SV style='font-size:9.0pt;font-family:"Arial",sans-serif'>CKM_RSA_PKCS</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:Wingdings'>ü</span><sup><span style='font-size:9.0pt;
-  font-family:"Arial",sans-serif'>2</span></sup></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:Wingdings'>ü</span><sup><span style='font-size:9.0pt;
-  font-family:"Arial",sans-serif'>2</span></sup></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=56 valign=top style='width:41.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=42 valign=top style='width:31.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span lang=SV style='font-size:9.0pt;font-family:"Arial",sans-serif'>CKM_RSA_PKCS_OAEP</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:Wingdings'>ü</span><sup><span style='font-size:9.0pt;
-  font-family:"Arial",sans-serif'>2</span></sup></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:41.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=42 valign=top style='width:31.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span lang=SV style='font-size:9.0pt;font-family:"Arial",sans-serif'>CKM_RSA_PKCS_PSS</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:Wingdings'>ü</span><sup><span style='font-size:9.0pt;
-  font-family:"Arial",sans-serif'>2</span></sup></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:41.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=42 valign=top style='width:31.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>CKM_RSA_9796</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:Wingdings'>ü</span><sup><span style='font-size:9.0pt;
-  font-family:"Arial",sans-serif'>2</span></sup></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=56 valign=top style='width:41.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=42 valign=top style='width:31.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span lang=SV style='font-size:9.0pt;font-family:"Arial",sans-serif'>CKM_RSA_X_509</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:Wingdings'>ü</span><sup><span style='font-size:9.0pt;
-  font-family:"Arial",sans-serif'>2</span></sup></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:Wingdings'>ü</span><sup><span style='font-size:9.0pt;
-  font-family:"Arial",sans-serif'>2</span></sup></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=56 valign=top style='width:41.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=42 valign=top style='width:31.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span lang=SV style='font-size:9.0pt;font-family:"Arial",sans-serif'>CKM_RSA_X9_31</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:Wingdings'>ü</span><sup><span lang=SV style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>2</span></sup></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:41.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=42 valign=top style='width:31.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>CKM_SHA1_RSA_PKCS</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:41.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=42 valign=top style='width:31.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>CKM_SHA256_RSA_PKCS</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:41.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=42 valign=top style='width:31.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>CKM_SHA384_RSA_PKCS</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:41.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=42 valign=top style='width:31.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>CKM_SHA512_RSA_PKCS</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:41.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=42 valign=top style='width:31.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>CKM_SHA1_RSA_PKCS_PSS</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:41.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=42 valign=top style='width:31.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>CKM_SHA256_RSA_PKCS_PSS</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:41.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=42 valign=top style='width:31.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>CKM_SHA384_RSA_PKCS_PSS</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:41.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=42 valign=top style='width:31.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>CKM_SHA512_RSA_PKCS_PSS</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:41.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=42 valign=top style='width:31.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:9.0pt;font-family:"Arial",sans-serif'>CKM_SHA1_RSA_X9_31</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:41.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=42 valign=top style='width:31.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span lang=SV style='font-size:9.0pt;font-family:"Arial",sans-serif'>CKM_RSA_PKCS_TPM_1_1</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:Wingdings'>ü</span><sup><span style='font-size:9.0pt;
-  font-family:"Arial",sans-serif'>2</span></sup></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:41.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=42 valign=top style='width:31.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span lang=SV style='font-size:9.0pt;font-family:"Arial",sans-serif'>CKM_RSA_PKCS_OAEP_TPM_1_1</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:Wingdings'>ü</span><sup><span style='font-size:9.0pt;
-  font-family:"Arial",sans-serif'>2</span></sup></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:41.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=42 valign=top style='width:31.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  9.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850405"></a><a name="_Toc441162327"></a><a
-name="_Toc416959968"></a><a name="_Toc437440486"></a><a name="_Toc395187722"></a><a
-name="_Toc391471084"></a><a name="_Toc370634367"></a><a name="_Toc228807152"></a><a
-name="_Toc228894630">2.1.1 Definitions</a></h3>
-
-<p class=MsoNormal>This section defines the RSA key type “CKK_RSA” for type
-CK_KEY_TYPE as used in the CKA_KEY_TYPE attribute of RSA key objects.</p>
-
-<p class=MsoNormal>Mechanisms:</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_RSA_PKCS_KEY_PAIR_GEN      </p>
-
-<p class=MsoNormal style='margin-left:.5in'><span lang=SV>CKM_RSA_PKCS                  
-</span></p>
-
-<p class=MsoNormal style='margin-left:.5in'><span lang=SV>CKM_RSA_9796                  
-</span></p>
-
-<p class=MsoNormal style='margin-left:.5in'><span lang=SV>CKM_RSA_X_509                 
-</span></p>
-
-<p class=MsoNormal style='margin-left:.5in'><span lang=SV>CKM_MD2_RSA_PKCS              
-</span></p>
-
-<p class=MsoNormal style='margin-left:.5in'><span lang=SV>CKM_MD5_RSA_PKCS              
-</span></p>
-
-<p class=MsoNormal style='margin-left:.5in'><span lang=SV>CKM_SHA1_RSA_PKCS             
-</span></p>
-
-<p class=MsoNormal style='margin-left:.5in'><span lang=SV>CKM_SHA224_RSA_PKCS       
-</span></p>
-
-<p class=MsoNormal style='margin-left:.5in'><span lang=SV>CKM_SHA256_RSA_PKCS           
-</span></p>
-
-<p class=MsoNormal style='margin-left:.5in'><span lang=SV>CKM_SHA384_RSA_PKCS           
-</span></p>
-
-<p class=MsoNormal style='margin-left:.5in'><span lang=SV>CKM_SHA512_RSA_PKCS           
-</span></p>
-
-<p class=MsoNormal style='margin-left:.5in'><span lang=SV>CKM_RIPEMD128_RSA_PKCS        
-</span></p>
-
-<p class=MsoNormal style='margin-left:.5in'><span lang=SV>CKM_RIPEMD160_RSA_PKCS        
-</span></p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_RSA_PKCS_OAEP              </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_RSA_X9_31_KEY_PAIR_GEN     </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_RSA_X9_31                  </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SHA1_RSA_X9_31             </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_RSA_PKCS_PSS               </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SHA1_RSA_PKCS_PSS          </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SHA224_RSA_PKCS_PSS        </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SHA256_RSA_PKCS_PSS        </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SHA512_RSA_PKCS_PSS        </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SHA384_RSA_PKCS_PSS</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_RSA_PKCS_TPM_1_1      </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_RSA_PKCS_OAEP_TPM_1_1 </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_RSA_AES_KEY_WRAP­­­­</p>
-
-<p class=CCode><span style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<h3><a name="_Toc441850406"></a><a name="_Toc441162328"></a><a
-name="_Toc416959969"></a><a name="_Toc437440487"></a><a name="_Toc395187723"></a><a
-name="_Toc391471085"></a><a name="_Toc370634368"></a><a name="_Toc72656199"></a><a
-name="_Toc228807153"></a><a name="_Toc228894631">2.1.2 RSA public key objects</a></h3>
-
-<p class=MsoNormal>RSA public key objects (object class <b>CKO_PUBLIC_KEY, </b>key
-type <b>CKK_RSA</b>) hold RSA public keys.  The following table defines the RSA
-public key object attributes, in addition to the common attributes defined for
-this object class:</p>
-
-<p class=MsoCaption><a name="_Toc323204884"></a><a name="_Toc383864519"></a><a
-name="_Toc405794983"></a><a name="_Toc228807489"></a><a name="_Toc319314012"></a><a
-name="_Toc319314554"></a><a name="_Toc319314969"></a><a name="_Toc319315841">Table
-</a>2, RSA Public Key Object Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=228 valign=top style='width:171.0pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Attribute</span></b></p>
-   </td>
-   <td width=102 valign=top style='width:76.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Data type</span></b></p>
-   </td>
-   <td width=246 valign=top style='width:184.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=228 valign=top style='width:171.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_MODULUS<sup>1,4</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=246 valign=top style='width:184.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>Modulus <i>n</i></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=228 valign=top style='width:171.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>CKA_MODULUS_BITS<sup>2,3</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_ULONG</span></p>
-  </td>
-  <td width=246 valign=top style='width:184.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Length in bits of modulus <i>n</i></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=228 valign=top style='width:171.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_PUBLIC_EXPONENT<sup>1</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=246 valign=top style='width:184.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Public exponent <i>e</i></span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>- <span class=MsoFootnoteReference>Refer to [PKCS
-#11-Base] table 10 for footnotes</span></sup></p>
-
-<p class=MsoNormal>Depending on the token, there may be limits on the length of
-key components. See PKCS #1 for more information on RSA keys.  </p>
-
-<p class=MsoNormal>The following is a sample template for creating an RSA
-public key object:</p>
-
-<p class=CCode>CK_OBJECT_CLASS class = CKO_PUBLIC_KEY;</p>
-
-<p class=CCode>CK_KEY_TYPE keyType = CKK_RSA;</p>
-
-<p class=CCode>CK_UTF8CHAR label[] = “An RSA public key object”;</p>
-
-<p class=CCode>CK_BYTE modulus[] = {...};</p>
-
-<p class=CCode>CK_BYTE exponent[] = {...};</p>
-
-<p class=CCode>CK_BBOOL true = CK_TRUE;</p>
-
-<p class=CCode>CK_ATTRIBUTE template[] = {</p>
-
-<p class=CCode>   {CKA_CLASS, &amp;class, sizeof(class)},</p>
-
-<p class=CCode>   {CKA_KEY_TYPE, &amp;keyType, sizeof(keyType)},</p>
-
-<p class=CCode>   {CKA_TOKEN, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>   {CKA_LABEL, label, sizeof(label)-1},</p>
-
-<p class=CCode>   {CKA_WRAP, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>   {CKA_ENCRYPT, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>   {CKA_MODULUS, modulus, sizeof(modulus)},</p>
-
-<p class=CCode>   {CKA_PUBLIC_EXPONENT, exponent, sizeof(exponent)}</p>
-
-<p class=CCode>};</p>
-
-<h3><a name="_Toc441850407"></a><a name="_Toc441162329"></a><a
-name="_Toc416959970"></a><a name="_Toc437440488"></a><a name="_Toc395187724"></a><a
-name="_Toc391471086"></a><a name="_Toc370634369"></a><a name="_Toc72656200"></a><a
-name="_Toc228807154"></a><a name="_Toc228894632">2.1.3 RSA private key objects</a></h3>
-
-<p class=MsoNormal>RSA private key objects (object class <b>CKO_PRIVATE_KEY, </b>key
-type <b>CKK_RSA</b>) hold RSA private keys.  The following table defines the
-RSA private key object attributes, in addition to the common attributes defined
-for this object class:</p>
-
-<p class=MsoCaption><a name="_Toc323204888"></a><a name="_Toc383864523"></a><a
-name="_Toc405794989"></a><a name="_Toc228807490"></a><a name="_Toc319314015"></a><a
-name="_Toc319314557"></a><a name="_Toc319314972"></a><a name="_Toc319315844"></a><a
-name="_Ref384613038">Table </a>3, RSA Private Key Object Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=246 valign=top style='width:184.5pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Attribute</span></b></p>
-   </td>
-   <td width=90 valign=top style='width:67.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Data type</span></b></p>
-   </td>
-   <td width=240 valign=top style='width:2.5in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=246 valign=top style='width:184.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_MODULUS<sup>1,4,6</sup></span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=240 valign=top style='width:2.5in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Modulus <i>n</i></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=246 valign=top style='width:184.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_PUBLIC_EXPONENT<sup>4,6</sup></span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=240 valign=top style='width:2.5in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Public exponent <i>e</i></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=246 valign=top style='width:184.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_PRIVATE_EXPONENT<sup>1,4,6,7</sup></span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=240 valign=top style='width:2.5in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Private exponent <i>d</i></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=246 valign=top style='width:184.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_PRIME_1<sup>4,6,7</sup></span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=240 valign=top style='width:2.5in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Prime <i>p</i></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=246 valign=top style='width:184.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_PRIME_2<sup>4,6,7</sup></span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=240 valign=top style='width:2.5in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Prime <i>q</i></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=246 valign=top style='width:184.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>CKA_EXPONENT_1<sup>4,6,7</sup></span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=240 valign=top style='width:2.5in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Private exponent <i>d</i> modulo <i>p</i>-1 </span></p>
-  </td>
- </tr>
- <tr>
-  <td width=246 valign=top style='width:184.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>CKA_EXPONENT_2<sup>4,6,7</sup></span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=240 valign=top style='width:2.5in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Private exponent <i>d</i> modulo <i>q</i>-1 </span></p>
-  </td>
- </tr>
- <tr>
-  <td width=246 valign=top style='width:184.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_COEFFICIENT<sup>4,6,7</sup></span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=240 valign=top style='width:2.5in;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=FR style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>CRT coefficient <i>q</i><sup>-1</sup>
-  mod <i>p</i>  </span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup><span lang=FR-CH>- <span class=MsoFootnoteReference>Refer
-to [PKCS #11-Base]  table 10 for footnotes</span></span></sup></p>
-
-<p class=MsoNormal>Depending on the token, there may be limits on the length of
-the key components.  See PKCS #1 for more information on RSA keys.</p>
-
-<p class=MsoNormal>Tokens vary in what they actually store for RSA private
-keys.  Some tokens store all of the above attributes, which can assist in
-performing rapid RSA computations.  Other tokens might store only the <b>CKA_MODULUS</b>
-and <b>CKA_PRIVATE_EXPONENT</b> values.  Effective with version 2.40, tokens
-MUST also store CKA_PUBLIC_EXPONENT.  This permits the retrieval of sufficient
-data to reconstitute the associated public key.</p>
-
-<p class=MsoNormal>Because of this, Cryptoki is flexible in dealing with RSA
-private key objects.  When a token generates an RSA private key, it stores
-whichever of the fields in Table 3 it keeps track of.  Later, if an application
-asks for the values of the key’s various attributes, Cryptoki supplies values
-only for attributes whose values it can obtain (<i>i.e.</i>, if Cryptoki is
-asked for the value of an attribute it cannot obtain, the request fails).  Note
-that a Cryptoki implementation may or may not be able and/or willing to supply
-various attributes of RSA private keys which are not actually stored on the
-token.  <i>E.g.</i>, if a particular token stores values only for the <b>CKA_PRIVATE_EXPONENT</b>,
-<b>CKA_PRIME_1</b>, and <b>CKA_PRIME_2</b> attributes, then Cryptoki is
-certainly <i>able</i> to report values for all the attributes above (since they
-can all be computed efficiently from these three values).  However, a Cryptoki
-implementation may or may not actually do this extra computation.  The only
-attributes from Table 3 for which a Cryptoki implementation is <i>required</i>
-to be able to return values are <b>CKA_MODULUS</b> and <b>CKA_PRIVATE_EXPONENT</b>.</p>
-
-<p class=MsoNormal>If an RSA private key object is created on a token, and more
-attributes from Table 3 are supplied to the object creation call than are
-supported by the token, the extra attributes are likely to be thrown away.  If
-an attempt is made to create an RSA private key object on a token with
-insufficient attributes for that particular token, then the object creation
-call fails and returns CKR_TEMPLATE_INCOMPLETE.</p>
-
-<p class=MsoNormal>Note that when generating an RSA private key, there is no <b>CKA_MODULUS_BITS</b>
-attribute specified.  This is because RSA private keys are only generated as
-part of an RSA key <i>pair</i>, and the <b>CKA_MODULUS_BITS</b> attribute for
-the pair is specified in the template for the RSA public key.</p>
-
-<p class=MsoNormal>The following is a sample template for creating an RSA
-private key object:</p>
-
-<p class=CCode>CK_OBJECT_CLASS class = CKO_PRIVATE_KEY;</p>
-
-<p class=CCode>CK_KEY_TYPE keyType = CKK_RSA;</p>
-
-<p class=CCode>CK_UTF8CHAR label[] = “An RSA private key object”;</p>
-
-<p class=CCode>CK_BYTE subject[] = {...};</p>
-
-<p class=CCode>CK_BYTE id[] = {123};</p>
-
-<p class=CCode>CK_BYTE modulus[] = {...};</p>
-
-<p class=CCode>CK_BYTE publicExponent[] = {...};</p>
-
-<p class=CCode>CK_BYTE privateExponent[] = {...};</p>
-
-<p class=CCode>CK_BYTE prime1[] = {...};</p>
-
-<p class=CCode>CK_BYTE prime2[] = {...};</p>
-
-<p class=CCode>CK_BYTE exponent1[] = {...};</p>
-
-<p class=CCode>CK_BYTE exponent2[] = {...};</p>
-
-<p class=CCode>CK_BYTE coefficient[] = {...};</p>
-
-<p class=CCode>CK_BBOOL true = CK_TRUE;</p>
-
-<p class=CCode>CK_ATTRIBUTE template[] = {</p>
-
-<p class=CCode>  {CKA_CLASS, &amp;class, sizeof(class)},</p>
-
-<p class=CCode>  {CKA_KEY_TYPE, &amp;keyType, sizeof(keyType)},</p>
-
-<p class=CCode>  {CKA_TOKEN, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_LABEL, label, sizeof(label)-1},</p>
-
-<p class=CCode>  {CKA_SUBJECT, subject, sizeof(subject)},</p>
-
-<p class=CCode>  {CKA_ID, id, sizeof(id)},</p>
-
-<p class=CCode>  {CKA_SENSITIVE, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_DECRYPT, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_SIGN, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_MODULUS, modulus, sizeof(modulus)},</p>
-
-<p class=CCode>  {CKA_PUBLIC_EXPONENT, publicExponent, sizeof(publicExponent)},</p>
-
-<p class=CCode>  {CKA_PRIVATE_EXPONENT, privateExponent,
-sizeof(privateExponent)},</p>
-
-<p class=CCode>  {CKA_PRIME_1, prime1, sizeof(prime1)},</p>
-
-<p class=CCode>  {CKA_PRIME_2, prime2, sizeof(prime2)},</p>
-
-<p class=CCode>  {CKA_EXPONENT_1, exponent1, sizeof(exponent1)},</p>
-
-<p class=CCode>  {CKA_EXPONENT_2, exponent2, sizeof(exponent2)},</p>
-
-<p class=CCode>  <span lang=FR-CH>{CKA_COEFFICIENT, coefficient,
-sizeof(coefficient)}</span></p>
-
-<p class=CCode>};</p>
-
-<h3><a name="_Toc441850408"></a><a name="_Toc441162330"></a><a
-name="_Toc416959971"></a><a name="_Toc437440489"></a><a name="_Toc395187725"></a><a
-name="_Toc391471087"></a><a name="_Toc370634370"></a><a name="_Toc72656201"></a><a
-name="_Toc228807155"></a><a name="_Toc228894633">2.1.4 PKCS #1 RSA key pair
-generation</a></h3>
-
-<p class=MsoNormal>The PKCS #1 RSA key pair generation mechanism, denoted <b>CKM_RSA_PKCS_KEY_PAIR_GEN</b>,
-is a key pair generation mechanism based on the RSA public-key cryptosystem, as
-defined in PKCS #1.</p>
-
-<p class=MsoNormal>It does not have a parameter.</p>
-
-<p class=MsoNormal>The mechanism generates RSA public/private key pairs with a
-particular modulus length in bits and public exponent, as specified in the <b>CKA_MODULUS_BITS</b>
-and <b>CKA_PUBLIC_EXPONENT</b> attributes of the template for the public key.
-The  <b>CKA_PUBLIC_EXPONENT</b>  may  be  omitted  in which case the mechanism 
-shall  supply  the  public  exponent attribute using the default value  of 
-0x10001 (65537). Specific implementations may use a random value or an
-alternative default if 0x10001 cannot be used by the token.</p>
-
-<p class=MsoNormal>Note:  Implementations  strictly  compliant  with  version 
-2.11  or prior versions  may  generate  an  error  if  this  attribute is
-omitted from the template.  Experience has shown that many implementations of
-2.11 and prior did  allow  the  <b>CKA_PUBLIC_EXPONENT</b>  attribute  to  be 
-omitted  from the template, and behaved as described above. The mechanism
-contributes the <b>CKA_CLASS</b>, <b>CKA_KEY_TYPE</b>, <b>CKA_MODULUS</b>, and <b>CKA_PUBLIC_EXPONENT
-</b>attributes to the new public key.  <b>CKA_PUBLIC_EXPONENT</b> will  be 
-copied  from  the template if supplied. <b>CKR_TEMPLATE_INCONSISTENT</b> shall 
-be  returned  if the implementation cannot use the supplied exponent value. It
-contributes the <b>CKA_CLASS</b> and <b>CKA_KEY_TYPE</b> attributes to the new
-private key; it may also contribute some of the following attributes to the new
-private key: <b>CKA_MODULUS</b>, <b>CKA_PUBLIC_EXPONENT</b>, <b>CKA_PRIVATE_EXPONENT</b>,
-<b>CKA_PRIME_1</b>, <b>CKA_PRIME_2</b>, <b>CKA_EXPONENT_1</b>, <b>CKA_EXPONENT_2</b>,
-<b>CKA_COEFFICIENT</b>.  Other attributes supported by the RSA public and
-private key types (specifically, the flags indicating which functions the keys
-support) may also be specified in the templates for the keys, or else are
-assigned default initial values.</p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-RSA modulus sizes, in bits.</p>
-
-<h3><a name="_Toc441850409"></a><a name="_Toc441162331"></a><a
-name="_Toc416959972"></a><a name="_Toc437440490"></a><a name="_Toc395187726"></a><a
-name="_Toc391471088"></a><a name="_Toc370634371"></a><a name="_Toc72656202"></a><a
-name="_Toc228807156"></a><a name="_Toc228894634">2.1.5 X9.31 RSA key pair
-generation</a></h3>
-
-<p class=MsoNormal>The X9.31 RSA key pair generation mechanism, denoted <b>CKM_RSA_X9_31_KEY_PAIR_GEN</b>,
-is a key pair generation mechanism based on the RSA public-key cryptosystem, as
-defined in X9.31.</p>
-
-<p class=MsoNormal>It does not have a parameter.</p>
-
-<p class=MsoNormal>The mechanism generates RSA public/private key pairs with a
-particular modulus length in bits and public exponent, as specified in the <b>CKA_MODULUS_BITS</b>
-and <b>CKA_PUBLIC_EXPONENT</b> attributes of the template for the public key.</p>
-
-<p class=MsoNormal>The mechanism contributes the <b>CKA_CLASS</b>, <b>CKA_KEY_TYPE</b>,
-<b>CKA_MODULUS</b>, and <b>CKA_PUBLIC_EXPONENT </b>attributes to the new public
-key.  It contributes the <b>CKA_CLASS</b> and <b>CKA_KEY_TYPE</b> attributes to
-the new private key; it may also contribute some of the following attributes to
-the new private key: <b>CKA_MODULUS</b>, <b>CKA_PUBLIC_EXPONENT</b>, <b>CKA_PRIVATE_EXPONENT</b>,
-<b>CKA_PRIME_1</b>, <b>CKA_PRIME_2</b>, <b>CKA_EXPONENT_1</b>, <b>CKA_EXPONENT_2</b>,
-<b>CKA_COEFFICIENT</b>.  Other attributes supported by the RSA public and private
-key types (specifically, the flags indicating which functions the keys support)
-may also be specified in the templates for the keys, or else are assigned
-default initial values. Unlike the <b>CKM_RSA_PKCS_KEY_PAIR_GEN</b> mechanism,
-this mechanism is guaranteed to generate <i>p</i> and <i>q</i> values, <b>CKA_PRIME_1</b>
-and <b>CKA_PRIME_2</b> respectively, that meet the strong primes requirement of
-X9.31.</p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-RSA modulus sizes, in bits.</p>
-
-<h3><a name="_Toc441850410"></a><a name="_Toc441162332"></a><a
-name="_Toc416959973"></a><a name="_Toc437440491"></a><a name="_Toc395187727"></a><a
-name="_Toc391471089"></a><a name="_Toc370634372"></a><a name="_Toc322855311"></a><a
-name="_Toc322945153"></a><a name="_Toc323000720"></a><a name="_Toc323024171"></a><a
-name="_Toc323205505"></a><a name="_Toc323610934"></a><a name="_Toc383864951"></a><a
-name="_Toc385057979"></a><a name="_Toc405794800"></a><a name="_Toc72656203"></a><a
-name="_Toc228807157"></a><a name="_Toc228894635">2.1.6 PKCS #1 v1.5 RSA</a></h3>
-
-<p class=MsoNormal>The PKCS #1 v1.5 RSA mechanism, denoted <b>CKM_RSA_PKCS</b>,
-is a multi-purpose mechanism based on the RSA public-key cryptosystem and the
-block formats initially defined in PKCS #1 v1.5.  It supports single-part
-encryption and decryption; single-part signatures and verification with and
-without message recovery; key wrapping; and key unwrapping.  This mechanism
-corresponds only to the part of PKCS #1 v1.5 that involves RSA; it does not
-compute a message digest or a DigestInfo encoding as specified for the
-md2withRSAEncryption and md5withRSAEncryption algorithms in PKCS #1 v1.5 .</p>
-
-<p class=MsoNormal>This mechanism does not have a parameter.</p>
-
-<p class=MsoNormal>This mechanism can wrap and unwrap any secret key of
-appropriate length.  Of course, a particular token may not be able to
-wrap/unwrap every appropriate-length secret key that it supports.  For
-wrapping, the “input” to the encryption operation is the value of the <b>CKA_VALUE</b>
-attribute of the key that is wrapped; similarly for unwrapping.  The mechanism
-does not wrap the key type or any other information about the key, except the
-key length; the application must convey these separately.  In particular, the
-mechanism contributes only the <b>CKA_CLASS</b> and <b>CKA_VALUE</b> (and <b>CKA_VALUE_LEN</b>,
-if the key has it) attributes to the recovered key during unwrapping; other
-attributes must be specified in the template.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of the data are
-summarized in the following table.  For encryption, decryption, signatures and
-signature verification, the input and output data may begin at the same
-location in memory.  In the table, <i>k</i> is the length in bytes of the RSA
-modulus.</p>
-
-<p class=MsoCaption><a name="_Toc323204899"></a><a name="_Toc383864548"></a><a
-name="_Toc405795011"></a><a name="_Toc228807491">Table </a>4,
-PKCS #1 v1.5 RSA: Key And Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=132 valign=top style='width:99.0pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=126 valign=top style='width:94.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=79 valign=top style='width:59.55pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=89 valign=top style='width:66.45pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Output length</span></b></p>
-   </td>
-   <td width=118 valign=top style='width:88.2pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Comments</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Encrypt<sup>1</sup></span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA public key</span></p>
-  </td>
-  <td width=79 valign=top style='width:59.55pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:Symbol'>£</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'> <i>k</i>-11</span></p>
-  </td>
-  <td width=89 valign=top style='width:66.45pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><i><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>k</span></i></p>
-  </td>
-  <td width=118 valign=top style='width:88.2pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>block type 02</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Decrypt<sup>1</sup></span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA private key</span></p>
-  </td>
-  <td width=79 valign=top style='width:59.55pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><i><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>k</span></i></p>
-  </td>
-  <td width=89 valign=top style='width:66.45pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:Symbol'>£</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'> <i>k</i>-11</span></p>
-  </td>
-  <td width=118 valign=top style='width:88.2pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>block type 02</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Sign<sup>1</sup></span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA private key</span></p>
-  </td>
-  <td width=79 valign=top style='width:59.55pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:Symbol'>£</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'> <i>k</i>-11</span></p>
-  </td>
-  <td width=89 valign=top style='width:66.45pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><i><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>k</span></i></p>
-  </td>
-  <td width=118 valign=top style='width:88.2pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>block type 01</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_SignRecover</span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA private key</span></p>
-  </td>
-  <td width=79 valign=top style='width:59.55pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:Symbol'>£</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'> <i>k</i>-11</span></p>
-  </td>
-  <td width=89 valign=top style='width:66.45pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><i><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>k</span></i></p>
-  </td>
-  <td width=118 valign=top style='width:88.2pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>block type 01</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Verify<sup>1</sup></span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA public key</span></p>
-  </td>
-  <td width=79 valign=top style='width:59.55pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:Symbol'>£</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'> <i>k</i>-11, <i>k</i><sup>2</sup></span></p>
-  </td>
-  <td width=89 valign=top style='width:66.45pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>N/A</span></p>
-  </td>
-  <td width=118 valign=top style='width:88.2pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>block type 01</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_VerifyRecover</span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA public key</span></p>
-  </td>
-  <td width=79 valign=top style='width:59.55pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><i><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>k</span></i></p>
-  </td>
-  <td width=89 valign=top style='width:66.45pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:Symbol'>£</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'> <i>k</i>-11</span></p>
-  </td>
-  <td width=118 valign=top style='width:88.2pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>block type 01</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_WrapKey</span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA public key</span></p>
-  </td>
-  <td width=79 valign=top style='width:59.55pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:Symbol'>£</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'> <i>k</i>-11</span></p>
-  </td>
-  <td width=89 valign=top style='width:66.45pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><i><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>k</span></i></p>
-  </td>
-  <td width=118 valign=top style='width:88.2pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>block type 02</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_UnwrapKey</span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA private key</span></p>
-  </td>
-  <td width=79 valign=top style='width:59.55pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><i><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>k</span></i></p>
-  </td>
-  <td width=89 valign=top style='width:66.45pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:Symbol'>£</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'> <i>k</i>-11</span></p>
-  </td>
-  <td width=118 valign=top style='width:88.2pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>block type 02</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><sup>1</sup>
-<span class=MsoFootnoteReference>Single-part operations only.</span></p>
-
-<p class=MsoNormal><span class=MsoFootnoteReference>2 Data length, signature
-length.</span></p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-RSA modulus sizes, in bits.</p>
-
-<h3><a name="_Toc323000721"></a><a name="_Toc323024172"></a><a
-name="_Toc323205506"></a><a name="_Toc323610935"></a><a name="_Toc383864952"></a><a
-name="_Toc385057980"></a><a name="_Toc405794801"></a><a name="_Toc441850411"></a><a
-name="_Toc441162333"></a><a name="_Toc416959974"></a><a name="_Toc437440492"></a><a
-name="_Toc395187728"></a><a name="_Toc391471090"></a><a name="_Toc370634373"></a><a
-name="_Toc72656204"></a><a name="_Toc228807158"></a><a name="_Toc228894636">2.1.7
-PKCS #1 RSA OAEP mechanism parameters</a></h3>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc72656205"></a><a name="_Toc228807159"><span lang=X-NONE
-style='font-family:Symbol;font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span lang=X-NONE style='font-family:"Arial",sans-serif'>CK_RSA_PKCS_MGF_TYPE;
-CK_RSA_PKCS_MGF_TYPE_PTR</span></a></p>
-
-<p class=MsoNormal><b>CK_RSA_PKCS_MGF_TYPE </b> is used to indicate the Message
-Generation Function (MGF) applied to a message block when formatting a message
-block for the PKCS #1 OAEP encryption scheme or the PKCS #1 PSS signature
-scheme. It is defined as follows:</p>
-
-<p class=CCode>typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE;</p>
-
-<p class=CCode><span style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=MsoNormal>The following MGFs are defined in PKCS #1. The following
-table lists the defined functions.</p>
-
-<p class=MsoCaption><a name="_Toc228807492">Table </a>5, PKCS #1 Mask
-Generation Functions</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <tr>
-  <td width=190 valign=top style='width:142.2pt;border-top:1.5pt;border-left:
-  1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:windowtext;
-  border-style:solid;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><b><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Source Identifier</span></b></p>
-  </td>
-  <td width=128 valign=top style='width:96.3pt;border-top:solid windowtext 1.5pt;
-  border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><b><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Value</span></b></p>
-  </td>
- </tr>
- <tr>
-  <td width=190 valign=top style='width:142.2pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.0pt;border-right:
-  solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKG_MGF1_SHA1</span></p>
-  </td>
-  <td width=128 valign=top style='width:96.3pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>0x00000001UL</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=190 valign=top style='width:142.2pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.0pt;border-right:
-  solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKG_MGF1_SHA224</span></p>
-  </td>
-  <td width=128 valign=top style='width:96.3pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>0x00000005UL</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=190 valign=top style='width:142.2pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.0pt;border-right:
-  solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKG_MGF1_SHA256</span></p>
-  </td>
-  <td width=128 valign=top style='width:96.3pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>0x00000002UL</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=190 valign=top style='width:142.2pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.0pt;border-right:
-  solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKG_MGF1_SHA384</span></p>
-  </td>
-  <td width=128 valign=top style='width:96.3pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>0x00000003UL</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=190 valign=top style='width:142.2pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.5pt;border-right:
-  solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKG_MGF1_SHA512</span></p>
-  </td>
-  <td width=128 valign=top style='width:96.3pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.5pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>0x00000004UL</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>CK_RSA_PKCS_MGF_TYPE_PTR is a pointer to a CK_RSA_PKCS_
-MGF_TYPE.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc72656206"></a><a name="_Toc228807160"><span lang=X-NONE
-style='font-family:Symbol;font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span lang=X-NONE style='font-family:"Arial",sans-serif'>CK_RSA_PKCS_OAEP_SOURCE_TYPE;
-CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR</span></a></p>
-
-<p class=MsoNormal><b>CK_RSA_PKCS_OAEP_SOURCE_TYPE </b> is used to indicate the
-source of the encoding parameter when formatting a message block for the PKCS
-#1 OAEP encryption scheme. It is defined as follows:</p>
-
-<p class=CCode>typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE;</p>
-
-<p class=CCode><span style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=MsoNormal>The following encoding parameter sources are defined in PKCS
-#1. The following table lists the defined sources along with the corresponding
-data type for the <i>pSourceData</i> field in the <b>CK_RSA_PKCS_OAEP_PARAMS</b>
-structure defined below.</p>
-
-<p class=MsoCaption><a name="_Toc228807493">Table </a>6, PKCS #1 RSA OAEP:
-Encoding parameter sources</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <tr style='page-break-inside:avoid'>
-  <td width=190 valign=top style='width:142.2pt;border-top:1.5pt;border-left:
-  1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:windowtext;
-  border-style:solid;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><b><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Source Identifier</span></b></p>
-  </td>
-  <td width=110 valign=top style='width:1.15in;border-top:solid windowtext 1.5pt;
-  border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><b><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Value</span></b></p>
-  </td>
-  <td width=283 valign=top style='width:2.95in;border-top:solid windowtext 1.5pt;
-  border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><b><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Data Type</span></b></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=190 valign=top style='width:142.2pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.5pt;border-right:
-  solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKZ_DATA_SPECIFIED</span></p>
-  </td>
-  <td width=110 valign=top style='width:1.15in;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.5pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>0x00000001UL</span></p>
-  </td>
-  <td width=283 valign=top style='width:2.95in;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.5pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Array
-  of CK_BYTE containing the value of the encoding parameter. If the parameter
-  is empty, <i>pSourceData</i> must be NULL and <i>ulSourceDataLen</i> must be
-  zero.</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR is a pointer to a
-CK_RSA_PKCS_OAEP_SOURCE_TYPE.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc72656207"></a><a name="_Toc228807161"><span lang=X-NONE
-style='font-family:Symbol;font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span lang=X-NONE style='font-family:"Arial",sans-serif'>CK_RSA_PKCS_OAEP_PARAMS;
-CK_RSA_PKCS_OAEP_PARAMS_PTR</span></a></p>
-
-<p class=MsoNormal><b>CK_RSA_PKCS_OAEP_PARAMS</b> is a structure that provides
-the parameters to the <b>CKM_RSA_PKCS_OAEP</b> mechanism.  The structure is
-defined as follows:</p>
-
-<p class=CCode>typedef struct CK_RSA_PKCS_OAEP_PARAMS {</p>
-
-<p class=CCode>   CK_MECHANISM_TYPE hashAlg;</p>
-
-<p class=CCode>   CK_RSA_PKCS_MGF_TYPE mgf;</p>
-
-<p class=CCode>   CK_RSA_PKCS_OAEP_SOURCE_TYPE source;</p>
-
-<p class=CCode>   CK_VOID_PTR pSourceData;</p>
-
-<p class=CCode>   CK_ULONG ulSourceDataLen;</p>
-
-<p class=CCode>} CK_RSA_PKCS_OAEP_PARAMS;</p>
-
-<p class=CCode><span style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=MsoNormal>The fields of the structure have the following meanings:</p>
-
-<p class=definition0>                                    hashAlg       mechanism
-ID of the message digest algorithm used to calculate the digest of the encoding
-parameter</p>
-
-<p class=definition0>                                           mgf       mask
-generation function to use on the encoded block</p>
-
-<p class=definition0>                                      source       source
-of the encoding parameter</p>
-
-<p class=definition0>                             pSourceData       data used
-as the input for the encoding parameter source</p>
-
-<p class=definition0>                       ulSourceDataLen      length of the
-encoding parameter source input</p>
-
-<p class=MsoNormal>CK_RSA_PKCS_OAEP_PARAMS_PTR is a pointer to a
-CK_RSA_PKCS_OAEP_PARAMS.</p>
-
-<h3><a name="_Toc441850412"></a><a name="_Toc441162334"></a><a
-name="_Toc416959975"></a><a name="_Toc437440493"></a><a name="_Toc395187729"></a><a
-name="_Toc391471091"></a><a name="_Toc370634374"></a><a name="_Toc72656208"></a><a
-name="_Toc228807162"></a><a name="_Toc228894637">2.1.8 PKCS #1 RSA OAEP</a></h3>
-
-<p class=MsoNormal>The PKCS #1 RSA OAEP mechanism, denoted <b>CKM_RSA_PKCS_OAEP</b>,
-is a multi-purpose mechanism based on the RSA public-key cryptosystem and the OAEP
-block format defined in PKCS #1.  It supports single-part encryption and
-decryption; key wrapping; and key unwrapping.</p>
-
-<p class=MsoNormal>It has a parameter, a <b>CK_RSA_PKCS_OAEP_PARAMS</b>
-structure.</p>
-
-<p class=MsoNormal>This mechanism can wrap and unwrap any secret key of
-appropriate length.  Of course, a particular token may not be able to
-wrap/unwrap every appropriate-length secret key that it supports.  For
-wrapping, the “input” to the encryption operation is the value of the <b>CKA_VALUE</b>
-attribute of the key that is wrapped; similarly for unwrapping.  The mechanism
-does not wrap the key type or any other information about the key, except the
-key length; the application must convey these separately.  In particular, the
-mechanism contributes only the <b>CKA_CLASS</b> and <b>CKA_VALUE</b> (and <b>CKA_VALUE_LEN</b>,
-if the key has it) attributes to the recovered key during unwrapping; other
-attributes must be specified in the template.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of the data are
-summarized in the following table.  For encryption and decryption, the input
-and output data may begin at the same location in memory.  In the table, <i>k</i>
-is the length in bytes of the RSA modulus, and <i>hLen</i> is the output length
-of the message digest algorithm specified by the <i>hashAlg</i> field of the <b>CK_RSA_PKCS_OAEP_PARAMS</b>
-structure.</p>
-
-<p class=MsoCaption><a name="_Toc228807494">Table </a>7, PKCS #1 RSA OAEP: Key
-And Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=132 valign=top style='width:99.0pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=126 valign=top style='width:94.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=96 valign=top style='width:1.0in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=96 valign=top style='width:1.0in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Output length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Encrypt<sup>1</sup></span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA public key</span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:Symbol'>£</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'> <i><span lang=SV>k</span></i><span
-  lang=SV>-2-2<i>hLen</i></span></span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><i><span
-  lang=SV style='font-size:10.0pt;font-family:"Arial",sans-serif'>k</span></i></p>
-  </td>
- </tr>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Decrypt<sup>1</sup></span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA private key</span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><i><span
-  lang=SV style='font-size:10.0pt;font-family:"Arial",sans-serif'>k</span></i></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:Symbol'>£</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'> <i><span lang=SV>k</span></i><span
-  lang=SV>-2-2<i>hLen</i></span></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_WrapKey</span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA public key</span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:Symbol'>£</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'> <i><span lang=SV>k</span></i><span
-  lang=SV>-2-2<i>hLen</i></span></span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><i><span
-  lang=SV style='font-size:10.0pt;font-family:"Arial",sans-serif'>k</span></i></p>
-  </td>
- </tr>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_UnwrapKey</span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA private key</span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><i><span
-  lang=SV style='font-size:10.0pt;font-family:"Arial",sans-serif'>k</span></i></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:Symbol'>£</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'> <i><span lang=SV>k</span></i><span
-  lang=SV>-2-2<i>hLen</i></span></span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>1</sup> <span class=MsoFootnoteReference>Single-part
-operations only.</span></p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-RSA modulus sizes, in bits.</p>
-
-<h3><a name="_Toc441850413"></a><a name="_Toc441162335"></a><a
-name="_Toc416959976"></a><a name="_Toc437440494"></a><a name="_Toc395187730"></a><a
-name="_Toc391471092"></a><a name="_Toc370634375"></a><a name="_Toc72656209"></a><a
-name="_Toc228807163"></a><a name="_Toc228894638">2.1.9 PKCS #1 RSA PSS
-mechanism parameters</a></h3>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc72656210"></a><a name="_Toc228807164"><span lang=X-NONE
-style='font-family:Symbol;font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span lang=X-NONE style='font-family:"Arial",sans-serif'>CK_RSA_PKCS_PSS_PARAMS;
-CK_RSA_PKCS_PSS_PARAMS_PTR</span></a></p>
-
-<p class=MsoNormal><b>CK_RSA_PKCS_PSS_PARAMS</b> is a structure that provides
-the parameters to the <b>CKM_RSA_PKCS_PSS</b> mechanism.  The structure is
-defined as follows:</p>
-
-<p class=CCode>typedef struct CK_RSA_PKCS_PSS_PARAMS {</p>
-
-<p class=CCode>   CK_MECHANISM_TYPE hashAlg;</p>
-
-<p class=CCode>   CK_RSA_PKCS_MGF_TYPE mgf;</p>
-
-<p class=CCode>   CK_ULONG sLen;</p>
-
-<p class=CCode>} CK_RSA_PKCS_PSS_PARAMS;</p>
-
-<p class=CCode>&nbsp;</p>
-
-<p class=MsoNormal>The fields of the structure have the following meanings:</p>
-
-<p class=definition0>                                    hashAlg       hash
-algorithm used in the PSS encoding; if the signature mechanism does not include
-message hashing, then this value must be the mechanism used by the application
-to generate the message hash; if the signature mechanism includes hashing, then
-this value must match the hash algorithm indicated by the signature mechanism</p>
-
-<p class=definition0>                                           mgf       mask
-generation function to use on the encoded block</p>
-
-<p class=definition0>                                         sLen       length,
-in bytes, of the salt value used in the PSS encoding; typical values are the
-length of the message hash and zero</p>
-
-<p class=MsoNormal>CK_RSA_PKCS_PSS_PARAMS_PTR is a pointer to a
-CK_RSA_PKCS_PSS_PARAMS.</p>
-
-<h3><a name="_Toc441850414"></a><a name="_Toc441162336"></a><a
-name="_Toc416959977"></a><a name="_Toc437440495"></a><a name="_Toc395187731"></a><a
-name="_Toc391471093"></a><a name="_Toc370634376"></a><a name="_Toc72656211"></a><a
-name="_Toc228807165"></a><a name="_Toc228894639">2.1.10 PKCS #1 RSA PSS</a></h3>
-
-<p class=MsoNormal>The PKCS #1 RSA PSS mechanism, denoted <b>CKM_RSA_PKCS_PSS</b>,
-is a mechanism based on the RSA public-key cryptosystem and the PSS block
-format defined in PKCS #1.  It supports single-part signature generation and
-verification without message recovery. This mechanism corresponds only to the
-part of PKCS #1 that involves block formatting and RSA, given a hash value; it
-does not compute a hash value on the message to be signed.</p>
-
-<p class=MsoNormal>It has a parameter, a <b>CK_RSA_PKCS_PSS_PARAMS</b>
-structure. The <i>sLen</i> field must be less than or equal to <i>k*</i>-2-<i>hLen
-</i>and <i>hLen</i> is the length of the input to the C_Sign or C_Verify
-function. <i>k*</i> is the length in bytes of the RSA modulus, except if the
-length in bits of the RSA modulus is one more than a multiple of 8, in which
-case <i>k*</i> is one less than the length in bytes of the RSA modulus.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of the data are
-summarized in the following table.  In the table, <i>k</i> is the length in
-bytes of the RSA.</p>
-
-<p class=MsoCaption><a name="_Toc228807495">Table </a>8, PKCS #1 RSA PSS: Key
-And Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=132 valign=top style='width:99.0pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=126 valign=top style='width:94.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=96 valign=top style='width:1.0in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=96 valign=top style='width:1.0in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Output length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Sign<sup>1</sup></span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA private key</span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><i><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>hLen</span></i></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><i><span
-  lang=SV style='font-size:10.0pt;font-family:"Arial",sans-serif'>k</span></i></p>
-  </td>
- </tr>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Verify<sup>1</sup></span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA public key</span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><i><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>hLen</span></i><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>, <i>k</i></span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>N/A</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><sup>1</sup>
-<span class=MsoFootnoteReference>Single-part operations only.</span></p>
-
-<p class=MsoNormal><span class=MsoFootnoteReference>2 Data length, signature
-length.</span></p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-RSA modulus sizes, in bits.</p>
-
-<h3><a name="_Toc441850415"></a><a name="_Toc441162337"></a><a
-name="_Toc416959978"></a><a name="_Toc437440496"></a><a name="_Toc395187732"></a><a
-name="_Toc391471094"></a><a name="_Toc370634377"></a><a name="_Toc72656212"></a><a
-name="_Toc228807166"></a><a name="_Toc228894640">2.1.11 ISO/IEC 9796 RSA</a></h3>
-
-<p class=MsoNormal>The ISO/IEC 9796 RSA mechanism, denoted <b>CKM_RSA_9796</b>,
-is a mechanism for single-part signatures and verification with and without
-message recovery based on the RSA public-key cryptosystem and the block formats
-defined in ISO/IEC 9796 and its annex A.</p>
-
-<p class=MsoNormal>This mechanism processes only byte strings, whereas ISO/IEC
-9796 operates on bit strings.  Accordingly, the following transformations are
-performed:</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>Data is converted between byte and bit string formats by
-interpreting the most-significant bit of the leading byte of the byte string as
-the leftmost bit of the bit string, and the least-significant bit of the
-trailing byte of the byte string as the rightmost bit of the bit string (this
-assumes the length in bits of the data is a multiple of 8).</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>A signature is converted from a bit string to a byte string by
-padding the bit string on the left with 0 to 7 zero bits so that the resulting
-length in bits is a multiple of 8, and converting the resulting bit string as
-above; it is converted from a byte string to a bit string by converting the
-byte string as above, and removing bits from the left so that the resulting
-length in bits is the same as that of the RSA modulus.</p>
-
-<p class=MsoNormal>This mechanism does not have a parameter.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of input and output
-data are summarized in the following table.  In the table, <i>k</i> is the
-length in bytes of the RSA modulus.</p>
-
-<p class=MsoCaption><a name="_Toc323204900"></a><a name="_Toc383864549"></a><a
-name="_Toc405795012"></a><a name="_Toc228807496">Table </a>9,
-ISO/IEC 9796 RSA: Key And Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=132 valign=top style='width:99.0pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=126 valign=top style='width:94.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=90 valign=top style='width:67.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=97 valign=top style='width:73.1pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Output length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Sign<sup>1</sup></span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA private key</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:Symbol'>£</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'> </span><span style='font-size:10.0pt;
-  font-family:Symbol'>ë</span><i><span style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>k</span></i><span style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>/2</span><span style='font-size:10.0pt;font-family:Symbol'>û</span></p>
-  </td>
-  <td width=97 valign=top style='width:73.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><i><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>k</span></i></p>
-  </td>
- </tr>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_SignRecover</span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA private key</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:Symbol'>£</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'> </span><span style='font-size:10.0pt;
-  font-family:Symbol'>ë</span><i><span style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>k</span></i><span style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>/2</span><span style='font-size:10.0pt;font-family:Symbol'>û</span></p>
-  </td>
-  <td width=97 valign=top style='width:73.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><i><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>k</span></i></p>
-  </td>
- </tr>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Verify<sup>1</sup></span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA public key</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:Symbol'>£</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'> </span><span style='font-size:10.0pt;
-  font-family:Symbol'>ë</span><i><span style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>k</span></i><span style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>/2</span><span style='font-size:10.0pt;font-family:Symbol'>û</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>, <i>k</i><sup>2</sup></span></p>
-  </td>
-  <td width=97 valign=top style='width:73.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>N/A</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_VerifyRecover</span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA public key</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><i><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>k</span></i></p>
-  </td>
-  <td width=97 valign=top style='width:73.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:Symbol'>£</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'> </span><span style='font-size:10.0pt;
-  font-family:Symbol'>ë</span><i><span style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>k</span></i><span style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>/2</span><span style='font-size:10.0pt;font-family:Symbol'>û</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><sup>1</sup>
-<span class=MsoFootnoteReference>Single-part operations only.</span></p>
-
-<p class=MsoNormal><span class=MsoFootnoteReference>2 Data length, signature
-length.</span></p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-RSA modulus sizes, in bits.</p>
-
-<h3><a name="_Toc441850416"></a><a name="_Toc441162338"></a><a
-name="_Toc416959979"></a><a name="_Toc437440497"></a><a name="_Toc395187733"></a><a
-name="_Toc391471095"></a><a name="_Toc370634378"></a><a name="_Toc323000722"></a><a
-name="_Toc323024173"></a><a name="_Toc323205507"></a><a name="_Toc323610936"></a><a
-name="_Toc383864953"></a><a name="_Toc385057981"></a><a name="_Toc405794802"></a><a
-name="_Toc72656213"></a><a name="_Toc228807167"></a><a name="_Toc228894641">2.1.12
-X.509 (raw) RSA</a></h3>
-
-<p class=MsoNormal>The X.509 (raw) RSA mechanism, denoted <b>CKM_RSA_X_509</b>,
-is a multi-purpose mechanism based on the RSA public-key cryptosystem. It
-supports single-part encryption and decryption; single-part signatures and
-verification with and without message recovery; key wrapping; and key
-unwrapping.  All these operations are based on so-called “raw” RSA, as assumed
-in X.509.</p>
-
-<p class=MsoNormal>“Raw” RSA as defined here encrypts a byte string by
-converting it to an integer, most-significant byte first, applying “raw” RSA
-exponentiation, and converting the result to a byte string, most-significant
-byte first.  The input string, considered as an integer, must be less than the
-modulus; the output string is also less than the modulus.</p>
-
-<p class=MsoNormal>This mechanism does not have a parameter.</p>
-
-<p class=MsoNormal>This mechanism can wrap and unwrap any secret key of
-appropriate length.  Of course, a particular token may not be able to wrap/unwrap
-every appropriate-length secret key that it supports.  For wrapping, the
-“input” to the encryption operation is the value of the <b>CKA_VALUE </b>attribute
-of the key that is wrapped; similarly for unwrapping.  The mechanism does not
-wrap the key type, key length, or any other information about the key; the
-application must convey these separately, and supply them when unwrapping the
-key.</p>
-
-<p class=MsoNormal>Unfortunately, X.509 does not specify how to perform padding
-for RSA encryption.  For this mechanism, padding should be performed by
-prepending plaintext data with 0-valued bytes.  In effect, to encrypt the
-sequence of plaintext bytes b<sub>1</sub> b<sub>2</sub> … b<sub>n</sub> (n <span
-style='font-family:Symbol'>£</span> <i>k</i>), Cryptoki forms P=2<sup>n-1</sup>b<sub>1</sub>+2<sup>n-2</sup>b<sub>2</sub>+…+b<sub>n</sub>. 
-This number must be less than the RSA modulus.  The <i>k</i>-byte ciphertext (<i>k</i>
-is the length in bytes of the RSA modulus) is produced by raising P to the RSA
-public exponent modulo the RSA modulus.  Decryption of a <i>k</i>-byte
-ciphertext C is accomplished by raising C to the RSA private exponent modulo
-the RSA modulus, and returning the resulting value as a sequence of exactly <i>k</i>
-bytes.  If the resulting plaintext is to be used to produce an unwrapped key,
-then however many bytes are specified in the template for the length of the key
-are taken <i>from the end</i> of this sequence of bytes.</p>
-
-<p class=MsoNormal>Technically, the above procedures may differ very slightly
-from certain details of what is specified in X.509.</p>
-
-<p class=MsoNormal>Executing cryptographic operations using this mechanism can
-result in the error returns CKR_DATA_INVALID (if plaintext is supplied which
-has the same length as the RSA modulus and is numerically at least as large as
-the modulus) and CKR_ENCRYPTED_DATA_INVALID (if ciphertext is supplied which
-has the same length as the RSA modulus and is numerically at least as large as
-the modulus).</p>
-
-<p class=MsoNormal>Constraints on key types and the length of input and output
-data are summarized in the following table.  In the table, <i>k</i> is the
-length in bytes of the RSA modulus.</p>
-
-<p class=MsoCaption><a name="_Toc323204901"></a><a name="_Toc383864550"></a><a
-name="_Toc405795013"></a><a name="_Toc228807497">Table </a>10,
-X.509 (Raw) RSA: Key And Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=132 valign=top style='width:99.0pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=126 valign=top style='width:94.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=66 valign=top style='width:49.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=186 valign=top style='width:139.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Output length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Encrypt<sup>1</sup></span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA public key</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:Symbol'>£</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'> <i><span lang=SV>k</span></i></span></p>
-  </td>
-  <td width=186 valign=top style='width:139.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><i><span
-  lang=SV style='font-size:10.0pt;font-family:"Arial",sans-serif'>k</span></i></p>
-  </td>
- </tr>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>C_Decrypt<sup>1</sup></span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA private key</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><i><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>k</span></i></p>
-  </td>
-  <td width=186 valign=top style='width:139.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><i><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>k</span></i></p>
-  </td>
- </tr>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Sign<sup>1</sup></span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA private key</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:Symbol'>£</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'> <i>k</i></span></p>
-  </td>
-  <td width=186 valign=top style='width:139.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><i><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>k</span></i></p>
-  </td>
- </tr>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_SignRecover</span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA private key</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:Symbol'>£</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'> <i>k</i></span></p>
-  </td>
-  <td width=186 valign=top style='width:139.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><i><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>k</span></i></p>
-  </td>
- </tr>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Verify<sup>1</sup></span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA public key</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:Symbol'>£</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'> <i>k</i>, <i>k</i><sup>2</sup></span></p>
-  </td>
-  <td width=186 valign=top style='width:139.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>N/A</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_VerifyRecover</span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA public key</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><i><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>k</span></i></p>
-  </td>
-  <td width=186 valign=top style='width:139.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><i><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>k</span></i></p>
-  </td>
- </tr>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_WrapKey</span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA public key</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:Symbol'>£</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'> <i>k</i></span></p>
-  </td>
-  <td width=186 valign=top style='width:139.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><i><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>k</span></i></p>
-  </td>
- </tr>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_UnwrapKey</span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA private key</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><i><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>k</span></i></p>
-  </td>
-  <td width=186 valign=top style='width:139.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:Symbol'>£</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'> <i>k</i> (specified in template)</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><sup>1</sup>
-<span class=MsoFootnoteReference>Single-part operations only.</span></p>
-
-<p class=MsoNormal><span class=MsoFootnoteReference>2 Data length, signature
-length.</span></p>
-
-<p class=MsoNormal><a name="_Toc322855314"></a><a name="_Toc322945156">For this
-mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i> fields of the <b>CK_MECHANISM_INFO</b>
-structure specify the supported range of RSA modulus sizes, in bits.</a></p>
-
-<p class=MsoNormal>This mechanism is intended for compatibility with
-applications that do not follow the PKCS #1 or ISO/IEC 9796 block formats.</p>
-
-<h3><a name="_Toc385057982"></a><a name="_Toc405794803"></a><a
-name="_Toc441850417"></a><a name="_Toc441162339"></a><a name="_Toc416959980"></a><a
-name="_Toc437440498"></a><a name="_Toc395187734"></a><a name="_Toc391471096"></a><a
-name="_Toc370634379"></a><a name="_Toc72656214"></a><a name="_Toc228807168"></a><a
-name="_Toc228894642">2.1.13 ANSI X9.31 RSA</a></h3>
-
-<p class=MsoNormal>The ANSI X9.31 RSA mechanism, denoted <b>CKM_RSA_X9_31</b>,
-is a mechanism for single-part signatures and verification without message
-recovery based on the RSA public-key cryptosystem and the block formats defined
-in ANSI X9.31.</p>
-
-<p class=MsoNormal>This mechanism applies the header and padding fields of the
-hash encapsulation. The trailer field must be applied by the application.</p>
-
-<p class=MsoNormal>This mechanism processes only byte strings, whereas ANSI
-X9.31 operates on bit strings.  Accordingly, the following transformations are
-performed:</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>Data is converted between byte and bit string formats by
-interpreting the most-significant bit of the leading byte of the byte string as
-the leftmost bit of the bit string, and the least-significant bit of the
-trailing byte of the byte string as the rightmost bit of the bit string (this
-assumes the length in bits of the data is a multiple of 8).</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>A signature is converted from a bit string to a byte string by
-padding the bit string on the left with 0 to 7 zero bits so that the resulting
-length in bits is a multiple of 8, and converting the resulting bit string as
-above; it is converted from a byte string to a bit string by converting the
-byte string as above, and removing bits from the left so that the resulting
-length in bits is the same as that of the RSA modulus.</p>
-
-<p class=MsoNormal>This mechanism does not have a parameter.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of input and output
-data are summarized in the following table.  In the table, <i>k</i> is the
-length in bytes of the RSA modulus. For all operations, the <i>k</i> value must
-be at least 128 and a multiple of 32 as specified in ANSI X9.31.</p>
-
-<p class=MsoCaption><a name="_Toc228807498">Table </a>11, ANSI X9.31 RSA: Key
-And Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=132 valign=top style='width:99.0pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=126 valign=top style='width:94.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=90 valign=top style='width:67.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=97 valign=top style='width:73.1pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Output length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Sign<sup>1</sup></span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA private key</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:Symbol'>£</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'> <i>k</i>-2</span></p>
-  </td>
-  <td width=97 valign=top style='width:73.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><i><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>k</span></i></p>
-  </td>
- </tr>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Verify<sup>1</sup></span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA public key</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:Symbol'>£</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'> <i>k</i>-2, <i>k</i><sup>2</sup></span></p>
-  </td>
-  <td width=97 valign=top style='width:73.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>N/A</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><sup>1</sup>
-<span class=MsoFootnoteReference>Single-part operations only.</span></p>
-
-<p class=MsoNormal><span class=MsoFootnoteReference>2 Data length, signature
-length.</span></p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-RSA modulus sizes, in bits.</p>
-
-<h3><a name="_Toc441850418"></a><a name="_Toc441162340"></a><a
-name="_Toc416959981"></a><a name="_Toc437440499"></a><a name="_Toc395187735"></a><a
-name="_Toc391471097"></a><a name="_Toc370634380"></a><a name="_Toc72656215"></a><a
-name="_Toc228807169"></a><a name="_Toc228894643">2.1.14 PKCS #1 v1.5 RSA
-signature with MD2, MD5, SHA-1</a>, SHA-256, SHA-384, SHA-512, RIPE-MD 128 or
-RIPE-MD 160</h3>
-
-<p class=MsoNormal>The PKCS #1 v1.5 RSA signature with MD2 mechanism, denoted <b>CKM_MD2_RSA_PKCS</b>,
-performs single- and multiple-part digital signatures and verification
-operations without message recovery.  The operations performed are as described
-initially in PKCS #1 v1.5 with the object identifier md2WithRSAEncryption, and
-as in the scheme RSASSA-PKCS1-v1_5 in the current version of PKCS #1, where the
-underlying hash function is MD2.</p>
-
-<p class=MsoNormal>Similarly, the PKCS #1 v1.5 RSA signature with MD5
-mechanism, denoted <b>CKM_MD5_RSA_PKCS</b>, performs the same operations
-described in PKCS #1 with the object identifier md5WithRSAEncryption.  The PKCS
-#1 v1.5 RSA signature with SHA-1 mechanism, denoted <b>CKM_SHA1_RSA_PKCS</b>,
-performs the same operations, except that it uses the hash function SHA-1 with
-object identifier sha1WithRSAEncryption. </p>
-
-<p class=MsoNormal>Likewise, the PKCS #1 v1.5 RSA signature with SHA-256,
-SHA-384, and SHA-512 mechanisms, denoted <b>CKM_SHA256_RSA_PKCS</b>, <b>CKM_SHA384_RSA_PKCS</b>,
-and <b>CKM_SHA512_RSA_PKCS</b> respectively, perform the same operations using
-the SHA-256, SHA-384 and SHA-512 hash functions with the object identifiers sha256WithRSAEncryption,
-sha384WithRSAEncryption and sha512WithRSAEncryption respectively.</p>
-
-<p class=MsoNormal>The PKCS #1 v1.5 RSA signature with RIPEMD-128 or
-RIPEMD-160, denoted <b>CKM_RIPEMD128_RSA_PKCS</b> and <b>CKM_RIPEMD160_RSA_PKCS</b>
-respectively, perform the same operations using the RIPE-MD 128 and RIPE-MD 160
-hash functions.</p>
-
-<p class=MsoNormal>None of these mechanisms has a parameter.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of the data for
-these mechanisms are summarized in the following table.  In the table, <i>k</i>
-is the length in bytes of the RSA modulus.  For the PKCS #1 v1.5 RSA signature
-with MD2 and PKCS #1 v1.5 RSA signature with MD5 mechanisms, <i>k</i> must be
-at least 27; for the PKCS #1 v1.5 RSA signature with SHA-1 mechanism, <i>k</i>
-must be at least 31, and so on for other underlying hash functions, where the
-minimum is always 11 bytes more than the length of the hash value.</p>
-
-<p class=MsoCaption><a name="_Toc405795014"></a><a name="_Toc228807499">Table </a>12, PKCS #1 v1.5 RSA Signatures with Various Hash Functions: Key And Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=114 valign=top style='width:85.5pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=128 valign=top style='width:96.25pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=95 valign=top style='width:71.3pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=106 valign=top style='width:79.35pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Output length</span></b></p>
-   </td>
-   <td width=100 valign=top style='width:75.3pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Comments</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Sign</span></p>
-  </td>
-  <td width=128 valign=top style='width:96.25pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA private key</span></p>
-  </td>
-  <td width=95 valign=top style='width:71.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=106 valign=top style='width:79.35pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><i><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>k</span></i></p>
-  </td>
-  <td width=100 valign=top style='width:75.3pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>block type 01</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Verify</span></p>
-  </td>
-  <td width=128 valign=top style='width:96.25pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA public key</span></p>
-  </td>
-  <td width=95 valign=top style='width:71.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any, <i>k</i><sup>2</sup></span></p>
-  </td>
-  <td width=106 valign=top style='width:79.35pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>N/A</span></p>
-  </td>
-  <td width=100 valign=top style='width:75.3pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>block type 01</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>2</sup> <span class=MsoFootnoteReference>Data length,
-signature length.</span></p>
-
-<p class=MsoNormal>For these mechanisms, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-RSA modulus sizes, in bits.</p>
-
-<h3><a name="_Toc323000723"></a><a name="_Toc323024174"></a><a
-name="_Toc323205508"></a><a name="_Toc323610937"></a><a name="_Toc383864954"></a><a
-name="_Toc385057983"></a><a name="_Toc405794804"></a><a name="_Toc72656216"></a><a
-name="_Toc441850419"></a><a name="_Toc441162341"></a><a name="_Toc416959982"></a><a
-name="_Toc437440500"></a><a name="_Toc395187736"></a><a name="_Toc391471098"></a><a
-name="_Toc370634381"></a><a name="_Toc151796109"></a><a name="_Toc228807170"></a><a
-name="_Toc228894644">2.1.15 PKCS #1 v1.5 RSA signature with SHA-224</a></h3>
-
-<p class=MsoNormal>The PKCS #1 v1.5 RSA signature with SHA-224 mechanism,
-denoted <b>CKM_SHA224_RSA_PKCS, </b>performs similarly as the other <b>CKM_SHA<i>X</i>_RSA_PKCS</b>
-mechanisms but uses the SHA-224 hash function.</p>
-
-<h3><a name="_Toc441850420"></a><a name="_Toc441162342"></a><a
-name="_Toc416959983"></a><a name="_Toc437440501"></a><a name="_Toc395187737"></a><a
-name="_Toc391471099"></a><a name="_Toc370634382"></a><a name="_Toc151796110"></a><a
-name="_Toc228807171"></a><a name="_Toc228894645">2.1.16 PKCS #1 RSA PSS signature
-with SHA-224</a></h3>
-
-<p class=MsoNormal>The PKCS #1 RSA PSS signature with SHA-224 mechanism,
-denoted <b>CKM_SHA224_RSA_PKCS_PSS</b>, performs similarly as the other <b>CKM_SHA<i>X</i>_RSA_PSS</b>
-mechanisms but uses the SHA-224 hash function.</p>
-
-<h3><a name="_Toc441850421"></a><a name="_Toc441162343"></a><a
-name="_Toc416959984"></a><a name="_Toc437440502"></a><a name="_Toc395187738"></a><a
-name="_Toc391471100"></a><a name="_Toc370634383"></a><a name="_Toc228807172"></a><a
-name="_Toc228894646">2.1.17 PKCS #1 RSA PSS signature with SHA-1, SHA-256,
-SHA-384 or SHA-512</a></h3>
-
-<p class=MsoNormal>The PKCS #1 RSA PSS signature with SHA-1 mechanism, denoted <b>CKM_SHA1_RSA_PKCS_PSS</b>,
-performs single- and multiple-part digital signatures and verification
-operations without message recovery.  The operations performed are as described
-in PKCS #1 with the object identifier id-RSASSA-PSS, i.e., as in the scheme
-RSASSA-PSS in PKCS #1 where the underlying hash function is SHA-1.</p>
-
-<p class=MsoNormal>The PKCS #1 RSA PSS signature with SHA-256, SHA-384, and
-SHA-512 mechanisms, denoted <b>CKM_SHA256_RSA_PKCS_PSS</b>, <b>CKM_SHA384_RSA_PKCS_PSS</b>,
-and <b>CKM_SHA512_RSA_PKCS_PSS</b> respectively, perform the same operations
-using the SHA-256, SHA-384 and SHA-512 hash functions.</p>
-
-<p class=MsoNormal>The mechanisms have a parameter, a <b>CK_RSA_PKCS_PSS_PARAMS</b>
-structure. The <i>sLen</i> field must be less than or equal to <i>k*</i>-2-<i>hLen</i>
-where <i>hLen</i> is the length in bytes of the hash value. <i>k*</i> is the
-length in bytes of the RSA modulus, except if the length in bits of the RSA
-modulus is one more than a multiple of 8, in which case <i>k*</i> is one less
-than the length in bytes of the RSA modulus.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of the data are
-summarized in the following table.  In the table, <i>k</i> is the length in
-bytes of the RSA modulus.</p>
-
-<p class=MsoCaption><a name="_Toc228807500">Table </a>13, PKCS #1 RSA PSS
-Signatures with Various Hash Functions: Key And Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=114 valign=top style='width:85.5pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=128 valign=top style='width:96.25pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=95 valign=top style='width:71.3pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=106 valign=top style='width:79.35pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Output length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Sign</span></p>
-  </td>
-  <td width=128 valign=top style='width:96.25pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA private key</span></p>
-  </td>
-  <td width=95 valign=top style='width:71.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=106 valign=top style='width:79.35pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><i><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>k</span></i></p>
-  </td>
- </tr>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Verify</span></p>
-  </td>
-  <td width=128 valign=top style='width:96.25pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA public key</span></p>
-  </td>
-  <td width=95 valign=top style='width:71.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any, <i>k</i><sup>2</sup></span></p>
-  </td>
-  <td width=106 valign=top style='width:79.35pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>N/A</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>2</sup> <span class=MsoFootnoteReference>Data length,
-signature length.</span></p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-RSA modulus sizes, in bits.</p>
-
-<h3><a name="_Toc441850422"></a><a name="_Toc441162344"></a><a
-name="_Toc416959985"></a><a name="_Toc437440503"></a><a name="_Toc395187739"></a><a
-name="_Toc391471101"></a><a name="_Toc370634384"></a><a name="_Toc72656217"></a><a
-name="_Toc228807173"></a><a name="_Toc228894647">2.1.18 ANSI X9.31 RSA
-signature with SHA-1</a></h3>
-
-<p class=MsoNormal>The ANSI X9.31 RSA signature with SHA-1 mechanism, denoted <b>CKM_SHA1_RSA_X9_31</b>,
-performs single- and multiple-part digital signatures and verification
-operations without message recovery.  The operations performed are as described
-in ANSI X9.31.</p>
-
-<p class=MsoNormal>This mechanism does not have a parameter.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of the data for
-these mechanisms are summarized in the following table.  In the table, <i>k</i>
-is the length in bytes of the RSA modulus. For all operations, the <i>k</i>
-value must be at least 128 and a multiple of 32 as specified in ANSI X9.31.</p>
-
-<p class=MsoCaption><a name="_Toc228807501">Table </a>14, ANSI X9.31 RSA
-Signatures with SHA-1: Key And Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=114 valign=top style='width:85.5pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=128 valign=top style='width:96.25pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=95 valign=top style='width:71.3pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=106 valign=top style='width:79.35pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Output length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Sign</span></p>
-  </td>
-  <td width=128 valign=top style='width:96.25pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA private key</span></p>
-  </td>
-  <td width=95 valign=top style='width:71.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=106 valign=top style='width:79.35pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><i><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>k</span></i></p>
-  </td>
- </tr>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Verify</span></p>
-  </td>
-  <td width=128 valign=top style='width:96.25pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA public key</span></p>
-  </td>
-  <td width=95 valign=top style='width:71.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any, <i>k</i><sup>2</sup></span></p>
-  </td>
-  <td width=106 valign=top style='width:79.35pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>N/A</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>2</sup> <span class=MsoFootnoteReference>Data length,
-signature length.</span></p>
-
-<p class=MsoNormal>For these mechanisms, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-RSA modulus sizes, in bits.</p>
-
-<h3><a name="_Toc72656218"></a><a name="_Toc441850423"></a><a
-name="_Toc441162345"></a><a name="_Toc416959986"></a><a name="_Toc437440504"></a><a
-name="_Toc395187740"></a><a name="_Toc391471102"></a><a name="_Toc370634385"></a><a
-name="_Toc228894648"></a><a name="_Toc228807174"></a><a name="_Toc76209442">2.1.19
-TPM 1.1b and TPM 1.2 </a><a name="_Toc76209444">PKCS #1 v1.5 RSA</a></h3>
-
-<p class=MsoNormal>The TPM 1.1b and TPM 1.2 PKCS #1 v1.5 RSA mechanism, denoted
-<b>CKM_RSA_PKCS_TPM_1_1</b>, is a multi-use mechanism based on the RSA
-public-key cryptosystem and the block formats initially defined in PKCS #1
-v1.5, with additional formatting rules defined in TCPA TPM Specification
-Version 1.1b.  Additional formatting rules remained the same in TCG TPM
-Specification 1.2  The mechanism supports single-part encryption and
-decryption; key wrapping; and key unwrapping.  </p>
-
-<p class=MsoNormal>This mechanism does not have a parameter. It differs from
-the standard PKCS#1 v1.5 RSA encryption mechanism in that the plaintext is
-wrapped in a TCPA_BOUND_DATA (TPM_BOUND_DATA for TPM 1.2) structure before
-being submitted to the PKCS#1 v1.5 encryption process. On encryption, the
-version field of the TCPA_BOUND_DATA (TPM_BOUND_DATA for TPM 1.2) structure
-must contain 0x01, 0x01, 0x00, 0x00. On decryption, any structure of the form
-0x01, 0x01, 0xXX, 0xYY may be accepted.</p>
-
-<p class=MsoNormal>This mechanism can wrap and unwrap any secret key of
-appropriate length.  Of course, a particular token may not be able to
-wrap/unwrap every appropriate-length secret key that it supports.  For
-wrapping, the “input” to the encryption operation is the value of the <b>CKA_VALUE</b>
-attribute of the key that is wrapped; similarly for unwrapping.  The mechanism
-does not wrap the key type or any other information about the key, except the
-key length; the application must convey these separately.  In particular, the
-mechanism contributes only the <b>CKA_CLASS</b> and <b>CKA_VALUE</b> (and <b>CKA_VALUE_LEN</b>,
-if the key has it) attributes to the recovered key during unwrapping; other
-attributes must be specified in the template.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of the data are
-summarized in the following table.  For encryption and decryption, the input
-and output data may begin at the same location in memory.  In the table, <i>k</i>
-is the length in bytes of the RSA modulus.</p>
-
-<p class=MsoCaption><a name="_Toc76209817"></a><a name="_Toc228807502">Table </a>15, TPM 1.1b and TPM 1.2 PKCS #1 v1.5 RSA: Key And Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=132 valign=top style='width:99.0pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=126 valign=top style='width:94.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=79 valign=top style='width:59.55pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=89 valign=top style='width:66.45pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Output length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Encrypt<sup>1</sup></span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA public key</span></p>
-  </td>
-  <td width=79 valign=top style='width:59.55pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:Symbol'>£</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'> <i>k</i>-11-5</span></p>
-  </td>
-  <td width=89 valign=top style='width:66.45pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><i><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>k</span></i></p>
-  </td>
- </tr>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Decrypt<sup>1</sup></span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA private key</span></p>
-  </td>
-  <td width=79 valign=top style='width:59.55pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><i><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>k</span></i></p>
-  </td>
-  <td width=89 valign=top style='width:66.45pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:Symbol'>£</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'> <i>k</i>-11-5</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_WrapKey</span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA public key</span></p>
-  </td>
-  <td width=79 valign=top style='width:59.55pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:Symbol'>£</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'> <i>k</i>-11-5</span></p>
-  </td>
-  <td width=89 valign=top style='width:66.45pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><i><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>k</span></i></p>
-  </td>
- </tr>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_UnwrapKey</span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA private key</span></p>
-  </td>
-  <td width=79 valign=top style='width:59.55pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><i><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>k</span></i></p>
-  </td>
-  <td width=89 valign=top style='width:66.45pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:Symbol'>£</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'> <i>k</i>-11-5</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><sup>1</sup>
-<span class=MsoFootnoteReference>Single-part operations only.</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><sup>&nbsp;</sup></p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-RSA modulus sizes, in bits.</p>
-
-<h3><a name="_Toc441850424"></a><a name="_Toc441162346"></a><a
-name="_Toc416959987"></a><a name="_Toc437440505"></a><a name="_Toc395187741"></a><a
-name="_Toc391471103"></a><a name="_Toc370634386"></a><a name="_Toc76209449"></a><a
-name="_Toc228807175"></a><a name="_Toc228894649">2.1.20 TPM 1.1b and TPM 1.2
-PKCS #1 RSA OAEP</a></h3>
-
-<p class=MsoNormal>The TPM 1.1b and TPM 1.2 PKCS #1 RSA OAEP mechanism, denoted
-<b>CKM_RSA_PKCS_OAEP_TPM_1_1</b>, is a multi-purpose mechanism based on the RSA
-public-key cryptosystem and the OAEP block format defined in PKCS #1, with
-additional formatting defined in TCPA TPM Specification Version 1.1b. 
-Additional formatting rules remained the same in TCG TPM Specification 1.2. 
-The mechanism supports single-part encryption and decryption; key wrapping; and
-key unwrapping.  </p>
-
-<p class=MsoNormal>This mechanism does not have a parameter. It differs from
-the standard PKCS#1 OAEP RSA encryption mechanism in that the plaintext is
-wrapped in a TCPA_BOUND_DATA (TPM_BOUND_DATA for TPM 1.2) structure before
-being submitted to the encryption process and that all of the values of the
-parameters that are passed to a standard CKM_RSA_PKCS_OAEP operation are fixed.
-On encryption, the version field of the TCPA_BOUND_DATA (TPM_BOUND_DATA for TPM
-1.2) structure must contain 0x01, 0x01, 0x00, 0x00. On decryption, any
-structure of the form 0x01, 0x01, 0xXX, 0xYY may be accepted.</p>
-
-<p class=MsoNormal>This mechanism can wrap and unwrap any secret key of
-appropriate length.  Of course, a particular token may not be able to
-wrap/unwrap every appropriate-length secret key that it supports.  For
-wrapping, the “input” to the encryption operation is the value of the <b>CKA_VALUE</b>
-attribute of the key that is wrapped; similarly for unwrapping.  The mechanism
-does not wrap the key type or any other information about the key, except the
-key length; the application must convey these separately.  In particular, the
-mechanism contributes only the <b>CKA_CLASS</b> and <b>CKA_VALUE</b> (and <b>CKA_VALUE_LEN</b>,
-if the key has it) attributes to the recovered key during unwrapping; other
-attributes must be specified in the template.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of the data are
-summarized in the following table.  For encryption and decryption, the input
-and output data may begin at the same location in memory.  In the table, <i>k</i>
-is the length in bytes of the RSA modulus.</p>
-
-<p class=MsoCaption><a name="_Toc76209820"></a><a name="_Toc228807503">Table </a>16, TPM 1.1b and TPM 1.2 PKCS #1 RSA OAEP: Key And Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=132 valign=top style='width:99.0pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=126 valign=top style='width:94.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=96 valign=top style='width:1.0in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=96 valign=top style='width:1.0in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Output length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Encrypt<sup>1</sup></span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA public key</span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:Symbol'>£</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'> <i><span lang=SV>k</span></i><span
-  lang=SV>-2-40-5</span></span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><i><span
-  lang=SV style='font-size:10.0pt;font-family:"Arial",sans-serif'>k</span></i></p>
-  </td>
- </tr>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Decrypt<sup>1</sup></span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA private key</span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><i><span
-  lang=SV style='font-size:10.0pt;font-family:"Arial",sans-serif'>k</span></i></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:Symbol'>£</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'> <i><span lang=SV>k</span></i><span
-  lang=SV>-2-40-5</span></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_WrapKey</span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA public key</span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:Symbol'>£</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'> <i><span lang=SV>k</span></i><span
-  lang=SV>-2-40-5</span></span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><i><span
-  lang=SV style='font-size:10.0pt;font-family:"Arial",sans-serif'>k</span></i></p>
-  </td>
- </tr>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_UnwrapKey</span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RSA private key</span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><i><span
-  lang=SV style='font-size:10.0pt;font-family:"Arial",sans-serif'>k</span></i></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:Symbol'>£</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'> <i><span lang=SV>k</span></i><span
-  lang=SV>-2-40-5</span></span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>1</sup> <span class=MsoFootnoteReference>Single-part
-operations only.</span></p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-RSA modulus sizes, in bits.</p>
-
-<h3><a name="_Toc441850425"></a><a name="_Toc441162347"></a><a
-name="_Toc416959988"></a><a name="_Toc437440506"></a><a name="_Toc395187742"></a><a
-name="_Toc391471104"></a><a name="_Toc370634387">2.1.21 RSA AES KEY WRAP</a></h3>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<p class=MsoNormal>The RSA AES key wrap mechanism, denoted <b>CKM_RSA_AES_KEY_WRAP
-</b>, is a mechanism based on the RSA public-key cryptosystem and the AES key
-wrap mechanism.&nbsp; It supports single-part key wrapping; and key unwrapping.</p>
-
-<p class=MsoNormal>It has a parameter, a&nbsp;<b>CK_RSA_AES_KEY_WRAP_PARAMS</b>
-structure. </p>
-
-<p class=MsoPlainText><span lang=X-NONE style='font-family:"Arial",sans-serif'>The
-mechanism can wrap and unwrap a target </span><span style='font-family:"Arial",sans-serif'>asymmetric
-</span><span lang=X-NONE style='font-family:"Arial",sans-serif'>key of any
-length and type using an RSA key. </span></p>
-
-<p class=MsoPlainText style='margin-left:.75in;text-indent:-.25in'><span
-lang=X-NONE>-<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span lang=X-NONE style='font-family:"Arial",sans-serif'>A
-temporary AES key is used for wrapping the target key using CKM_AES_</span><span
-style='font-family:"Arial",sans-serif'>KEY_</span><span lang=X-NONE
-style='font-family:"Arial",sans-serif'>WRAP</span><span style='font-family:
-"Arial",sans-serif'>_PAD</span><span lang=X-NONE style='font-family:"Arial",sans-serif'>
-mechanism. </span></p>
-
-<p class=MsoPlainText style='margin-left:.75in;text-indent:-.25in'><span
-lang=X-NONE>-<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span lang=X-NONE style='font-family:"Arial",sans-serif'>The
-temporary AES key is wrapped with the wrapping RSA key using CKM_RSA_PKCS_OAEP
-mechanism.</span></p>
-
-<p class=MsoPlainText><span lang=X-NONE style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=MsoPlainText><span lang=X-NONE style='font-family:"Arial",sans-serif'>For
-wrapping, the mechanism -&nbsp;
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></p>
-
-<ul style='margin-top:0in' type=disc>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Generates temporary random AES key of <i>ulAESKeyBits</i>
-     length.  This key is not accessible to the user - no handle is returned.</li>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Wraps the AES key with the wrapping RSA key
-     using <b>CKM_RSA_PKCS_OAEP</b> with parameters of <i>OAEPParams</i>.</li>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Wraps the target key with the temporary AES
-     key using <b>CKM_AES_KEY_WRAP_PAD</b> (RFC5649) .</li>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Zeroizes the temporary AES key </li>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Concatenates two wrapped keys and outputs the
-     concatenated blob.</li>
-</ul>
-
-<p class=MsoPlainText><span style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=MsoPlainText><span lang=X-NONE style='font-family:"Arial",sans-serif'>The</span><span
-lang=X-NONE style='font-family:"Arial",sans-serif'> </span><span lang=X-NONE
-style='font-family:"Arial",sans-serif'>recommended format for an asymmetric
-target key being wrapped is as a PKCS8 PrivateKeyInfo </span></p>
-
-<p class=MsoPlainText><span style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=MsoPlainText><span lang=X-NONE style='font-family:"Arial",sans-serif'>The
-use of Attributes in the PrivateKeyInfo structure  is OPTIONAL.  </span><span
-style='font-family:"Arial",sans-serif'>In case of conflicts between the </span><span
-lang=X-NONE style='font-family:"Arial",sans-serif'>object attribute template,
-and</span><span lang=X-NONE style='font-family:"Arial",sans-serif'> </span><span
-lang=X-NONE style='font-family:"Arial",sans-serif'>Attributes in the
-PrivateKeyInfo structure</span><span style='font-family:"Arial",sans-serif'>,
-an error </span><span lang=X-NONE style='font-family:"Arial",sans-serif;
-color:black'> should be thrown </span></p>
-
-<p class=MsoPlainText><span lang=X-NONE style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=MsoPlainText><span lang=X-NONE style='font-family:"Arial",sans-serif'>For
-unwrapping, the mechanism - </span></p>
-
-<ul style='margin-top:0in' type=disc>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Splits the input into two parts. The first is
-     the wrapped AES key, and the second is the wrapped target key. The length
-     of the first part is equal to the length of the unwrapping RSA key.</li>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Un-wraps the temporary AES key from the first
-     part with the private RSA key using <b>CKM_RSA_PKCS_OAEP</b> with
-     parameters of <i>OAEPParams</i>.</li>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Un-wraps the target key from the second part
-     with the temporary AES key using <b>CKM_AES_KEY_WRAP_PAD </b>(RFC5649) .</li>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Zeroizes the temporary AES key.</li>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Returns the handle to the newly unwrapped
-     target key.</li>
-</ul>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>17</span></i><i><span style='font-size:9.0pt'>, CKM_RSA_AES_KEY_WRAP
-Mechanisms vs. Functions</span></i></p>
-
-<table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0
- style='margin-left:.4pt;border-collapse:collapse'>
- <tr style='page-break-inside:avoid'>
-  <td width=234 valign=top style='width:175.5pt;border-top:black;border-left:
-  black;border-bottom:windowtext;border-right:windowtext;border-style:solid;
-  border-width:1.0pt;padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont align=left style='text-align:left;line-height:115%'><span
-  style='font-size:9.0pt;line-height:115%'>&nbsp;</span></p>
-  </td>
-  <td width=417 colspan=7 valign=top style='width:312.75pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='line-height:115%'><b><span style='font-size:
-  9.0pt;line-height:115%;font-family:"Arial",sans-serif'>Functions</span></b></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.0pt;border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont align=left style='text-align:left;line-height:115%'><b><span
-  style='font-size:9.0pt;line-height:115%;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-  <p class=TableSmallFont align=left style='text-align:left;line-height:115%'><b><span
-  style='font-size:9.0pt;line-height:115%;font-family:"Arial",sans-serif'>Mechanism</span></b></p>
-  </td>
-  <td width=54 valign=top style='width:40.75pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='line-height:115%'><b><span style='font-size:
-  9.0pt;line-height:115%;font-family:"Arial",sans-serif'>Encrypt</span></b></p>
-  <p class=TableSmallFont style='line-height:115%'><b><span style='font-size:
-  9.0pt;line-height:115%;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont style='line-height:115%'><b><span style='font-size:
-  9.0pt;line-height:115%;font-family:"Arial",sans-serif'>Decrypt</span></b></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='line-height:115%'><b><span style='font-size:
-  9.0pt;line-height:115%;font-family:"Arial",sans-serif'>Sign</span></b></p>
-  <p class=TableSmallFont style='line-height:115%'><b><span style='font-size:
-  9.0pt;line-height:115%;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont style='line-height:115%'><b><span style='font-size:
-  9.0pt;line-height:115%;font-family:"Arial",sans-serif'>Verify</span></b></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='line-height:115%'><b><span lang=SV
-  style='font-size:9.0pt;line-height:115%;font-family:"Arial",sans-serif'>SR</span></b></p>
-  <p class=TableSmallFont style='line-height:115%'><b><span lang=SV
-  style='font-size:9.0pt;line-height:115%;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont style='line-height:115%'><b><span lang=SV
-  style='font-size:9.0pt;line-height:115%;font-family:"Arial",sans-serif'>VR</span></b><span
-  lang=SV style='font-size:9.0pt;line-height:115%;font-family:"Arial",sans-serif;
-  position:relative;top:-4.0pt'>1</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='line-height:115%'><b><span lang=SV
-  style='font-size:9.0pt;line-height:115%;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-  <p class=TableSmallFont style='line-height:115%'><b><span lang=SV
-  style='font-size:9.0pt;line-height:115%;font-family:"Arial",sans-serif'>Digest</span></b></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='line-height:115%'><b><span style='font-size:
-  9.0pt;line-height:115%;font-family:"Arial",sans-serif'>Gen.</span></b></p>
-  <p class=TableSmallFont style='line-height:115%'><b><span style='font-size:
-  9.0pt;line-height:115%;font-family:"Arial",sans-serif'>Key/</span></b></p>
-  <p class=TableSmallFont style='line-height:115%'><b><span style='font-size:
-  9.0pt;line-height:115%;font-family:"Arial",sans-serif'>Key</span></b></p>
-  <p class=TableSmallFont style='line-height:115%'><b><span style='font-size:
-  9.0pt;line-height:115%;font-family:"Arial",sans-serif'>Pair</span></b></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='line-height:115%'><b><span style='font-size:
-  9.0pt;line-height:115%;font-family:"Arial",sans-serif'>Wrap</span></b></p>
-  <p class=TableSmallFont style='line-height:115%'><b><span style='font-size:
-  9.0pt;line-height:115%;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont style='line-height:115%'><b><span style='font-size:
-  9.0pt;line-height:115%;font-family:"Arial",sans-serif'>Unwrap</span></b></p>
-  </td>
-  <td width=134 valign=top style='width:100.3pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='line-height:115%'><b><span style='font-size:
-  9.0pt;line-height:115%;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-  <p class=TableSmallFont style='line-height:115%'><b><span style='font-size:
-  9.0pt;line-height:115%;font-family:"Arial",sans-serif'>Derive</span></b></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.0pt;border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont align=left style='text-align:left;line-height:115%;
-  page-break-after:auto'><span style='font-size:10.0pt;line-height:115%;
-  font-family:"Arial",sans-serif'> CKM_RSA_AES_KEY_WRAP</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.75pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='line-height:115%;page-break-after:auto'><span
-  style='font-size:9.0pt;line-height:115%;font-family:Wingdings'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='line-height:115%;page-break-after:auto'><span
-  style='font-size:9.0pt;line-height:115%'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='line-height:115%;page-break-after:auto'><span
-  style='font-size:9.0pt;line-height:115%'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='line-height:115%;page-break-after:auto'><span
-  style='font-size:9.0pt;line-height:115%;font-family:Wingdings'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='line-height:115%;page-break-after:auto'><span
-  style='font-size:9.0pt;line-height:115%'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='line-height:115%;page-break-after:auto'><span
-  style='font-size:9.0pt;line-height:115%;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=134 valign=top style='width:100.3pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='line-height:115%;page-break-after:auto'><span
-  style='font-size:9.0pt;line-height:115%'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=651 colspan=8 valign=top style='width:488.25pt;border:solid black 1.0pt;
-  border-top:none;padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont align=left style='text-align:left;line-height:115%;
-  page-break-after:auto'><span style='font-size:9.0pt;line-height:115%;
-  font-family:"Arial",sans-serif;position:relative;top:-4.0pt'>1</span><span
-  style='font-size:9.0pt;line-height:115%;font-family:"Arial",sans-serif'>SR =
-  SignRecover, VR = VerifyRecover</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850426"></a><a name="_Toc441162348"></a><a
-name="_Toc416959989"></a><a name="_Toc437440507"></a><a name="_Toc395187743"></a><a
-name="_Toc391471105"></a><a name="_Toc370634388">2.1.22 RSA AES KEY WRAP
-mechanism parameters</a></h3>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><span lang=X-NONE
-style='font-size:10.0pt;font-family:Symbol;font-weight:normal'>¨<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><span
-lang=X-NONE style='font-size:10.0pt;font-family:"Arial",sans-serif'>CK_RSA_AES_KEY_WRAP_PARAMS;
-CK_RSA_AES_KEY_WRAP_PARAMS_PTR</span></p>
-
-<p class=MsoNormal><b>CK_RSA_AES_KEY_WRAP_PARAMS</b> is a structure that
-provides the parameters to the <b>CKM_RSA_AES_KEY_WRAP</b> mechanism.&nbsp; It
-is defined as follows:</p>
-
-<p class=CCode style='margin-left:0in;text-indent:0in'><span style='font-family:
-"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=CCode style='margin-left:0in;text-indent:0in'><span style='font-family:
-"Arial",sans-serif'>typedef struct CK_RSA_AES_KEY_WRAP_PARAMS {</span></p>
-
-<p class=CCode><span style='font-family:"Arial",sans-serif'>&nbsp; </span><span
-lang=SV style='font-family:"Arial",sans-serif'>CK_ULONG&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-ulAESKeyBits;</span></p>
-
-<p class=CCode><span lang=SV style='font-family:"Arial",sans-serif'>&nbsp; </span><span
-style='font-family:"Arial",sans-serif'>CK_RSA_PKCS_OAEP_PARAMS_PTR</span><span
-lang=SV style='font-family:"Arial",sans-serif'>&nbsp;&nbsp;&nbsp;&nbsp;
-pOAEPParams;</span></p>
-
-<p class=CCode><span style='font-family:"Arial",sans-serif'>}
-CK_RSA_AES_KEY_WRAP_PARAMS;</span></p>
-
-<p class=MsoNormal style='margin-top:12.0pt'>The fields of the structure have
-the following meanings:</p>
-
-<p class=definition0><span style='font-style:normal'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-ulAESKeyBits&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>length of the temporary
-AES key in bits. Can be only 128, 192 or 256.</p>
-
-<p class=definition0><span style='font-style:normal'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-pOAEPParams&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span>pointer to the<span
-style='font-style:normal'> </span>parameters of the temporary AES key wrapping.
-See also the description of PKCS #1 RSA OAEP mechanism parameters.</p>
-
-<p class=MsoNormal><b>CK_RSA_AES_KEY_WRAP_PARAMS_PTR</b>  is a pointer to a <b>CK_RSA_AES_KEY_WRAP_PARAMS</b>.</p>
-
-<h3><a name="_Toc441850427"></a><a name="_Toc441162349"></a><a
-name="_Toc416959990"></a><a name="_Toc437440508"></a><a name="_Toc395187744"></a><a
-name="_Toc391471106"></a><a name="_Toc370634389">2.1.23 FIPS 186-4</a></h3>
-
-<p class=MsoNormal>When CKM_RSA_PKCS is operated in FIPS mode, the length of
-the modulus SHALL only be 1024, 2048, or 3072 bits. </p>
-
-<h2><a name="_Toc441850428"></a><a name="_Toc441162350"></a><a
-name="_Toc416959991"></a><a name="_Toc437440509"></a><a name="_Toc395187745"></a><a
-name="_Toc391471107"></a><a name="_Toc370634390"><span lang=DE-CH>2.2 </span>DS</a><span
-lang=DE-CH>A</span></h2>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>18</span></i><i><span style='font-size:9.0pt'>, DSA Mechanisms
-vs. Functions</span></i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0 width=678
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr style='height:15.15pt'>
-   <td width=210 valign=top style='width:157.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt;height:15.15pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-   </td>
-   <td width=468 colspan=7 valign=top style='width:351.0pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt;height:15.15pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Functions</span></b></p>
-   </td>
-  </tr>
-  <tr>
-   <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Mechanism</span></b></p>
-   </td>
-   <td width=78 valign=top style='width:58.5pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Encrypt</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Decrypt</span></b></p>
-   </td>
-   <td width=47 valign=top style='width:35.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Sign</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Verify</span></b></p>
-   </td>
-   <td width=49 valign=top style='width:36.7pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>SR</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>VR</span></b><sup><span lang=SV style='font-size:10.0pt;
-   font-family:"Arial",sans-serif'>1</span></sup></p>
-   </td>
-   <td width=60 valign=top style='width:45.0pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>Digest</span></b></p>
-   </td>
-   <td width=54 valign=top style='width:40.5pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Gen.</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> Key/</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Pair</span></b></p>
-   </td>
-   <td width=66 valign=top style='width:49.5pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Wrap</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Unwrap</span></b></p>
-   </td>
-   <td width=114 valign=top style='width:85.5pt;border-top:solid black 1.0pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Derive</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><a name="_Toc385057984"></a><a name="_Toc405794805"></a><a
-  name="_Toc319287659"></a><a name="_Toc319313500"></a><a name="_Toc319313693"></a><a
-  name="_Toc319315686"></a><a name="_Toc322855284"></a><a name="_Toc322945126"></a><a
-  name="_Toc323000693"></a><a name="_Toc323024087"></a><a name="_Toc323205419"></a><a
-  name="_Toc323610849"></a><a name="_Toc383864856"></a><a name="_Toc385057857"></a><a
-  name="_Toc405794676"></a><a name="_Toc72656219"><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKM_DSA_KEY_PAIR_GEN</span></a></p>
-  </td>
-  <td width=78 valign=top style='width:58.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:36.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span lang=SV style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_DSA_PARAMETER_GEN</span></p>
-  </td>
-  <td width=78 valign=top style='width:58.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:36.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span lang=SV style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_DSA_<span
-  class=msoDel><del cite="mailto:TCA" datetime="2016-01-20T14:55">PROBABALISTIC</del></span><span
-  class=msoIns><ins cite="mailto:TCA" datetime="2016-01-20T14:55">PROBAALISTIC</ins></span>_PARAMETER_GEN</span></p>
-  </td>
-  <td width=78 valign=top style='width:58.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:36.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span lang=SV style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN</span></p>
-  </td>
-  <td width=78 valign=top style='width:58.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:36.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span lang=SV style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_DSA_FIPS_G_GEN</span></p>
-  </td>
-  <td width=78 valign=top style='width:58.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:36.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span lang=SV style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_DSA</span></p>
-  </td>
-  <td width=78 valign=top style='width:58.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span><sup><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>2</span></sup></p>
-  </td>
-  <td width=49 valign=top style='width:36.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span lang=SV style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_DSA_SHA1</span></p>
-  </td>
-  <td width=78 valign=top style='width:58.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=49 valign=top style='width:36.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span lang=SV style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_DSA_SHA224</span></p>
-  </td>
-  <td width=78 valign=top style='width:58.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=49 valign=top style='width:36.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span lang=SV style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_DSA_SHA256</span></p>
-  </td>
-  <td width=78 valign=top style='width:58.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=49 valign=top style='width:36.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span lang=SV style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_DSA_SHA384</span></p>
-  </td>
-  <td width=78 valign=top style='width:58.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=49 valign=top style='width:36.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span lang=SV style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_DSA_SHA512</span></p>
-  </td>
-  <td width=78 valign=top style='width:58.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=49 valign=top style='width:36.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850429"></a><a name="_Toc441162351"></a><a
-name="_Toc416959992"></a><a name="_Toc437440510"></a><a name="_Toc395187746"></a><a
-name="_Toc391471108"></a><a name="_Toc370634391"></a><a name="_Toc228807177"></a><a
-name="_Toc228894651">2.2.1 Definitions</a></h3>
-
-<p class=MsoNormal>This section defines the key type “CKK_DSA” for type
-CK_KEY_TYPE as used in the CKA_KEY_TYPE attribute of DSA key objects.</p>
-
-<p class=MsoNormal>Mechanisms:</p>
-
-<p class=CCode style='page-break-after:avoid'><a name="_Toc72656220"></a><a
-name="_Toc228807178"></a><a name="_Toc228894652"><span style='font-family:"Arial",sans-serif'>CKM_DSA_KEY_PAIR_GEN</span></a></p>
-
-<p class=CCode style='page-break-after:avoid'><span lang=SV style='font-family:
-"Arial",sans-serif'>CKM_DSA</span></p>
-
-<p class=CCode style='page-break-after:avoid'><span lang=SV style='font-family:
-"Arial",sans-serif'>CKM_DSA_SHA1</span></p>
-
-<p class=CCode><span lang=SV style='font-family:"Arial",sans-serif'>CKM_DSA_SHA224</span></p>
-
-<p class=CCode><span lang=SV style='font-family:"Arial",sans-serif'>CKM_DSA_SHA256</span></p>
-
-<p class=CCode><span lang=SV style='font-family:"Arial",sans-serif'>CKM_DSA_SHA384</span></p>
-
-<p class=CCode><span lang=SV style='font-family:"Arial",sans-serif'>CKM_DSA_SHA512
-</span></p>
-
-<p class=CCode style='page-break-after:avoid'><span lang=SV style='font-family:
-"Arial",sans-serif'>CKM_DSA_PARAMETER_GEN</span></p>
-
-<p class=CCode><span lang=SV style='font-family:"Arial",sans-serif'>CKM_DSA_PROBABLISTIC_PARAMETER_GEN</span></p>
-
-<p class=CCode><span lang=SV style='font-family:"Arial",sans-serif'>CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN</span></p>
-
-<p class=CCode><span lang=SV style='font-family:"Arial",sans-serif'>CKM_DSA_FIPS_G_GEN</span></p>
-
-<p class=CCode><span lang=SV style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=CCode style='margin-left:.5in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial",sans-serif'>CK_DSA_PARAMETER_GEN_PARAM</span></p>
-
-<p class=CCode style='margin-left:.5in;text-indent:-.25in'><span
-style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=MsoNormal>CK_DSA_PARAMETER_GEN_PARAM is a structure which provides and
-returns parameters for the NIST FIPS 186-4 parameter generating algorithms.<span
-style='font-family:"Tahoma",sans-serif;color:black'><span class=msoIns><ins
-cite="mailto:TCA" datetime="2016-01-20T14:55"> </ins></span></span></p>
-
-<p class=MsoNormal><b><span style='font-family:"Tahoma",sans-serif;color:black'><span
-class=msoIns><ins cite="mailto:TCA" datetime="2016-01-20T14:55">CK_DSA_PARAMETER_GEN_PARAM_PTR</ins></span></span></b><span
-style='font-family:"Tahoma",sans-serif;color:black'><span class=msoIns><ins
-cite="mailto:TCA" datetime="2016-01-20T14:55"> is a pointer to a <b>CK_DSA_PARAMETER_GEN_PARAM</b>.</ins></span></span><span
-class=apple-converted-space><span style='color:black'><span class=msoIns><ins
-cite="mailto:TCA" datetime="2016-01-20T14:55">&nbsp;</ins></span></span></span></p>
-
-<p class=CCode style='margin-left:.5in;text-indent:-.25in'><span
-style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=CCode style='margin-left:.5in;text-indent:-.25in'><span
-style='font-family:"Arial",sans-serif'>typedef struct
-CK_DSA_PARAMETER_GEN_PARAM {</span></p>
-
-<p class=CCode style='margin-left:1.0in;text-indent:-.25in'><span
-style='font-family:"Arial",sans-serif'>CK_MECHANISM_TYPE hash;</span></p>
-
-<p class=CCode style='margin-left:1.0in;text-indent:-.25in'><span
-style='font-family:"Arial",sans-serif'>CK_BYTE_PTR            pSeed;</span></p>
-
-<p class=CCode style='margin-left:1.0in;text-indent:-.25in'><span
-style='font-family:"Arial",sans-serif'>CK_ULONG                  ulSeedLen;</span></p>
-
-<p class=CCode style='margin-left:1.0in;text-indent:-.25in'><span
-style='font-family:"Arial",sans-serif'>CK_ULONG                  ulIndex;</span></p>
-
-<p class=CCode style='margin-left:.5in;text-indent:-.25in'><span
-style='font-family:"Arial",sans-serif'>};</span></p>
-
-<p class=CCode style='margin-left:.5in;text-indent:-.25in'><span
-style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=MsoNormal style='margin-left:.5in'>The fields of the structure have
-the following meanings:</p>
-
-<p class=MsoNormal style='margin-left:2.0in;text-indent:-41.25pt'><i>hash</i>       Mechanism
-value for the base hash used in PQG generation, Valid values are CKM_<span
-class=msoDel><del cite="mailto:TCA" datetime="2016-01-20T14:55">SHA1</del></span><span
-class=msoIns><ins cite="mailto:TCA" datetime="2016-01-20T14:55">SHA_1</ins></span>,
-CKM_SHA224, CKM_SHA256, CKM_SHA384, CKM_SHA512.</p>
-
-<p class=MsoNormal style='margin-left:2.0in;text-indent:-46.5pt'><i>pSeed</i>      Seed
-value used to generate PQ and G. This value is returned by
-CKM_DSA_PROBABLISTIC_PARAMETER_GEN, CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN, and
-passed into CKM_DSA_FIPS_G_GEN.</p>
-
-<p class=MsoNormal style='margin-left:.5in'>                <i>ulSeedLen</i>      Length
-of seed value.</p>
-
-<p class=MsoNormal style='margin-left:2.0in;text-indent:-1.5in'>                    
-<i>ulIndex</i>      Index value for generating G. Input for CKM_DSA_FIPS_G_GEN.
-Ignored by CKM_DSA_<span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">PROBABALISTIC</del></span><span class=msoIns><ins
-cite="mailto:TCA" datetime="2016-01-20T14:55">PROBAALISTIC</ins></span>_PARAMETER_GEN
-and CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN.</p>
-
-<h3><a name="_Toc441850430"></a><a name="_Toc441162352"></a><a
-name="_Toc416959993"></a><a name="_Toc437440511"></a><a name="_Toc395187747"></a><a
-name="_Toc391471109"></a><a name="_Toc370634392">2.2.2 DSA public key objects</a></h3>
-
-<p class=MsoNormal>DSA public key objects (object class <b>CKO_PUBLIC_KEY, </b>key
-type <b>CKK_DSA</b>) hold DSA public keys.  The following table defines the DSA
-public key object attributes, in addition to the common attributes defined for
-this object class:</p>
-
-<p class=MsoCaption><a name="_Toc323204885"></a><a name="_Toc383864520"></a><a
-name="_Toc405794984"></a><a name="_Toc228807504"></a><a name="_Toc319314013"></a><a
-name="_Toc319314555"></a><a name="_Toc319314970"></a><a name="_Toc319315842">Table
-</a>19, DSA Public Key Object Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=168 valign=top style='width:1.75in;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Attribute</span></b></p>
-   </td>
-   <td width=90 valign=top style='width:67.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Data type</span></b></p>
-   </td>
-   <td width=318 valign=top style='width:238.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=168 valign=top style='width:1.75in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_PRIME<sup>1,3</sup></span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=318 valign=top style='width:238.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Prime <i>p</i> (512 to 3072 bits, in steps of
-  64 bits)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=168 valign=top style='width:1.75in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_SUBPRIME<sup>1,3</sup></span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=318 valign=top style='width:238.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Subprime <i>q</i> (160, 224 bits, or 256 bits)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=168 valign=top style='width:1.75in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_BASE<sup>1,3</sup></span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=318 valign=top style='width:238.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Base <i>g</i></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=168 valign=top style='width:1.75in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_VALUE<sup>1,4</sup></span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=318 valign=top style='width:238.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Public value <i>y</i></span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>- <span class=MsoFootnoteReference>Refer to [PKCS
-#11-Base]  table 10 for footnotes</span></sup></p>
-
-<p class=MsoNormal>The <b>CKA_PRIME</b>, <b>CKA_SUBPRIME</b> and <b>CKA_BASE</b>
-attribute values are collectively the “DSA domain parameters”.  See FIPS PUB
-186-4 for more information on DSA keys.</p>
-
-<p class=MsoNormal>The following is a sample template for creating a DSA public
-key object:</p>
-
-<p class=CCode>CK_OBJECT_CLASS class = CKO_PUBLIC_KEY;</p>
-
-<p class=CCode>CK_KEY_TYPE keyType = CKK_DSA;</p>
-
-<p class=CCode>CK_UTF8CHAR label[] = “A DSA public key object”;</p>
-
-<p class=CCode>CK_BYTE prime[] = {...};</p>
-
-<p class=CCode>CK_BYTE subprime[] = {...};</p>
-
-<p class=CCode>CK_BYTE base[] = {...};</p>
-
-<p class=CCode>CK_BYTE value[] = {...};</p>
-
-<p class=CCode>CK_BBOOL true = CK_TRUE;</p>
-
-<p class=CCode>CK_ATTRIBUTE template[] = {</p>
-
-<p class=CCode>  {CKA_CLASS, &amp;class, sizeof(class)},</p>
-
-<p class=CCode>  {CKA_KEY_TYPE, &amp;keyType, sizeof(keyType)},</p>
-
-<p class=CCode>  {CKA_TOKEN, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_LABEL, label, sizeof(label)-1},</p>
-
-<p class=CCode>  {CKA_PRIME, prime, sizeof(prime)},</p>
-
-<p class=CCode>  {CKA_SUBPRIME, subprime, sizeof(subprime)},</p>
-
-<p class=CCode>  <span lang=IT>{CKA_BASE, base, sizeof(base)},</span></p>
-
-<p class=CCode><span lang=IT>  </span>{CKA_VALUE, value, sizeof(value)}</p>
-
-<p class=CCode>};</p>
-
-<p class=CCode>&nbsp;</p>
-
-<h3><a name="_Toc441850431"></a><a name="_Toc441162353"></a><a
-name="_Toc416959994"></a><a name="_Toc437440512"></a><a name="_Toc395187748"></a><a
-name="_Toc391471110"></a><a name="_Toc370634393">2.2.3 DSA Key Restrictions</a></h3>
-
-<p class=MsoNormal>FIPS PUB 186-4 specifies permitted combinations of prime and
-sub-prime lengths.  They are:</p>
-
-<ul style='margin-top:0in' type=disc>
- <li class=MsoNormal>Prime: 1024 bits, Subprime: 160</li>
- <li class=MsoNormal>Prime: 2048 bits, Subprime: 224</li>
- <li class=MsoNormal>Prime: 2048 bits, Subprime: 256</li>
- <li class=MsoNormal>Prime: 3072 bits, Subprime: 256</li>
-</ul>
-
-<p class=MsoNormal>Earlier versions of FIPS 186 permitted smaller prime lengths,
-and those are included here for backwards compatibility.       An
-implementation that is compliant to FIPS 186-4 does not permit the use of
-primes of any length less than 1024 bits.</p>
-
-<h3><a name="_Toc441850432"></a><a name="_Toc441162354"></a><a
-name="_Toc416959995"></a><a name="_Toc437440513"></a><a name="_Toc395187749"></a><a
-name="_Toc391471111"></a><a name="_Toc370634394"></a><a name="_Toc319287662"></a><a
-name="_Toc319313503"></a><a name="_Toc319313696"></a><a name="_Toc319315689"></a><a
-name="_Toc322855288"></a><a name="_Toc322945130"></a><a name="_Toc323000697"></a><a
-name="_Toc323024091"></a><a name="_Toc323205423"></a><a name="_Toc323610853"></a><a
-name="_Toc383864860"></a><a name="_Toc385057864"></a><a name="_Toc405794682"></a><a
-name="_Toc72656221"></a><a name="_Toc228807179"></a><a name="_Toc228894653">2.2.4
-DSA private key objects</a></h3>
-
-<p class=MsoNormal>DSA private key objects (object class <b>CKO_PRIVATE_KEY, </b>key
-type <b>CKK_DSA</b>) hold DSA private keys.  The following table defines the
-DSA private key object attributes, in addition to the common attributes defined
-for this object class:</p>
-
-<p class=MsoCaption><a name="_Toc323204889"></a><a name="_Toc383864524"></a><a
-name="_Toc405794990"></a><a name="_Toc228807505"></a><a name="_Toc319314016"></a><a
-name="_Toc319314558"></a><a name="_Toc319314973"></a><a name="_Toc319315845">Table
-</a>20, DSA Private Key Object Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=168 valign=top style='width:1.75in;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Attribute</span></b></p>
-   </td>
-   <td width=96 valign=top style='width:1.0in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Data type</span></b></p>
-   </td>
-   <td width=312 valign=top style='width:234.05pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=168 valign=top style='width:1.75in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_PRIME<sup>1,4,6</sup></span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=312 valign=top style='width:234.05pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Prime <i>p</i> (512 to 1024 bits, in steps of
-  64 bits)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=168 valign=top style='width:1.75in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_SUBPRIME<sup>1,4,6</sup></span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=312 valign=top style='width:234.05pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Subprime <i>q</i> (160 bits, 224 bits, or 256
-  bits)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=168 valign=top style='width:1.75in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_BASE<sup>1,4,6</sup></span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=312 valign=top style='width:234.05pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Base <i>g</i></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=168 valign=top style='width:1.75in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_VALUE<sup>1,4,6,7</sup></span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=312 valign=top style='width:234.05pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Private value <i>x</i></span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>- <span class=MsoFootnoteReference>Refer to [PKCS
-#11-Base]  table 10 for footnotes</span></sup></p>
-
-<p class=MsoNormal>The <b>CKA_PRIME</b>, <b>CKA_SUBPRIME</b> and <b>CKA_BASE</b>
-attribute values are collectively the “DSA domain parameters”.  See FIPS PUB
-186-4 for more information on DSA keys.</p>
-
-<p class=MsoNormal>Note that when generating a DSA private key, the DSA domain
-parameters are <i>not</i> specified in the key’s template.  This is because DSA
-private keys are only generated as part of a DSA key <i>pair</i>, and the DSA
-domain parameters for the pair are specified in the template for the DSA public
-key.</p>
-
-<p class=MsoNormal><a name="_Toc319287663"></a><a name="_Toc319313504"></a><a
-name="_Toc319313697"></a><a name="_Toc319315690">The following is a sample
-template for creating a DSA private key object:</a></p>
-
-<p class=CCode>CK_OBJECT_CLASS class = CKO_PRIVATE_KEY;</p>
-
-<p class=CCode>CK_KEY_TYPE keyType = CKK_DSA;</p>
-
-<p class=CCode>CK_UTF8CHAR label[] = “A DSA private key object”;</p>
-
-<p class=CCode>CK_BYTE subject[] = {...};</p>
-
-<p class=CCode>CK_BYTE id[] = {123};</p>
-
-<p class=CCode>CK_BYTE prime[] = {...};</p>
-
-<p class=CCode>CK_BYTE subprime[] = {...};</p>
-
-<p class=CCode>CK_BYTE base[] = {...};</p>
-
-<p class=CCode>CK_BYTE value[] = {...};</p>
-
-<p class=CCode>CK_BBOOL true = CK_TRUE;</p>
-
-<p class=CCode>CK_ATTRIBUTE template[] = {</p>
-
-<p class=CCode>  {CKA_CLASS, &amp;class, sizeof(class)},</p>
-
-<p class=CCode>  {CKA_KEY_TYPE, &amp;keyType, sizeof(keyType)},</p>
-
-<p class=CCode>  {CKA_TOKEN, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_LABEL, label, sizeof(label)-1},</p>
-
-<p class=CCode>  {CKA_SUBJECT, subject, sizeof(subject)},</p>
-
-<p class=CCode>  {CKA_ID, id, sizeof(id)},</p>
-
-<p class=CCode>  {CKA_SENSITIVE, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_SIGN, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_PRIME, prime, sizeof(prime)},</p>
-
-<p class=CCode>  <span lang=IT>{CKA_SUBPRIME, subprime, sizeof(subprime)},</span></p>
-
-<p class=CCode><span lang=IT>  {CKA_BASE, base, sizeof(base)},</span></p>
-
-<p class=CCode><span lang=IT>  </span>{CKA_VALUE, value, sizeof(value)}</p>
-
-<p class=CCode>};</p>
-
-<h3><a name="_Toc441850433"></a><a name="_Toc441162355"></a><a
-name="_Toc416959996"></a><a name="_Toc437440514"></a><a name="_Toc395187750"></a><a
-name="_Toc391471112"></a><a name="_Toc370634395"></a><a name="_Toc72656222"></a><a
-name="_Toc228807180"></a><a name="_Toc228894654">2.2.5 DSA domain parameter
-objects</a></h3>
-
-<p class=MsoNormal>DSA domain parameter objects (object class <b>CKO_DOMAIN_PARAMETERS,
-</b>key type <b>CKK_DSA</b>) hold DSA domain parameters.  The following table
-defines the DSA domain parameter object attributes, in addition to the common
-attributes defined for this object class:</p>
-
-<p class=MsoCaption><a name="_Toc228807506">Table </a>21, DSA Domain Parameter
-Object Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=168 valign=top style='width:1.75in;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Attribute</span></b></p>
-   </td>
-   <td width=102 valign=top style='width:76.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Data type</span></b></p>
-   </td>
-   <td width=306 valign=top style='width:229.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=168 valign=top style='width:1.75in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_PRIME<sup>1,4</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=306 valign=top style='width:229.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Prime <i>p</i> (512 to 1024 bits, in steps of
-  64 bits)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=168 valign=top style='width:1.75in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_SUBPRIME<sup>1,4</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=306 valign=top style='width:229.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Subprime <i>q</i> (160 bits, 224 bits, or 256
-  bits)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=168 valign=top style='width:1.75in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_BASE<sup>1,4</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=306 valign=top style='width:229.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Base <i>g</i></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=168 valign=top style='width:1.75in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_PRIME_BITS<sup>2,3</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_ULONG</span></p>
-  </td>
-  <td width=306 valign=top style='width:229.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Length of the prime value.</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>- <span class=MsoFootnoteReference>Refer to [PKCS
-#11-Base]  table 10 for footnotes</span></sup></p>
-
-<p class=MsoNormal>The <b>CKA_PRIME</b>, <b>CKA_SUBPRIME</b> and <b>CKA_BASE</b>
-attribute values are collectively the “DSA domain parameters”.  See FIPS PUB
-186-4 for more information on DSA domain parameters.</p>
-
-<p class=MsoNormal>To ensure backwards compatibility, if <b>CKA_SUBPRIME_BITS</b>
-is not specified for a call to <b>C_GenerateKey</b>, it takes on a default
-based on the value of <b>CKA_PRIME_BITS</b> as follows: </p>
-
-<ul style='margin-top:0in' type=disc>
- <li class=MsoNormal>If <b>CKA_PRIME_BITS</b> is less than or equal to 1024
-     then CKA_SUBPRIME_BITS shall be 160 bits</li>
- <li class=MsoNormal>If <b>CKA_PRIME_BITS</b> equals 2048 then
-     CKA_SUBPRIME_BITS shall be 224 bits</li>
- <li class=MsoNormal>If <b>CKA_PRIME_BITS</b> equals 3072 then
-     CKA_SUBPRIME_BITS shall be 256 bits</li>
-</ul>
-
-<p class=MsoNormal style='margin-left:.5in'>&nbsp;</p>
-
-<p class=MsoNormal>The following is a sample template for creating a DSA domain
-parameter object:</p>
-
-<p class=CCode>CK_OBJECT_CLASS class = CKO_DOMAIN_PARAMETERS;</p>
-
-<p class=CCode>CK_KEY_TYPE keyType = CKK_DSA;</p>
-
-<p class=CCode>CK_UTF8CHAR label[] = “A DSA domain parameter object”;</p>
-
-<p class=CCode>CK_BYTE prime[] = {...};</p>
-
-<p class=CCode>CK_BYTE subprime[] = {...};</p>
-
-<p class=CCode>CK_BYTE base[] = {...};</p>
-
-<p class=CCode>CK_BBOOL true = CK_TRUE;</p>
-
-<p class=CCode>CK_ATTRIBUTE template[] = {</p>
-
-<p class=CCode>  {CKA_CLASS, &amp;class, sizeof(class)},</p>
-
-<p class=CCode>  {CKA_KEY_TYPE, &amp;keyType, sizeof(keyType)},</p>
-
-<p class=CCode>  {CKA_TOKEN, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_LABEL, label, sizeof(label)-1},</p>
-
-<p class=CCode>  {CKA_PRIME, prime, sizeof(prime)},</p>
-
-<p class=CCode>  {CKA_SUBPRIME, subprime, sizeof(subprime)},</p>
-
-<p class=CCode>  <span lang=IT>{CKA_BASE, base, sizeof(base)},</span></p>
-
-<p class=CCode>};</p>
-
-<h3><a name="_Toc441850434"></a><a name="_Toc441162356"></a><a
-name="_Toc416959997"></a><a name="_Toc437440515"></a><a name="_Toc395187751"></a><a
-name="_Toc391471113"></a><a name="_Toc370634396"></a><a name="_Toc72656223"></a><a
-name="_Toc228807181"></a><a name="_Toc228894655">2.2.6 DSA key pair generation</a></h3>
-
-<p class=MsoNormal>The DSA key pair generation mechanism, denoted <b>CKM_DSA_KEY_PAIR_GEN</b>,
-is a key pair generation mechanism based on the Digital Signature Algorithm
-defined in FIPS PUB 186-2.</p>
-
-<p class=MsoNormal>This mechanism does not have a parameter.</p>
-
-<p class=MsoNormal>The mechanism generates DSA public/private key pairs with a
-particular prime, subprime and base, as specified in the <b>CKA_PRIME</b>, <b>CKA_SUBPRIME</b>,
-and <b>CKA_BASE</b> attributes of the template for the public key.</p>
-
-<p class=MsoNormal>The mechanism contributes the <b>CKA_CLASS</b>, <b>CKA_KEY_TYPE</b>,
-and <b>CKA_VALUE</b> attributes to the new public key and the <b>CKA_CLASS</b>,
-<b>CKA_KEY_TYPE</b>, <b>CKA_PRIME</b>, <b>CKA_SUBPRIME</b>, <b>CKA_BASE</b>,
-and <b>CKA_VALUE</b> attributes to the new private key. Other attributes
-supported by the DSA public and private key types (specifically, the flags
-indicating which functions the keys support) may also be specified in the
-templates for the keys, or else are assigned default initial values.</p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-DSA prime sizes, in bits.</p>
-
-<h3><a name="_Toc441850435"></a><a name="_Toc441162357"></a><a
-name="_Toc416959998"></a><a name="_Toc437440516"></a><a name="_Toc395187752"></a><a
-name="_Toc391471114"></a><a name="_Toc370634397"></a><a name="_Toc72656224"></a><a
-name="_Toc228807182"></a><a name="_Toc228894656">2.2.7 DSA domain parameter generation</a></h3>
-
-<p class=MsoNormal>The DSA domain parameter generation mechanism, denoted <b>CKM_DSA_PARAMETER_GEN</b>,
-is a domain parameter generation mechanism based on the Digital Signature
-Algorithm defined in FIPS PUB 186-2.</p>
-
-<p class=MsoNormal>This mechanism does not have a parameter.</p>
-
-<p class=MsoNormal>The mechanism generates DSA domain parameters with a
-particular prime length in bits, as specified in the <b>CKA_PRIME_BITS</b>
-attribute of the template.</p>
-
-<p class=MsoNormal>The mechanism contributes the <b>CKA_CLASS</b>, <b>CKA_KEY_TYPE</b>,
-<b>CKA_PRIME</b>, <b>CKA_SUBPRIME</b>, <b>CKA_BASE</b> and <b>CKA_PRIME_BITS</b>
-attributes to the new object. Other attributes supported by the DSA domain
-parameter types may also be specified in the template, or else are assigned
-default initial values.</p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-DSA prime sizes, in bits.</p>
-
-<h3><a name="_Toc441850436"></a><a name="_Toc441162358"></a><a
-name="_Toc416959999"></a><a name="_Toc437440517"></a><a name="_Toc395187753"></a><a
-name="_Toc391471115"></a><a name="_Toc370634398">2.2.8 DSA probabilistic domain
-parameter generation</a></h3>
-
-<p class=MsoNormal>The DSA probabilistic domain parameter generation mechanism,
-denoted <b>CKM_DSA_PROBABLISTIC_PARAMETER_GEN</b>, is a domain parameter
-generation mechanism based on the Digital Signature Algorithm defined in FIPS
-PUB 186-4, section Appendix A.1.1 Generation and Validation of Probable
-Primes..</p>
-
-<p class=MsoNormal>This mechanism takes a <b>CK_DSA_PARAMETER_GEN_PARAM</b>
-which supplies the base hash and returns the seed (pSeed) and the length
-(ulSeedLen).</p>
-
-<p class=MsoNormal>The mechanism generates DSA the prime and subprime domain
-parameters with a particular prime length in bits, as specified in the <b>CKA_PRIME_BITS</b>
-attribute of the template and the subprime length as specified in the <b>CKA_SUBPRIME_BITS</b>
-attribute of the template.</p>
-
-<p class=MsoNormal>The mechanism contributes the <b>CKA_CLASS</b>, <b>CKA_KEY_TYPE</b>,
-<b>CKA_PRIME</b>, <b>CKA_SUBPRIME</b>, <b>CKA_PRIME_BITS, and CKA_SUBPRIME_BITS</b>
-attributes to the new object.<b> CKA_BASE</b> is not set by this call. Other
-attributes supported by the DSA domain parameter types may also be specified in
-the template, or else are assigned default initial values.</p>
-
-<p class=MsoNormal style='margin-left:-1.5pt'>For this mechanism, the <i>ulMinKeySize</i>
-and <i>ulMaxKeySize</i> fields of the <b>CK_MECHANISM_INFO</b> structure
-specify the supported range of DSA prime sizes, in bits.</p>
-
-<h3><a name="_Toc441850437"></a><a name="_Toc441162359"></a><a
-name="_Toc416960000"></a><a name="_Toc437440518"></a><a name="_Toc395187754"></a><a
-name="_Toc391471116"></a><a name="_Toc370634399">2.2.9 DSA Shawe-Taylor domain
-parameter generation</a></h3>
-
-<p class=MsoNormal>The DSA Shawe-Taylor domain parameter generation mechanism,
-denoted <b>CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN</b>, is a domain parameter
-generation mechanism based on the Digital Signature Algorithm defined in FIPS
-PUB 186-4, section Appendix A.1.2 Construction and Validation of Provable Primes
-p and q.</p>
-
-<p class=MsoNormal>This mechanism takes a <b>CK_DSA_PARAMETER_GEN_PARAM</b>
-which supplies the base hash and returns the seed (pSeed) and the length
-(ulSeedLen).</p>
-
-<p class=MsoNormal>The mechanism generates DSA the prime and subprime domain
-parameters with a particular prime length in bits, as specified in the
-CKA_PRIME_BITS attribute of the template and the subprime length as specified
-in the <b>CKA_SUBPRIME_BITS</b> attribute of the template.</p>
-
-<p class=MsoNormal>The mechanism contributes the <b>CKA_CLASS</b>, <b>CKA_KEY_TYPE</b>,
-<b>CKA_PRIME</b>, <b>CKA_SUBPRIME</b>, <b>CKA_PRIME_BITS, and CKA_SUBPRIME_BITS</b>
-attributes to the new object.<b> CKA_BASE</b> is not set by this call. Other
-attributes supported by the DSA domain parameter types may also be specified in
-the template, or else are assigned default initial values.</p>
-
-<p class=MsoNormal style='margin-left:-1.5pt'>For this mechanism, the <i>ulMinKeySize</i>
-and <i>ulMaxKeySize</i> fields of the <b>CK_MECHANISM_INFO</b> structure
-specify the supported range of DSA prime sizes, in bits.</p>
-
-<h3><a name="_Toc441850438"></a><a name="_Toc441162360"></a><a
-name="_Toc416960001"></a><a name="_Toc437440519"></a><a name="_Toc395187755"></a><a
-name="_Toc391471117"></a><a name="_Toc370634400">2.2.10 DSA base domain
-parameter generation</a></h3>
-
-<p class=MsoNormal>The DSA base domain parameter generation mechanism, denoted <b>CKM_DSA_FIPS_G_GEN</b>,
-is a base parameter generation mechanism based on the Digital Signature Algorithm
-defined in FIPS PUB 186-4, section Appendix A.2 Generation of Generator G.</p>
-
-<p class=MsoNormal>This mechanism takes a <b>CK_DSA_PARAMETER_GEN_PARAM</b>
-which supplies the base hash  the seed (pSeed) and the length (ulSeedLen) and
-the index value.</p>
-
-<p class=MsoNormal>The mechanism generates the DSA base with the domain
-parameter specified in the <b>CKA_PRIME</b> and <b>CKA_SUBPRIME</b> attributes
-of the template.</p>
-
-<p class=MsoNormal>The mechanism contributes the <b>CKA_CLASS</b>, <b>CKA_KEY_TYPE</b>,
-and <b>CKA_BASE</b> attributes to the new object.<b> </b>Other attributes
-supported by the DSA domain parameter types may also be specified in the
-template, or else are assigned default initial values.</p>
-
-<p class=MsoNormal style='margin-left:-1.5pt'>For this mechanism, the <i>ulMinKeySize</i>
-and <i>ulMaxKeySize</i> fields of the <b>CK_MECHANISM_INFO</b> structure
-specify the supported range of DSA prime sizes, in bits.</p>
-
-<h3><a name="_Toc441850439"></a><a name="_Toc441162361"></a><a
-name="_Toc416960002"></a><a name="_Toc437440520"></a><a name="_Toc395187756"></a><a
-name="_Toc391471118"></a><a name="_Toc370634401"></a><a name="_Toc72656225"></a><a
-name="_Toc228807183"></a><a name="_Toc228894657"></a><a name="_Toc322855315"></a><a
-name="_Toc322945157"></a><a name="_Toc323000724"></a><a name="_Toc323024175"></a><a
-name="_Toc323205509"></a><a name="_Toc323610938"></a><a name="_Toc383864955"></a><a
-name="_Toc385057985"></a><a name="_Toc405794806">2.2.11 DSA</a> without hashing</h3>
-
-<p class=MsoNormal>The DSA without hashing mechanism, denoted <b>CKM_DSA</b>,
-is a mechanism for single-part signatures and verification based on the Digital
-Signature Algorithm defined in FIPS PUB 186-2. (This mechanism corresponds only
-to the part of DSA that processes the 20-byte hash value; it does not compute
-the hash value.)</p>
-
-<p class=MsoNormal>For the purposes of this mechanism, a DSA signature is a
-40-byte string, corresponding to the concatenation of the DSA values <i>r</i>
-and <i>s</i>, each represented most-significant byte first.</p>
-
-<p class=MsoNormal>It does not have a parameter.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of data are
-summarized in the following table:</p>
-
-<p class=MsoCaption><a name="_Toc323204902"></a><a name="_Toc383864551"></a><a
-name="_Toc405795015"></a><a name="_Toc228807507">Table </a>22,
-DSA: Key And Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=114 valign=top style='width:85.5pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=128 valign=top style='width:95.85pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=94 valign=top style='width:70.65pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=102 valign=top style='width:76.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Output length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Sign<sup>1</sup></span></p>
-  </td>
-  <td width=128 valign=top style='width:95.85pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>DSA private key</span></p>
-  </td>
-  <td width=94 valign=top style='width:70.65pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>20, 28, 32, 48, or 64
-  bits</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>2*length of subprime</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Verify<sup>1</sup></span></p>
-  </td>
-  <td width=128 valign=top style='width:95.85pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>DSA public key</span></p>
-  </td>
-  <td width=94 valign=top style='width:70.65pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>(20, 28, 32, 48, or
-  64 bits), (2*length of subprime)<sup>2</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>N/A</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><sup>1</sup>
-<span class=MsoFootnoteReference>Single-part operations only.</span></p>
-
-<p class=MsoNormal><span class=MsoFootnoteReference>2 Data length, signature
-length.</span></p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO </b>structure specify the supported range of
-DSA prime sizes, in bits.</p>
-
-<h3><a name="_Toc441850440"></a><a name="_Toc441162362"></a><a
-name="_Toc416960003"></a><a name="_Toc437440521"></a><a name="_Toc395187757"></a><a
-name="_Toc391471119"></a><a name="_Toc370634402"></a><a name="_Toc385057986"></a><a
-name="_Toc405794807"></a><a name="_Toc72656226"></a><a name="_Toc228807184"></a><a
-name="_Toc228894658">2.2.12 DSA with SHA-1</a></h3>
-
-<p class=MsoNormal>The DSA with SHA-1 mechanism, denoted <b>CKM_DSA_SHA1</b>,
-is a mechanism for single- and multiple-part signatures and verification based
-on the Digital Signature Algorithm defined in FIPS PUB 186-2.  This mechanism
-computes the entire DSA specification, including the hashing with SHA-1.</p>
-
-<p class=MsoNormal>For the purposes of this mechanism, a DSA signature is a
-40-byte string, corresponding to the concatenation of the DSA values <i>r</i>
-and <i>s</i>, each represented most-significant byte first.</p>
-
-<p class=MsoNormal>This mechanism does not have a parameter.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of data are
-summarized in the following table:</p>
-
-<p class=MsoCaption><a name="_Toc405795016"></a><a name="_Toc228807508">Table </a>23,
-DSA with SHA-1: Key And Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=114 valign=top style='width:85.5pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=128 valign=top style='width:95.85pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=94 valign=top style='width:70.65pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=102 valign=top style='width:76.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Output length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Sign</span></p>
-  </td>
-  <td width=128 valign=top style='width:95.85pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>DSA private key</span></p>
-  </td>
-  <td width=94 valign=top style='width:70.65pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>2*subprime length</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Verify</span></p>
-  </td>
-  <td width=128 valign=top style='width:95.85pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>DSA public key</span></p>
-  </td>
-  <td width=94 valign=top style='width:70.65pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any, 2*subprime
-  length<sup>2</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>N/A</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>2</sup> <span class=MsoFootnoteReference>Data length,
-signature length.</span></p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-DSA prime sizes, in bits.</p>
-
-<h3><a name="_Toc441850441"></a><a name="_Toc441162363"></a><a
-name="_Toc416960004"></a><a name="_Toc437440522"></a><a name="_Toc395187758"></a><a
-name="_Toc391471120"></a><a name="_Toc370634403">2.2.13 FIPS 186-4</a></h3>
-
-<p class=MsoNormal>When CKM_DSA is operated in FIPS mode, only the following
-bit lengths of p and q, represented by L and N, SHALL be used:</p>
-
-<p class=MsoNormal>L = 1024, N = 160</p>
-
-<p class=MsoNormal>L = 2048, N = 224</p>
-
-<p class=MsoNormal>L = 2048, N = 256</p>
-
-<p class=MsoNormal>L = 3072, N = 256</p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<h3><a name="_Toc441850442"></a><a name="_Toc441162364"></a><a
-name="_Toc416960005"></a><a name="_Toc437440523"></a><a name="_Toc395187759"></a><a
-name="_Toc391471121"></a><a name="_Toc370634404">2.2.14 DSA with SHA-224</a></h3>
-
-<p class=MsoNormal>The DSA with SHA-1 mechanism, denoted <b>CKM_DSA_SHA224</b>,
-is a mechanism for single- and multiple-part signatures and verification based
-on the Digital Signature Algorithm defined in FIPS PUB 186-4.  This mechanism
-computes the entire DSA specification, including the hashing with SHA-224.</p>
-
-<p class=MsoNormal>For the purposes of this mechanism, a DSA signature is a
-string of length 2*subprime, corresponding to the concatenation of the DSA
-values <i>r</i> and <i>s</i>, each represented most-significant byte first.</p>
-
-<p class=MsoNormal>This mechanism does not have a parameter.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of data are
-summarized in the following table:</p>
-
-<p class=MsoCaption>Table 24, DSA with SHA-244: Key And Data Length</p>
-
-<table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse'>
- <thead>
-  <tr>
-   <td width=114 valign=top style='width:85.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:
-   none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=128 valign=top style='width:95.85pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.0pt;border-bottom:solid black 1.0pt;border-right:
-   none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=94 valign=top style='width:70.65pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.0pt;border-bottom:solid black 1.0pt;border-right:
-   none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=104 valign=top style='width:78.0pt;border-top:1.5pt;border-left:
-   1.0pt;border-bottom:1.0pt;border-right:1.5pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Output length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:none;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Sign</span></p>
-  </td>
-  <td width=128 valign=top style='width:95.85pt;border-top:none;border-left:
-  solid black 1.0pt;border-bottom:solid black 1.0pt;border-right:none;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>DSA private key</span></p>
-  </td>
-  <td width=94 valign=top style='width:70.65pt;border-top:none;border-left:
-  solid black 1.0pt;border-bottom:solid black 1.0pt;border-right:none;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=104 valign=top style='width:78.0pt;border-top:none;border-left:
-  solid black 1.0pt;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>2*subprime length</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:none;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Verify</span></p>
-  </td>
-  <td width=128 valign=top style='width:95.85pt;border-top:none;border-left:
-  solid black 1.0pt;border-bottom:solid black 1.5pt;border-right:none;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>DSA public key</span></p>
-  </td>
-  <td width=94 valign=top style='width:70.65pt;border-top:none;border-left:
-  solid black 1.0pt;border-bottom:solid black 1.5pt;border-right:none;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any, 2*subprime
-  length<sup>2</sup></span></p>
-  </td>
-  <td width=104 valign=top style='width:78.0pt;border-top:none;border-left:
-  solid black 1.0pt;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>N/A</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>2</sup> Data length, signature length.</p>
-
-<p class=MsoNormal style='margin-top:12.0pt;margin-right:0in;margin-bottom:
-12.0pt;margin-left:0in;text-align:justify'>For this mechanism, the <i>ulMinKeySize</i>
-and <i>ulMaxKeySize</i> fields of the <b>CK_MECHANISM_INFO</b> structure
-specify the supported range of DSA prime sizes, in bits.</p>
-
-<h3><a name="_Toc441850443"></a><a name="_Toc441162365"></a><a
-name="_Toc416960006"></a><a name="_Toc437440524"></a><a name="_Toc395187760"></a><a
-name="_Toc391471122"></a><a name="_Toc370634405">2.2.15 DSA with SHA-256</a></h3>
-
-<p class=MsoNormal>The DSA with SHA-1 mechanism, denoted <b>CKM_DSA_SHA256</b>,
-is a mechanism for single- and multiple-part signatures and verification based
-on the Digital Signature Algorithm defined in FIPS PUB 186-4.  This mechanism
-computes the entire DSA specification, including the hashing with SHA-256.</p>
-
-<p class=MsoNormal>For the purposes of this mechanism, a DSA signature is a
-string of length 2*subprime, corresponding to the concatenation of the DSA
-values <i>r</i> and <i>s</i>, each represented most-significant byte first.</p>
-
-<p class=MsoNormal>This mechanism does not have a parameter.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of data are
-summarized in the following table:</p>
-
-<p class=MsoCaption>Table 25, DSA with SHA-256: Key And Data Length</p>
-
-<table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse'>
- <thead>
-  <tr>
-   <td width=114 valign=top style='width:85.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:
-   none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=128 valign=top style='width:95.85pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.0pt;border-bottom:solid black 1.0pt;border-right:
-   none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=94 valign=top style='width:70.65pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.0pt;border-bottom:solid black 1.0pt;border-right:
-   none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=104 valign=top style='width:78.0pt;border-top:1.5pt;border-left:
-   1.0pt;border-bottom:1.0pt;border-right:1.5pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Output length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:none;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Sign</span></p>
-  </td>
-  <td width=128 valign=top style='width:95.85pt;border-top:none;border-left:
-  solid black 1.0pt;border-bottom:solid black 1.0pt;border-right:none;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>DSA private key</span></p>
-  </td>
-  <td width=94 valign=top style='width:70.65pt;border-top:none;border-left:
-  solid black 1.0pt;border-bottom:solid black 1.0pt;border-right:none;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=104 valign=top style='width:78.0pt;border-top:none;border-left:
-  solid black 1.0pt;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>2*subprime length</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:none;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Verify</span></p>
-  </td>
-  <td width=128 valign=top style='width:95.85pt;border-top:none;border-left:
-  solid black 1.0pt;border-bottom:solid black 1.5pt;border-right:none;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>DSA public key</span></p>
-  </td>
-  <td width=94 valign=top style='width:70.65pt;border-top:none;border-left:
-  solid black 1.0pt;border-bottom:solid black 1.5pt;border-right:none;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any, 2*subprime
-  length<sup>2</sup></span></p>
-  </td>
-  <td width=104 valign=top style='width:78.0pt;border-top:none;border-left:
-  solid black 1.0pt;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>N/A</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>2</sup> Data length, signature length.</p>
-
-<h3><a name="_Toc441850444"></a><a name="_Toc441162366"></a><a
-name="_Toc416960007"></a><a name="_Toc437440525"></a><a name="_Toc395187761"></a><a
-name="_Toc391471123"></a><a name="_Toc370634406">2.2.16 DSA with SHA-384</a></h3>
-
-<p class=MsoNormal>The DSA with SHA-1 mechanism, denoted <b>CKM_DSA_SHA384</b>,
-is a mechanism for single- and multiple-part signatures and verification based
-on the Digital Signature Algorithm defined in FIPS PUB 186-4.  This mechanism
-computes the entire DSA specification, including the hashing with SHA-384.</p>
-
-<p class=MsoNormal>For the purposes of this mechanism, a DSA signature is a
-string of length 2*subprime, corresponding to the concatenation of the DSA
-values <i>r</i> and <i>s</i>, each represented most-significant byte first.</p>
-
-<p class=MsoNormal>This mechanism does not have a parameter.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of data are summarized
-in the following table:</p>
-
-<p class=MsoCaption>Table 26, DSA with SHA-384: Key And Data Length</p>
-
-<table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse'>
- <thead>
-  <tr>
-   <td width=114 valign=top style='width:85.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:
-   none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=128 valign=top style='width:95.85pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.0pt;border-bottom:solid black 1.0pt;border-right:
-   none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=94 valign=top style='width:70.65pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.0pt;border-bottom:solid black 1.0pt;border-right:
-   none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=104 valign=top style='width:78.0pt;border-top:1.5pt;border-left:
-   1.0pt;border-bottom:1.0pt;border-right:1.5pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Output length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:none;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Sign</span></p>
-  </td>
-  <td width=128 valign=top style='width:95.85pt;border-top:none;border-left:
-  solid black 1.0pt;border-bottom:solid black 1.0pt;border-right:none;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>DSA private key</span></p>
-  </td>
-  <td width=94 valign=top style='width:70.65pt;border-top:none;border-left:
-  solid black 1.0pt;border-bottom:solid black 1.0pt;border-right:none;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=104 valign=top style='width:78.0pt;border-top:none;border-left:
-  solid black 1.0pt;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>2*subprime length</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:none;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Verify</span></p>
-  </td>
-  <td width=128 valign=top style='width:95.85pt;border-top:none;border-left:
-  solid black 1.0pt;border-bottom:solid black 1.5pt;border-right:none;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>DSA public key</span></p>
-  </td>
-  <td width=94 valign=top style='width:70.65pt;border-top:none;border-left:
-  solid black 1.0pt;border-bottom:solid black 1.5pt;border-right:none;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any, 2*subprime
-  length<sup>2</sup></span></p>
-  </td>
-  <td width=104 valign=top style='width:78.0pt;border-top:none;border-left:
-  solid black 1.0pt;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>N/A</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>2</sup> Data length, signature length.</p>
-
-<h3><a name="_Toc441850445"></a><a name="_Toc441162367"></a><a
-name="_Toc416960008"></a><a name="_Toc437440526"></a><a name="_Toc395187762"></a><a
-name="_Toc391471124"></a><a name="_Toc370634407">2.2.17 DSA with SHA-512</a></h3>
-
-<p class=MsoNormal>The DSA with SHA-1 mechanism, denoted <b>CKM_DSA_SHA512</b>,
-is a mechanism for single- and multiple-part signatures and verification based
-on the Digital Signature Algorithm defined in FIPS PUB 186-4.  This mechanism computes
-the entire DSA specification, including the hashing with SHA-512.</p>
-
-<p class=MsoNormal>For the purposes of this mechanism, a DSA signature is a
-string of length 2*subprime, corresponding to the concatenation of the DSA
-values <i>r</i> and <i>s</i>, each represented most-significant byte first.</p>
-
-<p class=MsoNormal>This mechanism does not have a parameter.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of data are
-summarized in the following table:</p>
-
-<p class=MsoCaption>Table 27, DSA with SHA-512: Key And Data Length</p>
-
-<table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse'>
- <thead>
-  <tr>
-   <td width=114 valign=top style='width:85.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:
-   none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=128 valign=top style='width:95.85pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.0pt;border-bottom:solid black 1.0pt;border-right:
-   none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=94 valign=top style='width:70.65pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.0pt;border-bottom:solid black 1.0pt;border-right:
-   none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=104 valign=top style='width:78.0pt;border-top:1.5pt;border-left:
-   1.0pt;border-bottom:1.0pt;border-right:1.5pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Output length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:none;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Sign</span></p>
-  </td>
-  <td width=128 valign=top style='width:95.85pt;border-top:none;border-left:
-  solid black 1.0pt;border-bottom:solid black 1.0pt;border-right:none;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>DSA private key</span></p>
-  </td>
-  <td width=94 valign=top style='width:70.65pt;border-top:none;border-left:
-  solid black 1.0pt;border-bottom:solid black 1.0pt;border-right:none;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=104 valign=top style='width:78.0pt;border-top:none;border-left:
-  solid black 1.0pt;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>2*subprime length</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:none;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Verify</span></p>
-  </td>
-  <td width=128 valign=top style='width:95.85pt;border-top:none;border-left:
-  solid black 1.0pt;border-bottom:solid black 1.5pt;border-right:none;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>DSA public key</span></p>
-  </td>
-  <td width=94 valign=top style='width:70.65pt;border-top:none;border-left:
-  solid black 1.0pt;border-bottom:solid black 1.5pt;border-right:none;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any, 2*subprime
-  length<sup>2</sup></span></p>
-  </td>
-  <td width=104 valign=top style='width:78.0pt;border-top:none;border-left:
-  solid black 1.0pt;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>N/A</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>2</sup> Data length, signature length.</p>
-
-<h2><a name="_Toc322855316"></a><a name="_Toc322945158"></a><a
-name="_Toc323000725"></a><a name="_Toc323024176"></a><a name="_Toc323205510"></a><a
-name="_Toc323610939"></a><a name="_Toc383864956"></a><a name="_Toc441850446"></a><a
-name="_Toc441162368"></a><a name="_Toc416960009"></a><a name="_Toc437440527"></a><a
-name="_Toc395187763"></a><a name="_Toc391471125"></a><a name="_Toc370634408"></a><a
-name="_Toc385057988"></a><a name="_Toc405794809"></a><a name="_Ref407416671"></a><a
-name="_Ref505595420"></a><a name="_Ref505595426"></a><a name="_Ref505595588"></a><a
-name="_Toc72656228"></a><a name="_Toc228807185"></a><a name="_Toc228894659">2.3
-Elliptic Curve</a></h2>
-
-<p class=MsoNormal>The Elliptic Curve (EC) cryptosystem (also related to ECDSA)
-in this document is the one described in the ANSI X9.62 and X9.63 standards
-developed by the ANSI X9F1 working group.</p>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>&nbsp;</span></i></p>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>28</span></i><i><span style='font-size:9.0pt'>, Elliptic
-Curve Mechanisms vs. Functions</span></i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0 width=678
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=210 valign=top style='width:157.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-   </td>
-   <td width=468 colspan=7 valign=top style='width:351.0pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Functions</span></b></p>
-   </td>
-  </tr>
-  <tr>
-   <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Mechanism</span></b></p>
-   </td>
-   <td width=78 valign=top style='width:58.5pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Encrypt</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Decrypt</span></b></p>
-   </td>
-   <td width=54 valign=top style='width:40.5pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Sign</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Verify</span></b></p>
-   </td>
-   <td width=42 valign=top style='width:31.5pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>SR</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>VR</span></b><sup><span lang=SV style='font-size:10.0pt;
-   font-family:"Arial",sans-serif'>1</span></sup></p>
-   </td>
-   <td width=60 valign=top style='width:45.0pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>Digest</span></b></p>
-   </td>
-   <td width=60 valign=top style='width:45.0pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Gen.</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> Key/</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Pair</span></b></p>
-   </td>
-   <td width=72 valign=top style='width:.75in;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Wrap</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Unwrap</span></b></p>
-   </td>
-   <td width=102 valign=top style='width:76.5pt;border-top:solid black 1.0pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Derive</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_EC_KEY_PAIR_GEN
-  (CKM_ECDSA_KEY_PAIR_GEN)</span></p>
-  </td>
-  <td width=78 valign=top style='width:58.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=42 valign=top style='width:31.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=72 valign=top style='width:.75in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_ECDSA</span></p>
-  </td>
-  <td width=78 valign=top style='width:58.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span><sup><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>2</span></sup></p>
-  </td>
-  <td width=42 valign=top style='width:31.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=72 valign=top style='width:.75in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_ECDSA_SHA1</span></p>
-  </td>
-  <td width=78 valign=top style='width:58.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=42 valign=top style='width:31.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=72 valign=top style='width:.75in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_ECDH1_DERIVE</span></p>
-  </td>
-  <td width=78 valign=top style='width:58.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=42 valign=top style='width:31.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=72 valign=top style='width:.75in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_ECDH1_COFACTOR_DERIVE</span></p>
-  </td>
-  <td width=78 valign=top style='width:58.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=42 valign=top style='width:31.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=72 valign=top style='width:.75in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_ECMQV_DERIVE</span></p>
-  </td>
-  <td width=78 valign=top style='width:58.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=42 valign=top style='width:31.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=72 valign=top style='width:.75in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.5pt;border-right:
-  solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;line-height:115%;
-  page-break-after:auto'><span style='font-size:10.0pt;line-height:115%;
-  font-family:"Arial",sans-serif'>CKM_ECDH_AES_KEY_WRAP</span></p>
-  </td>
-  <td width=78 valign=top style='width:58.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='line-height:115%;page-break-after:auto'><span
-  style='font-size:9.0pt;line-height:115%;font-family:Wingdings'>&nbsp;</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='line-height:115%;page-break-after:auto'><span
-  style='font-size:9.0pt;line-height:115%'>&nbsp;</span></p>
-  </td>
-  <td width=42 valign=top style='width:31.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='line-height:115%;page-break-after:auto'><span
-  style='font-size:9.0pt;line-height:115%'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='line-height:115%;page-break-after:auto'><span
-  style='font-size:9.0pt;line-height:115%;font-family:Wingdings'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='line-height:115%;page-break-after:auto'><span
-  style='font-size:9.0pt;line-height:115%'>&nbsp;</span></p>
-  </td>
-  <td width=72 valign=top style='width:.75in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='line-height:115%;page-break-after:auto'><span
-  style='font-size:9.0pt;line-height:115%;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.5pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='line-height:115%;page-break-after:auto'><span
-  style='font-size:9.0pt;line-height:115%'>&nbsp;</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoCaption>&nbsp;</p>
-
-<p class=MsoCaption><a name="_Toc228807509">Table </a>29, Mechanism Information
-Flags</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <tr>
-  <td width=228 valign=top style='width:171.0pt;border-top:1.5pt;border-left:
-  1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-  solid;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKF_EC_F_P</span></p>
-  </td>
-  <td width=108 valign=top style='width:81.0pt;border-top:solid black 1.5pt;
-  border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>0x00100000UL</span></p>
-  </td>
-  <td width=240 valign=top style='width:2.5in;border-top:solid black 1.5pt;
-  border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>True
-  if the mechanism can be used with EC domain parameters over <i>F<sub>p</sub></i></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=228 valign=top style='width:171.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKF_EC_F_2M</span></p>
-  </td>
-  <td width=108 valign=top style='width:81.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>0x00200000UL</span></p>
-  </td>
-  <td width=240 valign=top style='width:2.5in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>True
-  if the mechanism can be used with EC domain parameters over <i>F</i><sub>2<i><span
-  style='position:relative;top:-2.0pt'>m</span></i></sub></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=228 valign=top style='width:171.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKF_EC_ECPARAMETERS</span></p>
-  </td>
-  <td width=108 valign=top style='width:81.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>0x00400000UL</span></p>
-  </td>
-  <td width=240 valign=top style='width:2.5in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>True
-  if the mechanism can be used with EC domain parameters of the choice<b>
-  ecParameters</b></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=228 valign=top style='width:171.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKF_EC_NAMEDCURVE</span></p>
-  </td>
-  <td width=108 valign=top style='width:81.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>0x00800000UL</span></p>
-  </td>
-  <td width=240 valign=top style='width:2.5in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>True
-  if the mechanism can be used with EC domain parameters of the choice<b>
-  namedCurve</b></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=228 valign=top style='width:171.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKF_EC_UNCOMPRESS</span></p>
-  </td>
-  <td width=108 valign=top style='width:81.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>0x01000000UL</span></p>
-  </td>
-  <td width=240 valign=top style='width:2.5in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>True
-  if the mechanism can be used with elliptic curve point uncompressed</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=228 valign=top style='width:171.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKF_EC_COMPRESS</span></p>
-  </td>
-  <td width=108 valign=top style='width:81.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>0x02000000UL</span></p>
-  </td>
-  <td width=240 valign=top style='width:2.5in;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>True
-  if the mechanism can be used with elliptic curve point compressed</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>In these standards, there are two different varieties of EC
-defined:</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'>1.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>EC using a
-field with an odd prime number of elements (i.e. the finite field <i>F<sub>p</sub></i>).</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'>2.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>EC using a
-field of characteristic two (i.e. the finite field <i>F</i><sub>2<i><span
-style='position:relative;top:-2.0pt'>m</span></i></sub>).</p>
-
-<p class=MsoNormal>An EC key in Cryptoki contains information about which
-variety of EC it is suited for.  It is preferable that a Cryptoki library,
-which can perform EC mechanisms, be capable of performing operations with the
-two varieties of EC, however this is not required.  The <b>CK_MECHANISM_INFO</b>
-structure <b>CKF_EC_F_P</b> flag identifies a Cryptoki library supporting EC
-keys over <i>F<sub>p</sub></i> whereas the <b>CKF_EC_F_2M</b> flag identifies a
-Cryptoki library supporting EC keys over <i>F</i><sub>2<i><span
-style='position:relative;top:-2.0pt'>m</span></i></sub>.  A Cryptoki library
-that can perform EC mechanisms must set either or both of these flags for each
-EC mechanism.</p>
-
-<p class=MsoNormal>In these specifications there are also three representation
-methods to define the domain parameters for an EC key.  Only the <b>ecParameters
-</b>and the <b>namedCurve</b> choices are supported in Cryptoki.  The <b>CK_MECHANISM_INFO</b>
-structure <b>CKF_EC_ECPARAMETERS</b> flag identifies a Cryptoki library
-supporting the <b>ecParameters</b> choice whereas the <b>CKF_EC_NAMEDCURVE</b> flag
-identifies a Cryptoki library supporting the <b>namedCurve</b> choice.  A
-Cryptoki library that can perform EC mechanisms must set either or both of
-these flags for each EC mechanism.</p>
-
-<p class=MsoNormal>In these specifications, an EC public key (i.e. EC point <i>Q</i>)
-or the base point <i>G</i> when the <b>ecParameters </b>choice is used can be
-represented as an octet string of the uncompressed form or the compressed
-form.  The <b>CK_MECHANISM_INFO</b> structure <b>CKF_EC_UNCOMPRESS</b> flag
-identifies a Cryptoki library supporting the uncompressed form whereas the<b>
-CKF_EC_COMPRESS</b> flag identifies a Cryptoki library supporting the
-compressed form.<a name="_Hlt496500903"></a>  A Cryptoki library that can
-perform EC mechanisms must set either or both of these flags for each EC
-mechanism.</p>
-
-<p class=MsoNormal><span style='layout-grid-mode:line'>Note that an
-implementation of a Cryptoki library supporting EC with only one variety, one
-representation of domain parameters or one form may encounter difficulties
-achieving interoperability with other implementations.</span></p>
-
-<p class=MsoNormal>If an attempt to create, generate, derive or unwrap an EC
-key of an unsupported curve is made, the attempt should fail with the error
-code CKR_CURVE_NOT_SUPPORTED.  If an attempt to create, generate, derive, or
-unwrap an EC key with invalid or of an unsupported representation of domain
-parameters is made, that attempt should fail with the error code
-CKR_DOMAIN_PARAMS_INVALID.  If an attempt to create, generate, derive, or
-unwrap an EC key of an unsupported form is made, that attempt should fail with
-the error code CKR_TEMPLATE_INCONSISTENT.</p>
-
-<h3><a name="_Toc385057989"></a><a name="_Toc405794810"></a><a
-name="_Toc471006064"></a><a name="_Toc441850447"></a><a name="_Toc441162369"></a><a
-name="_Toc416960010"></a><a name="_Toc437440528"></a><a name="_Toc395187764"></a><a
-name="_Toc391471126"></a><a name="_Toc370634409"></a><a name="_Ref44295942"></a><a
-name="_Toc72656229"></a><a name="_Toc228807186"></a><a name="_Toc228894660">2.3.1
-EC Signatures</a></h3>
-
-<p class=MsoNormal><span lang=EN-GB>For the purposes of these mechanisms, an ECDSA
-signature is an octet string of even length which is at most two times <i>nLen</i>
-octets, where <i>nLen </i>is the length in octets of the base point order <i>n</i>.
-The signature octets correspond to the concatenation of the ECDSA values <i>r</i>
-and <i>s</i>, both represented as an octet string of equal length of at most <i>nLen</i>
-with the most significant byte first. If <i>r </i>and <i>s </i>have different
-octet length, the shorter of both must be padded with leading zero octets such
-that both have the same octet length. Loosely spoken, the first half of the
-signature is <i>r</i> and the second half is <i>s</i>. For signatures created
-by a token, the resulting signature is always of length 2<i>nLen</i>. For
-signatures passed to a token for verification, the signature may have a shorter
-length but must be composed as specified before. </span></p>
-
-<p class=MsoNormal><span lang=EN-GB>If the length of the hash value is larger
-than the bit length of <i>n</i>, only the leftmost bits of the hash up to the
-length of <i>n</i> will be used. Any truncation is done by the token.</span></p>
-
-<p class=MsoNormal><span lang=EN-GB>Note: For applications, it is recommended
-to encode the signature as an octet string of length two times <i>nLen </i>if
-possible. This ensures that the application works with PKCS#11 modules which
-have been implemented based on an older version of this document. Older
-versions required all signatures to have length two times <i>nLen</i>. It may
-be impossible to encode the signature with the maximum length of two times <i>nLen</i>
-if the application just gets the integer values of <i>r</i> and <i>s </i>(i.e.
-without leading zeros), but does not know the base point order <i>n</i>,
-because <i>r</i> and <i>s</i> can have any value between zero and the base
-point order <i>n</i>. </span></p>
-
-<h3><a name="_Toc441850448"></a><a name="_Toc441162370"></a><a
-name="_Toc416960011"></a><a name="_Toc437440529"></a><a name="_Toc395187765"></a><a
-name="_Toc391471127"></a><a name="_Toc370634410"></a><a name="_Toc72656230"></a><a
-name="_Toc228807187"></a><a name="_Toc228894661">2.3.2 Definitions</a></h3>
-
-<p class=MsoNormal>This section defines the key type “CKK_ECDSA” and “CKK_EC”
-for type CK_KEY_TYPE as used in the CKA_KEY_TYPE attribute of key objects.</p>
-
-<p class=MsoNormal>Mechanisms:</p>
-
-<p class=MsoNormal style='margin-left:.5in'>Note: CKM_ECDSA_KEY_PAIR_GEN is
-deprecated in v2.11</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_ECDSA_KEY_PAIR_GEN         </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_EC_KEY_PAIR_GEN            </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_ECDSA                      </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_ECDSA_SHA1                 </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_ECDH1_DERIVE               </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_ECDH1_COFACTOR_DERIVE<a
-name="_Hlt494255338"></a><a name="_Hlt494260222"></a>      </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_ECMQV_DERIVE </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_ECDH_AES_KEY_WRAP              </p>
-
-<p class=MsoNormal style='margin-left:.5in'>&nbsp;</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKD_NULL</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKD_SHA1_KDF</p>
-
-<h3><a name="_Toc441850449"></a><a name="_Toc441162371"></a><a
-name="_Toc416960012"></a><a name="_Toc437440530"></a><a name="_Toc395187766"></a><a
-name="_Toc391471128"></a><a name="_Toc370634411"></a><a name="_Toc72656231"></a><a
-name="_Toc228807188"></a><a name="_Toc228894662">2.3.3 ECDSA public key objects</a></h3>
-
-<p class=MsoNormal>EC (also related to ECDSA) public key objects (object class <b>CKO_PUBLIC_KEY,
-</b>key type <b>CKK_EC</b> or <b>CKK_ECDSA</b>) hold EC public keys.  The
-following table defines the EC public key object attributes, in addition to the
-common attributes defined for this object class:</p>
-
-<p class=MsoCaption><a name="_Toc228807510">Table </a>30, Elliptic Curve Public
-Key Object Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=210 valign=top style='width:157.5pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Attribute</span></b></p>
-   </td>
-   <td width=84 valign=top style='width:63.0pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Data type</span></b></p>
-   </td>
-   <td width=282 valign=top style='width:211.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_EC_PARAMS<sup>1,3 </sup>(CKA_ECDSA_PARAMS)</span></p>
-  </td>
-  <td width=84 valign=top style='width:63.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Byte array</span></p>
-  </td>
-  <td width=282 valign=top style='width:211.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>DER-encoding of an ANSI X9.62 Parameters
-  value</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_EC_POINT<sup>1,4</sup></span></p>
-  </td>
-  <td width=84 valign=top style='width:63.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Byte array</span></p>
-  </td>
-  <td width=282 valign=top style='width:211.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>DER-encoding of ANSI X9.62 ECPoint value <i>Q</i></span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>- <span class=MsoFootnoteReference>Refer to [PKCS
-#11-Base]  table 10 for footnotes</span></sup></p>
-
-<p class=MsoNormal>The <b>CKA_EC_PARAMS</b> or <b>CKA_ECDSA_PARAMS</b>
-attribute value is known as the “EC domain parameters” and is defined in ANSI
-X9.62 as a choice of three parameter representation methods with the following
-syntax:</p>
-
-<p class=CCode>Parameters ::= CHOICE {</p>
-
-<p class=CCode>  ecParameters   ECParameters,</p>
-
-<p class=CCode>  namedCurve     CURVES.&amp;id({CurveNames}),</p>
-
-<p class=CCode>  implicitlyCA   NULL</p>
-
-<p class=CCode>}</p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<p class=MsoNormal>This allows detailed specification of all required values
-using choice <b>ecParameters</b>, the use of a <b>namedCurve</b> as an object
-identifier substitute for a particular set of elliptic curve domain parameters,
-or <b>implicitlyCA</b> to indicate that the domain parameters are explicitly
-defined elsewhere.  The use of a <b>namedCurve</b> is recommended over the choice
-<b>ecParameters</b>.  The choice <b>implicitlyCA</b> must not be used in
-Cryptoki.</p>
-
-<p class=MsoNormal>The following is a sample template for creating an EC
-(ECDSA) public key object:</p>
-
-<p class=CCode>CK_OBJECT_CLASS class = CKO_PUBLIC_KEY;</p>
-
-<p class=CCode>CK_KEY_TYPE keyType = CKK_EC;</p>
-
-<p class=CCode>CK_UTF8CHAR label[] = “An EC public key object”;</p>
-
-<p class=CCode>CK_BYTE ecParams[] = {...};</p>
-
-<p class=CCode>CK_BYTE ecPoint[] = {...};</p>
-
-<p class=CCode>CK_BBOOL true = CK_TRUE;</p>
-
-<p class=CCode>CK_ATTRIBUTE template[] = {</p>
-
-<p class=CCode>  {CKA_CLASS, &amp;class, sizeof(class)},</p>
-
-<p class=CCode>  {CKA_KEY_TYPE, &amp;keyType, sizeof(keyType)},</p>
-
-<p class=CCode>  {CKA_TOKEN, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_LABEL, label, sizeof(label)-1},</p>
-
-<p class=CCode>  {CKA_EC_PARAMS, ecParams, sizeof(ecParams)},</p>
-
-<p class=CCode>  {CKA_EC_POINT, ecPoint, sizeof(ecPoint)}</p>
-
-<p class=CCode>};</p>
-
-<h3><a name="_Toc468937842"></a><a name="_Toc441850450"></a><a
-name="_Toc441162372"></a><a name="_Toc416960013"></a><a name="_Toc437440531"></a><a
-name="_Toc395187767"></a><a name="_Toc391471129"></a><a name="_Toc370634412"></a><a
-name="_Toc72656232"></a><a name="_Toc228807189"></a><a name="_Toc228894663">2.3.4
-Elliptic curve private key objects</a></h3>
-
-<p class=MsoNormal>EC (also related to ECDSA) private key objects (object class
-<b>CKO_PRIVATE_KEY, </b>key type <b>CKK_EC</b> or <b>CKK_ECDSA</b>) hold EC
-private keys.  See Section 2.3 for more information about EC.  The following
-table defines the EC private key object attributes, in addition to the common
-attributes defined for this object class:</p>
-
-<p class=MsoCaption><a name="_Toc228807511">Table </a>31, Elliptic Curve
-Private Key Object Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=210 valign=top style='width:157.5pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Attribute</span></b></p>
-   </td>
-   <td width=90 valign=top style='width:67.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Data type</span></b></p>
-   </td>
-   <td width=276 valign=top style='width:207.0pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_EC_PARAMS<sup>1,4,6</sup>
-  (CKA_ECDSA_PARAMS)</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Byte array</span></p>
-  </td>
-  <td width=276 valign=top style='width:207.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>DER-encoding of an ANSI X9.62 Parameters
-  value</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_VALUE<sup>1,4,6,7</sup></span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=276 valign=top style='width:207.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>ANSI X9.62 private value <i>d</i></span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>- <span class=MsoFootnoteReference>Refer to [PKCS
-#11-Base]  table 10 for footnotes</span></sup></p>
-
-<p class=MsoNormal>The <b>CKA_EC_PARAMS </b>or<b> CKA_ECDSA_PARAMS</b>
-attribute value is known as the “EC domain parameters” <a name="_Hlt493299885"></a>and
-is defined in ANSI X9.62 as a choice of three parameter representation methods
-with the following syntax:</p>
-
-<p class=CCode>Parameters ::= CHOICE {</p>
-
-<p class=CCode>  ecParameters   ECParameters,</p>
-
-<p class=CCode>  namedCurve     CURVES.&amp;id({CurveNames}),</p>
-
-<p class=CCode>  implicitlyCA   NULL</p>
-
-<p class=CCode>}</p>
-
-<p class=CCode>&nbsp;</p>
-
-<p class=MsoNormal>This allows detailed specification of all required values
-using choice <b>ecParameters</b>, the use of a <b>namedCurve</b> as an object
-identifier substitute for a particular set of elliptic curve domain parameters,
-or <b>implicitlyCA</b> to indicate that the domain parameters are explicitly
-defined elsewhere.  The use of a <b>namedCurve</b> is recommended over the
-choice <b>ecParameters</b>.  The choice <b>implicitlyCA</b> must not be used in
-Cryptoki.</p>
-
-<p class=MsoNormal>Note that when generating an EC private key, the EC domain
-parameters are <i>not</i> specified in the key’s template.  This is because EC
-private keys are only generated as part of an EC key <i>pair</i>, and the EC
-domain parameters for the pair are specified in the template for the EC public
-key.</p>
-
-<p class=MsoNormal>The following is a sample template for creating an EC
-(ECDSA) private key object:</p>
-
-<p class=CCode>CK_OBJECT_CLASS class = CKO_PRIVATE_KEY;</p>
-
-<p class=CCode>CK_KEY_TYPE keyType = CKK_EC;</p>
-
-<p class=CCode>CK_UTF8CHAR label[] = “An EC private key object”;</p>
-
-<p class=CCode>CK_BYTE subject[] = {...};</p>
-
-<p class=CCode>CK_BYTE id[] = {123};</p>
-
-<p class=CCode>CK_BYTE ecParams[] = {...};</p>
-
-<p class=CCode>CK_BYTE value[] = {...};</p>
-
-<p class=CCode>CK_BBOOL true = CK_TRUE;</p>
-
-<p class=CCode>CK_ATTRIBUTE template[] = {</p>
-
-<p class=CCode>  {CKA_CLASS, &amp;class, sizeof(class)},</p>
-
-<p class=CCode>  {CKA_KEY_TYPE, &amp;keyType, sizeof(keyType)},</p>
-
-<p class=CCode>  {CKA_TOKEN, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_LABEL, label, sizeof(label)-1},</p>
-
-<p class=CCode>  {CKA_SUBJECT, subject, sizeof(subject)},</p>
-
-<p class=CCode>  {CKA_ID, id, sizeof(id)},</p>
-
-<p class=CCode>  {CKA_SENSITIVE, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_DERIVE, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_EC_PARAMS, ecParams, sizeof(ecParams)},</p>
-
-<p class=CCode>  {CKA_VALUE, value, sizeof(value)}</p>
-
-<p class=CCode>};<a name="_Toc322855289"></a><a name="_Toc322945131"></a><a
-name="_Toc323000698"></a><a name="_Toc323024092"></a><a name="_Toc323205424"></a><a
-name="_Toc323610854"></a><a name="_Toc383864861"></a><a name="_Toc385057865"></a></p>
-
-<h3><a name="_Toc441850451"></a><a name="_Toc441162373"></a><a
-name="_Toc416960014"></a><a name="_Toc437440532"></a><a name="_Toc395187768"></a><a
-name="_Toc391471130"></a><a name="_Toc370634413"></a><a name="_Toc72656233"></a><a
-name="_Toc228807190"></a><a name="_Toc228894664">2.3.5 Elliptic curve key pair
-generation</a></h3>
-
-<p class=MsoNormal>The EC (also related to ECDSA) key pair generation
-mechanism, denoted <b>CKM_EC_KEY_PAIR_GEN</b> or <b>CKM_ECDSA_KEY_PAIR_GEN</b>,
-is a key pair generation mechanism for EC.</p>
-
-<p class=MsoNormal>This mechanism does not have a parameter.</p>
-
-<p class=MsoNormal>The mechanism generates EC public/private key pairs with
-particular EC domain parameters, as specified in the <b>CKA_EC_PARAMS</b> or <b>CKA_ECDSA_PARAMS</b>
-attribute of the template for the public key.  Note that this version of
-Cryptoki does not include a mechanism for generating these EC domain
-parameters.</p>
-
-<p class=MsoNormal>The mechanism contributes the <b>CKA_CLASS</b>, <b>CKA_KEY_TYPE</b>,
-and <b>CKA_EC_POINT</b> attributes to the new public key and the <b>CKA_CLASS</b>,
-<b>CKA_KEY_TYPE</b>, <b>CKA_EC_PARAMS</b> or <b>CKA_ECDSA_PARAMS</b> and <b>CKA_VALUE</b>
-attributes to the new private key.  Other attributes supported by the EC public
-and private key types (specifically, the flags indicating which functions the
-keys support) may also be specified in the templates for the keys, or else are
-assigned default initial values.</p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the minimum and
-maximum supported number of bits in the field sizes, respectively.  For
-example, if a Cryptoki library supports only ECDSA using a field of
-characteristic 2 which has between 2<sup>200</sup> and 2<sup>300</sup>
-elements, then <i>ulMinKeySize</i> = 201 and <i>ulMaxKeySize</i> = 301 (when
-written in binary notation, the number 2<sup>200</sup> consists of a 1 bit
-followed by 200 0 bits.  It is therefore a 201-bit number.  Similarly, 2<sup>300</sup>
-is a 301-bit number).</p>
-
-<h3><a name="_Toc441850452"></a><a name="_Toc441162374"></a><a
-name="_Toc416960015"></a><a name="_Toc437440533"></a><a name="_Toc395187769"></a><a
-name="_Toc391471131"></a><a name="_Toc370634414"></a><a name="_Toc228894665"></a><a
-name="_Toc228807191"></a><a name="_Toc72656234"></a><a name="_Toc471006065"></a><a
-name="_Hlt494608145"></a>2.3.6 ECDSA without hashing</h3>
-
-<p class=MsoNormal>Refer section 2.3.1 for signature encoding.</p>
-
-<p class=MsoNormal>The ECDSA without hashing mechanism, denoted <b>CKM_ECDSA</b>,
-is a mechanism for single-part signatures and verification for ECDSA.  (This
-mechanism corresponds only to the part of ECDSA that processes the hash value,
-which should not be longer than 1024 bits; it does not compute the hash value.)</p>
-
-<p class=MsoNormal>This mechanism does not have a parameter.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of data are
-summarized in the following table:</p>
-
-<p class=MsoCaption><a name="_Toc468937872"></a><a name="_Toc228807512">Table </a>32, ECDSA: Key and Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=108 valign=top style='width:81.0pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=142 valign=top style='width:106.55pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=110 valign=top style='width:82.45pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=84 valign=top style='width:63.0pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Output length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=108 valign=top style='width:81.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Sign<sup>1</sup></span></p>
-  </td>
-  <td width=142 valign=top style='width:106.55pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>ECDSA private key</span></p>
-  </td>
-  <td width=110 valign=top style='width:82.45pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any<sup>3</sup></span></p>
-  </td>
-  <td width=84 valign=top style='width:63.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>2<i>nLen</i></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=108 valign=top style='width:81.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Verify<sup>1</sup></span></p>
-  </td>
-  <td width=142 valign=top style='width:106.55pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>ECDSA public key</span></p>
-  </td>
-  <td width=110 valign=top style='width:82.45pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any<sup>3</sup>, </span><span
-  style='font-size:10.0pt;font-family:Symbol'>£</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>2<i>nLen </i><sup>2</sup></span></p>
-  </td>
-  <td width=84 valign=top style='width:63.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>N/A</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><sup>1</sup>
-<span class=MsoFootnoteReference>Single-part operations only.</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-class=MsoFootnoteReference>2 Data length, signature length.</span></p>
-
-<p class=MsoNormal><span class=MsoFootnoteReference>3 Input the entire raw
-digest. Internally, this will be truncated to the appropriate number of bits.</span></p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the minimum and
-maximum supported number of bits in the field sizes, respectively.  For
-example, if a Cryptoki library supports only ECDSA using a field of
-characteristic 2 which has between 2<sup>200</sup> and 2<sup>300</sup> elements
-(inclusive), then <i>ulMinKeySize</i> = 201 and <i>ulMaxKeySize</i> = 301 (when
-written in binary notation, the number 2<sup>200</sup> consists of a 1 bit
-followed by 200 0 bits.  It is therefore a 201-bit number.  Similarly, 2<sup>300</sup>
-is a 301-bit number).</p>
-
-<h3><a name="_Toc441850453"></a><a name="_Toc441162375"></a><a
-name="_Toc416960016"></a><a name="_Toc437440534"></a><a name="_Toc395187770"></a><a
-name="_Toc391471132"></a><a name="_Toc370634415"></a><a name="_Toc471006066"></a><a
-name="_Toc72656235"></a><a name="_Toc228807192"></a><a name="_Toc228894666">2.3.7
-ECDSA with SHA-1</a></h3>
-
-<p class=MsoNormal>Refer to section 2.3.1 for signature encoding.</p>
-
-<p class=MsoNormal>The ECDSA with SHA-1 mechanism, denoted <b>CKM_ECDSA_SHA1</b>,
-is a mechanism for single- and multiple-part signatures and verification for
-ECDSA.  This mechanism computes the entire ECDSA specification, including the
-hashing with SHA-1.</p>
-
-<p class=MsoNormal>This mechanism does not have a parameter.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of data are
-summarized in the following table:</p>
-
-<p class=MsoCaption><a name="_Toc468937873"></a><a name="_Toc228807513">Table </a>33, ECDSA with SHA-1: Key and Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=84 valign=top style='width:63.0pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=144 valign=top style='width:1.5in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=102 valign=top style='width:76.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=102 valign=top style='width:76.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Output length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=84 valign=top style='width:63.0pt;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Sign</span></p>
-  </td>
-  <td width=144 valign=top style='width:1.5in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>ECDSA private key</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>2<i>nLen</i></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=84 valign=top style='width:63.0pt;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Verify</span></p>
-  </td>
-  <td width=144 valign=top style='width:1.5in;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>ECDSA public key</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any, </span><span
-  style='font-size:10.0pt;font-family:Symbol'>£</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>2<i>nLen</i><sup> 2</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>N/A</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>2</sup> <span class=MsoFootnoteReference>Data length,
-signature length.</span></p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the minimum and
-maximum supported number of bits in the field sizes, respectively.  For
-example, if a Cryptoki library supports only ECDSA using a field of
-characteristic 2 which has between 2<sup>200</sup> and 2<sup>300</sup>
-elements, then <i>ulMinKeySize</i> = 201 and <i>ulMaxKeySize</i> = 301 (when
-written in binary notation, the number 2<sup>200</sup> consists of a 1 bit
-followed by 200 0 bits.  It is therefore a 201-bit number.  Similarly, 2<sup>300</sup>
-is a 301-bit number).</p>
-
-<h3><a name="_Toc441850454"></a><a name="_Toc441162376"></a><a
-name="_Toc416960017"></a><a name="_Toc437440535"></a><a name="_Toc395187771"></a><a
-name="_Toc391471133"></a><a name="_Toc370634416"></a><a name="_Toc228894667"></a><a
-name="_Toc228807193"></a><a name="_Toc72656236"></a><a name="_Hlt500652492"></a>2.3.8
-EC mechanism parameters</h3>
-
-<p class=MsoNormal style='margin-top:0in;margin-right:0in;margin-bottom:12.0pt;
-margin-left:.25in;text-align:justify;text-indent:-.25in;page-break-after:avoid'><span
-style='font-family:Symbol'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><b>CK_EC_KDF_TYPE, CK_EC_KDF_TYPE_PTR</b></p>
-
-<p class=MsoNormal><b>CK_EC_KDF_TYPE</b> is used to indicate the Key Derivation
-Function (KDF) applied to derive keying data from a shared secret.  The key
-derivation function will be used by the EC key agreement schemes.  It is
-defined as follows:</p>
-
-<p class=CCode>typedef CK_ULONG CK_EC_KDF_TYPE;</p>
-
-<p class=CCode><span style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=MsoNormal>The following table lists the defined functions.</p>
-
-<p class=MsoCaption><a name="_Toc228807514">Table </a>34, EC: Key Derivation
-Functions</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <tr>
-  <td width=204 valign=top style='width:153.0pt;border:solid windowtext 1.5pt;
-  border-bottom:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Source
-  Identifier</span></b></p>
-  </td>
- </tr>
- <tr>
-  <td width=204 valign=top style='width:153.0pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.0pt;border-right:
-  solid windowtext 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKD_NULL</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=204 valign=top style='width:153.0pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.0pt;border-right:
-  solid windowtext 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKD_SHA1_KDF</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=204 valign=top style='width:153.0pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.0pt;border-right:
-  solid windowtext 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKD_SHA224_KDF</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=204 valign=top style='width:153.0pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.0pt;border-right:
-  solid windowtext 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>CKD_SHA256_KDF</p>
-  </td>
- </tr>
- <tr>
-  <td width=204 valign=top style='width:153.0pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.0pt;border-right:
-  solid windowtext 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>CKD_SHA384_KDF</p>
-  </td>
- </tr>
- <tr>
-  <td width=204 valign=top style='width:153.0pt;border:solid windowtext 1.5pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>CKD_SHA512_KDF</p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>The key derivation function <b>CKD_NULL</b> produces a raw
-shared secret value without applying any key derivation function whereas the
-key derivation function <b>CKD_SHA1_KDF</b>, which is<b> </b>based on SHA-1,
-derives keying data from the shared secret value as defined in ANSI X9.63.</p>
-
-<p class=MsoNormal><b>CK_EC_KDF_TYPE_PTR</b> is a pointer to a <b>CK_EC_KDF_TYPE</b>.</p>
-
-<p class=MsoNormal style='margin-top:0in;margin-right:0in;margin-bottom:12.0pt;
-margin-left:.25in;text-align:justify;text-indent:-.25in;page-break-after:avoid'><span
-style='font-family:Symbol'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><b>CK_ECDH1_DERIVE_PARAMS, CK_ECDH1_DERIVE_PARAMS_PTR</b></p>
-
-<p class=MsoNormal><b>CK_ECDH1_DERIVE_PARAMS</b> is a structure that provides
-the parameters for the <b>CKM_ECDH1_DERIVE</b> and <b>CKM_ECDH1_COFACTOR_DERIVE</b>
-key derivation mechanisms, where each party contributes one key pair.  The
-structure is defined as follows:</p>
-
-<p class=CCode>typedef struct CK_ECDH1_DERIVE_PARAMS {</p>
-
-<p class=CCode>   CK_EC_KDF_TYPE kdf;</p>
-
-<p class=CCode>   CK_ULONG ulSharedDataLen;</p>
-
-<p class=CCode>   CK_BYTE_PTR pSharedData;</p>
-
-<p class=CCode>   CK_ULONG ulPublicDataLen;</p>
-
-<p class=CCode>   CK_BYTE_PTR pPublicData;</p>
-
-<p class=CCode>} CK_ECDH1_DERIVE_PARAMS;</p>
-
-<p class=CCode><span style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=MsoNormal>The fields of the structure have the following meanings:</p>
-
-<p class=definition0>                                            kdf       key
-derivation function used on the shared secret value</p>
-
-<p class=definition0>                       ulSharedDataLen       the length in
-bytes of the shared info</p>
-
-<p class=definition0>                             pSharedData       some data
-shared between the two parties</p>
-
-<p class=definition0>                         ulPublicDataLen       the length
-in bytes of the other party’s EC public key</p>
-
-<p class=definition0>                             pPublicData<a href="#_ftn1"
-name="_ftnref1" title=""><sup><b><sup><span style='font-size:10.0pt;font-family:
-"Arial",sans-serif'>[1]</span></sup></b></sup></a>       pointer to other
-party’s EC public key value. A token MUST be able to accept this value encoded
-as a raw octet string (as per section A.5.2 of [ANSI X9.62]).  A token MAY, in
-addition, support accepting this value as a DER-encoded ECPoint (as per section
-E.6 of [ANSI X9.62]) i.e. the same as a CKA_EC_POINT encoding.  The calling
-application is responsible for converting the offered public key to the
-compressed or uncompressed forms of these encodings if the token does not
-support the offered form. </p>
-
-<p class=MsoNormal>With the key derivation function <b>CKD_NULL</b>, <i>pSharedData</i>
-must be NULL and <i>ulSharedDataLen</i> must be zero.  With the key derivation
-function <b>CKD_SHA1_KDF</b>, an optional <i>pSharedData</i> may be supplied,
-which consists of some data shared by the two parties intending to share the
-shared secret.  Otherwise, <i>pSharedData</i> must be NULL and <i>ulSharedDataLen</i>
-must be zero.</p>
-
-<p class=MsoNormal><b>CK_ECDH1_DERIVE_PARAMS_PTR</b> is a pointer to a <b>CK_ECDH1_DERIVE_PARAMS</b>.</p>
-
-<p class=CCode><span style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=MsoNormal style='margin-top:0in;margin-right:0in;margin-bottom:12.0pt;
-margin-left:.25in;text-align:justify;text-indent:-.25in'><span
-style='font-family:Symbol'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><b>CK_ECMQV<span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55"> </del></span>_DERIVE_PARAMS, CK_ECMQV_DERIVE_PARAMS_PTR</b></p>
-
-<p class=MsoNormal><b>CK_ECMQV_DERIVE_PARAMS</b> is a structure that provides
-the parameters to the <b>CKM_ECMQV_DERIVE</b> key derivation mechanism, where
-each party contributes two key pairs.  The structure is defined as follows:</p>
-
-<p class=CCode>typedef struct CK_ECMQV_DERIVE_PARAMS {</p>
-
-<p class=CCode>   CK_EC_KDF_TYPE kdf;</p>
-
-<p class=CCode>   CK_ULONG ulSharedDataLen;</p>
-
-<p class=CCode>   CK_BYTE_PTR pSharedData;</p>
-
-<p class=CCode>   CK_ULONG ulPublicDataLen;</p>
-
-<p class=CCode>   CK_BYTE_PTR pPublicData;</p>
-
-<p class=CCode>   CK_ULONG ulPrivateDataLen;</p>
-
-<p class=CCode>   CK_OBJECT_HANDLE hPrivateData;</p>
-
-<p class=CCode>   CK_ULONG ulPublicDataLen2;</p>
-
-<p class=CCode>   CK_BYTE_PTR pPublicData2;</p>
-
-<p class=CCode>   CK_OBJECT_HANDLE publicKey;</p>
-
-<p class=CCode>} CK_ECMQV_DERIVE_PARAMS;</p>
-
-<p class=CCode><span style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=MsoNormal>The fields of the structure have the following meanings:</p>
-
-<p class=definition0>                                            kdf       key
-derivation function used on the shared secret value</p>
-
-<p class=definition0>                       ulSharedDataLen       the length in
-bytes of the shared info</p>
-
-<p class=definition0>                             pSharedData       some data
-shared between the two parties</p>
-
-<p class=definition0>                         ulPublicDataLen       the length
-in bytes of the other party’s first EC public key</p>
-
-<p class=definition0>                               pPublicData       pointer
-to other party’s first EC public key value. Encoding rules are as per
-pPublicData  of CK_ECDH1_DERIVE_PARAMS</p>
-
-<p class=definition0>                       ulPrivateDataLen       the length
-in bytes of the second EC private key</p>
-
-<p class=definition0>                             hPrivateData       key handle
-for second EC private key value</p>
-
-<p class=definition0>                       ulPublicDataLen2       the length
-in bytes of the other party’s second EC public key</p>
-
-<p class=definition0>                             pPublicData2       pointer to
-other party’s second EC public key value. Encoding rules are as per
-pPublicData  of CK_ECDH1_DERIVE_PARAMS</p>
-
-<p class=definition0>                                  publicKey       Handle
-to the first party’s ephemeral public key</p>
-
-<p class=MsoNormal>With the key derivation function <b>CKD_NULL</b>, <i>pSharedData</i>
-must be NULL and <i>ulSharedDataLen</i> must be zero.  With the key derivation
-function <b>CKD_SHA1_KDF</b>, an optional <i>pSharedData</i> may be supplied,
-which consists of some data shared by the two parties intending to share the
-shared secret.  Otherwise, <i>pSharedData</i> must be NULL and <i>ulSharedDataLen</i>
-must be zero.</p>
-
-<p class=MsoNormal><b>CK_ECMQV_DERIVE_PARAMS_PTR</b> is a pointer to a <b>CK_ECMQV_DERIVE_PARAMS</b>.</p>
-
-<h3><a name="_Toc441850455"></a><a name="_Toc441162377"></a><a
-name="_Toc416960018"></a><a name="_Toc437440536"></a><a name="_Toc395187772"></a><a
-name="_Toc391471134"></a><a name="_Toc370634417"></a><a name="_Toc72656237"></a><a
-name="_Toc228807194"></a><a name="_Toc228894668">2.3.9 Elliptic curve
-Diffie-Hellman key derivation</a></h3>
-
-<p class=MsoNormal>The elliptic curve Diffie-Hellman (ECDH) key derivation
-mechanism, denoted <b>CKM_ECDH1_DERIVE</b>, is a mechanism for key derivation
-based on the Diffie-Hellman version of the elliptic curve key agreement scheme,
-as defined in ANSI X9.63, where each party contributes one key pair all using
-the same EC domain parameters<a name="_Hlt500132816"></a>.</p>
-
-<p class=MsoNormal>It has a parameter, a <b>CK_ECDH1_DERIVE_PARAMS</b>
-structure.</p>
-
-<p class=MsoNormal>This mechanism derives a secret value, and truncates the
-result according to the <b>CKA_KEY_TYPE</b> attribute of the template and, if
-it has one and the key type supports it, the <b>CKA_VALUE_LEN</b> attribute of
-the template.  (The truncation removes bytes from the leading end of the secret
-value.)  The mechanism contributes the result as the <b>CKA_VALUE</b> attribute
-of the new key; other attributes required by the key type must be specified in
-the template.</p>
-
-<p class=MsoNormal>This mechanism has the following rules about key sensitivity
-and extractability:</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>The <b>CKA_SENSITIVE</b> and <b>CKA_EXTRACTABLE</b> attributes in
-the template for the new key can both be specified to be either CK_TRUE or
-CK_FALSE.  If omitted, these attributes each take on some default value.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If the base key has its <b>CKA_ALWAYS_SENSITIVE</b> attribute set
-to CK_FALSE, then the derived key will as well.  If the base key has its <b>CKA_ALWAYS_SENSITIVE</b>
-attribute set to CK_TRUE, then the derived key has its <b>CKA_ALWAYS_SENSITIVE</b>
-attribute set to the same value as its <b>CKA_SENSITIVE</b> attribute.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>Similarly, if the base key has its <b>CKA_NEVER_EXTRACTABLE</b>
-attribute set to CK_FALSE, then the derived key will, too.  If the base key has
-its <b>CKA_NEVER_EXTRACTABLE</b> attribute set to CK_TRUE, then the derived key
-has its <b>CKA_NEVER_EXTRACTABLE</b> attribute set to the <i>opposite</i> value
-from its <b>CKA_EXTRACTABLE</b> attribute.</p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the minimum and
-maximum supported number of bits in the field sizes, respectively.  For
-example, if a Cryptoki library supports only EC using a field of characteristic
-2 which has between 2<sup>200</sup> and 2<sup>300</sup> elements, then <i>ulMinKeySize</i>
-= 201 and <i>ulMaxKeySize</i> = 301 (when written in binary notation, the
-number 2<sup>200</sup> consists of a 1 bit followed by 200 0 bits.  It is
-therefore a 201-bit number.  Similarly, 2<sup>300</sup> is a 301-bit number).</p>
-
-<h3><a name="_Toc441850456"></a><a name="_Toc441162378"></a><a
-name="_Toc416960019"></a><a name="_Toc437440537"></a><a name="_Toc395187773"></a><a
-name="_Toc391471135"></a><a name="_Toc370634418"></a><a name="_Toc72656238"></a><a
-name="_Toc228807195"></a><a name="_Toc228894669">2.3.10 Elliptic curve
-Diffie-Hellman with cofactor key derivation</a></h3>
-
-<p class=MsoNormal>The elliptic curve Diffie-Hellman (ECDH) with cofactor key
-derivation mechanism, denoted <b>CKM_ECDH1_COFACTOR_DERIVE</b>, is a mechanism
-for key derivation based on the cofactor Diffie-Hellman version of the elliptic
-curve key agreement scheme, as defined in ANSI X9.63, where each party
-contributes one key pair all using the same EC domain parameters.  Cofactor
-multiplication is computationally efficient and helps to prevent security
-problems like small group attacks.</p>
-
-<p class=MsoNormal>It has a parameter, a <b>CK_ECDH1_DERIVE_PARAMS</b>
-structure.</p>
-
-<p class=MsoNormal>This mechanism derives a secret value, and truncates the
-result according to the <b>CKA_KEY_TYPE</b> attribute of the template and, if
-it has one and the key type supports it, the <b>CKA_VALUE_LEN</b> attribute of
-the template.  (The truncation removes bytes from the leading end of the secret
-value.)  The mechanism contributes the result as the <b>CKA_VALUE</b> attribute
-of the new key; other attributes required by the key type must be specified in
-the template.</p>
-
-<p class=MsoNormal>This mechanism has the following rules about key sensitivity
-and extractability:</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>The <b>CKA_SENSITIVE</b> and <b>CKA_EXTRACTABLE</b> attributes in
-the template for the new key can both be specified to be either CK_TRUE or
-CK_FALSE.  If omitted, these attributes each take on some default value.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If the base key has its <b>CKA_ALWAYS_SENSITIVE</b> attribute set
-to CK_FALSE, then the derived key will as well.  If the base key has its <b>CKA_ALWAYS_SENSITIVE</b>
-attribute set to CK_TRUE, then the derived key has its <b>CKA_ALWAYS_SENSITIVE</b>
-attribute set to the same value as its <b>CKA_SENSITIVE</b> attribute.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>Similarly, if the base key has its <b>CKA_NEVER_EXTRACTABLE</b>
-attribute set to CK_FALSE, then the derived key will, too.  If the base key has
-its <b>CKA_NEVER_EXTRACTABLE</b> attribute set to CK_TRUE, then the derived key
-has its <b>CKA_NEVER_EXTRACTABLE</b> attribute set to the <i>opposite</i> value
-from its <b>CKA_EXTRACTABLE</b> attribute.</p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the minimum and
-maximum supported number of bits in the field sizes, respectively.  For
-example, if a Cryptoki library supports only EC using a field of characteristic
-2 which has between 2<sup>200</sup> and 2<sup>300</sup> elements, then <i>ulMinKeySize</i>
-= 201 and <i>ulMaxKeySize</i> = 301 (when written in binary notation, the
-number 2<sup>200</sup> consists of a 1 bit followed by 200 0 bits.  It is
-therefore a 201-bit number.  Similarly, 2<sup>300</sup> is a 301-bit number).</p>
-
-<h3><a name="_Toc441850457"></a><a name="_Toc441162379"></a><a
-name="_Toc416960020"></a><a name="_Toc437440538"></a><a name="_Toc395187774"></a><a
-name="_Toc391471136"></a><a name="_Toc370634419"></a><a name="_Toc72656239"></a><a
-name="_Toc228807196"></a><a name="_Toc228894670">2.3.11 Elliptic curve
-Menezes-Qu-Vanstone key derivation</a></h3>
-
-<p class=MsoNormal>The elliptic curve Menezes-Qu-Vanstone (ECMQV) key
-derivation mechanism, denoted <b>CKM_ECMQV_DERIVE</b>, is a mechanism for key
-derivation based the MQV version of the elliptic curve key agreement scheme, as
-defined in ANSI X9.63, where each party contributes two key pairs all using the
-same EC domain parameters.</p>
-
-<p class=MsoNormal>It has a parameter, a <b>CK_ECMQV_DERIVE_PARAMS</b>
-structure.</p>
-
-<p class=MsoNormal>This mechanism derives a secret value, and truncates the
-result according to the <b>CKA_KEY_TYPE</b> attribute of the template and, if
-it has one and the key type supports it, the <b>CKA_VALUE_LEN</b> attribute of
-the template.  (The truncation removes bytes from the leading end of the secret
-value.) The mechanism contributes the result as the <b>CKA_VALUE</b> attribute
-of the new key; other attributes required by the key type must be specified in
-the template.</p>
-
-<p class=MsoNormal>This mechanism has the following rules about key sensitivity
-and extractability:</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>The <b>CKA_SENSITIVE</b> and <b>CKA_EXTRACTABLE</b> attributes in
-the template for the new key can both be specified to be either CK_TRUE or
-CK_FALSE.  If omitted, these attributes each take on some default value.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If the base key has its <b>CKA_ALWAYS_SENSITIVE</b> attribute set
-to CK_FALSE, then the derived key will as well.  If the base key has its <b>CKA_ALWAYS_SENSITIVE</b>
-attribute set to CK_TRUE, then the derived key has its <b>CKA_ALWAYS_SENSITIVE</b>
-attribute set to the same value as its <b>CKA_SENSITIVE</b> attribute.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>Similarly, if the base key has its <b>CKA_NEVER_EXTRACTABLE</b>
-attribute set to CK_FALSE, then the derived key will, too.  If the base key has
-its <b>CKA_NEVER_EXTRACTABLE</b> attribute set to CK_TRUE, then the derived key
-has its <b>CKA_NEVER_EXTRACTABLE</b> attribute set to the <i>opposite</i> value
-from its <b>CKA_EXTRACTABLE</b> attribute.</p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the minimum and
-maximum supported number of bits in the field sizes, respectively.  For
-example, if a Cryptoki library supports only EC using a field of characteristic
-2 which has between 2<sup>200</sup> and 2<sup>300</sup> elements, then <i>ulMinKeySize</i>
-= 201 and <i>ulMaxKeySize</i> = 301 (when written in binary notation, the
-number 2<sup>200</sup> consists of a 1 bit followed by 200 0 bits.  It is
-therefore a 201-bit number.  Similarly, 2<sup>300</sup> is a 301-bit number).</p>
-
-<h3><a name="_Toc441850458"></a><a name="_Toc441162380"></a><a
-name="_Toc416960021"></a><a name="_Toc437440539"></a><a name="_Toc395187775"></a><a
-name="_Toc391471137"></a><a name="_Toc370634420">2.3.12 ECDH AES KEY WRAP</a></h3>
-
-<p class=MsoNormal>The ECDH AES KEY WRAP mechanism, denoted <b>CKM_ECDH_AES_KEY_WRAP</b>,
-is a mechanism based on elliptic curve public-key crypto-system and the AES key
-wrap mechanism.&nbsp; It supports single-part key wrapping; and key unwrapping.&nbsp;
-</p>
-
-<p class=MsoNormal>It has a parameter, a&nbsp;<b>CK_ECDH_AES_KEY_WRAP_PARAMS</b>
-structure. </p>
-
-<p class=MsoPlainText><span lang=X-NONE style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=MsoPlainText><span lang=X-NONE style='font-family:"Arial",sans-serif'>The
-mechanism can wrap and un-wrap an asymmetric target key of any length and type
-using an EC key. </span></p>
-
-<p class=MsoPlainText style='margin-left:.75in;text-indent:-.25in'><span
-lang=X-NONE>-<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span lang=X-NONE style='font-family:"Arial",sans-serif'>A
-temporary AES key is derived from a temporary EC key and the wrapping EC key
-using the <b>CKM_ECDH1_DERIVE</b> mechanism.</span></p>
-
-<p class=MsoPlainText style='margin-left:.75in;text-indent:-.25in'><span
-lang=X-NONE>-<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span lang=X-NONE style='font-family:"Arial",sans-serif'>The
-derived AES key is used for wrapping the target key using the <b>CKM_AES_</b></span><b><span
-style='font-family:"Arial",sans-serif'>KEY_</span></b><b><span lang=X-NONE
-style='font-family:"Arial",sans-serif'>WRAP_PAD</span></b><span lang=X-NONE
-style='font-family:"Arial",sans-serif'> mechanism. </span></p>
-
-<p class=MsoPlainText><span lang=X-NONE style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=MsoPlainText><span lang=X-NONE style='font-family:"Arial",sans-serif'>For
-wrapping, the mechanism -&nbsp;
-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></p>
-
-<ul style='margin-top:0in' type=disc>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Generates a temporary random EC key (transport
-     key) having the same parameters as the wrapping EC key (and domain
-     parameters).  Saves the transport key public key material.</li>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Performs ECDH operation using <b>CKM_ECDH1_DERIVE</b>
-     with parameters of kdf, ulSharedDataLen and pSharedData using the private
-     key of the transport EC key and the public key of wrapping EC key and gets
-     the first ulAESKeyBits bits of the derived key to be the temporary AES key</li>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Wraps the target key with the temporary AES
-     key using <b>CKM_AES_KEY_WRAP_PAD (</b>RFC5649).</li>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Zeroizes the temporary AES key and EC transport
-     private key</li>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Concatenates public key material of the
-     transport key and output the concatenated blob.</li>
-</ul>
-
-<p class=MsoNormal style='margin-top:6.0pt;margin-right:0in;margin-bottom:4.0pt;
-margin-left:.25in;text-align:justify'>&nbsp;</p>
-
-<p class=MsoPlainText><span lang=X-NONE style='font-family:"Arial",sans-serif'>The
-recommended format for an asymmetric target key being wrapped is as a PKCS8
-PrivateKeyInfo</span></p>
-
-<p class=MsoPlainText><span lang=X-NONE style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=MsoPlainText><span lang=X-NONE style='font-family:"Arial",sans-serif'>The
-use of Attributes in the PrivateKeyInfo structure  is OPTIONAL.  In case of
-conflicts between the object attribute template, and Attributes in the
-PrivateKeyInfo structure, an <span style='color:black'>error should be thrown</span></span><span
-style='font-family:"Arial",sans-serif;color:black'>.</span></p>
-
-<p class=MsoPlainText><span lang=X-NONE style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=MsoPlainText><span lang=X-NONE style='font-family:"Arial",sans-serif'>For
-unwrapping, the mechanism - </span></p>
-
-<ul style='margin-top:0in' type=disc>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Splits the input into two parts. The first
-     part is the public key material of the transport key and the second part
-     is the wrapped target key.  The length of the first part is equal to the
-     length of the public key material of the unwrapping EC key </li>
-</ul>
-
-<p class=MsoNormal style='margin-top:6.0pt;margin-right:0in;margin-bottom:4.0pt;
-margin-left:.5in;text-align:justify'><i>Note: since the transport key and the
-wrapping EC key share the same domain, the length of the public key material of
-the transport key is the same length of the public key material of the
-unwrapping EC key.</i></p>
-
-<ul style='margin-top:0in' type=disc>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Performs ECDH operation using <b>CKM_ECDH1_DERIVE</b>
-     with parameters of kdf, ulSharedDataLen and pSharedData using the private
-     part of unwrapping EC key and the public part of the transport EC key and
-     gets first ulAESKeyBits bits of the derived key to be the temporary AES
-     key </li>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Un-wraps the target key from the second part with
-     the temporary AES key using <b>CKM_AES_KEY_WRAP_PAD</b> <b>(</b>RFC5649).</li>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Zeroizes the temporary AES key </li>
-</ul>
-
-<p class=MsoNormal style='margin-top:6.0pt;margin-right:0in;margin-bottom:4.0pt;
-margin-left:.5in;text-align:justify'>&nbsp;</p>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>35</span></i><i><span style='font-size:9.0pt'>, CKM_ECDH_AES_KEY_WRAP
-Mechanisms vs. Functions</span></i></p>
-
-<table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0
- style='margin-left:.4pt;border-collapse:collapse'>
- <tr style='page-break-inside:avoid'>
-  <td width=234 valign=top style='width:175.5pt;border-top:black;border-left:
-  black;border-bottom:windowtext;border-right:windowtext;border-style:solid;
-  border-width:1.0pt;padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont align=left style='text-align:left;line-height:115%'><span
-  style='font-size:9.0pt;line-height:115%'>&nbsp;</span></p>
-  </td>
-  <td width=417 colspan=7 valign=top style='width:312.75pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='line-height:115%'><b><span style='font-size:
-  9.0pt;line-height:115%;font-family:"Arial",sans-serif'>Functions</span></b></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.0pt;border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont align=left style='text-align:left;line-height:115%'><b><span
-  style='font-size:9.0pt;line-height:115%;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-  <p class=TableSmallFont align=left style='text-align:left;line-height:115%'><b><span
-  style='font-size:9.0pt;line-height:115%;font-family:"Arial",sans-serif'>Mechanism</span></b></p>
-  </td>
-  <td width=54 valign=top style='width:40.75pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='line-height:115%'><b><span style='font-size:
-  9.0pt;line-height:115%;font-family:"Arial",sans-serif'>Encrypt</span></b></p>
-  <p class=TableSmallFont style='line-height:115%'><b><span style='font-size:
-  9.0pt;line-height:115%;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont style='line-height:115%'><b><span style='font-size:
-  9.0pt;line-height:115%;font-family:"Arial",sans-serif'>Decrypt</span></b></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='line-height:115%'><b><span style='font-size:
-  9.0pt;line-height:115%;font-family:"Arial",sans-serif'>Sign</span></b></p>
-  <p class=TableSmallFont style='line-height:115%'><b><span style='font-size:
-  9.0pt;line-height:115%;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont style='line-height:115%'><b><span style='font-size:
-  9.0pt;line-height:115%;font-family:"Arial",sans-serif'>Verify</span></b></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='line-height:115%'><b><span lang=SV
-  style='font-size:9.0pt;line-height:115%;font-family:"Arial",sans-serif'>SR</span></b></p>
-  <p class=TableSmallFont style='line-height:115%'><b><span lang=SV
-  style='font-size:9.0pt;line-height:115%;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont style='line-height:115%'><b><span lang=SV
-  style='font-size:9.0pt;line-height:115%;font-family:"Arial",sans-serif'>VR</span></b><span
-  lang=SV style='font-size:9.0pt;line-height:115%;font-family:"Arial",sans-serif;
-  position:relative;top:-4.0pt'>1</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='line-height:115%'><b><span lang=SV
-  style='font-size:9.0pt;line-height:115%;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-  <p class=TableSmallFont style='line-height:115%'><b><span lang=SV
-  style='font-size:9.0pt;line-height:115%;font-family:"Arial",sans-serif'>Digest</span></b></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='line-height:115%'><b><span style='font-size:
-  9.0pt;line-height:115%;font-family:"Arial",sans-serif'>Gen.</span></b></p>
-  <p class=TableSmallFont style='line-height:115%'><b><span style='font-size:
-  9.0pt;line-height:115%;font-family:"Arial",sans-serif'>Key/</span></b></p>
-  <p class=TableSmallFont style='line-height:115%'><b><span style='font-size:
-  9.0pt;line-height:115%;font-family:"Arial",sans-serif'>Key</span></b></p>
-  <p class=TableSmallFont style='line-height:115%'><b><span style='font-size:
-  9.0pt;line-height:115%;font-family:"Arial",sans-serif'>Pair</span></b></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='line-height:115%'><b><span style='font-size:
-  9.0pt;line-height:115%;font-family:"Arial",sans-serif'>Wrap</span></b></p>
-  <p class=TableSmallFont style='line-height:115%'><b><span style='font-size:
-  9.0pt;line-height:115%;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont style='line-height:115%'><b><span style='font-size:
-  9.0pt;line-height:115%;font-family:"Arial",sans-serif'>Unwrap</span></b></p>
-  </td>
-  <td width=134 valign=top style='width:100.3pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='line-height:115%'><b><span style='font-size:
-  9.0pt;line-height:115%;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-  <p class=TableSmallFont style='line-height:115%'><b><span style='font-size:
-  9.0pt;line-height:115%;font-family:"Arial",sans-serif'>Derive</span></b></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.0pt;border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont align=left style='text-align:left;line-height:115%;
-  page-break-after:auto'><span style='font-size:9.0pt;line-height:115%;
-  font-family:"Arial",sans-serif'>CKM_ECDH_AES_KEY_WRAP</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.75pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='line-height:115%;page-break-after:auto'><span
-  style='font-size:9.0pt;line-height:115%;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='line-height:115%;page-break-after:auto'><span
-  style='font-size:9.0pt;line-height:115%;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='line-height:115%;page-break-after:auto'><span
-  style='font-size:9.0pt;line-height:115%;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='line-height:115%;page-break-after:auto'><span
-  style='font-size:9.0pt;line-height:115%;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='line-height:115%;page-break-after:auto'><span
-  style='font-size:9.0pt;line-height:115%;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='line-height:115%;page-break-after:auto'><span
-  style='font-size:10.0pt;line-height:115%;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=134 valign=top style='width:100.3pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='line-height:115%;page-break-after:auto'><span
-  style='font-size:9.0pt;line-height:115%;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=651 colspan=8 valign=top style='width:488.25pt;border:solid black 1.0pt;
-  border-top:none;padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont align=left style='text-align:left;line-height:115%;
-  page-break-after:auto'><span style='font-size:9.0pt;line-height:115%;
-  font-family:"Arial",sans-serif;position:relative;top:-4.0pt'>1</span><span
-  style='font-size:9.0pt;line-height:115%;font-family:"Arial",sans-serif'>SR =
-  SignRecover, VR = VerifyRecover</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoPlainText style='margin-left:.5in'><span lang=X-NONE
-style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=MsoNormal style='margin-top:6.0pt;margin-right:0in;margin-bottom:0in;
-margin-left:.25in;margin-bottom:.0001pt;text-align:justify'>&nbsp;</p>
-
-<h3><a name="_Toc441850459"></a><a name="_Toc441162381"></a><a
-name="_Toc416960022"></a><a name="_Toc437440540"></a><a name="_Toc395187776"></a><a
-name="_Toc391471138"></a><a name="_Toc370634421">2.3.13 ECDH AES KEY WRAP
-mechanism parameters</a></h3>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><span lang=X-NONE
-style='font-size:10.0pt;font-family:Symbol;font-weight:normal'>¨<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><span
-lang=X-NONE style='font-size:10.0pt;font-family:"Arial",sans-serif'>CK_ECDH_AES_KEY_WRAP_PARAMS;
-CK_ECDH_AES_KEY_WRAP_PARAMS_PTR</span></p>
-
-<p class=MsoNormal><b>CK_ECDH_AES_KEY_WRAP_PARAMS</b> is a structure that
-provides the parameters to the <b>CKM_ECDH_AES_KEY_WRAP</b> mechanism.&nbsp; It
-is defined as follows:</p>
-
-<p class=CCode style='margin-left:0in;text-indent:0in'><span style='font-size:
-10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=CCode style='margin-left:0in;text-indent:0in'><span style='font-family:
-"Arial",sans-serif'>typedef struct CK_ECDH_AES_KEY_WRAP_PARAMS {</span></p>
-
-<p class=CCode><span lang=SV style='font-family:"Arial",sans-serif'>CK_ULONG&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;ulAESKeyBits;</span></p>
-
-<p class=CCode><span style='font-family:"Arial",sans-serif'>CK_EC_KDF_TYPE                kdf;</span></p>
-
-<p class=CCode><span style='font-family:"Arial",sans-serif'>CK_ULONG                               ulSharedDataLen;</span></p>
-
-<p class=CCode><span style='font-family:"Arial",sans-serif'>CK_BYTE_PTR                        pSharedData;</span></p>
-
-<p class=CCode style='margin-left:0in;text-indent:0in'><span style='font-family:
-"Arial",sans-serif'>} CK_ECDH_AES_KEY_WRAP_PARAMS;</span></p>
-
-<p class=MsoPlainText><span lang=X-NONE style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=MsoPlainText><span lang=X-NONE style='font-family:"Arial",sans-serif'>The
-fields of the structure have the following meanings:</span></p>
-
-<p class=MsoPlainText><span lang=X-NONE style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=definition0 style='margin-top:0in;margin-right:0in;margin-bottom:6.0pt;
-margin-left:165.55pt;text-indent:-129.55pt'><span style='font-style:normal'>ulAESKeyBits </span>length
-of the temporary AES key in bits. Can be only 128, 192 or 256.</p>
-
-<p class=definition0 style='margin-top:0in;margin-right:0in;margin-bottom:6.0pt;
-margin-left:165.55pt;text-indent:-129.55pt'><span style='font-style:normal'>Kdf</span>             
- key derivation function used on the shared secret value to generate AES key.</p>
-
-<p class=definition0 style='margin-top:0in;margin-right:0in;margin-bottom:6.0pt;
-margin-left:165.55pt;text-indent:-129.55pt'><span style='font-style:normal'>ulSharedDataLen</span><span
-style='font-style:normal'> </span>the length in bytes of the shared info</p>
-
-<p class=definition0 style='margin-top:0in;margin-right:0in;margin-bottom:6.0pt;
-margin-left:165.55pt;text-indent:-129.55pt'><span style='font-style:normal'>pSharedData</span> Some
-data shared between the two parties</p>
-
-<p class=definition0 style='margin-top:0in;margin-right:0in;margin-bottom:6.0pt;
-margin-left:165.55pt;text-indent:-129.55pt'><span style='font-style:normal'>&nbsp;</span></p>
-
-<p class=MsoNormal><b>CK_ECDH_AES_KEY_WRAP_PARAMS_PTR</b> is a pointer to a <b>CK_ECDH_AES_KEY_WRAP_PARAMS</b>.</p>
-
-<p class=MsoNormal style='margin-top:6.0pt;margin-right:0in;margin-bottom:0in;
-margin-left:.25in;margin-bottom:.0001pt;text-align:justify'>&nbsp;</p>
-
-<h3><a name="_Toc441850460"></a><a name="_Toc441162382"></a><a
-name="_Toc416960023"></a><a name="_Toc437440541"></a><a name="_Toc395187777"></a><a
-name="_Toc391471139"></a><a name="_Toc370634422">2.3.14 FIPS 186-4</a></h3>
-
-<p class=MsoNormal>When CKM_ECDSA is operated in FIPS mode, the curves SHALL
-either be NIST recommended curves (with a fixed set of domain parameters) or
-curves with domain parameters generated as specified by ANSI X9.64. The NIST
-recommended curves are:</p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<p class=MsoNormal>P-192, P-224, P-256, P-384, P-521 </p>
-
-<p class=MsoNormal>K-163, B-163, K-233, B-233 </p>
-
-<p class=MsoNormal>K-283, B-283, K-409, B-409 </p>
-
-<p class=MsoNormal>K-571, B-571</p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<h2><a name="_Toc441850461"></a><a name="_Toc441162383"></a><a
-name="_Toc416960024"></a><a name="_Toc437440542"></a><a name="_Toc395187778"></a><a
-name="_Toc391471140"></a><a name="_Toc370634423"></a><a name="_Toc385057992"></a><a
-name="_Toc405794813"></a><a name="_Toc72656240"></a><a name="_Toc228807197"></a><a
-name="_Toc228894671"><span lang=DE-CH>2.4 </span>Diffie-Hellman</a></h2>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>36</span></i><i><span style='font-size:9.0pt'>, Diffie-Hellman
-Mechanisms vs. Functions</span></i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.65pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=288 valign=top style='width:215.75pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <h2 style='margin-left:0in;text-indent:0in'><span style='font-size:10.0pt'>&nbsp;</span></h2>
-   </td>
-   <td width=344 colspan=7 valign=top style='width:258.1pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=MsoNormal>Functions</p>
-   </td>
-  </tr>
-  <tr>
-   <td width=288 valign=top style='width:215.75pt;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Mechanism</span></b></p>
-   </td>
-   <td width=59 valign=top style='width:44.3pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Encrypt</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Decrypt</span></b></p>
-   </td>
-   <td width=49 valign=top style='width:36.45pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Sign</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Verify</span></b></p>
-   </td>
-   <td width=35 valign=top style='width:26.0pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>SR</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>VR</span></b><sup><span lang=SV style='font-size:10.0pt;
-   font-family:"Arial",sans-serif'>1</span></sup></p>
-   </td>
-   <td width=52 valign=top style='width:38.8pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>Digest</span></b></p>
-   </td>
-   <td width=43 valign=top style='width:31.9pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Gen.</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> Key/</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Pair</span></b></p>
-   </td>
-   <td width=58 valign=top style='width:43.85pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Wrap</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Unwrap</span></b></p>
-   </td>
-   <td width=49 valign=top style='width:36.8pt;border-top:solid black 1.0pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Derive</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=288 valign=top style='width:215.75pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_DH_PKCS_KEY_PAIR_GEN</span></p>
-  </td>
-  <td width=59 valign=top style='width:44.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:36.45pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=52 valign=top style='width:38.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=43 valign=top style='width:31.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.85pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:36.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=288 valign=top style='width:215.75pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span lang=SV style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_DH_PKCS_PARAMETER_GEN</span></p>
-  </td>
-  <td width=59 valign=top style='width:44.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:36.45pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=52 valign=top style='width:38.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=43 valign=top style='width:31.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.85pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:36.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=288 valign=top style='width:215.75pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_DH_PKCS_DERIVE</span></p>
-  </td>
-  <td width=59 valign=top style='width:44.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:36.45pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=52 valign=top style='width:38.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=43 valign=top style='width:31.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.85pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:36.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=288 valign=top style='width:215.75pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_X9_42_DH_KEY_PAIR_GEN</span></p>
-  </td>
-  <td width=59 valign=top style='width:44.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:36.45pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=52 valign=top style='width:38.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=43 valign=top style='width:31.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.85pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:36.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=288 valign=top style='width:215.75pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Tahoma",sans-serif;
-  color:black'>CKM_X9_42_DH_<span class=msoDel><del cite="mailto:Paul"
-  datetime="2016-02-01T13:21">PKCS_</del></span>PARAMETER_GEN</span></p>
-  </td>
-  <td width=59 valign=top style='width:44.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:36.45pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=52 valign=top style='width:38.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=43 valign=top style='width:31.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.85pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:36.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=288 valign=top style='width:215.75pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span lang=SV style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_X9_42_DH_DERIVE</span></p>
-  </td>
-  <td width=59 valign=top style='width:44.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:36.45pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=52 valign=top style='width:38.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=43 valign=top style='width:31.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.85pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:36.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=288 valign=top style='width:215.75pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span lang=SV style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_X9_42_DH_HYBRID_DERIVE</span></p>
-  </td>
-  <td width=59 valign=top style='width:44.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:36.45pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=52 valign=top style='width:38.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=43 valign=top style='width:31.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.85pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:36.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=288 valign=top style='width:215.75pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.5pt;border-right:
-  solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span lang=SV style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_X9_42_MQV_DERIVE</span></p>
-  </td>
-  <td width=59 valign=top style='width:44.3pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:36.45pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.0pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=52 valign=top style='width:38.8pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=43 valign=top style='width:31.9pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.85pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:36.8pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.5pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850462"></a><a name="_Toc441162384"></a><a
-name="_Toc416960025"></a><a name="_Toc437440543"></a><a name="_Toc395187779"></a><a
-name="_Toc391471141"></a><a name="_Toc370634424"></a><a name="_Toc228807198"></a><a
-name="_Toc228894672"></a><a name="_Toc72656241">2.4.1 Definitions</a><a
-name="_Toc385057993"></a><a name="_Toc405794814"></a><a name="_Toc319287660"></a><a
-name="_Toc319313501"></a><a name="_Toc319313694"></a><a name="_Toc319315687"></a><a
-name="_Toc322855285"></a><a name="_Toc322945127"></a><a name="_Toc323000694"></a><a
-name="_Toc323024088"></a><a name="_Toc323205420"></a><a name="_Toc323610850"></a><a
-name="_Toc383864857"></a><a name="_Toc385057858"></a><a name="_Toc405794678"></a></h3>
-
-<p class=MsoNormal>This section defines the key type “CKK_DH” for type CK_KEY_TYPE
-as used in the CKA_KEY_TYPE attribute of [DH] key objects.</p>
-
-<p class=MsoNormal>Mechanisms:</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_DH_PKCS_KEY_PAIR_GEN       </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_DH_PKCS_DERIVE             </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_X9_42_DH_KEY_PAIR_GEN      </p>
-
-<p class=MsoNormal style='margin-left:.5in'><span lang=SV>CKM_X9_42_DH_DERIVE           
-</span></p>
-
-<p class=MsoNormal style='margin-left:.5in'><span lang=SV>CKM_X9_42_DH_HYBRID_DERIVE    
-</span></p>
-
-<p class=MsoNormal style='margin-left:.5in'><span lang=SV>CKM_X9_42_MQV_DERIVE          
-</span></p>
-
-<p class=MsoNormal style='margin-left:.5in'><span lang=SV>CKM_DH_PKCS_PARAMETER_GEN     
-</span></p>
-
-<p class=MsoNormal style='margin-left:.5in'><span lang=SV>CKM_X9_42_DH_PARAMETER_GEN    
-</span></p>
-
-<h3><a name="_Toc441850463"></a><a name="_Toc441162385"></a><a
-name="_Toc416960026"></a><a name="_Toc437440544"></a><a name="_Toc395187780"></a><a
-name="_Toc391471142"></a><a name="_Toc370634425"></a><a name="_Toc72656242"></a><a
-name="_Toc228807199"></a><a name="_Toc228894673">2.4.2 Diffie-Hellman public
-key objects</a></h3>
-
-<p class=MsoNormal>Diffie-Hellman public key objects (object class <b>CKO_PUBLIC_KEY,
-</b>key type <b>CKK_DH</b>) hold Diffie-Hellman public keys.  The following
-table defines the Diffie-Hellman public key object attributes, in addition to
-the common attributes defined for this object class:</p>
-
-<p class=MsoCaption><a name="_Toc323204886"></a><a name="_Toc383864521"></a><a
-name="_Toc405794986"></a><a name="_Toc228807515"></a><a name="_Toc319314014"></a><a
-name="_Toc319314556"></a><a name="_Toc319314971"></a><a name="_Toc319315843">Table
-</a>37, Diffie-Hellman Public Key Object Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=198 valign=top style='width:148.5pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Attribute</span></b></p>
-   </td>
-   <td width=96 valign=top style='width:72.1pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Data type</span></b></p>
-   </td>
-   <td width=282 valign=top style='width:211.4pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=198 valign=top style='width:148.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_PRIME<sup>1,3</sup></span></p>
-  </td>
-  <td width=96 valign=top style='width:72.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=282 valign=top style='width:211.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Prime <i>p</i></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=198 valign=top style='width:148.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_BASE<sup>1,3</sup></span></p>
-  </td>
-  <td width=96 valign=top style='width:72.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=282 valign=top style='width:211.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Base <i>g</i></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=198 valign=top style='width:148.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_VALUE<sup>1,4</sup></span></p>
-  </td>
-  <td width=96 valign=top style='width:72.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=282 valign=top style='width:211.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Public value <i>y</i> </span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><span class=MsoFootnoteReference>- Refer to [PKCS #11-Base]  table
-10 for footnotes</span></p>
-
-<p class=MsoNormal>The <b>CKA_PRIME</b> and <b>CKA_BASE</b> attribute values
-are collectively the “Diffie-Hellman domain parameters”.  Depending on the
-token, there may be limits on the length of the key components. See PKCS #3 for
-more information on Diffie-Hellman keys.</p>
-
-<p class=MsoNormal>The following is a sample template for creating a
-Diffie-Hellman public key object:</p>
-
-<p class=CCode>CK_OBJECT_CLASS class = CKO_PUBLIC_KEY;</p>
-
-<p class=CCode>CK_KEY_TYPE keyType = CKK_DH;</p>
-
-<p class=CCode>CK_UTF8CHAR label[] = “A Diffie-Hellman public key object”;</p>
-
-<p class=CCode>CK_BYTE prime[] = {...};</p>
-
-<p class=CCode>CK_BYTE base[] = {...};</p>
-
-<p class=CCode>CK_BYTE value[] = {...};</p>
-
-<p class=CCode>CK_BBOOL true = CK_TRUE;</p>
-
-<p class=CCode>CK_ATTRIBUTE template[] = {</p>
-
-<p class=CCode>  {CKA_CLASS, &amp;class, sizeof(class)},</p>
-
-<p class=CCode>  {CKA_KEY_TYPE, &amp;keyType, sizeof(keyType)},</p>
-
-<p class=CCode>  {CKA_TOKEN, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_LABEL, label, sizeof(label)-1},</p>
-
-<p class=CCode>  {CKA_PRIME, prime, sizeof(prime)},</p>
-
-<p class=CCode>  {CKA_BASE, base, sizeof(base)},</p>
-
-<p class=CCode>  {CKA_VALUE, value, sizeof(value)}</p>
-
-<p class=CCode>};</p>
-
-<h3><a name="_Toc441850464"></a><a name="_Toc441162386"></a><a
-name="_Toc416960027"></a><a name="_Toc437440545"></a><a name="_Toc395187781"></a><a
-name="_Toc391471143"></a><a name="_Toc370634426"></a><a name="_Toc72656243"></a><a
-name="_Toc228807200"></a><a name="_Toc228894674">2.4.3 X9.42 Diffie-Hellman
-public key objects</a></h3>
-
-<p class=MsoNormal>X9.42 Diffie-Hellman public key objects (object class <b>CKO_PUBLIC_KEY,
-</b>key type <b>CKK_X9_42_DH</b>) hold X9.42 Diffie-Hellman public keys.  The
-following table defines the X9.42 Diffie-Hellman public key object attributes,
-in addition to the common attributes defined for this object class:</p>
-
-<p class=MsoCaption><a name="_Toc228807516">Table </a>38, X9.42 Diffie-Hellman
-Public Key Object Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=168 valign=top style='width:1.75in;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Attribute</span></b></p>
-   </td>
-   <td width=90 valign=top style='width:67.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Data type</span></b></p>
-   </td>
-   <td width=318 valign=top style='width:238.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=168 valign=top style='width:1.75in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_PRIME<sup>1,3</sup></span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=318 valign=top style='width:238.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Prime <i>p</i> (</span><span
-  style='font-size:10.0pt;font-family:Symbol'>³</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'> 1024 bits, in steps of 256 bits)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=168 valign=top style='width:1.75in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_BASE<sup>1,3</sup></span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=318 valign=top style='width:238.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Base <i>g</i></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=168 valign=top style='width:1.75in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_SUBPRIME<sup>1,3</sup></span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=318 valign=top style='width:238.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Subprime <i>q</i> (</span><span
-  style='font-size:10.0pt;font-family:Symbol'>³</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'> 160 bits)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=168 valign=top style='width:1.75in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_VALUE<sup>1,4</sup></span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=318 valign=top style='width:238.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Public value <i>y</i></span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>- <span class=MsoFootnoteReference>Refer to [PKCS
-#11-Base]  table 10 for footnotes</span></sup></p>
-
-<p class=MsoNormal>The <b>CKA_PRIME, CKA_BASE</b> and <b>CKA_SUBPRIME</b>
-attribute values are collectively the “X9.42 Diffie-Hellman domain
-parameters”.  See the ANSI X9.42 standard for more information on X9.42
-Diffie-Hellman keys.</p>
-
-<p class=MsoNormal>The following is a sample template for creating a X9.42
-Diffie-Hellman public key object:</p>
-
-<p class=CCode>CK_OBJECT_CLASS class = CKO_PUBLIC_KEY;</p>
-
-<p class=CCode>CK_KEY_TYPE keyType = CKK_X9_42_DH;</p>
-
-<p class=CCode>CK_UTF8CHAR label[] = “A X9.42 Diffie-Hellman public key
-object”;</p>
-
-<p class=CCode>CK_BYTE prime[] = {...};</p>
-
-<p class=CCode>CK_BYTE base[] = {...};</p>
-
-<p class=CCode>CK_BYTE subprime[] = {...};</p>
-
-<p class=CCode>CK_BYTE value[] = {...};</p>
-
-<p class=CCode>CK_BBOOL true = CK_TRUE;</p>
-
-<p class=CCode>CK_ATTRIBUTE template[] = {</p>
-
-<p class=CCode>  {CKA_CLASS, &amp;class, sizeof(class)},</p>
-
-<p class=CCode>  {CKA_KEY_TYPE, &amp;keyType, sizeof(keyType)},</p>
-
-<p class=CCode>  {CKA_TOKEN, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_LABEL, label, sizeof(label)-1},</p>
-
-<p class=CCode>  {CKA_PRIME, prime, sizeof(prime)},</p>
-
-<p class=CCode>  {CKA_BASE, base, sizeof(base)},</p>
-
-<p class=CCode>  {CKA_SUBPRIME, subprime, sizeof(subprime)},</p>
-
-<p class=CCode>  {CKA_VALUE, value, sizeof(value)}</p>
-
-<p class=CCode>};</p>
-
-<h3><a name="_Toc441850465"></a><a name="_Toc441162387"></a><a
-name="_Toc416960028"></a><a name="_Toc437440546"></a><a name="_Toc395187782"></a><a
-name="_Toc391471144"></a><a name="_Toc370634427"></a><a name="_Toc405794684"></a><a
-name="_Toc72656244"></a><a name="_Toc228807201"></a><a name="_Toc228894675">2.4.4
-Diffie-Hellman private key objects</a></h3>
-
-<p class=MsoNormal>Diffie-Hellman private key objects (object class <b>CKO_PRIVATE_KEY,
-</b>key type <b>CKK_DH</b>) hold Diffie-Hellman private keys.  The following
-table defines the Diffie-Hellman private key object attributes, in addition to
-the common attributes defined for this object class:</p>
-
-<p class=MsoCaption><a name="_Toc323204890"></a><a name="_Toc383864525"></a><a
-name="_Toc405794992"></a><a name="_Toc228807517"></a><a name="_Toc319314017"></a><a
-name="_Toc319314559"></a><a name="_Toc319314974"></a><a name="_Toc319315846">Table
-</a>39, Diffie-Hellman Private Key Object Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=168 valign=top style='width:1.75in;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Attribute</span></b></p>
-   </td>
-   <td width=102 valign=top style='width:76.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Data type</span></b></p>
-   </td>
-   <td width=244 valign=top style='width:183.15pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=168 valign=top style='width:1.75in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_PRIME<sup>1,4,6</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=244 valign=top style='width:183.15pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Prime <i>p</i></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=168 valign=top style='width:1.75in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_BASE<sup>1,4,6</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=244 valign=top style='width:183.15pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Base <i>g</i></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=168 valign=top style='width:1.75in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_VALUE<sup>1,4,6,7</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=244 valign=top style='width:183.15pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Private value <i>x</i></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=168 valign=top style='width:1.75in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_VALUE_BITS<sup>2,6</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_ULONG</span></p>
-  </td>
-  <td width=244 valign=top style='width:183.15pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Length in bits of private value <i>x</i></span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>- <span class=MsoFootnoteReference>Refer to [PKCS
-#11-Base]  table 10 for footnotes</span></sup></p>
-
-<p class=MsoNormal>The <b>CKA_PRIME</b> and <b>CKA_BASE</b> attribute values
-are collectively the “Diffie-Hellman domain parameters”.  Depending on the
-token, there may be limits on the length of the key components.  See PKCS #3
-for more information on Diffie-Hellman keys.</p>
-
-<p class=MsoNormal>Note that when generating a Diffie-Hellman private key, the
-Diffie-Hellman parameters are <i>not</i> specified in the key’s template.  This
-is because Diffie-Hellman private keys are only generated as part of a
-Diffie-Hellman key <i>pair</i>, and the Diffie-Hellman parameters for the pair
-are specified in the template for the Diffie-Hellman public key.</p>
-
-<p class=MsoNormal>The following is a sample template for creating a Diffie-Hellman
-private key object:</p>
-
-<p class=CCode>CK_OBJECT_CLASS class = CKO_PRIVATE_KEY;</p>
-
-<p class=CCode>CK_KEY_TYPE keyType = CKK_DH;</p>
-
-<p class=CCode>CK_UTF8CHAR label[] = “A Diffie-Hellman private key object”;</p>
-
-<p class=CCode>CK_BYTE subject[] = {...};</p>
-
-<p class=CCode>CK_BYTE id[] = {123};</p>
-
-<p class=CCode>CK_BYTE prime[] = {...};</p>
-
-<p class=CCode>CK_BYTE base[] = {...};</p>
-
-<p class=CCode>CK_BYTE value[] = {...};</p>
-
-<p class=CCode>CK_BBOOL true = CK_TRUE;</p>
-
-<p class=CCode>CK_ATTRIBUTE template[] = {</p>
-
-<p class=CCode>  {CKA_CLASS, &amp;class, sizeof(class)},</p>
-
-<p class=CCode>  {CKA_KEY_TYPE, &amp;keyType, sizeof(keyType)},</p>
-
-<p class=CCode>  {CKA_TOKEN, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_LABEL, label, sizeof(label)-1},</p>
-
-<p class=CCode>  {CKA_SUBJECT, subject, sizeof(subject)},</p>
-
-<p class=CCode>  {CKA_ID, id, sizeof(id)},</p>
-
-<p class=CCode>  {CKA_SENSITIVE, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_DERIVE, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_PRIME, prime, sizeof(prime)},</p>
-
-<p class=CCode>  <span lang=IT>{CKA_BASE, base, sizeof(base)},</span></p>
-
-<p class=CCode><span lang=IT>  </span>{CKA_VALUE, value, sizeof(value)}</p>
-
-<p class=CCode>};</p>
-
-<h3><a name="_Toc441850466"></a><a name="_Toc441162388"></a><a
-name="_Toc416960029"></a><a name="_Toc437440547"></a><a name="_Toc395187783"></a><a
-name="_Toc391471145"></a><a name="_Toc370634428"></a><a name="_Toc72656245"></a><a
-name="_Toc228807202"></a><a name="_Toc228894676">2.4.5 X9.42 Diffie-Hellman
-private key objects</a></h3>
-
-<p class=MsoNormal>X9.42 Diffie-Hellman private key objects (object class <b>CKO_PRIVATE_KEY,
-</b>key type <b>CKK_X9_42_DH</b>) hold X9.42 Diffie-Hellman private keys.  The
-following table defines the X9.42 Diffie-Hellman private key object attributes,
-in addition to the common attributes defined for this object class:</p>
-
-<p class=MsoCaption><a name="_Toc228807518">Table </a>40, X9.42 Diffie-Hellman
-Private Key Object Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=168 valign=top style='width:1.75in;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Attribute</span></b></p>
-   </td>
-   <td width=102 valign=top style='width:76.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Data type</span></b></p>
-   </td>
-   <td width=306 valign=top style='width:229.55pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=168 valign=top style='width:1.75in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_PRIME<sup>1,4,6</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=306 valign=top style='width:229.55pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Prime <i>p</i> (</span><span
-  style='font-size:10.0pt;font-family:Symbol'>³</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'> 1024 bits, in steps of 256 bits)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=168 valign=top style='width:1.75in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_BASE<sup>1,4,6</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=306 valign=top style='width:229.55pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Base <i>g</i></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=168 valign=top style='width:1.75in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_SUBPRIME<sup>1,4,6</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=306 valign=top style='width:229.55pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Subprime <i>q</i> (</span><span
-  style='font-size:10.0pt;font-family:Symbol'>³</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'> 160 bits)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=168 valign=top style='width:1.75in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_VALUE<sup>1,4,6,7</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=306 valign=top style='width:229.55pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Private value <i>x</i></span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>- <span class=MsoFootnoteReference>Refer to [PKCS
-#11-Base]  table 10 for footnotes</span></sup></p>
-
-<p class=MsoNormal>The <b>CKA_PRIME, CKA_BASE</b> and <b>CKA_SUBPRIME</b>
-attribute values are collectively the “X9.42 Diffie-Hellman domain
-parameters”.  Depending on the token, there may be limits on the length of the
-key components.  See the ANSI X9.42 standard for more information on X9.42
-Diffie-Hellman keys.</p>
-
-<p class=MsoNormal>Note that when generating a X9.42 Diffie-Hellman private key,
-the X9.42 Diffie-Hellman domain parameters are <i>not</i> specified in the
-key’s template.  This is because X9.42 Diffie-Hellman private keys are only
-generated as part of a X9.42 Diffie-Hellman key <i>pair</i>, and the X9.42
-Diffie-Hellman domain parameters for the pair are specified in the template for
-the X9.42 Diffie-Hellman public key.</p>
-
-<p class=MsoNormal>The following is a sample template for creating a X9.42
-Diffie-Hellman private key object:</p>
-
-<p class=CCode>CK_OBJECT_CLASS class = CKO_PRIVATE_KEY;</p>
-
-<p class=CCode>CK_KEY_TYPE keyType = CKK_X9_42_DH;</p>
-
-<p class=CCode style='margin-right:-.5in'>CK_UTF8CHAR label[] = “A X9.42
-Diffie-Hellman private key object”;</p>
-
-<p class=CCode>CK_BYTE subject[] = {...};</p>
-
-<p class=CCode>CK_BYTE id[] = {123};</p>
-
-<p class=CCode>CK_BYTE prime[] = {...};</p>
-
-<p class=CCode>CK_BYTE base[] = {...};</p>
-
-<p class=CCode>CK_BYTE subprime[] = {...};</p>
-
-<p class=CCode>CK_BYTE value[] = {...};</p>
-
-<p class=CCode>CK_BBOOL true = CK_TRUE;</p>
-
-<p class=CCode>CK_ATTRIBUTE template[] = {</p>
-
-<p class=CCode>  {CKA_CLASS, &amp;class, sizeof(class)},</p>
-
-<p class=CCode>  {CKA_KEY_TYPE, &amp;keyType, sizeof(keyType)},</p>
-
-<p class=CCode>  {CKA_TOKEN, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_LABEL, label, sizeof(label)-1},</p>
-
-<p class=CCode>  {CKA_SUBJECT, subject, sizeof(subject)},</p>
-
-<p class=CCode>  {CKA_ID, id, sizeof(id)},</p>
-
-<p class=CCode>  {CKA_SENSITIVE, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_DERIVE, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_PRIME, prime, sizeof(prime)},</p>
-
-<p class=CCode>  <span lang=IT>{CKA_BASE, base, sizeof(base)},</span></p>
-
-<p class=CCode><span lang=IT>  </span>{CKA_SUBPRIME, subprime,
-sizeof(subprime)},</p>
-
-<p class=CCode>  {CKA_VALUE, value, sizeof(value)}</p>
-
-<p class=CCode>};</p>
-
-<h3><a name="_Toc441850467"></a><a name="_Toc441162389"></a><a
-name="_Toc416960030"></a><a name="_Toc437440548"></a><a name="_Toc395187784"></a><a
-name="_Toc391471146"></a><a name="_Toc370634429"></a><a name="_Toc72656246"></a><a
-name="_Toc228807203"></a><a name="_Toc228894677">2.4.6 Diffie-Hellman domain
-parameter objects</a></h3>
-
-<p class=MsoNormal>Diffie-Hellman domain parameter objects (object class <b>CKO_DOMAIN_PARAMETERS,
-</b>key type <b>CKK_DH</b>) hold Diffie-Hellman domain parameters.  The
-following table defines the Diffie-Hellman domain parameter object attributes,
-in addition to the common attributes defined for this object class:</p>
-
-<p class=MsoCaption><a name="_Toc228807519">Table </a>41, Diffie-Hellman Domain
-Parameter Object Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=168 valign=top style='width:1.75in;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Attribute</span></b></p>
-   </td>
-   <td width=102 valign=top style='width:76.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Data type</span></b></p>
-   </td>
-   <td width=306 valign=top style='width:229.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=168 valign=top style='width:1.75in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_PRIME<sup>1,4</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=306 valign=top style='width:229.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Prime <i>p</i></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=168 valign=top style='width:1.75in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_BASE<sup>1,4</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=306 valign=top style='width:229.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Base <i>g</i></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=168 valign=top style='width:1.75in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_PRIME_BITS<sup>2,3</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_ULONG</span></p>
-  </td>
-  <td width=306 valign=top style='width:229.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Length of the prime value.</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>- <span class=MsoFootnoteReference>Refer to [PKCS
-#11-Base]  table 10 for footnotes</span></sup></p>
-
-<p class=MsoNormal>The <b>CKA_PRIME</b> and <b>CKA_BASE</b> attribute values
-are collectively the “Diffie-Hellman domain parameters”.  Depending on the
-token, there may be limits on the length of the key components. See PKCS #3 for
-more information on Diffie-Hellman domain parameters.</p>
-
-<p class=MsoNormal>The following is a sample template for creating a
-Diffie-Hellman domain parameter object:</p>
-
-<p class=CCode>CK_OBJECT_CLASS class = CKO_DOMAIN_PARAMETERS;</p>
-
-<p class=CCode>CK_KEY_TYPE keyType = CKK_DH;</p>
-
-<p class=CCode>CK_UTF8CHAR label[] = “A Diffie-Hellman domain parameters
-object”;</p>
-
-<p class=CCode>CK_BYTE prime[] = {...};</p>
-
-<p class=CCode>CK_BYTE base[] = {...};</p>
-
-<p class=CCode>CK_BBOOL true = CK_TRUE;</p>
-
-<p class=CCode>CK_ATTRIBUTE template[] = {</p>
-
-<p class=CCode>  {CKA_CLASS, &amp;class, sizeof(class)},</p>
-
-<p class=CCode>  {CKA_KEY_TYPE, &amp;keyType, sizeof(keyType)},</p>
-
-<p class=CCode>  {CKA_TOKEN, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_LABEL, label, sizeof(label)-1},</p>
-
-<p class=CCode>  {CKA_PRIME, prime, sizeof(prime)},</p>
-
-<p class=CCode>  {CKA_BASE, base, sizeof(base)},</p>
-
-<p class=CCode>};</p>
-
-<h3><a name="_Toc441850468"></a><a name="_Toc441162390"></a><a
-name="_Toc416960031"></a><a name="_Toc437440549"></a><a name="_Toc395187785"></a><a
-name="_Toc391471147"></a><a name="_Toc370634430"></a><a name="_Toc72656247"></a><a
-name="_Toc228807204"></a><a name="_Toc228894678">2.4.7 X9.42 Diffie-Hellman
-domain parameters objects</a></h3>
-
-<p class=MsoNormal>X9.42 Diffie-Hellman domain parameters objects (object class
-<b>CKO_DOMAIN_PARAMETERS, </b>key type <b>CKK_X9_42_DH</b>) hold X9.42
-Diffie-Hellman domain parameters.  The following table defines the X9.42
-Diffie-Hellman domain parameters object attributes, in addition to the common
-attributes defined for this object class:</p>
-
-<p class=MsoCaption><a name="_Toc228807520">Table </a>42, X9.42 Diffie-Hellman
-Domain Parameters Object Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=198 valign=top style='width:148.5pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Attribute</span></b></p>
-   </td>
-   <td width=102 valign=top style='width:76.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Data type</span></b></p>
-   </td>
-   <td width=282 valign=top style='width:211.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=198 valign=top style='width:148.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_PRIME<sup>1,4</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=282 valign=top style='width:211.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Prime <i>p</i> (</span><span
-  style='font-size:10.0pt;font-family:Symbol'>³</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'> 1024 bits, in steps of 256 bits)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=198 valign=top style='width:148.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_BASE<sup>1,4</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=282 valign=top style='width:211.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Base <i>g</i></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=198 valign=top style='width:148.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_SUBPRIME<sup>1,4</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Big integer</span></p>
-  </td>
-  <td width=282 valign=top style='width:211.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Subprime <i>q</i> (</span><span
-  style='font-size:10.0pt;font-family:Symbol'>³</span><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'> 160 bits)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=198 valign=top style='width:148.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_PRIME_BITS<sup>2,3</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_ULONG</span></p>
-  </td>
-  <td width=282 valign=top style='width:211.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Length of the prime value.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=198 valign=top style='width:148.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_SUBPRIME_BITS<sup>2,3</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_ULONG</span></p>
-  </td>
-  <td width=282 valign=top style='width:211.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Length of the subprime value.</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>- <span class=MsoFootnoteReference>Refer to [PKCS
-#11-Base]  table 10 for footnotes</span></sup></p>
-
-<p class=MsoNormal>The <b>CKA_PRIME</b>, <b>CKA_BASE</b> and <b>CKA_SUBPRIME</b>
-attribute values are collectively the “X9.42 Diffie-Hellman domain parameters”. 
-Depending on the token, there may be limits on the length of the domain
-parameters components.  See the ANSI X9.42 standard for more information on
-X9.42 Diffie-Hellman domain parameters.</p>
-
-<p class=MsoNormal>The following is a sample template for creating a X9.42
-Diffie-Hellman domain parameters object:</p>
-
-<p class=CCode>CK_OBJECT_CLASS class = CKO_DOMAIN_PARAMETERS;</p>
-
-<p class=CCode>CK_KEY_TYPE keyType = CKK_X9_42_DH;</p>
-
-<p class=CCode>CK_UTF8CHAR label[] = “A X9.42 Diffie-Hellman domain parameters
-object”;</p>
-
-<p class=CCode>CK_BYTE prime[] = {...};</p>
-
-<p class=CCode>CK_BYTE base[] = {...};</p>
-
-<p class=CCode>CK_BYTE subprime[] = {...};</p>
-
-<p class=CCode>CK_BBOOL true = CK_TRUE;</p>
-
-<p class=CCode>CK_ATTRIBUTE template[] = {</p>
-
-<p class=CCode>  {CKA_CLASS, &amp;class, sizeof(class)},</p>
-
-<p class=CCode>  {CKA_KEY_TYPE, &amp;keyType, sizeof(keyType)},</p>
-
-<p class=CCode>  {CKA_TOKEN, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_LABEL, label, sizeof(label)-1},</p>
-
-<p class=CCode>  {CKA_PRIME, prime, sizeof(prime)},</p>
-
-<p class=CCode>  {CKA_BASE, base, sizeof(base)},</p>
-
-<p class=CCode>  {CKA_SUBPRIME, subprime, sizeof(subprime)},</p>
-
-<p class=CCode>};</p>
-
-<h3><a name="_Toc441850469"></a><a name="_Toc441162391"></a><a
-name="_Toc416960032"></a><a name="_Toc437440550"></a><a name="_Toc395187786"></a><a
-name="_Toc391471148"></a><a name="_Toc370634431"></a><a name="_Toc72656248"></a><a
-name="_Toc228807205"></a><a name="_Toc228894679">2.4.8 PKCS #3 Diffie-Hellman
-key pair generation</a></h3>
-
-<p class=MsoNormal>The PKCS #3 Diffie-Hellman key pair generation mechanism,
-denoted <b>CKM_DH_PKCS_KEY_PAIR_GEN</b>, is a key pair generation mechanism based
-on Diffie-Hellman key agreement, as defined in PKCS #3.  This is what PKCS #3
-calls “phase I”.  It does not have a parameter.</p>
-
-<p class=MsoNormal>The mechanism generates Diffie-Hellman public/private key
-pairs with a particular prime and base, as specified in the <b>CKA_PRIME</b>
-and <b>CKA_BASE</b> attributes of the template for the public key. If the <b>CKA_VALUE_BITS</b>
-attribute of the private key is specified, the mechanism limits the length in
-bits of the private value, as described in PKCS #3.  </p>
-
-<p class=MsoNormal>The mechanism contributes the <b>CKA_CLASS</b>, <b>CKA_KEY_TYPE</b>,
-and <b>CKA_VALUE</b> attributes to the new public key and the <b>CKA_CLASS</b>,
-<b>CKA_KEY_TYPE</b>, <b>CKA_PRIME</b>, <b>CKA_BASE</b>, and <b>CKA_VALUE</b>
-(and the <b>CKA_VALUE_BITS</b> attribute, if it is not already provided in the
-template) attributes to the new private key; other attributes required by the
-Diffie-Hellman public and private key types must be specified in the templates.</p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-Diffie-Hellman prime sizes, in bits.</p>
-
-<h3><a name="_Toc441850470"></a><a name="_Toc441162392"></a><a
-name="_Toc416960033"></a><a name="_Toc437440551"></a><a name="_Toc395187787"></a><a
-name="_Toc391471149"></a><a name="_Toc370634432"></a><a name="_Toc72656249"></a><a
-name="_Toc228807206"></a><a name="_Toc228894680">2.4.9 PKCS #3 Diffie-Hellman
-domain parameter generation</a></h3>
-
-<p class=MsoNormal>The PKCS #3 Diffie-Hellman domain parameter generation
-mechanism, denoted <b>CKM_DH_PKCS_PARAMETER_GEN</b>, is a domain parameter
-generation mechanism based on Diffie-Hellman key agreement, as defined in PKCS
-#3.</p>
-
-<p class=MsoNormal>It does not have a parameter.</p>
-
-<p class=MsoNormal>The mechanism generates Diffie-Hellman domain parameters
-with a particular prime length in bits, as specified in the <b>CKA_PRIME_BITS</b>
-attribute of the template.</p>
-
-<p class=MsoNormal>The mechanism contributes the <b>CKA_CLASS</b>, <b>CKA_KEY_TYPE</b>,
-<b>CKA_PRIME</b>, <b>CKA_BASE, </b>and<b> CKA_PRIME_BITS</b> attributes to the
-new object. Other attributes supported by the Diffie-Hellman domain parameter
-types may also be specified in the template, or else are assigned default
-initial values.</p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-Diffie-Hellman prime sizes, in bits.</p>
-
-<h3><a name="_Toc441850471"></a><a name="_Toc441162393"></a><a
-name="_Toc416960034"></a><a name="_Toc437440552"></a><a name="_Toc395187788"></a><a
-name="_Toc391471150"></a><a name="_Toc370634433"></a><a name="_Toc322855317"></a><a
-name="_Toc322945159"></a><a name="_Toc323000726"></a><a name="_Toc323024177"></a><a
-name="_Toc323205511"></a><a name="_Toc323610940"></a><a name="_Toc383864957"></a><a
-name="_Toc385057994"></a><a name="_Toc405794815"></a><a name="_Toc72656250"></a><a
-name="_Toc228807207"></a><a name="_Toc228894681">2.4.10 PKCS #3 Diffie-Hellman
-key derivation</a></h3>
-
-<p class=MsoNormal>The PKCS #3 Diffie-Hellman key derivation mechanism, denoted
-<b>CKM_DH_PKCS_DERIVE</b>, is a mechanism for key derivation based on
-Diffie-Hellman key agreement, as defined in PKCS #3. This is what PKCS #3 calls
-“phase II”.</p>
-
-<p class=MsoNormal>It has a parameter, which is the public value of the other
-party in the key agreement protocol, represented as a Cryptoki “Big integer” (<i>i.e.</i>,
-a sequence of bytes, most-significant byte first).</p>
-
-<p class=MsoNormal>This mechanism derives a secret key from a Diffie-Hellman
-private key and the public value of the other party.  It computes a
-Diffie-Hellman secret value from the public value and private key according to
-PKCS #3, and truncates the result according to the <b>CKA_KEY_TYPE</b>
-attribute of the template and, if it has one and the key type supports it, the <b>CKA_VALUE_LEN</b>
-attribute of the template. (The truncation removes bytes from the leading end
-of the secret value.) The mechanism contributes the result as the <b>CKA_VALUE</b>
-attribute of the new key; other attributes required by the key type must be
-specified in the template.</p>
-
-<p class=MsoNormal>This mechanism has the following rules about key sensitivity
-and extractability<a href="#_ftn2" name="_ftnref2" title=""><span
-class=MsoFootnoteReference><span class=MsoFootnoteReference><span
-style='font-size:10.0pt;font-family:"Arial",sans-serif'>[2]</span></span></span></a>:</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>The <b>CKA_SENSITIVE</b> and <b>CKA_EXTRACTABLE</b> attributes in
-the template for the new key can both be specified to be either CK_TRUE or
-CK_FALSE.  If omitted, these attributes each take on some default value.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If the base key has its <b>CKA_ALWAYS_SENSITIVE</b> attribute set
-to CK_FALSE, then the derived key will as well.  If the base key has its <b>CKA_ALWAYS_SENSITIVE</b>
-attribute set to CK_TRUE, then the derived key has its <b>CKA_ALWAYS_SENSITIVE</b>
-attribute set to the same value as its <b>CKA_SENSITIVE</b> attribute.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>Similarly, if the base key has its <b>CKA_NEVER_EXTRACTABLE</b>
-attribute set to CK_FALSE, then the derived key will, too.  If the base key has
-its <b>CKA_NEVER_EXTRACTABLE</b> attribute set to CK_TRUE, then the derived key
-has its <b>CKA_NEVER_EXTRACTABLE</b> attribute set to the <i>opposite</i> value
-from its <b>CKA_EXTRACTABLE</b> attribute.</p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-Diffie-Hellman prime sizes, in bits.</p>
-
-<h3><a name="_Toc441850472"></a><a name="_Toc441162394"></a><a
-name="_Toc416960035"></a><a name="_Toc437440553"></a><a name="_Toc395187789"></a><a
-name="_Toc391471151"></a><a name="_Toc370634434"></a><a name="_Toc72656253"></a><a
-name="_Toc228807208"></a><a name="_Toc228894682">2.4.11 X9.42 Diffie-Hellman
-mechanism parameters</a></h3>
-
-<p class=MsoNormal style='margin-top:0in;margin-right:0in;margin-bottom:12.0pt;
-margin-left:.25in;text-align:justify;text-indent:-.25in;page-break-after:avoid'><span
-style='font-family:Symbol'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><b>CK_X9_42_DH_KDF_TYPE, CK_X9_42_DH_KDF_TYPE_PTR</b></p>
-
-<p class=MsoNormal><b>CK_X9_42_DH_KDF_TYPE</b> is used to indicate the Key
-Derivation Function (KDF) applied to derive keying data from a shared secret. 
-The key derivation function will be used by the X9.42 Diffie-Hellman key
-agreement schemes.  It is defined as follows:</p>
-
-<p class=CCode>typedef CK_ULONG CK_X9_42_DH_KDF_TYPE;</p>
-
-<p class=CCode><span style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=MsoNormal>The following table lists the defined functions.</p>
-
-<p class=MsoCaption><a name="_Toc228807521">Table </a>43, X9.42 Diffie-Hellman
-Key Derivation Functions</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <tr>
-  <td width=300 valign=top style='width:225.0pt;border:solid windowtext 1.5pt;
-  border-bottom:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Source
-  Identifier</span></b></p>
-  </td>
- </tr>
- <tr>
-  <td width=300 valign=top style='width:225.0pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.0pt;border-right:
-  solid windowtext 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKD_NULL</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=300 valign=top style='width:225.0pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.0pt;border-right:
-  solid windowtext 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKD_SHA1_KDF_ASN1</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=300 valign=top style='width:225.0pt;border:solid windowtext 1.5pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKD_SHA1_KDF_CONCATENATE</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>The key derivation function <b>CKD_NULL</b> produces a raw
-shared secret value without applying any key derivation function whereas the
-key derivation functions <b>CKD_SHA1_KDF_ASN1</b> and <b>CKD_SHA1_KDF_CONCATENATE</b>,
-which are both based on SHA-1, derive keying data from the shared secret value
-as defined in the ANSI X9.42 standard.</p>
-
-<p class=MsoNormal><b>CK_X9_42_DH_KDF_TYPE_PTR</b> is a pointer to a <b>CK_X9_42_DH_KDF_TYPE</b>.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc72656254"></a><a name="_Toc228807209"><span lang=X-NONE
-style='font-family:Symbol'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;
-</span></span><span lang=X-NONE style='font-family:"Arial",sans-serif'>CK_X9_42_DH1_DERIVE_PARAMS,
-CK_X9_42_DH1_DERIVE_PARAMS_PTR</span></a></p>
-
-<p class=MsoNormal><b>CK_X9_42_DH1_DERIVE_PARAMS</b> is a structure that provides
-the parameters to the <b>CKM_X9_42_DH_DERIVE</b> key derivation mechanism,
-where each party contributes one key pair.  The structure is defined as
-follows:</p>
-
-<p class=CCode>typedef struct CK_X9_42_DH1_DERIVE_PARAMS {</p>
-
-<p class=CCode>   CK_X9_42_DH_KDF_TYPE kdf;</p>
-
-<p class=CCode>   CK_ULONG ulOtherInfoLen;</p>
-
-<p class=CCode>   CK_BYTE_PTR pOtherInfo;</p>
-
-<p class=CCode>   CK_ULONG ulPublicDataLen;</p>
-
-<p class=CCode>   CK_BYTE_PTR pPublicData;</p>
-
-<p class=CCode>} CK_X9_42_DH1_DERIVE_PARAMS;</p>
-
-<p class=CCode>&nbsp;</p>
-
-<p class=MsoNormal>The fields of the structure have the following meanings:</p>
-
-<p class=definition0>                                            kdf       key
-derivation function used on the shared secret value</p>
-
-<p class=definition0>                           ulOtherInfoLen       the length
-in bytes of the other info</p>
-
-<p class=definition0>                                 pOtherInfo       some
-data shared between the two parties</p>
-
-<p class=definition0>                         ulPublicDataLen       the length
-in bytes of the other party’s X9.42 Diffie-Hellman public key</p>
-
-<p class=definition0>                               pPublicData       pointer
-to other party’s X9.42 Diffie-Hellman public key value</p>
-
-<p class=MsoNormal>With the key derivation function <b>CKD_NULL</b>, <i>pOtherInfo</i>
-must be NULL and <i>ulOtherInfoLen</i> must be zero.  With the key derivation
-function <b>CKD_SHA1_KDF_ASN1</b>, <i>pOtherInfo</i> must be supplied, which
-contains an octet string, specified in ASN.1 DER encoding, consisting of
-mandatory and optional data shared by the two parties intending to share the
-shared secret.  With the key derivation function <b>CKD_SHA1_KDF_CONCATENATE</b>,
-an optional <i>pOtherInfo</i> may be supplied, which consists of some data
-shared by the two parties intending to share the shared secret.  Otherwise, <i>pOtherInfo</i>
-must be NULL and <i>ulOtherInfoLen</i> must be zero.</p>
-
-<p class=MsoNormal><b>CK_X9_42_DH1_DERIVE_PARAMS_PTR</b> is a pointer to a <b>CK_X9_42_DH1_DERIVE_PARAMS</b>.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc72656255"></a><a name="_Toc228807210"><span lang=X-NONE
-style='font-family:Symbol;font-weight:normal'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span lang=X-NONE style='font-family:"Arial",sans-serif'>CK_X9_42_DH2_DERIVE_PARAMS,
-CK_X9_42_DH2_DERIVE_PARAMS_PTR</span></a></p>
-
-<p class=MsoNormal><b>CK_X9_42_DH2_DERIVE_PARAMS</b> is a structure that
-provides the parameters to the <b>CKM_X9_42_DH_HYBRID_DERIVE</b> and <b>CKM_X9_42_MQV_DERIVE</b>
-key derivation mechanisms, where each party contributes two key pairs.  The
-structure is defined as follows:</p>
-
-<p class=CCode>typedef struct CK_X9_42_DH2_DERIVE_PARAMS {</p>
-
-<p class=CCode>   CK_X9_42_DH_KDF_TYPE kdf;</p>
-
-<p class=CCode>   CK_ULONG ulOtherInfoLen;</p>
-
-<p class=CCode>   CK_BYTE_PTR pOtherInfo;</p>
-
-<p class=CCode>   CK_ULONG ulPublicDataLen;</p>
-
-<p class=CCode>   CK_BYTE_PTR pPublicData;</p>
-
-<p class=CCode>   CK_ULONG ulPrivateDataLen;</p>
-
-<p class=CCode>   CK_OBJECT_HANDLE hPrivateData;</p>
-
-<p class=CCode>   CK_ULONG ulPublicDataLen2;</p>
-
-<p class=CCode>   CK_BYTE_PTR pPublicData2;</p>
-
-<p class=CCode>} CK_X9_42_DH2_DERIVE_PARAMS;</p>
-
-<p class=CCode><span style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=MsoNormal>The fields of the structure have the following meanings:</p>
-
-<p class=definition0>                                            kdf       key
-derivation function used on the shared secret value</p>
-
-<p class=definition0>                           ulOtherInfoLen       the length
-in bytes of the other info</p>
-
-<p class=definition0>                                 pOtherInfo       some
-data shared between the two parties</p>
-
-<p class=definition0>                         ulPublicDataLen       the length
-in bytes of the other party’s first X9.42 Diffie-Hellman public key</p>
-
-<p class=definition0>                               pPublicData       pointer
-to other party’s first X9.42 Diffie-Hellman public key value</p>
-
-<p class=definition0>                       ulPrivateDataLen       the length
-in bytes of the second X9.42 Diffie-Hellman private key</p>
-
-<p class=definition0>                             hPrivateData       key handle
-for second X9.42 Diffie-Hellman private key value</p>
-
-<p class=definition0>                       ulPublicDataLen2       the length
-in bytes of the other party’s second X9.42 Diffie-Hellman public key</p>
-
-<p class=definition0>                             pPublicData2       pointer to
-other party’s second X9.42 Diffie-Hellman public key value</p>
-
-<p class=MsoNormal>With the key derivation function <b>CKD_NULL</b>, <i>pOtherInfo</i>
-must be NULL and <i>ulOtherInfoLen</i> must be zero.  With the key derivation
-function <b>CKD_SHA1_KDF_ASN1</b>, <i>pOtherInfo</i> must be supplied, which
-contains an octet string, specified in ASN.1 DER encoding, consisting of
-mandatory and optional data shared by the two parties intending to share the
-shared secret.  With the key derivation function <b>CKD_SHA1_KDF_CONCATENATE</b>,
-an optional <i>pOtherInfo</i> may be supplied, which consists of some data
-shared by the two parties intending to share the shared secret.  Otherwise, <i>pOtherInfo</i>
-must be NULL and <i>ulOtherInfoLen</i> must be zero.</p>
-
-<p class=MsoNormal><b>CK_X9_42_DH2_DERIVE_PARAMS_PTR</b> is a pointer to a <b>CK_X9_42_DH2_DERIVE_PARAMS</b>.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc72656256"></a><a name="_Toc228807211"><span lang=X-NONE
-style='font-family:Symbol;font-weight:normal'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span lang=X-NONE style='font-family:"Arial",sans-serif'>CK_X9_42_MQV_DERIVE_PARAMS,
-CK_X9_42_MQV_DERIVE_PARAMS_PTR</span></a></p>
-
-<p class=MsoNormal><b>CK_X9_42_MQV_DERIVE_PARAMS</b> is a structure that
-provides the parameters to the <b>CKM_X9_42_MQV_DERIVE</b> key derivation
-mechanism, where each party contributes two key pairs.  The structure is
-defined as follows:</p>
-
-<p class=CCode>typedef struct CK_X9_42_MQV_DERIVE_PARAMS {</p>
-
-<p class=CCode>   CK_X9_42_DH_KDF_TYPE kdf;</p>
-
-<p class=CCode>   CK_ULONG ulOtherInfoLen;</p>
-
-<p class=CCode>   CK_BYTE_PTR pOtherInfo;</p>
-
-<p class=CCode>   CK_ULONG ulPublicDataLen;</p>
-
-<p class=CCode>   CK_BYTE_PTR pPublicData;</p>
-
-<p class=CCode>   CK_ULONG ulPrivateDataLen;</p>
-
-<p class=CCode>   CK_OBJECT_HANDLE hPrivateData;</p>
-
-<p class=CCode>   CK_ULONG ulPublicDataLen2;</p>
-
-<p class=CCode>   CK_BYTE_PTR pPublicData2;</p>
-
-<p class=CCode>   CK_OBJECT_HANDLE publicKey;</p>
-
-<p class=CCode>} CK_X9_42_MQV_DERIVE_PARAMS;</p>
-
-<p class=CCode>&nbsp;</p>
-
-<p class=MsoNormal style='page-break-after:avoid'>The fields of the structure
-have the following meanings:</p>
-
-<p class=definition0>                                            kdf       key
-derivation function used on the shared secret value</p>
-
-<p class=definition0>                           ulOtherInfoLen       the length
-in bytes of the other info</p>
-
-<p class=definition0>                                 pOtherInfo       some
-data shared between the two parties</p>
-
-<p class=definition0>                         ulPublicDataLen       the length
-in bytes of the other party’s first X9.42 Diffie-Hellman public key</p>
-
-<p class=definition0>                               pPublicData       pointer
-to other party’s first X9.42 Diffie-Hellman public key value</p>
-
-<p class=definition0>                       ulPrivateDataLen       the length
-in bytes of the second X9.42 Diffie-Hellman private key</p>
-
-<p class=definition0>                             hPrivateData       key handle
-for second X9.42 Diffie-Hellman private key value</p>
-
-<p class=definition0>                       ulPublicDataLen2       the length
-in bytes of the other party’s second X9.42 Diffie-Hellman public key</p>
-
-<p class=definition0>                             pPublicData2       pointer to
-other party’s second X9.42 Diffie-Hellman public key value</p>
-
-<p class=definition0>                                  publicKey       Handle
-to the first party’s ephemeral public key</p>
-
-<p class=MsoNormal>With the key derivation function <b>CKD_NULL</b>, <i>pOtherInfo</i>
-must be NULL and <i>ulOtherInfoLen</i> must be zero.  With the key derivation
-function <b>CKD_SHA1_KDF_ASN1</b>, <i>pOtherInfo</i> must be supplied, which
-contains an octet string, specified in ASN.1 DER encoding, consisting of
-mandatory and optional data shared by the two parties intending to share the
-shared secret.  With the key derivation function <b>CKD_SHA1_KDF_CONCATENATE</b>,
-an optional <i>pOtherInfo</i> may be supplied, which consists of some data
-shared by the two parties intending to share the shared secret.  Otherwise, <i>pOtherInfo</i>
-must be NULL and <i>ulOtherInfoLen</i> must be zero.</p>
-
-<p class=MsoNormal><b>CK_X9_42_MQV_DERIVE_PARAMS_PTR</b> is a pointer to a <b>CK_X9_42_MQV_DERIVE_PARAMS</b>.</p>
-
-<h3><a name="_Toc441850473"></a><a name="_Toc441162395"></a><a
-name="_Toc416960036"></a><a name="_Toc437440554"></a><a name="_Toc395187790"></a><a
-name="_Toc391471152"></a><a name="_Toc370634435"></a><a name="_Toc72656257"></a><a
-name="_Toc228807212"></a><a name="_Toc228894683">2.4.12 X9.42 Diffie-Hellman
-key pair generation</a></h3>
-
-<p class=MsoNormal>The X9.42 Diffie-Hellman key pair generation mechanism,
-denoted <b>CKM_X9_42_DH_KEY_PAIR_GEN</b>, is a key pair generation mechanism
-based on Diffie-Hellman key agreement, as defined in the ANSI X9.42 standard.</p>
-
-<p class=MsoNormal>It does not have a parameter.</p>
-
-<p class=MsoNormal>The mechanism generates X9.42 Diffie-Hellman public/private
-key pairs with a particular prime, base and subprime, as specified in the <b>CKA_PRIME</b>,
-<b>CKA_BASE</b> and <b>CKA_SUBPRIME</b> attributes of the template for the
-public key. </p>
-
-<p class=MsoNormal>The mechanism contributes the <b>CKA_CLASS</b>, <b>CKA_KEY_TYPE</b>,
-and <b>CKA_VALUE</b> attributes to the new public key and the <b>CKA_CLASS</b>,
-<b>CKA_KEY_TYPE</b>, <b>CKA_PRIME</b>, <b>CKA_BASE</b>, <b>CKA_SUBPRIME</b>,
-and <b>CKA_VALUE</b> attributes to the new private key; other attributes
-required by the X9.42 Diffie-Hellman public and private key types must be
-specified in the templates.</p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-X9.42 Diffie-Hellman prime sizes, in bits, for the <b>CKA_PRIME</b> attribute.</p>
-
-<h3><a name="_Toc441850474"></a><a name="_Toc441162396"></a><a
-name="_Toc416960037"></a><a name="_Toc437440555"></a><a name="_Toc395187791"></a><a
-name="_Toc391471153"></a><a name="_Toc370634436"></a><a name="_Toc72656258"></a><a
-name="_Toc228807213"></a><a name="_Toc228894684">2.4.13 X9.42 Diffie-Hellman
-domain parameter generation</a></h3>
-
-<p class=MsoNormal>The X9.42 Diffie-Hellman domain parameter generation
-mechanism, denoted <b>CKM_X9_42_DH_PARAMETER_GEN</b>, is a domain parameters
-generation mechanism based on X9.42 Diffie-Hellman key agreement, as defined in
-the ANSI X9.42 standard.</p>
-
-<p class=MsoNormal>It does not have a parameter.</p>
-
-<p class=MsoNormal>The mechanism generates X9.42 Diffie-Hellman domain
-parameters with particular prime and subprime length in bits, as specified in
-the <b>CKA_PRIME_BITS</b> and <b>CKA_SUBPRIME_BITS</b> attributes of the
-template for the domain parameters.</p>
-
-<p class=MsoNormal>The mechanism contributes the <b>CKA_CLASS</b>, <b>CKA_KEY_TYPE</b>,
-<b>CKA_PRIME</b>, <b>CKA_BASE, CKA_SUBPRIME</b>, <b>CKA_PRIME_BITS</b> and<b>
-CKA_SUBPRIME_BITS</b> attributes to the new object.  Other attributes supported
-by the X9.42 Diffie-Hellman domain parameter types may also be specified in the
-template for the domain parameters, or else are assigned default initial
-values.</p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-X9.42 Diffie-Hellman prime sizes, in bits.</p>
-
-<h3><a name="_Toc441850475"></a><a name="_Toc441162397"></a><a
-name="_Toc416960038"></a><a name="_Toc437440556"></a><a name="_Toc395187792"></a><a
-name="_Toc391471154"></a><a name="_Toc370634437"></a><a name="_Toc72656259"></a><a
-name="_Toc228807214"></a><a name="_Toc228894685">2.4.14 X9.42 Diffie-Hellman
-key derivation</a></h3>
-
-<p class=MsoNormal>The X9.42 Diffie-Hellman key derivation mechanism, denoted <b>CKM_X9_42_DH_DERIVE</b>,
-is a mechanism for key derivation based on the Diffie-Hellman key agreement
-scheme, as defined in the ANSI X9.42 standard, where each party contributes one
-key pair, all using the same X9.42 Diffie-Hellman domain parameters.</p>
-
-<p class=MsoNormal>It has a parameter, a <b>CK_X9_42_DH1_DERIVE_PARAMS</b>
-structure.</p>
-
-<p class=MsoNormal>This mechanism derives a secret value, and truncates the
-result according to the <b>CKA_KEY_TYPE</b> attribute of the template and, if
-it has one and the key type supports it, the <b>CKA_VALUE_LEN</b> attribute of
-the template.  (The truncation removes bytes from the leading end of the secret
-value.)  The mechanism contributes the result as the <b>CKA_VALUE</b> attribute
-of the new key; other attributes required by the key type must be specified in
-the template. Note that in order to validate this mechanism it may be required
-to use the <b>CKA_VALUE</b> attribute as the key of a general-length MAC
-mechanism (e.g. <b>CKM_SHA_1_HMAC_GENERAL</b>) over some test data.</p>
-
-<p class=MsoNormal>This mechanism has the following rules about key sensitivity
-and extractability:</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-size:12.0pt;font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>The <b>CKA_SENSITIVE</b> and <b>CKA_EXTRACTABLE</b> attributes in
-the template for the new key can both be specified to be either CK_TRUE or
-CK_FALSE.  If omitted, these attributes each take on some default value.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-size:12.0pt;font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If the base key has its <b>CKA_ALWAYS_SENSITIVE</b> attribute set
-to CK_FALSE, then the derived key will as well.  If the base key has its <b>CKA_ALWAYS_SENSITIVE</b>
-attribute set to CK_TRUE, then the derived key has its <b>CKA_ALWAYS_SENSITIVE</b>
-attribute set to the same value as its <b>CKA_SENSITIVE</b> attribute.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-size:12.0pt;font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>Similarly, if the base key has its <b>CKA_NEVER_EXTRACTABLE</b>
-attribute set to CK_FALSE, then the derived key will, too.  If the base key has
-its <b>CKA_NEVER_EXTRACTABLE</b> attribute set to CK_TRUE, then the derived key
-has its <b>CKA_NEVER_EXTRACTABLE</b> attribute set to the <i>opposite</i> value
-from its <b>CKA_EXTRACTABLE</b> attribute.</p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-X9.42 Diffie-Hellman prime sizes, in bits, for the <b>CKA_PRIME</b> attribute.</p>
-
-<h3><a name="_Toc441850476"></a><a name="_Toc441162398"></a><a
-name="_Toc416960039"></a><a name="_Toc437440557"></a><a name="_Toc395187793"></a><a
-name="_Toc391471155"></a><a name="_Toc370634438"></a><a name="_Toc72656260"></a><a
-name="_Toc228807215"></a><a name="_Toc228894686">2.4.15 X9.42 Diffie-Hellman
-hybrid key derivation</a></h3>
-
-<p class=MsoNormal>The X9.42 Diffie-Hellman hybrid key derivation mechanism,
-denoted <b>CKM_X9_42_DH_HYBRID_DERIVE</b>, is a mechanism for key derivation
-based on the Diffie-Hellman hybrid key agreement scheme, as defined in the ANSI
-X9.42 standard, where each party contributes two key pair, all using the same
-X9.42 Diffie-Hellman domain parameters.</p>
-
-<p class=MsoNormal>It has a parameter, a <b>CK_X9_42_DH2_DERIVE_PARAMS</b>
-structure.</p>
-
-<p class=MsoNormal>This mechanism derives a secret value, and truncates the
-result according to the <b>CKA_KEY_TYPE</b> attribute of the template and, if
-it has one and the key type supports it, the <b>CKA_VALUE_LEN</b> attribute of
-the template.  (The truncation removes bytes from the leading end of the secret
-value.)  The mechanism contributes the result as the <b>CKA_VALUE</b> attribute
-of the new key; other attributes required by the key type must be specified in
-the template. Note that in order to validate this mechanism it may be required
-to use the <b>CKA_VALUE</b> attribute as the key of a general-length MAC
-mechanism (e.g. <b>CKM_SHA_1_HMAC_GENERAL</b>) over some test data.</p>
-
-<p class=MsoNormal>This mechanism has the following rules about key sensitivity
-and extractability:</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>The <b>CKA_SENSITIVE</b> and <b>CKA_EXTRACTABLE</b> attributes in
-the template for the new key can both be specified to be either CK_TRUE or
-CK_FALSE.  If omitted, these attributes each take on some default value.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If the base key has its <b>CKA_ALWAYS_SENSITIVE</b> attribute set
-to CK_FALSE, then the derived key will as well.  If the base key has its <b>CKA_ALWAYS_SENSITIVE</b>
-attribute set to CK_TRUE, then the derived key has its <b>CKA_ALWAYS_SENSITIVE</b>
-attribute set to the same value as its <b>CKA_SENSITIVE</b> attribute.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>Similarly, if the base key has its <b>CKA_NEVER_EXTRACTABLE</b>
-attribute set to CK_FALSE, then the derived key will, too.  If the base key has
-its <b>CKA_NEVER_EXTRACTABLE</b> attribute set to CK_TRUE, then the derived key
-has its <b>CKA_NEVER_EXTRACTABLE</b> attribute set to the <i>opposite</i> value
-from its <b>CKA_EXTRACTABLE</b> attribute.</p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-X9.42 Diffie-Hellman prime sizes, in bits, for the <b>CKA_PRIME</b> attribute.</p>
-
-<h3><a name="_Toc441850477"></a><a name="_Toc441162399"></a><a
-name="_Toc416960040"></a><a name="_Toc437440558"></a><a name="_Toc395187794"></a><a
-name="_Toc391471156"></a><a name="_Toc370634439"></a><a name="_Toc72656261"></a><a
-name="_Toc228807216"></a><a name="_Toc228894687">2.4.16 X9.42 Diffie-Hellman
-Menezes-Qu-Vanstone key derivation</a></h3>
-
-<p class=MsoNormal>The X9.42 Diffie-Hellman Menezes-Qu-Vanstone (MQV) key
-derivation mechanism, denoted <b>CKM_X9_42_MQV_DERIVE</b>, is a mechanism for
-key derivation based the MQV scheme, as defined in the ANSI X9.42 standard,
-where each party contributes two key pairs, all using the same X9.42
-Diffie-Hellman domain parameters.</p>
-
-<p class=MsoNormal>It has a parameter, a <b>CK_X9_42_MQV_DERIVE_PARAMS </b>structure.</p>
-
-<p class=MsoNormal>This mechanism derives a secret value, and truncates the
-result according to the <b>CKA_KEY_TYPE</b> attribute of the template and, if
-it has one and the key type supports it, the <b>CKA_VALUE_LEN</b> attribute of
-the template.  (The truncation removes bytes from the leading end of the secret
-value.) The mechanism contributes the result as the <b>CKA_VALUE</b> attribute
-of the new key; other attributes required by the key type must be specified in
-the template. Note that in order to validate this mechanism it may be required
-to use the <b>CKA_VALUE</b> attribute as the key of a general-length MAC
-mechanism (e.g. <b>CKM_SHA_1_HMAC_GENERAL</b>) over some test data.</p>
-
-<p class=MsoNormal>This mechanism has the following rules about key sensitivity
-and extractability:</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>The <b>CKA_SENSITIVE</b> and <b>CKA_EXTRACTABLE</b> attributes in
-the template for the new key can both be specified to be either CK_TRUE or
-CK_FALSE.  If omitted, these attributes each take on some default value.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If the base key has its <b>CKA_ALWAYS_SENSITIVE</b> attribute set
-to CK_FALSE, then the derived key will as well.  If the base key has its <b>CKA_ALWAYS_SENSITIVE</b>
-attribute set to CK_TRUE, then the derived key has its <b>CKA_ALWAYS_SENSITIVE</b>
-attribute set to the same value as its <b>CKA_SENSITIVE</b> attribute.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>Similarly, if the base key has its <b>CKA_NEVER_EXTRACTABLE</b>
-attribute set to CK_FALSE, then the derived key will, too.  If the base key has
-its <b>CKA_NEVER_EXTRACTABLE</b> attribute set to CK_TRUE, then the derived key
-has its <b>CKA_NEVER_EXTRACTABLE</b> attribute set to the <i>opposite</i> value
-from its <b>CKA_EXTRACTABLE</b> attribute.</p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-X9.42 Diffie-Hellman prime sizes, in bits, for the <b>CKA_PRIME</b> attribute.<a
-name="_Toc322855318"></a><a name="_Toc322945160"></a><a name="_Toc323000727"></a><a
-name="_Toc323024178"></a><a name="_Toc323205512"></a><a name="_Toc323610941"></a><a
-name="_Toc383864958"></a></p>
-
-<h2><a name="_Toc323624147"></a><a name="_Toc385058007"></a><a
-name="_Toc405794821"></a><a name="_Toc441850478"></a><a name="_Toc441162400"></a><a
-name="_Toc416960041"></a><a name="_Toc437440559"></a><a name="_Toc395187795"></a><a
-name="_Toc391471157"></a><a name="_Toc370634440"></a><a name="_Ref42317544"></a><a
-name="_Ref42317715"></a><a name="_Ref42317763"></a><a name="_Ref42317804"></a><a
-name="_Toc72656270"></a><a name="_Toc228807217"></a><a name="_Toc228894688">2.5
-Wrapping/unwrapping private keys</a></h2>
-
-<p class=MsoNormal>Cryptoki Versions 2.01 and up allow the use of secret keys
-for wrapping and unwrapping RSA private keys, Diffie-Hellman private keys,
-X9.42 Diffie-Hellman private keys, EC (also related to ECDSA) private keys and
-DSA private keys.  For wrapping, a private key is BER-encoded according to PKCS
-#8’s PrivateKeyInfo ASN.1 type.  PKCS #8 requires an algorithm identifier for
-the type of the private key.  The object identifiers for the required algorithm
-identifiers are as follows:</p>
-
-<p class=CCode>rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 }</p>
-
-<p class=CCode>&nbsp;</p>
-
-<p class=CCode>dhKeyAgreement OBJECT IDENTIFIER ::= { pkcs-3 1 }</p>
-
-<p class=CCode>&nbsp;</p>
-
-<p class=CCode>dhpublicnumber OBJECT IDENTIFIER ::= { iso(1) member-body(2)
-us(840) ansi-x942(10046) number-type(2) 1 }</p>
-
-<p class=CCode>&nbsp;</p>
-
-<p class=CCode>id-ecPublicKey OBJECT IDENTIFIER ::= { <span style='layout-grid-mode:
-line'>iso(1) member-body(2) us(840) ansi-x9-62(10045) publicKeyType(2) 1 }</span></p>
-
-<p class=CCode>&nbsp;</p>
-
-<p class=CCode>id-dsa OBJECT IDENTIFIER ::= {</p>
-
-<p class=CCode>  iso(1) member-body(2) us(840) x9-57(10040) x9cm(4) 1 }</p>
-
-<p class=CCode>&nbsp;</p>
-
-<p class=CCode>where</p>
-
-<p class=CCode>pkcs-1 OBJECT IDENTIFIER ::= {</p>
-
-<p class=CCode>  iso(1) member-body(2) US(840) rsadsi(113549) pkcs(1) 1 }</p>
-
-<p class=CCode>&nbsp;</p>
-
-<p class=CCode>pkcs-3 OBJECT IDENTIFIER ::= {</p>
-
-<p class=CCode>  iso(1) member-body(2) US(840) rsadsi(113549) pkcs(1) 3 }</p>
-
-<p class=CCode>&nbsp;</p>
-
-<p class=CCode>These parameters for the algorithm identifiers have the
-following types, respectively:</p>
-
-<p class=CCode>NULL</p>
-
-<p class=CCode>&nbsp;</p>
-
-<p class=CCode>DHParameter ::= SEQUENCE {</p>
-
-<p class=CCode>  prime              INTEGER,  -- p</p>
-
-<p class=CCode>  base               INTEGER,  -- g</p>
-
-<p class=CCode>  privateValueLength  INTEGER OPTIONAL</p>
-
-<p class=CCode>}</p>
-
-<p class=CCode>&nbsp;</p>
-
-<p class=CCode>DomainParameters ::= SEQUENCE {</p>
-
-<p class=CCode>  prime              INTEGER,  -- p</p>
-
-<p class=CCode>  base               INTEGER,  -- g</p>
-
-<p class=CCode>  subprime            INTEGER,  -- q</p>
-
-<p class=CCode>  cofactor            INTEGER OPTIONAL,  -- j</p>
-
-<p class=CCode>  validationParms     ValidationParms OPTIONAL</p>
-
-<p class=CCode>}</p>
-
-<p class=CCode>&nbsp;</p>
-
-<p class=CCode>ValidationParms ::= SEQUENCE {</p>
-
-<p class=CCode>  Seed           BIT STRING, -- seed</p>
-
-<p class=CCode>  PGenCounter    INTEGER     -- parameter verification</p>
-
-<p class=CCode>}</p>
-
-<p class=CCode>&nbsp;</p>
-
-<p class=CCode>Parameters ::= CHOICE {</p>
-
-<p class=CCode>  ecParameters   ECParameters,</p>
-
-<p class=CCode>  namedCurve     CURVES.&amp;id({CurveNames}),</p>
-
-<p class=CCode>  implicitlyCA   NULL</p>
-
-<p class=CCode>}</p>
-
-<p class=CCode>&nbsp;</p>
-
-<p class=CCode>Dss-Parms ::= SEQUENCE {</p>
-
-<p class=CCode>  <span lang=SV>p INTEGER,</span></p>
-
-<p class=CCode><span lang=SV>  q INTEGER,</span></p>
-
-<p class=CCode><span lang=SV>  g INTEGER</span></p>
-
-<p class=CCode>}</p>
-
-<p class=CCode><span style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=MsoNormal>For the X9.42 Diffie-Hellman domain parameters, the <b>cofactor</b>
-and the <b>validationParms</b> optional fields should not be used when wrapping
-or unwrapping X9.42 Diffie-Hellman private keys since their values are not
-stored within the token.</p>
-
-<p class=MsoNormal>For the EC domain parameters, the use of <b>namedCurve</b>
-is recommended over the choice <b>ecParameters</b>.  The choice <b>implicitlyCA</b>
-must not be used in Cryptoki.</p>
-
-<p class=MsoNormal>Within the PrivateKeyInfo type:</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>RSA private keys are BER-encoded according to PKCS #1’s
-RSAPrivateKey ASN.1 type.  This type requires values to be present for <i>all</i>
-the attributes specific to Cryptoki’s RSA private key objects.  In other words,
-if a Cryptoki library does not have values for an RSA private key’s <b>CKA_MODULUS</b>,
-<b>CKA_PUBLIC_EXPONENT</b>, <b>CKA_PRIVATE_EXPONENT</b>, <b>CKA_PRIME_1</b>, <b>CKA_PRIME_2</b>,
-<b>CKA_EXPONENT_1</b>, <b>CKA_EXPONENT2</b>, and <b>CKA_COEFFICIENT</b> values,
-it must not create an RSAPrivateKey BER-encoding of the key, and so it must not
-prepare it for wrapping.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>Diffie-Hellman private keys are represented as BER-encoded ASN.1
-type INTEGER.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>X9.42 Diffie-Hellman private keys are represented as BER-encoded
-ASN.1 type INTEGER.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>EC (also related with ECDSA) private keys are BER-encoded
-according to SECG SEC 1 ECPrivateKey ASN.1 type:</p>
-
-<p class=CCode>ECPrivateKey ::= SEQUENCE {</p>
-
-<p class=CCode>   Version       INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),</p>
-
-<p class=CCode>   privateKey    OCTET STRING,</p>
-
-<p class=CCode>   parameters    [0] Parameters OPTIONAL,</p>
-
-<p class=CCode>   publicKey     [1] BIT STRING OPTIONAL</p>
-
-<p class=CCode>}</p>
-
-<p class=CCode><span style='font-family:"Arial",sans-serif;layout-grid-mode:
-line'>&nbsp;</span></p>
-
-<p class=MsoNormal style='margin-left:.25in'>Since the EC domain parameters are
-placed in the PKCS #8’s privateKeyAlgorithm field, the optional <b>parameters</b>
-field in an ECPrivateKey must be omitted.  A <span style='layout-grid-mode:
-line'>Cryptoki application must be able to unwrap </span>an ECPrivateKey <span
-style='layout-grid-mode:line'>that contains the </span>optional <b>publicKey</b>
-field; however,<span style='layout-grid-mode:line'> what is done with this </span><b>publicKey</b>
-field<span style='layout-grid-mode:line'> is </span>outside the scope of <span
-style='layout-grid-mode:line'>Cryptoki</span>.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>DSA private keys are represented as BER-encoded ASN.1 type
-INTEGER.</p>
-
-<p class=MsoNormal>Once a private key has been BER-encoded as a PrivateKeyInfo
-type, the resulting string of bytes is encrypted with the secret key.  This
-encryption must be done in CBC mode with PKCS padding.</p>
-
-<p class=MsoNormal>Unwrapping a wrapped private key undoes the above
-procedure.  The CBC-encrypted ciphertext is decrypted, and the PKCS padding is
-removed.  The data thereby obtained are parsed as a PrivateKeyInfo type, and
-the wrapped key is produced.  An error will result if the original wrapped key
-does not decrypt properly, or if the decrypted unpadded data does not parse
-properly, or its type does not match the key type specified in the template for
-the new key.  The unwrapping mechanism contributes only those attributes specified
-in the PrivateKeyInfo type to the newly-unwrapped key; other attributes must be
-specified in the template, or will take their default values.</p>
-
-<p class=MsoNormal>Earlier drafts of PKCS #11 Version 2.0 and Version 2.01 used
-the object identifier</p>
-
-<p class=CCode><span lang=FR-CH>DSA OBJECT IDENTIFIER ::= { algorithm 12 }</span></p>
-
-<p class=CCode><span lang=FR-CH>algorithm OBJECT IDENTIFIER ::= {</span></p>
-
-<p class=CCode><span lang=FR-CH>  </span>iso(1) identifier-organization(3)
-oiw(14) secsig(3) algorithm(2) }</p>
-
-<p class=CCode>&nbsp;</p>
-
-<p class=MsoNormal>with associated parameters</p>
-
-<p class=CCode>DSAParameters ::= SEQUENCE {</p>
-
-<p class=CCode>  prime1 INTEGER,  -- modulus p</p>
-
-<p class=CCode>  prime2 INTEGER,  -- modulus q</p>
-
-<p class=CCode>  base INTEGER  -- base g</p>
-
-<p class=CCode>}</p>
-
-<p class=CCode><span style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=MsoNormal>for wrapping DSA private keys.  Note that although the two
-structures for holding DSA domain parameters appear identical when instances of
-them are encoded, the two corresponding object identifiers are different.</p>
-
-<h2><a name="_Toc441850479"></a><a name="_Toc441162401"></a><a
-name="_Toc416960042"></a><a name="_Toc437440560"></a><a name="_Toc395187796"></a><a
-name="_Toc391471158"></a><a name="_Toc370634441"></a><a name="_Toc72656271"></a><a
-name="_Toc228807218"></a><a name="_Toc228894689"><span lang=DE-CH>2.6 </span>Generic
-secret key</a></h2>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>44</span></i><i><span style='font-size:9.0pt'>, Generic
-Secret Key Mechanisms vs. Functions</span></i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0 width=600
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=114 valign=top style='width:85.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'><a name="_Toc385058008"></a><a
-   name="_Toc405794822"></a><a name="_Toc322855291"></a><a name="_Toc322945133"></a><a
-   name="_Toc323000700"></a><a name="_Toc322855296"></a><a name="_Toc322945138"></a><a
-   name="_Toc323000705"></a><a name="_Toc323024094"></a><a name="_Toc323205426"></a><a
-   name="_Toc323610856"></a><a name="_Toc383864863"></a><a name="_Toc385057870"></a><a
-   name="_Toc405794687"></a><a name="_Toc72656272"></a>
-   <p class=TableSmallFont align=left style='text-align:left'><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-   </td>
-   <td width=486 colspan=7 valign=top style='width:364.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Functions</span></b></p>
-   </td>
-  </tr>
-  <tr>
-   <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Mechanism</span></b></p>
-   </td>
-   <td width=108 valign=top style='width:81.0pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Encrypt</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Decrypt</span></b></p>
-   </td>
-   <td width=72 valign=top style='width:.75in;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Sign</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Verify</span></b></p>
-   </td>
-   <td width=54 valign=top style='width:40.5pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>SR</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>VR</span></b><sup><span lang=SV style='font-size:10.0pt;
-   font-family:"Arial",sans-serif'>1</span></sup></p>
-   </td>
-   <td width=60 valign=top style='width:45.0pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>Digest</span></b></p>
-   </td>
-   <td width=51 valign=top style='width:38.0pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Gen.</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> Key/</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Pair</span></b></p>
-   </td>
-   <td width=75 valign=top style='width:56.5pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Wrap</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Unwrap</span></b></p>
-   </td>
-   <td width=66 valign=top style='width:49.5pt;border-top:solid black 1.0pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Derive</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_GENERIC_SECRET_KEY_GEN</span></p>
-  </td>
-  <td width=108 valign=top style='width:81.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=72 valign=top style='width:.75in;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=51 valign=top style='width:38.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=75 valign=top style='width:56.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850480"></a><a name="_Toc441162402"></a><a
-name="_Toc416960043"></a><a name="_Toc437440561"></a><a name="_Toc395187797"></a><a
-name="_Toc391471159"></a><a name="_Toc370634442"></a><a name="_Toc228807219"></a><a
-name="_Toc228894690">2.6.1 Definitions</a></h3>
-
-<p class=MsoNormal>This section defines the key type “CKK_GENERIC_SECRET” for
-type CK_KEY_TYPE as used in the CKA_KEY_TYPE attribute of key objects.</p>
-
-<p class=MsoNormal>Mechanisms:</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_GENERIC_SECRET_KEY_GEN</p>
-
-<h3><a name="_Toc441850481"></a><a name="_Toc441162403"></a><a
-name="_Toc416960044"></a><a name="_Toc437440562"></a><a name="_Toc395187798"></a><a
-name="_Toc391471160"></a><a name="_Toc370634443"></a><a name="_Toc72656273"></a><a
-name="_Toc228807220"></a><a name="_Toc228894691">2.6.2 Generic secret key
-objects</a></h3>
-
-<p class=MsoNormal>Generic secret key objects (object class <b>CKO_SECRET_KEY, </b>key
-type <b>CKK_GENERIC_SECRET</b>) hold generic secret keys. These keys do not
-support encryption or decryption; however, other keys can be derived from them
-and they can be used in HMAC operations. The following table defines the
-generic secret key object attributes, in addition to the common attributes
-defined for this object class:</p>
-
-<p class=MsoNormal>These key types are used in several of the mechanisms
-described in this section.</p>
-
-<p class=MsoCaption><a name="_Toc323204892"></a><a name="_Toc383864527"></a><a
-name="_Toc405794995"></a><a name="_Toc228807522">Table </a>45,
-Generic Secret Key Object Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=174 valign=top style='width:130.5pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Attribute</span></b></p>
-   </td>
-   <td width=102 valign=top style='width:76.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Data type</span></b></p>
-   </td>
-   <td width=171 valign=top style='width:128.4pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_VALUE<sup>1,4,6,7</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Byte array</span></p>
-  </td>
-  <td width=171 valign=top style='width:128.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Key value (arbitrary length)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_VALUE_LEN<sup>2,3</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_ULONG</span></p>
-  </td>
-  <td width=171 valign=top style='width:128.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Length in bytes of key value</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>- <span class=MsoFootnoteReference>Refer to [PKCS
-#11-Base]  table 10 for footnotes</span></sup></p>
-
-<p class=MsoNormal>The following is a sample template for creating a generic
-secret key object:</p>
-
-<p class=CCode>CK_OBJECT_CLASS class = CKO_SECRET_KEY;</p>
-
-<p class=CCode>CK_KEY_TYPE keyType = CKK_GENERIC_SECRET;</p>
-
-<p class=CCode>CK_UTF8CHAR label[] = “A generic secret key object”;</p>
-
-<p class=CCode>CK_BYTE value[] = {...};</p>
-
-<p class=CCode>CK_BBOOL true = CK_TRUE;</p>
-
-<p class=CCode>CK_ATTRIBUTE template[] = {</p>
-
-<p class=CCode>  {CKA_CLASS, &amp;class, sizeof(class)},</p>
-
-<p class=CCode>  {CKA_KEY_TYPE, &amp;keyType, sizeof(keyType)},</p>
-
-<p class=CCode>  {CKA_TOKEN, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_LABEL, label, sizeof(label)-1},</p>
-
-<p class=CCode>  {CKA_DERIVE, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_VALUE, value, sizeof(value)}</p>
-
-<p class=CCode>};</p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<p class=MsoNormal>CKA_CHECK_VALUE: The value of this attribute is derived from
-the key object by taking the first three bytes of the SHA-1 hash of the generic
-secret key object’s CKA_VALUE attribute.</p>
-
-<h3><a name="_Toc441850482"></a><a name="_Toc441162404"></a><a
-name="_Toc416960045"></a><a name="_Toc437440563"></a><a name="_Toc395187799"></a><a
-name="_Toc391471161"></a><a name="_Toc370634444"></a><a name="_Toc72656274"></a><a
-name="_Toc228807221"></a><a name="_Toc228894692">2.6.3 Generic secret key
-generation</a></h3>
-
-<p class=MsoNormal>The generic secret key generation mechanism, denoted <b>CKM_GENERIC_SECRET_KEY_GEN</b>,
-is used to generate generic secret keys. The generated keys take on any
-attributes provided in the template passed to the <b>C_GenerateKey</b> call,
-and the <b>CKA_VALUE_LEN</b> attribute specifies the length of the key to be
-generated. </p>
-
-<p class=MsoNormal>It does not have a parameter.</p>
-
-<p class=MsoNormal>The template supplied must specify a value for the <b>CKA_VALUE_LEN
-</b>attribute.  If the template specifies an object type and a class, they must
-have the following values:</p>
-
-<p class=CCode>   CK_OBJECT_CLASS = CKO_SECRET_KEY;</p>
-
-<p class=CCode>   CK_KEY_TYPE = CKK_GENERIC_SECRET;</p>
-
-<p class=MsoNormal><a name="_Ref384745181"></a><a name="_Toc385058009">For this
-mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i> fields of the <b>CK_MECHANISM_INFO
-</b>structure specify the supported range of key sizes, in bits.</a></p>
-
-<h2><a name="_Toc441850483"></a><a name="_Toc441162405"></a><a
-name="_Toc416960046"></a><a name="_Toc437440564"></a><a name="_Toc395187800"></a><a
-name="_Toc391471162"></a><a name="_Toc370634445"></a><a name="_Toc72656275"></a><a
-name="_Toc228807222"></a><a name="_Toc228894693">2.7 HMAC mechanisms</a></h2>
-
-<p class=MsoNormal>Refer to <b>RFC2104</b> and <b>FIPS 198</b> for HMAC
-algorithm description.. The HMAC secret key shall correspond to the PKCS11
-generic secret key type or the mechanism specific key types (see mechanism
-definition). Such keys, for use with HMAC operations can be created using
-C_CreateObject or C_GenerateKey.</p>
-
-<p class=MsoNormal>The RFC also specifies test vectors for the various hash
-function based HMAC mechanisms described in the respective hash mechanism
-descriptions. The RFC should be consulted to obtain these test vectors.</p>
-
-<h2><a name="_Toc322855324"></a><a name="_Toc322945166"></a><a
-name="_Toc323000733"></a><a name="_Toc323024184"></a><a name="_Toc323205518"></a><a
-name="_Toc323610947"></a><a name="_Toc383864964"></a><a name="_Ref384737733"></a><a
-name="_Toc385058043"></a><a name="_Toc405794851"></a><a name="_Toc441850484"></a><a
-name="_Toc441162406"></a><a name="_Toc416960047"></a><a name="_Toc437440565"></a><a
-name="_Toc395187801"></a><a name="_Toc391471163"></a><a name="_Toc370634446"></a><a
-name="_Toc72656307"></a><a name="_Toc228807223"></a><a name="_Toc228894694">2.8
-AES</a></h2>
-
-<p class=MsoNormal>For the Advanced Encryption Standard (AES) see [FIPS PUB
-197].</p>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>46</span></i><i><span style='font-size:9.0pt'>, AES Mechanisms
-vs. Functions</span></i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=234 valign=top style='width:175.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'><a name="_Toc72656308"></a>
-   <p class=TableSmallFont align=left style='text-align:left'><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-   </td>
-   <td width=378 colspan=7 valign=top style='width:283.25pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Functions</span></b></p>
-   </td>
-  </tr>
-  <tr>
-   <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Mechanism</span></b></p>
-   </td>
-   <td width=65 valign=top style='width:48.75pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Encrypt</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Decrypt</span></b></p>
-   </td>
-   <td width=52 valign=top style='width:39.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Sign</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Verify</span></b></p>
-   </td>
-   <td width=39 valign=top style='width:29.05pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>SR</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>VR</span></b><sup><span lang=SV style='font-size:10.0pt;
-   font-family:"Arial",sans-serif'>1</span></sup></p>
-   </td>
-   <td width=56 valign=top style='width:42.1pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>Digest</span></b></p>
-   </td>
-   <td width=45 valign=top style='width:33.75pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Gen.</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> Key/</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Pair</span></b></p>
-   </td>
-   <td width=64 valign=top style='width:48.2pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Wrap</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Unwrap</span></b></p>
-   </td>
-   <td width=56 valign=top style='width:42.1pt;border-top:solid black 1.0pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Derive</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_AES_KEY_GEN</span></p>
-  </td>
-  <td width=65 valign=top style='width:48.75pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=52 valign=top style='width:39.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=39 valign=top style='width:29.05pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:42.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=45 valign=top style='width:33.75pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.2pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:42.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_AES_ECB</span></p>
-  </td>
-  <td width=65 valign=top style='width:48.75pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=52 valign=top style='width:39.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=39 valign=top style='width:29.05pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:42.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=45 valign=top style='width:33.75pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.2pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=56 valign=top style='width:42.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_AES_CBC</span></p>
-  </td>
-  <td width=65 valign=top style='width:48.75pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=52 valign=top style='width:39.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=39 valign=top style='width:29.05pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:42.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=45 valign=top style='width:33.75pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.2pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=56 valign=top style='width:42.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_AES_CBC_PAD</span></p>
-  </td>
-  <td width=65 valign=top style='width:48.75pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=52 valign=top style='width:39.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=39 valign=top style='width:29.05pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:42.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=45 valign=top style='width:33.75pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.2pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=56 valign=top style='width:42.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_AES_MAC_GENERAL</span></p>
-  </td>
-  <td width=65 valign=top style='width:48.75pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=52 valign=top style='width:39.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=39 valign=top style='width:29.05pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:42.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=45 valign=top style='width:33.75pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.2pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:42.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_AES_MAC</span></p>
-  </td>
-  <td width=65 valign=top style='width:48.75pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=52 valign=top style='width:39.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=39 valign=top style='width:29.05pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:42.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=45 valign=top style='width:33.75pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.2pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:42.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_AES_OFB</span></p>
-  </td>
-  <td width=65 valign=top style='width:48.75pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=52 valign=top style='width:39.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=39 valign=top style='width:29.05pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:42.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=45 valign=top style='width:33.75pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.2pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=56 valign=top style='width:42.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_AES_CFB64</span></p>
-  </td>
-  <td width=65 valign=top style='width:48.75pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=52 valign=top style='width:39.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=39 valign=top style='width:29.05pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:42.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=45 valign=top style='width:33.75pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.2pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=56 valign=top style='width:42.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_AES_CFB8</span></p>
-  </td>
-  <td width=65 valign=top style='width:48.75pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=52 valign=top style='width:39.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=39 valign=top style='width:29.05pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:42.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=45 valign=top style='width:33.75pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.2pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=56 valign=top style='width:42.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_AES_CFB128</span></p>
-  </td>
-  <td width=65 valign=top style='width:48.75pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=52 valign=top style='width:39.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=39 valign=top style='width:29.05pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:42.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=45 valign=top style='width:33.75pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.2pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=56 valign=top style='width:42.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_AES_CFB1</span></p>
-  </td>
-  <td width=65 valign=top style='width:48.75pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=52 valign=top style='width:39.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=39 valign=top style='width:29.05pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:42.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=45 valign=top style='width:33.75pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.2pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=56 valign=top style='width:42.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_AES_XCBC_MAC</span></p>
-  </td>
-  <td width=65 valign=top style='width:48.75pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=52 valign=top style='width:39.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=39 valign=top style='width:29.05pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:42.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=45 valign=top style='width:33.75pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.2pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:42.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_AES_XCBC_MAC_96</span></p>
-  </td>
-  <td width=65 valign=top style='width:48.75pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=52 valign=top style='width:39.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=39 valign=top style='width:29.05pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:42.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=45 valign=top style='width:33.75pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.2pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:42.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850485"></a><a name="_Toc441162407"></a><a
-name="_Toc416960048"></a><a name="_Toc437440566"></a><a name="_Toc395187802"></a><a
-name="_Toc391471164"></a><a name="_Toc370634447"></a><a name="_Toc228807224"></a><a
-name="_Toc228894695">2.8.1 Definitions</a></h3>
-
-<p class=MsoNormal>This section defines the key type “CKK_AES” for type
-CK_KEY_TYPE as used in the CKA_KEY_TYPE attribute of key objects.</p>
-
-<p class=MsoNormal>Mechanisms:</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_AES_KEY_GEN                </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_AES_ECB                    </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_AES_CBC                    </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_AES_MAC                    </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_AES_MAC_GENERAL            </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_AES_CBC_PAD</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_AES_OFB</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_AES_CFB64</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_AES_CFB8</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_AES_CFB128</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_AES_CFB1</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_AES_XCBC_MAC</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_AES_XCBC_MAC_96</p>
-
-<h3><a name="_Toc441850486"></a><a name="_Toc441162408"></a><a
-name="_Toc416960049"></a><a name="_Toc437440567"></a><a name="_Toc395187803"></a><a
-name="_Toc391471165"></a><a name="_Toc370634448"></a><a name="_Toc72656309"></a><a
-name="_Toc228807225"></a><a name="_Toc228894696">2.8.2 AES secret key objects</a></h3>
-
-<p class=MsoNormal>AES secret key objects (object class <b>CKO_SECRET_KEY, </b>key
-type <b>CKK_AES</b>) hold AES keys.  The following table defines the AES secret
-key object attributes, in addition to the common attributes defined for this
-object class:</p>
-
-<p class=MsoCaption><a name="_Toc228807523">Table </a>47, AES Secret Key Object
-Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=174 valign=top style='width:130.5pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Attribute</span></b></p>
-   </td>
-   <td width=102 valign=top style='width:76.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Data type</span></b></p>
-   </td>
-   <td width=171 valign=top style='width:128.4pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_VALUE<sup>1,4,6,7</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Byte array</span></p>
-  </td>
-  <td width=171 valign=top style='width:128.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Key value (16, 24, or 32 bytes)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_VALUE_LEN<sup>2,3,6</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_ULONG</span></p>
-  </td>
-  <td width=171 valign=top style='width:128.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Length in bytes of key value</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>- <span class=MsoFootnoteReference>Refer to [PKCS
-#11-Base]  table 10 for footnotes</span></sup></p>
-
-<p class=MsoNormal>The following is a sample template for creating an AES
-secret key object:</p>
-
-<p class=CCode>CK_OBJECT_CLASS class = CKO_SECRET_KEY;</p>
-
-<p class=CCode>CK_KEY_TYPE keyType = CKK_AES;</p>
-
-<p class=CCode>CK_UTF8CHAR label[] = “An AES secret key object”;</p>
-
-<p class=CCode>CK_BYTE value[] = {...};</p>
-
-<p class=CCode>CK_BBOOL true = CK_TRUE;</p>
-
-<p class=CCode>CK_ATTRIBUTE template[] = {</p>
-
-<p class=CCode>  {CKA_CLASS, &amp;class, sizeof(class)},</p>
-
-<p class=CCode>  {CKA_KEY_TYPE, &amp;keyType, sizeof(keyType)},</p>
-
-<p class=CCode>  {CKA_TOKEN, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_LABEL, label, sizeof(label)-1},</p>
-
-<p class=CCode>  {CKA_ENCRYPT, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_VALUE, value, sizeof(value)}</p>
-
-<p class=CCode>};</p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<p class=MsoNormal>CKA_CHECK_VALUE: The value of this attribute is derived from
-the key object by taking the first three bytes of the ECB encryption of a
-single block of null (0x00) bytes, using the default cipher associated with the
-key type of the secret key object.</p>
-
-<h3><a name="_Toc441850487"></a><a name="_Toc441162409"></a><a
-name="_Toc416960050"></a><a name="_Toc437440568"></a><a name="_Toc395187804"></a><a
-name="_Toc391471166"></a><a name="_Toc370634449"></a><a name="_Toc72656310"></a><a
-name="_Toc228807226"></a><a name="_Toc228894697">2.8.3 AES key generation</a></h3>
-
-<p class=MsoNormal>The AES key generation mechanism, denoted <b>CKM_AES_KEY_GEN</b>,
-is a key generation mechanism for NIST’s Advanced Encryption Standard.</p>
-
-<p class=MsoNormal>It does not have a parameter.</p>
-
-<p class=MsoNormal>The mechanism generates AES keys with a particular length in
-bytes, as specified in the <b>CKA_VALUE_LEN</b> attribute of the template for
-the key.</p>
-
-<p class=MsoNormal>The mechanism contributes the <b>CKA_CLASS</b>, <b>CKA_KEY_TYPE</b>,
-and <b>CKA_VALUE</b> attributes to the new key. Other attributes supported by
-the AES key type (specifically, the flags indicating which functions the key
-supports) may be specified in the template for the key, or else are assigned
-default initial values.</p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-AES key sizes, in bytes.</p>
-
-<h3><a name="_Toc441850488"></a><a name="_Toc441162410"></a><a
-name="_Toc416960051"></a><a name="_Toc437440569"></a><a name="_Toc395187805"></a><a
-name="_Toc391471167"></a><a name="_Toc370634450"></a><a name="_Toc72656311"></a><a
-name="_Toc228807227"></a><a name="_Toc228894698">2.8.4 AES-ECB</a></h3>
-
-<p class=MsoNormal>AES-ECB, denoted <b>CKM_AES_ECB</b>, is a mechanism for
-single- and multiple-part encryption and decryption; key wrapping; and key
-unwrapping, based on NIST Advanced Encryption Standard and electronic codebook
-mode.</p>
-
-<p class=MsoNormal>It does not have a parameter.</p>
-
-<p class=MsoNormal>This mechanism can wrap and unwrap any secret key.  Of
-course, a particular token may not be able to wrap/unwrap every secret key that
-it supports.  For wrapping, the mechanism encrypts the value of the <b>CKA_VALUE</b>
-attribute of the key that is wrapped, padded on the trailing end with up to
-block size minus one null bytes so that the resulting length is a multiple of
-the block size. The output data is the same length as the padded input data. It
-does not wrap the key type, key length, or any other information about the key;
-the application must convey these separately.</p>
-
-<p class=MsoNormal>For unwrapping, the mechanism decrypts the wrapped key, and
-truncates the result according to the <b>CKA_KEY_TYPE</b> attribute of the
-template and, if it has one, and the key type supports it, the <b>CKA_VALUE_LEN</b>
-attribute of the template.  The mechanism contributes the result as the <b>CKA_VALUE
-</b>attribute of the new key; other attributes required by the key type must be
-specified in the template.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of data are summarized
-in the following table:</p>
-
-<p class=MsoCaption><a name="_Toc228807524">Table  </a>48, AES-ECB: Key And
-Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=119 valign=top style='width:88.95pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=63 valign=top style='width:47.1pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=107 valign=top style='width:80.05pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=195 valign=top style='width:145.95pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Output length</span></b></p>
-   </td>
-   <td width=100 valign=top style='width:75.35pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Comments</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=119 valign=top style='width:88.95pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Encrypt</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>AES</span></p>
-  </td>
-  <td width=107 valign=top style='width:80.05pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>multiple of block
-  size</span></p>
-  </td>
-  <td width=195 valign=top style='width:145.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>same as input length</span></p>
-  </td>
-  <td width=100 valign=top style='width:75.35pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>no final part</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=119 valign=top style='width:88.95pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Decrypt</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>AES</span></p>
-  </td>
-  <td width=107 valign=top style='width:80.05pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>multiple of block
-  size</span></p>
-  </td>
-  <td width=195 valign=top style='width:145.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>same as input length</span></p>
-  </td>
-  <td width=100 valign=top style='width:75.35pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>no final part</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=119 valign=top style='width:88.95pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_WrapKey</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>AES</span></p>
-  </td>
-  <td width=107 valign=top style='width:80.05pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=195 valign=top style='width:145.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>input length rounded
-  up to multiple of block size</span></p>
-  </td>
-  <td width=100 valign=top style='width:75.35pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=119 valign=top style='width:88.95pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_UnwrapKey</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>AES</span></p>
-  </td>
-  <td width=107 valign=top style='width:80.05pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>multiple of block
-  size</span></p>
-  </td>
-  <td width=195 valign=top style='width:145.95pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>determined by type of
-  key being unwrapped or CKA_VALUE_LEN</span></p>
-  </td>
-  <td width=100 valign=top style='width:75.35pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-AES key sizes, in bytes.</p>
-
-<h3><a name="_Toc441850489"></a><a name="_Toc441162411"></a><a
-name="_Toc416960052"></a><a name="_Toc437440570"></a><a name="_Toc395187806"></a><a
-name="_Toc391471168"></a><a name="_Toc370634451"></a><a name="_Toc72656312"></a><a
-name="_Toc228807228"></a><a name="_Toc228894699">2.8.5 AES-CBC</a></h3>
-
-<p class=MsoNormal>AES-CBC, denoted <b>CKM_AES_CBC</b>, is a mechanism for
-single- and multiple-part encryption and decryption; key wrapping; and key
-unwrapping, based on NIST’s Advanced Encryption Standard and cipher-block
-chaining mode.</p>
-
-<p class=MsoNormal>It has a parameter, a 16-byte initialization vector.</p>
-
-<p class=MsoNormal>This mechanism can wrap and unwrap any secret key.  Of
-course, a particular token may not be able to wrap/unwrap every secret key that
-it supports.  For wrapping, the mechanism encrypts the value of the <b>CKA_VALUE</b>
-attribute of the key that is wrapped, padded on the trailing end with up to
-block size minus one null bytes so that the resulting length is a multiple of
-the block size. The output data is the same length as the padded input data. It
-does not wrap the key type, key length, or any other information about the key;
-the application must convey these separately.</p>
-
-<p class=MsoNormal>For unwrapping, the mechanism decrypts the wrapped key, and
-truncates the result according to the <b>CKA_KEY_TYPE</b> attribute of the
-template and, if it has one, and the key type supports it, the <b>CKA_VALUE_LEN</b>
-attribute of the template.  The mechanism contributes the result as the <b>CKA_VALUE</b>
-attribute of the new key; other attributes required by the key type must be
-specified in the template.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of data are
-summarized in the following table:</p>
-
-<p class=MsoCaption><a name="_Toc228807525">Table </a>49, AES-CBC: Key And Data
-Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=119 valign=top style='width:88.95pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=64 valign=top style='width:47.9pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=109 valign=top style='width:81.45pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=192 valign=top style='width:143.7pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Output length</span></b></p>
-   </td>
-   <td width=101 valign=top style='width:75.4pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Comments</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=119 valign=top style='width:88.95pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Encrypt</span></p>
-  </td>
-  <td width=64 valign=top style='width:47.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>AES</span></p>
-  </td>
-  <td width=109 valign=top style='width:81.45pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>multiple of block
-  size</span></p>
-  </td>
-  <td width=192 valign=top style='width:143.7pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>same as input length</span></p>
-  </td>
-  <td width=101 valign=top style='width:75.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>no final part</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=119 valign=top style='width:88.95pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Decrypt</span></p>
-  </td>
-  <td width=64 valign=top style='width:47.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>AES</span></p>
-  </td>
-  <td width=109 valign=top style='width:81.45pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>multiple of block
-  size</span></p>
-  </td>
-  <td width=192 valign=top style='width:143.7pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>same as input length</span></p>
-  </td>
-  <td width=101 valign=top style='width:75.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>no final part</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=119 valign=top style='width:88.95pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_WrapKey</span></p>
-  </td>
-  <td width=64 valign=top style='width:47.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>AES</span></p>
-  </td>
-  <td width=109 valign=top style='width:81.45pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=192 valign=top style='width:143.7pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>input length rounded
-  up to multiple of the block size</span></p>
-  </td>
-  <td width=101 valign=top style='width:75.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=119 valign=top style='width:88.95pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_UnwrapKey</span></p>
-  </td>
-  <td width=64 valign=top style='width:47.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>AES</span></p>
-  </td>
-  <td width=109 valign=top style='width:81.45pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>multiple of block
-  size</span></p>
-  </td>
-  <td width=192 valign=top style='width:143.7pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>determined by type of
-  key being unwrapped or CKA_VALUE_LEN</span></p>
-  </td>
-  <td width=101 valign=top style='width:75.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-AES key sizes, in bytes.</p>
-
-<h3><a name="_Toc441850490"></a><a name="_Toc441162412"></a><a
-name="_Toc416960053"></a><a name="_Toc437440571"></a><a name="_Toc395187807"></a><a
-name="_Toc391471169"></a><a name="_Toc370634452"></a><a name="_Toc72656313"></a><a
-name="_Toc228807229"></a><a name="_Toc228894700">2.8.6 AES-CBC with PKCS
-padding</a></h3>
-
-<p class=MsoNormal>AES-CBC with PKCS padding, denoted <b>CKM_AES_CBC_PAD</b>,
-is a mechanism for single- and multiple-part encryption and decryption; key
-wrapping; and key unwrapping, based on NIST’s Advanced Encryption Standard;
-cipher-block chaining mode; and the block cipher padding method detailed in
-PKCS #7.</p>
-
-<p class=MsoNormal>It has a parameter, a 16-byte initialization vector.</p>
-
-<p class=MsoNormal>The PKCS padding in this mechanism allows the length of the
-plaintext value to be recovered from the ciphertext value.  Therefore, when
-unwrapping keys with this mechanism, no value should be specified for the <b>CKA_VALUE_LEN</b>
-attribute.</p>
-
-<p class=MsoNormal>In addition to being able to wrap and unwrap secret keys,
-this mechanism can wrap and unwrap RSA, Diffie-Hellman, X9.42 Diffie-Hellman,
-EC (also related to ECDSA) and DSA private keys (see Section 2.5
-for details).  The entries in the table below for data length constraints when
-wrapping and unwrapping keys do not apply to wrapping and unwrapping private
-keys.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of data are
-summarized in the following table:</p>
-
-<p class=MsoCaption><a name="_Ref499219946"></a><a name="_Toc228807526"></a><a
-name="_Ref499219953">Table</a> 50, AES-CBC with PKCS Padding: Key And Data
-Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=114 valign=top style='width:85.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=66 valign=top style='width:49.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=106 valign=top style='width:79.65pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=200 valign=top style='width:149.85pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Output length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border:solid black 1.0pt;
-  border-left:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Encrypt</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>AES</span></p>
-  </td>
-  <td width=106 valign=top style='width:79.65pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=200 valign=top style='width:149.85pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>input length rounded
-  up to multiple of the block size</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Decrypt</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>AES</span></p>
-  </td>
-  <td width=106 valign=top style='width:79.65pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>multiple of block
-  size</span></p>
-  </td>
-  <td width=200 valign=top style='width:149.85pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>between 1 and block
-  size bytes shorter than input length</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_WrapKey</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>AES</span></p>
-  </td>
-  <td width=106 valign=top style='width:79.65pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=200 valign=top style='width:149.85pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>input length rounded
-  up to multiple of the block size</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_UnwrapKey</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>AES</span></p>
-  </td>
-  <td width=106 valign=top style='width:79.65pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>multiple of block
-  size</span></p>
-  </td>
-  <td width=200 valign=top style='width:149.85pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>between 1 and block
-  length bytes shorter than input length</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><a name="_Ref499219209">For this mechanism, the <i>ulMinKeySize</i>
-and <i>ulMaxKeySize</i> fields of the <b>CK_MECHANISM_INFO</b> structure
-specify the supported range of AES key sizes, in bytes.</a></p>
-
-<h3><a name="_Toc72656314"></a><a name="_Toc441850491"></a><a
-name="_Toc441162413"></a><a name="_Toc416960054"></a><a name="_Toc437440572"></a><a
-name="_Toc395187808"></a><a name="_Toc391471170"></a><a name="_Toc370634453"></a><a
-name="_Toc228807230"></a><a name="_Toc228894701">2.8.7 AES-OFB</a></h3>
-
-<p class=MsoNormal>AES-OFB, denoted CKM_AES_OFB. It is a mechanism for single
-and multiple-part encryption and decryption with AES. AES-OFB mode is described
-in [NIST sp800-38a].</p>
-
-<p class=MsoNormal>It has a parameter, an initialization vector for this mode.
-The initialization vector has the same length as the block size.<br>
-<br>
-Constraints on key types and the length of data are summarized in the following
-table:<br>
-<br>
-</p>
-
-<p class=MsoCaption><a name="_Toc228807527">Table </a>51, AES-OFB: Key And Data
-Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=119 valign=top style='width:88.95pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=64 valign=top style='width:47.9pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=109 valign=top style='width:81.45pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=192 valign=top style='width:143.7pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Output length</span></b></p>
-   </td>
-   <td width=101 valign=top style='width:75.4pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Comments</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=119 valign=top style='width:88.95pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Encrypt</span></p>
-  </td>
-  <td width=64 valign=top style='width:47.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>AES</span></p>
-  </td>
-  <td width=109 valign=top style='width:81.45pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=192 valign=top style='width:143.7pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>same as input length</span></p>
-  </td>
-  <td width=101 valign=top style='width:75.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>no final part</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=119 valign=top style='width:88.95pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Decrypt</span></p>
-  </td>
-  <td width=64 valign=top style='width:47.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>AES</span></p>
-  </td>
-  <td width=109 valign=top style='width:81.45pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=192 valign=top style='width:143.7pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>same as input length</span></p>
-  </td>
-  <td width=101 valign=top style='width:75.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>no final part</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>For this mechanism the CK_MECHANISM_INFO structure is as
-specified for CBC mode.</p>
-
-<h3><a name="_Toc441850492"></a><a name="_Toc441162414"></a><a
-name="_Toc416960055"></a><a name="_Toc437440573"></a><a name="_Toc395187809"></a><a
-name="_Toc391471171"></a><a name="_Toc370634454"></a><a name="_Toc228807231"></a><a
-name="_Toc228894702">2.8.8 AES-CFB</a></h3>
-
-<p class=MsoNormal>Cipher AES has a cipher feedback mode, AES-CFB, denoted
-CKM_AES_CFB8, CKM_AES_CFB64, and CKM_AES_CFB128. It is a mechanism for single
-and multiple-part encryption and decryption with AES. AES-OFB mode is described
-[NIST sp800-38a].</p>
-
-<p class=MsoNormal>It has a parameter, an initialization vector for this mode.
-The initialization vector has the same length as the block size.<br>
-<br>
-Constraints on key types and the length of data are summarized in the following
-table:<br>
-<br>
-</p>
-
-<p class=MsoCaption><a name="_Toc228807528">Table </a>52, AES-CFB: Key And Data
-Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=119 valign=top style='width:88.95pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=64 valign=top style='width:47.9pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=109 valign=top style='width:81.45pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=192 valign=top style='width:143.7pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Output length</span></b></p>
-   </td>
-   <td width=101 valign=top style='width:75.4pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Comments</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=119 valign=top style='width:88.95pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Encrypt</span></p>
-  </td>
-  <td width=64 valign=top style='width:47.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>AES</span></p>
-  </td>
-  <td width=109 valign=top style='width:81.45pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=192 valign=top style='width:143.7pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>same as input length</span></p>
-  </td>
-  <td width=101 valign=top style='width:75.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>no final part</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=119 valign=top style='width:88.95pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Decrypt</span></p>
-  </td>
-  <td width=64 valign=top style='width:47.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>AES</span></p>
-  </td>
-  <td width=109 valign=top style='width:81.45pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=192 valign=top style='width:143.7pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>same as input length</span></p>
-  </td>
-  <td width=101 valign=top style='width:75.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>no final part</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>For this mechanism the CK_MECHANISM_INFO structure is as
-specified for CBC mode.</p>
-
-<h3><a name="_Toc441850493"></a><a name="_Toc441162415"></a><a
-name="_Toc416960056"></a><a name="_Toc437440574"></a><a name="_Toc395187810"></a><a
-name="_Toc391471172"></a><a name="_Toc370634455"></a><a name="_Toc228807232"></a><a
-name="_Toc228894703">2.8.9 General-length AES-MAC</a></h3>
-
-<p class=MsoNormal>General-length AES-MAC, denoted <b>CKM_AES_MAC_GENERAL</b>,
-is a mechanism for single- and multiple-part signatures and verification, based
-on NIST Advanced Encryption Standard as defined in FIPS PUB 197 and data
-authentication as defined in FIPS PUB 113.</p>
-
-<p class=MsoNormal>It has a parameter, a <b>CK_MAC_GENERAL_PARAMS </b>structure,
-which specifies the output length desired from the mechanism.</p>
-
-<p class=MsoNormal>The output bytes from this mechanism are taken from the
-start of the final AES cipher block produced in the MACing process.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of data are
-summarized in the following table:</p>
-
-<p class=MsoCaption><a name="_Toc228807529">Table </a>53, General-length
-AES-MAC: Key And Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=110 valign=top style='width:1.15in;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=76 valign=top style='width:57.3pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='text-align:justify;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=99 valign=top style='width:74.55pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Data length</span></b></p>
-   </td>
-   <td width=266 valign=top style='width:199.35pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Signature length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=110 valign=top style='width:1.15in;border:solid black 1.0pt;
-  border-left:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>C_Sign</span></p>
-  </td>
-  <td width=76 valign=top style='width:57.3pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>AES</span></p>
-  </td>
-  <td width=99 valign=top style='width:74.55pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=266 valign=top style='width:199.35pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>0-block size, as
-  specified in parameters</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=110 valign=top style='width:1.15in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Verify</span></p>
-  </td>
-  <td width=76 valign=top style='width:57.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>AES</span></p>
-  </td>
-  <td width=99 valign=top style='width:74.55pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=266 valign=top style='width:199.35pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>0-block size, as
-  specified in parameters</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-AES key sizes, in bytes.</p>
-
-<h3><a name="_Toc441850494"></a><a name="_Toc441162416"></a><a
-name="_Toc416960057"></a><a name="_Toc437440575"></a><a name="_Toc395187811"></a><a
-name="_Toc391471173"></a><a name="_Toc370634456"></a><a name="_Toc72656315"></a><a
-name="_Toc228807233"></a><a name="_Toc228894704">2.8.10 AES-MAC</a></h3>
-
-<p class=MsoNormal>AES-MAC, denoted by <b>CKM_AES_MAC</b>, is a special case of
-the general-length AES-MAC mechanism. AES-MAC always produces and verifies MACs
-that are half the block size in length.</p>
-
-<p class=MsoNormal>It does not have a parameter.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of data are
-summarized in the following table:</p>
-
-<p class=MsoCaption><a name="_Toc228807530">Table </a>54, AES-MAC: Key And Data
-Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=110 valign=top style='width:1.15in;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=76 valign=top style='width:57.3pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=99 valign=top style='width:74.55pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Data length</span></b></p>
-   </td>
-   <td width=212 valign=top style='width:158.85pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Signature length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=110 valign=top style='width:1.15in;border:solid black 1.0pt;
-  border-left:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>C_Sign</span></p>
-  </td>
-  <td width=76 valign=top style='width:57.3pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>AES</span></p>
-  </td>
-  <td width=99 valign=top style='width:74.55pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Any</span></p>
-  </td>
-  <td width=212 valign=top style='width:158.85pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>½ block size (8
-  bytes)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=110 valign=top style='width:1.15in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Verify</span></p>
-  </td>
-  <td width=76 valign=top style='width:57.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>AES</span></p>
-  </td>
-  <td width=99 valign=top style='width:74.55pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Any</span></p>
-  </td>
-  <td width=212 valign=top style='width:158.85pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>½ block size (8
-  bytes)</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-AES key sizes, in bytes.</p>
-
-<h3><a name="_Toc441850495"></a><a name="_Toc441162417"></a><a
-name="_Toc416960058"></a><a name="_Toc437440576"></a><a name="_Toc395187812"></a><a
-name="_Toc391471174"></a><a name="_Toc370634458">2.8.11 AES-XCBC-MAC</a></h3>
-
-<p class=MsoNormal>AES-XCBC-MAC, denoted <b>CKM_AES_XCBC_MAC</b>, is a
-mechanism for single and multiple part signatures and verification; based on
-NIST’s Advanced Encryption Standard and [RFC 3566].</p>
-
-<p class=MsoNormal>It does not have a parameter.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of data are
-summarized in the following table:</p>
-
-<p class=MsoCaption>Table 55, AES-XCBC-MAC: Key And Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=110 valign=top style='width:1.15in;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=76 valign=top style='width:57.3pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=99 valign=top style='width:74.55pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Data length</span></b></p>
-   </td>
-   <td width=212 valign=top style='width:158.85pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Signature length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=110 valign=top style='width:1.15in;border:solid black 1.0pt;
-  border-left:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>C_Sign</span></p>
-  </td>
-  <td width=76 valign=top style='width:57.3pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>AES</span></p>
-  </td>
-  <td width=99 valign=top style='width:74.55pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Any</span></p>
-  </td>
-  <td width=212 valign=top style='width:158.85pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>16 bytes</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=110 valign=top style='width:1.15in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Verify</span></p>
-  </td>
-  <td width=76 valign=top style='width:57.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>AES</span></p>
-  </td>
-  <td width=99 valign=top style='width:74.55pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Any</span></p>
-  </td>
-  <td width=212 valign=top style='width:158.85pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>16 bytes</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-AES key sizes, in bytes.</p>
-
-<h3><a name="_Toc441850496"></a><a name="_Toc441162418"></a><a
-name="_Toc416960059"></a><a name="_Toc437440577"></a><a name="_Toc395187813"></a><a
-name="_Toc391471175"></a><a name="_Toc370634459">2.8.12 AES-XCBC-MAC-96</a></h3>
-
-<p class=MsoNormal>AES-XCBC-MAC-96, denoted <b>CKM_AES_XCBC_MAC<span
-class=msoDel><del cite="mailto:TCA" datetime="2016-01-20T14:55">-</del></span><span
-class=msoIns><ins cite="mailto:TCA" datetime="2016-01-20T14:55">_</ins></span>96</b>,
-is a mechanism for single and multiple part signatures and verification; based
-on NIST’s Advanced Encryption Standard and [RFC 3566].</p>
-
-<p class=MsoNormal>It does not have a parameter.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of data are
-summarized in the following table:</p>
-
-<p class=MsoCaption>Table 56, AES-XCBC-MAC: Key And Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=110 valign=top style='width:1.15in;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=76 valign=top style='width:57.3pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=99 valign=top style='width:74.55pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Data length</span></b></p>
-   </td>
-   <td width=212 valign=top style='width:158.85pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Signature length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=110 valign=top style='width:1.15in;border:solid black 1.0pt;
-  border-left:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>C_Sign</span></p>
-  </td>
-  <td width=76 valign=top style='width:57.3pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>AES</span></p>
-  </td>
-  <td width=99 valign=top style='width:74.55pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Any</span></p>
-  </td>
-  <td width=212 valign=top style='width:158.85pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>12 bytes</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=110 valign=top style='width:1.15in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Verify</span></p>
-  </td>
-  <td width=76 valign=top style='width:57.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>AES</span></p>
-  </td>
-  <td width=99 valign=top style='width:74.55pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Any</span></p>
-  </td>
-  <td width=212 valign=top style='width:158.85pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>12 bytes</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-AES key sizes, in bytes.</p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<h2><a name="_Toc322855328"></a><a name="_Toc322945170"></a><a
-name="_Toc323000737"></a><a name="_Toc323024188"></a><a name="_Toc323205522"></a><a
-name="_Toc323610951"></a><a name="_Toc383864968"></a><a name="_Toc385058053"></a><a
-name="_Toc405794860"></a><a name="_Toc72656332"></a><a name="_Toc441850497"></a><a
-name="_Toc441162419"></a><a name="_Toc416960060"></a><a name="_Toc437440578"></a><a
-name="_Toc395187814"></a><a name="_Toc391471176"></a><a name="_Toc370634460"></a><a
-name="_Toc151796117"></a><a name="_Toc228807234"></a><a name="_Toc228894705"><span
-lang=DE-CH>2.9 </span>AES with Counter</a></h2>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>57</span></i><i><span style='font-size:9.0pt'>, AES with
-Counter Mechanisms vs. Functions</span></i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0 width=570
- style='width:427.5pt;margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=234 valign=top style='width:175.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'><a name="_Toc151796118"></a>
-   <p class=TableSmallFont align=left style='text-align:left'><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-   </td>
-   <td width=336 colspan=7 valign=top style='width:3.5in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Functions</span></b></p>
-   </td>
-  </tr>
-  <tr>
-   <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Mechanism</span></b></p>
-   </td>
-   <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Encrypt</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Decrypt</span></b></p>
-   </td>
-   <td width=47 valign=top style='width:35.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Sign</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Verify</span></b></p>
-   </td>
-   <td width=35 valign=top style='width:26.5pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>SR</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>VR</span></b><sup><span lang=SV style='font-size:10.0pt;
-   font-family:"Arial",sans-serif'>1</span></sup></p>
-   </td>
-   <td width=47 valign=top style='width:35.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>Digest</span></b></p>
-   </td>
-   <td width=41 valign=top style='width:30.9pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Gen.</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> Key/</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Pair</span></b></p>
-   </td>
-   <td width=58 valign=top style='width:43.7pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Wrap</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Unwrap</span></b></p>
-   </td>
-   <td width=53 valign=top style='width:39.8pt;border-top:solid black 1.0pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Derive</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_AES_CTR</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850498"></a><a name="_Toc441162420"></a><a
-name="_Toc416960061"></a><a name="_Toc437440579"></a><a name="_Toc395187815"></a><a
-name="_Toc391471177"></a><a name="_Toc370634461"></a><a name="_Toc228807235"></a><a
-name="_Toc228894706">2.9.1 Definitions</a></h3>
-
-<p class=MsoNormal>Mechanisms:</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_AES_CTR                     </p>
-
-<h3><a name="_Toc441850499"></a><a name="_Toc441162421"></a><a
-name="_Toc416960062"></a><a name="_Toc437440580"></a><a name="_Toc395187816"></a><a
-name="_Toc391471178"></a><a name="_Toc370634462"></a><a name="_Toc72656324"></a><a
-name="_Toc76209563"></a><a name="_Toc151796119"></a><a name="_Toc228807236"></a><a
-name="_Toc228894707">2.9.2 AES with Counter mechanism parameters</a></h3>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc405794852"></a><a name="_Toc72656325"></a><a name="_Toc76209564"></a><a
-name="_Toc151796120"></a><a name="_Toc228807237"></a><a name="_Toc385058044"><span
-lang=X-NONE style='font-family:Symbol;font-weight:normal'>¨<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><span
-lang=X-NONE style='font-family:"Arial",sans-serif'>CK_AES_CTR_PARAMS</span></a><span
-lang=X-NONE style='font-family:"Arial",sans-serif'>; CK_AES_CTR_PARAMS_PTR</span></p>
-
-<p class=MsoNormal><b>CK_AES_CTR_PARAMS</b> is a structure that provides the
-parameters to the <b>CKM_AES_CTR</b> mechanism.  It is defined as follows:</p>
-
-<p class=CCode>typedef struct CK_AES_CTR_PARAMS {</p>
-
-<p class=CCode>        CK_ULONG ulCounterBits;</p>
-
-<p class=CCode>        CK_BYTE cb[16];</p>
-
-<p class=CCode>} CK_AES_CTR_PARAMS;</p>
-
-<p class=CCode>&nbsp;</p>
-
-<p class=MsoNormal>ulCounterBits specifies the number of bits in the counter
-block (cb) that shall be incremented. This number  shall be such that 0 &lt; <i>ulCounterBits</i>
-&lt;= 128. For any values outside this range the mechanism shall return <b>CKR_MECHANISM_PARAM_INVALID</b>.</p>
-
-<p class=MsoNormal>It's up to the caller to initialize all of the bits in the
-counter block including the counter bits. The counter bits are the least
-significant bits of the counter block (cb). They are a big-endian value usually
-starting with 1. The rest of ‘cb’ is for the nonce, and maybe an optional IV.</p>
-
-<p class=MsoNormal>E.g. as defined in [RFC 3686]:</p>
-
-<pre><span style='font-family:"Courier New"'>    0                   1                   2                   3</span></pre><pre><span
-style='font-family:"Courier New"'>    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1</span></pre><pre><span
-style='font-family:"Courier New"'>   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</span></pre><pre><span
-style='font-family:"Courier New"'>   |                            Nonce                              |</span></pre><pre><span
-style='font-family:"Courier New"'>   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</span></pre><pre><span
-style='font-family:"Courier New"'>   |                  Initialization Vector (IV)                   |</span></pre><pre><span
-style='font-family:"Courier New"'>   |                                                               |</span></pre><pre><span
-style='font-family:"Courier New"'>   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</span></pre><pre><span
-style='font-family:"Courier New"'>   |                         Block Counter                         |</span></pre><pre><span
-style='font-family:"Courier New"'>   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</span></pre>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt;text-autospace:
-none'><span style='color:black'>&nbsp;</span></p>
-
-<p class=MsoNormal>This construction permits each packet to consist of up to 2<sup>32</sup>-1
-blocks  =  4,294,967,295 blocks = 68,719,476,720 octets.</p>
-
-<p class=MsoNormal><b>CK_AES_CTR_PARAMS_PTR</b> is a pointer to a <b>CK_AES_CTR_PARAMS</b>.</p>
-
-<h3><a name="_Toc441850500"></a><a name="_Toc441162422"></a><a
-name="_Toc416960063"></a><a name="_Toc437440581"></a><a name="_Toc395187817"></a><a
-name="_Toc391471179"></a><a name="_Toc370634463"></a><a name="_Toc151796121"></a><a
-name="_Toc228807238"></a><a name="_Toc228894708">2.9.3 AES with Counter
-Encryption / Decryption</a></h3>
-
-<p class=MsoNormal>Generic AES counter mode is described in NIST Special
-Publication 800-38A and in RFC 3686. These describe encryption using a counter
-block which may include a nonce to guarantee uniqueness of the counter block.
-Since the nonce is not incremented, the mechanism parameter must specify the
-number of counter bits in the counter block.</p>
-
-<p class=MsoNormal>The block counter is incremented by 1 after each block of
-plaintext is processed. There is no support for any other increment functions
-in this mechanism.</p>
-
-<p class=MsoNormal>If an attempt to encrypt/decrypt is made which will cause an
-overflow of the counter block’s counter bits, then the mechanism shall return <b>CKR_DATA_LEN_RANGE</b>.
-Note that the mechanism should allow the final post increment of the counter to
-overflow (if it implements it this way) but not allow any further processing
-after this point. E.g. if ulCounterBits = 2 and the counter bits start as 1
-then only 3 blocks of data can be processed. </p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<h2><a name="_Toc441850501"></a><a name="_Toc441162423"></a><a
-name="_Toc416960064"></a><a name="_Toc437440582"></a><a name="_Toc395187818"></a><a
-name="_Toc391471180"></a><a name="_Toc370634470">2.10 AES CBC with Cipher Text
-Stealing CTS</a></h2>
-
-<p class=MsoNormal>Ref [NIST AES CTS]</p>
-
-<p class=MsoNormal>This mode allows unpadded data that has length that is not a
-multiple of the block size to be encrypted to the same length of cipher text.</p>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>58</span></i><i><span style='font-size:9.0pt'>, AES CBC
-with Cipher Text Stealing CTS Mechanisms vs. Functions</span></i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0 width=570
- style='width:427.5pt;margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=234 valign=top style='width:175.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-   </td>
-   <td width=336 colspan=7 valign=top style='width:3.5in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Functions</span></b></p>
-   </td>
-  </tr>
-  <tr>
-   <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Mechanism</span></b></p>
-   </td>
-   <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Encrypt</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Decrypt</span></b></p>
-   </td>
-   <td width=47 valign=top style='width:35.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Sign</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Verify</span></b></p>
-   </td>
-   <td width=35 valign=top style='width:26.5pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>SR</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>VR</span></b><sup><span lang=SV style='font-size:10.0pt;
-   font-family:"Arial",sans-serif'>1</span></sup></p>
-   </td>
-   <td width=47 valign=top style='width:35.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>Digest</span></b></p>
-   </td>
-   <td width=41 valign=top style='width:30.9pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Gen.</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> Key/</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Pair</span></b></p>
-   </td>
-   <td width=58 valign=top style='width:43.7pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Wrap</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Unwrap</span></b></p>
-   </td>
-   <td width=53 valign=top style='width:39.8pt;border-top:solid black 1.0pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Derive</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_AES_CTS</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850502"></a><a name="_Toc441162424"></a><a
-name="_Toc416960065"></a><a name="_Toc437440583"></a><a name="_Toc395187819"></a><a
-name="_Toc391471181"></a><a name="_Toc370634471"></a><a name="_Toc228807240"></a><a
-name="_Toc228894710">2.10.1 Definitions</a></h3>
-
-<p class=MsoNormal>Mechanisms:</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_AES_CTS                     </p>
-
-<h3><a name="_Toc441850503"></a><a name="_Toc441162425"></a><a
-name="_Toc416960066"></a><a name="_Toc437440584"></a><a name="_Toc395187820"></a><a
-name="_Toc391471182"></a><a name="_Toc370634472"></a><a name="_Toc228807241"></a><a
-name="_Toc228894711">2.10.2 AES CTS mechanism parameters</a></h3>
-
-<p class=MsoNormal>It has a parameter, a 16-byte initialization vector.</p>
-
-<p class=MsoCaption><a name="_Toc228807531">Table </a>59, AES-CTS: Key And Data
-Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=119 valign=top style='width:88.95pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=64 valign=top style='width:47.9pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=109 valign=top style='width:81.45pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=192 valign=top style='width:143.7pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Output length</span></b></p>
-   </td>
-   <td width=101 valign=top style='width:75.4pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Comments</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=119 valign=top style='width:88.95pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Encrypt</span></p>
-  </td>
-  <td width=64 valign=top style='width:47.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>AES</span></p>
-  </td>
-  <td width=109 valign=top style='width:81.45pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Any, &#8805; block
-  size (16 bytes)</span></p>
-  </td>
-  <td width=192 valign=top style='width:143.7pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>same as input length</span></p>
-  </td>
-  <td width=101 valign=top style='width:75.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>no final part</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=119 valign=top style='width:88.95pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Decrypt</span></p>
-  </td>
-  <td width=64 valign=top style='width:47.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>AES</span></p>
-  </td>
-  <td width=109 valign=top style='width:81.45pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any, &#8805; block
-  size (16 bytes)</span></p>
-  </td>
-  <td width=192 valign=top style='width:143.7pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>same as input length</span></p>
-  </td>
-  <td width=101 valign=top style='width:75.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>no final part</span></p>
-  </td>
- </tr>
-</table>
-
-<h2><a name="_Toc441850504"></a><a name="_Toc441162426"></a><a
-name="_Toc416960067"></a><a name="_Toc437440585"></a><a name="_Toc395187821"></a><a
-name="_Toc391471183"></a><a name="_Toc370634473"></a><a name="_Toc228807242"></a><a
-name="_Toc228894712"><span lang=DE-CH>2.11 </span>Additional AES Mechanisms</a></h2>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>60</span></i><i><span style='font-size:9.0pt'>, Additional
-AES Mechanisms vs. Functions</span></i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0 width=570
- style='width:427.5pt;margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=192 valign=top style='width:144.25pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-   </td>
-   <td width=378 colspan=7 valign=top style='width:283.25pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Functions</span></b></p>
-   </td>
-  </tr>
-  <tr>
-   <td width=192 valign=top style='width:144.25pt;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Mechanism</span></b></p>
-   </td>
-   <td width=65 valign=top style='width:48.75pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Encrypt</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Decrypt</span></b></p>
-   </td>
-   <td width=52 valign=top style='width:39.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Sign</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Verify</span></b></p>
-   </td>
-   <td width=39 valign=top style='width:29.05pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>SR</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>VR</span></b><sup><span lang=SV style='font-size:10.0pt;
-   font-family:"Arial",sans-serif'>1</span></sup></p>
-   </td>
-   <td width=56 valign=top style='width:42.1pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>Digest</span></b></p>
-   </td>
-   <td width=45 valign=top style='width:33.75pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Gen.</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> Key/</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Pair</span></b></p>
-   </td>
-   <td width=64 valign=top style='width:48.2pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Wrap</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Unwrap</span></b></p>
-   </td>
-   <td width=56 valign=top style='width:42.1pt;border-top:solid black 1.0pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Derive</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=192 valign=top style='width:144.25pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_AES_GCM</span></p>
-  </td>
-  <td width=65 valign=top style='width:48.75pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=52 valign=top style='width:39.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=39 valign=top style='width:29.05pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:42.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=45 valign=top style='width:33.75pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.2pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=56 valign=top style='width:42.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=192 valign=top style='width:144.25pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_AES_CCM</span></p>
-  </td>
-  <td width=65 valign=top style='width:48.75pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=52 valign=top style='width:39.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=39 valign=top style='width:29.05pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:42.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=45 valign=top style='width:33.75pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.2pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=56 valign=top style='width:42.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=192 valign=top style='width:144.25pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_AES_GMAC</span></p>
-  </td>
-  <td width=65 valign=top style='width:48.75pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=52 valign=top style='width:39.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=39 valign=top style='width:29.05pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:42.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=45 valign=top style='width:33.75pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.2pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:42.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>&nbsp;</span></i></p>
-
-<h3><a name="_Toc441850505"></a><a name="_Toc441162427"></a><a
-name="_Toc416960068"></a><a name="_Toc437440586"></a><a name="_Toc395187822"></a><a
-name="_Toc391471184"></a><a name="_Toc370634474"></a><a name="_Toc228807243"></a><a
-name="_Toc228894713"></a><a name="_Toc222284779">2.11.1 Definitions</a></h3>
-
-<p class=MsoNormal>Mechanisms:</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_AES_GCM</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_AES_CCM</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_AES_GMAC</p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<h2><a name="_Toc222284778"></a><a name="_Toc228807239"></a><a
-name="_Toc228894709"></a><a name="_Toc441850506"></a><a name="_Toc441162428"></a><a
-name="_Toc416960069"></a><a name="_Toc437440587"></a><a name="_Toc395187823"></a><a
-name="_Toc391471185"></a><a name="_Toc370634467">2.12 AES-GCM Authenticated
-Encryption / Decryption</a></h2>
-
-<p class=MsoNormal>Generic GCM mode is described in [GCM]. To set up for
-AES-GCM use the following process, where <i>K</i> (key) and <i>AAD</i>
-(additional authenticated data) are as described in [GCM].</p>
-
-<p class=MsoNormal>Encrypt:</p>
-
-<ul style='margin-top:0in' type=disc>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Set the IV length <i>ulIvLen</i> in the
-     parameter block.</li>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Set the IV data <i>pIv</i> in the parameter
-     block. <i>pIV</i> may be NULL <i>if</i> <i>ulIvLen</i> is 0.</li>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Set the AAD data <i>pAAD</i> and size <i>ulAADLen</i>
-     in the parameter block. <i>pAAD m</i>ay be NULL if <i>ulAADLen</i> is 0.</li>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Set the tag length <i>ulTagBits</i> in the
-     parameter block.</li>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Call C_EncryptInit() for <b>CKM_AES_GCM</b>
-     mechanism with parameters and key <i>K</i>.</li>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Call C_Encrypt(), or C_EncryptUpdate()*<a
-     href="#_ftn3" name="_ftnref3" title=""><span class=FootnoteCharacters><span
-     class=FootnoteCharacters><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>[3]</span></span></span></a>
-     C_EncryptFinal(), for the plaintext obtaining ciphertext and
-     authentication tag output.</li>
-</ul>
-
-<p class=MsoNormal>Decrypt:</p>
-
-<ul style='margin-top:0in' type=disc>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>. Set the IV length <i>ulIvLen</i> in the
-     parameter block.</li>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Set the IV data <i>pIv</i> in the parameter
-     block. <i>pIV</i> may be NULL <i>if</i> <i>ulIvLen</i> is 0.</li>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Set the AAD data <i>pAAD</i> and size <i>ulAADLen</i>
-     in the parameter block. <i>pAAD m</i>ay be NULL if ulAADLen is 0.</li>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Set the tag length <i>ulTagBits</i> in the
-     parameter block.</li>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Call C_DecryptInit() for <b>CKM_AES_GCM</b>
-     mechanism with parameters and key <i>K</i>.</li>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Call C_Decrypt(), or C_DecryptUpdate()*<sup>1</sup>
-     C_DecryptFinal(), for the ciphertext, including the appended tag,
-     obtaining plaintext output. Note: since <b>CKM_AES_GCM</b> is an  AEAD
-     cipher, no data should be returned until C_Decrypt() or C_DecryptFinal().</li>
-</ul>
-
-<p class=MsoNormal>In <i>pIv</i> the least significant bit of the
-initialization vector is the rightmost bit. <i>ulIvLen</i> is the length of the
-initialization vector in bytes.</p>
-
-<p class=MsoNormal>The tag is appended to the cipher text and the least
-significant bit of the tag is the rightmost bit and the tag bits are the
-rightmost <i>ulTagBits</i> bits.</p>
-
-<p class=MsoNormal>The key type for <i>K</i> must be compatible with <b>CKM_AES_ECB</b>
-and the C_EncryptInit/C_DecryptInit calls shall behave, with respect to <i>K</i>,
-as if they were called directly with <b>CKM_AES_ECB</b>, <i>K</i> and NULL parameters.</p>
-
-<h3><a name="_Toc441850507"></a><a name="_Toc441162429"></a><a
-name="_Toc416960070"></a><a name="_Toc437440588"></a><a name="_Toc395187824"></a><a
-name="_Toc391471186"></a><a name="_Toc370634468"></a><a
-name="__RefHeading__1853_1399233392"></a>2.12.1 AES-CCM authenticated
-Encryption / Decryption</h3>
-
-<p class=MsoNormal>For IPsec (RFC 4309) and also for use in ZFS encryption.  Generic
-CCM mode is described in [RFC 3610].</p>
-
-<p class=MsoNormal>To set up for AES-CCM use the following process, where <i>K</i>
-(key), nonce and additional authenticated data are as described in [RFC 3610].</p>
-
-<p class=MsoNormal>Encrypt:</p>
-
-<ul style='margin-top:0in' type=disc>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Set the message/data length <i>ulDataLen</i>
-     in the parameter block.</li>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Set the nonce length <i>ulNonceLen</i> and the
-     nonce data <i>pNonce</i> in the parameter block. <i>pNonce</i> may be NULL
-     <i>if</i> <i>ulNonceLen</i> is 0.</li>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Set the AAD data <i>pAAD</i> and size <i>ulAADLen</i>
-     in the parameter block. <i>pAAD m</i>ay be NULL if <i>ulAADLen</i> is 0.</li>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Set the MAC length <i>ulMACLen</i> in the
-     parameter block.</li>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Call C_EncryptInit() for <b>CKM_AES_CCM</b>
-     mechanism with parameters and key <i>K</i>.</li>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Call C_Encrypt(),C_DecryptUpdate(), or C_EncryptFinal(),
-     for the plaintext obtaining ciphertext output obtaining the final
-     ciphertext output and the MAC. The total length of data processed must be <i>ulDataLen.
-     The output length will be ulDataLen + ulMACLen.</i></li>
-</ul>
-
-<p class=MsoNormal>Decrypt:</p>
-
-<ul style='margin-top:0in' type=disc>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Set the message/data length <i>ulDataLen</i>
-     in the parameter block. This length should not include the length of the
-     MAC that is appended to the cipher text.</li>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Set the nonce length <i>ulNonceLen</i> and the
-     nonce data <i>pNonce</i> in the parameter block. <i>pNonce</i> may be NULL
-     <i>if</i> <i>ulNonceLen</i> is 0.</li>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Set the AAD data <i>pAAD</i> and size <i>ulAADLen</i>
-     in the parameter block. <i>pAAD m</i>ay be NULL if <i>ulAADLen</i> is 0.</li>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Set the MAC length <i>ulMACLen</i> in the
-     parameter block.</li>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Call C_DecryptInit() for <b>CKM_AES_CCM</b>
-     mechanism with parameters and key <i>K</i>.</li>
-</ul>
-
-<ul style='margin-top:0in' type=disc>
- <li class=MsoNormal style='margin-top:6.0pt;margin-bottom:0in;margin-bottom:
-     .0001pt;text-align:justify'>Call C_Decrypt(), C_DecryptUpdate(), or
-     C_DecryptFinal(), for the ciphertext, including the appended MAC,
-     obtaining plaintext output. The total length of data processed must be <i>ulDataLen
-     + ulMACLen. Note: since <b>CKM_AES_CCM</b> is an  AEAD cipher, no data
-     should be returned until C_Decrypt() or C_DecryptFinal().</i></li>
-</ul>
-
-<p class=MsoNormal>The key type for <i>K</i> must be compatible with <b>CKM_AES_ECB</b>
-and the C_EncryptInit/C_DecryptInit calls shall behave, with respect to K, as
-if they were called directly with <b>CKM_AES_ECB</b>, <i>K</i> and NULL
-parameters.</p>
-
-<h3><a name="_Toc441850508"></a><a name="_Toc441162430"></a><a
-name="_Toc416960071"></a><a name="_Toc437440589"></a><a name="_Toc395187825"></a><a
-name="_Toc391471187"></a><a name="_Toc370634469">2.12.2 AES-GMAC</a></h3>
-
-<p class=MsoNormal>AES-GMAC, denoted <b>CKM_AES_GMAC</b>, is a mechanism for
-single and multiple-part signatures and verification.  It is described in NIST
-Special Publication 800-38D [GMAC].  GMAC is a special case of GCM that
-authenticates only the Additional Authenticated Data (AAD) part of the GCM
-mechanism parameters.  When HMAC is used with C_Sign or C_Verify, pData points
-to the AAD.  HMAC does not use plaintext or ciphertext.</p>
-
-<p class=MsoNormal>The signature produced by HMAC, also referred to as a Tag,
-is 16 bytes long.</p>
-
-<p class=MsoNormal>Its single mechanism parameter is a 12 byte initialization
-vector (IV).</p>
-
-<p class=MsoNormal>Constraints on key types and the length of data are
-summarized in the following table:</p>
-
-<p class=MsoCaption>Table 61, AES-GMAC: Key And Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=85 valign=top style='width:63.8pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=102 valign=top style='width:76.3pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='text-align:justify;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=99 valign=top style='width:74.55pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Data length</span></b></p>
-   </td>
-   <td width=266 valign=top style='width:199.35pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Signature length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=85 valign=top style='width:63.8pt;border:solid black 1.0pt;
-  border-left:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>C_Sign</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.3pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>CKK_AES</span></p>
-  </td>
-  <td width=99 valign=top style='width:74.55pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&lt; 2^64</span></p>
-  </td>
-  <td width=266 valign=top style='width:199.35pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>16 bytes</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=85 valign=top style='width:63.8pt;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Verify</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.3pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKK_AES</span></p>
-  </td>
-  <td width=99 valign=top style='width:74.55pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&lt; 2^64</span></p>
-  </td>
-  <td width=266 valign=top style='width:199.35pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>16 bytes</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>For this mechanism, the ulMinKeySize and ulMaxKeySize fields
-of the <b>CK_MECHANISM_INFO </b>structure specify the supported range of AES
-key sizes, in bytes.</p>
-
-<h3><a name="_Toc441850509"></a><a name="_Toc441162431"></a><a
-name="_Toc416960072"></a><a name="_Toc437440590"></a><a name="_Toc395187826"></a><a
-name="_Toc391471188"></a><a name="_Toc370634475"></a><a name="_Toc222284780"></a><a
-name="_Toc228807244"></a><a name="_Toc228894714">2.12.3 AES GCM and CCM
-Mechanism parameters</a></h3>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc222284781"></a><a name="_Toc228807245"><span lang=X-NONE
-style='font-family:Symbol;font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span lang=X-NONE style='font-family:"Arial",sans-serif'>CK_GCM_PARAMS;
-CK_GCM_PARAMS_PTR</span></a></p>
-
-<p class=MsoNormal>CK_GCM_PARAMS is a structure that provides the parameters to
-the CKM_AES_GCM mechanism.  It is defined as follows:</p>
-
-<p class=CCode>typedef struct CK_GCM_PARAMS {</p>
-
-<p class=CCode>  CK_BYTE_PTR pIv;</p>
-
-<p class=CCode>  CK_ULONG ulIvLen;</p>
-
-<p class=CCode>  CK_BYTE_PTR pAAD;</p>
-
-<p class=CCode>  CK_ULONG ulAADLen;</p>
-
-<p class=CCode>  CK_ULONG ulTagBits;</p>
-
-<p class=CCode>} CK_GCM_PARAMS;</p>
-
-<p class=MsoNormal>The fields of the structure have the following meanings:</p>
-
-<p class=definition0>                                            pIv       pointer
-to initialization vector</p>
-
-<p class=definition0>                                      ulIvLen       length
-of initialization vector in bytes. The length of the initialization vector can
-be any number between 1 and 256. 96-bit (12 byte) IV values can be processed
-more efficiently, so that length is recommended for situations in which
-efficiency is critical.</p>
-
-<p class=definition0>                                        pAAD       pointer
-to additional authentication data. This data is authenticated but not
-encrypted.</p>
-
-<p class=definition0>                                  ulAADLen       length of
-pAAD in bytes.</p>
-
-<p class=definition0>                                  ulTagBits       length
-of authentication tag (output following cipher text) in bits. Can be any value
-between 0 and 128.                                        </p>
-
-<p class=MsoNormal><b>CK</b>_GCM_PARAMS_PTR is a pointer to a CK_GCM_PARAMS.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc222284782"></a><a name="_Toc228807246"><span lang=X-NONE
-style='font-family:Symbol;font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span lang=X-NONE style='font-family:"Arial",sans-serif'>CK_CCM_PARAMS;
-CK_CCM_PARAMS_PTR</span></a></p>
-
-<p class=MsoNormal><b>CK_CCM_PARAMS</b> is a structure that provides the
-parameters to the <b>CKM_AES_CCM</b> mechanism.  It is defined as follows:</p>
-
-<p class=CCode>typedef struct CK_CCM_PARAMS {</p>
-
-<p class=CCode>   CK_ULONG ulDataLen; /*plaintext or ciphertext*/</p>
-
-<p class=CCode>   CK_BYTE_PTR pNonce;</p>
-
-<p class=CCode>   CK_ULONG ulNonceLen;</p>
-
-<p class=CCode>   CK_BYTE_PTR pAAD;</p>
-
-<p class=CCode>   CK_ULONG ulAADLen;</p>
-
-<p class=CCode>   CK_ULONG ulMACLen;</p>
-
-<p class=CCode>} CK_CCM_PARAMS;</p>
-
-<p class=MsoNormal>The fields of the structure have the following meanings,
-where L is the size in bytes of the data length’s length (2 &lt; L &lt; 8):</p>
-
-<p class=definition0>                                  ulDataLen       length
-of the data where 0 &lt;= ulDataLen &lt; 28L. </p>
-
-<p class=definition0>                                     pNonce       the
-nonce.</p>
-
-<p class=definition0>                               ulNonceLen       length of
-pNonce (&lt;= 15-L) in bytes.</p>
-
-<p class=definition0>                                        pAAD       Additional
-authentication data. This data is authenticated but not encrypted.</p>
-
-<p class=definition0>                                  ulAADLen       length of
-pAuthData in bytes.</p>
-
-<p class=definition0>                                 ulMACLen       length of
-the MAC (output following cipher text) in bytes. Valid values are 4, 6, 8, 10,
-12, 14, and 16.</p>
-
-<p class=MsoNormal>CK_CCM_PARAMS_PTR is a pointer to a CK_CCM_PARAMS.</p>
-
-<h3><a name="_Toc441850510"></a><a name="_Toc441162432"></a><a
-name="_Toc416960073"></a><a name="_Toc437440591"></a><a name="_Toc395187827"></a><a
-name="_Toc391471189"></a><a name="_Toc370634476"></a><a name="_Toc222284783"></a><a
-name="_Toc228807247"></a><a name="_Toc228894715">2.12.4 AES-GCM authenticated
-Encryption / Decryption</a></h3>
-
-<p class=MsoNormal>Generic GCM mode is described in [GCM]. To set up for
-AES-GCM use the following process, where <i>K</i> (key) and <i>AAD</i>
-(additional authenticated data) are as described in [GCM].</p>
-
-<p class=MsoNormal>Encrypt:</p>
-
-<ul style='margin-top:0in' type=disc>
- <li class=MsoNormal>Set the IV length <i>ulIvLen</i> in the parameter block.</li>
- <li class=MsoNormal>Set the IV data <i>pIv</i> in the parameter block. <i>pIV</i>
-     may be NULL <i>if</i> <i>ulIvLen</i> is 0.</li>
- <li class=MsoNormal>Set the AAD data <i>pAAD</i> and size <i>ulAADLen</i> in
-     the parameter block. <i>pAAD m</i>ay be NULL if <i>ulAADLen</i> is 0.</li>
- <li class=MsoNormal>Set the tag length <i>ulTagBits</i> in the parameter
-     block.</li>
- <li class=MsoNormal>Call C_EncryptInit() for <b>CKM_AES_GCM</b> mechanism with
-     parameters and key <i>K</i>.</li>
- <li class=MsoNormal>Call C_Encrypt(), or C_EncryptUpdate()*<a
-     name="_Ref194895262"></a><a href="#_ftn4" name="_ftnref4" title=""><span
-     class=MsoFootnoteReference><span class=MsoFootnoteReference><span
-     style='font-size:10.0pt;font-family:"Arial",sans-serif'>[4]</span></span></span></a>
-     C_EncryptFinal(), for the plaintext obtaining ciphertext and
-     authentication tag output.</li>
-</ul>
-
-<p class=MsoNormal>Decrypt:</p>
-
-<ul style='margin-top:0in' type=disc>
- <li class=MsoNormal>. Set the IV length <i>ulIvLen</i> in the parameter block.</li>
- <li class=MsoNormal>Set the IV data <i>pIv</i> in the parameter block. <i>pIV</i>
-     may be NULL <i>if</i> <i>ulIvLen</i> is 0.</li>
- <li class=MsoNormal>Set the AAD data <i>pAAD</i> and size <i>ulAADLen</i> in
-     the parameter block. <i>pAAD m</i>ay be NULL if ulAADLen is 0.</li>
- <li class=MsoNormal>Set the tag length <i>ulTagBits</i> in the parameter
-     block.</li>
- <li class=MsoNormal>Call C_DecryptInit() for <b>CKM_AES_GCM</b> mechanism with
-     parameters and key <i>K</i>.</li>
- <li class=MsoNormal>Call C_Decrypt(), or C_DecryptUpdate()*<sup>1</sup>
-     C_DecryptFinal(), for the ciphertext, including the appended tag,
-     obtaining plaintext output.</li>
-</ul>
-
-<p class=MsoNormal>In <i>pIv</i> the least significant bit of the
-initialization vector is the rightmost bit. <i>ulIvLen</i> is the length of the
-initialization vector in bytes.</p>
-
-<p class=MsoNormal>The tag is appended to the cipher text and the least
-significant bit of the tag is the rightmost bit and the tag bits are the
-rightmost <i>ulTagBits</i> bits.</p>
-
-<p class=MsoNormal>The key type for <i>K</i> must be compatible with <b>CKM_AES_ECB</b>
-and the C_EncryptInit/C_DecryptInit calls shall behave, with respect to <i>K</i>,
-as if they were called directly with <b>CKM_AES_ECB</b>, <i>K</i> and NULL
-parameters.</p>
-
-<h3><a name="_Toc441850511"></a><a name="_Toc441162433"></a><a
-name="_Toc416960074"></a><a name="_Toc437440592"></a><a name="_Toc395187828"></a><a
-name="_Toc391471190"></a><a name="_Toc370634477"></a><a name="_Toc222284784"></a><a
-name="_Toc228807248"></a><a name="_Toc228894716">2.12.5 AES-CCM authenticated
-Encryption / Decryption</a></h3>
-
-<p class=MsoNormal>For IPsec (RFC 4309) and also for use in ZFS encryption.
-Generic CCM mode is described in [RFC 3610].</p>
-
-<p class=MsoNormal>To set up for AES-CCM use the following process, where <i>K</i>
-(key), nonce and additional authenticated data are as described in [RFC 3610].</p>
-
-<p class=MsoNormal>Encrypt:</p>
-
-<ul style='margin-top:0in' type=disc>
- <li class=MsoNormal>Set the message/data length <i>ulDataLen</i> in the parameter
-     block.</li>
- <li class=MsoNormal>Set the nonce length <i>ulNonceLen</i> and the nonce data <i>pNonce</i>
-     in the parameter block. <i>pNonce</i> may be NULL <i>if</i> <i>ulNonceLen</i>
-     is 0.</li>
- <li class=MsoNormal>Set the AAD data <i>pAAD</i> and size <i>ulAADLen</i> in
-     the parameter block. <i>pAAD m</i>ay be NULL if <i>ulAADLen</i> is 0.</li>
- <li class=MsoNormal>Set the MAC length <i>ulMACLen</i> in the parameter block.</li>
- <li class=MsoNormal>Call C_EncryptInit() for <b>CKM_AES_CCM</b> mechanism with
-     parameters and key <i>K</i>.</li>
- <li class=MsoNormal>Call C_Encrypt(), or C_DecryptUpdate()*<sup>4</sup> C_EncryptFinal(), for the plaintext obtaining ciphertext output obtaining the
-     final ciphertext output and the MAC. The total length of data processed
-     must be <i>ulDataLen. The output length will be ulDataLen + ulMACLen.</i></li>
-</ul>
-
-<p class=MsoNormal>Decrypt:</p>
-
-<ul style='margin-top:0in' type=disc>
- <li class=MsoNormal>Set the message/data length <i>ulDataLen</i> in the
-     parameter block. This length should not include the length of the MAC that
-     is appended to the cipher text.</li>
- <li class=MsoNormal>Set the nonce length <i>ulNonceLen</i> and the nonce data <i>pNonce</i>
-     in the parameter block. <i>pNonce</i> may be NULL <i>if</i> <i>ulNonceLen</i>
-     is 0.</li>
- <li class=MsoNormal>Set the AAD data <i>pAAD</i> and size <i>ulAADLen</i> in
-     the parameter block. <i>pAAD m</i>ay be NULL if <i>ulAADLen</i> is 0.</li>
- <li class=MsoNormal>Set the MAC length <i>ulMACLen</i> in the parameter block.</li>
- <li class=MsoNormal>Call C_DecryptInit() for <b>CKM_AES_CCM</b> mechanism with
-     parameters and key <i>K</i>.</li>
- <li class=MsoNormal>Call C_Decrypt(), or C_DecryptUpdate()*<sup>4</sup> C_DecryptFinal(), for the ciphertext, including the appended MAC, obtaining
-     plaintext output. The total length of data processed must be <i>ulDataLen
-     + ulMACLen.</i></li>
-</ul>
-
-<p class=MsoNormal>The key type for <i>K</i> must be compatible with <b>CKM_AES_ECB</b>
-and the C_EncryptInit/C_DecryptInit calls shall behave, with respect to K, as
-if they were called directly with <b>CKM_AES_ECB</b>, <i>K</i> and NULL
-parameters.</p>
-
-<h2><a name="_Toc441850512"></a><a name="_Toc441162434"></a><a
-name="_Toc416960075"></a><a name="_Toc437440593"></a><a name="_Toc395187829"></a><a
-name="_Toc391471191"></a><a name="_Toc370634478"></a><a name="_Toc228807249"></a><a
-name="_Toc228894717">2.13 AES CMAC</a></h2>
-
-<p class=MsoCaption><a name="_Toc76209814"></a><a name="_Toc228807532">Table </a>62, Mechanisms vs. Functions</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=234 valign=top style='width:175.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-   </td>
-   <td width=336 colspan=7 valign=top style='width:3.5in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Functions</span></b></p>
-   </td>
-  </tr>
-  <tr>
-   <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Mechanism</span></b></p>
-   </td>
-   <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Encrypt</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Decrypt</span></b></p>
-   </td>
-   <td width=47 valign=top style='width:35.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Sign</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Verify</span></b></p>
-   </td>
-   <td width=35 valign=top style='width:26.5pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>SR</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>VR</span></b><sup><span lang=SV style='font-size:10.0pt;
-   font-family:"Arial",sans-serif'>1</span></sup></p>
-   </td>
-   <td width=47 valign=top style='width:35.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>Digest</span></b></p>
-   </td>
-   <td width=41 valign=top style='width:30.9pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Gen.</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> Key/</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Pair</span></b></p>
-   </td>
-   <td width=58 valign=top style='width:43.7pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Wrap</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Unwrap</span></b></p>
-   </td>
-   <td width=53 valign=top style='width:39.8pt;border-top:solid black 1.0pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Derive</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_AES_CMAC_GENERAL</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_AES_CMAC</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><sup>1</sup>
-<span class=MsoFootnoteReference>SR = SignRecover, VR = VerifyRecover</span>.</p>
-
-<h3><a name="_Toc441850513"></a><a name="_Toc441162435"></a><a
-name="_Toc416960076"></a><a name="_Toc437440594"></a><a name="_Toc395187830"></a><a
-name="_Toc391471192"></a><a name="_Toc370634479"></a><a name="_Toc234043806"></a><a
-name="_Toc228807250"></a><a name="_Toc228894718">2.13.1 Definitions</a></h3>
-
-<p class=MsoNormal>Mechanisms:</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_AES_CMAC_GENERAL                   
-</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_AES_CMAC                    </p>
-
-<h3><a name="_Toc441850514"></a><a name="_Toc441162436"></a><a
-name="_Toc416960077"></a><a name="_Toc437440595"></a><a name="_Toc395187831"></a><a
-name="_Toc391471193"></a><a name="_Toc370634480"></a><a name="_Toc234043807"></a><a
-name="_Toc228807251"></a><a name="_Toc228894719">2.13.2 Mechanism parameters</a></h3>
-
-<p class=MsoNormal>CKM_AES_CMAC_GENERAL uses the existing <b>CK_MAC_GENERAL_PARAMS
-</b>structure. CKM_AES_CMAC does not use a mechanism parameter.</p>
-
-<h3><a name="_Toc441850515"></a><a name="_Toc441162437"></a><a
-name="_Toc416960078"></a><a name="_Toc437440596"></a><a name="_Toc395187832"></a><a
-name="_Toc391471194"></a><a name="_Toc370634481"></a><a name="_Toc234043808"></a><a
-name="_Toc228807252"></a><a name="_Toc228894720">2.13.3 General-length AES-CMAC</a></h3>
-
-<p class=MsoNormal>General-length AES-CMAC, denoted <b>CKM_AES_CMAC_GENERAL</b>,
-is a mechanism for single- and multiple-part signatures and verification, based
-on <b>[</b>NIST SP800-38B<b>] </b>and<b> [</b>RFC 4493<b>]</b>.</p>
-
-<p class=MsoNormal>It has a parameter, a <b>CK_MAC_GENERAL_PARAMS </b>structure,
-which specifies the output length desired from the mechanism.</p>
-
-<p class=MsoNormal>The output bytes from this mechanism are taken from the
-start of the final AES cipher block produced in the MACing process.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of data are
-summarized in the following table:</p>
-
-<p class=MsoCaption><a name="_Toc228807533">Table </a>63, General-length
-AES-CMAC: Key And Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=85 valign=top style='width:63.8pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=102 valign=top style='width:76.3pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='text-align:justify;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=99 valign=top style='width:74.55pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Data length</span></b></p>
-   </td>
-   <td width=266 valign=top style='width:199.35pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Signature length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=85 valign=top style='width:63.8pt;border:solid black 1.0pt;
-  border-left:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>C_Sign</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.3pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>CKK_AES</span></p>
-  </td>
-  <td width=99 valign=top style='width:74.55pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=266 valign=top style='width:199.35pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>0-block size, as
-  specified in parameters</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=85 valign=top style='width:63.8pt;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Verify</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.3pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKK_AES</span></p>
-  </td>
-  <td width=99 valign=top style='width:74.55pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=266 valign=top style='width:199.35pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>0-block size, as
-  specified in parameters</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>References [NIST SP800-38B] and [RFC 4493] recommend that
-the output MAC is not truncated to less than 64 bits. The MAC length must be
-specified before the communication starts, and must not be changed during the
-lifetime of the key. It is the caller’s responsibility to follow these rules.</p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-AES key sizes, in bytes.</p>
-
-<h3><a name="_Toc441850516"></a><a name="_Toc441162438"></a><a
-name="_Toc416960079"></a><a name="_Toc437440597"></a><a name="_Toc395187833"></a><a
-name="_Toc391471195"></a><a name="_Toc370634482"></a><a name="_Toc234043809"></a><a
-name="_Toc228807253"></a><a name="_Toc228894721">2.13.4 AES-CMAC</a></h3>
-
-<p class=MsoNormal>AES-CMAC, denoted <b>CKM_AES_CMAC</b>, is a special case of
-the general-length AES-CMAC mechanism. AES-MAC always produces and verifies
-MACs that are a full block size in length, the default output length specified
-by [RFC 4493].</p>
-
-<p class=MsoNormal>Constraints on key types and the length of data are
-summarized in the following table:</p>
-
-<p class=MsoCaption><a name="_Toc228807534">Table </a>64, AES-CMAC: Key And
-Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=85 valign=top style='width:63.8pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=102 valign=top style='width:76.3pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='text-align:justify;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=99 valign=top style='width:74.55pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Data length</span></b></p>
-   </td>
-   <td width=266 valign=top style='width:199.35pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Signature length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=85 valign=top style='width:63.8pt;border:solid black 1.0pt;
-  border-left:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>C_Sign</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.3pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>CKK_AES</span></p>
-  </td>
-  <td width=99 valign=top style='width:74.55pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=266 valign=top style='width:199.35pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Block size (16 bytes)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=85 valign=top style='width:63.8pt;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Verify</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.3pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKK_AES</span></p>
-  </td>
-  <td width=99 valign=top style='width:74.55pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=266 valign=top style='width:199.35pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Block size (16 bytes)</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>References [NIST SP800-38B] and [RFC 4493] recommend that
-the output MAC is not truncated to less than 64 bits. The MAC length must be
-specified before the communication starts, and must not be changed during the
-lifetime of the key. It is the caller’s responsibility to follow these rules.</p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-AES key sizes, in bytes.</p>
-
-<h2><a name="_Toc441850517"></a><a name="_Toc441162439"></a><a
-name="_Toc416960080"></a><a name="_Toc437440598"></a><a name="_Toc395187834"></a><a
-name="_Toc391471196"></a><a name="_Toc370634483"></a><a name="_Toc228807254"></a><a
-name="_Toc228894722"><span lang=DE-CH>2.14 </span>AES Key Wrap</a></h2>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>65</span></i><i><span style='font-size:9.0pt'>, AES Key
-Wrap Mechanisms vs. Functions</span></i></p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0
- style='margin-left:.4pt;border-collapse:collapse'>
- <tr style='page-break-inside:avoid'>
-  <td width=234 valign=top style='width:175.5pt;border-top:black;border-left:
-  black;border-bottom:windowtext;border-right:windowtext;border-style:solid;
-  border-width:1.0pt;padding:0in 0in 0in 0in'><a name="_Toc215378699"></a>
-  <p class=TableSmallFont align=left style='text-align:left'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=338 colspan=7 valign=top style='width:253.5pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Functions</span></b></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.0pt;border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont align=left style='text-align:left'><b><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-  <p class=TableSmallFont align=left style='text-align:left'><b><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Mechanism</span></b></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Encrypt</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Decrypt</span></b></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Sign</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Verify</span></b></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>SR</span></b></p>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>VR</span></b><span lang=SV style='font-size:10.0pt;
-  font-family:"Arial",sans-serif;position:relative;top:-4.0pt'>1</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>&nbsp;</span></b></p>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>Digest</span></b></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Gen.</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> Key/</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Pair</span></b></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Wrap</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Unwrap</span></b></p>
-  </td>
-  <td width=55 valign=top style='width:41.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Derive</span></b></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.0pt;border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif;
-  color:black'>CKM_AES_KEY_WRAP</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.0pt;border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif;
-  color:black'>CKM_AES_KEY_WRAP_PAD</span><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'> </span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=572 colspan=8 valign=top style='width:429.0pt;border:solid black 1.0pt;
-  border-top:none;padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif;
-  position:relative;top:-4.0pt'>1</span><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>SR = SignRecover, VR = VerifyRecover</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850518"></a><a name="_Toc441162440"></a><a
-name="_Toc416960081"></a><a name="_Toc437440599"></a><a name="_Toc395187835"></a><a
-name="_Toc391471197"></a><a name="_Toc370634484"></a><a name="_Toc228807255"></a><a
-name="_Toc228894723">2.14.1 Definitions</a></h3>
-
-<p class=MsoNormal>Mechanisms:</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_AES_KEY_WRAP</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_AES_KEY_WRAP_PAD</p>
-
-<h3><a name="_Toc441850519"></a><a name="_Toc441162441"></a><a
-name="_Toc416960082"></a><a name="_Toc437440600"></a><a name="_Toc395187836"></a><a
-name="_Toc391471198"></a><a name="_Toc370634485"></a><a name="_Toc215378700"></a><a
-name="_Toc228807256"></a><a name="_Toc228894724">2.14.2 AES Key Wrap Mechanism
-parameters</a></h3>
-
-<p class=MsoNormal>The mechanisms will accept an optional mechanism parameter
-as the Initialization vector which, if present, must be a fixed size array of 8
-bytes, and, if NULL, will use the default initial value defined in Section
-2.2.3.1 of [AES KEYWRAP].</p>
-
-<p class=MsoNormal>The type of this parameter is CK_BYTE_PTR and the pointer
-points to the array of 8 bytes to be used as the initial value. The length
-shall be either 0 and the pointer NULL, or 8, and the pointer non-NULL.</p>
-
-<h3><a name="_Toc441850520"></a><a name="_Toc441162442"></a><a
-name="_Toc416960083"></a><a name="_Toc437440601"></a><a name="_Toc395187837"></a><a
-name="_Toc391471199"></a><a name="_Toc370634486"></a><a name="_Toc215378701"></a><a
-name="_Toc228807257"></a><a name="_Toc228894725">2.14.3 AES Key Wrap</a> </h3>
-
-<p class=MsoNormal>The mechanisms support only single-part operations, single
-part wrapping and unwrapping, and single-part encryption and decryption.</p>
-
-<p class=MsoNormal>The CKM_AES_KEY_WRAP mechanism can wrap a key of any length.
-A key whose length is not a multiple of the AES Key Wrap block size (8 bytes)
-will be zero padded to fit. The CKM_AES_KEY_WRAP mechanism can only encrypt a
-block of data whose size is an exact multiple of the AES Key Wrap algorithm
-block size.</p>
-
-<p class=MsoNormal>The CKM_AES_KEY_WRAP_PAD mechanism can wrap a key or block
-of data of any length.  It does the usual padding of inputs (keys or data
-blocks) that are not multiples of the AES Key Wrap algorithm block size, always
-producing wrapped output that is larger than the input key/data to be wrapped.
-This padding is done by the token before being passed to the AES key wrap
-algorithm, which adds an 8 byte AES Key Wrap algorithm block of data.</p>
-
-<h2><a name="_Toc441850521"></a><a name="_Toc441162443"></a><a
-name="_Toc416960084"></a><a name="_Toc437440602"></a><a name="_Toc395187838"></a><a
-name="_Toc391471200"></a><a name="_Toc370634487"></a><a name="_Toc228807258"></a><a
-name="_Toc228894726">2.15 Key derivation by data encryption – DES &amp; AES</a></h2>
-
-<p class=MsoNormal>These mechanisms allow derivation of keys using the result
-of an encryption operation as the key value. They are for use with the
-C_DeriveKey function.</p>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>66</span></i><i><span style='font-size:9.0pt'>, Key
-derivation by data encryption Mechanisms vs. Functions</span></i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=234 valign=top style='width:175.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'><a name="_Toc72656333"></a>
-   <p class=TableSmallFont align=left style='text-align:left'><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-   </td>
-   <td width=336 colspan=7 valign=top style='width:3.5in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Functions</span></b></p>
-   </td>
-  </tr>
-  <tr>
-   <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Mechanism</span></b></p>
-   </td>
-   <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Encrypt</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Decrypt</span></b></p>
-   </td>
-   <td width=47 valign=top style='width:35.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Sign</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Verify</span></b></p>
-   </td>
-   <td width=35 valign=top style='width:26.5pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>SR</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>VR</span></b><sup><span lang=SV style='font-size:10.0pt;
-   font-family:"Arial",sans-serif'>1</span></sup></p>
-   </td>
-   <td width=47 valign=top style='width:35.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>Digest</span></b></p>
-   </td>
-   <td width=41 valign=top style='width:30.9pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Gen.</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> Key/</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Pair</span></b></p>
-   </td>
-   <td width=58 valign=top style='width:43.7pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Wrap</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Unwrap</span></b></p>
-   </td>
-   <td width=53 valign=top style='width:39.8pt;border-top:solid black 1.0pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Derive</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=CCode style='margin-left:0in;text-indent:0in'><span lang=FR-CH
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_DES_ECB_ENCRYPT_DATA</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=FR-CH
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=FR-CH
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=FR-CH
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=FR-CH
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=FR-CH
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=FR-CH
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=CCode style='margin-left:0in;text-indent:0in'><span lang=FR
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_DES_CBC_ENCRYPT_DATA</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=FR
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=FR
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=FR
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=FR
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=FR
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=FR
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=CCode style='margin-left:0in;text-indent:0in'><span lang=FR-CH
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_DES3_ECB_ENCRYPT_DATA</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=FR-CH
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=FR-CH
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=FR-CH
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=FR-CH
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=FR-CH
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=FR-CH
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=CCode style='margin-left:0in;text-indent:0in'><span lang=FR
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_DES3_CBC_ENCRYPT_DATA</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=FR
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=FR
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=FR
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=FR
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=FR
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=FR
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=CCode style='margin-left:0in;text-indent:0in'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_AES_ECB_ENCRYPT_DATA</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_AES_CBC_ENCRYPT_DATA</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850522"></a><a name="_Toc441162444"></a><a
-name="_Toc416960085"></a><a name="_Toc437440603"></a><a name="_Toc395187839"></a><a
-name="_Toc391471201"></a><a name="_Toc370634488"></a><a name="_Toc228807259"></a><a
-name="_Toc228894727">2.15.1 Definitions</a></h3>
-
-<p class=MsoNormal><span lang=DE>Mechanisms:</span></p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_DES_ECB_ENCRYPT_DATA</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_DES_CBC_ENCRYPT_DATA</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_DES3_ECB_ENCRYPT_DATA</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_DES3_CBC_ENCRYPT_DATA</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_AES_ECB_ENCRYPT_DATA</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_AES_CBC_ENCRYPT_DATA</p>
-
-<p class=CCode><span style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=CCode>typedef struct CK_DES_CBC_ENCRYPT_DATA_PARAMS {</p>
-
-<p class=CCode>  CK_BYTE      iv[8];</p>
-
-<p class=CCode>  CK_BYTE_PTR  pData;</p>
-
-<p class=CCode>  CK_ULONG     length;</p>
-
-<p class=CCode>} CK_DES_CBC_ENCRYPT_DATA_PARAMS;</p>
-
-<p class=CCode>typedef CK_DES_CBC_ENCRYPT_DATA_PARAMS CK_PTR
-CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR;</p>
-
-<p class=CCode>&nbsp;</p>
-
-<p class=CCode>typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS {</p>
-
-<p class=CCode>  CK_BYTE      iv[16];</p>
-
-<p class=CCode>  CK_BYTE_PTR  pData;</p>
-
-<p class=CCode>  CK_ULONG     length;</p>
-
-<p class=CCode>} CK_AES_CBC_ENCRYPT_DATA_PARAMS;</p>
-
-<p class=CCode>typedef CK_AES_CBC_ENCRYPT_DATA_PARAMS CK_PTR</p>
-
-<p class=CCode>CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR;</p>
-
-<h3><a name="_Toc441850523"></a><a name="_Toc441162445"></a><a
-name="_Toc416960086"></a><a name="_Toc437440604"></a><a name="_Toc395187840"></a><a
-name="_Toc391471202"></a><a name="_Toc370634489"></a><a name="_Toc72656334"></a><a
-name="_Toc228807260"></a><a name="_Toc228894728">2.15.2 Mechanism Parameters</a></h3>
-
-<p class=MsoNormal>Uses CK_KEY_DERIVATION_STRING_DATA as defined in section 2.31.2</p>
-
-<p class=MsoCaption><a name="_Toc228807535">Table </a>67, Mechanism Parameters</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='border-collapse:collapse;border:none'>
- <tr>
-  <td width=247 valign=top style='width:185.4pt;border:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_DES_ECB_ENCRYPT_DATA<br>
-  CKM_DES3_ECB_ENCRYPT_DATA</span></p>
-  </td>
-  <td width=343 valign=top style='width:257.4pt;border:solid windowtext 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Uses
-  CK_KEY_DERIVATION_STRING_DATA structure. Parameter is the data to be
-  encrypted and must be a multiple of 8 bytes long.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=247 valign=top style='width:185.4pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_AES_ECB_ENCRYPT_DATA</span></p>
-  </td>
-  <td width=343 valign=top style='width:257.4pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Uses
-  CK_KEY_DERIVATION_STRING_DATA structure. Parameter is the data to be
-  encrypted and must be a multiple of 16 long.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=247 valign=top style='width:185.4pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_DES_CBC_ENCRYPT_DATA</span></p>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_DES3_CBC_ENCRYPT_DATA</span></p>
-  </td>
-  <td width=343 valign=top style='width:257.4pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span lang=FR-CH style='font-size:10.0pt;font-family:"Arial",sans-serif'>Uses
-  CK_DES_CBC_ENCRYPT_DATA_PARAMS. </span><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Parameter is an 8 byte IV value followed by
-  the data. The data value part must be a multiple of 8 bytes long.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=247 valign=top style='width:185.4pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_AES_CBC_ENCRYPT_DATA</span></p>
-  </td>
-  <td width=343 valign=top style='width:257.4pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Uses
-  CK_AES_CBC_ENCRYPT_DATA_PARAMS. Parameter is an 16 byte IV value followed by
-  the data. The data value part</span></p>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>must
-  be a multiple of 16 bytes long.</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850524"></a><a name="_Toc441162446"></a><a
-name="_Toc416960087"></a><a name="_Toc437440605"></a><a name="_Toc395187841"></a><a
-name="_Toc391471203"></a><a name="_Toc370634490"></a><a name="_Toc72656335"></a><a
-name="_Toc228807261"></a><a name="_Toc228894729">2.15.3 Mechanism Description</a></h3>
-
-<p class=MsoNormal>The mechanisms will function by performing the encryption
-over the data provided using the base key. The resulting cipher text shall be
-used to create the key value of the resulting key. If not all the cipher text
-is used then the part discarded will be from the trailing end (least
-significant bytes) of the cipher text data. The derived key shall be defined by
-the attribute template supplied but constrained by the length of cipher text
-available for the key value and other normal PKCS11 derivation constraints. </p>
-
-<p class=MsoNormal>Attribute template handling, attribute defaulting and key
-value preparation will operate as per the SHA-1 Key Derivation mechanism in
-section 2.18.5.</p>
-
-<p class=MsoNormal>If the data is too short to make the requested key then the mechanism
-returns CKR_DATA_LEN_RANGE.</p>
-
-<h2><a name="_Toc441850525"></a><a name="_Toc441162447"></a><a
-name="_Toc416960088"></a><a name="_Toc437440606"></a><a name="_Toc395187842"></a><a
-name="_Toc391471204"></a><a name="_Toc370634491"></a><a name="_Toc72656336"></a><a
-name="_Toc228807262"></a><a name="_Toc228894730"><span lang=DE-CH>2.16 </span>Double
-and Triple-length DES</a></h2>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>68</span></i><i><span style='font-size:9.0pt'>, Double
-and Triple-Length DES Mechanisms vs. Functions</span></i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=234 valign=top style='width:175.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'><a name="_Toc385058054"></a><a
-   name="_Toc405794861"></a><a name="_Toc72656337"></a>
-   <p class=TableSmallFont align=left style='text-align:left'><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-   </td>
-   <td width=336 colspan=7 valign=top style='width:3.5in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Functions</span></b></p>
-   </td>
-  </tr>
-  <tr>
-   <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Mechanism</span></b></p>
-   </td>
-   <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Encrypt</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Decrypt</span></b></p>
-   </td>
-   <td width=47 valign=top style='width:35.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Sign</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Verify</span></b></p>
-   </td>
-   <td width=35 valign=top style='width:26.5pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>SR</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>VR</span></b><sup><span lang=SV style='font-size:10.0pt;
-   font-family:"Arial",sans-serif'>1</span></sup></p>
-   </td>
-   <td width=47 valign=top style='width:35.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>Digest</span></b></p>
-   </td>
-   <td width=41 valign=top style='width:30.9pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Gen.</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> Key/</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Pair</span></b></p>
-   </td>
-   <td width=58 valign=top style='width:43.7pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Wrap</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Unwrap</span></b></p>
-   </td>
-   <td width=53 valign=top style='width:39.8pt;border-top:solid black 1.0pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Derive</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_DES2_KEY_GEN</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_DES3_KEY_GEN</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_DES3_ECB</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_DES3_CBC</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_DES3_CBC_PAD</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_DES3_MAC_GENERAL</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_DES3_MAC</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850526"></a><a name="_Toc441162448"></a><a
-name="_Toc416960089"></a><a name="_Toc437440607"></a><a name="_Toc395187843"></a><a
-name="_Toc391471205"></a><a name="_Toc370634492"></a><a name="_Toc228807263"></a><a
-name="_Toc228894731">2.16.1 Definitions</a></h3>
-
-<p class=MsoNormal>This section defines the key type “CKK_DES2” and “CKK_DES3”
-for type CK_KEY_TYPE as used in the CKA_KEY_TYPE attribute of key objects.</p>
-
-<p class=MsoNormal><span lang=DE>Mechanisms:</span></p>
-
-<p class=MsoNormal style='margin-left:.5in'><span lang=DE>CKM_DES2_KEY_GEN              
-</span></p>
-
-<p class=MsoNormal style='margin-left:.5in'><span lang=DE>CKM_DES3_KEY_GEN              
-</span></p>
-
-<p class=MsoNormal style='margin-left:.5in'><span lang=DE>CKM_DES3_ECB                  
-</span></p>
-
-<p class=MsoNormal style='margin-left:.5in'><span lang=DE>CKM_DES3_CBC                  
-</span></p>
-
-<p class=MsoNormal style='margin-left:.5in'><span lang=DE>CKM_DES3_MAC                  
-</span></p>
-
-<p class=MsoNormal style='margin-left:.5in'><span lang=DE>CKM_DES3_MAC_GENERAL          
-</span></p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_DES3_CBC_PAD               </p>
-
-<h3><a name="_Toc441850527"></a><a name="_Toc441162449"></a><a
-name="_Toc416960090"></a><a name="_Toc437440608"></a><a name="_Toc395187844"></a><a
-name="_Toc391471206"></a><a name="_Toc370634493"></a><a name="_Toc322855294"></a><a
-name="_Toc322945136"></a><a name="_Toc323000703"></a><a name="_Toc323024098"></a><a
-name="_Toc323205430"></a><a name="_Toc323610860"></a><a name="_Toc383864867"></a><a
-name="_Toc385057875"></a><a name="_Toc405794692"></a><a name="_Toc72656338"></a><a
-name="_Toc228807264"></a><a name="_Toc228894732">2.16.2 DES2 secret key objects</a></h3>
-
-<p class=MsoNormal>DES2 secret key objects (object class <b>CKO_SECRET_KEY, </b>key
-type <b>CKK_DES2</b>) hold double-length DES keys.  The following table defines
-the DES2 secret key object attributes, in addition to the common attributes
-defined for this object class:</p>
-
-<p class=MsoCaption><a name="_Toc323204896"></a><a name="_Toc383864531"></a><a
-name="_Toc405795000"></a><a name="_Toc228807536"></a><a name="_Toc319314021"></a><a
-name="_Toc319314563"></a><a name="_Toc319314978"></a><a name="_Toc319315850">Table
-</a>69, DES2 Secret Key Object Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=150 valign=top style='width:112.5pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Attribute</span></b></p>
-   </td>
-   <td width=90 valign=top style='width:67.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Data type</span></b></p>
-   </td>
-   <td width=210 valign=top style='width:157.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=150 valign=top style='width:112.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_VALUE<sup>1,4,6,7</sup></span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Byte array</span></p>
-  </td>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Key value (always 16 bytes long)</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><a name="_Toc319287668"></a><a name="_Toc319313509"></a><a
-name="_Toc319313702"></a><a name="_Toc319315695"><sup>- <span
-class=MsoFootnoteReference>Refer to [PKCS #11-Base]  table 10 for footnotes</span></sup></a></p>
-
-<p class=MsoNormal>DES2 keys must always have their parity bits properly set as
-described in FIPS PUB 46-3 (<i>i.e.</i>, each of the DES keys comprising a DES2
-key must have its parity bits properly set).  Attempting to create or unwrap a
-DES2 key with incorrect parity will return an error.</p>
-
-<p class=MsoNormal>The following is a sample template for creating a
-double-length DES secret key object:</p>
-
-<p class=CCode>CK_OBJECT_CLASS class = CKO_SECRET_KEY;</p>
-
-<p class=CCode>CK_KEY_TYPE keyType = CKK_DES2;</p>
-
-<p class=CCode>CK_UTF8CHAR label[] = “A DES2 secret key object”;</p>
-
-<p class=CCode>CK_BYTE value[16] = {...};</p>
-
-<p class=CCode>CK_BBOOL true = CK_TRUE;</p>
-
-<p class=CCode>CK_ATTRIBUTE template[] = {</p>
-
-<p class=CCode>  {CKA_CLASS, &amp;class, sizeof(class)},</p>
-
-<p class=CCode>  {CKA_KEY_TYPE, &amp;keyType, sizeof(keyType)},</p>
-
-<p class=CCode>  {CKA_TOKEN, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_LABEL, label, sizeof(label)-1},</p>
-
-<p class=CCode>  {CKA_ENCRYPT, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_VALUE, value, sizeof(value)}</p>
-
-<p class=CCode>};</p>
-
-<p class=MsoNormal><a name="_Toc322855295"></a><a name="_Toc322945137"></a><a
-name="_Toc323000704"></a><a name="_Toc323024099"></a><a name="_Toc323205431"></a><a
-name="_Toc323610861"></a><a name="_Toc383864868"></a><a name="_Toc385057876"></a><a
-name="_Toc405794693">&nbsp;</a></p>
-
-<p class=MsoNormal>CKA_CHECK_VALUE: The value of this attribute is derived from
-the key object by taking the first three bytes of the ECB encryption of a
-single block of null (0x00) bytes, using the default cipher associated with the
-key type of the secret key object.</p>
-
-<h3><a name="_Toc441850528"></a><a name="_Toc441162450"></a><a
-name="_Toc416960091"></a><a name="_Toc437440609"></a><a name="_Toc395187845"></a><a
-name="_Toc391471207"></a><a name="_Toc370634494"></a><a name="_Toc72656339"></a><a
-name="_Toc228807265"></a><a name="_Toc228894733">2.16.3 DES3 secret key objects</a></h3>
-
-<p class=MsoNormal>DES3 secret key objects (object class <b>CKO_SECRET_KEY, </b>key
-type <b>CKK_DES3</b>) hold triple-length DES keys.  The following table defines
-the DES3 secret key object attributes, in addition to the common attributes
-defined for this object class:</p>
-
-<p class=MsoCaption><a name="_Toc323204897"></a><a name="_Toc383864532"></a><a
-name="_Toc405795001"></a><a name="_Toc228807537"></a><a name="_Toc319314022"></a><a
-name="_Toc319314564"></a><a name="_Toc319314979"></a><a name="_Toc319315851">Table
-</a>70, DES3 Secret Key Object Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=150 valign=top style='width:112.5pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Attribute</span></b></p>
-   </td>
-   <td width=90 valign=top style='width:67.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Data type</span></b></p>
-   </td>
-   <td width=210 valign=top style='width:157.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=150 valign=top style='width:112.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_VALUE<sup>1,4,6,7</sup></span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Byte array</span></p>
-  </td>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Key value (always 24 bytes long)</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>- <span class=MsoFootnoteReference>Refer to [PKCS
-#11-Base]  table 10 for footnotes</span></sup></p>
-
-<p class=MsoNormal>DES3 keys must always have their parity bits properly set as
-described in FIPS PUB 46-3 (<i>i.e.</i>, each of the DES keys comprising a DES3
-key must have its parity bits properly set).  Attempting to create or unwrap a
-DES3 key with incorrect parity will return an error.</p>
-
-<p class=MsoNormal>The following is a sample template for creating a
-triple-length DES secret key object:</p>
-
-<p class=CCode>CK_OBJECT_CLASS class = CKO_SECRET_KEY;</p>
-
-<p class=CCode>CK_KEY_TYPE keyType = CKK_DES3;</p>
-
-<p class=CCode>CK_UTF8CHAR label[] = “A DES3 secret key object”;</p>
-
-<p class=CCode>CK_BYTE value[24] = {...};</p>
-
-<p class=CCode>CK_BBOOL true = CK_TRUE;</p>
-
-<p class=CCode>CK_ATTRIBUTE template[] = {</p>
-
-<p class=CCode>  {CKA_CLASS, &amp;class, sizeof(class)},</p>
-
-<p class=CCode>  {CKA_KEY_TYPE, &amp;keyType, sizeof(keyType)},</p>
-
-<p class=CCode>  {CKA_TOKEN, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_LABEL, label, sizeof(label)-1},</p>
-
-<p class=CCode>  {CKA_ENCRYPT, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_VALUE, value, sizeof(value)}</p>
-
-<p class=CCode>};</p>
-
-<p class=CCode><span style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=MsoNormal>CKA_CHECK_VALUE: The value of this attribute is derived from
-the key object by taking the first three bytes of the ECB encryption of a
-single block of null (0x00) bytes, using the default cipher associated with the
-key type of the secret key object.</p>
-
-<h3><a name="_Toc441850529"></a><a name="_Toc441162451"></a><a
-name="_Toc416960092"></a><a name="_Toc437440610"></a><a name="_Toc395187846"></a><a
-name="_Toc391471208"></a><a name="_Toc370634495"></a><a name="_Toc72656340"></a><a
-name="_Toc228807266"></a><a name="_Toc228894734">2.16.4 Double-length DES key
-generation</a></h3>
-
-<p class=MsoNormal>The double-length DES key generation mechanism, denoted <b>CKM_DES2_KEY_GEN</b>,
-is a key generation mechanism for double-length DES keys.  The DES keys making
-up a double-length DES key both have their parity bits set properly, as
-specified in FIPS PUB 46-3.</p>
-
-<p class=MsoNormal>It does not have a parameter.</p>
-
-<p class=MsoNormal>The mechanism contributes the<b> CKA_CLASS</b>, <b>CKA_KEY_TYPE</b>,
-and <b>CKA_VALUE</b> attributes to the new key. Other attributes supported by
-the double-length DES key type (specifically, the flags indicating which
-functions the key supports) may be specified in the template for the key, or
-else are assigned default initial values.</p>
-
-<p class=MsoNormal>Double-length DES keys can be used with all the same
-mechanisms as triple-DES keys: <b>CKM_DES3_ECB</b>, <b>CKM_DES3_CBC</b>, <b>CKM_DES3_CBC_PAD</b>,
-<b>CKM_DES3_MAC_GENERAL</b>, and <b>CKM_DES3_MAC</b>.  Triple-DES encryption
-with a double-length DES key is equivalent to encryption with a triple-length
-DES key with K1=K3 as specified in FIPS PUB 46-3.</p>
-
-<p class=MsoNormal><a name="_Toc385058055"></a><a name="_Toc322855333"></a><a
-name="_Toc322945175"></a><a name="_Toc323000742"></a><a name="_Toc323024193">When
-double-length DES keys are generated, it is token-dependent whether or not it
-is possible for either of the component DES keys to be “weak” or “semi-weak”
-keys.</a></p>
-
-<h3><a name="_Toc441850530"></a><a name="_Toc441162452"></a><a
-name="_Toc416960093"></a><a name="_Toc437440611"></a><a name="_Toc395187847"></a><a
-name="_Toc391471209"></a><a name="_Toc370634496"></a><a name="_Toc72656341"></a><a
-name="_Toc228807267"></a><a name="_Toc228894735">2.16.5 Triple-length DES Order
-of Operations</a></h3>
-
-<p class=MsoNormal>Triple-length DES encryptions are carried out as specified
-in FIPS PUB 46-3: encrypt, decrypt, encrypt. Decryptions are carried out with
-the opposite three steps: decrypt, encrypt, decrypt. The mathematical
-representations of the encrypt and decrypt operations are as follows:</p>
-
-<p class=CCode>DES3-E({K1,K2,K3}, P) = E(K3, D(K2, E(K1, P)))</p>
-
-<p class=CCode>DES3-D({K1,K2,K3}, C) = D(K1, E(K2, D(K3, P)))</p>
-
-<h3><a name="_Toc441850531"></a><a name="_Toc441162453"></a><a
-name="_Toc416960094"></a><a name="_Toc437440612"></a><a name="_Toc395187848"></a><a
-name="_Toc391471210"></a><a name="_Toc370634497"></a><a name="_Toc72656342"></a><a
-name="_Toc228807268"></a><a name="_Toc228894736">2.16.6 Triple-length DES in
-CBC Mode</a></h3>
-
-<p class=MsoNormal>Triple-length DES operations in CBC mode, with double or
-triple-length keys, are performed using outer CBC as defined in X9.52. X9.52
-describes this mode as TCBC. The mathematical representations of the CBC
-encrypt and decrypt operations are as follows:</p>
-
-<p class=CCode><span lang=IT>DES3-CBC-E({K1,K2,K3}, P) = E(K3, D(K2, E(K1, P +
-I)))</span></p>
-
-<p class=CCode><span lang=IT>DES3-CBC-D({K1,K2,K3}, C) = D(K1, E(K2, D(K3, P)))
-+ I</span></p>
-
-<p class=MsoNormal>The value <i>I</i> is either an 8-byte initialization vector
-or the previous block of cipher text that is added to the current input block.
-The addition operation is used is addition modulo-2 (XOR).</p>
-
-<h3><a name="_Toc405794862"></a><a name="_Toc441850532"></a><a
-name="_Toc441162454"></a><a name="_Toc416960095"></a><a name="_Toc437440613"></a><a
-name="_Toc395187849"></a><a name="_Toc391471211"></a><a name="_Toc370634498"></a><a
-name="_Toc72656343"></a><a name="_Toc228807269"></a><a name="_Toc228894737">2.16.7
-DES and Triple length DES in OFB Mode</a></h3>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>71</span></i><i><span style='font-size:9.0pt'>, DES and
-Triple Length DES in OFB Mode Mechanisms vs. Functions</span></i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=234 valign=top style='width:175.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-   </td>
-   <td width=336 colspan=7 valign=top style='width:3.5in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Functions</span></b></p>
-   </td>
-  </tr>
-  <tr>
-   <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Mechanism</span></b></p>
-   </td>
-   <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Encrypt</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Decrypt</span></b></p>
-   </td>
-   <td width=47 valign=top style='width:35.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Sign</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Verify</span></b></p>
-   </td>
-   <td width=35 valign=top style='width:26.5pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>SR</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>VR</span></b><sup><span lang=SV style='font-size:10.0pt;
-   font-family:"Arial",sans-serif'>1</span></sup></p>
-   </td>
-   <td width=47 valign=top style='width:35.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>Digest</span></b></p>
-   </td>
-   <td width=41 valign=top style='width:30.9pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Gen.</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> Key/</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Pair</span></b></p>
-   </td>
-   <td width=58 valign=top style='width:43.7pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Wrap</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Unwrap</span></b></p>
-   </td>
-   <td width=53 valign=top style='width:39.8pt;border-top:solid black 1.0pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Derive</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_DES_OFB64</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='text-align:justify;page-break-after:auto'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_DES_OFB8</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='text-align:justify;page-break-after:auto'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_DES_CFB64</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='text-align:justify;page-break-after:auto'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_DES_CFB8</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='text-align:justify;page-break-after:auto'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<p class=MsoNormal>Cipher DES has a output feedback mode, DES-OFB, denoted <b>CKM_DES_OFB8
-</b>and<b> CKM_DES_OFB64</b>.  It is a mechanism for single and multiple-part
-encryption and decryption with DES.</p>
-
-<p class=MsoNormal>It has a parameter, an initialization vector for this mode. 
-The initialization vector has the same length as the block size.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of data are
-summarized in the following table:</p>
-
-<p class=MsoCaption><a name="_Toc228807538">Table </a>72, OFB: Key And Data
-Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=114 valign=top style='width:85.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=102 valign=top style='width:76.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=72 valign=top style='width:.75in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=186 valign=top style='width:139.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Output length</span></b></p>
-   </td>
-   <td width=90 valign=top style='width:67.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Comments</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border:solid black 1.0pt;
-  border-left:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Encrypt</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=DE style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>CKK_DES, CKK_DES2, CKK_DES3</span></p>
-  </td>
-  <td width=72 valign=top style='width:.75in;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=186 valign=top style='width:139.5pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>same as input length</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>no final part</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Decrypt</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=DE style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>CKK_DES, CKK_DES2, CKK_DES3</span></p>
-  </td>
-  <td width=72 valign=top style='width:.75in;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=186 valign=top style='width:139.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>same as input length</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>no final part</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>For this mechanism the <b>CK_MECHANISM_INFO</b> structure is
-as specified for CBC mode.</p>
-
-<h3><a name="_Toc441850533"></a><a name="_Toc441162455"></a><a
-name="_Toc416960096"></a><a name="_Toc437440614"></a><a name="_Toc395187850"></a><a
-name="_Toc391471212"></a><a name="_Toc370634499"></a><a name="_Toc72656344"></a><a
-name="_Toc228807270"></a><a name="_Toc228894738">2.16.8 DES and Triple length
-DES in CFB Mode</a></h3>
-
-<p class=MsoNormal>Cipher DES has a cipher feedback mode, DES-CFB, denoted <b>CKM_DES_CFB8
-</b>and<b> CKM_DES_CFB64</b>.  It is a mechanism for single and multiple-part
-encryption and decryption with DES.</p>
-
-<p class=MsoNormal>It has a parameter, an initialization vector for this mode. 
-The initialization vector has the same length as the block size.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of data are
-summarized in the following table:</p>
-
-<p class=MsoCaption><a name="_Toc228807539">Table </a>73, CFB: Key And Data
-Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=114 valign=top style='width:85.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=102 valign=top style='width:76.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=72 valign=top style='width:.75in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=186 valign=top style='width:139.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Output length</span></b></p>
-   </td>
-   <td width=90 valign=top style='width:67.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Comments</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border:solid black 1.0pt;
-  border-left:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Encrypt</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=DE style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>CKK_DES, CKK_DES2, CKK_DES3</span></p>
-  </td>
-  <td width=72 valign=top style='width:.75in;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=186 valign=top style='width:139.5pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>same as input length</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>no final part</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Decrypt</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=DE style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>CKK_DES, CKK_DES2, CKK_DES3</span></p>
-  </td>
-  <td width=72 valign=top style='width:.75in;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=186 valign=top style='width:139.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>same as input length</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>no final part</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>For this mechanism the <b>CK_MECHANISM_INFO</b> structure is
-as specified for CBC mode.</p>
-
-<h2><a name="_Toc322855335"></a><a name="_Toc322945177"></a><a
-name="_Toc323000744"></a><a name="_Toc323024195"></a><a name="_Toc323205529"></a><a
-name="_Toc323610958"></a><a name="_Toc383864975"></a><a name="_Toc405794902"></a><a
-name="_Toc72656393"></a><a name="_Toc441850534"></a><a name="_Toc441162456"></a><a
-name="_Toc416960097"></a><a name="_Toc437440615"></a><a name="_Toc395187851"></a><a
-name="_Toc391471213"></a><a name="_Toc370634500"></a><a name="_Toc234043810"></a><a
-name="_Toc228807271"></a><a name="_Toc228894739"></a><a name="_Toc76209575">2.17
-Double and Triple-length DES</a> CMAC</h2>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>74</span></i><i><span style='font-size:9.0pt'>, Double
-and Triple-length DES CMAC Mechanisms vs. Functions</span></i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=234 valign=top style='width:175.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-   </td>
-   <td width=336 colspan=7 valign=top style='width:3.5in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Functions</span></b></p>
-   </td>
-  </tr>
-  <tr>
-   <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Mechanism</span></b></p>
-   </td>
-   <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Encrypt</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Decrypt</span></b></p>
-   </td>
-   <td width=47 valign=top style='width:35.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Sign</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Verify</span></b></p>
-   </td>
-   <td width=35 valign=top style='width:26.5pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>SR</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>VR</span></b><sup><span lang=SV style='font-size:10.0pt;
-   font-family:"Arial",sans-serif'>1</span></sup></p>
-   </td>
-   <td width=47 valign=top style='width:35.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>Digest</span></b></p>
-   </td>
-   <td width=41 valign=top style='width:30.9pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Gen.</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> Key/</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Pair</span></b></p>
-   </td>
-   <td width=58 valign=top style='width:43.7pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Wrap</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Unwrap</span></b></p>
-   </td>
-   <td width=53 valign=top style='width:39.8pt;border-top:solid black 1.0pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Derive</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_DES3_CMAC_GENERAL</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_DES3_CMAC</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><sup>1</sup>
-<span class=MsoFootnoteReference>SR = SignRecover, VR = VerifyRecover.</span></p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<p class=MsoNormal>The following additional DES3 mechanisms have been added.</p>
-
-<h3><a name="_Toc441850535"></a><a name="_Toc441162457"></a><a
-name="_Toc416960098"></a><a name="_Toc437440616"></a><a name="_Toc395187852"></a><a
-name="_Toc391471214"></a><a name="_Toc370634501"></a><a name="_Toc76209576"></a><a
-name="_Toc234043811"></a><a name="_Toc228807272"></a><a name="_Toc228894740">2.17.1
-Definitions</a></h3>
-
-<p class=MsoNormal><span lang=DE>Mechanisms:</span></p>
-
-<p class=MsoNormal style='margin-left:.5in'><span lang=DE>CKM_</span><span
-lang=DE>DES3</span><span lang=DE>_CMAC_GENERAL           </span></p>
-
-<p class=MsoNormal style='margin-left:.5in'><span lang=DE>CKM_DES3_CMAC                  
-</span></p>
-
-<h3><a name="_Toc441850536"></a><a name="_Toc441162458"></a><a
-name="_Toc416960099"></a><a name="_Toc437440617"></a><a name="_Toc395187853"></a><a
-name="_Toc391471215"></a><a name="_Toc370634502"></a><a name="_Toc234043812"></a><a
-name="_Toc228807273"></a><a name="_Toc228894741">2.17.2 Mechanism parameters</a></h3>
-
-<p class=MsoNormal>CKM_DES3_CMAC_GENERAL uses the existing <b>CK_MAC_GENERAL_PARAMS
-</b>structure. <span lang=DE>CKM_DES3_CMAC does not use a mechanism parameter.</span></p>
-
-<h3><a name="_Toc441850537"></a><a name="_Toc441162459"></a><a
-name="_Toc416960100"></a><a name="_Toc437440618"></a><a name="_Toc395187854"></a><a
-name="_Toc391471216"></a><a name="_Toc370634503"></a><a name="_Toc234043813"></a><a
-name="_Toc228807274"></a><a name="_Toc228894742">2.17.3 General-length DES3-MAC</a></h3>
-
-<p class=MsoNormal>General-length DES3-CMAC, denoted <b>CKM_DES3_CMAC_GENERAL</b>,
-is a mechanism for single- and multiple-part signatures and verification with
-DES3 or DES2 keys, based on [NIST sp800-38b].</p>
-
-<p class=MsoNormal>It has a parameter, a <b>CK_MAC_GENERAL_PARAMS </b>structure,
-which specifies the output length desired from the mechanism.</p>
-
-<p class=MsoNormal>The output bytes from this mechanism are taken from the
-start of the final DES3 cipher block produced in the MACing process.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of data are
-summarized in the following table:</p>
-
-<p class=MsoCaption><a name="_Toc228807540">Table </a>75, General-length
-DES3-CMAC: Key And Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=85 valign=top style='width:63.8pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=102 valign=top style='width:76.3pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='text-align:justify;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=99 valign=top style='width:74.55pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Data length</span></b></p>
-   </td>
-   <td width=266 valign=top style='width:199.35pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Signature length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=85 valign=top style='width:63.8pt;border:solid black 1.0pt;
-  border-left:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>C_Sign</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.3pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>CKK_DES3<br>
-  CKK_DES2</span></p>
-  </td>
-  <td width=99 valign=top style='width:74.55pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=266 valign=top style='width:199.35pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>0-block size, as
-  specified in parameters</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=85 valign=top style='width:63.8pt;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Verify</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.3pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKK_DES3<br>
-  CKK_DES2</span></p>
-  </td>
-  <td width=99 valign=top style='width:74.55pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=266 valign=top style='width:199.35pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>0-block size, as
-  specified in parameters</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>Reference [NIST sp800-38b] recommends that the output MAC is
-not truncated to less than 64 bits (which means using the entire block for
-DES). The MAC length must be specified before the communication starts, and must
-not be changed during the lifetime of the key. It is the caller’s
-responsibility to follow these rules.</p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure are not used </p>
-
-<h3><a name="_Toc441850538"></a><a name="_Toc441162460"></a><a
-name="_Toc416960101"></a><a name="_Toc437440619"></a><a name="_Toc395187855"></a><a
-name="_Toc391471217"></a><a name="_Toc370634504"></a><a name="_Toc234043814"></a><a
-name="_Toc228807275"></a><a name="_Toc228894743">2.17.4 DES3-CMAC</a></h3>
-
-<p class=MsoNormal>DES3-CMAC, denoted <b>CKM_DES3_CMAC</b>, is a special case
-of the general-length DES3-CMAC mechanism. DES3-MAC always produces and
-verifies MACs that are a full block size in length, since the DES3 block length
-is the minimum output length recommended by [NIST sp800-38b].</p>
-
-<p class=MsoNormal>Constraints on key types and the length of data are
-summarized in the following table:</p>
-
-<p class=MsoCaption><a name="_Toc228807541">Table </a>76, DES3-CMAC: Key And
-Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=85 valign=top style='width:63.8pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=102 valign=top style='width:76.3pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='text-align:justify;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=99 valign=top style='width:74.55pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Data length</span></b></p>
-   </td>
-   <td width=266 valign=top style='width:199.35pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Signature length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=85 valign=top style='width:63.8pt;border:solid black 1.0pt;
-  border-left:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>C_Sign</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.3pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>CKK_DES3<br>
-  CKK_DES2</span></p>
-  </td>
-  <td width=99 valign=top style='width:74.55pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=266 valign=top style='width:199.35pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Block size (8 bytes)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=85 valign=top style='width:63.8pt;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Verify</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.3pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKK_DES3<br>
-  CKK_DES2</span></p>
-  </td>
-  <td width=99 valign=top style='width:74.55pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=266 valign=top style='width:199.35pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Block size (8 bytes)</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure are not used.</p>
-
-<h2><a name="_Toc441850539"></a><a name="_Toc441162461"></a><a
-name="_Toc416960102"></a><a name="_Toc437440620"></a><a name="_Toc395187856"></a><a
-name="_Toc391471218"></a><a name="_Toc370634505"></a><a name="_Toc228807276"></a><a
-name="_Toc228894744"><span lang=DE-CH>2.18 </span>SHA-1</a></h2>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>77</span></i><i><span style='font-size:9.0pt'>, SHA-1 Mechanisms
-vs. Functions</span></i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=234 valign=top style='width:175.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'><a name="_Toc405794903"></a><a
-   name="_Toc72656394"></a>
-   <p class=TableSmallFont align=left style='text-align:left'><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-   </td>
-   <td width=336 colspan=7 valign=top style='width:3.5in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Functions</span></b></p>
-   </td>
-  </tr>
-  <tr>
-   <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Mechanism</span></b></p>
-   </td>
-   <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Encrypt</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Decrypt</span></b></p>
-   </td>
-   <td width=47 valign=top style='width:35.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Sign</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Verify</span></b></p>
-   </td>
-   <td width=35 valign=top style='width:26.5pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>SR</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>VR</span></b><sup><span lang=SV style='font-size:10.0pt;
-   font-family:"Arial",sans-serif'>1</span></sup></p>
-   </td>
-   <td width=47 valign=top style='width:35.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>Digest</span></b></p>
-   </td>
-   <td width=41 valign=top style='width:30.9pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Gen.</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> Key/</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Pair</span></b></p>
-   </td>
-   <td width=58 valign=top style='width:43.7pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Wrap</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Unwrap</span></b></p>
-   </td>
-   <td width=53 valign=top style='width:39.8pt;border-top:solid black 1.0pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Derive</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SHA_1</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SHA_1_HMAC_GENERAL</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SHA_1_HMAC</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:8.0pt !msorm'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKM_SHA1_KEY_DERIVATION</span></span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-family:
-  "Calibri",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-family:
-  "Calibri",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-family:
-  "Calibri",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-family:
-  "Calibri",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-family:
-  "Calibri",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-family:
-  "Calibri",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-family:
-  Wingdings'>ü</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850540"></a><a name="_Toc441162462"></a><a
-name="_Toc416960103"></a><a name="_Toc437440621"></a><a name="_Toc395187857"></a><a
-name="_Toc391471219"></a><a name="_Toc370634506"></a><a name="_Toc228807277"></a><a
-name="_Toc228894745">2.18.1 Definitions</a></h3>
-
-<p class=MsoNormal>Mechanisms:</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SHA_1                      </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SHA_1_HMAC                 </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SHA_1_HMAC_GENERAL         </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SHA1_KEY_DERIVATION</p>
-
-<p class=MsoNormal style='text-indent:.5in'>CKK_SHA_1_HMAC</p>
-
-<p class=MsoNormal>        </p>
-
-<h3><a name="_Toc441850541"></a><a name="_Toc441162463"></a><a
-name="_Toc416960104"></a><a name="_Toc437440622"></a><a name="_Toc395187858"></a><a
-name="_Toc391471220"></a><a name="_Toc370634507"></a><a name="_Toc72656395"></a><a
-name="_Toc228807278"></a><a name="_Toc228894746">2.18.2 SHA-1</a> digest</h3>
-
-<p class=MsoNormal>The SHA-1 mechanism, denoted <b>CKM_SHA_1</b>, is a
-mechanism for message digesting, following the Secure Hash Algorithm with a
-160-bit message digest defined in FIPS PUB 180-2.</p>
-
-<p class=MsoNormal>It does not have a parameter.</p>
-
-<p class=MsoNormal>Constraints on the length of input and output data are
-summarized in the following table.  For single-part digesting, the data and the
-digest may begin at the same location in memory.</p>
-
-<p class=MsoCaption><a name="_Toc323204915"></a><a name="_Toc383864564"></a><a
-name="_Toc405795056"></a><a name="_Toc228807542">Table </a>78,
-SHA-1: Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=76 valign=top style='width:57.3pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=99 valign=top style='width:74.55pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=105 valign=top style='width:79.05pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Digest length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=76 valign=top style='width:57.3pt;border-top:1.0pt;border-left:
-  1.5pt;border-bottom:1.5pt;border-right:1.0pt;border-color:black;border-style:
-  solid;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Digest</span></p>
-  </td>
-  <td width=99 valign=top style='width:74.55pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=105 valign=top style='width:79.05pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>20</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc322855336"></a><a name="_Toc322945178"></a><a
-name="_Toc323000745"></a><a name="_Toc323024196"></a><a name="_Toc441850542"></a><a
-name="_Toc441162464"></a><a name="_Toc416960105"></a><a name="_Toc437440623"></a><a
-name="_Toc395187859"></a><a name="_Toc391471221"></a><a name="_Toc370634508"></a><a
-name="_Ref384785246"></a><a name="_Toc405794904"></a><a name="_Toc72656396"></a><a
-name="_Toc228807279"></a><a name="_Toc228894747">2.18.3 General-length
-SHA-1-HMAC</a></h3>
-
-<p class=MsoNormal>The general-length SHA-1-HMAC mechanism, denoted <b>CKM_SHA_1_HMAC_GENERAL</b>,
-is a mechanism for signatures and verification.  It uses the HMAC construction,
-based on the SHA-1 hash function.  The keys it uses are generic secret keys and
-CKK_SHA_1_HMAC.</p>
-
-<p class=MsoNormal>It has a parameter, a <b>CK_MAC_GENERAL_PARAMS</b>, which
-holds the length in bytes of the desired output.  This length should be in the
-range 0-20 (the output size of SHA-1 is 20 bytes).  Signatures (MACs) produced
-by this mechanism will be taken from the start of the full 20-byte HMAC output.</p>
-
-<p class=MsoCaption><a name="_Toc405795057"></a><a name="_Toc228807543">Table </a>79, General-length SHA-1-HMAC: Key And Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=102 valign=top style='width:76.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=108 valign=top style='width:81.0pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=93 valign=top style='width:69.45pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Data length</span></b></p>
-   </td>
-   <td width=225 valign=top style='width:169.05pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Signature length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=102 valign=top style='width:76.5pt;border:solid black 1.0pt;
-  border-left:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Sign</span></p>
-  </td>
-  <td width=108 valign=top style='width:81.0pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>generic secret</span></p>
-  </td>
-  <td width=93 valign=top style='width:69.45pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=225 valign=top style='width:169.05pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>0-20, depending on
-  parameters</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Verify</span></p>
-  </td>
-  <td width=108 valign=top style='width:81.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>generic secret</span></p>
-  </td>
-  <td width=93 valign=top style='width:69.45pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=225 valign=top style='width:169.05pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>0-20, depending on
-  parameters</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850543"></a><a name="_Toc441162465"></a><a
-name="_Toc416960106"></a><a name="_Toc437440624"></a><a name="_Toc395187860"></a><a
-name="_Toc391471222"></a><a name="_Toc370634509"></a><a name="_Toc405794905"></a><a
-name="_Toc72656397"></a><a name="_Toc228807280"></a><a name="_Toc228894748">2.18.4
-SHA-1-HMAC</a></h3>
-
-<p class=MsoNormal>The SHA-1-HMAC mechanism, denoted <b>CKM_SHA_1_HMAC</b>, is
-a special case of the general-length SHA-1-HMAC mechanism in Section 2.18.3.</p>
-
-<p class=MsoNormal>It has no parameter, and always produces an output of length
-20.</p>
-
-<h3><a name="_Toc441850544"></a><a name="_Toc441162466"></a><a
-name="_Toc416960107"></a><a name="_Toc437440625"></a><a name="_Toc395187861"></a><a
-name="_Toc391471223"></a><a name="_Toc370634510"></a><a name="_Toc405794906"></a><a
-name="_Ref47495546"></a><a name="_Ref47931671"></a><a name="_Toc72656398"></a><a
-name="_Toc228807281"></a><a name="_Toc228894749">2.18.5 SHA-1 key derivation</a></h3>
-
-<p class=MsoNormal>SHA-1 key derivation, denoted <b>CKM_SHA1_KEY_DERIVATION</b>,
-is a mechanism which provides the capability of deriving a secret key by
-digesting the value of another secret key with SHA-1. </p>
-
-<p class=MsoNormal>The value of the base key is digested once, and the result
-is used to make the value of derived secret key.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If no length or key type is provided in the template, then the
-key produced by this mechanism will be a generic secret key.  Its length will
-be 20 bytes (the output size of SHA-1).</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If no key type is provided in the template, but a length is, then
-the key produced by this mechanism will be a generic secret key of the specified
-length.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If no length was provided in the template, but a key type is,
-then that key type must have a well-defined length.  If it does, then the key
-produced by this mechanism will be of the type specified in the template.  If
-it doesn’t, an error will be returned.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If both a key type and a length are provided in the template, the
-length must be compatible with that key type.  The key produced by this
-mechanism will be of the specified type and length.</p>
-
-<p class=MsoNormal>If a DES, DES2, or CDMF key is derived with this mechanism,
-the parity bits of the key will be set properly.</p>
-
-<p class=MsoNormal>If the requested type of key requires more than 20 bytes,
-such as DES3, an error is generated.</p>
-
-<p class=MsoNormal>This mechanism has the following rules about key sensitivity
-and extractability:</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>The <b>CKA_SENSITIVE</b> and <b>CKA_EXTRACTABLE</b> attributes in
-the template for the new key can both be specified to be either CK_TRUE or
-CK_FALSE.  If omitted, these attributes each take on some default value.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If the base key has its <b>CKA_ALWAYS_SENSITIVE</b> attribute set
-to CK_FALSE, then the derived key will as well.  If the base key has its <b>CKA_ALWAYS_SENSITIVE</b>
-attribute set to CK_TRUE, then the derived key has its <b>CKA_ALWAYS_SENSITIVE</b>
-attribute set to the same value as its <b>CKA_SENSITIVE</b> attribute.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>Similarly, if the base key has its <b>CKA_NEVER_EXTRACTABLE</b>
-attribute set to CK_FALSE, then the derived key will, too.  If the base key has
-its <b>CKA_NEVER_EXTRACTABLE</b> attribute set to CK_TRUE, then the derived key
-has its <b>CKA_NEVER_EXTRACTABLE</b> attribute set to the <i>opposite</i> value
-from its <b>CKA_EXTRACTABLE</b> attribute.</p>
-
-<h2><a name="_Toc405794907"></a><a name="_Toc72656399"></a><a
-name="_Toc441850545"></a><a name="_Toc441162467"></a><a name="_Toc416960108"></a><a
-name="_Toc437440626"></a><a name="_Toc395187862"></a><a name="_Toc391471224"></a><a
-name="_Toc370634511"></a><a name="_Toc151796111"></a><a name="_Toc228807282"></a><a
-name="_Toc228894750"><span lang=DE-CH>2.19 </span>SHA-224</a></h2>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>80</span></i><i><span style='font-size:9.0pt'>, SHA-224
-Mechanisms vs. Functions</span></i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0 width=570
- style='width:427.5pt;margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=234 valign=top style='width:175.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'><a name="_Toc151796112"></a>
-   <p class=TableSmallFont align=left style='text-align:left'><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-   </td>
-   <td width=336 colspan=7 valign=top style='width:3.5in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Functions</span></b></p>
-   </td>
-  </tr>
-  <tr>
-   <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Mechanism</span></b></p>
-   </td>
-   <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Encrypt</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Decrypt</span></b></p>
-   </td>
-   <td width=47 valign=top style='width:35.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Sign</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Verify</span></b></p>
-   </td>
-   <td width=35 valign=top style='width:26.5pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>SR</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>VR</span></b><sup><span lang=SV style='font-size:10.0pt;
-   font-family:"Arial",sans-serif'>1</span></sup></p>
-   </td>
-   <td width=47 valign=top style='width:35.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>Digest</span></b></p>
-   </td>
-   <td width=41 valign=top style='width:30.9pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Gen.</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> Key/</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Pair</span></b></p>
-   </td>
-   <td width=58 valign=top style='width:43.7pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Wrap</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Unwrap</span></b></p>
-   </td>
-   <td width=53 valign=top style='width:39.8pt;border-top:solid black 1.0pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Derive</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SHA224</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont><span style='font-size:10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SHA224_HMAC</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SHA224_HMAC_GENERAL</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SHA224_RSA_PKCS</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SHA224_RSA_PKCS_PSS</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SHA224_KEY_DERIVATION</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850546"></a><a name="_Toc441162468"></a><a
-name="_Toc416960109"></a><a name="_Toc437440627"></a><a name="_Toc395187863"></a><a
-name="_Toc391471225"></a><a name="_Toc370634512"></a><a name="_Toc228807283"></a><a
-name="_Toc228894751">2.19.1 Definitions</a></h3>
-
-<p class=MsoNormal>Mechanisms:</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SHA224                     </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SHA224_HMAC                </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SHA224_HMAC_GENERAL        </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SHA224_KEY_DERIVATION      </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKK_SHA224_HMAC</p>
-
-<h3><a name="_Toc441850547"></a><a name="_Toc441162469"></a><a
-name="_Toc416960110"></a><a name="_Toc437440628"></a><a name="_Toc395187864"></a><a
-name="_Toc391471226"></a><a name="_Toc370634513"></a><a name="_Toc151796113"></a><a
-name="_Toc228807284"></a><a name="_Toc228894752">2.19.2 SHA-224 digest</a></h3>
-
-<p class=MsoNormal>The SHA-224 mechanism, denoted <b>CKM_SHA224</b>, is a
-mechanism for message digesting, following the Secure Hash Algorithm with a
-224-bit message digest defined in 0.</p>
-
-<p class=MsoNormal>It does not have a parameter.</p>
-
-<p class=MsoNormal>Constraints on the length of input and output data are
-summarized in the following table.  For single-part digesting, the data and the
-digest may begin at the same location in memory.</p>
-
-<p class=MsoCaption><a name="_Toc151796152"></a><a name="_Toc228807544">Table </a>81, SHA-224: Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=84 valign=top style='width:63.0pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=92 valign=top style='width:68.85pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=105 valign=top style='width:79.05pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Digest length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=84 valign=top style='width:63.0pt;border-top:1.0pt;border-left:
-  1.5pt;border-bottom:1.5pt;border-right:1.0pt;border-color:black;border-style:
-  solid;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-family:"Arial",sans-serif'>C_Digest</span></p>
-  </td>
-  <td width=92 valign=top style='width:68.85pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=105 valign=top style='width:79.05pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-family:"Arial",sans-serif'>28</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850548"></a><a name="_Toc441162470"></a><a
-name="_Toc416960111"></a><a name="_Toc437440629"></a><a name="_Toc395187865"></a><a
-name="_Toc391471227"></a><a name="_Toc370634514"></a><a name="_Toc151796114"></a><a
-name="_Toc228807285"></a><a name="_Toc228894753">2.19.3 General-length
-SHA-224-HMAC</a></h3>
-
-<p class=MsoNormal>The general-length SHA-224-HMAC mechanism, denoted <b>CKM_SHA224_HMAC_GENERAL</b>,
-is the same as the general-length SHA-1-HMAC mechanism except that it uses the
-HMAC construction based on the SHA-224 hash function and length of the output
-should be in the range 0-28. The keys it uses are generic secret keys and
-CKK_SHA224_HMAC. FIPS-198 compliant tokens may require the key length to be at
-least 14 bytes; that is, half the size of the SHA-224 hash output.</p>
-
-<p class=MsoNormal>It has a parameter, a <b>CK_MAC_GENERAL_PARAMS</b>, which
-holds the length in bytes of the desired output. This length should be in the
-range 0-28 (the output size of SHA-224 is 28 bytes). FIPS-198 compliant tokens
-may constrain the output length to be at least 4 or 14 (half the maximum
-length). Signatures (MACs) produced by this mechanism will be taken from the
-start of the full 28-byte HMAC output.</p>
-
-<p class=MsoCaption><a name="_Toc151796153"></a><a name="_Toc228807545">Table </a><span style='font-style:normal'>82</span>, General-length SHA-224-HMAC: Key And Data
-Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=102 valign=top style='width:76.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=108 valign=top style='width:81.0pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=93 valign=top style='width:69.45pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Data length</span></b></p>
-   </td>
-   <td width=225 valign=top style='width:169.05pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Signature length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=102 valign=top style='width:76.5pt;border:solid black 1.0pt;
-  border-left:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Sign</span></p>
-  </td>
-  <td width=108 valign=top style='width:81.0pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>generic secret</span></p>
-  </td>
-  <td width=93 valign=top style='width:69.45pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Any</span></p>
-  </td>
-  <td width=225 valign=top style='width:169.05pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>0-28, depending on
-  parameters</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Verify</span></p>
-  </td>
-  <td width=108 valign=top style='width:81.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>generic secret</span></p>
-  </td>
-  <td width=93 valign=top style='width:69.45pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Any</span></p>
-  </td>
-  <td width=225 valign=top style='width:169.05pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>0-28, depending on
-  parameters</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850549"></a><a name="_Toc441162471"></a><a
-name="_Toc416960112"></a><a name="_Toc437440630"></a><a name="_Toc395187866"></a><a
-name="_Toc391471228"></a><a name="_Toc370634515"></a><a name="_Toc151796115"></a><a
-name="_Toc228807286"></a><a name="_Toc228894754">2.19.4 SHA-224-HMAC</a></h3>
-
-<p class=MsoNormal>The SHA-224-HMAC mechanism, denoted <b>CKM_SHA224_HMAC</b>,
-is a special case of the general-length SHA-224-HMAC mechanism.</p>
-
-<p class=MsoNormal>It has no parameter, and always produces an output of length
-28.</p>
-
-<h3><a name="_Toc441850550"></a><a name="_Toc441162472"></a><a
-name="_Toc416960113"></a><a name="_Toc437440631"></a><a name="_Toc395187867"></a><a
-name="_Toc391471229"></a><a name="_Toc370634516"></a><a name="_Toc151796116"></a><a
-name="_Toc228807287"></a><a name="_Toc228894755">2.19.5 SHA-224 key derivation</a></h3>
-
-<p class=MsoNormal>SHA-224 key derivation, denoted <b>CKM_SHA224_KEY_DERIVATION</b>,
-is the same as the SHA-1 key derivation mechanism in Section 12.21.5 except
-that it uses the SHA-224 hash function and the relevant length is 28 bytes. </p>
-
-<h2><a name="_Toc441850551"></a><a name="_Toc441162473"></a><a
-name="_Toc416960114"></a><a name="_Toc437440632"></a><a name="_Toc395187868"></a><a
-name="_Toc391471230"></a><a name="_Toc370634517"></a><a name="_Toc228807288"></a><a
-name="_Toc228894756"><span lang=DE-CH>2.20 </span>SHA-256</a></h2>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>83</span></i><i><span style='font-size:9.0pt'>, SHA-256
-Mechanisms vs. Functions</span></i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=234 valign=top style='width:175.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'><a name="_Toc72656400"></a>
-   <p class=TableSmallFont align=left style='text-align:left'><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-   </td>
-   <td width=336 colspan=7 valign=top style='width:3.5in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Functions</span></b></p>
-   </td>
-  </tr>
-  <tr>
-   <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Mechanism</span></b></p>
-   </td>
-   <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Encrypt</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Decrypt</span></b></p>
-   </td>
-   <td width=47 valign=top style='width:35.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Sign</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Verify</span></b></p>
-   </td>
-   <td width=35 valign=top style='width:26.5pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>SR</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>VR</span></b><sup><span lang=SV style='font-size:10.0pt;
-   font-family:"Arial",sans-serif'>1</span></sup></p>
-   </td>
-   <td width=47 valign=top style='width:35.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>Digest</span></b></p>
-   </td>
-   <td width=41 valign=top style='width:30.9pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Gen.</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> Key/</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Pair</span></b></p>
-   </td>
-   <td width=58 valign=top style='width:43.7pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Wrap</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Unwrap</span></b></p>
-   </td>
-   <td width=53 valign=top style='width:39.8pt;border-top:solid black 1.0pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Derive</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SHA256</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SHA256_HMAC_GENERAL</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SHA256_HMAC</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SHA256_KEY_DERIVATION</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850552"></a><a name="_Toc441162474"></a><a
-name="_Toc416960115"></a><a name="_Toc437440633"></a><a name="_Toc395187869"></a><a
-name="_Toc391471231"></a><a name="_Toc370634518"></a><a name="_Toc228807289"></a><a
-name="_Toc228894757">2.20.1 Definitions</a></h3>
-
-<p class=MsoNormal>Mechanisms:</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SHA256                     </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SHA256_HMAC                </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SHA256_HMAC_GENERAL        </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SHA256_KEY_DERIVATION</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKK_SHA256_HMAC      </p>
-
-<h3><a name="_Toc441850553"></a><a name="_Toc441162475"></a><a
-name="_Toc416960116"></a><a name="_Toc437440634"></a><a name="_Toc395187870"></a><a
-name="_Toc391471232"></a><a name="_Toc370634519"></a><a name="_Toc72656401"></a><a
-name="_Toc228807290"></a><a name="_Toc228894758">2.20.2 SHA-256 digest</a></h3>
-
-<p class=MsoNormal>The SHA-256 mechanism, denoted <b>CKM_SHA256</b>, is a
-mechanism for message digesting, following the Secure Hash Algorithm with a
-256-bit message digest defined in FIPS PUB 180-2.</p>
-
-<p class=MsoNormal>It does not have a parameter.</p>
-
-<p class=MsoNormal>Constraints on the length of input and output data are
-summarized in the following table.  For single-part digesting, the data and the
-digest may begin at the same location in memory.</p>
-
-<p class=MsoCaption><a name="_Toc228807546">Table </a>84, SHA-256: Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=76 valign=top style='width:57.3pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=99 valign=top style='width:74.55pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=105 valign=top style='width:79.05pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Digest length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=76 valign=top style='width:57.3pt;border-top:1.0pt;border-left:
-  1.5pt;border-bottom:1.5pt;border-right:1.0pt;border-color:black;border-style:
-  solid;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Digest</span></p>
-  </td>
-  <td width=99 valign=top style='width:74.55pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=105 valign=top style='width:79.05pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>32</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850554"></a><a name="_Toc441162476"></a><a
-name="_Toc416960117"></a><a name="_Toc437440635"></a><a name="_Toc395187871"></a><a
-name="_Toc391471233"></a><a name="_Toc370634520"></a><a name="_Ref47495209"></a><a
-name="_Toc72656402"></a><a name="_Toc228807291"></a><a name="_Toc228894759">2.20.3
-General-length SHA-256-HMAC</a></h3>
-
-<p class=MsoNormal>The general-length SHA-256-HMAC mechanism, denoted <b>CKM_SHA256_HMAC_GENERAL</b>,
-is the same as the general-length SHA-1-HMAC mechanism in Section 2.18.3, except that it uses the HMAC construction based on the SHA-256 hash function
-and length of the output should be in the range 0-32. The keys it uses are
-generic secret keys and CKK_SHA256_HMAC. FIPS-198 compliant tokens may require
-the key length to be at least 16 bytes; that is, half the size of the SHA-256
-hash output.</p>
-
-<p class=MsoNormal>It has a parameter, a <tt><b><span style='font-family:"Arial",sans-serif'>CK_MAC_GENERAL_PARAMS</span></b></tt>,
-which holds the length in bytes of the desired output. This length should be in
-the range 0-32 (the output size of SHA-256 is 32 bytes). FIPS-198 compliant
-tokens may constrain the output length to be at least 4 or 16 (half the maximum
-length). Signatures (MACs) produced by this mechanism will be taken from the
-start of the full 32-byte HMAC output.</p>
-
-<p class=MsoCaption><a name="_Toc228807547">Table </a>85, General-length
-SHA-256-HMAC: Key And Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=102 valign=top style='width:76.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=108 valign=top style='width:81.0pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=93 valign=top style='width:69.45pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Data length</span></b></p>
-   </td>
-   <td width=225 valign=top style='width:169.05pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Signature length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=102 valign=top style='width:76.5pt;border:solid black 1.0pt;
-  border-left:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Sign</span></p>
-  </td>
-  <td width=108 valign=top style='width:81.0pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>generic secret</span></p>
-  </td>
-  <td width=93 valign=top style='width:69.45pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Any</span></p>
-  </td>
-  <td width=225 valign=top style='width:169.05pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>0-32, depending on
-  parameters</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Verify</span></p>
-  </td>
-  <td width=108 valign=top style='width:81.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>generic secret</span></p>
-  </td>
-  <td width=93 valign=top style='width:69.45pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Any</span></p>
-  </td>
-  <td width=225 valign=top style='width:169.05pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>0-32, depending on
-  parameters</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850555"></a><a name="_Toc441162477"></a><a
-name="_Toc416960118"></a><a name="_Toc437440636"></a><a name="_Toc395187872"></a><a
-name="_Toc391471234"></a><a name="_Toc370634521"></a><a name="_Toc72656403"></a><a
-name="_Toc228807292"></a><a name="_Toc228894760">2.20.4 SHA-256-HMAC</a></h3>
-
-<p class=MsoNormal>The SHA-256-HMAC mechanism, denoted <b>CKM_SHA256_HMAC</b>,
-is a special case of the general-length SHA-256-HMAC mechanism in Section 2.20.3.</p>
-
-<p class=MsoNormal>It has no parameter, and always produces an output of length
-32.</p>
-
-<h3><a name="_Toc441850556"></a><a name="_Toc441162478"></a><a
-name="_Toc416960119"></a><a name="_Toc437440637"></a><a name="_Toc395187873"></a><a
-name="_Toc391471235"></a><a name="_Toc370634522"></a><a name="_Toc72656404"></a><a
-name="_Toc228807293"></a><a name="_Toc228894761">2.20.5 SHA-256 key derivation</a></h3>
-
-<p class=MsoNormal>SHA-256 key derivation, denoted CKM_SHA256_KEY_DERIVATION,
-is the same as the SHA-1 key derivation mechanism in Section 2.18.5,
-except that it uses the SHA-256 hash function and the relevant length is 32
-bytes. </p>
-
-<h2><a name="_Toc441850557"></a><a name="_Toc441162479"></a><a
-name="_Toc416960120"></a><a name="_Toc437440638"></a><a name="_Toc395187874"></a><a
-name="_Toc391471236"></a><a name="_Toc370634523"></a><a name="_Toc72656405"></a><a
-name="_Toc228807294"></a><a name="_Toc228894762"><span lang=DE-CH>2.21 </span>SHA-384</a></h2>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>86</span></i><i><span style='font-size:9.0pt'>, SHA-384 Mechanisms
-vs. Functions</span></i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=234 valign=top style='width:175.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'><a name="_Toc72656406"></a>
-   <p class=TableSmallFont align=left style='text-align:left'><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-   </td>
-   <td width=336 colspan=7 valign=top style='width:3.5in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Functions</span></b></p>
-   </td>
-  </tr>
-  <tr>
-   <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Mechanism</span></b></p>
-   </td>
-   <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Encrypt</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Decrypt</span></b></p>
-   </td>
-   <td width=47 valign=top style='width:35.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Sign</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Verify</span></b></p>
-   </td>
-   <td width=35 valign=top style='width:26.5pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>SR</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>VR</span></b><sup><span lang=SV style='font-size:10.0pt;
-   font-family:"Arial",sans-serif'>1</span></sup></p>
-   </td>
-   <td width=47 valign=top style='width:35.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>Digest</span></b></p>
-   </td>
-   <td width=41 valign=top style='width:30.9pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Gen.</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> Key/</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Pair</span></b></p>
-   </td>
-   <td width=58 valign=top style='width:43.7pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Wrap</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Unwrap</span></b></p>
-   </td>
-   <td width=53 valign=top style='width:39.8pt;border-top:solid black 1.0pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Derive</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SHA384</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SHA384_HMAC_GENERAL</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SHA384_HMAC</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SHA384_KEY_DERIVATION</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850558"></a><a name="_Toc441162480"></a><a
-name="_Toc416960121"></a><a name="_Toc437440639"></a><a name="_Toc395187875"></a><a
-name="_Toc391471237"></a><a name="_Toc370634524"></a><a name="_Toc228807295"></a><a
-name="_Toc228894763">2.21.1 Definitions</a></h3>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SHA384                     </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SHA384_HMAC                </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SHA384_HMAC_GENERAL        </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SHA384_KEY_DERIVATION</p>
-
-<p class=MsoNormal style='margin-left:.5in'>&nbsp;</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKK_SHA384_HMAC      </p>
-
-<h3><a name="_Toc441850559"></a><a name="_Toc441162481"></a><a
-name="_Toc416960122"></a><a name="_Toc437440640"></a><a name="_Toc395187876"></a><a
-name="_Toc391471238"></a><a name="_Toc370634525"></a><a name="_Toc72656407"></a><a
-name="_Toc228807296"></a><a name="_Toc228894764">2.21.2 SHA-384 digest</a></h3>
-
-<p class=MsoNormal>The SHA-384 mechanism, denoted <b>CKM_SHA384</b>, is a mechanism
-for message digesting, following the Secure Hash Algorithm with a 384-bit
-message digest defined in FIPS PUB 180-2.</p>
-
-<p class=MsoNormal>It does not have a parameter.</p>
-
-<p class=MsoNormal>Constraints on the length of input and output data are
-summarized in the following table.  For single-part digesting, the data and the
-digest may begin at the same location in memory.</p>
-
-<p class=MsoCaption><a name="_Toc228807548">Table </a><span
-style='font-style:normal'>87</span>, SHA-384: Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=76 valign=top style='width:57.3pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=99 valign=top style='width:74.55pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=105 valign=top style='width:79.05pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Digest length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=76 valign=top style='width:57.3pt;border-top:1.0pt;border-left:
-  1.5pt;border-bottom:1.5pt;border-right:1.0pt;border-color:black;border-style:
-  solid;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Digest</span></p>
-  </td>
-  <td width=99 valign=top style='width:74.55pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=105 valign=top style='width:79.05pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>48</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850560"></a><a name="_Toc441162482"></a><a
-name="_Toc416960123"></a><a name="_Toc437440641"></a><a name="_Toc395187877"></a><a
-name="_Toc391471239"></a><a name="_Toc370634526"></a><a name="_Toc72656408"></a><a
-name="_Toc228807297"></a><a name="_Toc228894765">2.21.3 General-length
-SHA-384-HMAC</a></h3>
-
-<p class=MsoNormal>The general-length SHA-384-HMAC mechanism, denoted <b>CKM_SHA384_HMAC_GENERAL</b>,
-is the same as the general-length SHA-1-HMAC mechanism in Section 2.18.3, except that it uses the HMAC construction based on the SHA-384 hash function
-and length of the output should be in the range 0-48.</p>
-
-<h3><a name="_Toc441850561"></a><a name="_Toc441162483"></a><a
-name="_Toc416960124"></a><a name="_Toc437440642"></a><a name="_Toc395187878"></a><a
-name="_Toc391471240"></a><a name="_Toc370634527"></a><a name="_Toc72656409"></a><a
-name="_Toc228807298"></a><a name="_Toc228894766">2.21.4 SHA-384-HMAC</a></h3>
-
-<p class=MsoNormal>The SHA-384-HMAC mechanism, denoted <b>CKM_SHA384_HMAC</b>,
-is a special case of the general-length SHA-384-HMAC mechanism.</p>
-
-<p class=MsoNormal>It has no parameter, and always produces an output of length
-48.</p>
-
-<h3><a name="_Toc441850562"></a><a name="_Toc441162484"></a><a
-name="_Toc416960125"></a><a name="_Toc437440643"></a><a name="_Toc395187879"></a><a
-name="_Toc391471241"></a><a name="_Toc370634528"></a><a name="_Toc72656410"></a><a
-name="_Toc228807299"></a><a name="_Toc228894767">2.21.5 SHA-384 key derivation</a></h3>
-
-<p class=MsoNormal>SHA-384 key derivation, denoted <b>CKM_SHA384_KEY_DERIVATION</b>,
-is the same as the SHA-1 key derivation mechanism in Section 2.18.5,
-except that it uses the SHA-384 hash function and the relevant length is 48
-bytes. </p>
-
-<h2><a name="_Toc441850563"></a><a name="_Toc441162485"></a><a
-name="_Toc416960126"></a><a name="_Toc437440644"></a><a name="_Toc395187880"></a><a
-name="_Toc391471242"></a><a name="_Toc370634529"></a><a name="_Toc72656411"></a><a
-name="_Toc228807300"></a><a name="_Toc228894768"><span lang=DE-CH>2.22 </span>SHA-512</a></h2>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>88</span></i><i><span style='font-size:9.0pt'>, SHA-512
-Mechanisms vs. Functions</span></i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=234 valign=top style='width:175.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'><a name="_Toc72656412"></a>
-   <p class=TableSmallFont align=left style='text-align:left'><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-   </td>
-   <td width=336 colspan=7 valign=top style='width:3.5in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Functions</span></b></p>
-   </td>
-  </tr>
-  <tr>
-   <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Mechanism</span></b></p>
-   </td>
-   <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Encrypt</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Decrypt</span></b></p>
-   </td>
-   <td width=47 valign=top style='width:35.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Sign</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Verify</span></b></p>
-   </td>
-   <td width=35 valign=top style='width:26.5pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>SR</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>VR</span></b><sup><span lang=SV style='font-size:10.0pt;
-   font-family:"Arial",sans-serif'>1</span></sup></p>
-   </td>
-   <td width=47 valign=top style='width:35.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>Digest</span></b></p>
-   </td>
-   <td width=41 valign=top style='width:30.9pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Gen.</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> Key/</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Pair</span></b></p>
-   </td>
-   <td width=58 valign=top style='width:43.7pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Wrap</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Unwrap</span></b></p>
-   </td>
-   <td width=53 valign=top style='width:39.8pt;border-top:solid black 1.0pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Derive</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SHA512</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SHA512_HMAC_GENERAL</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SHA512_HMAC</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SHA512_KEY_DERIVATION</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850564"></a><a name="_Toc441162486"></a><a
-name="_Toc416960127"></a><a name="_Toc437440645"></a><a name="_Toc395187881"></a><a
-name="_Toc391471243"></a><a name="_Toc370634530"></a><a name="_Toc228807301"></a><a
-name="_Toc228894769">2.22.1 Definitions</a></h3>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SHA512                     </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SHA512_HMAC                </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SHA512_HMAC_GENERAL        </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SHA512_KEY_DERIVATION</p>
-
-<p class=MsoNormal style='margin-left:.5in'>&nbsp;</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKK_SHA512_HMAC      </p>
-
-<h3><a name="_Toc441850565"></a><a name="_Toc441162487"></a><a
-name="_Toc416960128"></a><a name="_Toc437440646"></a><a name="_Toc395187882"></a><a
-name="_Toc391471244"></a><a name="_Toc370634531"></a><a name="_Toc72656413"></a><a
-name="_Toc228807302"></a><a name="_Toc228894770">2.22.2 SHA-512 digest</a></h3>
-
-<p class=MsoNormal>The SHA-512 mechanism, denoted <b>CKM_SHA512</b>, is a
-mechanism for message digesting, following the Secure Hash Algorithm with a
-512-bit message digest defined in FIPS PUB 180-2.</p>
-
-<p class=MsoNormal>It does not have a parameter.</p>
-
-<p class=MsoNormal>Constraints on the length of input and output data are
-summarized in the following table.  For single-part digesting, the data and the
-digest may begin at the same location in memory.</p>
-
-<p class=MsoCaption><a name="_Toc228807549">Table </a>89, SHA-512: Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=76 valign=top style='width:57.3pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=99 valign=top style='width:74.55pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=105 valign=top style='width:79.05pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Digest length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=76 valign=top style='width:57.3pt;border-top:1.0pt;border-left:
-  1.5pt;border-bottom:1.5pt;border-right:1.0pt;border-color:black;border-style:
-  solid;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Digest</span></p>
-  </td>
-  <td width=99 valign=top style='width:74.55pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=105 valign=top style='width:79.05pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>64</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850566"></a><a name="_Toc441162488"></a><a
-name="_Toc416960129"></a><a name="_Toc437440647"></a><a name="_Toc395187883"></a><a
-name="_Toc391471245"></a><a name="_Toc370634532"></a><a name="_Toc72656414"></a><a
-name="_Toc228807303"></a><a name="_Toc228894771">2.22.3 General-length
-SHA-512-HMAC</a></h3>
-
-<p class=MsoNormal>The general-length SHA-512-HMAC mechanism, denoted <b>CKM_SHA512_HMAC_GENERAL</b>,
-is the same as the general-length SHA-1-HMAC mechanism in Section 2.18.3, except that it uses the HMAC construction based on the SHA-512 hash function
-and length of the output should be in the range 0-64.</p>
-
-<h3><a name="_Toc441850567"></a><a name="_Toc441162489"></a><a
-name="_Toc416960130"></a><a name="_Toc437440648"></a><a name="_Toc395187884"></a><a
-name="_Toc391471246"></a><a name="_Toc370634533"></a><a name="_Toc72656415"></a><a
-name="_Toc228807304"></a><a name="_Toc228894772">2.22.4 SHA-512-HMAC</a></h3>
-
-<p class=MsoNormal>The SHA-512-HMAC mechanism, denoted <b>CKM_SHA512_HMAC</b>,
-is a special case of the general-length SHA-512-HMAC mechanism.</p>
-
-<p class=MsoNormal>It has no parameter, and always produces an output of length
-64.</p>
-
-<h3><a name="_Toc441850568"></a><a name="_Toc441162490"></a><a
-name="_Toc416960131"></a><a name="_Toc437440649"></a><a name="_Toc395187885"></a><a
-name="_Toc391471247"></a><a name="_Toc370634534"></a><a name="_Toc72656416"></a><a
-name="_Toc228807305"></a><a name="_Toc228894773">2.22.5 SHA-512 key derivation</a></h3>
-
-<p class=MsoNormal>SHA-512 key derivation, denoted <b>CKM_SHA512_KEY_DERIVATION</b>,
-is the same as the SHA-1 key derivation mechanism in Section 2.18.5,
-except that it uses the SHA-512 hash function and the relevant length is 64
-bytes. </p>
-
-<h2><span lang=DE-CH>2.23 </span> <a name="_Toc441850569"></a><a
-name="_Toc441162491"></a><a name="_Toc416960132"></a><a name="_Toc437440650"></a><a
-name="_Toc395187886"></a><a name="_Toc391471248"></a><a name="_Toc370634535">SHA-512/224</a></h2>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>90</span></i><i><span style='font-size:9.0pt'>, SHA-512/224
-Mechanisms vs. Functions</span></i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='border-collapse:collapse;border:none'>
- <tr>
-  <td width=254 rowspan=2 valign=top style='width:190.35pt;border:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left'><b><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-  <p class=TableSmallFont align=left style='text-align:left'><b><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Mechanism</span></b></p>
-  </td>
-  <td width=371 colspan=7 valign=top style='width:278.35pt;border:solid windowtext 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Functions</span></b></p>
-  </td>
- </tr>
- <tr>
-  <td width=64 valign=top style='width:48.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Encrypt</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Decrypt</span></b></p>
-  </td>
-  <td width=51 valign=top style='width:38.6pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Sign</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Verify</span></b></p>
-  </td>
-  <td width=38 valign=top style='width:28.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>SR</span></b></p>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>VR</span></b><sup><span lang=SV style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>1</span></sup></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>&nbsp;</span></b></p>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>Digest</span></b></p>
-  </td>
-  <td width=44 valign=top style='width:33.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Gen.</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> Key/</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Pair</span></b></p>
-  </td>
-  <td width=63 valign=top style='width:47.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Wrap</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Unwrap</span></b></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Derive</span></b></p>
-  </td>
- </tr>
- <tr>
-  <td width=254 valign=top style='width:190.35pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SHA512_224</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=51 valign=top style='width:38.6pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=38 valign=top style='width:28.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=44 valign=top style='width:33.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=254 valign=top style='width:190.35pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SHA512_224_HMAC_GENERAL</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=51 valign=top style='width:38.6pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=38 valign=top style='width:28.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=44 valign=top style='width:33.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=254 valign=top style='width:190.35pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SHA512_224_HMAC</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=51 valign=top style='width:38.6pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=38 valign=top style='width:28.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=44 valign=top style='width:33.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=254 valign=top style='width:190.35pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SHA512_224_KEY_DERIVATION</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=51 valign=top style='width:38.6pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=38 valign=top style='width:28.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=44 valign=top style='width:33.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850570"></a><a name="_Toc441162492"></a><a
-name="_Toc416960133"></a><a name="_Toc437440651"></a><a name="_Toc395187887"></a><a
-name="_Toc391471249"></a><a name="_Toc370634536">2.23.1 Definitions</a></h3>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SHA512_224                     </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SHA512_224_HMAC                </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SHA512_224_HMAC_GENERAL        </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SHA512_224_KEY_DERIVATION</p>
-
-<p class=MsoNormal style='margin-left:.5in'>&nbsp;</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKK_SHA512_224_HMAC      </p>
-
-<h3><a name="_Toc441850571"></a><a name="_Toc441162493"></a><a
-name="_Toc416960134"></a><a name="_Toc437440652"></a><a name="_Toc395187888"></a><a
-name="_Toc391471250"></a><a name="_Toc370634537">2.23.2 SHA-512/224 digest</a></h3>
-
-<p class=MsoNormal>The SHA-512/224 mechanism, denoted <b>CKM_SHA512_224</b>, is
-a mechanism for message digesting, following the Secure Hash Algorithm defined
-in FIPS PUB 180-4, section 5.3.6.  It is based on a 512-bit message digest with
-a distinct initial hash value and truncated to 224 bits.  <b>CKM_SHA512_224</b>
-is the same as <b>CKM_SHA512_T </b>with a parameter value of 224.</p>
-
-<p class=MsoNormal>It does not have a parameter.</p>
-
-<p class=MsoNormal>Constraints on the length of input and output data are
-summarized in the following table.  For single-part digesting, the data and the
-digest may begin at the same location in memory.</p>
-
-<p class=MsoCaption>Table 91, SHA-512/224: Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=76 valign=top style='width:57.3pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=99 valign=top style='width:74.55pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=105 valign=top style='width:79.05pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Digest length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=76 valign=top style='width:57.3pt;border-top:1.0pt;border-left:
-  1.5pt;border-bottom:1.5pt;border-right:1.0pt;border-color:black;border-style:
-  solid;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Digest</span></p>
-  </td>
-  <td width=99 valign=top style='width:74.55pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=105 valign=top style='width:79.05pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>28</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850572"></a><a name="_Toc441162494"></a><a
-name="_Toc416960135"></a><a name="_Toc437440653"></a><a name="_Toc395187889"></a><a
-name="_Toc391471251"></a><a name="_Toc370634538">2.23.3 General-length
-SHA-512-HMAC</a></h3>
-
-<p class=MsoNormal>The general-length SHA-512/224-HMAC mechanism, denoted <b>CKM_SHA512_224_HMAC_GENERAL</b>,
-is the same as the general-length SHA-1-HMAC mechanism in Section 2.18.3, except that it uses the HMAC construction based on the SHA-512/224 hash
-function and length of the output should be in the range 0-28.</p>
-
-<h3><a name="_Toc441850573"></a><a name="_Toc441162495"></a><a
-name="_Toc416960136"></a><a name="_Toc437440654"></a><a name="_Toc395187890"></a><a
-name="_Toc391471252"></a><a name="_Toc370634539">2.23.4 SHA-512/224-HMAC</a></h3>
-
-<p class=MsoNormal>The SHA-512-HMAC mechanism, denoted <b>CKM_SHA512_224_HMAC</b>,
-is a special case of the general-length SHA-512/224-HMAC mechanism.</p>
-
-<p class=MsoNormal>It has no parameter, and always produces an output of length
-28.</p>
-
-<h3><a name="_Toc441850574"></a><a name="_Toc441162496"></a><a
-name="_Toc416960137"></a><a name="_Toc437440655"></a><a name="_Toc395187891"></a><a
-name="_Toc391471253"></a><a name="_Toc370634540">2.23.5 SHA-512/224 key
-derivation</a></h3>
-
-<p class=MsoNormal>The SHA-512/224 key derivation, denoted <b>CKM_SHA512_224_KEY_DERIVATION</b>,
-is the same as the SHA-512 key derivation mechanism in section 2.25.5, except
-that it uses the SHA-512/224 hash function and the relevant length is 28 bytes.</p>
-
-<h2><a name="_Toc441850575"></a><a name="_Toc441162497"></a><a
-name="_Toc416960138"></a><a name="_Toc437440656"></a><a name="_Toc395187892"></a><a
-name="_Toc391471254"></a><a name="_Toc370634541"><span lang=DE-CH>2.24 </span>SHA-512/256</a></h2>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>92</span></i><i><span style='font-size:9.0pt'>,
-SHA-512/256 Mechanisms vs. Functions</span></i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='border-collapse:collapse;border:none'>
- <tr>
-  <td width=254 rowspan=2 valign=top style='width:190.35pt;border:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left'><b><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-  <p class=TableSmallFont align=left style='text-align:left'><b><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Mechanism</span></b></p>
-  </td>
-  <td width=371 colspan=7 valign=top style='width:278.35pt;border:solid windowtext 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Functions</span></b></p>
-  </td>
- </tr>
- <tr>
-  <td width=64 valign=top style='width:48.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Encrypt</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Decrypt</span></b></p>
-  </td>
-  <td width=51 valign=top style='width:38.6pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Sign</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Verify</span></b></p>
-  </td>
-  <td width=38 valign=top style='width:28.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>SR</span></b></p>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>VR</span></b><sup><span lang=SV style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>1</span></sup></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>&nbsp;</span></b></p>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>Digest</span></b></p>
-  </td>
-  <td width=44 valign=top style='width:33.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Gen.</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> Key/</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Pair</span></b></p>
-  </td>
-  <td width=63 valign=top style='width:47.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Wrap</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Unwrap</span></b></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Derive</span></b></p>
-  </td>
- </tr>
- <tr>
-  <td width=254 valign=top style='width:190.35pt;width:175.5pt !msorm;
-  border:solid windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt;
-  border:none !msorm;padding:0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SHA512_256</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.05pt;width:40.5pt !msorm;border-top:
-  none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;border:none !msorm;padding:0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=51 valign=top style='width:38.6pt;width:35.3pt !msorm;border-top:
-  none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;border:none !msorm;padding:0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=38 valign=top style='width:28.35pt;width:26.5pt !msorm;border-top:
-  none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;border:none !msorm;padding:0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;width:35.3pt !msorm;border-top:
-  none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;border:none !msorm;padding:0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-family:
-  "Arial",sans-serif !msorm'><span style='font-size:10.0pt;font-family:Wingdings'>ü</span></span></p>
-  </td>
-  <td width=44 valign=top style='width:33.05pt;width:30.9pt !msorm;border-top:
-  none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;border:none !msorm;padding:0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.5pt;width:43.7pt !msorm;border-top:
-  none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;border:none !msorm;padding:0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;width:39.8pt !msorm;border-top:
-  none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;border:none !msorm;padding:0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=254 valign=top style='width:190.35pt;width:175.5pt !msorm;
-  border:solid windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt;
-  border:none !msorm;padding:0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SHA512_256_HMAC_GENERAL</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.05pt;width:40.5pt !msorm;border-top:
-  none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;border:none !msorm;padding:0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=51 valign=top style='width:38.6pt;width:35.3pt !msorm;border-top:
-  none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;border:none !msorm;padding:0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-family:
-  "Arial",sans-serif !msorm'><span style='font-size:10.0pt;font-family:Wingdings'>ü</span></span></p>
-  </td>
-  <td width=38 valign=top style='width:28.35pt;width:26.5pt !msorm;border-top:
-  none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;border:none !msorm;padding:0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;width:35.3pt !msorm;border-top:
-  none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;border:none !msorm;padding:0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=44 valign=top style='width:33.05pt;width:30.9pt !msorm;border-top:
-  none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;border:none !msorm;padding:0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.5pt;width:43.7pt !msorm;border-top:
-  none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;border:none !msorm;padding:0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;width:39.8pt !msorm;border-top:
-  none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;border:none !msorm;padding:0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=254 valign=top style='width:190.35pt;width:175.5pt !msorm;
-  border:solid windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt;
-  border:none !msorm;padding:0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SHA512_256_HMAC</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.05pt;width:40.5pt !msorm;border-top:
-  none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;border:none !msorm;padding:0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=51 valign=top style='width:38.6pt;width:35.3pt !msorm;border-top:
-  none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;border:none !msorm;padding:0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-family:
-  "Arial",sans-serif !msorm'><span style='font-size:10.0pt;font-family:Wingdings'>ü</span></span></p>
-  </td>
-  <td width=38 valign=top style='width:28.35pt;width:26.5pt !msorm;border-top:
-  none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;border:none !msorm;padding:0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;width:35.3pt !msorm;border-top:
-  none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;border:none !msorm;padding:0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=44 valign=top style='width:33.05pt;width:30.9pt !msorm;border-top:
-  none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;border:none !msorm;padding:0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.5pt;width:43.7pt !msorm;border-top:
-  none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;border:none !msorm;padding:0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;width:39.8pt !msorm;border-top:
-  none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;border:none !msorm;padding:0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=254 valign=top style='width:190.35pt;width:175.5pt !msorm;
-  border:solid windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt;
-  border:none !msorm;padding:0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SHA512_256_KEY_DERIVATION</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.05pt;width:40.5pt !msorm;border-top:
-  none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;border:none !msorm;padding:0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=51 valign=top style='width:38.6pt;width:35.3pt !msorm;border-top:
-  none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;border:none !msorm;padding:0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=38 valign=top style='width:28.35pt;width:26.5pt !msorm;border-top:
-  none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;border:none !msorm;padding:0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;width:35.3pt !msorm;border-top:
-  none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;border:none !msorm;padding:0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=44 valign=top style='width:33.05pt;width:30.9pt !msorm;border-top:
-  none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;border:none !msorm;padding:0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.5pt;width:43.7pt !msorm;border-top:
-  none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;border:none !msorm;padding:0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;width:39.8pt !msorm;border-top:
-  none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;border:none !msorm;padding:0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-family:
-  "Arial",sans-serif !msorm'><span style='font-size:10.0pt;font-family:Wingdings'>ü</span></span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850576"></a><a name="_Toc441162498"></a><a
-name="_Toc416960139"></a><a name="_Toc437440657"></a><a name="_Toc395187893"></a><a
-name="_Toc391471255"></a><a name="_Toc370634542">2.24.1 Definitions</a></h3>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SHA512_256                    </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SHA512_256_HMAC                </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SHA512_256_HMAC_GENERAL        </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SHA512_256_KEY_DERIVATION</p>
-
-<p class=MsoNormal style='margin-left:.5in'>&nbsp;</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKK_SHA512_256_HMAC      </p>
-
-<h3><a name="_Toc441850577"></a><a name="_Toc441162499"></a><a
-name="_Toc416960140"></a><a name="_Toc437440658"></a><a name="_Toc395187894"></a><a
-name="_Toc391471256"></a><a name="_Toc370634543">2.24.2 SHA-512/256 digest</a></h3>
-
-<p class=MsoNormal>The SHA-512/256 mechanism, denoted <b>CKM_SHA512_256</b>, is
-a mechanism for message digesting, following the Secure Hash Algorithm defined
-in FIPS PUB 180-4, section 5.3.6.  It is based on a 512-bit message digest with
-a distinct initial hash value and truncated to 256 bits.  <b>CKM_SHA512_256</b>
-is the same as <b>CKM_SHA512_T </b>with a parameter value of 256.</p>
-
-<p class=MsoNormal>It does not have a parameter.</p>
-
-<p class=MsoNormal>Constraints on the length of input and output data are
-summarized in the following table.  For single-part digesting, the data and the
-digest may begin at the same location in memory.</p>
-
-<p class=MsoCaption>Table 93, SHA-512/256: Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=76 valign=top style='width:57.3pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=99 valign=top style='width:74.55pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=105 valign=top style='width:79.05pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Digest length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=76 valign=top style='width:57.3pt;border-top:1.0pt;border-left:
-  1.5pt;border-bottom:1.5pt;border-right:1.0pt;border-color:black;border-style:
-  solid;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Digest</span></p>
-  </td>
-  <td width=99 valign=top style='width:74.55pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=105 valign=top style='width:79.05pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>32</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850578"></a><a name="_Toc441162500"></a><a
-name="_Toc416960141"></a><a name="_Toc437440659"></a><a name="_Toc395187895"></a><a
-name="_Toc391471257"></a><a name="_Toc370634544">2.24.3 General-length
-SHA-512-HMAC</a></h3>
-
-<p class=MsoNormal>The general-length SHA-512/256-HMAC mechanism, denoted <b>CKM_SHA512_256_HMAC_GENERAL</b>,
-is the same as the general-length SHA-1-HMAC mechanism in Section 2.18.3, except that it uses the HMAC construction based on the SHA-512/256 hash
-function and length of the output should be in the range 0-32.</p>
-
-<h3><a name="_Toc441850579"></a><a name="_Toc441162501"></a><a
-name="_Toc416960142"></a><a name="_Toc437440660"></a><a name="_Toc395187896"></a><a
-name="_Toc391471258"></a><a name="_Toc370634545">2.24.4 SHA-512/256-HMAC</a></h3>
-
-<p class=MsoNormal>The SHA-512-HMAC mechanism, denoted <b>CKM_SHA512_256_HMAC</b>,
-is a special case of the general-length SHA-512/256-HMAC mechanism.</p>
-
-<p class=MsoNormal>It has no parameter, and always produces an output of length
-32.</p>
-
-<h3><a name="_Toc441850580"></a><a name="_Toc441162502"></a><a
-name="_Toc416960143"></a><a name="_Toc437440661"></a><a name="_Toc395187897"></a><a
-name="_Toc391471259"></a><a name="_Toc370634546">2.24.5 SHA-512/256 key
-derivation</a></h3>
-
-<p class=MsoNormal>The SHA-512/256 key derivation, denoted <b>CKM_SHA512_256_KEY_DERIVATION</b>,
-is the same as the SHA-512 key derivation mechanism in section 2.25.5, except
-that it uses the SHA-512/256 hash function and the relevant length is 32 bytes.</p>
-
-<h2><a name="_Toc441850581"></a><a name="_Toc441162503"></a><a
-name="_Toc416960144"></a><a name="_Toc437440662"></a><a name="_Toc395187898"></a><a
-name="_Toc391471260"></a><a name="_Toc370634547"><span lang=DE-CH>2.25 </span>SHA-512/t</a></h2>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>94</span></i><i><span style='font-size:9.0pt'>, SHA-512 /
-t Mechanisms vs. Functions</span></i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=234 valign=top style='width:175.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-   </td>
-   <td width=336 colspan=7 valign=top style='width:3.5in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Functions</span></b></p>
-   </td>
-  </tr>
-  <tr>
-   <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Mechanism</span></b></p>
-   </td>
-   <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Encrypt</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Decrypt</span></b></p>
-   </td>
-   <td width=47 valign=top style='width:35.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Sign</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Verify</span></b></p>
-   </td>
-   <td width=35 valign=top style='width:26.5pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>SR</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>VR</span></b><sup><span lang=SV style='font-size:10.0pt;
-   font-family:"Arial",sans-serif'>1</span></sup></p>
-   </td>
-   <td width=47 valign=top style='width:35.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>Digest</span></b></p>
-   </td>
-   <td width=41 valign=top style='width:30.9pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Gen.</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> Key/</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Pair</span></b></p>
-   </td>
-   <td width=58 valign=top style='width:43.7pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Wrap</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Unwrap</span></b></p>
-   </td>
-   <td width=53 valign=top style='width:39.8pt;border-top:solid black 1.0pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Derive</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SHA512_T</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SHA512_T_HMAC_GENERAL</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SHA512_T_HMAC</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SHA512_T_KEY_DERIVATION</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850582"></a><a name="_Toc441162504"></a><a
-name="_Toc416960145"></a><a name="_Toc437440663"></a><a name="_Toc395187899"></a><a
-name="_Toc391471261"></a><a name="_Toc370634548">2.25.1 Definitions</a></h3>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SHA512_T                  </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SHA512_T_HMAC                </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SHA512_T_HMAC_GENERAL        </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SHA512_T_KEY_DERIVATION</p>
-
-<p class=MsoNormal style='margin-left:.5in'>&nbsp;</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKK_SHA512_T_HMAC      </p>
-
-<h3><a name="_Toc441850583"></a><a name="_Toc441162505"></a><a
-name="_Toc416960146"></a><a name="_Toc437440664"></a><a name="_Toc395187900"></a><a
-name="_Toc391471262"></a><a name="_Toc370634549">2.25.2 SHA-512/t digest</a></h3>
-
-<p class=MsoNormal>The SHA-512/t mechanism, denoted <b>CKM_SHA512_T</b>, is a
-mechanism for message digesting, following the Secure Hash Algorithm defined in
-FIPS PUB 180-4, section 5.3.6.  It is based on a 512-bit message digest with a
-distinct initial hash value and truncated to t bits.</p>
-
-<p class=MsoNormal>It has a parameter, a <b>CK_MAC_GENERAL_PARAMS</b>, which
-holds the value of t in bits.  The length in bytes of the desired output should
-be in the range of 0-<span style='font-family:"Arial Unicode MS",sans-serif'>&#8968;</span>
-t/8<span style='font-family:"Arial Unicode MS",sans-serif'>&#8969;</span>,
-where 0 &lt; t &lt; 512, and t &lt;&gt; 384.</p>
-
-<p class=MsoNormal>Constraints on the length of input and output data are
-summarized in the following table.  For single-part digesting, the data and the
-digest may begin at the same location in memory.</p>
-
-<p class=MsoCaption>Table 95, SHA-512/256: Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr style='height:14.1pt'>
-   <td width=96 valign=top style='width:1.0in;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt;height:14.1pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=132 valign=top style='width:99.0pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt;height:14.1pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=252 valign=top style='width:189.0pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt;height:14.1pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Digest length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr style='height:12.75pt'>
-  <td width=96 valign=top style='width:1.0in;border-top:1.0pt;border-left:1.5pt;
-  border-bottom:1.5pt;border-right:1.0pt;border-color:black;border-style:solid;
-  padding:0in 5.4pt 0in 5.4pt;height:12.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Digest</span></p>
-  </td>
-  <td width=132 valign=top style='width:99.0pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:12.75pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=252 valign=top style='width:189.0pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt;height:12.75pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-family:"Arial Unicode MS",sans-serif'>&#8968;</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>t/8</span><span
-  style='font-family:"Arial Unicode MS",sans-serif'>&#8969;</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>, where 0 &lt; t &lt;
-  512, and t &lt;&gt; 384</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850584"></a><a name="_Toc441162506"></a><a
-name="_Toc416960147"></a><a name="_Toc437440665"></a><a name="_Toc395187901"></a><a
-name="_Toc391471263"></a><a name="_Toc370634550">2.25.3 General-length
-SHA-512-HMAC</a></h3>
-
-<p class=MsoNormal>The general-length SHA-512/256-HMAC mechanism, denoted <b>CKM_SHA512_T_HMAC_GENERAL</b>,
-is the same as the general-length SHA-1-HMAC mechanism in Section 2.18.3, except that it uses the HMAC construction based on the SHA-512/t hash
-function and length of the output should be in the range 0 – <span
-style='font-family:"Arial Unicode MS",sans-serif'>&#8968;</span>t/8<span
-style='font-family:"Arial Unicode MS",sans-serif'>&#8969;</span>, where 0 &lt;
-t &lt; 512, and t &lt;&gt; 384.</p>
-
-<h3><a name="_Toc441850585"></a><a name="_Toc441162507"></a><a
-name="_Toc416960148"></a><a name="_Toc437440666"></a><a name="_Toc395187902"></a><a
-name="_Toc391471264"></a><a name="_Toc370634551">2.25.4 SHA-512/t-HMAC</a></h3>
-
-<p class=MsoNormal>The SHA-512-HMAC mechanism, denoted <b>CKM_SHA512_T_HMAC</b>,
-is a special case of the general-length SHA-512/256-HMAC mechanism.</p>
-
-<p class=MsoNormal>It has a parameter, a <b>CK_MAC_GENERAL_PARAMS</b>, which
-holds the value of t in bits.  The length in bytes of the desired output should
-be in the range of 0-<span style='font-family:"Arial Unicode MS",sans-serif'>&#8968;</span>t/8<span
-style='font-family:"Arial Unicode MS",sans-serif'>&#8969;</span>, where 0 &lt;
-t &lt; 512, and t &lt;&gt; 384.</p>
-
-<h3><a name="_Toc441850586"></a><a name="_Toc441162508"></a><a
-name="_Toc416960149"></a><a name="_Toc437440667"></a><a name="_Toc395187903"></a><a
-name="_Toc391471265"></a><a name="_Toc370634552">2.25.5 SHA-512/t key
-derivation</a></h3>
-
-<p class=MsoNormal>The SHA-512/256 key derivation, denoted <b>CKM_SHA512_T_KEY_DERIVATION</b>,
-is the same as the SHA-512 key derivation mechanism in section 2.25.5, except
-that it uses the SHA-512/256 hash function and the relevant length is <span
-style='font-family:"Arial Unicode MS",sans-serif'>&#8968;</span>t/8<span
-style='font-family:"Arial Unicode MS",sans-serif'>&#8969; </span>bytes, where 0
-&lt; t &lt; 512, and t &lt;&gt; 384.</p>
-
-<h2><a name="_Toc323624156"></a><a name="_Toc405794909"></a><a
-name="_Toc441850587"></a><a name="_Toc441162509"></a><a name="_Toc416960150"></a><a
-name="_Toc437440668"></a><a name="_Toc395187904"></a><a name="_Toc391471266"></a><a
-name="_Toc370634553"></a><a name="_Toc72656420"></a><a name="_Toc228807306"></a><a
-name="_Toc228894774"></a><a name="_Toc405794911">2.26 PKCS #5 and PKCS #5-style
-password-based encryption </a>(PBE)</h2>
-
-<p class=MsoNormal>The mechanisms in this section are for generating keys and
-IVs for performing password-based encryption.  The method used to generate keys
-and IVs is specified in PKCS #5.</p>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>96</span></i><i><span style='font-size:9.0pt'>, PKCS 5
-Mechanisms vs. Functions</span></i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=234 valign=top style='width:175.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'><a name="_Toc72656421"></a>
-   <p class=TableSmallFont align=left style='text-align:left'><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-   </td>
-   <td width=336 colspan=7 valign=top style='width:3.5in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Functions</span></b></p>
-   </td>
-  </tr>
-  <tr>
-   <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Mechanism</span></b></p>
-   </td>
-   <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Encrypt</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Decrypt</span></b></p>
-   </td>
-   <td width=47 valign=top style='width:35.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Sign</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Verify</span></b></p>
-   </td>
-   <td width=35 valign=top style='width:26.5pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>SR</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>VR</span></b><sup><span lang=SV style='font-size:10.0pt;
-   font-family:"Arial",sans-serif'>1</span></sup></p>
-   </td>
-   <td width=47 valign=top style='width:35.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>Digest</span></b></p>
-   </td>
-   <td width=41 valign=top style='width:30.9pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Gen.</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> Key/</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Pair</span></b></p>
-   </td>
-   <td width=58 valign=top style='width:43.7pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Wrap</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Unwrap</span></b></p>
-   </td>
-   <td width=53 valign=top style='width:39.8pt;border-top:solid black 1.0pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Derive</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_PBE_SHA1_DES3_EDE_CBC</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_PBE_SHA1_DES2_EDE_CBC</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_PBA_SHA1_WITH_SHA1_HMAC</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_PKCS5_PBKD2</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850588"></a><a name="_Toc441162510"></a><a
-name="_Toc416960151"></a><a name="_Toc437440669"></a><a name="_Toc395187905"></a><a
-name="_Toc391471267"></a><a name="_Toc370634554"></a><a name="_Toc228807307"></a><a
-name="_Toc228894775">2.26.1 Definitions</a></h3>
-
-<p class=MsoNormal>Mechanisms:</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_PBE_SHA1_DES3_EDE_CBC      </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_PBE_SHA1_DES2_EDE_CBC      </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_PKCS5_PBKD2                </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_PBA_SHA1_WITH_SHA1_HMAC    </p>
-
-<h3><a name="_Toc441850589"></a><a name="_Toc441162511"></a><a
-name="_Toc416960152"></a><a name="_Toc437440670"></a><a name="_Toc395187906"></a><a
-name="_Toc391471268"></a><a name="_Toc370634555"></a><a name="_Toc72656422"></a><a
-name="_Toc228807308"></a><a name="_Toc228894776">2.26.2 Password-based
-encryption/authentication mechanism parameters</a></h3>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc405794910"></a><a name="_Toc72656423"></a><a name="_Toc228807309"><span
-lang=X-NONE style='font-family:Symbol;font-weight:normal'>¨<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><span
-lang=X-NONE style='font-family:"Arial",sans-serif'>CK_PBE_PARAMS;
-CK_PBE_PARAMS_PTR</span></a></p>
-
-<p class=MsoNormal><b>CK_PBE_PARAMS</b> is a structure which provides all of
-the necessary information required by the CKM_PBE mechanisms (see PKCS #5 and
-PKCS #12 for information on the PBE generation mechanisms) and the
-CKM_PBA_SHA1_WITH_SHA1_HMAC mechanism.  It is defined as follows:</p>
-
-<p class=CCode>typedef struct CK_PBE_PARAMS {</p>
-
-<p class=CCode>  CK_BYTE_PTR pInitVector;</p>
-
-<p class=CCode>  CK_UTF8CHAR_PTR pPassword;</p>
-
-<p class=CCode>  CK_ULONG ulPasswordLen;</p>
-
-<p class=CCode>  CK_BYTE_PTR pSalt;</p>
-
-<p class=CCode>  CK_ULONG ulSaltLen;</p>
-
-<p class=CCode>  CK_ULONG ulIteration;</p>
-
-<p class=CCode>} CK_PBE_PARAMS;</p>
-
-<p class=CCode>&nbsp;</p>
-
-<p class=MsoNormal style='page-break-after:avoid'>The fields of the structure
-have the following meanings:</p>
-
-<p class=definition0>                                pInitVector       pointer
-to the location that receives the 8-byte initialization vector (IV), if an IV
-is required;</p>
-
-<p class=definition0>                                pPassword       points to
-the password to be used in the PBE key generation;</p>
-
-<p class=definition0>                          ulPasswordLen       length in
-bytes of the password information;</p>
-
-<p class=definition0>                                         pSalt       points
-to the salt to be used in the PBE key generation;</p>
-
-<p class=definition0>                                   ulSaltLen       length
-in bytes of the salt information;</p>
-
-<p class=definition0>                                  ulIteration       number
-of iterations required for the generation.</p>
-
-<p class=MsoNormal>CK_PBE_PARAMS_PTR is a pointer to a CK_PBE_PARAMS.</p>
-
-<h3><a name="_Toc323624157"></a><a name="_Toc441850590"></a><a
-name="_Toc441162512"></a><a name="_Toc416960153"></a><a name="_Toc437440671"></a><a
-name="_Toc395187907"></a><a name="_Toc391471269"></a><a name="_Toc370634556"></a><a
-name="_Toc72656430"></a><a name="_Toc228807310"></a><a name="_Toc228894777">2.26.3
-PKCS #5 PBKDF2 key generation mechanism parameters</a></h3>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc72656431"></a><a name="_Toc228807311"><span lang=X-NONE
-style='font-family:Symbol;font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span lang=X-NONE style='font-family:"Arial",sans-serif'>CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE;
-CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR</span></a></p>
-
-<p class=MsoNormal><b>CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE</b> is used to
-indicate the Pseudo-Random Function (PRF) used to generate key bits using PKCS
-#5 PBKDF2. It is defined as follows:</p>
-
-<p class=CCode>typedef CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE;</p>
-
-<p class=CCode><span style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=MsoNormal>The following PRFs are defined in PKCS #5 v2.1. The
-following table lists the defined functions.</p>
-
-<p class=MsoCaption><a name="_Toc228807550">Table </a>97, PKCS #5 PBKDF2 Key
-Generation: Pseudo-random functions</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <tr style='page-break-inside:avoid'>
-  <td width=278 valign=top style='width:208.85pt;border-top:1.5pt;border-left:
-  1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:windowtext;
-  border-style:solid;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><b><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif;color:black'>PRF </span></b><b><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Identifier</span></b></p>
-  </td>
-  <td width=106 valign=top style='width:79.35pt;border-top:solid windowtext 1.5pt;
-  border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><b><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Value</span></b></p>
-  </td>
-  <td width=216 valign=top style='width:2.25in;border-top:solid windowtext 1.5pt;
-  border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><b><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Parameter Type</span></b></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=278 valign=top style='width:208.85pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.0pt;border-right:
-  solid windowtext 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKP_PKCS5_PBKD2_HMAC_SHA1</span></p>
-  </td>
-  <td width=106 valign=top style='width:79.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>0x00000001UL</span></p>
-  </td>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>No
-  Parameter. <i>pPrfData</i> must be NULL and <i>ulPrfDataLen</i> must be zero.</span></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=278 valign=top style='width:208.85pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.0pt;border-right:
-  solid windowtext 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKP_PKCS5_PBKD2_HMAC_GOSTR3411</span></p>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=106 valign=top style='width:79.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>0x00000002UL</span></p>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt;text-autospace:
-  none'><span style='color:black'>This PRF uses GOST R34.11-94 hash to produce
-  secret key value. <i>pPrfData</i> should point to DER-encoded OID, indicating
-  GOSTR34.11-94 parameters. <i>ulPrfDataLen</i> holds encoded OID length in
-  bytes. If <i>pPrfData</i> is set to NULL_PTR, then <i>id-GostR3411-94-CryptoProParamSet</i>
-  parameters will be used (RFC 4357, 11.2), and <i>ulPrfDataLen</i> must be 0.</span></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=278 valign=top style='width:208.85pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.0pt;border-right:
-  solid windowtext 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKP_PKCS5_PBKD2_HMAC_SHA224</span></p>
-  </td>
-  <td width=106 valign=top style='width:79.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>0x00000003UL</span></p>
-  </td>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt;text-autospace:
-  none'><span style='color:black'>No&nbsp;Parameter.&nbsp;<i>pPrfData&nbsp;</i>must&nbsp;be
-  NULL&nbsp;and&nbsp;<i>ulPrfDataLen&nbsp;</i>must&nbsp;be zero.</span></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=278 valign=top style='width:208.85pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.0pt;border-right:
-  solid windowtext 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKP_PKCS5_PBKD2_HMAC_SHA256</span></p>
-  </td>
-  <td width=106 valign=top style='width:79.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>0x00000004UL</span></p>
-  </td>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt;text-autospace:
-  none'><span style='color:black'>No&nbsp;Parameter.&nbsp;<i>pPrfData&nbsp;</i>must&nbsp;be
-  NULL&nbsp;and&nbsp;<i>ulPrfDataLen&nbsp;</i>must&nbsp;be zero.</span></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=278 valign=top style='width:208.85pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.0pt;border-right:
-  solid windowtext 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKP_PKCS5_PBKD2_HMAC_SHA384</span></p>
-  </td>
-  <td width=106 valign=top style='width:79.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>0x00000005UL</span></p>
-  </td>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt;text-autospace:
-  none'><span style='color:black'>No&nbsp;Parameter.&nbsp;<i>pPrfData&nbsp;</i>must&nbsp;be
-  NULL&nbsp;and&nbsp;<i>ulPrfDataLen&nbsp;</i>must&nbsp;be zero.</span></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=278 valign=top style='width:208.85pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.0pt;border-right:
-  solid windowtext 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKP_PKCS5_PBKD2_HMAC_SHA512</span></p>
-  </td>
-  <td width=106 valign=top style='width:79.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>0x00000006UL</span></p>
-  </td>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt;text-autospace:
-  none'><span style='color:black'>No&nbsp;Parameter.&nbsp;<i>pPrfData&nbsp;</i>must&nbsp;be
-  NULL&nbsp;and&nbsp;<i>ulPrfDataLen&nbsp;</i>must&nbsp;be zero.</span></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=278 valign=top style='width:208.85pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.0pt;border-right:
-  solid windowtext 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKP_PKCS5_PBKD2_HMAC_SHA512_224</span></p>
-  </td>
-  <td width=106 valign=top style='width:79.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>0x00000007UL</span></p>
-  </td>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt;text-autospace:
-  none'><span style='color:black'>No&nbsp;Parameter.&nbsp;<i>pPrfData&nbsp;</i>must&nbsp;be
-  NULL&nbsp;and&nbsp;<i>ulPrfDataLen&nbsp;</i>must&nbsp;be zero.</span></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=278 valign=top style='width:208.85pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.5pt;border-right:
-  solid windowtext 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKP_PKCS5_PBKD2_HMAC_SHA512_256</span></p>
-  </td>
-  <td width=106 valign=top style='width:79.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.5pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>0x00000008UL</span></p>
-  </td>
-  <td width=216 valign=top style='width:2.25in;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.5pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt;text-autospace:
-  none'><span style='color:black'>No&nbsp;Parameter.&nbsp;<i>pPrfData&nbsp;</i>must&nbsp;be
-  NULL&nbsp;and&nbsp;<i>ulPrfDataLen&nbsp;</i>must&nbsp;be zero.</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR is a pointer
-to a CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc72656432"></a><a name="_Toc228807312"><span lang=X-NONE
-style='font-family:Symbol;font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span lang=X-NONE style='font-family:"Arial",sans-serif'>CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE;
-CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR</span></a></p>
-
-<p class=MsoNormal><b>CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE </b>is used to indicate
-the source of the salt value when deriving a key using PKCS #5 PBKDF2. It is
-defined as follows:</p>
-
-<p class=CCode>typedef CK_ULONG CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE;</p>
-
-<p class=CCode><span style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=MsoNormal>The following salt value sources are defined in PKCS #5
-v2.1. The following table lists the defined sources along with the
-corresponding data type for the <i>pSaltSourceData</i> field in the <b>CK_PKCS5_PBKD2_<span
-class=msoDel><del cite="mailto:TCA" datetime="2016-01-20T14:55">PARAM</del></span><span
-class=msoIns><ins cite="mailto:TCA" datetime="2016-01-20T14:55">PARAMS2</ins></span></b>
-structure defined below.</p>
-
-<p class=MsoCaption><a name="_Toc228807551">Table </a>98, PKCS #5 PBKDF2 Key
-Generation: Salt sources</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <tr>
-  <td width=186 valign=top style='width:139.5pt;border-top:1.5pt;border-left:
-  1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:windowtext;
-  border-style:solid;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Source
-  Identifier</span></b></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:solid windowtext 1.5pt;
-  border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Value</span></b></p>
-  </td>
-  <td width=301 valign=top style='width:225.9pt;border-top:solid windowtext 1.5pt;
-  border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Data
-  Type</span></b></p>
-  </td>
- </tr>
- <tr>
-  <td width=186 valign=top style='width:139.5pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.5pt;border-right:
-  solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKZ_SALT_SPECIFIED</span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.5pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>0x00000001</span></p>
-  </td>
-  <td width=301 valign=top style='width:225.9pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.5pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Array
-  of CK_BYTE containing the value of the salt value.</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR is a pointer to a
-CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc72656433"></a><a name="_Toc228807313"><span lang=X-NONE
-style='font-family:Symbol;font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-size:12.0pt !msorm;font-family:"Arial",sans-serif !msorm;
-color:windowtext !msorm'><span lang=X-NONE style='font-size:10.0pt;font-family:
-"Tahoma",sans-serif;color:black'>CK_PKCS5_PBKD2_</span></span></a><span
-lang=X-NONE style='font-family:"Arial",sans-serif'><span class=msoDel><del
-cite="mailto:TCA" datetime="2016-01-20T14:55">PARAMS</del></span></span><span
-lang=X-NONE style='font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black'><span
-class=msoIns><ins cite="mailto:TCA" datetime="2016-01-20T14:55">PARAMS2</ins></span></span><span
-lang=X-NONE style='font-family:"Arial",sans-serif'>; CK_PKCS5_PBKD2_<span
-class=msoDel><del cite="mailto:TCA" datetime="2016-01-20T14:55">PARAMS</del></span><span
-class=msoIns><ins cite="mailto:TCA" datetime="2016-01-20T14:55">PARAMS</ins></span></span><span
-lang=EN-AU style='font-family:"Arial",sans-serif'><span class=msoIns><ins
-cite="mailto:TCA" datetime="2016-01-20T14:55">2</ins></span></span><span
-lang=X-NONE style='font-family:"Arial",sans-serif'>_PTR</span></p>
-
-<p class=MsoNormal><span style='font-family:"Arial",sans-serif !msorm;
-color:windowtext !msorm;font-weight:bold !msorm'><span style='font-family:"Tahoma",sans-serif;
-color:black'>CK_PKCS5_PBKD2_</span></span><b><span class=msoDel><del
-cite="mailto:TCA" datetime="2016-01-20T14:55">PARAMS</del></span></b><span
-style='font-family:"Tahoma",sans-serif;color:black'><span class=msoIns><ins
-cite="mailto:TCA" datetime="2016-01-20T14:55">PARAMS2</ins></span></span><span
-style='font-family:"Arial",sans-serif !msorm;color:windowtext !msorm'><span
-style='font-family:"Tahoma",sans-serif;color:black'> </span></span>is a structure
-that provides the parameters to the <b>CKM_PKCS5_PBKD2</b> mechanism.  The
-structure is defined as follows:</p>
-
-<div style='border:solid #AEBDCC 1.0pt;padding:5.0pt 5.0pt 5.0pt 5.0pt;
-background:#F3F5F7'><pre style='margin-left:1.1in !msorm;text-indent:-.8in !msorm;
-background:white !msorm;border:none !msorm;mso-style-name:C_Code !msorm;
-background:#F3F5F7;border:none;padding:0in'><span style='font-size:12.0pt !msorm;
-font-family:"Courier New" !msorm;color:windowtext !msorm'><span
-style='font-family:Courier;color:black'>typedef struct CK_PKCS5_PBKD2_</span></span><span
-style='font-size:12.0pt !msorm;font-family:"Courier New" !msorm'><span
-class=msoDel><del cite="mailto:TCA" datetime="2016-01-20T14:55">PARAMS</del></span></span><span
-style='font-size:12.0pt !msorm'><span style='font-family:Courier;color:black'><span
-class=msoIns><ins cite="mailto:TCA" datetime="2016-01-20T14:55">PARAMS2</ins></span></span></span><span
-style='font-size:12.0pt !msorm;font-family:"Courier New" !msorm;color:windowtext !msorm'><span
-style='font-family:Courier;color:black'> {</span></span></pre><pre
-style='margin-left:1.1in !msorm;text-indent:-.8in !msorm;background:white !msorm;
-border:none !msorm;mso-style-name:C_Code !msorm;background:#F3F5F7;border:none;
-padding:0in'><span style='font-size:12.0pt !msorm;font-family:"Courier New" !msorm'><span
-class=msoDel><del cite="mailto:TCA" datetime="2016-01-20T14:55">               </del></span></span><span
-style='font-size:12.0pt !msorm'><span style='font-family:Courier;color:black'><span
-class=msoIns><ins cite="mailto:TCA" datetime="2016-01-20T14:55">        </ins></span></span></span><span
-style='font-size:12.0pt !msorm;font-family:"Courier New" !msorm;color:windowtext !msorm'><span
-style='font-family:Courier;color:black'>CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource;</span></span></pre><pre
-style='margin-left:1.1in !msorm;text-indent:-.8in !msorm;background:white !msorm;
-border:none !msorm;mso-style-name:C_Code !msorm;background:#F3F5F7;border:none;
-padding:0in'><span style='font-size:12.0pt !msorm;font-family:"Courier New" !msorm'><span
-class=msoDel><del cite="mailto:TCA" datetime="2016-01-20T14:55">               </del></span></span><span
-style='font-size:12.0pt !msorm'><span style='font-family:Courier;color:black'><span
-class=msoIns><ins cite="mailto:TCA" datetime="2016-01-20T14:55">        </ins></span></span></span><span
-style='font-size:12.0pt !msorm;font-family:"Courier New" !msorm;color:windowtext !msorm'><span
-style='font-family:Courier;color:black'>CK_VOID_PTR pSaltSourceData;</span></span></pre><pre
-style='margin-left:1.1in !msorm;text-indent:-.8in !msorm;background:white !msorm;
-border:none !msorm;mso-style-name:C_Code !msorm;background:#F3F5F7;border:none;
-padding:0in'><span style='font-size:12.0pt !msorm;font-family:"Courier New" !msorm'><span
-class=msoDel><del cite="mailto:TCA" datetime="2016-01-20T14:55">               </del></span></span><span
-style='font-size:12.0pt !msorm'><span style='font-family:Courier;color:black'><span
-class=msoIns><ins cite="mailto:TCA" datetime="2016-01-20T14:55">        </ins></span></span></span><span
-style='font-size:12.0pt !msorm;font-family:"Courier New" !msorm;color:windowtext !msorm'><span
-style='font-family:Courier;color:black'>CK_ULONG ulSaltSourceDataLen;</span></span></pre><pre
-style='margin-left:1.1in !msorm;text-indent:-.8in !msorm;background:white !msorm;
-border:none !msorm;mso-style-name:C_Code !msorm;background:#F3F5F7;border:none;
-padding:0in'><span style='font-size:12.0pt !msorm;font-family:"Courier New" !msorm'><span
-class=msoDel><del cite="mailto:TCA" datetime="2016-01-20T14:55">               </del></span></span><span
-style='font-size:12.0pt !msorm'><span style='font-family:Courier;color:black'><span
-class=msoIns><ins cite="mailto:TCA" datetime="2016-01-20T14:55">        </ins></span></span></span><span
-style='font-size:12.0pt !msorm;font-family:"Courier New" !msorm;color:windowtext !msorm'><span
-style='font-family:Courier;color:black'>CK_ULONG iterations;</span></span></pre><pre
-style='margin-left:1.1in !msorm;text-indent:-.8in !msorm;background:white !msorm;
-border:none !msorm;mso-style-name:C_Code !msorm;background:#F3F5F7;border:none;
-padding:0in'><span style='font-size:12.0pt !msorm;font-family:"Courier New" !msorm'><span
-class=msoDel><del cite="mailto:TCA" datetime="2016-01-20T14:55">               </del></span></span><span
-style='font-size:12.0pt !msorm'><span style='font-family:Courier;color:black'><span
-class=msoIns><ins cite="mailto:TCA" datetime="2016-01-20T14:55">        </ins></span></span></span><span
-style='font-size:12.0pt !msorm;font-family:"Courier New" !msorm;color:windowtext !msorm'><span
-style='font-family:Courier;color:black'>CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf;</span></span></pre><pre
-style='margin-left:1.1in !msorm;text-indent:-.8in !msorm;background:white !msorm;
-border:none !msorm;mso-style-name:C_Code !msorm;background:#F3F5F7;border:none;
-padding:0in'><span style='font-size:12.0pt !msorm;font-family:"Courier New" !msorm'><span
-class=msoDel><del cite="mailto:TCA" datetime="2016-01-20T14:55">               </del></span></span><span
-style='font-size:12.0pt !msorm'><span style='font-family:Courier;color:black'><span
-class=msoIns><ins cite="mailto:TCA" datetime="2016-01-20T14:55">        </ins></span></span></span><span
-style='font-size:12.0pt !msorm;font-family:"Courier New" !msorm;color:windowtext !msorm'><span
-style='font-family:Courier;color:black'>CK_VOID_PTR pPrfData;</span></span></pre><pre
-style='margin-left:1.1in !msorm;text-indent:-.8in !msorm;background:white !msorm;
-border:none !msorm;mso-style-name:C_Code !msorm;background:#F3F5F7;border:none;
-padding:0in'><span style='font-size:12.0pt !msorm;font-family:"Courier New" !msorm'><span
-class=msoDel><del cite="mailto:TCA" datetime="2016-01-20T14:55">               </del></span></span><span
-style='font-size:12.0pt !msorm'><span style='font-family:Courier;color:black'><span
-class=msoIns><ins cite="mailto:TCA" datetime="2016-01-20T14:55">        </ins></span></span></span><span
-style='font-size:12.0pt !msorm;font-family:"Courier New" !msorm;color:windowtext !msorm'><span
-style='font-family:Courier;color:black'>CK_ULONG ulPrfDataLen;</span></span><span
-style='font-size:12.0pt !msorm;font-family:"Courier New" !msorm'><span
-class=msoDel><del cite="mailto:TCA" datetime="2016-01-20T14:55"> </del></span></span></pre><pre
-style='margin-left:1.1in !msorm;text-indent:-.8in !msorm;background:white !msorm;
-border:none !msorm;mso-style-name:C_Code !msorm;background:#F3F5F7;border:none;
-padding:0in'><span style='font-size:12.0pt !msorm;font-family:"Courier New" !msorm'><span
-class=msoDel><del cite="mailto:TCA" datetime="2016-01-20T14:55">               </del></span></span><span
-style='font-size:12.0pt !msorm'><span style='font-family:Courier;color:black'><span
-class=msoIns><ins cite="mailto:TCA" datetime="2016-01-20T14:55">        </ins></span></span></span><span
-style='font-size:12.0pt !msorm;font-family:"Courier New" !msorm;color:windowtext !msorm'><span
-style='font-family:Courier;color:black'>CK_UTF8CHAR_PTR pPassword;</span></span></pre><pre
-style='margin-left:1.1in !msorm;text-indent:-.8in !msorm;background:white !msorm;
-border:none !msorm;mso-style-name:C_Code !msorm;background:#F3F5F7;border:none;
-padding:0in'><span style='font-size:12.0pt !msorm;font-family:"Courier New" !msorm'><span
-class=msoDel><del cite="mailto:TCA" datetime="2016-01-20T14:55">               </del></span></span><span
-style='font-size:12.0pt !msorm'><span style='font-family:Courier;color:black'><span
-class=msoIns><ins cite="mailto:TCA" datetime="2016-01-20T14:55">        </ins></span></span></span><span
-style='font-size:12.0pt !msorm;font-family:"Courier New" !msorm;color:windowtext !msorm'><span
-style='font-family:Courier;color:black'>CK_ULONG</span></span><span
-style='font-size:12.0pt !msorm;font-family:"Courier New" !msorm'><span
-class=msoDel><del cite="mailto:TCA" datetime="2016-01-20T14:55">_PTR</del></span></span><span
-style='font-size:12.0pt !msorm;font-family:"Courier New" !msorm;color:windowtext !msorm'><span
-style='font-family:Courier;color:black'> ulPasswordLen;</span></span><span
-style='font-size:12.0pt !msorm'><span style='font-family:Courier;color:black'><span
-class=msoIns><ins cite="mailto:TCA" datetime="2016-01-20T14:55"> </ins></span></span></span></pre><pre
-style='margin-left:1.1in !msorm;text-indent:-.8in !msorm;background:white !msorm;
-border:none !msorm;mso-style-name:C_Code !msorm;background:#F3F5F7;border:none;
-padding:0in'><span style='font-size:12.0pt !msorm;font-family:"Courier New" !msorm;
-color:windowtext !msorm'><span style='font-family:Courier;color:black'>} CK_PKCS5_PBKD2_</span></span><span
-style='font-size:12.0pt !msorm;font-family:"Courier New" !msorm'><span
-class=msoDel><del cite="mailto:TCA" datetime="2016-01-20T14:55">PARAMS</del></span></span><span
-style='font-size:12.0pt !msorm'><span style='font-family:Courier;color:black'><span
-class=msoIns><ins cite="mailto:TCA" datetime="2016-01-20T14:55">PARAMS2</ins></span></span></span><span
-style='font-size:12.0pt !msorm;font-family:"Courier New" !msorm;color:windowtext !msorm'><span
-style='font-family:Courier;color:black'>;</span></span></pre></div>
-
-<p class=MsoNormal style='margin-top:0in !msorm;margin-right:0in !msorm;
-margin-bottom:0in !msorm;margin-left:1.1in !msorm;text-indent:-.8in !msorm;
-mso-style-name:C_Code !msorm'><span style='font-size:12.0pt !msorm;font-family:
-"Courier New" !msorm'>&nbsp;</span></p>
-
-<p class=MsoNormal>The fields of the structure have the following meanings:</p>
-
-<p class=definition0>                                 saltSource       source
-of the salt value</p>
-
-<p class=definition0>                        pSaltSourceData       data used as
-the input for the salt source</p>
-
-<p class=definition0>                  ulSaltSourceDataLen      length of the
-salt source input</p>
-
-<p class=definition0>                                   iterations       number
-of iterations to perform when generating each block of random data</p>
-
-<p class=definition0>                                            prf       pseudo-random
-function used to generate the key</p>
-
-<p class=definition0>                                   pPrfData       data
-used as the input for PRF in addition to the salt value</p>
-
-<p class=definition0>                             ulPrfDataLen       length of
-the input data for the PRF</p>
-
-<p class=definition0>                                pPassword       points to
-the password to be used in the PBE key generation</p>
-
-<p class=definition0>                          ulPasswordLen       length in
-bytes of the password information</p>
-
-<p class=MsoNormal><span style='font-weight:normal !msorm'><b>CK_PKCS5_PBKD2_</b></span><span
-class=msoDel><del cite="mailto:TCA" datetime="2016-01-20T14:55">PARAMS</del></span><b><span
-class=msoIns><ins cite="mailto:TCA" datetime="2016-01-20T14:55">PARAMS2</ins></span><span
-style='font-weight:normal !msorm'>_PTR</span></b> is a pointer to a <span
-style='font-weight:normal !msorm'><b>CK_PKCS5_PBKD2_</b></span><span
-class=msoDel><del cite="mailto:TCA" datetime="2016-01-20T14:55">PARAMS</del></span><b><span
-class=msoIns><ins cite="mailto:TCA" datetime="2016-01-20T14:55">PARAMS2</ins></span></b>.</p>
-
-<h3><a name="_Toc441850591"></a><a name="_Toc441162513"></a><a
-name="_Toc416960154"></a><a name="_Toc437440672"></a><a name="_Toc395187908"></a><a
-name="_Toc391471270"></a><a name="_Toc370634557"></a><a name="_Toc72656434"></a><a
-name="_Toc228807314"></a><a name="_Toc228894778">2.26.4 PKCS #5 PBKD2 key
-generation</a></h3>
-
-<p class=MsoNormal>PKCS #5 PBKDF2 key generation, denoted <b>CKM_PKCS5_PBKD2</b>,
-is a mechanism used for generating a secret key from a password and a salt
-value. This functionality is defined in PKCS#5 as PBKDF2.</p>
-
-<p class=MsoNormal>It has a parameter, a <span style='font-family:"Arial",sans-serif !msorm;
-color:windowtext !msorm;font-weight:bold !msorm'><span style='font-family:"Tahoma",sans-serif;
-color:black'>CK_PKCS5_PBKD2_</span></span><b><span class=msoDel><del
-cite="mailto:TCA" datetime="2016-01-20T14:55">PARAMS</del></span></b><span
-style='font-family:"Tahoma",sans-serif;color:black'><span class=msoIns><ins
-cite="mailto:TCA" datetime="2016-01-20T14:55">PARAMS2</ins></span></span><span
-style='font-family:"Arial",sans-serif !msorm;color:windowtext !msorm'><span
-style='font-family:"Tahoma",sans-serif;color:black'> </span></span>structure. 
-The parameter specifies the salt value source, pseudo-random function, and
-iteration count used to generate the new key.</p>
-
-<p class=MsoNormal>Since this mechanism can be used to generate any type of
-secret key, new key templates must contain the <b>CKA_KEY_TYPE</b> and <b>CKA_VALUE_LEN</b>
-attributes. If the key type has a fixed length the <b>CKA_VALUE_LEN</b>
-attribute may be omitted.</p>
-
-<h2><a name="_Toc441850592"></a><a name="_Toc441162514"></a><a
-name="_Toc416960155"></a><a name="_Toc437440673"></a><a name="_Toc395187909"></a><a
-name="_Toc391471271"></a><a name="_Toc370634558"></a><a name="_Ref397844004"></a><a
-name="_Toc405794918"></a><a name="_Ref406245166"></a><a name="_Toc72656435"></a><a
-name="_Toc228807315"></a><a name="_Toc228894779">2.27 PKCS #12 password-based
-encryption/authentication mechanisms</a></h2>
-
-<p class=MsoNormal>The mechanisms in this section are for generating keys and
-IVs for performing password-based encryption or authentication.  The method used
-to generate keys and IVs is based on a method that was specified in PKCS #12.</p>
-
-<p class=MsoNormal>We specify here a general method for producing various types
-of pseudo-random bits from a password, <i>p</i>; a string of salt bits, <i>s</i>;
-and an iteration count, <i>c</i>.  The “type” of pseudo-random bits to be
-produced is identified by an identification byte, <i>ID</i>, the meaning of
-which will be discussed later.</p>
-
-<p class=MsoNormal><a name="_Toc365690245"></a><a name="_Toc379096467">Let H be
-a hash function built around a compression function <i>f: <b>Z</b><sub>2</sub><sup>u
-</sup></i></a><i><span style='font-family:Symbol'>´</span> <b>Z</b><sub>2</sub><sup>v</sup>
-</i><i><span style='font-family:Symbol'>®</span> <b>Z</b><sub>2</sub><sup>u</sup></i>
-(that is, H has a chaining variable and output of length <i>u</i> bits, and the
-message input to the compression function of H is <i>v</i> bits).  For MD2 and
-MD5, <i>u</i>=128 and <i>v</i>=512; for SHA-1, <i>u</i>=160 and <i>v</i>=512.</p>
-
-<p class=MsoNormal>We assume here that <i>u</i> and <i>v</i> are both multiples
-of 8, as are the lengths in bits of the password and salt strings and the
-number <i>n</i> of pseudo-random bits required.  In addition, <i>u</i> and <i>v</i>
-are of course nonzero.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'>1.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>Construct
-a string, <i>D</i> (the “diversifier”), by concatenating <i>v</i>/8 copies of <i>ID</i>.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'>2.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>Concatenate
-copies of the salt together to create a string <i>S</i> of length <i>v</i><span
-style='font-family:Symbol'>×</span><span style='font-family:Symbol'>é</span><i>s/v</i><span
-style='font-family:Symbol'>ù</span> bits (the final copy of the salt may be
-truncated to create <i>S</i>).  Note that if the salt is the empty string, then
-so is <i>S</i>.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'>3.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>Concatenate
-copies of the password together to create a string <i>P</i> of length <i>v</i><span
-style='font-family:Symbol'>×</span><span style='font-family:Symbol'>é</span><i>p/v</i><span
-style='font-family:Symbol'>ù</span> bits (the final copy of the password may be
-truncated to create <i>P</i>).  Note that if the password is the empty string,
-then so is <i>P</i>.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'>4.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>Set <i>I</i>=<i>S</i>||<i>P</i>
-to be the concatenation of <i>S</i> and <i>P</i>.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'>5.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>Set <i>j</i>=<span
-style='font-family:Symbol'>é</span><i>n</i>/<i>u</i><span style='font-family:
-Symbol'>ù</span>.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'>6.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>For <i>i</i>=1,
-2, …, <i>j</i>, do the following:</p>
-
-<p class=MsoNormal style='margin-left:.75in;text-indent:-.25in'>a.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>Set <i>A<sub>i</sub></i>=H<i><sup>c</sup></i>(<i>D</i>||<i>I</i>),
-the <i>c</i><sup>th</sup> hash of <i>D</i>||<i>I</i>.  That is, compute the
-hash of <i>D</i>||<i>I</i>; compute the hash of that hash; etc.; continue in
-this fashion until a total of <i>c</i> hashes have been computed, each on the
-result of the previous hash.</p>
-
-<p class=MsoNormal style='margin-left:.75in;text-indent:-.25in'>b.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>Concatenate
-copies of <i>A<sub>i</sub></i> to create a string <i>B</i> of length <i>v</i>
-bits (the final copy of <i>A<sub>i</sub></i> may be truncated to create <i>B</i>).</p>
-
-<p class=MsoNormal style='margin-left:.75in;text-indent:-.25in'>c.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>Treating <i>I</i>
-as a concatenation <i>I</i><sub>0</sub>, <i>I</i><sub>1</sub>, …, <i>I<sub>k</sub></i><sub>-1</sub>
-of <i>v</i>-bit blocks, where <i>k</i>=<span style='font-family:Symbol'>é</span><i>s/v</i><span
-style='font-family:Symbol'>ù</span>+<span style='font-family:Symbol'>é</span><i>p/v</i><span
-style='font-family:Symbol'>ù</span>, modify <i>I</i> by setting <i>I<sub>j</sub></i>=(<i>I<sub>j</sub></i>+<i>B</i>+1)
-mod 2<i><sup>v</sup></i> for each <i>j</i>.  To perform this addition, treat
-each <i>v</i>-bit block as a binary number represented most-significant bit
-first.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'>7.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>Concatenate
-<i>A</i><sub>1</sub>, <i>A</i><sub>2</sub>, …, <i>A<sub>j</sub></i> together to
-form a pseudo-random bit string, <i>A</i>.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'>8.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>Use the
-first <i>n</i> bits of <i>A</i> as the output of this entire process.</p>
-
-<p class=MsoNormal>When the password-based encryption mechanisms presented in
-this section are used to generate a key and IV (if needed) from a password, salt,
-and an iteration count, the above algorithm is used.  To generate a key, the
-identifier byte <i>ID</i> is set to the value 1; to generate an IV, the
-identifier byte <i>ID</i> is set to the value 2.</p>
-
-<p class=MsoNormal>When the password based authentication mechanism presented
-in this section is used to generate a key from a password, salt, and an
-iteration count, the above algorithm is used.  The identifier byte <i>ID</i> is
-set to the value 3.</p>
-
-<h3><a name="_Toc441850593"></a><a name="_Toc441162515"></a><a
-name="_Toc416960156"></a><a name="_Toc437440674"></a><a name="_Toc395187910"></a><a
-name="_Toc391471272"></a><a name="_Toc370634559"></a><a name="_Toc405794921"></a><a
-name="_Toc72656438"></a><a name="_Toc228807316"></a><a name="_Toc228894780">2.27.1
-SHA-1-PBE for 3-key triple-DES-CBC</a></h3>
-
-<p class=MsoNormal>SHA-1-PBE for 3-key triple-DES-CBC, denoted <b>CKM_PBE_SHA1_DES3_EDE_CBC</b>,
-is a mechanism used for generating a 3-key triple-DES secret key and IV from a
-password and a salt value by using the SHA-1 digest algorithm and an iteration
-count.  The method used to generate the key and IV is described above.  Each
-byte of the key produced will have its low-order bit adjusted, if necessary, so
-that a valid 3-key triple-DES key with proper parity bits is obtained.</p>
-
-<p class=MsoNormal>It has a parameter, a <b>CK_PBE_PARAMS</b> structure.  The
-parameter specifies the input information for the key generation process and
-the location of the application-supplied buffer which will receive the 8-byte
-IV generated by the mechanism.</p>
-
-<p class=MsoNormal><a name="_Toc405794922">The key and IV produced by this
-mechanism will typically be used for performing password-based encryption.</a></p>
-
-<h3><a name="_Toc441850594"></a><a name="_Toc441162516"></a><a
-name="_Toc416960157"></a><a name="_Toc437440675"></a><a name="_Toc395187911"></a><a
-name="_Toc391471273"></a><a name="_Toc370634560"></a><a name="_Toc72656439"></a><a
-name="_Toc228807317"></a><a name="_Toc228894781">2.27.2 SHA-1-PBE for 2-key
-triple-DES-CBC</a></h3>
-
-<p class=MsoNormal>SHA-1-PBE for 2-key triple-DES-CBC, denoted <b>CKM_PBE_SHA1_DES2_EDE_CBC</b>,
-is a mechanism used for generating a 2-key triple-DES secret key and IV from a
-password and a salt value by using the SHA-1 digest algorithm and an iteration
-count.  The method used to generate the key and IV is described above.  Each
-byte of the key produced will have its low-order bit adjusted, if necessary, so
-that a valid 2-key triple-DES key with proper parity bits is obtained.</p>
-
-<p class=MsoNormal>It has a parameter, a <b>CK_PBE_PARAMS</b> structure.  The
-parameter specifies the input information for the key generation process and
-the location of the application-supplied buffer which will receive the 8-byte
-IV generated by the mechanism.</p>
-
-<p class=MsoNormal><a name="_Toc405794923">The key and IV produced by this
-mechanism will typically be used for performing password-based encryption.</a></p>
-
-<h3><a name="_Toc441850595"></a><a name="_Toc441162517"></a><a
-name="_Toc416960158"></a><a name="_Toc437440676"></a><a name="_Toc395187912"></a><a
-name="_Toc391471274"></a><a name="_Toc370634561"></a><a name="_Toc72656442"></a><a
-name="_Toc228807318"></a><a name="_Toc228894782">2.27.3 SHA-1-PBA for
-SHA-1-HMAC</a></h3>
-
-<p class=MsoNormal>SHA-1-PBA for SHA-1-HMAC, denoted <b>CKM_PBA_SHA1_WITH_SHA1_HMAC</b>,
-is a mechanism used for generating a 160-bit generic secret key from a password
-and a salt value by using the SHA-1 digest algorithm and an iteration count. 
-The method used to generate the key is described above.</p>
-
-<p class=MsoNormal>It has a parameter, a <b>CK_PBE_PARAMS</b> structure.  The
-parameter specifies the input information for the key generation process. The
-parameter also has a field to hold the location of an application-supplied
-buffer which will receive an IV; for this mechanism, the contents of this field
-are ignored, since authentication with SHA-1-HMAC does not require an IV.</p>
-
-<p class=MsoNormal>The key generated by this mechanism will typically be used
-for computing a SHA-1 HMAC to perform password-based authentication (not <i>password-based
-encryption</i>).  At the time of this writing, this is primarily done to ensure
-the integrity of a PKCS #12 PDU.</p>
-
-<h2><a name="_Ref384794871"></a><a name="_Ref384794886"></a><a
-name="_Ref384794928"></a><a name="_Toc405794931"></a><a name="_Toc441850596"></a><a
-name="_Toc441162518"></a><a name="_Toc416960159"></a><a name="_Toc437440677"></a><a
-name="_Toc395187913"></a><a name="_Toc391471275"></a><a name="_Toc370634562"></a><a
-name="_Toc405794936"></a><a name="_Toc72656459"></a><a name="_Toc228807319"></a><a
-name="_Toc228894783"><span lang=DE-CH>2.28 </span>SSL</a></h2>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>99</span></i><i><span style='font-size:9.0pt'>,SSL
-Mechanisms vs. Functions</span></i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='border-collapse:collapse;border:none'>
- <tr>
-  <td width=265 rowspan=2 valign=top style='width:198.65pt;border:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left'><a
-  name="_Toc72656460"><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></a></p>
-  <p class=TableSmallFont align=left style='text-align:left'><b><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Mechanism</span></b></p>
-  </td>
-  <td width=371 colspan=7 valign=top style='width:278.35pt;border:solid windowtext 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Functions</span></b></p>
-  </td>
- </tr>
- <tr>
-  <td width=64 valign=top style='width:48.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Encrypt</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Decrypt</span></b></p>
-  </td>
-  <td width=51 valign=top style='width:38.6pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Sign</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Verify</span></b></p>
-  </td>
-  <td width=38 valign=top style='width:28.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>SR</span></b></p>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>VR</span></b><sup><span lang=SV style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>1</span></sup></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>&nbsp;</span></b></p>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>Digest</span></b></p>
-  </td>
-  <td width=44 valign=top style='width:33.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Gen.</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> Key/</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Pair</span></b></p>
-  </td>
-  <td width=63 valign=top style='width:47.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Wrap</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Unwrap</span></b></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Derive</span></b></p>
-  </td>
- </tr>
- <tr>
-  <td width=265 valign=top style='width:198.65pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SSL3_PRE_MASTER_KEY_GEN</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=51 valign=top style='width:38.6pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=38 valign=top style='width:28.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=44 valign=top style='width:33.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=265 valign=top style='width:198.65pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SSL3_MASTER_KEY_DERIVE</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=51 valign=top style='width:38.6pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=38 valign=top style='width:28.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=44 valign=top style='width:33.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=265 valign=top style='width:198.65pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SSL3_MASTER_KEY_DERIVE_DH</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=51 valign=top style='width:38.6pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=38 valign=top style='width:28.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=44 valign=top style='width:33.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=265 valign=top style='width:198.65pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SSL3_KEY_AND_MAC_DERIVE</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=51 valign=top style='width:38.6pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=38 valign=top style='width:28.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=44 valign=top style='width:33.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=265 valign=top style='width:198.65pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SSL3_MD5_MAC</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=51 valign=top style='width:38.6pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=38 valign=top style='width:28.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=44 valign=top style='width:33.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=265 valign=top style='width:198.65pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SSL3_SHA1_MAC</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=51 valign=top style='width:38.6pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=38 valign=top style='width:28.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=44 valign=top style='width:33.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850597"></a><a name="_Toc441162519"></a><a
-name="_Toc416960160"></a><a name="_Toc437440678"></a><a name="_Toc395187914"></a><a
-name="_Toc391471276"></a><a name="_Toc370634563"></a><a name="_Toc228807320"></a><a
-name="_Toc228894784">2.28.1 Definitions</a></h3>
-
-<p class=MsoNormal>Mechanisms:</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SSL3_PRE_MASTER_KEY_GEN    </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SSL3_MASTER_KEY_DERIVE     </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SSL3_KEY_AND_MAC_DERIVE    </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SSL3_MASTER_KEY_DERIVE_DH  </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SSL3_MD5_MAC               </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SSL3_SHA1_MAC              </p>
-
-<h3><a name="_Toc441850598"></a><a name="_Toc441162520"></a><a
-name="_Toc416960161"></a><a name="_Toc437440679"></a><a name="_Toc395187915"></a><a
-name="_Toc391471277"></a><a name="_Toc370634564"></a><a name="_Toc72656461"></a><a
-name="_Toc228807321"></a><a name="_Toc228894785">2.28.2 SSL mechanism
-parameters</a></h3>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc405794932"></a><a name="_Toc72656462"></a><a name="_Toc228807322"></a><a
-name="_Toc323624052"><span lang=X-NONE style='font-family:Symbol;font-weight:
-normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span lang=X-NONE style='font-family:"Arial",sans-serif'>CK_</span></a><span
-lang=X-NONE style='font-family:"Arial",sans-serif'>SSL3_RANDOM_DATA</span></p>
-
-<p class=MsoNormal><b>CK_SSL3_RANDOM_DATA</b> is a structure which provides
-information about the random data of a client and a server in an SSL context.
-This structure is used by both the <b>CKM_SSL3_MASTER_KEY_DERIVE</b> and the <b>CKM_SSL3_KEY_AND_MAC_DERIVE</b>
-mechanisms.  It is defined as follows:</p>
-
-<p class=CCode>typedef struct CK_SSL3_RANDOM_DATA {</p>
-
-<p class=CCode>  CK_BYTE_PTR pClientRandom;</p>
-
-<p class=CCode>  CK_ULONG ulClientRandomLen;</p>
-
-<p class=CCode>  CK_BYTE_PTR pServerRandom;</p>
-
-<p class=CCode>  CK_ULONG ulServerRandomLen;</p>
-
-<p class=CCode>} CK_SSL3_RANDOM_DATA;</p>
-
-<p class=CCode><span style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=MsoNormal>The fields of the structure have the following meanings:</p>
-
-<p class=definition0>                          pClientRandom       pointer to
-the client’s random data</p>
-
-<p class=definition0>                    ulClientRandomLen       length in
-bytes of the client’s random data</p>
-
-<p class=definition0>                         pServerRandom       pointer to
-the server’s random data</p>
-
-<p class=definition0>                   ulServerRandomLen       length in bytes
-of the server’s random data</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc405794933"></a><a name="_Toc72656463"></a><a name="_Toc228807323"><span
-lang=X-NONE style='font-family:Symbol;font-weight:normal'>¨<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><span
-lang=X-NONE style='font-family:"Arial",sans-serif'>CK_SSL3_MASTER_KEY_DERIVE_PARAMS;
-CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR</span></a></p>
-
-<p class=MsoNormal><b>CK_SSL3_MASTER_KEY_DERIVE_PARAMS</b> is a structure that
-provides the parameters to the  <b>CKM_SSL3_MASTER_KEY_DERIVE</b> mechanism. 
-It is defined as follows:</p>
-
-<p class=CCode>typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS {</p>
-
-<p class=CCode>  <span lang=IT>CK_SSL3_RANDOM_DATA RandomInfo;</span></p>
-
-<p class=CCode><span lang=IT>  </span>CK_VERSION_PTR pVersion;</p>
-
-<p class=CCode>} CK_SSL3_MASTER_KEY_DERIVE_PARAMS;</p>
-
-<p class=CCode><span style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=MsoNormal>The fields of the structure have the following meanings:</p>
-
-<p class=definition0>                               RandomInfo       client’s
-and server’s random data information.</p>
-
-<p class=definition0>                                   pVersion       pointer
-to a <b>CK_VERSION </b>structure which receives the SSL protocol version
-information</p>
-
-<p class=MsoNormal><b>CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR</b> is a pointer to
-a <b>CK_SSL3_MASTER_KEY_DERIVE_PARAMS</b>.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc405794934"></a><a name="_Toc72656464"></a><a name="_Toc228807324"><span
-lang=X-NONE style='font-family:Symbol;font-weight:normal'>¨<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><span
-lang=X-NONE style='font-family:"Arial",sans-serif'>CK_SSL3_KEY_MAT_OUT;
-CK_SSL3_KEY_MAT_OUT_PTR</span></a></p>
-
-<p class=MsoNormal style='page-break-after:avoid'><b>CK_SSL3_KEY_MAT_OUT</b> is
-a structure that contains the resulting key handles and initialization vectors
-after performing a C_DeriveKey function with the <b>CKM_SSL3_KEY_AND_MAC_DERIVE</b>
-mechanism.  It is defined as follows:</p>
-
-<p class=CCode style='page-break-after:avoid'><span style='font-family:"Arial",sans-serif'>typedef
-struct CK_SSL3_KEY_MAT_OUT {</span></p>
-
-<p class=CCode style='page-break-after:avoid'><span style='font-family:"Arial",sans-serif'> 
-CK_OBJECT_HANDLE hClientMacSecret;</span></p>
-
-<p class=CCode style='page-break-after:avoid'><span style='font-family:"Arial",sans-serif'> 
-CK_OBJECT_HANDLE hServerMacSecret;</span></p>
-
-<p class=CCode style='page-break-after:avoid'><span style='font-family:"Arial",sans-serif'> 
-CK_OBJECT_HANDLE hClientKey;</span></p>
-
-<p class=CCode style='page-break-after:avoid'><span style='font-family:"Arial",sans-serif'> 
-CK_OBJECT_HANDLE hServerKey;</span></p>
-
-<p class=CCode style='page-break-after:avoid'><span style='font-family:"Arial",sans-serif'> 
-CK_BYTE_PTR pIVClient;</span></p>
-
-<p class=CCode style='page-break-after:avoid'><span style='font-family:"Arial",sans-serif'> 
-CK_BYTE_PTR pIVServer;</span></p>
-
-<p class=CCode style='page-break-after:avoid'><span style='font-family:"Arial",sans-serif'>}
-CK_SSL3_KEY_MAT_OUT;</span></p>
-
-<p class=CCode><span style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=MsoNormal>The fields of the structure have the following meanings:</p>
-
-<p class=definition0>                      hClientMacSecret       key handle
-for the resulting Client MAC Secret key</p>
-
-<p class=definition0>                     hServerMacSecret       key handle for
-the resulting Server MAC Secret key</p>
-
-<p class=definition0>                                hClientKey       key
-handle for the resulting Client Secret key</p>
-
-<p class=definition0>                               hServerKey       key handle
-for the resulting Server Secret key</p>
-
-<p class=definition0>                                   pIVClient       pointer
-to a location which receives the initialization vector (IV) created for the
-client (if any)</p>
-
-<p class=definition0>                                  pIVServer       pointer
-to a location which receives the initialization vector (IV) created for the
-server (if any)</p>
-
-<p class=MsoNormal>CK_SSL3_KEY_MAT_OUT_PTR is a pointer to a CK_SSL3_KEY_MAT_OUT.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc405794935"></a><a name="_Toc72656465"></a><a name="_Toc228807325"><span
-lang=X-NONE style='font-family:Symbol;font-weight:normal'>¨<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><span
-lang=X-NONE style='font-family:"Arial",sans-serif'>CK_SSL3_KEY_MAT_PARAMS;
-CK_SSL3_KEY_MAT_PARAMS_PTR</span></a></p>
-
-<p class=MsoNormal><b>CK_SSL3_KEY_MAT_PARAMS</b> is a structure that provides
-the parameters to the  <b>CKM_SSL3_KEY_AND_MAC_DERIVE</b> mechanism.  It is
-defined as follows:</p>
-
-<p class=CCode>typedef struct CK_SSL3_KEY_MAT_PARAMS {</p>
-
-<p class=CCode>  CK_ULONG ulMacSizeInBits;</p>
-
-<p class=CCode>  CK_ULONG ulKeySizeInBits;</p>
-
-<p class=CCode>  CK_ULONG ulIVSizeInBits;</p>
-
-<p class=CCode>  CK_BBOOL bIsExport;</p>
-
-<p class=CCode>  <span lang=IT>CK_SSL3_RANDOM_DATA RandomInfo;</span></p>
-
-<p class=CCode><span lang=IT>  </span>CK_SSL3_KEY_MAT_OUT_PTR
-pReturnedKeyMaterial;</p>
-
-<p class=CCode>} CK_SSL3_KEY_MAT_PARAMS;</p>
-
-<p class=CCode><span style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=MsoNormal style='page-break-after:avoid'>The fields of the structure
-have the following meanings:</p>
-
-<p class=definition0>                         ulMacSizeInBits       the length
-(in bits) of the MACing keys agreed upon during the protocol handshake phase</p>
-
-<p class=definition0>                         ulKeySizeInBits       the length
-(in bits) of the secret keys agreed upon during the protocol handshake phase </p>
-
-<p class=definition0>                            ulIVSizeInBits       the
-length (in bits) of the IV agreed upon during the protocol handshake phase. If
-no IV is required, the length should be set to 0 </p>
-
-<p class=definition0>                                  bIsExport       a
-Boolean value which indicates whether the keys have to be derived for an export
-version of the protocol</p>
-
-<p class=definition0>                               RandomInfo       client’s
-and server’s random data information.</p>
-
-<p class=definition0>                pReturnedKeyMaterial       points to a
-CK_SSL3_KEY_MAT_OUT structures which receives the handles for the keys
-generated and the IVs </p>
-
-<p class=MsoNormal>CK_SSL3_KEY_MAT_PARAMS_PTR is a pointer to a
-CK_SSL3_KEY_MAT_PARAMS.</p>
-
-<h3><a name="_Toc441850599"></a><a name="_Toc441162521"></a><a
-name="_Toc416960162"></a><a name="_Toc437440680"></a><a name="_Toc395187916"></a><a
-name="_Toc391471278"></a><a name="_Toc370634565"></a><a name="_Toc405794937"></a><a
-name="_Toc72656466"></a><a name="_Toc228807326"></a><a name="_Toc228894786">2.28.3
-Pre-master key generation</a></h3>
-
-<p class=MsoNormal>Pre-master key generation in SSL 3.0, denoted <b>CKM_SSL3_PRE_MASTER_KEY_GEN</b>,
-is a mechanism which generates a 48-byte generic secret key.  It is used to
-produce the &quot;pre_master&quot; key used in SSL version 3.0 for RSA-like
-cipher suites. </p>
-
-<p class=MsoNormal>It has one parameter, a <b>CK_VERSION</b> structure, which
-provides the client’s SSL version number.</p>
-
-<p class=MsoNormal>The mechanism contributes the <b>CKA_CLASS</b>, <b>CKA_KEY_TYPE</b>,
-and <b>CKA_VALUE</b> attributes to the new key (as well as the <b>CKA_VALUE_LEN</b>
-attribute, if it is not supplied in the template). Other attributes may be
-specified in the template, or else are assigned default values.</p>
-
-<p class=MsoNormal>The template sent along with this mechanism during a <b>C_GenerateKey</b>
-call may indicate that the object class is <b>CKO_SECRET_KEY</b>, the key type
-is <b>CKK_GENERIC_SECRET</b>, and the <b>CKA_VALUE_LEN</b> attribute has value
-48.  However, since these facts are all implicit in the mechanism, there is no
-need to specify any of them.</p>
-
-<p class=MsoNormal>For this mechanism, the ulMinKeySize and ulMaxKeySize fields
-of the <b>CK_MECHANISM_INFO</b> structure both indicate 48 bytes.</p>
-
-<h3><a name="_Toc441850600"></a><a name="_Toc441162522"></a><a
-name="_Toc416960163"></a><a name="_Toc437440681"></a><a name="_Toc395187917"></a><a
-name="_Toc391471279"></a><a name="_Toc370634566"></a><a name="_Toc405794938"></a><a
-name="_Toc72656467"></a><a name="_Toc228807327"></a><a name="_Toc228894787">2.28.4
-Master key derivation</a></h3>
-
-<p class=MsoNormal>Master key derivation in SSL 3.0, denoted <b>CKM_SSL3_MASTER_KEY_DERIVE</b>,
-is a mechanism used to derive one 48-byte generic secret key from another
-48-byte generic secret key.  It is used to produce the
-&quot;master_secret&quot; key used in the SSL protocol from the
-&quot;pre_master&quot; key.  This mechanism returns the value of the client
-version, which is built into the &quot;pre_master&quot; key as well as a handle
-to the derived &quot;master_secret&quot; key.</p>
-
-<p class=MsoNormal>It has a parameter, a <b>CK_SSL3_MASTER_KEY_DERIVE_PARAMS</b>
-structure, which allows for the passing of random data to the token as well as
-the returning of the protocol version number which is part of the pre-master
-key.  This structure is defined in Section 2.28.</p>
-
-<p class=MsoNormal>The mechanism contributes the <b>CKA_CLASS</b>, <b>CKA_KEY_TYPE</b>,
-and <b>CKA_VALUE</b> attributes to the new key (as well as the <b>CKA_VALUE_LEN</b>
-attribute, if it is not supplied in the template).  Other attributes may be
-specified in the template; otherwise they are assigned default values.</p>
-
-<p class=MsoNormal>The template sent along with this mechanism during a <b>C_DeriveKey</b>
-call may indicate that the object class is <b>CKO_SECRET_KEY</b>, the key type
-is <b>CKK_GENERIC_SECRET</b>, and the <b>CKA_VALUE_LEN</b> attribute has value
-48.  However, since these facts are all implicit in the mechanism, there is no
-need to specify any of them.</p>
-
-<p class=MsoNormal>This mechanism has the following rules about key sensitivity
-and extractability:</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>The <b>CKA_SENSITIVE</b> and <b>CKA_EXTRACTABLE</b> attributes in
-the template for the new key can both be specified to be either CK_TRUE or
-CK_FALSE.  If omitted, these attributes each take on some default value.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If the base key has its <b>CKA_ALWAYS_SENSITIVE</b> attribute set
-to CK_FALSE, then the derived key will as well.  If the base key has its <b>CKA_ALWAYS_SENSITIVE</b>
-attribute set to CK_TRUE, then the derived key has its <b>CKA_ALWAYS_SENSITIVE</b>
-attribute set to the same value as its <b>CKA_SENSITIVE</b> attribute.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>Similarly, if the base key has its <b>CKA_NEVER_EXTRACTABLE</b>
-attribute set to CK_FALSE, then the derived key will, too.  If the base key has
-its <b>CKA_NEVER_EXTRACTABLE</b> attribute set to CK_TRUE, then the derived key
-has its <b>CKA_NEVER_EXTRACTABLE</b> attribute set to the <i>opposite</i> value
-from its <b>CKA_EXTRACTABLE</b> attribute.</p>
-
-<p class=MsoNormal>For this mechanism, the ulMinKeySize and ulMaxKeySize fields
-of the <b>CK_MECHANISM_INFO </b>structure both indicate 48 bytes.</p>
-
-<p class=MsoNormal>Note that the <b>CK_VERSION</b> structure pointed to by the <b>CK_SSL3_MASTER_KEY_DERIVE_PARAMS</b>
-structure’s <i>pVersion</i> field will be modified by the <b>C_DeriveKey</b>
-call.  In particular, when the call returns, this structure will hold the SSL
-version associated with the supplied pre_master key.</p>
-
-<p class=MsoNormal>Note that this mechanism is only useable for cipher suites
-that use a 48-byte “pre_master” secret with an embedded version number. This
-includes the RSA cipher suites, but excludes the Diffie-Hellman cipher suites.</p>
-
-<h3><a name="_Toc405794939"></a><a name="_Toc441850601"></a><a
-name="_Toc441162523"></a><a name="_Toc416960164"></a><a name="_Toc437440682"></a><a
-name="_Toc395187918"></a><a name="_Toc391471280"></a><a name="_Toc370634567"></a><a
-name="_Toc72656468"></a><a name="_Toc228807328"></a><a name="_Toc228894788">2.28.5
-Master key derivation for Diffie-Hellman</a></h3>
-
-<p class=MsoNormal>Master key derivation for Diffie-Hellman in SSL 3.0, denoted
-<b>CKM_SSL3_MASTER_KEY_DERIVE_DH</b>, is a mechanism used to derive one 48-byte
-generic secret key from another arbitrary length generic secret key.  It is
-used to produce the &quot;master_secret&quot; key used in the SSL protocol from
-the &quot;pre_master&quot; key. </p>
-
-<p class=MsoNormal>It has a parameter, a <b>CK_SSL3_MASTER_KEY_DERIVE_PARAMS</b>
-structure, which allows for the passing of random data to the token.  This
-structure is defined in Section 2.28. The <i>pVersion</i> field of the
-structure must be set to NULL_PTR since the version number is not embedded in
-the &quot;pre_master&quot; key as it is for RSA-like cipher suites.</p>
-
-<p class=MsoNormal>The mechanism contributes the <b>CKA_CLASS</b>, <b>CKA_KEY_TYPE</b>,
-and <b>CKA_VALUE</b> attributes to the new key (as well as the <b>CKA_VALUE_LEN</b>
-attribute, if it is not supplied in the template).  Other attributes may be
-specified in the template, or else are assigned default values.</p>
-
-<p class=MsoNormal>The template sent along with this mechanism during a <b>C_DeriveKey</b>
-call may indicate that the object class is <b>CKO_SECRET_KEY</b>, the key type
-is <b>CKK_GENERIC_SECRET</b>, and the <b>CKA_VALUE_LEN</b> attribute has value
-48.  However, since these facts are all implicit in the mechanism, there is no
-need to specify any of them.</p>
-
-<p class=MsoNormal>This mechanism has the following rules about key sensitivity
-and extractability:</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>The <b>CKA_SENSITIVE</b> and <b>CKA_EXTRACTABLE</b> attributes in
-the template for the new key can both be specified to be either CK_TRUE or
-CK_FALSE.  If omitted, these attributes each take on some default value.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If the base key has its <b>CKA_ALWAYS_SENSITIVE</b> attribute set
-to CK_FALSE, then the derived key will as well.  If the base key has its <b>CKA_ALWAYS_SENSITIVE</b>
-attribute set to CK_TRUE, then the derived key has its <b>CKA_ALWAYS_SENSITIVE</b>
-attribute set to the same value as its <b>CKA_SENSITIVE</b> attribute.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>Similarly, if the base key has its <b>CKA_NEVER_EXTRACTABLE</b>
-attribute set to CK_FALSE, then the derived key will, too.  If the base key has
-its <b>CKA_NEVER_EXTRACTABLE</b> attribute set to CK_TRUE, then the derived key
-has its <b>CKA_NEVER_EXTRACTABLE</b> attribute set to the <i>opposite</i> value
-from its <b>CKA_EXTRACTABLE</b> attribute.</p>
-
-<p class=MsoNormal>For this mechanism, the ulMinKeySize and ulMaxKeySize fields
-of the <b>CK_MECHANISM_INFO </b>structure both indicate 48 bytes.</p>
-
-<p class=MsoNormal>Note that this mechanism is only useable for cipher suites
-that do not use a fixed length 48-byte “pre_master” secret with an embedded
-version number. This includes the Diffie-Hellman cipher suites, but excludes
-the RSA cipher suites.</p>
-
-<h3><a name="_Toc441850602"></a><a name="_Toc441162524"></a><a
-name="_Toc416960165"></a><a name="_Toc437440683"></a><a name="_Toc395187919"></a><a
-name="_Toc391471281"></a><a name="_Toc370634568"></a><a name="_Toc72656469"></a><a
-name="_Toc228807329"></a><a name="_Toc228894789">2.28.6 Key and MAC derivation</a></h3>
-
-<p class=MsoNormal>Key, MAC and IV derivation in SSL 3.0, denoted <b>CKM_SSL3_KEY_AND_MAC_DERIVE</b>,
-is a mechanism used to derive the appropriate cryptographic keying material
-used by a &quot;CipherSuite&quot; from the &quot;master_secret&quot; key and
-random data. This mechanism returns the key handles for the keys generated in
-the process, as well as the IVs created.</p>
-
-<p class=MsoNormal>It has a parameter, a <b>CK_SSL3_KEY_MAT_PARAMS</b>
-structure, which allows for the passing of random data as well as the
-characteristic of the cryptographic material for the given CipherSuite and a
-pointer to a structure which receives the handles and IVs which were generated.
-This structure is defined in Section 2.28.</p>
-
-<p class=MsoNormal>This mechanism contributes to the creation of four distinct
-keys on the token and returns two IVs (if IVs are requested by the caller) back
-to the caller. The keys are all given an object class of <b>CKO_SECRET_KEY</b>.
-</p>
-
-<p class=MsoNormal>The two MACing keys (&quot;client_write_MAC_secret&quot; and
-&quot;server_write_MAC_secret&quot;) are always given a type of <b>CKK_GENERIC_SECRET</b>.
-They are flagged as valid for signing, verification, and derivation operations.</p>
-
-<p class=MsoNormal>The other two keys (&quot;client_write_key&quot; and
-&quot;server_write_key&quot;) are typed according to information found in the
-template sent along with this mechanism during a <b>C_DeriveKey</b> function
-call.  By default, they are flagged as valid for encryption, decryption, and
-derivation operations.</p>
-
-<p class=MsoNormal>IVs will be generated and returned if the <i>ulIVSizeInBits</i>
-field of the <b>CK_SSL3_KEY_MAT_PARAMS</b> field has a nonzero value.  If they
-are generated, their length in bits will agree with the value in the <i>ulIVSizeInBits</i>
-field.</p>
-
-<p class=MsoNormal>All four keys inherit the values of the<b> CKA_SENSITIVE</b>,
-<b>CKA_ALWAYS_SENSITIVE</b>, <b>CKA_EXTRACTABLE</b>, and <b>CKA_NEVER_EXTRACTABLE</b>
-attributes from the base key.  The template provided to <b>C_DeriveKey</b> may
-not specify values for any of these attributes which differ from those held by
-the base key.</p>
-
-<p class=MsoNormal>Note that the <b>CK_SSL3_KEY_MAT_OUT</b> structure pointed
-to by the <b>CK_SSL3_KEY_MAT_PARAMS</b> structure’s <i>pReturnedKeyMaterial</i>
-field will be modified by the <b>C_DeriveKey</b> call.  In particular, the four
-key handle fields in the <b>CK_SSL3_KEY_MAT_OUT</b> structure will be modified
-to hold handles to the newly-created keys; in addition, the buffers pointed to
-by the <b>CK_SSL3_KEY_MAT_OUT</b> structure’s <i>pIVClient</i> and <i>pIVServer</i>
-fields will have IVs returned in them (if IVs are requested by the caller). 
-Therefore, these two fields must point to buffers with sufficient space to hold
-any IVs that will be returned.</p>
-
-<p class=MsoNormal>This mechanism departs from the other key derivation
-mechanisms in Cryptoki in its returned information. For most key-derivation
-mechanisms, <b>C_DeriveKey</b> returns a single key handle as a result of a
-successful completion. However, since the <b>CKM_SSL3_KEY_AND_MAC_DERIVE</b>
-mechanism returns all of its key handles in the <b>CK_SSL3_KEY_MAT_OUT</b>
-structure pointed to by the <b>CK_SSL3_KEY_MAT_PARAMS</b> structure specified
-as the mechanism parameter, the parameter <i>phKey</i> passed to <b>C_DeriveKey</b>
-is unnecessary, and should be a NULL_PTR.</p>
-
-<p class=MsoNormal>If a call to <b>C_DeriveKey</b> with this mechanism fails,
-then <i>none</i> of the four keys will be created on the token.</p>
-
-<h3><a name="_Toc441850603"></a><a name="_Toc441162525"></a><a
-name="_Toc416960166"></a><a name="_Toc437440684"></a><a name="_Toc395187920"></a><a
-name="_Toc391471282"></a><a name="_Toc370634569"></a><a name="_Toc405794940"></a><a
-name="_Toc72656470"></a><a name="_Toc228807330"></a><a name="_Toc228894790">2.28.7
-MD5 MACing in SSL 3.0</a></h3>
-
-<p class=MsoNormal>MD5 MACing in SSL3.0, denoted <b>CKM_SSL3_MD5_MAC</b>, is a
-mechanism for single- and multiple-part signatures (data authentication) and
-verification using MD5, based on the SSL 3.0 protocol. This technique is very
-similar to the HMAC technique.</p>
-
-<p class=MsoNormal>It has a parameter, a <b>CK_MAC_GENERAL_PARAMS</b>, which
-specifies the length in bytes of the signatures produced by this mechanism.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of input and output
-data are summarized in the following table:</p>
-
-<p class=MsoCaption><a name="_Toc405795059"></a><a name="_Toc228807552">Table </a>100, MD5 MACing in SSL 3.0: Key And Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=102 valign=top style='width:76.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=108 valign=top style='width:81.0pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=90 valign=top style='width:67.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Data length</span></b></p>
-   </td>
-   <td width=192 valign=top style='width:2.0in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Signature length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=102 valign=top style='width:76.5pt;border:solid black 1.0pt;
-  border-left:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Sign</span></p>
-  </td>
-  <td width=108 valign=top style='width:81.0pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>generic secret</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=192 valign=top style='width:2.0in;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>4-8, depending on
-  parameters</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Verify</span></p>
-  </td>
-  <td width=108 valign=top style='width:81.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>generic secret</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=192 valign=top style='width:2.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>4-8, depending on
-  parameters</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-generic secret key sizes, in bits.</p>
-
-<h3><a name="_Toc441850604"></a><a name="_Toc441162526"></a><a
-name="_Toc416960167"></a><a name="_Toc437440685"></a><a name="_Toc395187921"></a><a
-name="_Toc391471283"></a><a name="_Toc370634570"></a><a name="_Toc405794941"></a><a
-name="_Toc72656471"></a><a name="_Toc228807331"></a><a name="_Toc228894791">2.28.8
-SHA-1 MACing in SSL 3.0</a></h3>
-
-<p class=MsoNormal>SHA-1 MACing in SSL3.0, denoted <b>CKM_SSL3_SHA1_MAC</b>, is
-a mechanism for single- and multiple-part signatures (data authentication) and
-verification using SHA-1, based on the SSL 3.0 protocol. This technique is very
-similar to the HMAC technique.</p>
-
-<p class=MsoNormal>It has a parameter, a <b>CK_MAC_GENERAL_PARAMS</b>, which
-specifies the length in bytes of the signatures produced by this mechanism.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of input and output
-data are summarized in the following table:</p>
-
-<p class=MsoCaption><a name="_Toc405795060"></a><a name="_Toc228807553">Table </a>101, SHA-1 MACing in SSL 3.0: Key And Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=102 valign=top style='width:76.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=108 valign=top style='width:81.0pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=78 valign=top style='width:58.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Data length</span></b></p>
-   </td>
-   <td width=204 valign=top style='width:153.0pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Signature length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=102 valign=top style='width:76.5pt;border:solid black 1.0pt;
-  border-left:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Sign</span></p>
-  </td>
-  <td width=108 valign=top style='width:81.0pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>generic secret</span></p>
-  </td>
-  <td width=78 valign=top style='width:58.5pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=204 valign=top style='width:153.0pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>4-8, depending on
-  parameters</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Verify</span></p>
-  </td>
-  <td width=108 valign=top style='width:81.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>generic secret</span></p>
-  </td>
-  <td width=78 valign=top style='width:58.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=204 valign=top style='width:153.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>4-8, depending on
-  parameters</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-generic secret key sizes, in bits.</p>
-
-<h2><a name="_Toc441850605"></a><a name="_Toc441162527"></a><a
-name="_Toc416960168"></a><a name="_Toc437440686"></a><a name="_Toc395187922"></a><a
-name="_Toc391471284"></a><a name="_Toc370634571"></a><a name="_Toc72656472"></a><a
-name="_Toc228807332"></a><a name="_Toc228894792">2.29 TLS</a> 1.2 Mechanisms</h2>
-
-<p class=MsoNormal>Details for TLS 1.2 and its key derivation and MAC
-mechanisms can be found in [TLS 1.2]. TLS 1.2 mechanisms differ from TLS 1.0
-and 1.1 mechanisms in that the base hash used in the underlying TLS PRF
-(pseudo-random function) can be negotiated. Therefore each mechanism parameter
-for the TLS 1.2 mechanisms contains a new value in the parameters structure to
-specify the hash function. </p>
-
-<p class=MsoNormal>This section also specifies CKM_TLS_MAC which should be used
-in place of <b>CKM_TLS_PRF</b> to calculate the verify_data in the TLS
-&quot;finished&quot; message.</p>
-
-<p class=MsoNormal>This section also specifies <b>CKM_TLS_KDF</b> that can be
-used in place of <b>CKM_TLS_PRF</b> to implement key material exporters.</p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>&nbsp;</span></i></p>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>102</span></i><i><span style='font-size:9.0pt'>, TLS 1.2
-Mechanisms vs. Functions</span></i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='border-collapse:collapse;border:none'>
- <tr>
-  <td width=269 rowspan=2 valign=top style='width:202.1pt;border:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left'><a
-  name="_Toc72656473"><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></a></p>
-  <p class=TableSmallFont align=left style='text-align:left'><b><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Mechanism</span></b></p>
-  </td>
-  <td width=369 colspan=7 valign=top style='width:276.7pt;border:solid windowtext 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Functions</span></b></p>
-  </td>
- </tr>
- <tr>
-  <td width=64 valign=top style='width:47.75pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Encrypt</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Decrypt</span></b></p>
-  </td>
-  <td width=51 valign=top style='width:38.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Sign</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Verify</span></b></p>
-  </td>
-  <td width=38 valign=top style='width:28.2pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>SR</span></b></p>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>VR</span></b><sup><span lang=SV style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>1</span></sup></p>
-  </td>
-  <td width=55 valign=top style='width:41.15pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>&nbsp;</span></b></p>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>Digest</span></b></p>
-  </td>
-  <td width=44 valign=top style='width:32.85pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Gen.</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> Key/</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Pair</span></b></p>
-  </td>
-  <td width=63 valign=top style='width:47.2pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Wrap</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Unwrap</span></b></p>
-  </td>
-  <td width=55 valign=top style='width:41.15pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Derive</span></b></p>
-  </td>
- </tr>
- <tr>
-  <td width=269 valign=top style='width:202.1pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_TLS12_MASTER_KEY_DERIVE</span></p>
-  </td>
-  <td width=64 valign=top style='width:47.75pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=51 valign=top style='width:38.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=38 valign=top style='width:28.2pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.15pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=44 valign=top style='width:32.85pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.2pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.15pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=269 valign=top style='width:202.1pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_TLS12_MASTER_KEY_DERIVE_DH</span></p>
-  </td>
-  <td width=64 valign=top style='width:47.75pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=51 valign=top style='width:38.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=38 valign=top style='width:28.2pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.15pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=44 valign=top style='width:32.85pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.2pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.15pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=269 valign=top style='width:202.1pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_TLS12_KEY_AND_MAC_DERIVE</span></p>
-  </td>
-  <td width=64 valign=top style='width:47.75pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=51 valign=top style='width:38.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=38 valign=top style='width:28.2pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.15pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=44 valign=top style='width:32.85pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.2pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.15pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=269 valign=top style='width:202.1pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_TLS12_KEY_SAFE_DERIVE</span></p>
-  </td>
-  <td width=64 valign=top style='width:47.75pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=51 valign=top style='width:38.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=38 valign=top style='width:28.2pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.15pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=44 valign=top style='width:32.85pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.2pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.15pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=269 valign=top style='width:202.1pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_TLS10_MAC_SERVER</span></p>
-  </td>
-  <td width=64 valign=top style='width:47.75pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=51 valign=top style='width:38.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=38 valign=top style='width:28.2pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.15pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=44 valign=top style='width:32.85pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.2pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.15pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'></td>
- </tr>
- <tr>
-  <td width=269 valign=top style='width:202.1pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_TLS10_MAC_CLIENT</span></p>
-  </td>
-  <td width=64 valign=top style='width:47.75pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=51 valign=top style='width:38.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=38 valign=top style='width:28.2pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.15pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=44 valign=top style='width:32.85pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.2pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.15pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=269 valign=top style='width:202.1pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_TLS_KDF</span></p>
-  </td>
-  <td width=64 valign=top style='width:47.75pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=51 valign=top style='width:38.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=38 valign=top style='width:28.2pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.15pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=44 valign=top style='width:32.85pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.2pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.15pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=269 valign=top style='width:202.1pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_TLS12_MAC</span></p>
-  </td>
-  <td width=64 valign=top style='width:47.75pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=51 valign=top style='width:38.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=38 valign=top style='width:28.2pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.15pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=44 valign=top style='width:32.85pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.2pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.15pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850606"></a><a name="_Toc441162528"></a><a
-name="_Toc416960169"></a><a name="_Toc437440687"></a><a name="_Toc395187923"></a><a
-name="_Toc391471285"></a><a name="_Toc370634572"></a><a name="_Toc228807333"></a><a
-name="_Toc228894793">2.29.1 Definitions</a></h3>
-
-<p class=MsoNormal>Mechanisms:</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_TLS12_MASTER_KEY_DERIVE</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_TLS12_MASTER_KEY_DERIVE_DH</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_TLS12_KEY_AND_MAC_DERIVE</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_TLS12_KEY_SAFE_DERIVE</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_TLS10_MAC_SERVER</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_TLS10_MAC_CLIENT</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_TLS_KDF</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_TLS12_MAC</p>
-
-<h3><a name="_Toc441850607"></a><a name="_Toc441162529"></a><a
-name="_Toc416960170"></a><a name="_Toc437440688"></a><a name="_Toc395187924"></a><a
-name="_Toc391471286"></a><a name="_Toc370634573"></a><a name="_Toc72656474"></a><a
-name="_Toc228807334"></a><a name="_Toc228894794">2.29.2 TLS 1.2 mechanism
-parameters</a></h3>
-
-<p class=name style='margin-left:.5in;text-indent:-.25in'><a name="_Toc72656478"></a><a
-name="_Toc228807338"></a><a name="_Toc228894797"></a><a name="_Toc437440689"><span
-lang=X-NONE style='font-family:Symbol;font-weight:normal'>¨<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><span
-lang=X-NONE style='font-family:"Arial",sans-serif'>CK_TLS12_MASTER_KEY_DERIVE_PARAMS;
-CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR</span></a></p>
-
-<p class=MsoNormal><b>CK_TLS12_MASTER_KEY_DERIVE_PARAMS</b> is a structure that
-provides the parameters to the  <b>CKM_TLS12_MASTER_KEY_DERIVE</b> mechanism. 
-It is defined as follows:</p>
-
-<p class=CCode>typedef struct CK_TLS12_MASTER_KEY_DERIVE_PARAMS {</p>
-
-<p class=CCode>  <span lang=IT>CK_SSL3_RANDOM_DATA RandomInfo;</span></p>
-
-<p class=CCode><span lang=IT>  </span>CK_VERSION_PTR pVersion;</p>
-
-<p class=CCode>  CK_MECHANISM_TYPE prfHashMechanism;</p>
-
-<p class=CCode>} CK_TLS12_MASTER_KEY_DERIVE_PARAMS;</p>
-
-<p class=CCode><span style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=MsoNormal>The fields of the structure have the following meanings:</p>
-
-<p class=definition0>                               RandomInfo       client’s
-and server’s random data information.</p>
-
-<p class=definition0>                                   pVersion       pointer
-to a <b>CK_VERSION </b>structure which receives the SSL protocol version
-information</p>
-
-<p class=definition0>                    prfHashMechanism       base hash used
-in the underlying TLS1.2 PRF operation used to derive the master key.</p>
-
-<p class=definition0>&nbsp;</p>
-
-<p class=MsoNormal><b>CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR</b> is a pointer to
-a <b>CK_TLS12_MASTER_KEY_DERIVE_PARAMS</b>.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc437440690"><span lang=X-NONE style='font-family:Symbol;font-weight:
-normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span lang=X-NONE style='font-family:"Arial",sans-serif'>CK_TLS12_KEY_MAT_PARAMS;
-CK_TLS12_KEY_MAT_PARAMS_PTR</span></a></p>
-
-<p class=MsoNormal><b>CK_TLS12_KEY_MAT_PARAMS</b> is a structure that provides
-the parameters to the  <b>CKM_TLS12_KEY_AND_MAC_DERIVE</b> mechanism.  It is
-defined as follows:</p>
-
-<p class=CCode>typedef struct CK_TLS12_KEY_MAT_PARAMS {</p>
-
-<p class=CCode>  CK_ULONG ulMacSizeInBits;</p>
-
-<p class=CCode>  CK_ULONG ulKeySizeInBits;</p>
-
-<p class=CCode>  CK_ULONG ulIVSizeInBits;</p>
-
-<p class=CCode>  CK_BBOOL bIsExport;</p>
-
-<p class=CCode>  <span lang=IT>CK_SSL3_RANDOM_DATA RandomInfo;</span></p>
-
-<p class=CCode><span lang=IT>  </span>CK_SSL3_KEY_MAT_OUT_PTR
-pReturnedKeyMaterial;</p>
-
-<p class=CCode>  CK_MECHANISM_TYPE prfHashMechanism;</p>
-
-<p class=CCode>} CK_TLS12_KEY_MAT_PARAMS;</p>
-
-<p class=CCode><span style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=MsoNormal style='page-break-after:avoid'>The fields of the structure
-have the following meanings:</p>
-
-<p class=definition0>                         ulMacSizeInBits       the length
-(in bits) of the MACing keys agreed upon during the protocol handshake phase.
-If no MAC key is required, the length should be set to 0.</p>
-
-<p class=definition0>                         ulKeySizeInBits       the length
-(in bits) of the secret keys agreed upon during the protocol handshake phase </p>
-
-<p class=definition0>                            ulIVSizeInBits       the
-length (in bits) of the IV agreed upon during the protocol handshake phase. If
-no IV is required, the length should be set to 0 </p>
-
-<p class=definition0>                                  bIsExport       must be
-set to CK_FALSE because export cipher suites must not be used in TLS 1.1 and
-later.</p>
-
-<p class=definition0>                               RandomInfo       client’s
-and server’s random data information.</p>
-
-<p class=definition0>                pReturnedKeyMaterial       points to a
-CK_SSL3_KEY_MAT_OUT structures which receives the handles for the keys
-generated and the IVs </p>
-
-<p class=definition0>                    prfHashMechanism       base hash used
-in the underlying TLS1.2 PRF operation used to derive the master key.</p>
-
-<p class=definition0>&nbsp;</p>
-
-<p class=MsoNormal><b>CK_TLS12_KEY_MAT_PARAMS_PTR</b> is a pointer to a <b>CK_TLS12_KEY_MAT_PARAMS</b>.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc437440691"><span lang=X-NONE style='font-family:Symbol;font-weight:
-normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-family:"Arial",sans-serif'>CK_TLS_KDF_PARAMS;
-CK_TLS_KDF_PARAMS_PTR</span></a></p>
-
-<p class=MsoNormal><b>CK_TLS_KDF_PARAMS </b>is a structure that provides the
-parameters to the CKM_TLS_KDF mechanism.  It is defined as follows:</p>
-
-<p class=MsoNormal style='margin-left:.25in'><span style='font-size:12.0pt;
-font-family:"Courier New"'>typedef struct CK_TLS_KDF_PARAMS {</span></p>
-
-<p class=MsoNormal style='margin-left:.25in'><span style='font-size:12.0pt;
-font-family:"Courier New"'>  CK_MECHANISM_TYPE prfMechanism;</span></p>
-
-<p class=MsoNormal style='margin-left:.25in'><span style='font-size:12.0pt;
-font-family:"Courier New"'>  CK_BYTE_PTR pLabel;</span></p>
-
-<p class=MsoNormal style='margin-left:.25in'><span style='font-size:12.0pt;
-font-family:"Courier New"'>  CK_ULONG ulLabelLength;</span></p>
-
-<p class=MsoNormal style='margin-left:.25in'><span style='font-size:12.0pt;
-font-family:"Courier New"'>  CK_SSL3_RANDOM_DATA RandomInfo;</span></p>
-
-<p class=MsoNormal style='margin-left:.25in'><span style='font-size:12.0pt;
-font-family:"Courier New"'>  CK_BYTE_PTR pContextData;</span></p>
-
-<p class=MsoNormal style='margin-left:.25in'><span style='font-size:12.0pt;
-font-family:"Courier New"'>  CK_ULONG ulContextDataLength;</span></p>
-
-<p class=MsoNormal style='margin-left:.25in'><span style='font-size:12.0pt;
-font-family:"Courier New"'>} CK_TLS_KDF_PARAMS;</span></p>
-
-<p class=MsoNormal style='margin-left:.25in'><span style='font-size:12.0pt;
-font-family:"Courier New"'>&nbsp;</span></p>
-
-<p class=MsoNormal style='page-break-after:avoid'>The fields of the structure
-have the following meanings:</p>
-
-<p class=definition0>                            prfMechanism       the hash
-mechanism used in the TLS1.2 PRF construct or CKM_TLS_PRF to use with the
-TLS1.0 and 1.1 PRF construct. </p>
-
-<p class=definition0>                                       pLabel       a
-pointer to the label for this key derivation </p>
-
-<p class=definition0>                            ulLabelLength       length of
-the label in bytes</p>
-
-<p class=definition0>                               RandomInfo       the random
-data for the key derivation</p>
-
-<p class=definition0>                            pContextData       a pointer
-to the context data for this key derivation. NULL_PTR if not present</p>
-
-<p class=definition0>                  ulContextDataLength       length of the
-context data in bytes. 0 if not present.</p>
-
-<p class=definition0>                                                </p>
-
-<p class=MsoNormal style='margin-left:.25in'><span style='font-size:12.0pt;
-font-family:"Courier New"'>&nbsp;</span></p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc437440692"><span lang=X-NONE style='font-family:Symbol;font-weight:
-normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span lang=X-NONE style='font-family:"Arial",sans-serif'>CK_TLS_</span></a><span
-style='font-family:"Arial",sans-serif'>MAC</span><span lang=X-NONE
-style='font-family:"Arial",sans-serif'>_PARAMS; CK_TLS_</span><span
-style='font-family:"Arial",sans-serif'>MAC</span><span lang=X-NONE
-style='font-family:"Arial",sans-serif'>_PARAMS_PTR</span></p>
-
-<p class=MsoNormal style='page-break-after:avoid'><b>CK_TLS_MAC_PARAMS</b> is a
-structure that provides the parameters to the  <b>CKM_TLS_MAC </b>mechanism. 
-It is defined as follows:</p>
-
-<p class=CCode style='page-break-after:avoid'>typedef struct CK_TLS_MAC_PARAMS
-{</p>
-
-<p class=CCode style='page-break-after:avoid'>  CK_MECHANISM_TYPE prfMechanism;</p>
-
-<p class=CCode style='page-break-after:avoid'>  CK_ULONG ulMacLength;</p>
-
-<p class=CCode style='page-break-after:avoid'>  CK_ULONG ulServerOrClient;</p>
-
-<p class=CCode style='page-break-after:avoid'>} CK_TLS_MAC_PARAMS;</p>
-
-<p class=CCode>&nbsp;</p>
-
-<p class=MsoNormal style='page-break-after:avoid'>The fields of the structure
-have the following meanings:</p>
-
-<p class=definition0>                            prfMechanism       the hash
-mechanism used in the TLS12 PRF construct or CKM_TLS_PRF to use with the TLS1.0
-and 1.1 PRF construct.  </p>
-
-<p class=definition0>                              ulMacLength       the length
-of the MAC tag required or offered.  Always 12 octets in TLS 1.0 and 1.1. 
-Generally 12 octets, but may be negotiated to a longer value in TLS1.2.</p>
-
-<p class=definition0>                        ulServerOrClient       1 to use
-the label &quot;server finished&quot;, 2 to use the label &quot;client
-finished&quot;.   All other values are invalid.</p>
-
-<p class=definition0>                                                </p>
-
-<p class=MsoNormal><b>CK_TLS_MAC_PARAMS_PTR</b> is a pointer to a <b>CK_TLS_MAC_PARAMS</b>.</p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<h3><a name="_Toc441850608"></a><a name="_Toc441162530"></a><a
-name="_Toc416960171"></a><a name="_Toc437440693"></a><a name="_Toc395187925"></a><a
-name="_Toc391471287"></a><a name="_Toc370634574"></a><a
-name="__RefHeading__1691_329915188"></a>2.29.3 TLS MAC</h3>
-
-<p class=MsoNormal>The TLS MAC mechanism is used to generate integrity tags for
-the TLS &quot;finished&quot; message. It replaces the use of the <b>CKM_TLS_PRF</b>
-function for TLS1.0 and 1.1 and that mechanism is deprecated.</p>
-
-<p class=MsoNormal><b>CKM_TLS_MAC</b> takes a parameter of CK_TLS_MAC_PARAMS. 
-To use this mechanism with TLS1.0 and TLS1.1, use <b>CKM_TLS_PRF</b> as the
-value for <i>prfMechanism </i>in place of a hash mechanism. Note: Although <b>CKM_TLS_PRF</b>
-is deprecated as a mechanism for C_DeriveKey, the manifest value is retained
-for use with this mechanism to indicate the use of the TLS1.0/1.1 pseudo-random
-function.</p>
-
-<p class=MsoNormal>In TLS1.0 and 1.1 the &quot;finished&quot; message
-verify_data (i.e. the output signature from the MAC mechanism) is always 12
-bytes.  In TLS1.2 the &quot;finished&quot; message verify_data is a minimum of
-12 bytes, defaults to 12 bytes, but may be negotiated to longer length.</p>
-
-<p class=MsoCaption><a name="_Toc235854041">Table </a>103, General-length TLS
-MAC: Key And Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=102 valign=top style='width:76.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   9.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=108 valign=top style='width:81.0pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   9.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=93 valign=top style='width:69.45pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:9.0pt;font-family:"Arial",sans-serif'>Data length</span></b></p>
-   </td>
-   <td width=225 valign=top style='width:169.05pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:9.0pt;font-family:"Arial",sans-serif'>Signature length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=102 valign=top style='width:76.5pt;border:solid black 1.0pt;
-  border-left:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:9.0pt;
-  font-family:"Arial",sans-serif'>C_Sign</span></p>
-  </td>
-  <td width=108 valign=top style='width:81.0pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:9.0pt;font-family:"Arial",sans-serif'>generic secret</span></p>
-  </td>
-  <td width=93 valign=top style='width:69.45pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:9.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=225 valign=top style='width:169.05pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:9.0pt;font-family:"Arial",sans-serif'>&gt;=12 bytes</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:9.0pt;
-  font-family:"Arial",sans-serif'>C_Verify</span></p>
-  </td>
-  <td width=108 valign=top style='width:81.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:9.0pt;font-family:"Arial",sans-serif'>generic secret</span></p>
-  </td>
-  <td width=93 valign=top style='width:69.45pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:9.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=225 valign=top style='width:169.05pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:9.0pt;font-family:"Arial",sans-serif'>&gt;=12 bytes</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<h3><a name="_Toc441850609"></a><a name="_Toc441162531"></a><a
-name="_Toc416960172"></a><a name="_Toc437440694"></a><a name="_Toc395187926"></a><a
-name="_Toc391471288"></a><a name="_Toc370634575">2.29.4 Master key derivation</a></h3>
-
-<p class=MsoNormal>Master key derivation in TLS 1.0, denoted <b>CKM_TLS_MASTER_KEY_DERIVE</b>,
-is a mechanism used to derive one 48-byte generic secret key from another
-48-byte generic secret key.  It is used to produce the
-&quot;master_secret&quot; key used in the TLS protocol from the
-&quot;pre_master&quot; key.  This mechanism returns the value of the client
-version, which is built into the &quot;pre_master&quot; key as well as a handle
-to the derived &quot;master_secret&quot; key.</p>
-
-<p class=MsoNormal>It has a parameter, a <b>CK_SSL3_MASTER_KEY_DERIVE_PARAMS</b>
-structure, which allows for the passing of random data to the token as well as
-the returning of the protocol version number which is part of the pre-master
-key.  This structure is defined in Section 2.28.</p>
-
-<p class=MsoNormal>The mechanism contributes the <b>CKA_CLASS</b>, <b>CKA_KEY_TYPE</b>,
-and <b>CKA_VALUE</b> attributes to the new key (as well as the <b>CKA_VALUE_LEN</b>
-attribute, if it is not supplied in the template).  Other attributes may be
-specified in the template, or else are assigned default values.</p>
-
-<p class=MsoNormal>The mechanism also contributes the CKA_ALLOWED_MECHANISMS
-attribute consisting only of <b>CKM_TLS12_KEY_AND_MAC_DERIVE,
-CKM_TLS12_KEY_SAFE_DERIVE, CKM_TLS12_KDF</b> and <b>CKM_TLS12_MAC</b>.</p>
-
-<p class=MsoNormal>The template sent along with this mechanism during a <b>C_DeriveKey</b>
-call may indicate that the object class is <b>CKO_SECRET_KEY</b>, the key type
-is <b>CKK_GENERIC_SECRET</b>, and the <b>CKA_VALUE_LEN</b> attribute has value
-48.  However, since these facts are all implicit in the mechanism, there is no
-need to specify any of them.</p>
-
-<p class=MsoNormal>This mechanism has the following rules about key sensitivity
-and extractability:</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>The <b>CKA_SENSITIVE</b> and <b>CKA_EXTRACTABLE</b> attributes in
-the template for the new key can both be specified to be either CK_TRUE or
-CK_FALSE.  If omitted, these attributes each take on some default value.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If the base key has its <b>CKA_ALWAYS_SENSITIVE</b> attribute set
-to CK_FALSE, then the derived key will as well.  If the base key has its <b>CKA_ALWAYS_SENSITIVE</b>
-attribute set to CK_TRUE, then the derived key has its <b>CKA_ALWAYS_SENSITIVE</b>
-attribute set to the same value as its <b>CKA_SENSITIVE</b> attribute.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>Similarly, if the base key has its <b>CKA_NEVER_EXTRACTABLE</b>
-attribute set to CK_FALSE, then the derived key will, too.  If the base key has
-its <b>CKA_NEVER_EXTRACTABLE</b> attribute set to CK_TRUE, then the derived key
-has its <b>CKA_NEVER_EXTRACTABLE</b> attribute set to the <i>opposite</i> value
-from its <b>CKA_EXTRACTABLE</b> attribute.</p>
-
-<p class=MsoNormal>For this mechanism, the ulMinKeySize and ulMaxKeySize fields
-of the <b>CK_MECHANISM_INFO </b>structure both indicate 48 bytes.</p>
-
-<p class=MsoNormal>Note that the <b>CK_VERSION</b> structure pointed to by the <b>CK_SSL3_MASTER_KEY_DERIVE_PARAMS</b>
-structure’s <i>pVersion</i> field will be modified by the <b>C_DeriveKey</b>
-call.  In particular, when the call returns, this structure will hold the SSL
-version associated with the supplied pre_master key.</p>
-
-<p class=MsoNormal>Note that this mechanism is only useable for cipher suites
-that use a 48-byte “pre_master” secret with an embedded version number. This
-includes the RSA cipher suites, but excludes the Diffie-Hellman cipher suites.</p>
-
-<h3><a name="_Toc441850610"></a><a name="_Toc441162532"></a><a
-name="_Toc416960173"></a><a name="_Toc437440695"></a><a name="_Toc395187927"></a><a
-name="_Toc391471289"></a><a name="_Toc370634576"></a><a name="_Toc72656479"></a><a
-name="_Toc228807339"></a><a name="_Toc228894798">2.29.5 Master key derivation
-for Diffie-Hellman</a></h3>
-
-<p class=MsoNormal>Master key derivation for Diffie-Hellman in TLS 1.0, denoted
-<b>CKM_TLS_MASTER_KEY_DERIVE_DH</b>, is a mechanism used to derive one 48-byte
-generic secret key from another arbitrary length generic secret key.  It is
-used to produce the &quot;master_secret&quot; key used in the TLS protocol from
-the &quot;pre_master&quot; key. </p>
-
-<p class=MsoNormal>It has a parameter, a <b>CK_SSL3_MASTER_KEY_DERIVE_PARAMS</b>
-structure, which allows for the passing of random data to the token.  This
-structure is defined in Section 2.28. The <i>pVersion</i> field of the
-structure must be set to NULL_PTR since the version number is not embedded in
-the &quot;pre_master&quot; key as it is for RSA-like cipher suites.</p>
-
-<p class=MsoNormal>The mechanism contributes the <b>CKA_CLASS</b>, <b>CKA_KEY_TYPE</b>,
-and <b>CKA_VALUE</b> attributes to the new key (as well as the <b>CKA_VALUE_LEN</b>
-attribute, if it is not supplied in the template).  Other attributes may be
-specified in the template, or else are assigned default values.</p>
-
-<p class=MsoNormal>The mechanism also contributes the CKA_ALLOWED_MECHANISMS
-attribute consisting only of <b>CKM_TLS12_KEY_AND_MAC_DERIVE,
-CKM_TLS12_KEY_SAFE_DERIVE, CKM_TLS12_KDF</b> and <b>CKM_TLS12_MAC</b>.</p>
-
-<p class=MsoNormal>The template sent along with this mechanism during a <b>C_DeriveKey</b>
-call may indicate that the object class is <b>CKO_SECRET_KEY</b>, the key type
-is <b>CKK_GENERIC_SECRET</b>, and the <b>CKA_VALUE_LEN</b> attribute has value
-48.  However, since these facts are all implicit in the mechanism, there is no
-need to specify any of them.</p>
-
-<p class=MsoNormal>This mechanism has the following rules about key sensitivity
-and extractability:</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>The <b>CKA_SENSITIVE</b> and <b>CKA_EXTRACTABLE</b> attributes in
-the template for the new key can both be specified to be either CK_TRUE or
-CK_FALSE.  If omitted, these attributes each take on some default value.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If the base key has its <b>CKA_ALWAYS_SENSITIVE</b> attribute set
-to CK_FALSE, then the derived key will as well.  If the base key has its <b>CKA_ALWAYS_SENSITIVE</b>
-attribute set to CK_TRUE, then the derived key has its <b>CKA_ALWAYS_SENSITIVE</b>
-attribute set to the same value as its <b>CKA_SENSITIVE</b> attribute.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>Similarly, if the base key has its <b>CKA_NEVER_EXTRACTABLE</b>
-attribute set to CK_FALSE, then the derived key will, too.  If the base key has
-its <b>CKA_NEVER_EXTRACTABLE</b> attribute set to CK_TRUE, then the derived key
-has its <b>CKA_NEVER_EXTRACTABLE</b> attribute set to the <i>opposite</i> value
-from its <b>CKA_EXTRACTABLE</b> attribute.</p>
-
-<p class=MsoNormal>For this mechanism, the ulMinKeySize and ulMaxKeySize fields
-of the <b>CK_MECHANISM_INFO </b>structure both indicate 48 bytes.</p>
-
-<p class=MsoNormal>Note that this mechanism is only useable for cipher suites
-that do not use a fixed length 48-byte “pre_master” secret with an embedded
-version number. This includes the Diffie-Hellman cipher suites, but excludes
-the RSA cipher suites.</p>
-
-<h3><a name="_Toc441850611"></a><a name="_Toc441162533"></a><a
-name="_Toc416960174"></a><a name="_Toc437440696"></a><a name="_Toc395187928"></a><a
-name="_Toc391471290"></a><a name="_Toc370634577"></a><a name="_Toc72656480"></a><a
-name="_Toc228807340"></a><a name="_Toc228894799">2.29.6 Key and MAC derivation</a></h3>
-
-<p class=MsoNormal>Key, MAC and IV derivation in TLS 1.0, denoted <b>CKM_TLS_KEY_AND_MAC_DERIVE</b>,
-is a mechanism used to derive the appropriate cryptographic keying material
-used by a &quot;CipherSuite&quot; from the &quot;master_secret&quot; key and
-random data. This mechanism returns the key handles for the keys generated in
-the process, as well as the IVs created.</p>
-
-<p class=MsoNormal>It has a parameter, a <b>CK_SSL3_KEY_MAT_PARAMS</b>
-structure, which allows for the passing of random data as well as the
-characteristic of the cryptographic material for the given CipherSuite and a
-pointer to a structure which receives the handles and IVs which were generated.
-This structure is defined in Section 2.28.</p>
-
-<p class=MsoNormal>This mechanism contributes to the creation of four distinct
-keys on the token and returns two IVs (if IVs are requested by the caller) back
-to the caller. The keys are all given an object class of <b>CKO_SECRET_KEY</b>.
-</p>
-
-<p class=MsoNormal>The two MACing keys (&quot;client_write_MAC_secret&quot; and
-&quot;server_write_MAC_secret&quot;) (if present) are always given a type of <b>CKK_GENERIC_SECRET</b>.
-They are flagged as valid for signing and verification.</p>
-
-<p class=MsoNormal>The other two keys (&quot;client_write_key&quot; and
-&quot;server_write_key&quot;) are typed according to information found in the
-template sent along with this mechanism during a <b>C_DeriveKey</b> function
-call.  By default, they are flagged as valid for encryption, decryption, and
-derivation operations.</p>
-
-<p class=MsoNormal>For <b>CKM_TLS12_KEY_AND_MAC_DERIVE</b>, IVs will be generated
-and returned if the <i>ulIVSizeInBits</i> field of the <b>CK_SSL3_KEY_MAT_PARAMS</b>
-field has a nonzero value.  If they are generated, their length in bits will
-agree with the value in the <i>ulIVSizeInBits</i> field.</p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<div style='border:solid windowtext 2.25pt;padding:1.0pt 4.0pt 1.0pt 4.0pt;
-margin-left:.5in;margin-right:0in'>
-
-<p class=MsoNormal style='border:none;padding:0in'>Note Well:
-CKM_TLS12_KEY_AND_MAC_DERIVE produces both private (key) and public (IV) data. 
-It is possible to &quot;leak&quot; private data by the simple expedient of
-decreasing the length of private data requested.  E.g. Setting ulMacSizeInBits
-and ulKeySizeInBits to 0 (or other lengths less than the key size) will result
-in the private key data being placed in the destination designated for the
-IV's.  Repeated calls with the same master key and same RandomInfo but with
-differing lengths for the private key material will result in different data
-being leaked.&lt;</p>
-
-</div>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<p class=MsoNormal>All four keys inherit the values of the<b> CKA_SENSITIVE</b>,
-<b>CKA_ALWAYS_SENSITIVE</b>, <b>CKA_EXTRACTABLE</b>, and <b>CKA_NEVER_EXTRACTABLE</b>
-attributes from the base key.  The template provided to <b>C_DeriveKey</b> may
-not specify values for any of these attributes which differ from those held by
-the base key.</p>
-
-<p class=MsoNormal>Note that the <b>CK_SSL3_KEY_MAT_OUT</b> structure pointed
-to by the <b>CK_SSL3_KEY_MAT_PARAMS</b> structure’s <i>pReturnedKeyMaterial</i>
-field will be modified by the <b>C_DeriveKey</b> call.  In particular, the four
-key handle fields in the <b>CK_SSL3_KEY_MAT_OUT</b> structure will be modified
-to hold handles to the newly-created keys; in addition, the buffers pointed to
-by the <b>CK_SSL3_KEY_MAT_OUT</b> structure’s <i>pIVClient</i> and <i>pIVServer</i>
-fields will have IVs returned in them (if IVs are requested by the caller). 
-Therefore, these two fields must point to buffers with sufficient space to hold
-any IVs that will be returned.</p>
-
-<p class=MsoNormal>This mechanism departs from the other key derivation
-mechanisms in Cryptoki in its returned information. For most key-derivation
-mechanisms, <b>C_DeriveKey</b> returns a single key handle as a result of a
-successful completion. However, since the <b>CKM_SSL3_KEY_AND_MAC_DERIVE</b>
-mechanism returns all of its key handles in the <b>CK_SSL3_KEY_MAT_OUT</b>
-structure pointed to by the <b>CK_SSL3_KEY_MAT_PARAMS</b> structure specified
-as the mechanism parameter, the parameter <i>phKey</i> passed to <b>C_DeriveKey</b>
-is unnecessary, and should be a NULL_PTR.</p>
-
-<p class=MsoNormal>If a call to <b>C_DeriveKey</b> with this mechanism fails,
-then <i>none</i><a name="_Toc405794942"> of the four keys will be created on
-the token.</a></p>
-
-<h3><a name="_Toc441850612"></a><a name="_Toc441162534"></a><a
-name="_Toc416960175"></a><a name="_Toc437440697"></a><a name="_Toc395187929"></a><a
-name="_Toc391471291"></a><a name="_Toc370634578">2.29.7 CKM_TLS12_KEY_SAFE_DERIVE</a></h3>
-
-<p class=MsoNormal style='margin-left:-2.25pt'><b>CKM_TLS12_KEY_SAFE_DERIVE </b>is
-identical to <b>CKM_TLS12_KEY_AND_MAC_DERIVE</b> except that it shall never
-produce IV data, and the  ulIvSizeInBits field of <b>CK_TLS12_KEY_MAT_PARAMS</b>
-is ignored and treated as 0.  All of the other conditions  and behavior
-described for CKM_TLS12_KEY_AND_MAC_DERIVE, with the exception of the black box
-warning, apply to this mechanism. </p>
-
-<p class=MsoNormal style='margin-left:-2.25pt'>CKM_TLS12_KEY_SAFE_DERIVE is
-provided as a separate mechanism to allow a client to control the export of IV
-material (and possible leaking of key material) through the use of the
-CKA_ALLOWED_MECHANISMS key attribute.</p>
-
-<h3><a name="_Toc441850613"></a><a name="_Toc441162535"></a><a
-name="_Toc416960176"></a><a name="_Toc437440698"></a><a name="_Toc395187930"></a><a
-name="_Toc391471292"></a><a name="_Toc370634579">2.29.8 Generic Key Derivation
-using the TLS PRF</a></h3>
-
-<p class=MsoNormal><b>CKM_TLS_KDF</b> is the mechanism defined in RFC5705. It
-uses the TLS key material and TLS PRF function to produce additional key
-material for protocols that want to leverage the TLS key negotiation
-mechanism.  <b>CKM_TLS_KDF</b> has a parameter of <b>CK_TLS_KDF_PARAMS</b>.  If
-the protocol using this mechanism does not use context information, the <i>pContextData
-</i>field shall be set to NULL_PTR and the <i>ulContextDataLength</i> field
-shall be set to 0.</p>
-
-<p class=MsoNormal>To use this mechanism with TLS1.0 and TLS1.1, use <b>CKM_TLS_PRF</b>
-as the value for <i>prfMechanism </i>in place of a hash mechanism. Note:
-Although <b>CKM_TLS_PRF</b> is deprecated as a mechanism for C_DeriveKey, the
-manifest value is retained for use with this mechanism to indicate the use of
-the TLS1.0/1.1 Pseudo-random function.</p>
-
-<p class=MsoNormal>This mechanism can be used to derive multiple keys (e.g.
-similar to <b>CKM_TLS12_KEY_AND_MAC_DERIVE</b>) by first deriving the key
-stream as a <b>CKK_GENERIC_SECRET</b> of the necessary length and doing
-subsequent derives against that derived key stream using the <b>CKM_EXTRACT_KEY_FROM_KEY</b>
-mechanism to split the key stream into the actual operational keys.</p>
-
-<p class=MsoNormal>The mechanism should not be used with the labels defined for
-use with TLS, but the token does not enforce this behavior.</p>
-
-<p class=MsoNormal>This mechanism has the following rules about key sensitivity
-and extractability:</p>
-
-<p class=tagged><span style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If the original key has its <b>CKA_SENSITIVE</b> attribute set to
-CK_TRUE, so does the derived key.  If not, then the derived key’s <b>CKA_SENSITIVE</b>
-attribute is set either from the supplied template or from the original key.</p>
-
-<p class=tagged><span style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>Similarly, if the original key has its <b>CKA_EXTRACTABLE</b>
-attribute set to CK_FALSE, so does the derived key.  If not, then the derived
-key’s <b>CKA_EXTRACTABLE</b> attribute is set either from the supplied template
-or from the original key.</p>
-
-<p class=tagged><span style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>The derived key’s <b>CKA_ALWAYS_SENSITIVE</b> attribute is set to
-CK_TRUE if and only if the original key has its <b>CKA_ALWAYS_SENSITIVE</b>
-attribute set to CK_TRUE.</p>
-
-<p class=tagged><span style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>Similarly, the derived key’s <b>CKA_NEVER_EXTRACTABLE</b> attribute
-is set to CK_TRUE if and only if the original key has its <b>CKA_NEVER_EXTRACTABLE</b>
-attribute set to CK_TRUE.</p>
-
-<h2><a name="_Toc405794945"></a><a name="_Toc26949889"></a><a
-name="_Toc35416783"></a><a name="_Toc35654947"></a><a name="_Toc35655007"></a><a
-name="_Toc35669496"></a><a name="_Toc35754880"></a><a name="_Toc39387921"></a><a
-name="_Toc39397798"></a><a name="_Toc441850614"></a><a name="_Toc441162536"></a><a
-name="_Toc416960177"></a><a name="_Toc437440699"></a><a name="_Toc395187931"></a><a
-name="_Toc391471293"></a><a name="_Toc370634580"></a><a name="_Toc72656481"></a><a
-name="_Toc228807341"></a><a name="_Toc228894800">2.30 WTLS</a></h2>
-
-<p class=MsoNormal>Details can be found in [WTLS].</p>
-
-<p class=MsoNormal>When comparing the existing TLS mechanisms with these
-extensions to support WTLS one could argue that there would be no need to have
-distinct handling of the client and server side of the handshake. However,
-since in WTLS the server and client use different sequence numbers, there could
-be instances (e.g. when WTLS is used to protect asynchronous protocols) where sequence
-numbers on the client and server side differ, and hence this motivates the
-introduced split.</p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>104</span></i><i><span style='font-size:9.0pt'>, WTLS Mechanisms
-vs. Functions</span></i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='border-collapse:collapse;border:none'>
- <tr>
-  <td width=290 rowspan=2 valign=top style='width:217.3pt;border:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left'><a
-  name="_Toc72656482"><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></a></p>
-  <p class=TableSmallFont align=left style='text-align:left'><b><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Mechanism</span></b></p>
-  </td>
-  <td width=349 colspan=7 valign=top style='width:261.5pt;border:solid windowtext 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Functions</span></b></p>
-  </td>
- </tr>
- <tr>
-  <td width=60 valign=top style='width:44.95pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Encrypt</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Decrypt</span></b></p>
-  </td>
-  <td width=48 valign=top style='width:36.3pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Sign</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Verify</span></b></p>
-  </td>
-  <td width=36 valign=top style='width:26.9pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>SR</span></b></p>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>VR</span></b><sup><span lang=SV style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>1</span></sup></p>
-  </td>
-  <td width=52 valign=top style='width:38.85pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>&nbsp;</span></b></p>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>Digest</span></b></p>
-  </td>
-  <td width=42 valign=top style='width:31.2pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Gen.</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key/</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Pair</span></b></p>
-  </td>
-  <td width=59 valign=top style='width:44.45pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Wrap</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Unwrap</span></b></p>
-  </td>
-  <td width=52 valign=top style='width:38.85pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Derive</span></b></p>
-  </td>
- </tr>
- <tr>
-  <td width=290 valign=top style='width:217.3pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_WTLS_PRE_MASTER_KEY_GEN</span></p>
-  </td>
-  <td width=60 valign=top style='width:44.95pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=48 valign=top style='width:36.3pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=36 valign=top style='width:26.9pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=52 valign=top style='width:38.85pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=42 valign=top style='width:31.2pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=59 valign=top style='width:44.45pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=52 valign=top style='width:38.85pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=290 valign=top style='width:217.3pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_WTLS_MASTER_KEY_DERIVE</span></p>
-  </td>
-  <td width=60 valign=top style='width:44.95pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=48 valign=top style='width:36.3pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=36 valign=top style='width:26.9pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=52 valign=top style='width:38.85pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=42 valign=top style='width:31.2pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=59 valign=top style='width:44.45pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=52 valign=top style='width:38.85pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=290 valign=top style='width:217.3pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC</span></p>
-  </td>
-  <td width=60 valign=top style='width:44.95pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=48 valign=top style='width:36.3pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=36 valign=top style='width:26.9pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=52 valign=top style='width:38.85pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=42 valign=top style='width:31.2pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=59 valign=top style='width:44.45pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=52 valign=top style='width:38.85pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=290 valign=top style='width:217.3pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE</span></p>
-  </td>
-  <td width=60 valign=top style='width:44.95pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=48 valign=top style='width:36.3pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=36 valign=top style='width:26.9pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=52 valign=top style='width:38.85pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=42 valign=top style='width:31.2pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=59 valign=top style='width:44.45pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=52 valign=top style='width:38.85pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=290 valign=top style='width:217.3pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE</span></p>
-  </td>
-  <td width=60 valign=top style='width:44.95pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=48 valign=top style='width:36.3pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=36 valign=top style='width:26.9pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=52 valign=top style='width:38.85pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=42 valign=top style='width:31.2pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=59 valign=top style='width:44.45pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=52 valign=top style='width:38.85pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=290 valign=top style='width:217.3pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_WTLS_PRF</span></p>
-  </td>
-  <td width=60 valign=top style='width:44.95pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=48 valign=top style='width:36.3pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=36 valign=top style='width:26.9pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=52 valign=top style='width:38.85pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=42 valign=top style='width:31.2pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=59 valign=top style='width:44.45pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=52 valign=top style='width:38.85pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850615"></a><a name="_Toc441162537"></a><a
-name="_Toc416960178"></a><a name="_Toc437440700"></a><a name="_Toc395187932"></a><a
-name="_Toc391471294"></a><a name="_Toc370634581"></a><a name="_Toc228807342"></a><a
-name="_Toc228894801">2.30.1 Definitions</a></h3>
-
-<p class=MsoNormal>Mechanisms:</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_WTLS_PRE_MASTER_KEY_GEN</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_WTLS_MASTER_KEY_DERIVE</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_WTLS_PRF</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE</p>
-
-<h3><a name="_Toc441850616"></a><a name="_Toc441162538"></a><a
-name="_Toc416960179"></a><a name="_Toc437440701"></a><a name="_Toc395187933"></a><a
-name="_Toc391471295"></a><a name="_Toc370634582"></a><a name="_Toc72656483"></a><a
-name="_Toc228807343"></a><a name="_Toc228894802">2.30.2 WTLS mechanism
-parameters</a></h3>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc26949890"></a><a name="_Toc35416784"></a><a name="_Toc35654948"></a><a
-name="_Toc35655008"></a><a name="_Toc35669497"></a><a name="_Toc35754881"></a><a
-name="_Toc39387922"></a><a name="_Toc39397799"></a><a name="_Toc72656484"></a><a
-name="_Toc228807344"><span lang=X-NONE style='font-family:Symbol;font-weight:
-normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span lang=X-NONE style='font-family:"Arial",sans-serif'>CK_WTLS_RANDOM_DATA;
-CK_WTLS_RANDOM_DATA_PTR</span></a></p>
-
-<p class=MsoNormal><b>CK_WTLS_RANDOM_DATA</b> is a structure, which provides
-information about the random data of a client and a server in a WTLS context.
-This structure is used by the <b>CKM_WTLS_MASTER_KEY_DERIVE</b> mechanism. It
-is defined as follows:</p>
-
-<p class=CCode>typedef struct CK_WTLS_RANDOM_DATA {</p>
-
-<p class=CCode>  <span lang=SV>CK_BYTE_PTR pClientRandom;</span></p>
-
-<p class=CCode><span lang=SV>  CK_ULONG    ulClientRandomLen;</span></p>
-
-<p class=CCode><span lang=SV>  CK_BYTE_PTR pServerRandom;</span></p>
-
-<p class=CCode><span lang=SV>  CK_ULONG    ulServerRandomLen;</span></p>
-
-<p class=CCode>} CK_WTLS_RANDOM_DATA;</p>
-
-<p class=CCode>&nbsp;</p>
-
-<p class=MsoNormal>The fields of the structure have the following meanings:</p>
-
-<p class=definition0>                          pClientRandom       <span
-style='font-style:normal'>pointer to the client’s random data</span></p>
-
-<p class=definition0>                     pClientRandomLen       <span
-style='font-style:normal'>length in bytes of the client’s random data</span></p>
-
-<p class=definition0>                       pServerRaondom       <span
-style='font-style:normal'>pointer to the server’s random data</span></p>
-
-<p class=definition0>                   ulServerRandomLen       <span
-style='font-style:normal'>length in bytes of the server’s random data</span></p>
-
-<p class=MsoNormal>CK_WTLS_RANDOM_DATA_PTR is a pointer to a
-CK_WTLS_RANDOM_DATA.</p>
-
-<p class=name align=left style='margin-left:.25in;text-align:left;text-indent:
--.25in'><a name="_Toc26949891"></a><a name="_Toc35416785"></a><a
-name="_Toc35654949"></a><a name="_Toc35655009"></a><a name="_Toc35669498"></a><a
-name="_Toc35754882"></a><a name="_Toc39387923"></a><a name="_Toc39397800"></a><a
-name="_Toc72656485"></a><a name="_Toc228807345"><span lang=X-NONE
-style='font-family:Symbol;font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span lang=X-NONE style='font-family:"Arial",sans-serif'>CK_WTLS_MASTER_KEY_DERIVE_PARAMS;
-CK_WTLS_MASTER_KEY_DERIVE_PARAMS _PTR</span></a></p>
-
-<p class=MsoNormal><b>CK_WTLS_MASTER_KEY_DERIVE_PARAMS</b> is a structure,
-which provides the parameters to the <b>CKM_WTLS_MASTER_KEY_DERIVE</b>
-mechanism. It is defined as follows:</p>
-
-<p class=CCode>typedef struct CK_WTLS_MASTER_KEY_DERIVE_PARAMS {</p>
-
-<p class=CCode>  CK_MECHANISM_TYPE   DigestMechanism;</p>
-
-<p class=CCode>  CK_WTLS_RANDOM_DATA RandomInfo;</p>
-
-<p class=CCode>  CK_BYTE_PTR         pVersion;</p>
-
-<p class=CCode>} CK_WTLS_MASTER_KEY_DERIVE_PARAMS;</p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<p class=MsoNormal>The fields of the structure have the following meanings:</p>
-
-<p class=definition0>                      DigestMechanism       <span
-style='font-style:normal'>the mechanism type of the digest mechanism to be used
-(possible types can be found in [WTLS])</span></p>
-
-<p class=definition0>                               RandomInfo       <span
-style='font-style:normal'>Client’s and server’s random data information</span></p>
-
-<p class=definition0>                                   pVersion       <span
-style='font-style:normal'>pointer to a <b>CK_BYTE</b> which receives the WTLS
-protocol version information</span></p>
-
-<p class=MsoNormal>CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR is a pointer to a
-CK_WTLS_MASTER_KEY_DERIVE_PARAMS.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc26949892"></a><a name="_Toc35416786"></a><a name="_Toc35654950"></a><a
-name="_Toc35655010"></a><a name="_Toc35669499"></a><a name="_Toc35754883"></a><a
-name="_Toc39387924"></a><a name="_Toc39397801"></a><a name="_Toc72656486"></a><a
-name="_Toc228807346"><span lang=X-NONE style='font-family:Symbol;font-weight:
-normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span lang=X-NONE style='font-family:"Arial",sans-serif'>CK_WTLS_PRF_PARAMS;
-CK_WTLS_PRF_PARAMS_PTR</span></a></p>
-
-<p class=MsoNormal><b>CK_WTLS_PRF_PARAMS</b> is a structure, which provides the
-parameters to the <b>CKM_WTLS_PRF</b> mechanism. It is defined as follows:</p>
-
-<p class=CCode>typedef struct CK_WTLS_PRF_PARAMS {</p>
-
-<p class=CCode>  CK_MECHANISM_TYPE DigestMechanism;</p>
-
-<p class=CCode>  CK_BYTE_PTR       pSeed;</p>
-
-<p class=CCode>  CK_ULONG          ulSeedLen;</p>
-
-<p class=CCode>  CK_BYTE_PTR       pLabel;</p>
-
-<p class=CCode>  CK_ULONG          ulLabelLen;</p>
-
-<p class=CCode>  CK_BYTE_PTR       pOutput;</p>
-
-<p class=CCode>  CK_ULONG_PTR      pulOutputLen;</p>
-
-<p class=CCode>} CK_WTLS_PRF_PARAMS;</p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<p class=MsoNormal>The fields of the structure have the following meanings:</p>
-
-<p class=definition0>                     Digest Mechanism       <span
-style='font-style:normal'>the mechanism type of the digest mechanism to be used
-(possible types can be found in [WTLS])</span></p>
-
-<p class=definition0>                                       pSeed       <span
-style='font-style:normal'>pointer to the input seed</span></p>
-
-<p class=definition0>                                 ulSeedLen       <span
-style='font-style:normal'>length in bytes of the input seed</span></p>
-
-<p class=definition0>                                       pLabel       <span
-style='font-style:normal'>pointer to the identifying label</span></p>
-
-<p class=definition0>                                 ulLabelLen       <span
-style='font-style:normal'>length in bytes of the identifying label</span></p>
-
-<p class=definition0>                                     pOutput       <span
-style='font-style:normal'>pointer receiving the output of the operation</span></p>
-
-<p class=definition0>                             pulOutputLen       <span
-style='font-style:normal'>pointer to the length in bytes that the output to be
-created shall have, has to hold the desired length as input and will receive the
-calculated length as output</span></p>
-
-<p class=MsoNormal>CK_WTLS_PRF_PARAMS_PTR is a pointer to a CK_WTLS_PRF_PARAMS.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Ref19504209"></a><a name="_Toc26949893"></a><a name="_Toc35416787"></a><a
-name="_Toc35654951"></a><a name="_Toc35655011"></a><a name="_Toc35669500"></a><a
-name="_Toc35754884"></a><a name="_Toc39387925"></a><a name="_Toc39397802"></a><a
-name="_Toc72656487"></a><a name="_Toc228807347"><span lang=X-NONE
-style='font-family:Symbol;font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span lang=X-NONE style='font-family:"Arial",sans-serif'>CK_WTLS_KEY_MAT_OUT;
-CK_WTLS_KEY_MAT_OUT_PTR</span></a></p>
-
-<p class=MsoNormal><b>CK_WTLS_KEY_MAT_OUT</b> is a structure that contains the
-resulting key handles and initialization vectors after performing a C_DeriveKey
-function with the <b>CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE</b> or with the <b>CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE
-</b>mechanism. It is defined as follows:</p>
-
-<p class=CCode>typedef struct CK_WTLS_KEY_MAT_OUT {</p>
-
-<p class=CCode>  CK_OBJECT_HANDLE hMacSecret;</p>
-
-<p class=CCode>  CK_OBJECT_HANDLE hKey;</p>
-
-<p class=CCode>  CK_BYTE_PTR      pIV;</p>
-
-<p class=CCode>} CK_WTLS_KEY_MAT_OUT;</p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<p class=MsoNormal>The fields of the structure have the following meanings:</p>
-
-<p class=definition0>                               hMacSecret       <span
-style='font-style:normal'>Key handle for the resulting MAC secret key</span></p>
-
-<p class=definition0>                                         hKey       <span
-style='font-style:normal'>Key handle for the resulting secret key</span></p>
-
-<p class=definition0>                                           pIV       <span
-style='font-style:normal'>Pointer to a location which receives the
-initialization vector (IV) created (if any)</span></p>
-
-<p class=MsoNormal>CK_WTLS_KEY_MAT_OUT _PTR is a pointer to a
-CK_WTLS_KEY_MAT_OUT.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Ref10431466"></a><a name="_Toc26949894"></a><a name="_Toc35416788"></a><a
-name="_Toc35654952"></a><a name="_Toc35655012"></a><a name="_Toc35669501"></a><a
-name="_Toc35754885"></a><a name="_Toc39387926"></a><a name="_Toc39397803"></a><a
-name="_Toc72656488"></a><a name="_Toc228807348"><span lang=X-NONE
-style='font-family:Symbol;font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span lang=X-NONE style='font-family:"Arial",sans-serif'>CK_WTLS_KEY_MAT_PARAMS;
-CK_WTLS_KEY_MAT_PARAMS_PTR</span></a></p>
-
-<p class=MsoNormal><b>CK_WTLS_KEY_MAT_PARAMS</b> is a structure that provides
-the parameters to the <b>CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE</b> and the <b>CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE
-</b>mechanisms. It is defined as follows:</p>
-
-<p class=CCode>typedef struct CK_WTLS_KEY_MAT_PARAMS {</p>
-
-<p class=CCode>  CK_MECHANISM_TYPE       DigestMechanism;</p>
-
-<p class=CCode>  CK_ULONG                ulMacSizeInBits;</p>
-
-<p class=CCode>  CK_ULONG                ulKeySizeInBits;</p>
-
-<p class=CCode>  CK_ULONG                ulIVSizeInBits;</p>
-
-<p class=CCode>  CK_ULONG                ulSequenceNumber;</p>
-
-<p class=CCode>  CK_BBOOL                bIsExport;</p>
-
-<p class=CCode>  CK_WTLS_RANDOM_DATA     RandomInfo;</p>
-
-<p class=CCode>  CK_WTLS_KEY_MAT_OUT_PTR pReturnedKeyMaterial;</p>
-
-<p class=CCode>} CK_WTLS_KEY_MAT_PARAMS;</p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<p class=MsoNormal>The fields of the structure have the following meanings:</p>
-
-<p class=definition0>                     Digest Mechanism       <span
-style='font-style:normal'>the mechanism type of the digest mechanism to be used
-(possible types can be found in [WTLS])</span></p>
-
-<p class=definition0>                         ulMaxSizeInBits       <span
-style='font-style:normal'>the length (in bits) of the MACing key agreed upon
-during the protocol handshake phase</span></p>
-
-<p class=definition0>                         ulKeySizeInBits       <span
-style='font-style:normal'>the length (in bits) of the secret key agreed upon
-during the handshake phase</span></p>
-
-<p class=definition0>                            ulIVSizeInBits       <span
-style='font-style:normal'>the length (in bits) of the IV agreed upon during the
-handshake phase.  If no IV is required, the length should be set to 0.</span></p>
-
-<p class=definition0>                    ulSequenceNumber       <span
-style='font-style:normal'>the current sequence number used for records sent by
-the client and server respectively</span></p>
-
-<p class=definition0>                                  bIsExport       <span
-style='font-style:normal'>a boolean value which indicates whether the keys have
-to be derives for an export version of the protocol.  If this value is true
-(i.e., the keys are exportable) then </span>ulKeySizeInBits<span
-style='font-style:normal'> is the length of the key in bits before expansion. 
-The length of the key after expansion is determined by the information found in
-the template sent along with this mechanism during a C_DeriveKey function call
-(either the <b>CKA_KEY_TYPE</b> or the <b>CKA_VALUE_LEN</b> attribute).</span></p>
-
-<p class=definition0>                               RandomInfo       <span
-style='font-style:normal'>client’s and server’s random data information</span></p>
-
-<p class=definition0>                pReturnedKeyMaterial       <span
-style='font-style:normal'>points to a <b>CK_WTLS_KEY_MAT_OUT</b> structure
-which receives the handles for the keys generated and the IV</span></p>
-
-<p class=MsoNormal><b>CK_WTLS_KEY_MAT_PARAMS_PTR</b> is a pointer to a <b>CK_WTLS_KEY_MAT_PARAMS</b>.</p>
-
-<h3><a name="_Toc441850617"></a><a name="_Toc441162539"></a><a
-name="_Toc416960180"></a><a name="_Toc437440702"></a><a name="_Toc395187934"></a><a
-name="_Toc391471296"></a><a name="_Toc370634583"></a><a name="_Toc26949896"></a><a
-name="_Toc35416790"></a><a name="_Toc35654954"></a><a name="_Toc35655014"></a><a
-name="_Toc35669503"></a><a name="_Toc35754887"></a><a name="_Toc39387928"></a><a
-name="_Toc39397805"></a><a name="_Toc72656489"></a><a name="_Toc228807349"></a><a
-name="_Toc228894803">2.30.3 Pre master secret key generation for RSA key
-exchange suite</a></h3>
-
-<p class=MsoNormal>Pre master secret key generation for the RSA key exchange
-suite in WTLS denoted <b>CKM_WTLS_PRE_MASTER_KEY_GEN</b>, is a mechanism, which
-generates a variable length secret key. It is used to produce the pre master
-secret key for RSA key exchange suite used in WTLS. This mechanism returns a
-handle to the pre master secret key.</p>
-
-<p class=MsoNormal>It has one parameter, a <b>CK_BYTE</b>, which provides the
-client’s WTLS version.</p>
-
-<p class=MsoNormal>The mechanism contributes the <b>CKA_CLASS</b>, <b>CKA_KEY_TYPE</b>
-and <b>CKA_VALUE</b> attributes to the new key (as well as the <b>CKA_VALUE_LEN</b>
-attribute, if it is not supplied in the template). Other attributes may be
-specified in the template, or else are assigned default values.</p>
-
-<p class=MsoNormal>The template sent along with this mechanism during a <b>C_GenerateKey</b>
-call may indicate that the object class is <b>CKO_SECRET_KEY</b>, the key type
-is <b>CKK_GENERIC_SECRET</b>, and the <b>CKA_VALUE_LEN</b> attribute indicates
-the length of the pre master secret key.</p>
-
-<p class=MsoNormal>For this mechanism, the ulMinKeySize field of the <b>CK_MECHANISM_INFO</b>
-structure shall indicate 20 bytes.</p>
-
-<h3><a name="_Toc441850618"></a><a name="_Toc441162540"></a><a
-name="_Toc416960181"></a><a name="_Toc437440703"></a><a name="_Toc395187935"></a><a
-name="_Toc391471297"></a><a name="_Toc370634584"></a><a name="_Toc509977016"></a><a
-name="_Toc26949897"></a><a name="_Toc35416791"></a><a name="_Toc35654955"></a><a
-name="_Toc35655015"></a><a name="_Toc35669504"></a><a name="_Toc35754888"></a><a
-name="_Toc39387929"></a><a name="_Toc39397806"></a><a name="_Toc72656490"></a><a
-name="_Toc228807350"></a><a name="_Toc228894804">2.30.4 Master secret key
-derivation</a></h3>
-
-<p class=MsoNormal>Master secret derivation in WTLS, denoted <b>CKM_WTLS_MASTER_KEY_DERIVE</b>,
-is a mechanism used to derive a 20 byte generic secret key from variable length
-secret key. It is used to produce the master secret key used in WTLS from the
-pre master secret key. This mechanism returns the value of the client version,
-which is built into the pre master secret key as well as a handle to the
-derived master secret key.</p>
-
-<p class=MsoNormal>It has a parameter, a <b>CK_WTLS_MASTER_KEY_DERIVE_PARAMS</b>
-structure, which allows for passing the mechanism type of the digest mechanism
-to be used as well as the passing of random data to the token as well as the
-returning of the protocol version number which is part of the pre master secret
-key.</p>
-
-<p class=MsoNormal>The mechanism contributes the <b>CKA_CLASS</b>, <b>CKA_KEY_TYPE</b>,
-and <b>CKA_VALUE</b> attributes to the new key (as well as the <b>CKA_VALUE_LEN</b>
-attribute, if it is not supplied in the template). Other attributes may be
-specified in the template, or else are assigned default values.</p>
-
-<p class=MsoNormal>The template sent along with this mechanism during a <b>C_DeriveKey</b>
-call may indicate that the object class is <b>CKO_SECRET_KEY</b>, the key type
-is <b>CKK_GENERIC_SECRET</b>, and the <b>CKA_VALUE_LEN</b> attribute has value
-20. However, since these facts are all implicit in the mechanism, there is no
-need to specify any of them.</p>
-
-<p class=MsoNormal>This mechanism has the following rules about key sensitivity
-and extractability:</p>
-
-<p class=MsoNormal>The <b>CKA_SENSITIVE</b> and <b>CKA_EXTRACTABLE</b>
-attributes in the template for the new key can both be specified to be either
-CK_TRUE or CK_FALSE. If omitted, these attributes each take on some default
-value.</p>
-
-<p class=MsoNormal>If the base key has its <b>CKA_ALWAYS_SENSITIVE</b>
-attribute set to CK_FALSE, then the derived key will as well. If the base key
-has its <b>CKA_ALWAYS_SENSITIVE</b> attribute set to CK_TRUE, then the derived
-key has its <b>CKA_ALWAYS_SENSITIVE</b> attribute set to the same value as its <b>CKA_SENSITIVE</b>
-attribute.</p>
-
-<p class=MsoNormal>Similarly, if the base key has its <b>CKA_NEVER_EXTRACTABLE</b>
-attribute set to CK_FALSE, then the derived key will, too. If the base key has
-its <b>CKA_NEVER_EXTRACTABLE</b> attribute set to CK_TRUE, then the derived key
-has its <b>CKA_NEVER_EXTRACTABLE</b> attribute set to the <i>opposite</i> value
-from its <b>CKA_EXTRACTABLE</b> attribute.</p>
-
-<p class=MsoNormal>For this mechanism, the ulMinKeySize and ulMaxKeySize fields
-of the <b>CK_MECHANISM_INFO </b>structure both indicate 20 bytes.</p>
-
-<p class=MsoNormal>Note that the <b>CK_BYTE</b> pointed to by the <b>CK_WTLS_MASTER_KEY_DERIVE_PARAMS</b>
-structure’s <i>pVersion</i> field will be modified by the <b>C_DeriveKey </b>call.
-In particular, when the call returns, this byte will hold the WTLS version
-associated with the supplied pre master secret key.</p>
-
-<p class=MsoNormal>Note that this mechanism is only useable for key exchange
-suites that use a 20-byte pre master secret key with an embedded version
-number. This includes the RSA key exchange suites, but excludes the
-Diffie-Hellman and Elliptic Curve Cryptography key exchange suites.</p>
-
-<h3><a name="_Toc441850619"></a><a name="_Toc441162541"></a><a
-name="_Toc416960182"></a><a name="_Toc437440704"></a><a name="_Toc395187936"></a><a
-name="_Toc391471298"></a><a name="_Toc370634585"></a><a name="_Toc26949898"></a><a
-name="_Toc35416792"></a><a name="_Toc35654956"></a><a name="_Toc35655016"></a><a
-name="_Toc35669505"></a><a name="_Toc35754889"></a><a name="_Toc39387930"></a><a
-name="_Toc39397807"></a><a name="_Toc72656491"></a><a name="_Toc228807351"></a><a
-name="_Toc228894805">2.30.5 Master secret key derivation for Diffie-Hellman and
-Elliptic Curve Cryptography</a></h3>
-
-<p class=MsoNormal>Master secret derivation for Diffie-Hellman and Elliptic
-Curve Cryptography in WTLS, denoted <b>CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC</b>,
-is a mechanism used to derive a 20 byte generic secret key from variable length
-secret key. It is used to produce the master secret key used in WTLS from the
-pre master secret key. This mechanism returns a handle to the derived master
-secret key.</p>
-
-<p class=MsoNormal>It has a parameter, a <b>CK_WTLS_MASTER_KEY_DERIVE_PARAMS</b>
-structure, which allows for the passing of the mechanism type of the digest
-mechanism to be used as well as random data to the token. The <i>pVersion </i>field
-of the structure must be set to NULL_PTR since the version number is not
-embedded in the pre master secret key as it is for RSA-like key exchange
-suites.</p>
-
-<p class=MsoNormal>The mechanism contributes the <b>CKA_CLASS</b>, <b>CKA_KEY_TYPE</b>,
-and <b>CKA_VALUE</b> attributes to the new key (as well as the <b>CKA_VALUE_LEN</b>
-attribute, if it is not supplied in the template). Other attributes may be
-specified in the template, or else are assigned default values.</p>
-
-<p class=MsoNormal>The template sent along with this mechanism during a <b>C_DeriveKey</b>
-call may indicate that the object class is <b>CKO_SECRET_KEY</b>, the key type
-is <b>CKK_GENERIC_SECRET</b>, and the <b>CKA_VALUE_LEN</b> attribute has value
-20. However, since these facts are all implicit in the mechanism, there is no
-need to specify any of them.</p>
-
-<p class=MsoNormal>This mechanism has the following rules about key sensitivity
-and extractability:</p>
-
-<p class=MsoNormal>The <b>CKA_SENSITIVE</b> and <b>CKA_EXTRACTABLE</b>
-attributes in the template for the new key can both be specified to be either
-CK_TRUE or CK_FALSE. If omitted, these attributes each take on some default
-value.</p>
-
-<p class=MsoNormal>If the base key has its <b>CKA_ALWAYS_SENSITIVE</b>
-attribute set to CK_FALSE, then the derived key will as well. If the base key
-has its <b>CKA_ALWAYS_SENSITIVE</b> attribute set to CK_TRUE, then the derived
-key has its <b>CKA_ALWAYS_SENSITIVE</b> attribute set to the same value as its <b>CKA_SENSITIVE</b>
-attribute.</p>
-
-<p class=MsoNormal>Similarly, if the base key has its <b>CKA_NEVER_EXTRACTABLE</b>
-attribute set to CK_FALSE, then the derived key will, too. If the base key has
-its <b>CKA_NEVER_EXTRACTABLE</b> attribute set to CK_TRUE, then the derived key
-has its <b>CKA_NEVER_EXTRACTABLE</b> attribute set to the <i>opposite</i> value
-from its <b>CKA_EXTRACTABLE</b> attribute.</p>
-
-<p class=MsoNormal>For this mechanism, the ulMinKeySize and ulMaxKeySize fields
-of the <b>CK_MECHANISM_INFO </b>structure both indicate 20 bytes.</p>
-
-<p class=MsoNormal>Note that this mechanism is only useable for key exchange
-suites that do not use a fixed length 20-byte pre master secret key with an
-embedded version number. This includes the Diffie-Hellman and Elliptic Curve
-Cryptography key exchange suites, but excludes the RSA key exchange suites.</p>
-
-<h3><a name="_Toc441850620"></a><a name="_Toc441162542"></a><a
-name="_Toc416960183"></a><a name="_Toc437440705"></a><a name="_Toc395187937"></a><a
-name="_Toc391471299"></a><a name="_Toc370634586"></a><a name="_Toc26949899"></a><a
-name="_Toc35416793"></a><a name="_Toc35654957"></a><a name="_Toc35655017"></a><a
-name="_Toc35669506"></a><a name="_Toc35754890"></a><a name="_Toc39387931"></a><a
-name="_Toc39397808"></a><a name="_Toc72656492"></a><a name="_Toc228807352"></a><a
-name="_Toc228894806">2.30.6 WTLS PRF (pseudorandom function)</a></h3>
-
-<p class=MsoNormal>PRF (pseudo random function) in WTLS, denoted <b>CKM_WTLS_PRF</b>,
-is a mechanism used to produce a securely generated pseudo-random output of
-arbitrary length. The keys it uses are generic secret keys.</p>
-
-<p class=MsoNormal>It has a parameter, a <b>CK_WTLS_PRF_PARAMS</b> structure,
-which allows for passing the mechanism type of the digest mechanism to be used,
-the passing of the input seed and its length, the passing of an identifying
-label and its length and the passing of the length of the output to the token
-and for receiving the output.</p>
-
-<p class=MsoNormal>This mechanism produces securely generated pseudo-random
-output of the length specified in the parameter.</p>
-
-<p class=MsoNormal><a name="_Ref10432922">This mechanism departs from the other
-key derivation mechanisms in Cryptoki in not using the template sent along with
-this mechanism during a <b>C_DeriveKey</b> function call, which means the
-template shall be a NULL_PTR. For most key-derivation mechanisms, <b>C_DeriveKey</b>
-returns a single key handle as a result of a successful completion. However,
-since the <b>CKM_WTLS_PRF</b> mechanism returns the requested number of output
-bytes in the <b>CK_WTLS_PRF_PARAMS</b> structure specified as the mechanism
-parameter, the parameter <i>phKey</i> passed to <b>C_DeriveKey</b> is
-unnecessary, and should be a NULL_PTR.</a></p>
-
-<p class=MsoNormal>If a call to <b>C_DeriveKey</b> with this mechanism fails,
-then no output will be generated.</p>
-
-<h3><a name="_Toc441850621"></a><a name="_Toc441162543"></a><a
-name="_Toc416960184"></a><a name="_Toc437440706"></a><a name="_Toc395187938"></a><a
-name="_Toc391471300"></a><a name="_Toc370634587"></a><a name="_Ref23037876"></a><a
-name="_Toc26949900"></a><a name="_Toc35416794"></a><a name="_Toc35654958"></a><a
-name="_Toc35655018"></a><a name="_Toc35669507"></a><a name="_Toc35754891"></a><a
-name="_Toc39387932"></a><a name="_Toc39397809"></a><a name="_Toc72656493"></a><a
-name="_Toc228807353"></a><a name="_Toc228894807">2.30.7 Server Key and MAC
-derivation</a></h3>
-
-<p class=MsoNormal>Server key, MAC and IV derivation in WTLS, denoted <b>CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE</b>,
-is a mechanism used to derive the appropriate cryptographic keying material
-used by a cipher suite from the master secret key and random data. This mechanism
-returns the key handles for the keys generated in the process, as well as the
-IV created.</p>
-
-<p class=MsoNormal>It has a parameter, a <b>CK_WTLS_KEY_MAT_PARAMS</b>
-structure, which allows for the passing of the mechanism type of the digest
-mechanism to be used, random data, the characteristic of the cryptographic
-material for the given cipher suite, and a pointer to a structure which
-receives the handles and IV which were generated.</p>
-
-<p class=MsoNormal>This mechanism contributes to the creation of two distinct
-keys and returns one IV (if an IV is requested by the caller) back to the
-caller. The keys are all given an object class of <b>CKO_SECRET_KEY</b>. </p>
-
-<p class=MsoNormal>The MACing key (server write MAC secret) is always given a
-type of <b>CKK_GENERIC_SECRET</b>. It is flagged as valid for signing,
-verification and derivation operations.</p>
-
-<p class=MsoNormal>The other key (server write key) is typed according to
-information found in the template sent along with this mechanism during a <b>C_DeriveKey</b>
-function call. By default, it is flagged as valid for encryption, decryption,
-and derivation operations.</p>
-
-<p class=MsoNormal>An IV (server write IV) will be generated and returned if
-the <i>ulIVSizeInBits</i> field of the <b>CK_WTLS_KEY_MAT_PARAMS</b> field has
-a nonzero value. If it is generated, its length in bits will agree with the
-value in the <i>ulIVSizeInBits</i> field</p>
-
-<p class=MsoNormal>Both keys inherit the values of the <b>CKA_SENSITIVE</b>, <b>CKA_ALWAYS_SENSITIVE</b>,
-<b>CKA_EXTRACTABLE</b>, and <b>CKA_NEVER_EXTRACTABLE</b> attributes from the
-base key. The template provided to <b>C_DeriveKey</b> may not specify values
-for any of these attributes that differ from those held by the base key.</p>
-
-<p class=MsoNormal>Note that the <b>CK_WTLS_KEY_MAT_OUT</b> structure pointed
-to by the <b>CK_WTLS_KEY_MAT_PARAMS</b> structure’s <i>pReturnedKeyMaterial</i>
-field will be modified by the <b>C_DeriveKey</b> call. In particular, the two
-key handle fields in the <b>CK_WTLS_KEY_MAT_OUT</b> structure will be modified
-to hold handles to the newly-created keys; in addition, the buffer pointed to
-by the <b>CK_WTLS_KEY_MAT_OUT</b> structure’s <i>pIV</i> field will have the IV
-returned in them (if an IV is requested by the caller). Therefore, this field
-must point to a buffer with sufficient space to hold any IV that will be
-returned.</p>
-
-<p class=MsoNormal>This mechanism departs from the other key derivation
-mechanisms in Cryptoki in its returned information. For most key-derivation
-mechanisms, <b>C_DeriveKey</b> returns a single key handle as a result of a successful
-completion. However, since the <b>CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE</b>
-mechanism returns all of its key handles in the <b>CK_WTLS_KEY_MAT_OUT</b>
-structure pointed to by the <b>CK_WTLS_KEY_MAT_PARAMS</b> structure specified
-as the mechanism parameter, the parameter <i>phKey</i> passed to <b>C_DeriveKey</b>
-is unnecessary, and should be a NULL_PTR.</p>
-
-<p class=MsoNormal>If a call to <b>C_DeriveKey</b> with this mechanism fails,
-then <i>none</i> of the two keys will be created.</p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<h3><a name="_Toc441850622"></a><a name="_Toc441162544"></a><a
-name="_Toc416960185"></a><a name="_Toc437440707"></a><a name="_Toc395187939"></a><a
-name="_Toc391471301"></a><a name="_Toc370634588"></a><a name="_Toc26949901"></a><a
-name="_Toc35416795"></a><a name="_Toc35654959"></a><a name="_Toc35655019"></a><a
-name="_Toc35669508"></a><a name="_Toc35754892"></a><a name="_Toc39387933"></a><a
-name="_Toc39397810"></a><a name="_Toc72656494"></a><a name="_Toc228807354"></a><a
-name="_Toc228894808">2.30.8 Client key and MAC derivation</a></h3>
-
-<p class=MsoNormal>Client key, MAC and IV derivation in WTLS, denoted <b>CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE</b>,
-is a mechanism used to derive the appropriate cryptographic keying material
-used by a cipher suite from the master secret key and random data. This
-mechanism returns the key handles for the keys generated in the process, as
-well as the IV created.</p>
-
-<p class=MsoNormal>It has a parameter, a <b>CK_WTLS_KEY_MAT_PARAMS</b>
-structure, which allows for the passing of the mechanism type of the digest
-mechanism to be used, random data, the characteristic of the cryptographic
-material for the given cipher suite, and a pointer to a structure which
-receives the handles and IV which were generated.</p>
-
-<p class=MsoNormal>This mechanism contributes to the creation of two distinct
-keys and returns one IV (if an IV is requested by the caller) back to the
-caller. The keys are all given an object class of <b>CKO_SECRET_KEY</b>. </p>
-
-<p class=MsoNormal>The MACing key (client write MAC secret) is always given a
-type of <b>CKK_GENERIC_SECRET</b>. It is flagged as valid for signing,
-verification and derivation operations.</p>
-
-<p class=MsoNormal>The other key (client write key) is typed according to
-information found in the template sent along with this mechanism during a <b>C_DeriveKey</b>
-function call. By default, it is flagged as valid for encryption, decryption,
-and derivation operations.</p>
-
-<p class=MsoNormal>An IV (client write IV) will be generated and returned if
-the <i>ulIVSizeInBits</i> field of the <b>CK_WTLS_KEY_MAT_PARAMS</b> field has
-a nonzero value. If it is generated, its length in bits will agree with the
-value in the <i>ulIVSizeInBits</i> field</p>
-
-<p class=MsoNormal>Both keys inherit the values of the <b>CKA_SENSITIVE</b>, <b>CKA_ALWAYS_SENSITIVE</b>,
-<b>CKA_EXTRACTABLE</b>, and <b>CKA_NEVER_EXTRACTABLE</b> attributes from the
-base key. The template provided to <b>C_DeriveKey</b> may not specify values
-for any of these attributes that differ from those held by the base key.</p>
-
-<p class=MsoNormal>Note that the <b>CK_WTLS_KEY_MAT_OUT</b> structure pointed
-to by the <b>CK_WTLS_KEY_MAT_PARAMS</b> structure’s <i>pReturnedKeyMaterial</i>
-field will be modified by the <b>C_DeriveKey</b> call. In particular, the two
-key handle fields in the <b>CK_WTLS_KEY_MAT_OUT</b> structure will be modified
-to hold handles to the newly-created keys; in addition, the buffer pointed to
-by the <b>CK_WTLS_KEY_MAT_OUT</b> structure’s <i>pIV</i> field will have the IV
-returned in them (if an IV is requested by the caller). Therefore, this field
-must point to a buffer with sufficient space to hold any IV that will be
-returned.</p>
-
-<p class=MsoNormal>This mechanism departs from the other key derivation
-mechanisms in Cryptoki in its returned information. For most key-derivation
-mechanisms, <b>C_DeriveKey</b> returns a single key handle as a result of a
-successful completion. However, since the <b>CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE</b>
-mechanism returns all of its key handles in the <b>CK_WTLS_KEY_MAT_OUT</b>
-structure pointed to by the <b>CK_WTLS_KEY_MAT_PARAMS</b> structure specified
-as the mechanism parameter, the parameter <i>phKey</i> passed to <b>C_DeriveKey</b>
-is unnecessary, and should be a NULL_PTR.</p>
-
-<p class=MsoNormal>If a call to <b>C_DeriveKey</b> with this mechanism fails,
-then <i>none</i> of the two keys will be created.</p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<h2><a name="_Toc441850623"></a><a name="_Toc441162545"></a><a
-name="_Toc416960186"></a><a name="_Toc437440708"></a><a name="_Toc395187940"></a><a
-name="_Toc391471302"></a><a name="_Toc370634589"></a><a name="_Toc72656495"></a><a
-name="_Toc228807355"></a><a name="_Toc228894809"><span lang=DE-CH>2.31 </span>Miscellaneous
-simple key derivation mechanisms</a></h2>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>105</span></i><i><span style='font-size:9.0pt'>,
-Miscellaneous simple key derivation Mechanisms vs. Functions</span></i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='border-collapse:collapse;border:none'>
- <tr>
-  <td width=271 rowspan=2 valign=top style='width:202.9pt;border:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left'><a
-  name="_Toc72656496"><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></a></p>
-  <p class=TableSmallFont align=left style='text-align:left'><b><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Mechanism</span></b></p>
-  </td>
-  <td width=368 colspan=7 valign=top style='width:275.9pt;border:solid windowtext 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Functions</span></b></p>
-  </td>
- </tr>
- <tr>
-  <td width=63 valign=top style='width:47.55pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Encrypt</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Decrypt</span></b></p>
-  </td>
-  <td width=51 valign=top style='width:38.25pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Sign</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Verify</span></b></p>
-  </td>
-  <td width=38 valign=top style='width:28.15pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>SR</span></b></p>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>VR</span></b><sup><span lang=SV style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>1</span></sup></p>
-  </td>
-  <td width=55 valign=top style='width:41.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>&nbsp;</span></b></p>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>Digest</span></b></p>
-  </td>
-  <td width=44 valign=top style='width:32.8pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Gen.</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key/</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Pair</span></b></p>
-  </td>
-  <td width=63 valign=top style='width:47.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Wrap</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Unwrap</span></b></p>
-  </td>
-  <td width=55 valign=top style='width:41.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Derive</span></b></p>
-  </td>
- </tr>
- <tr>
-  <td width=271 valign=top style='width:202.9pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_CONCATENATE_BASE_AND_KEY</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.55pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=51 valign=top style='width:38.25pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=38 valign=top style='width:28.15pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=44 valign=top style='width:32.8pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=271 valign=top style='width:202.9pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_CONCATENATE_BASE_AND_DATA</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.55pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=51 valign=top style='width:38.25pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=38 valign=top style='width:28.15pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=44 valign=top style='width:32.8pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=271 valign=top style='width:202.9pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_CONCATENATE_DATA_AND_BASE</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.55pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=51 valign=top style='width:38.25pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=38 valign=top style='width:28.15pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=44 valign=top style='width:32.8pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=271 valign=top style='width:202.9pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_XOR_BASE_AND_DATA</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.55pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=51 valign=top style='width:38.25pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=38 valign=top style='width:28.15pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=44 valign=top style='width:32.8pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=271 valign=top style='width:202.9pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_EXTRACT_KEY_FROM_KEY</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.55pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=51 valign=top style='width:38.25pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=38 valign=top style='width:28.15pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=44 valign=top style='width:32.8pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850624"></a><a name="_Toc441162546"></a><a
-name="_Toc416960187"></a><a name="_Toc437440709"></a><a name="_Toc395187941"></a><a
-name="_Toc391471303"></a><a name="_Toc370634590"></a><a name="_Toc228807356"></a><a
-name="_Toc228894810">2.31.1 Definitions</a></h3>
-
-<p class=MsoNormal>Mechanisms:</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_CONCATENATE_BASE_AND_DATA  </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_CONCATENATE_DATA_AND_BASE  </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_XOR_BASE_AND_DATA          </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_EXTRACT_KEY_FROM_KEY       </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_CONCATENATE_BASE_AND_KEY   </p>
-
-<h3><a name="_Toc441850625"></a><a name="_Toc441162547"></a><a
-name="_Toc416960188"></a><a name="_Toc437440710"></a><a name="_Toc395187942"></a><a
-name="_Toc391471304"></a><a name="_Toc370634591"></a><a name="_Toc72656497"></a><a
-name="_Ref72657107"></a><a name="_Toc228807357"></a><a name="_Toc228894811">2.31.2
-Parameters for miscellaneous simple key derivation mechanisms</a></h3>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc405794943"></a><a name="_Toc72656498"></a><a name="_Toc228807358"><span
-lang=X-NONE style='font-family:Symbol;font-weight:normal'>¨<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><span
-lang=X-NONE style='font-family:"Arial",sans-serif'>CK_KEY_DERIVATION_STRING_DATA;
-CK_KEY_DERIVATION_STRING_DATA_PTR</span></a></p>
-
-<p class=MsoNormal>CK_KEY_DERIVATION_STRING_DATA provides the parameters for
-the CKM_CONCATENATE_BASE_AND_DATA, CKM_CONCATENATE_DATA_AND_BASE, and
-CKM_XOR_BASE_AND_DATA mechanisms.  It is defined as follows:</p>
-
-<p class=CCode>typedef struct CK_KEY_DERIVATION_STRING_DATA {</p>
-
-<p class=CCode>  CK_BYTE_PTR pData;</p>
-
-<p class=CCode>  CK_ULONG ulLen;</p>
-
-<p class=CCode>} CK_KEY_DERIVATION_STRING_DATA;</p>
-
-<p class=CCode><span style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=MsoNormal>The fields of the structure have the following meanings:</p>
-
-<p class=definition0>                                        pData       <span
-style='font-style:normal'>pointer to the byte string</span></p>
-
-<p class=definition0>                                        ulLen       <span
-style='font-style:normal'>length of the byte string</span></p>
-
-<p class=MsoNormal>CK_KEY_DERIVATION_STRING_DATA_PTR is a pointer to a
-CK_KEY_DERIVATION_STRING_DATA.</p>
-
-<p class=name style='margin-left:.25in;text-indent:-.25in'><a
-name="_Toc405794944"></a><a name="_Toc72656499"></a><a name="_Toc228807359"><span
-lang=X-NONE style='font-family:Symbol;font-weight:normal'>¨<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span><span
-lang=X-NONE style='font-family:"Arial",sans-serif'>CK_EXTRACT_PARAMS;
-CK_EXTRACT_PARAMS_PTR</span></a></p>
-
-<p class=MsoNormal><b>CK_EXTRACT_PARAMS</b> provides the parameter to the <b>CKM_EXTRACT_KEY_FROM_KEY</b>
-mechanism.  It specifies which bit of the base key should be used as the first
-bit of the derived key.  It is defined as follows:</p>
-
-<p class=CCode>typedef CK_ULONG CK_EXTRACT_PARAMS;</p>
-
-<p class=CCode><span style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=MsoNormal>CK_EXTRACT_PARAMS_PTR is a pointer to a CK_EXTRACT_PARAMS.</p>
-
-<h3><a name="_Toc441850626"></a><a name="_Toc441162548"></a><a
-name="_Toc416960189"></a><a name="_Toc437440711"></a><a name="_Toc395187943"></a><a
-name="_Toc391471305"></a><a name="_Toc370634592"></a><a name="_Toc405794946"></a><a
-name="_Toc72656500"></a><a name="_Toc228807360"></a><a name="_Toc228894812">2.31.3
-Concatenation of a base key and another key</a></h3>
-
-<p class=MsoNormal>This mechanism, denoted <b>CKM_CONCATENATE_BASE_AND_KEY</b>,
-derives a secret key from the concatenation of two existing secret keys.  The
-two keys are specified by handles; the values of the keys specified are
-concatenated together in a buffer.</p>
-
-<p class=MsoNormal>This mechanism takes a parameter, a <b>CK_OBJECT_HANDLE</b>. 
-This handle produces the key value information which is appended to the end of
-the base key’s value information (the base key is the key whose handle is
-supplied as an argument to <b>C_DeriveKey</b>).</p>
-
-<p class=MsoNormal>For example, if the value of the base key is 0x01234567, and
-the value of the other key is 0x89ABCDEF, then the value of the derived key
-will be taken from a buffer containing the string 0x0123456789ABCDEF.  </p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If no length or key type is provided in the template, then the
-key produced by this mechanism will be a generic secret key.  Its length will
-be equal to the sum of the lengths of the values of the two original keys.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If no key type is provided in the template, but a length is, then
-the key produced by this mechanism will be a generic secret key of the
-specified length.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If no length is provided in the template, but a key type is, then
-that key type must have a well-defined length.  If it does, then the key
-produced by this mechanism will be of the type specified in the template.  If
-it doesn’t, an error will be returned.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If both a key type and a length are provided in the template, the
-length must be compatible with that key type.  The key produced by this
-mechanism will be of the specified type and length.</p>
-
-<p class=MsoNormal>If a DES, DES2, DES3, or CDMF key is derived with this
-mechanism, the parity bits of the key will be set properly.</p>
-
-<p class=MsoNormal>If the requested type of key requires more bytes than are
-available by concatenating the two original keys’ values, an error is
-generated.</p>
-
-<p class=MsoNormal>This mechanism has the following rules about key sensitivity
-and extractability:</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If either of the two original keys has its <b>CKA_SENSITIVE</b>
-attribute set to CK_TRUE, so does the derived key.  If not, then the derived
-key’s <b>CKA_SENSITIVE</b> attribute is set either from the supplied template
-or from a default value.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>Similarly, if either of the two original keys has its <b>CKA_EXTRACTABLE</b>
-attribute set to CK_FALSE, so does the derived key.  If not, then the derived
-key’s <b>CKA_EXTRACTABLE</b> attribute is set either from the supplied template
-or from a default value.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>The derived key’s <b>CKA_ALWAYS_SENSITIVE</b> attribute is set to
-CK_TRUE if and only if both of the original keys have their <b>CKA_ALWAYS_SENSITIVE</b>
-attributes set to CK_TRUE.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>Similarly, the derived key’s <b>CKA_NEVER_EXTRACTABLE</b>
-attribute is set to CK_TRUE if and only if both of the original keys have their
-<b>CKA_NEVER_EXTRACTABLE</b> attributes set to CK_TRUE.</p>
-
-<h3><a name="_Toc441850627"></a><a name="_Toc441162549"></a><a
-name="_Toc416960190"></a><a name="_Toc437440712"></a><a name="_Toc395187944"></a><a
-name="_Toc391471306"></a><a name="_Toc370634593"></a><a name="_Toc405794947"></a><a
-name="_Toc72656501"></a><a name="_Toc228807361"></a><a name="_Toc228894813">2.31.4
-Concatenation of a base key and data</a></h3>
-
-<p class=MsoNormal>This mechanism, denoted <b>CKM_CONCATENATE_BASE_AND_DATA</b>,
-derives a secret key by concatenating data onto the end of a specified secret
-key.</p>
-
-<p class=MsoNormal>This mechanism takes a parameter, a <b>CK_KEY_DERIVATION_STRING_DATA</b>
-structure, which specifies the length and value of the data which will be
-appended to the base key to derive another key.</p>
-
-<p class=MsoNormal>For example, if the value of the base key is 0x01234567, and
-the value of the data is 0x89ABCDEF, then the value of the derived key will be
-taken from a buffer containing the string 0x0123456789ABCDEF.  </p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If no length or key type is provided in the template, then the
-key produced by this mechanism will be a generic secret key.  Its length will
-be equal to the sum of the lengths of the value of the original key and the
-data.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If no key type is provided in the template, but a length is, then
-the key produced by this mechanism will be a generic secret key of the
-specified length.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If no length is provided in the template, but a key type is, then
-that key type must have a well-defined length.  If it does, then the key
-produced by this mechanism will be of the type specified in the template.  If
-it doesn’t, an error will be returned.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If both a key type and a length are provided in the template, the
-length must be compatible with that key type.  The key produced by this
-mechanism will be of the specified type and length.</p>
-
-<p class=MsoNormal>If a DES, DES2, DES3, or CDMF key is derived with this
-mechanism, the parity bits of the key will be set properly.</p>
-
-<p class=MsoNormal>If the requested type of key requires more bytes than are
-available by concatenating the original key’s value and the data, an error is
-generated.</p>
-
-<p class=MsoNormal>This mechanism has the following rules about key sensitivity
-and extractability:</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If the base key has its <b>CKA_SENSITIVE</b> attribute set to
-CK_TRUE, so does the derived key.  If not, then the derived key’s <b>CKA_SENSITIVE</b>
-attribute is set either from the supplied template or from a default value.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>Similarly, if the base key has its <b>CKA_EXTRACTABLE</b>
-attribute set to CK_FALSE, so does the derived key.  If not, then the derived
-key’s <b>CKA_EXTRACTABLE</b> attribute is set either from the supplied template
-or from a default value.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>The derived key’s <b>CKA_ALWAYS_SENSITIVE</b> attribute is set to
-CK_TRUE if and only if the base key has its <b>CKA_ALWAYS_SENSITIVE</b>
-attribute set to CK_TRUE.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>Similarly, the derived key’s <b>CKA_NEVER_EXTRACTABLE</b>
-attribute is set to CK_TRUE if and only if the base key has its <b>CKA_NEVER_EXTRACTABLE</b>
-attribute set to CK_TRUE.</p>
-
-<h3><a name="_Toc441850628"></a><a name="_Toc441162550"></a><a
-name="_Toc416960191"></a><a name="_Toc437440713"></a><a name="_Toc395187945"></a><a
-name="_Toc391471307"></a><a name="_Toc370634594"></a><a name="_Toc405794948"></a><a
-name="_Toc72656502"></a><a name="_Toc228807362"></a><a name="_Toc228894814">2.31.5
-Concatenation of data and a base key</a></h3>
-
-<p class=MsoNormal>This mechanism, denoted <b>CKM_CONCATENATE_DATA_AND_BASE</b>,
-derives a secret key by prepending data to the start of a specified secret key.</p>
-
-<p class=MsoNormal>This mechanism takes a parameter, a <b>CK_KEY_DERIVATION_STRING_DATA</b>
-structure, which specifies the length and value of the data which will be
-prepended to the base key to derive another key.</p>
-
-<p class=MsoNormal>For example, if the value of the base key is 0x01234567, and
-the value of the data is 0x89ABCDEF, then the value of the derived key will be
-taken from a buffer containing the string 0x89ABCDEF01234567.  </p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If no length or key type is provided in the template, then the
-key produced by this mechanism will be a generic secret key.  Its length will
-be equal to the sum of the lengths of the data and the value of the original
-key.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If no key type is provided in the template, but a length is, then
-the key produced by this mechanism will be a generic secret key of the
-specified length.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If no length is provided in the template, but a key type is, then
-that key type must have a well-defined length.  If it does, then the key
-produced by this mechanism will be of the type specified in the template.  If
-it doesn’t, an error will be returned.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If both a key type and a length are provided in the template, the
-length must be compatible with that key type.  The key produced by this
-mechanism will be of the specified type and length.</p>
-
-<p class=MsoNormal>If a DES, DES2, DES3, or CDMF key is derived with this
-mechanism, the parity bits of the key will be set properly.</p>
-
-<p class=MsoNormal>If the requested type of key requires more bytes than are
-available by concatenating the data and the original key’s value, an error is
-generated.</p>
-
-<p class=MsoNormal>This mechanism has the following rules about key sensitivity
-and extractability:</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If the base key has its <b>CKA_SENSITIVE</b> attribute set to
-CK_TRUE, so does the derived key.  If not, then the derived key’s <b>CKA_SENSITIVE</b>
-attribute is set either from the supplied template or from a default value.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>Similarly, if the base key has its <b>CKA_EXTRACTABLE</b>
-attribute set to CK_FALSE, so does the derived key.  If not, then the derived
-key’s <b>CKA_EXTRACTABLE</b> attribute is set either from the supplied template
-or from a default value.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>The derived key’s <b>CKA_ALWAYS_SENSITIVE</b> attribute is set to
-CK_TRUE if and only if the base key has its <b>CKA_ALWAYS_SENSITIVE</b>
-attribute set to CK_TRUE.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>Similarly, the derived key’s <b>CKA_NEVER_EXTRACTABLE</b>
-attribute is set to CK_TRUE if and only if the base key has its <b>CKA_NEVER_EXTRACTABLE</b>
-attribute set to CK_TRUE.</p>
-
-<h3><a name="_Toc441850629"></a><a name="_Toc441162551"></a><a
-name="_Toc416960192"></a><a name="_Toc437440714"></a><a name="_Toc395187946"></a><a
-name="_Toc391471308"></a><a name="_Toc370634595"></a><a name="_Toc405794949"></a><a
-name="_Toc72656503"></a><a name="_Toc228807363"></a><a name="_Toc228894815">2.31.6
-XORing of a key and data</a></h3>
-
-<p class=MsoNormal>XORing key derivation, denoted <b>CKM_XOR_BASE_AND_DATA</b>,
-is a mechanism which provides the capability of deriving a secret key by
-performing a bit XORing of a key pointed to by a base key handle and some data.</p>
-
-<p class=MsoNormal>This mechanism takes a parameter, a <b>CK_KEY_DERIVATION_STRING_DATA</b>
-structure, which specifies the data with which to XOR the original key’s value.</p>
-
-<p class=MsoNormal>For example, if the value of the base key is 0x01234567, and
-the value of the data is 0x89ABCDEF, then the value of the derived key will be
-taken from a buffer containing the string 0x88888888.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If no length or key type is provided in the template, then the
-key produced by this mechanism will be a generic secret key.  Its length will
-be equal to the minimum of the lengths of the data and the value of the
-original key.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If no key type is provided in the template, but a length is, then
-the key produced by this mechanism will be a generic secret key of the
-specified length.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If no length is provided in the template, but a key type is, then
-that key type must have a well-defined length.  If it does, then the key
-produced by this mechanism will be of the type specified in the template.  If
-it doesn’t, an error will be returned.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If both a key type and a length are provided in the template, the
-length must be compatible with that key type.  The key produced by this
-mechanism will be of the specified type and length.</p>
-
-<p class=MsoNormal>If a DES, DES2, DES3, or CDMF key is derived with this
-mechanism, the parity bits of the key will be set properly.</p>
-
-<p class=MsoNormal>If the requested type of key requires more bytes than are
-available by taking the shorter of the data and the original key’s value, an
-error is generated.</p>
-
-<p class=MsoNormal>This mechanism has the following rules about key sensitivity
-and extractability:</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If the base key has its <b>CKA_SENSITIVE</b> attribute set to
-CK_TRUE, so does the derived key.  If not, then the derived key’s <b>CKA_SENSITIVE</b>
-attribute is set either from the supplied template or from a default value.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>Similarly, if the base key has its <b>CKA_EXTRACTABLE</b>
-attribute set to CK_FALSE, so does the derived key.  If not, then the derived
-key’s <b>CKA_EXTRACTABLE</b> attribute is set either from the supplied template
-or from a default value.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>The derived key’s <b>CKA_ALWAYS_SENSITIVE</b> attribute is set to
-CK_TRUE if and only if the base key has its <b>CKA_ALWAYS_SENSITIVE</b>
-attribute set to CK_TRUE.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>Similarly, the derived key’s <b>CKA_NEVER_EXTRACTABLE</b>
-attribute is set to CK_TRUE if and only if the base key has its <b>CKA_NEVER_EXTRACTABLE</b>
-attribute set to CK_TRUE.</p>
-
-<h3><a name="_Toc441850630"></a><a name="_Toc441162552"></a><a
-name="_Toc416960193"></a><a name="_Toc437440715"></a><a name="_Toc395187947"></a><a
-name="_Toc391471309"></a><a name="_Toc370634596"></a><a name="_Toc405794950"></a><a
-name="_Toc72656504"></a><a name="_Toc228807364"></a><a name="_Toc228894816">2.31.7
-Extraction of one key from another key</a></h3>
-
-<p class=MsoNormal>Extraction of one key from another key, denoted <b>CKM_EXTRACT_KEY_FROM_KEY</b>,
-is a mechanism which provides the capability of creating one secret key from
-the bits of another secret key.</p>
-
-<p class=MsoNormal>This mechanism has a parameter, a CK_EXTRACT_PARAMS, which
-specifies which bit of the original key should be used as the first bit of the
-newly-derived key.</p>
-
-<p class=MsoNormal>We give an example of how this mechanism works.  Suppose a
-token has a secret key with the 4-byte value 0x329F84A9.  We will derive a
-2-byte secret key from this key, starting at bit position 21 (i.e., the value
-of the parameter to the CKM_EXTRACT_KEY_FROM_KEY mechanism is 21).</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'>1.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>We write the
-key’s value in binary: 0011 0010 1001 1111 1000 0100 1010 1001.  We regard this
-binary string as holding the 32 bits of the key, labeled as b0, b1, …, b31.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'>2.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>We then
-extract 16 consecutive bits (i.e., 2 bytes) from this binary string, starting
-at bit b21.  We obtain the binary string 1001 0101 0010 0110.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'>3.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp; </span>The value
-of the new key is thus 0x9526.</p>
-
-<p class=MsoNormal>Note that when constructing the value of the derived key, it
-is permissible to wrap around the end of the binary string representing the
-original key’s value.</p>
-
-<p class=MsoNormal>If the original key used in this process is sensitive, then
-the derived key must also be sensitive for the derivation to succeed.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If no length or key type is provided in the template, then an
-error will be returned.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If no key type is provided in the template, but a length is, then
-the key produced by this mechanism will be a generic secret key of the
-specified length.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If no length is provided in the template, but a key type is, then
-that key type must have a well-defined length.  If it does, then the key
-produced by this mechanism will be of the type specified in the template.  If
-it doesn’t, an error will be returned.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If both a key type and a length are provided in the template, the
-length must be compatible with that key type.  The key produced by this
-mechanism will be of the specified type and length.</p>
-
-<p class=MsoNormal>If a DES, DES2, DES3, or CDMF key is derived with this
-mechanism, the parity bits of the key will be set properly.</p>
-
-<p class=MsoNormal>If the requested type of key requires more bytes than the
-original key has, an error is generated.</p>
-
-<p class=MsoNormal>This mechanism has the following rules about key sensitivity
-and extractability:</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>If the base key has its <b>CKA_SENSITIVE</b> attribute set to
-CK_TRUE, so does the derived key.  If not, then the derived key’s <b>CKA_SENSITIVE</b>
-attribute is set either from the supplied template or from a default value.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>Similarly, if the base key has its <b>CKA_EXTRACTABLE</b>
-attribute set to CK_FALSE, so does the derived key.  If not, then the derived
-key’s <b>CKA_EXTRACTABLE</b> attribute is set either from the supplied template
-or from a default value.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>The derived key’s <b>CKA_ALWAYS_SENSITIVE</b> attribute is set to
-CK_TRUE if and only if the base key has its <b>CKA_ALWAYS_SENSITIVE</b>
-attribute set to CK_TRUE.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>Similarly, the derived key’s <b>CKA_NEVER_EXTRACTABLE</b>
-attribute is set to CK_TRUE if and only if the base key has its <b>CKA_NEVER_EXTRACTABLE</b>
-attribute set to CK_TRUE.</p>
-
-<h2><a name="_Toc441850631"></a><a name="_Toc441162553"></a><a
-name="_Toc416960194"></a><a name="_Toc437440716"></a><a name="_Toc395187948"></a><a
-name="_Toc391471310"></a><a name="_Toc370634597"></a><a name="_Toc72656505"></a><a
-name="_Toc228807365"></a><a name="_Toc228894817"><span lang=DE-CH>2.32 </span>CMS</a></h2>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>106</span></i><i><span style='font-size:9.0pt'>, CMS Mechanisms
-vs. Functions</span></i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=132 valign=top style='width:99.35pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'><a name="_Toc72656506"></a>
-   <p class=TableSmallFont align=left style='text-align:left'><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-   </td>
-   <td width=479 colspan=7 valign=top style='width:359.4pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Functions</span></b></p>
-   </td>
-  </tr>
-  <tr>
-   <td width=132 valign=top style='width:99.35pt;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Mechanism</span></b></p>
-   </td>
-   <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Encrypt</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Decrypt</span></b></p>
-   </td>
-   <td width=66 valign=top style='width:49.5pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Sign</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Verify</span></b></p>
-   </td>
-   <td width=54 valign=top style='width:40.5pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>SR</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>VR</span></b><sup><span lang=SV style='font-size:10.0pt;
-   font-family:"Arial",sans-serif'>1</span></sup></p>
-   </td>
-   <td width=60 valign=top style='width:45.0pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>Digest</span></b></p>
-   </td>
-   <td width=77 valign=top style='width:.8in;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Gen.</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> Key/</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Pair</span></b></p>
-   </td>
-   <td width=64 valign=top style='width:48.2pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Wrap</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Unwrap</span></b></p>
-   </td>
-   <td width=56 valign=top style='width:42.1pt;border-top:solid black 1.0pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Derive</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=132 valign=top style='width:99.35pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span lang=SV style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_CMS_SIG</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=66 valign=top style='width:49.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=SV
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=77 valign=top style='width:.8in;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.2pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=56 valign=top style='width:42.1pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850632"></a><a name="_Toc441162554"></a><a
-name="_Toc416960195"></a><a name="_Toc437440717"></a><a name="_Toc395187949"></a><a
-name="_Toc391471311"></a><a name="_Toc370634598"></a><a name="_Toc228807366"></a><a
-name="_Toc228894818">2.32.1 Definitions</a></h3>
-
-<p class=MsoNormal>Mechanisms:</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_CMS_SIG                    </p>
-
-<h3><a name="_Toc441850633"></a><a name="_Toc441162555"></a><a
-name="_Toc416960196"></a><a name="_Toc437440718"></a><a name="_Toc395187950"></a><a
-name="_Toc391471312"></a><a name="_Toc370634599"></a><a name="_Toc72656507"></a><a
-name="_Toc228807367"></a><a name="_Toc228894819">2.32.2 CMS Signature Mechanism
-Objects</a></h3>
-
-<p class=MsoNormal>These objects provide information relating to the
-CKM_CMS_SIG mechanism. CKM_CMS_SIG mechanism object attributes represent
-information about supported CMS signature attributes in the token. They are
-only present on tokens supporting the <b>CKM_CMS_SIG</b> mechanism, but must be
-present on those tokens.</p>
-
-<p class=MsoCaption><a name="_Toc228807554">Table </a>107, CMS Signature
-Mechanism Object Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr style='page-break-inside:avoid;height:8.5pt'>
-   <td width=246 valign=top style='width:184.5pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt;height:8.5pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif;layout-grid-mode:line'>Attribute</span></b></p>
-   </td>
-   <td width=85 valign=top style='width:63.6pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt;height:8.5pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Data type</span></b></p>
-   </td>
-   <td width=251 valign=top style='width:188.4pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt;height:8.5pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Meaning</span></b></p>
-   </td>
-  </tr>
-  <tr style='page-break-inside:avoid'>
-   <td width=246 valign=top style='width:184.5pt;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><span lang=EN-GB
-   style='font-size:10.0pt;font-family:"Arial",sans-serif;layout-grid-mode:
-   line'>CKA_REQUIRED_CMS_ATTRIBUTES</span></p>
-   </td>
-   <td width=85 valign=top style='width:63.6pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-   font-family:"Arial",sans-serif'>Byte array</span></p>
-   </td>
-   <td width=251 valign=top style='width:188.4pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-   font-family:"Arial",sans-serif'>Attributes the token always will include in
-   the set of CMS signed attributes</span></p>
-   </td>
-  </tr>
-  <tr style='page-break-inside:avoid'>
-   <td width=246 valign=top style='width:184.5pt;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><span lang=EN-GB
-   style='font-size:10.0pt;font-family:"Arial",sans-serif;layout-grid-mode:
-   line'>CKA_DEFAULT_CMS_ATTRIBUTES</span></p>
-   </td>
-   <td width=85 valign=top style='width:63.6pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-   font-family:"Arial",sans-serif'>Byte array</span></p>
-   </td>
-   <td width=251 valign=top style='width:188.4pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-   font-family:"Arial",sans-serif'>Attributes the token will include in the set
-   of CMS signed attributes in the absence of any attributes specified by the
-   application</span></p>
-   </td>
-  </tr>
-  <tr style='page-break-inside:avoid'>
-   <td width=246 valign=top style='width:184.5pt;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><span lang=EN-GB
-   style='font-size:10.0pt;font-family:"Arial",sans-serif;layout-grid-mode:
-   line'>CKA_SUPPORTED_CMS_ATTRIBUTES</span></p>
-   </td>
-   <td width=85 valign=top style='width:63.6pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><span lang=EN-GB
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Byte array</span></p>
-   </td>
-   <td width=251 valign=top style='width:188.4pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><span lang=EN-GB
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Attributes the token
-   may include in the set of CMS signed attributes upon request by the
-   application</span></p>
-   </td>
-  </tr>
- </thead>
-</table>
-
-<p class=MsoNormal>The contents of each byte array will be a DER-encoded list
-of CMS <b><span lang=EN-GB style='font-size:9.0pt'>Attribute</span></b><b>s</b>
-with optional accompanying values. Any attributes in the list shall be
-identified with its object identifier, and any values shall be DER-encoded. The
-list of attributes is defined in ASN.1 as:</p>
-
-<p class=CCode>   Attributes ::= SET SIZE (1..MAX) OF Attribute</p>
-
-<p class=CCode>   Attribute ::= SEQUENCE {</p>
-
-<p class=CCode>        attrType    OBJECT IDENTIFIER,</p>
-
-<p class=CCode>        attrValues SET OF ANY DEFINED BY OBJECT IDENTIFIER
-OPTIONAL</p>
-
-<p class=CCode>   }</p>
-
-<p class=MsoNormal>The client may not set any of the attributes.</p>
-
-<h3><a name="_Toc441850634"></a><a name="_Toc441162556"></a><a
-name="_Toc416960197"></a><a name="_Toc437440719"></a><a name="_Toc395187951"></a><a
-name="_Toc391471313"></a><a name="_Toc370634600"></a><a name="_Toc72656508"></a><a
-name="_Toc228807368"></a><a name="_Toc228894820">2.32.3 CMS mechanism
-parameters</a></h3>
-
-<p class=name style='margin-top:12.0pt;margin-right:0in;margin-bottom:6.0pt;
-margin-left:.25in;text-indent:-.25in'><a name="_Toc72656509"></a><a
-name="_Toc228807369"><span lang=SV style='font-family:Symbol;font-weight:normal'>·<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span lang=SV style='font-family:"Arial",sans-serif'>CK_CMS_SIG_PARAMS,
-CK_CMS_SIG_PARAMS_PTR</span></a></p>
-
-<p class=MsoNormal><b>CK_CMS_SIG_PARAMS</b> is a structure that provides the
-parameters to the <b>CKM_CMS_SIG</b> mechanism. It is defined as follows:</p>
-
-<p class=CCode>typedef struct CK_CMS_SIG_PARAMS {</p>
-
-<p class=CCode>CK_OBJECT_HANDLE      certificateHandle;</p>
-
-<p class=CCode>CK_MECHANISM_PTR      pSigningMechanism;</p>
-
-<p class=CCode>CK_MECHANISM_PTR      pDigestMechanism;</p>
-
-<p class=CCode>CK_UTF8CHAR_PTR       pContentType;</p>
-
-<p class=CCode>CK_BYTE_PTR           pRequestedAttributes;</p>
-
-<p class=CCode>CK_ULONG             ulRequestedAttributesLen;</p>
-
-<p class=CCode>CK_BYTE_PTR           pRequiredAttributes;</p>
-
-<p class=CCode>CK_ULONG             ulRequiredAttributesLen;</p>
-
-<p class=CCode>} CK_CMS_SIG_PARAMS;</p>
-
-<p class=CCode><span style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<p class=MsoNormal>The fields of the structure have the following meanings:</p>
-
-<p class=definition0>                        certificateHandle       <span
-style='font-style:normal'>Object handle for a certificate associated with the
-signing key.  The token may use information from this certificate to identify
-the signer in the </span><b><span lang=EN-GB style='font-size:9.0pt;font-style:
-normal'>SignerInfo</span></b><span style='font-style:normal'> result value. </span><span
-style='font-style:normal'>CertificateHandle</span><span style='font-style:normal'>
-may be NULL_PTR if the certificate is not available as a PKCS #11 object or if
-the calling application leaves the choice of certificate completely to the
-token.</span></p>
-
-<p class=definition0>                   pSigningMechanism       <span
-style='font-style:normal'>Mechanism to use when signing a constructed CMS </span><b><span
-lang=EN-GB style='font-size:9.0pt;font-style:normal'>SignedAttributes</span></b><span
-style='font-style:normal'> value. E.g. <b>CKM_SHA1_RSA_PKCS</b>.</span></p>
-
-<p class=definition0>                    pDigestMechanism       <span
-style='font-style:normal'>Mechanism to use when digesting the data. Value shall
-be NULL_PTR when the digest mechanism to use follows from the </span><span
-style='font-style:normal'>pSigningMechanism</span><span style='font-style:normal'>
-parameter.</span></p>
-
-<p class=definition0>                            pContentType       <span
-style='font-style:normal'>NULL-terminated string indicating complete MIME
-Content-type of message to be signed; or the value NULL_PTR if the message is a
-MIME object (which the token can parse to determine its MIME Content-type if
-required). Use the value “</span><span lang=EN-AU style='font-style:normal'>application/octet-stream</span><span
-style='font-style:normal'>“ if the MIME type for the message is unknown or
-undefined.  Note that the </span><span style='font-style:normal'>pContentType</span><span
-style='font-style:normal'> string shall conform to the syntax specified in RFC
-2045, i.e. any parameters needed for correct presentation of the content by the
-token (such as, for example, a non-default “</span><span style='font-style:
-normal'>charset</span><span style='font-style:normal'>”) must be present. The
-token must follow rules and procedures defined in RFC 2045 when presenting the
-content.</span></p>
-
-<p class=definition0>                 pRequestedAttributes       <span
-style='font-style:normal'>Pointer to DER-encoded list of CMS </span><b><span
-lang=EN-GB style='font-size:9.0pt;font-style:normal'>Attributes</span></b><span
-style='font-style:normal'> the caller requests to be included in the signed
-attributes. Token may freely ignore this list or modify any supplied values.</span></p>
-
-<p class=definition0>           ulRequestedAttributesLen       <span
-style='font-style:normal'>Length in bytes of the value pointed to by </span><span
-style='font-style:normal'>pRequestedAttributes</span></p>
-
-<p class=definition0>                    pRequiredAttributes       <span
-style='font-style:normal'>Pointer to DER-encoded list of CMS </span><b><span
-lang=EN-GB style='font-size:9.0pt;font-style:normal'>Attributes</span></b><span
-style='font-style:normal'> (with accompanying values) required to be included
-in the resulting signed attributes. Token must not modify any supplied values.
-If the token does not support one or more of the attributes, or does not accept
-provided values, the signature operation will fail. The token will use its own
-default attributes when signing if both the </span><span style='font-style:
-normal'>pRequestedAttributes</span><span style='font-style:normal'> and </span><span
-style='font-style:normal'>pRequiredAttributes</span><span style='font-style:
-normal'> field are set to NULL_PTR.</span></p>
-
-<p class=definition0>              ulRequiredAttributesLen       <span
-style='font-style:normal'>Length in bytes, of the value pointed to by </span><span
-style='font-style:normal'>pRequiredAttributes</span><span style='font-style:
-normal'>.</span>       </p>
-
-<h3><a name="_Toc441850635"></a><a name="_Toc441162557"></a><a
-name="_Toc416960198"></a><a name="_Toc437440720"></a><a name="_Toc395187952"></a><a
-name="_Toc391471314"></a><a name="_Toc370634601"></a><a name="_Toc72656510"></a><a
-name="_Toc228807370"></a><a name="_Toc228894821">2.32.4 CMS signatures</a></h3>
-
-<p class=MsoNormal>The CMS mechanism, denoted <b>CKM_CMS_SIG</b>, is a
-multi-purpose mechanism based on the structures defined in PKCS #7 and RFC
-2630. It supports single- or multiple-part signatures with and without message
-recovery.  The mechanism is intended for use with, e.g., PTDs (see MeT-PTD) or
-other capable tokens. The token will construct a CMS <b><span lang=EN-GB
-style='font-size:9.0pt'>SignedAttributes</span></b> value and compute a
-signature on this value. The content of the <b><span lang=EN-GB
-style='font-size:9.0pt'>SignedAttributes</span></b> value is decided by the
-token, however the caller can suggest some attributes in the parameter <i>pRequestedAttributes</i>.
-The caller can also require some attributes to be present through the
-parameters <i>pRequiredAttributes</i>. The signature is computed in accordance
-with the parameter <i>pSigningMechanism</i>.</p>
-
-<p class=MsoNormal>When this mechanism is used in successful calls to <b>C_Sign</b>
-or <b>C_SignFinal</b>, the <i>pSignature</i> return value will point to a
-DER-encoded value of type <b><span lang=EN-GB style='font-size:9.0pt'>SignerInfo</span></b>.
-<b><span lang=EN-GB style='font-size:9.0pt'>SignerInfo</span></b> is defined in
-ASN.1 as follows (for a complete definition of all fields and types, see RFC
-2630):</p>
-
-<p class=CCode><span lang=FR>SignerInfo ::= SEQUENCE {</span></p>
-
-<p class=CCode><span lang=FR>        version CMSVersion,</span></p>
-
-<p class=CCode><span lang=FR>        sid SignerIdentifier,</span></p>
-
-<p class=CCode><span lang=FR>        digestAlgorithm DigestAlgorithmIdentifier,</span></p>
-
-<p class=CCode><span lang=FR>        signedAttrs [0] IMPLICIT SignedAttributes
-OPTIONAL,</span></p>
-
-<p class=CCode><span lang=FR>        signatureAlgorithm
-SignatureAlgorithmIdentifier,</span></p>
-
-<p class=CCode><span lang=FR>        signature SignatureValue,</span></p>
-
-<p class=CCode><span lang=FR>        unsignedAttrs [1] IMPLICIT
-UnsignedAttributes OPTIONAL }</span></p>
-
-<p class=MsoNormal>The <i>certificateHandle</i> parameter, when set, helps the
-token populate the <b><span lang=EN-GB style='font-size:9.0pt'>sid</span></b>
-field of the <b><span lang=EN-GB style='font-size:9.0pt'>SignerInfo</span></b>
-value.  If <i>certificateHandle</i> is NULL_PTR the choice of a suitable
-certificate reference in the <b><span lang=EN-GB style='font-size:9.0pt'>SignerInfo</span></b>
-result value is left to the token (the token could, e.g., interact with the
-user).</p>
-
-<p class=MsoNormal>This mechanism shall not be used in calls to <b>C_Verify</b>
-or <b>C_VerifyFinal </b>(use the <i>pSigningMechanism</i> mechanism instead).</p>
-
-<p class=MsoNormal>For the <i>pRequiredAttributes</i> field, the token may have
-to interact with the user to find out whether to accept a proposed value or
-not. The token should never accept any proposed attribute values without some
-kind of confirmation from its owner (but this could be through, e.g.,
-configuration or policy settings and not direct interaction). If a user rejects
-proposed values, or the signature request as such, the value
-CKR_FUNCTION_REJECTED shall be returned.</p>
-
-<p class=MsoNormal><span lang=EN-AU>When possible, applications should use the <b>CKM_CMS_SIG</b>
-mechanism when generating CMS-compatible signatures rather than lower-level
-mechanisms such as <b>CKM_SHA1_RSA_PKCS</b>. This is especially true when the
-signatures are to be made on content that the token is able to present to a
-user. Exceptions may include those cases where the token does not support a
-particular signing attribute. Note however that the token may refuse usage of a
-particular signature key unless the content to be signed is known (i.e. the <b>CKM_CMS_SIG</b>
-mechanism is used).</span></p>
-
-<p class=MsoNormal><span lang=EN-AU>When a token does not have presentation
-capabilities, the PKCS #11-aware application may avoid sending the whole
-message to the token by electing to use a suitable signature mechanism (e.g. <b>CKM_RSA_PKCS</b>)
-as the <i>pSigningMechanism</i> value in the <b>CK_CMS_SIG_PARAMS</b>
-structure, and digesting the message itself before passing it to the token.</span></p>
-
-<p class=MsoNormal><span lang=EN-AU>PKCS #11-aware applications making use of
-tokens with presentation capabilities, should attempt to provide messages to be
-signed by the token in a format possible for the token to present to the user.
-Tokens that receive multipart MIME-messages for which only certain parts are
-possible to present may fail the signature operation with a return value of <b>CKR_DATA_INVALID</b>,
-but may also choose to add a signing attribute indicating which parts of the
-message were possible to present.</span></p>
-
-<h2><a name="_Toc405794951"></a><a name="_Toc441850636"></a><a
-name="_Toc441162558"></a><a name="_Toc416960199"></a><a name="_Toc437440721"></a><a
-name="_Toc395187953"></a><a name="_Toc391471315"></a><a name="_Toc370634602"></a><a
-name="_Toc72656511"></a><a name="_Toc228807371"></a><a name="_Toc228894822">2.33
-Blowfish</a></h2>
-
-<p class=MsoNormal>Blowfish, a secret-key block cipher. It is a Feistel
-network, iterating a simple encryption function 16 times. The block size is 64
-bits, and the key can be any length up to 448 bits. Although there is a complex
-initialization phase required before any encryption can take place, the actual
-encryption of data is very efficient on large microprocessors.</p>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>108</span></i><i><span style='font-size:9.0pt'>, Blowfish
-Mechanisms vs. Functions</span></i></p>
-
-<table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0
- style='margin-left:.4pt;border-collapse:collapse'>
- <tr style='page-break-inside:avoid'>
-  <td width=234 valign=top style='width:175.5pt;border-top:black;border-left:
-  black;border-bottom:windowtext;border-right:windowtext;border-style:solid;
-  border-width:1.0pt;padding:0in 0in 0in 0in'><a name="_Toc72656512"></a>
-  <p class=TableSmallFont align=left style='text-align:left'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=338 colspan=7 valign=top style='width:253.5pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Functions</span></b></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.0pt;border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont align=left style='text-align:left'><b><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-  <p class=TableSmallFont align=left style='text-align:left'><b><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Mechanism</span></b></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Encrypt</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Decrypt</span></b></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Sign</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Verify</span></b></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>SR</span></b></p>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>VR</span></b><span lang=SV style='font-size:10.0pt;
-  font-family:"Arial",sans-serif;position:relative;top:-4.0pt'>1</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>&nbsp;</span></b></p>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>Digest</span></b></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Gen.</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> Key/</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Pair</span></b></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Wrap</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Unwrap</span></b></p>
-  </td>
-  <td width=55 valign=top style='width:41.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Derive</span></b></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.0pt;border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_BLOWFISH_CBC</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"MS Mincho",serif'>&#10003;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"MS Mincho",serif'>&#10003;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.0pt;border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_BLOWFISH_CBC_PAD</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"MS Mincho",serif'>&#10003;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"MS Mincho",serif'>&#10003;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 0in 0in 0in'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850637"></a><a name="_Toc441162559"></a><a
-name="_Toc416960200"></a><a name="_Toc437440722"></a><a name="_Toc395187954"></a><a
-name="_Toc391471316"></a><a name="_Toc370634603"></a><a name="_Toc228807372"></a><a
-name="_Toc228894823">2.33.1 Definitions</a></h3>
-
-<p class=MsoNormal>This section defines the key type “CKK_BLOWFISH” for type
-CK_KEY_TYPE as used in the CKA_KEY_TYPE attribute of key objects.</p>
-
-<p class=MsoNormal>Mechanisms:</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_BLOWFISH_KEY_GEN           </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_BLOWFISH_CBC               </p>
-
-<p class=MsoNormal style='margin-left:.5in'><a name="_Toc72656513">CKM_BLOWFISH_CBC_PAD</a></p>
-
-<h3><a name="_Toc441850638"></a><a name="_Toc441162560"></a><a
-name="_Toc416960201"></a><a name="_Toc437440723"></a><a name="_Toc395187955"></a><a
-name="_Toc391471317"></a><a name="_Toc370634604"></a><a name="_Toc228807373"></a><a
-name="_Toc228894824">2.33.2 BLOWFISH secret key objects</a></h3>
-
-<p class=MsoNormal style='page-break-after:avoid'>Blowfish secret key objects
-(object class CKO_SECRET_KEY, key type CKK_BLOWFISH) hold Blowfish keys.  The
-following table defines the Blowfish secret key object attributes, in addition
-to the common attributes defined for this object class:</p>
-
-<p class=MsoCaption><a name="_Toc228807555">Table </a>109, BLOWFISH Secret Key
-Object</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=174 valign=top style='width:130.5pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Attribute</span></b></p>
-   </td>
-   <td width=102 valign=top style='width:76.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Data type</span></b></p>
-   </td>
-   <td width=174 valign=top style='width:130.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_VALUE<sup>1,4,6,7</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Byte array</span></p>
-  </td>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Key value the key can be any length up to 448
-  bits. Bit length restricted to a byte array.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_VALUE_LEN<sup>2,3</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_ULONG</span></p>
-  </td>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Length in bytes of key value</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>- <span class=MsoFootnoteReference>Refer to [PKCS
-#11-Base]  table 10 for footnotes</span></sup></p>
-
-<p class=MsoNormal>The following is a sample template for creating an Blowfish
-secret key object:</p>
-
-<p class=CCode>CK_OBJECT_CLASS class = CKO_SECRET_KEY;</p>
-
-<p class=CCode>CK_KEY_TYPE keyType = CKK_BLOWFISH;</p>
-
-<p class=CCode>CK_UTF8CHAR label[] = “A blowfish secret key object”;</p>
-
-<p class=CCode>CK_BYTE value[16] = {...};</p>
-
-<p class=CCode>CK_BBOOL true = CK_TRUE;</p>
-
-<p class=CCode>CK_ATTRIBUTE template[] = {</p>
-
-<p class=CCode>  {CKA_CLASS, &amp;class, sizeof(class)},</p>
-
-<p class=CCode>  {CKA_KEY_TYPE, &amp;keyType, sizeof(keyType)},</p>
-
-<p class=CCode>  {CKA_TOKEN, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_LABEL, label, sizeof(label)-1},</p>
-
-<p class=CCode>  {CKA_ENCRYPT, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_VALUE, value, sizeof(value)}</p>
-
-<p class=CCode>};</p>
-
-<h3><a name="_Toc441850639"></a><a name="_Toc441162561"></a><a
-name="_Toc416960202"></a><a name="_Toc437440724"></a><a name="_Toc395187956"></a><a
-name="_Toc391471318"></a><a name="_Toc370634605"></a><a name="_Toc72656514"></a><a
-name="_Toc228807374"></a><a name="_Toc228894825">2.33.3 Blowfish key generation</a></h3>
-
-<p class=MsoNormal>The Blowfish key generation mechanism, denoted <b>CKM_BLOWFISH_KEY_GEN</b>,
-is a key generation mechanism Blowfish.</p>
-
-<p class=MsoNormal>It does not have a parameter.</p>
-
-<p class=MsoNormal>The mechanism generates Blowfish keys with a particular
-length, as specified in the <b>CKA_VALUE_LEN</b> attribute of the template for
-the key.</p>
-
-<p class=MsoNormal>The mechanism contributes the <b>CKA_CLASS</b>, <b>CKA_KEY_TYPE</b>,
-and <b>CKA_VALUE</b> attributes to the new key. Other attributes supported by
-the key type (specifically, the flags indicating which functions the key
-supports) may be specified in the template for the key, or else are assigned
-default initial values.</p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-key sizes in bytes.</p>
-
-<h3><a name="_Toc441850640"></a><a name="_Toc441162562"></a><a
-name="_Toc416960203"></a><a name="_Toc437440725"></a><a name="_Toc395187957"></a><a
-name="_Toc391471319"></a><a name="_Toc370634606"></a><a name="_Toc72656515"></a><a
-name="_Toc228807375"></a><a name="_Toc228894826">2.33.4 Blowfish-CBC</a></h3>
-
-<p class=MsoNormal>Blowfish-CBC, denoted <b>CKM_BLOWFISH_CBC</b>, is a
-mechanism for single- and multiple-part encryption and decryption; key
-wrapping; and key unwrapping.</p>
-
-<p class=MsoNormal>It has a parameter, a 8-byte initialization vector.</p>
-
-<p class=MsoNormal><a name="_Toc72656516"><span style='color:black'>This
-mechanism can wrap and unwrap any secret key. For wrapping, the mechanism
-encrypts the value of the <b>CKA_VALUE</b> attribute of the key that is
-wrapped, padded on the trailing end with up to block size minus one null bytes
-so that the resulting length is a multiple of the block size. The output data
-is the same length as the padded input data. It does not wrap the key type, key
-length, or any other information about the key; the application must convey
-these separately. </span></a></p>
-
-<p class=MsoNormal><span style='color:black'>For unwrapping, the mechanism
-decrypts the wrapped key, and truncates the result according to the <b>CKA_KEY_TYPE</b>
-attribute of the template and, if it has one, and the key type supports it, the
-<b>CKA_VALUE_LEN</b> attribute of the template. The mechanism contributes the
-result as the <b>CKA_VALUE</b> attribute of the new key; other attributes
-required by the key type must be specified in the template. </span></p>
-
-<p class=MsoNormal><span style='color:black'>Constraints on key types and the
-length of data are summarized in the following table: </span></p>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt;color:black'>Table </span></i><i><span style='font-size:9.0pt'>110</span></i><i><span style='font-size:9.0pt;
-color:black'>, BLOWFISH-CBC: Key and Data Length</span></i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=174 valign=top style='width:130.5pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=102 valign=top style='width:76.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=174 valign=top style='width:130.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Input Length</span></b></p>
-   </td>
-   <td width=174 valign=top style='width:130.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Output Length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Encrypt</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>BLOWFISH</span></p>
-  </td>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Multiple of block size</span></p>
-  </td>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Same as input length</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Decrypt</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>BLOWFISH</span></p>
-  </td>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Multiple of block size</span></p>
-  </td>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Same as input length</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_WrapKey</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>BLOWFISH</span></p>
-  </td>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Any</span></p>
-  </td>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Input length rounded up to multiple of the
-  block size</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_UnwrapKey</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>BLOWFISH</span></p>
-  </td>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Multiple of block size</span></p>
-  </td>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:9.0pt;
-  font-family:"Arial",sans-serif'>Determined by type of key being unwrapped or
-  CKA_VALUE_LEN</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>For this mechanism, the ulMinKeySize and ulMaxKeySize fields
-of the <b>CK_MECHANISM_INFO </b>structure specify the supported range of
-BLOWFISH key sizes, in bytes. </p>
-
-<h3><a name="_Toc441850641"></a><a name="_Toc441162563"></a><a
-name="_Toc416960204"></a><a name="_Toc437440726"></a><a name="_Toc395187958"></a><a
-name="_Toc391471320"></a><a name="_Toc370634607"></a><a name="_Toc228807376"></a><a
-name="_Toc228894827">2.33.5 Blowfish-CBC with PKCS padding</a></h3>
-
-<p class=MsoNormal>Blowfish-CBC-PAD, denoted CKM_BLOWFISH_CBC_PAD, is a
-mechanism for single- and multiple-part encryption and decryption, key wrapping
-and key unwrapping, cipher-block chaining mode and the block cipher padding
-method detailed in PKCS #7.</p>
-
-<p class=MsoNormal>It has a parameter, a 8-byte initialization vector.</p>
-
-<p class=MsoNormal>The PKCS padding in this mechanism allows the length of the
-plaintext value to be recovered from the ciphertext value. Therefore, when
-unwrapping keys with this mechanism, no value should be specified for the <b>CKA_VALUE_LEN</b>
-attribute.</p>
-
-<p class=MsoNormal>The entries in the table below for data length constraints
-when wrapping and unwrapping keys do not apply to wrapping and unwrapping
-private keys. </p>
-
-<p class=MsoNormal>Constraints on key types and the length of data are
-summarized in the following table: </p>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>&nbsp;</span></i></p>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>111</span></i><i><span style='font-size:9.0pt'>,
-BLOWFISH-CBC with PKCS Padding: Key and Data Length</span></i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=174 valign=top style='width:130.5pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=102 valign=top style='width:76.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=174 valign=top style='width:130.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Input Length</span></b></p>
-   </td>
-   <td width=174 valign=top style='width:130.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Output Length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Encrypt</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>BLOWFISH</span></p>
-  </td>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Any</span></p>
-  </td>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:9.0pt;
-  font-family:"Arial",sans-serif'>Input length rounded up to multiple of the
-  block size</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Decrypt</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>BLOWFISH</span></p>
-  </td>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Multiple of block size</span></p>
-  </td>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Between 1 and block length block size bytes
-  shorter than input length</span></p>
-  </td>
- </tr>
- <tr style='height:17.25pt'>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.25pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_WrapKey</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.25pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>BLOWFISH</span></p>
-  </td>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.25pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Any</span></p>
-  </td>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.25pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Input length rounded up to multiple of the
-  block size</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_UnwrapKey</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>BLOWFISH</span></p>
-  </td>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Multiple of block size</span></p>
-  </td>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:9.0pt;
-  font-family:"Arial",sans-serif'>Between 1 and block length block size bytes
-  shorter than input length</span></p>
-  </td>
- </tr>
-</table>
-
-<h2><a name="_Toc441850642"></a><a name="_Toc441162564"></a><a
-name="_Toc416960205"></a><a name="_Toc437440727"></a><a name="_Toc395187959"></a><a
-name="_Toc391471321"></a><a name="_Toc370634608"></a><a name="_Toc228807377"></a><a
-name="_Toc228894828">2.34 Twofish</a></h2>
-
-<p class=MsoNormal>Ref<a
-href="file:///D:/blp/data/.%20http:/www.counterpane.com/twofish-brief.html">. https://www.schneier.com/twofish.html</a></p>
-
-<h3><a name="_Toc441850643"></a><a name="_Toc441162565"></a><a
-name="_Toc416960206"></a><a name="_Toc437440728"></a><a name="_Toc395187960"></a><a
-name="_Toc391471322"></a><a name="_Toc370634609"></a><a name="_Toc72656517"></a><a
-name="_Toc228807378"></a><a name="_Toc228894829">2.34.1 Definitions</a></h3>
-
-<p class=MsoNormal>This section defines the key type “CKK_TWOFISH” for type
-CK_KEY_TYPE as used in the CKA_KEY_TYPE attribute of key objects.</p>
-
-<p class=MsoNormal>Mechanisms:</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_TWOFISH_KEY_GEN            </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_TWOFISH_CBC                </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_TWOFISH_CBC_PAD</p>
-
-<p class=CCode><span style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<h3><a name="_Toc441850644"></a><a name="_Toc441162566"></a><a
-name="_Toc416960207"></a><a name="_Toc437440729"></a><a name="_Toc395187961"></a><a
-name="_Toc391471323"></a><a name="_Toc370634610"></a><a name="_Toc72656518"></a><a
-name="_Toc228807379"></a><a name="_Toc228894830">2.34.2 Twofish secret key
-objects</a></h3>
-
-<p class=MsoNormal>Twofish secret key objects (object class <b>CKO_SECRET_KEY, </b>key
-type <b>CKK_TWOFISH</b>) hold Twofish keys.  The following table defines the
-Twofish secret key object attributes, in addition to the common attributes
-defined for this object class:</p>
-
-<p class=MsoCaption><a name="_Toc228807556">Table </a>112, Twofish Secret Key
-Object</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=174 valign=top style='width:130.5pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Attribute</span></b></p>
-   </td>
-   <td width=102 valign=top style='width:76.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Data type</span></b></p>
-   </td>
-   <td width=174 valign=top style='width:130.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_VALUE<sup>1,4,6,7</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Byte array</span></p>
-  </td>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Key value 128-, 192-, or 256-bit key</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_VALUE_LEN<sup>2,3</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_ULONG</span></p>
-  </td>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Length in bytes of key value</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>- <span class=MsoFootnoteReference>Refer to [PKCS
-#11-Base]  table 10 for footnotes</span></sup></p>
-
-<p class=MsoNormal>The following is a sample template for creating an TWOFISH
-secret key object:</p>
-
-<p class=CCode>CK_OBJECT_CLASS class = CKO_SECRET_KEY;</p>
-
-<p class=CCode>CK_KEY_TYPE keyType = CKK_TWOFISH;</p>
-
-<p class=CCode>CK_UTF8CHAR label[] = “A twofish secret key object”;</p>
-
-<p class=CCode>CK_BYTE value[16] = {...};</p>
-
-<p class=CCode>CK_BBOOL true = CK_TRUE;</p>
-
-<p class=CCode>CK_ATTRIBUTE template[] = {</p>
-
-<p class=CCode>  {CKA_CLASS, &amp;class, sizeof(class)},</p>
-
-<p class=CCode>  {CKA_KEY_TYPE, &amp;keyType, sizeof(keyType)},</p>
-
-<p class=CCode>  {CKA_TOKEN, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_LABEL, label, sizeof(label)-1},</p>
-
-<p class=CCode>  {CKA_ENCRYPT, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_VALUE, value, sizeof(value)}</p>
-
-<p class=CCode>};</p>
-
-<h3><a name="_Toc441850645"></a><a name="_Toc441162567"></a><a
-name="_Toc416960208"></a><a name="_Toc437440730"></a><a name="_Toc395187962"></a><a
-name="_Toc391471324"></a><a name="_Toc370634611"></a><a name="_Toc72656519"></a><a
-name="_Toc228807380"></a><a name="_Toc228894831">2.34.3 Twofish key generation</a></h3>
-
-<p class=MsoNormal>The Twofish key generation mechanism, denoted <b>CKM_TWOFISH_KEY_GEN</b>,
-is a key generation mechanism Twofish.</p>
-
-<p class=MsoNormal>It does not have a parameter.</p>
-
-<p class=MsoNormal>The mechanism generates Blowfish keys with a particular
-length, as specified in the <b>CKA_VALUE_LEN</b> attribute of the template for
-the key.</p>
-
-<p class=MsoNormal>The mechanism contributes the <b>CKA_CLASS</b>, <b>CKA_KEY_TYPE</b>,
-and <b>CKA_VALUE</b> attributes to the new key. Other attributes supported by
-the key type (specifically, the flags indicating which functions the key
-supports) may be specified in the template for the key, or else are assigned
-default initial values.</p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-key sizes, in bytes.</p>
-
-<h3><a name="_Toc441850646"></a><a name="_Toc441162568"></a><a
-name="_Toc416960209"></a><a name="_Toc437440731"></a><a name="_Toc395187963"></a><a
-name="_Toc391471325"></a><a name="_Toc370634612"></a><a name="_Toc72656520"></a><a
-name="_Toc228807381"></a><a name="_Toc228894832">2.34.4 Twofish -CBC</a></h3>
-
-<p class=MsoNormal>Twofish-CBC, denoted <b>CKM_TWOFISH_CBC</b>, is a mechanism
-for single- and multiple-part encryption and decryption; key wrapping; and key
-unwrapping.</p>
-
-<p class=MsoNormal>It has a parameter, a 16-byte initialization vector.</p>
-
-<h3><a name="_Toc151796122"></a><a name="_Toc441850647"></a><a
-name="_Toc441162569"></a><a name="_Toc416960210"></a><a name="_Toc437440732"></a><a
-name="_Toc395187964"></a><a name="_Toc391471326"></a><a name="_Toc370634613"></a><a
-name="_Toc228807382"></a><a name="_Toc228894833">2.34.5 Twofish-CBC with PKCS
-padding</a></h3>
-
-<p class=MsoNormal>Twofish-CBC-PAD, denoted CKM_TWOFISH_CBC_PAD, is a mechanism
-for single- and multiple-part encryption and decryption, key wrapping and key
-unwrapping, cipher-block chaining mode and the block cipher padding method
-detailed in PKCS #7.</p>
-
-<p class=MsoNormal>It has a parameter, a 16-byte initialization vector.</p>
-
-<p class=MsoNormal>The PKCS padding in this mechanism allows the length of the
-plaintext value to be recovered from the ciphertext value. Therefore, when
-unwrapping keys with this mechanism, no value should be specified for the <b>CKA_VALUE_LEN</b>
-attribute.</p>
-
-<h2><a name="_Toc441850648"></a><a name="_Toc441162570"></a><a
-name="_Toc416960211"></a><a name="_Toc437440733"></a><a name="_Toc395187965"></a><a
-name="_Toc391471327"></a><a name="_Toc370634614"></a><a name="_Toc228807383"></a><a
-name="_Toc228894834">2.35 CAMELLIA</a></h2>
-
-<p class=MsoNormal>Camellia is a block cipher with 128-bit block size and 128-,
-192-, and 256-bit keys, similar to AES. Camellia is described e.g. in IETF RFC
-3713.</p>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>113</span></i><i><span style='font-size:9.0pt'>, Camellia
-Mechanisms vs. Functions</span></i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0 width=638
- style='width:478.65pt;border-collapse:collapse;border:none'>
- <tr>
-  <td width=267 rowspan=2 valign=top style='width:200.3pt;border:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left'><a
-  name="_Toc151796123"></a><a name="_Toc76209547"></a><a name="_Toc148506046"></a><a
-  name="_Toc148505531"></a><a name="_Toc148506045"></a><a name="_Toc148505530"></a><a
-  name="_Toc148506044"></a><a name="_Toc148505529"></a><b><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-  <p class=TableSmallFont align=left style='text-align:left'><b><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Mechanism</span></b></p>
-  </td>
-  <td width=371 colspan=7 valign=top style='width:278.35pt;border:solid windowtext 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Functions</span></b></p>
-  </td>
- </tr>
- <tr>
-  <td width=64 valign=top style='width:48.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Encrypt</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Decrypt</span></b></p>
-  </td>
-  <td width=51 valign=top style='width:38.6pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Sign</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Verify</span></b></p>
-  </td>
-  <td width=38 valign=top style='width:28.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>SR</span></b></p>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>VR</span></b><sup><span lang=SV style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>1</span></sup></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>&nbsp;</span></b></p>
-  <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-  "Arial",sans-serif'>Digest</span></b></p>
-  </td>
-  <td width=44 valign=top style='width:33.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Gen.</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> Key/</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Pair</span></b></p>
-  </td>
-  <td width=63 valign=top style='width:47.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Wrap</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Unwrap</span></b></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-  <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Derive</span></b></p>
-  </td>
- </tr>
- <tr>
-  <td width=267 valign=top style='width:200.3pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>CAMELLIA</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>_KEY_GEN</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=51 valign=top style='width:38.6pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=38 valign=top style='width:28.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=44 valign=top style='width:33.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=267 valign=top style='width:200.3pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>CAMELLIA</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>_ECB</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=51 valign=top style='width:38.6pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=38 valign=top style='width:28.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=44 valign=top style='width:33.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=267 valign=top style='width:200.3pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>CAMELLIA</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>_CBC</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=51 valign=top style='width:38.6pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=38 valign=top style='width:28.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=44 valign=top style='width:33.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=267 valign=top style='width:200.3pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>CAMELLIA</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>_CBC_PAD</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=51 valign=top style='width:38.6pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=38 valign=top style='width:28.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=44 valign=top style='width:33.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=267 valign=top style='width:200.3pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>CAMELLIA</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>_MAC_GENERAL</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=51 valign=top style='width:38.6pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=38 valign=top style='width:28.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=44 valign=top style='width:33.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=267 valign=top style='width:200.3pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>CAMELLIA</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>_MAC</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=51 valign=top style='width:38.6pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=38 valign=top style='width:28.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=44 valign=top style='width:33.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=267 valign=top style='width:200.3pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=CCode style='margin-left:0in;text-indent:0in'><span lang=IT
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_</span><span
-  lang=IT style='font-size:10.0pt;font-family:"Arial",sans-serif'>CAMELLIA</span><span
-  lang=IT style='font-size:10.0pt;font-family:"Arial",sans-serif'>_ECB_ENCRYPT_DATA</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=IT
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=51 valign=top style='width:38.6pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=IT
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=38 valign=top style='width:28.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=IT
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=IT
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=44 valign=top style='width:33.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=IT
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=IT
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=267 valign=top style='width:200.3pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>CAMELLIA</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>_CBC_ENCRYPT_DATA</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=51 valign=top style='width:38.6pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=38 valign=top style='width:28.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=44 valign=top style='width:33.05pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=63 valign=top style='width:47.5pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=55 valign=top style='width:41.4pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850649"></a><a name="_Toc441162571"></a><a
-name="_Toc416960212"></a><a name="_Toc437440734"></a><a name="_Toc395187966"></a><a
-name="_Toc391471328"></a><a name="_Toc370634615"></a><a name="_Toc228807384"></a><a
-name="_Toc228894835">2.35.1 Definitions</a></h3>
-
-<p class=MsoNormal>This section defines the key type “CKK_CAMELLIA” for type
-CK_KEY_TYPE as used in the CKA_KEY_TYPE attribute of key objects.</p>
-
-<p class=MsoNormal>Mechanisms:</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_CAMELLIA_KEY_GEN               
-</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_CAMELLIA_ECB                   
-</p>
-
-<p class=MsoNormal style='margin-left:.5in'><span lang=IT>CKM_CAMELLIA_CBC                   
-</span></p>
-
-<p class=MsoNormal style='margin-left:.5in'><span lang=IT>CKM_CAMELLIA_MAC                   
-</span></p>
-
-<p class=MsoNormal style='margin-left:.5in'><span lang=IT>CKM_CAMELLIA_MAC_GENERAL           
-</span></p>
-
-<p class=MsoNormal style='margin-left:.5in'><span lang=IT>CKM_CAMELLIA_CBC_PAD               
-</span></p>
-
-<h3><a name="_Toc441850650"></a><a name="_Toc441162572"></a><a
-name="_Toc416960213"></a><a name="_Toc437440735"></a><a name="_Toc395187967"></a><a
-name="_Toc391471329"></a><a name="_Toc370634616"></a><a name="_Toc76209548"></a><a
-name="_Toc151796124"></a><a name="_Toc228807385"></a><a name="_Toc228894836">2.35.2
-Camellia secret key objects</a></h3>
-
-<p class=MsoNormal>Camellia secret key objects (object class <b>CKO_SECRET_KEY,
-</b>key type <b>CKK_CAMELLIA</b>) hold Camellia keys.  The following table
-defines the Camellia secret key object attributes, in addition to the common
-attributes defined for this object class:</p>
-
-<p class=MsoCaption><a name="_Toc76209865"></a><a name="_Toc151796154"></a><a
-name="_Toc228807557">Table </a>114, Camellia Secret Key Object Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=174 valign=top style='width:130.5pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Attribute</span></b></p>
-   </td>
-   <td width=102 valign=top style='width:76.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Data type</span></b></p>
-   </td>
-   <td width=171 valign=top style='width:128.4pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_VALUE<sup>1,4,6,7</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Byte array</span></p>
-  </td>
-  <td width=171 valign=top style='width:128.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Key value (16, 24, or 32 bytes)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_VALUE_LEN<sup>2,3,6</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_ULONG</span></p>
-  </td>
-  <td width=171 valign=top style='width:128.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Length in bytes of key value</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>- <span class=MsoFootnoteReference>Refer to [PKCS
-#11-Base]  table 10 for footnotes.</span></sup></p>
-
-<p class=MsoNormal>The following is a sample template for creating a Camellia
-secret key object:</p>
-
-<p class=CCode>CK_OBJECT_CLASS class = CKO_SECRET_KEY;</p>
-
-<p class=CCode>CK_KEY_TYPE keyType = CKK_CAMELLIA;</p>
-
-<p class=CCode>CK_UTF8CHAR label[] = “A Camellia secret key object”;</p>
-
-<p class=CCode>CK_BYTE value[] = {...};</p>
-
-<p class=CCode>CK_BBOOL true = CK_TRUE;</p>
-
-<p class=CCode>CK_ATTRIBUTE template[] = {</p>
-
-<p class=CCode>  {CKA_CLASS, &amp;class, sizeof(class)},</p>
-
-<p class=CCode>  {CKA_KEY_TYPE, &amp;keyType, sizeof(keyType)},</p>
-
-<p class=CCode>  {CKA_TOKEN, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_LABEL, label, sizeof(label)-1},</p>
-
-<p class=CCode>  {CKA_ENCRYPT, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_VALUE, value, sizeof(value)}</p>
-
-<p class=CCode>};</p>
-
-<h3><a name="_Toc441850651"></a><a name="_Toc441162573"></a><a
-name="_Toc416960214"></a><a name="_Toc437440736"></a><a name="_Toc395187968"></a><a
-name="_Toc391471330"></a><a name="_Toc370634617"></a><a name="_Toc228894837"></a><a
-name="_Toc228807386"></a><a name="_Toc151796125"></a><a name="_Toc76209549"></a><a
-name="_Toc148505534"></a><a name="_Toc148506049"></a>2.35.3 Camellia key
-generation</h3>
-
-<p class=MsoNormal>The Camellia key generation mechanism, denoted
-CKM_CAMELLIA_KEY_GEN, is a key generation mechanism for Camellia.</p>
-
-<p class=MsoNormal>It does not have a parameter.</p>
-
-<p class=MsoNormal>The mechanism generates Camellia keys with a particular
-length in bytes, as specified in the <b>CKA_VALUE_LEN</b> attribute of the
-template for the key.</p>
-
-<p class=MsoNormal>The mechanism contributes the <b>CKA_CLASS</b>, <b>CKA_KEY_TYPE</b>,
-and <b>CKA_VALUE</b> attributes to the new key. Other attributes supported by
-the Camellia key type (specifically, the flags indicating which functions the
-key supports) may be specified in the template for the key, or else are
-assigned default initial values.</p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-Camellia key sizes, in bytes.</p>
-
-<h3><a name="_Toc441850652"></a><a name="_Toc441162574"></a><a
-name="_Toc416960215"></a><a name="_Toc437440737"></a><a name="_Toc395187969"></a><a
-name="_Toc391471331"></a><a name="_Toc370634618"></a><a name="_Toc76209550"></a><a
-name="_Toc151796126"></a><a name="_Toc228807387"></a><a name="_Toc228894838">2.35.4
-Camellia-ECB</a></h3>
-
-<p class=MsoNormal>Camellia-ECB, denoted <b>CKM_CAMELLIA_ECB</b>, is a
-mechanism for single- and multiple-part encryption and decryption; key
-wrapping; and key unwrapping, based on Camellia and electronic codebook mode.</p>
-
-<p class=MsoNormal>It does not have a parameter.</p>
-
-<p class=MsoNormal>This mechanism can wrap and unwrap any secret key.  Of
-course, a particular token may not be able to wrap/unwrap every secret key that
-it supports.  For wrapping, the mechanism encrypts the value of the <b>CKA_VALUE</b>
-attribute of the key that is wrapped, padded on the trailing end with up to
-block size minus one null bytes so that the resulting length is a multiple of
-the block size. The output data is the same length as the padded input data. It
-does not wrap the key type, key length, or any other information about the key;
-the application must convey these separately.</p>
-
-<p class=MsoNormal>For unwrapping, the mechanism decrypts the wrapped key, and
-truncates the result according to the <b>CKA_KEY_TYPE</b> attribute of the
-template and, if it has one, and the key type supports it, the <b>CKA_VALUE_LEN</b>
-attribute of the template.  The mechanism contributes the result as the <b>CKA_VALUE
-</b>attribute of the new key; other attributes required by the key type must be
-specified in the template.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of data are
-summarized in the following table:</p>
-
-<p class=MsoCaption><a name="_Toc76209866"></a><a name="_Toc151796155"></a><a
-name="_Toc228807558">Table </a>115, Camellia-ECB: Key and Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=114 valign=top style='width:85.5pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=138 valign=top style='width:103.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=78 valign=top style='width:58.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=162 valign=top style='width:121.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Output length</span></b></p>
-   </td>
-   <td width=91 valign=top style='width:.95in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Comments</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Encrypt</span></p>
-  </td>
-  <td width=138 valign=top style='width:103.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKK_CAMELLIA</span></p>
-  </td>
-  <td width=78 valign=top style='width:58.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>multiple of block
-  size</span></p>
-  </td>
-  <td width=162 valign=top style='width:121.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>same as input length</span></p>
-  </td>
-  <td width=91 valign=top style='width:.95in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>no final part</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Decrypt</span></p>
-  </td>
-  <td width=138 valign=top style='width:103.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKK_CAMELLIA</span></p>
-  </td>
-  <td width=78 valign=top style='width:58.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>multiple of block
-  size</span></p>
-  </td>
-  <td width=162 valign=top style='width:121.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>same as input length</span></p>
-  </td>
-  <td width=91 valign=top style='width:.95in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>no final part</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_WrapKey</span></p>
-  </td>
-  <td width=138 valign=top style='width:103.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKK_CAMELLIA</span></p>
-  </td>
-  <td width=78 valign=top style='width:58.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=162 valign=top style='width:121.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>input length rounded
-  up to multiple of block size</span></p>
-  </td>
-  <td width=91 valign=top style='width:.95in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_UnwrapKey</span></p>
-  </td>
-  <td width=138 valign=top style='width:103.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKK_CAMELLIA</span></p>
-  </td>
-  <td width=78 valign=top style='width:58.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>multiple of block
-  size</span></p>
-  </td>
-  <td width=162 valign=top style='width:121.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>determined by type of
-  key being unwrapped or CKA_VALUE_LEN</span></p>
-  </td>
-  <td width=91 valign=top style='width:.95in;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-Camellia key sizes, in bytes.</p>
-
-<h3><a name="_Toc441850653"></a><a name="_Toc441162575"></a><a
-name="_Toc416960216"></a><a name="_Toc437440738"></a><a name="_Toc395187970"></a><a
-name="_Toc391471332"></a><a name="_Toc370634619"></a><a name="_Toc76209551"></a><a
-name="_Toc151796127"></a><a name="_Toc228807388"></a><a name="_Toc228894839">2.35.5
-Camellia-CBC</a></h3>
-
-<p class=MsoNormal>Camellia-CBC, denoted <b>CKM_CAMELLIA_CBC</b>, is a
-mechanism for single- and multiple-part encryption and decryption; key
-wrapping; and key unwrapping, based on Camellia and cipher-block chaining mode.</p>
-
-<p class=MsoNormal>It has a parameter, a 16-byte initialization vector.</p>
-
-<p class=MsoNormal>This mechanism can wrap and unwrap any secret key.  Of
-course, a particular token may not be able to wrap/unwrap every secret key that
-it supports.  For wrapping, the mechanism encrypts the value of the <b>CKA_VALUE</b>
-attribute of the key that is wrapped, padded on the trailing end with up to
-block size minus one null bytes so that the resulting length is a multiple of
-the block size. The output data is the same length as the padded input data. It
-does not wrap the key type, key length, or any other information about the key;
-the application must convey these separately.</p>
-
-<p class=MsoNormal>For unwrapping, the mechanism decrypts the wrapped key, and
-truncates the result according to the <b>CKA_KEY_TYPE</b> attribute of the
-template and, if it has one, and the key type supports it, the <b>CKA_VALUE_LEN</b>
-attribute of the template.  The mechanism contributes the result as the <b>CKA_VALUE</b>
-attribute of the new key; other attributes required by the key type must be
-specified in the template.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of data are
-summarized in the following table:</p>
-
-<p class=MsoCaption><a name="_Toc76209867"></a><a name="_Toc151796156"></a><a
-name="_Toc228807559">Table </a>116, Camellia-CBC: Key and Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=114 valign=top style='width:85.5pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=138 valign=top style='width:103.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=90 valign=top style='width:67.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=150 valign=top style='width:112.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Output length</span></b></p>
-   </td>
-   <td width=90 valign=top style='width:67.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Comments</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Encrypt</span></p>
-  </td>
-  <td width=138 valign=top style='width:103.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKK_CAMELLIA</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>multiple of block
-  size</span></p>
-  </td>
-  <td width=150 valign=top style='width:112.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>same as input length</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>no final part</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Decrypt</span></p>
-  </td>
-  <td width=138 valign=top style='width:103.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKK_CAMELLIA</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>multiple of block
-  size</span></p>
-  </td>
-  <td width=150 valign=top style='width:112.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>same as input length</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>no final part</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_WrapKey</span></p>
-  </td>
-  <td width=138 valign=top style='width:103.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKK_CAMELLIA</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=150 valign=top style='width:112.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>input length rounded
-  up to multiple of the block size</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_UnwrapKey</span></p>
-  </td>
-  <td width=138 valign=top style='width:103.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKK_CAMELLIA</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>multiple of block
-  size</span></p>
-  </td>
-  <td width=150 valign=top style='width:112.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>determined by type of
-  key being unwrapped or CKA_VALUE_LEN</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-Camellia key sizes, in bytes.</p>
-
-<h3><a name="_Toc441850654"></a><a name="_Toc441162576"></a><a
-name="_Toc416960217"></a><a name="_Toc437440739"></a><a name="_Toc395187971"></a><a
-name="_Toc391471333"></a><a name="_Toc370634620"></a><a name="_Toc76209552"></a><a
-name="_Toc151796128"></a><a name="_Toc228807389"></a><a name="_Toc228894840">2.35.6
-Camellia-CBC with PKCS padding</a></h3>
-
-<p class=MsoNormal>Camellia-CBC with PKCS padding, denoted <b>CKM_CAMELLIA_CBC_PAD</b>,
-is a mechanism for single- and multiple-part encryption and decryption; key
-wrapping; and key unwrapping, based on Camellia; cipher-block chaining mode;
-and the block cipher padding method detailed in PKCS #7.</p>
-
-<p class=MsoNormal>It has a parameter, a 16-byte initialization vector.</p>
-
-<p class=MsoNormal>The PKCS padding in this mechanism allows the length of the
-plaintext value to be recovered from the ciphertext value.  Therefore, when
-unwrapping keys with this mechanism, no value should be specified for the <b>CKA_VALUE_LEN</b>
-attribute.</p>
-
-<p class=MsoNormal>In addition to being able to wrap and unwrap secret keys,
-this mechanism can wrap and unwrap RSA, Diffie-Hellman, X9.42 Diffie-Hellman,
-EC (also related to ECDSA) and DSA private keys (see Section TBA for details). 
-The entries in the table below for data length constraints when wrapping and
-unwrapping keys do not apply to wrapping and unwrapping private keys.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of data are
-summarized in the following table:</p>
-
-<p class=MsoCaption><a name="_Toc76209868"></a><a name="_Toc151796157"></a><a
-name="_Toc228807560">Table </a>117, Camellia-CBC with PKCS Padding: Key and
-Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=114 valign=top style='width:85.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=138 valign=top style='width:103.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=90 valign=top style='width:67.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=198 valign=top style='width:148.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Output length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border:solid black 1.0pt;
-  border-left:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Encrypt</span></p>
-  </td>
-  <td width=138 valign=top style='width:103.5pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKK_CAMELLIA</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=198 valign=top style='width:148.5pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>input length rounded
-  up to multiple of the block size</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Decrypt</span></p>
-  </td>
-  <td width=138 valign=top style='width:103.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKK_CAMELLIA</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>multiple of block
-  size</span></p>
-  </td>
-  <td width=198 valign=top style='width:148.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>between 1 and block
-  size bytes shorter than input length</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_WrapKey</span></p>
-  </td>
-  <td width=138 valign=top style='width:103.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKK_CAMELLIA</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=198 valign=top style='width:148.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>input length rounded
-  up to multiple of the block size</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_UnwrapKey</span></p>
-  </td>
-  <td width=138 valign=top style='width:103.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKK_CAMELLIA</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>multiple of block
-  size</span></p>
-  </td>
-  <td width=198 valign=top style='width:148.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>between 1 and block
-  length bytes shorter than input length</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-Camellia key sizes, in bytes.</p>
-
-<h3><a name="_Toc441850655"></a><a name="_Toc441162577"></a><a
-name="_Toc416960218"></a><a name="_Toc437440740"></a><a name="_Toc395187972"></a><a
-name="_Toc391471334"></a><a name="_Toc370634621"></a><a name="_Toc76209553"></a><a
-name="_Toc151796129"></a><a name="_Toc228807390"></a><a name="_Toc228894841">2.35.7
-General-length Camellia-MAC</a></h3>
-
-<p class=MsoNormal>General-length Camellia -MAC, denoted
-CKM_CAMELLIA_MAC_GENERAL, is a mechanism for single- and multiple-part
-signatures and verification, based on Camellia  and data authentication as
-defined in.[CAMELLIA]</p>
-
-<p class=MsoNormal>It has a parameter, a <b>CK_MAC_GENERAL_PARAMS </b>structure,
-which specifies the output length desired from the mechanism.</p>
-
-<p class=MsoNormal>The output bytes from this mechanism are taken from the
-start of the final Camellia cipher block produced in the MACing process.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of data are summarized
-in the following table:</p>
-
-<p class=MsoCaption><a name="_Toc76209869"></a><a name="_Toc151796158"></a><a
-name="_Toc228807561">Table </a>118, General-length Camellia-MAC: Key and Data
-Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=78 valign=top style='width:58.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=144 valign=top style='width:1.5in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='text-align:justify;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=64 valign=top style='width:48.15pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Data length</span></b></p>
-   </td>
-   <td width=266 valign=top style='width:199.35pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Signature length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=78 valign=top style='width:58.5pt;border:solid black 1.0pt;
-  border-left:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>C_Sign</span></p>
-  </td>
-  <td width=144 valign=top style='width:1.5in;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>CKK_CAMELLIA</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.15pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=266 valign=top style='width:199.35pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>0-block size, as
-  specified in parameters</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=78 valign=top style='width:58.5pt;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Verify</span></p>
-  </td>
-  <td width=144 valign=top style='width:1.5in;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>CKK_CAMELLIA</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.15pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=266 valign=top style='width:199.35pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>0-block size, as
-  specified in parameters</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-Camellia key sizes, in bytes.</p>
-
-<h3><a name="_Toc441850656"></a><a name="_Toc441162578"></a><a
-name="_Toc416960219"></a><a name="_Toc437440741"></a><a name="_Toc395187973"></a><a
-name="_Toc391471335"></a><a name="_Toc370634622"></a><a name="_Toc76209554"></a><a
-name="_Toc151796130"></a><a name="_Toc228807391"></a><a name="_Toc228894842">2.35.8
-Camellia-MAC</a></h3>
-
-<p class=MsoNormal>Camellia-MAC, denoted by <b>CKM_CAMELLIA_MAC</b>, is a
-special case of the general-length Camellia-MAC mechanism. Camellia-MAC always
-produces and verifies MACs that are half the block size in length.</p>
-
-<p class=MsoNormal>It does not have a parameter.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of data are
-summarized in the following table:</p>
-
-<p class=MsoCaption><a name="_Toc76209870"></a><a name="_Toc151796159"></a><a
-name="_Toc228807562">Table </a>119, Camellia-MAC: Key and Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=78 valign=top style='width:58.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=150 valign=top style='width:112.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=58 valign=top style='width:43.65pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Data length</span></b></p>
-   </td>
-   <td width=212 valign=top style='width:158.85pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Signature length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=78 valign=top style='width:58.5pt;border:solid black 1.0pt;
-  border-left:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>C_Sign</span></p>
-  </td>
-  <td width=150 valign=top style='width:112.5pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>CKK_CAMELLIA</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.65pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=212 valign=top style='width:158.85pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>½ block size (8
-  bytes)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=78 valign=top style='width:58.5pt;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Verify</span></p>
-  </td>
-  <td width=150 valign=top style='width:112.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKK_CAMELLIA</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.65pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=212 valign=top style='width:158.85pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>½ block size (8
-  bytes)</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-Camellia key sizes, in bytes.</p>
-
-<h2><a name="_Toc441850657"></a><a name="_Toc441162579"></a><a
-name="_Toc416960220"></a><a name="_Toc437440742"></a><a name="_Toc395187974"></a><a
-name="_Toc391471336"></a><a name="_Toc370634623"></a><a name="_Toc151796131"></a><a
-name="_Toc228807392"></a><a name="_Toc228894843">2.36 Key derivation by data
-encryption - Camellia</a></h2>
-
-<p class=MsoNormal>These mechanisms allow derivation of keys using the result
-of an encryption operation as the key value. They are for use with the
-C_DeriveKey function.</p>
-
-<h3><a name="_Toc441850658"></a><a name="_Toc441162580"></a><a
-name="_Toc416960221"></a><a name="_Toc437440743"></a><a name="_Toc395187975"></a><a
-name="_Toc391471337"></a><a name="_Toc370634624"></a><a name="_Toc76209572"></a><a
-name="_Toc151796132"></a><a name="_Toc228807393"></a><a name="_Toc228894844">2.36.1
-Definitions</a></h3>
-
-<p class=MsoNormal><span lang=DE>Mechanisms:</span></p>
-
-<p class=MsoNormal style='margin-left:.5in'><span lang=DE>CKM_</span><span
-lang=DE>CAMELLIA</span><span lang=DE>_ECB_ENCRYPT_DATA</span></p>
-
-<p class=MsoNormal style='margin-left:.5in'><span lang=DE>CKM_</span><span
-lang=DE>CAMELLIA</span><span lang=DE>_CBC_ENCRYPT_DATA</span></p>
-
-<p class=MsoNormal><span lang=DE>&nbsp;</span></p>
-
-<p class=CCode>typedef struct CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS {</p>
-
-<p class=CCode>  CK_BYTE      iv[16];</p>
-
-<p class=CCode>  CK_BYTE_PTR  pData;</p>
-
-<p class=CCode>  CK_ULONG     length;</p>
-
-<p class=CCode>} CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS;</p>
-
-<p class=CCode>&nbsp;</p>
-
-<p class=CCode>typedef CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR</p>
-
-<p class=CCode>CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS_PTR;</p>
-
-<h3><a name="_Toc441850659"></a><a name="_Toc441162581"></a><a
-name="_Toc416960222"></a><a name="_Toc437440744"></a><a name="_Toc395187976"></a><a
-name="_Toc391471338"></a><a name="_Toc370634625"></a><a name="_Toc76209573"></a><a
-name="_Toc151796133"></a><a name="_Toc228807394"></a><a name="_Toc228894845">2.36.2
-Mechanism Parameters</a></h3>
-
-<p class=MsoNormal>Uses CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS,  and
-CK_KEY_DERIVATION_STRING_DATA. </p>
-
-<p class=MsoCaption><a name="_Toc151796160"></a><a name="_Toc228807563"></a><a
-name="_Toc76209882">Table </a>120, Mechanism Parameters for Camellia-based key
-derivation</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='border-collapse:collapse;border:none'>
- <tr>
-  <td width=286 valign=top style='width:214.2pt;border:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span lang=IT style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_</span><span
-  lang=IT style='font-size:10.0pt;font-family:"Arial",sans-serif'>CAMELLIA</span><span
-  lang=IT style='font-size:10.0pt;font-family:"Arial",sans-serif'>_ECB_ENCRYPT_DATA</span></p>
-  </td>
-  <td width=296 valign=top style='width:221.8pt;border:solid windowtext 1.5pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Uses
-  CK_KEY_DERIVATION_STRING_DATA structure. Parameter is the data to be
-  encrypted and must be a multiple of 16 long.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=286 valign=top style='width:214.2pt;border:solid windowtext 1.5pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>CAMELLIA</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>_CBC_ENCRYPT_DATA</span></p>
-  </td>
-  <td width=296 valign=top style='width:221.8pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.5pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Uses
-  CK_</span><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CAMELLIA</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>_CBC_ENCRYPT_DATA_PARAMS.
-  Parameter is an 16 byte IV value followed by the data. The data value part must
-  be a multiple of 16 bytes long.</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<h2><a name="_Toc441850660"></a><a name="_Toc441162582"></a><a
-name="_Toc416960223"></a><a name="_Toc437440745"></a><a name="_Toc395187977"></a><a
-name="_Toc391471339"></a><a name="_Toc370634626"></a><a name="_Toc151796134"></a><a
-name="_Toc228807395"></a><a name="_Toc228894846">2.37 ARIA</a></h2>
-
-<p class=MsoNormal>ARIA is a block cipher with 128-bit block size and 128-,
-192-, and 256-bit keys, similar to AES. ARIA is described in NSRI
-“Specification of ARIA”.</p>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>121</span></i><i><span style='font-size:9.0pt'>, ARIA
-Mechanisms vs. Functions</span></i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0 width=570
- style='width:427.5pt;margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=234 valign=top style='width:175.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'><a name="_Toc151796135"></a>
-   <p class=TableSmallFont align=left style='text-align:left'><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-   </td>
-   <td width=336 colspan=7 valign=top style='width:3.5in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Functions</span></b></p>
-   </td>
-  </tr>
-  <tr>
-   <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Mechanism</span></b></p>
-   </td>
-   <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Encrypt</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Decrypt</span></b></p>
-   </td>
-   <td width=47 valign=top style='width:35.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Sign</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Verify</span></b></p>
-   </td>
-   <td width=35 valign=top style='width:26.5pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>SR</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>VR</span></b><sup><span lang=SV style='font-size:10.0pt;
-   font-family:"Arial",sans-serif'>1</span></sup></p>
-   </td>
-   <td width=47 valign=top style='width:35.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>Digest</span></b></p>
-   </td>
-   <td width=41 valign=top style='width:30.9pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Gen.</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> Key/</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Pair</span></b></p>
-   </td>
-   <td width=58 valign=top style='width:43.7pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Wrap</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Unwrap</span></b></p>
-   </td>
-   <td width=53 valign=top style='width:39.8pt;border-top:solid black 1.0pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Derive</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>ARIA</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>_KEY_GEN</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>ARIA</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>_ECB</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>ARIA</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>_CBC</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>ARIA</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>_CBC_PAD</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>ARIA</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>_MAC_GENERAL</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>ARIA</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>_MAC</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=CCode style='margin-left:0in;text-indent:0in'><span lang=IT
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_</span><span
-  lang=IT style='font-size:10.0pt;font-family:"Arial",sans-serif'>ARIA</span><span
-  lang=IT style='font-size:10.0pt;font-family:"Arial",sans-serif'>_ECB_ENCRYPT_DATA</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=IT
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=IT
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=IT
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=IT
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=IT
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span lang=IT
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>ARIA</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>_CBC_ENCRYPT_DATA</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850661"></a><a name="_Toc441162583"></a><a
-name="_Toc416960224"></a><a name="_Toc437440746"></a><a name="_Toc395187978"></a><a
-name="_Toc391471340"></a><a name="_Toc370634627"></a><a name="_Toc228807396"></a><a
-name="_Toc228894847">2.37.1 Definitions</a></h3>
-
-<p class=MsoNormal>This section defines the key type “CKK_ARIA” for type
-CK_KEY_TYPE as used in the CKA_KEY_TYPE attribute of key objects.</p>
-
-<p class=MsoNormal>Mechanisms:</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_ARIA_KEY_GEN                </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_ARIA_ECB                    </p>
-
-<p class=MsoNormal style='margin-left:.5in'><span lang=IT>CKM_ARIA_CBC                   
-</span></p>
-
-<p class=MsoNormal style='margin-left:.5in'><span lang=IT>CKM_ARIA_MAC                   
-</span></p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_ARIA_MAC_GENERAL            </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_ARIA_CBC_PAD                </p>
-
-<h3><a name="_Toc441850662"></a><a name="_Toc441162584"></a><a
-name="_Toc416960225"></a><a name="_Toc437440747"></a><a name="_Toc395187979"></a><a
-name="_Toc391471341"></a><a name="_Toc370634628"></a><a name="_Toc151796136"></a><a
-name="_Toc228807397"></a><a name="_Toc228894848">2.37.2 Aria secret key objects</a></h3>
-
-<p class=MsoNormal>ARIA secret key objects (object class <b>CKO_SECRET_KEY, </b>key
-type <b>CKK_ARIA</b>) hold ARIA keys.  The following table defines the ARIA
-secret key object attributes, in addition to the common attributes defined for
-this object class:</p>
-
-<p class=MsoCaption><a name="_Toc151796161"></a><a name="_Toc228807564">Table </a>122, ARIA Secret Key Object Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=174 valign=top style='width:130.5pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Attribute</span></b></p>
-   </td>
-   <td width=102 valign=top style='width:76.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Data type</span></b></p>
-   </td>
-   <td width=171 valign=top style='width:128.4pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_VALUE<sup>1,4,6,7</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Byte array</span></p>
-  </td>
-  <td width=171 valign=top style='width:128.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Key value (16, 24, or 32 bytes)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_VALUE_LEN<sup>2,3,6</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_ULONG</span></p>
-  </td>
-  <td width=171 valign=top style='width:128.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Length in bytes of key value</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>- <span class=MsoFootnoteReference>Refer to [PKCS
-#11-Base]  table 10 for footnotes.</span></sup></p>
-
-<p class=MsoNormal>The following is a sample template for creating an ARIA
-secret key object:</p>
-
-<p class=CCode>CK_OBJECT_CLASS class = CKO_SECRET_KEY;</p>
-
-<p class=CCode>CK_KEY_TYPE keyType = CKK_ARIA;</p>
-
-<p class=CCode>CK_UTF8CHAR label[] = “An ARIA secret key object”;</p>
-
-<p class=CCode>CK_BYTE value[] = {...};</p>
-
-<p class=CCode>CK_BBOOL true = CK_TRUE;</p>
-
-<p class=CCode>CK_ATTRIBUTE template[] = {</p>
-
-<p class=CCode>  {CKA_CLASS, &amp;class, sizeof(class)},</p>
-
-<p class=CCode>  {CKA_KEY_TYPE, &amp;keyType, sizeof(keyType)},</p>
-
-<p class=CCode>  {CKA_TOKEN, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_LABEL, label, sizeof(label)-1},</p>
-
-<p class=CCode>  {CKA_ENCRYPT, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_VALUE, value, sizeof(value)}</p>
-
-<p class=CCode>};</p>
-
-<h3><a name="_Toc441850663"></a><a name="_Toc441162585"></a><a
-name="_Toc416960226"></a><a name="_Toc437440748"></a><a name="_Toc395187980"></a><a
-name="_Toc391471342"></a><a name="_Toc370634629"></a><a name="_Toc151796137"></a><a
-name="_Toc228807398"></a><a name="_Toc228894849">2.37.3 ARIA key generation</a></h3>
-
-<p class=MsoNormal>The ARIA key generation mechanism, denoted CKM_ARIA_KEY_GEN,
-is a key generation mechanism for Aria.</p>
-
-<p class=MsoNormal>It does not have a parameter.</p>
-
-<p class=MsoNormal>The mechanism generates ARIA keys with a particular length
-in bytes, as specified in the <b>CKA_VALUE_LEN</b> attribute of the template
-for the key.</p>
-
-<p class=MsoNormal>The mechanism contributes the <b>CKA_CLASS</b>, <b>CKA_KEY_TYPE</b>,
-and <b>CKA_VALUE</b> attributes to the new key. Other attributes supported by
-the ARIA key type (specifically, the flags indicating which functions the key
-supports) may be specified in the template for the key, or else are assigned
-default initial values.</p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-ARIA key sizes, in bytes.</p>
-
-<h3><a name="_Toc441850664"></a><a name="_Toc441162586"></a><a
-name="_Toc416960227"></a><a name="_Toc437440749"></a><a name="_Toc395187981"></a><a
-name="_Toc391471343"></a><a name="_Toc370634630"></a><a name="_Toc151796138"></a><a
-name="_Toc228807399"></a><a name="_Toc228894850">2.37.4 ARIA-ECB</a></h3>
-
-<p class=MsoNormal>ARIA-ECB, denoted <b>CKM_ARIA_ECB</b>, is a mechanism for
-single- and multiple-part encryption and decryption; key wrapping; and key
-unwrapping, based on Aria and electronic codebook mode.</p>
-
-<p class=MsoNormal>It does not have a parameter.</p>
-
-<p class=MsoNormal>This mechanism can wrap and unwrap any secret key.  Of
-course, a particular token may not be able to wrap/unwrap every secret key that
-it supports.  For wrapping, the mechanism encrypts the value of the <b>CKA_VALUE</b>
-attribute of the key that is wrapped, padded on the trailing end with up to
-block size minus one null bytes so that the resulting length is a multiple of
-the block size. The output data is the same length as the padded input data. It
-does not wrap the key type, key length, or any other information about the key;
-the application must convey these separately.</p>
-
-<p class=MsoNormal>For unwrapping, the mechanism decrypts the wrapped key, and
-truncates the result according to the <b>CKA_KEY_TYPE</b> attribute of the
-template and, if it has one, and the key type supports it, the <b>CKA_VALUE_LEN</b>
-attribute of the template.  The mechanism contributes the result as the <b>CKA_VALUE
-</b>attribute of the new key; other attributes required by the key type must be
-specified in the template.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of data are
-summarized in the following table:</p>
-
-<p class=MsoCaption><a name="_Toc151796162"></a><a name="_Toc228807565">Table </a>123, ARIA-ECB: Key and Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=114 valign=top style='width:85.5pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=138 valign=top style='width:103.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=78 valign=top style='width:58.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=162 valign=top style='width:121.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Output length</span></b></p>
-   </td>
-   <td width=91 valign=top style='width:.95in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Comments</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Encrypt</span></p>
-  </td>
-  <td width=138 valign=top style='width:103.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKK_ARIA</span></p>
-  </td>
-  <td width=78 valign=top style='width:58.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>multiple of block
-  size</span></p>
-  </td>
-  <td width=162 valign=top style='width:121.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>same as input length</span></p>
-  </td>
-  <td width=91 valign=top style='width:.95in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>no final part</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Decrypt</span></p>
-  </td>
-  <td width=138 valign=top style='width:103.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKK_ARIA</span></p>
-  </td>
-  <td width=78 valign=top style='width:58.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>multiple of block
-  size</span></p>
-  </td>
-  <td width=162 valign=top style='width:121.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>same as input length</span></p>
-  </td>
-  <td width=91 valign=top style='width:.95in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>no final part</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_WrapKey</span></p>
-  </td>
-  <td width=138 valign=top style='width:103.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKK_ARIA</span></p>
-  </td>
-  <td width=78 valign=top style='width:58.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=162 valign=top style='width:121.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>input length rounded
-  up to multiple of block size</span></p>
-  </td>
-  <td width=91 valign=top style='width:.95in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_UnwrapKey</span></p>
-  </td>
-  <td width=138 valign=top style='width:103.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKK_ARIA</span></p>
-  </td>
-  <td width=78 valign=top style='width:58.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>multiple of block
-  size</span></p>
-  </td>
-  <td width=162 valign=top style='width:121.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>determined by type of
-  key being unwrapped or CKA_VALUE_LEN</span></p>
-  </td>
-  <td width=91 valign=top style='width:.95in;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal style='margin-top:12.0pt'>For this mechanism, the <i>ulMinKeySize</i>
-and <i>ulMaxKeySize</i> fields of the <b>CK_MECHANISM_INFO</b> structure
-specify the supported range of ARIA key sizes, in bytes.</p>
-
-<h3><a name="_Toc441850665"></a><a name="_Toc441162587"></a><a
-name="_Toc416960228"></a><a name="_Toc437440750"></a><a name="_Toc395187982"></a><a
-name="_Toc391471344"></a><a name="_Toc370634631"></a><a name="_Toc151796139"></a><a
-name="_Toc228807400"></a><a name="_Toc228894851">2.37.5 ARIA-CBC</a></h3>
-
-<p class=MsoNormal>ARIA-CBC, denoted <b>CKM_ARIA_CBC</b>, is a mechanism for
-single- and multiple-part encryption and decryption; key wrapping; and key
-unwrapping, based on ARIA and cipher-block chaining mode.</p>
-
-<p class=MsoNormal>It has a parameter, a 16-byte initialization vector.</p>
-
-<p class=MsoNormal>This mechanism can wrap and unwrap any secret key.  Of
-course, a particular token may not be able to wrap/unwrap every secret key that
-it supports.  For wrapping, the mechanism encrypts the value of the <b>CKA_VALUE</b>
-attribute of the key that is wrapped, padded on the trailing end with up to
-block size minus one null bytes so that the resulting length is a multiple of
-the block size. The output data is the same length as the padded input data. It
-does not wrap the key type, key length, or any other information about the key;
-the application must convey these separately.</p>
-
-<p class=MsoNormal>For unwrapping, the mechanism decrypts the wrapped key, and
-truncates the result according to the <b>CKA_KEY_TYPE</b> attribute of the
-template and, if it has one, and the key type supports it, the <b>CKA_VALUE_LEN</b>
-attribute of the template.  The mechanism contributes the result as the <b>CKA_VALUE</b>
-attribute of the new key; other attributes required by the key type must be
-specified in the template.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of data are
-summarized in the following table:</p>
-
-<p class=MsoCaption><a name="_Toc151796163"></a><a name="_Toc228807566">Table </a>124, ARIA-CBC: Key and Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=120 valign=top style='width:1.25in;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=132 valign=top style='width:99.0pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=90 valign=top style='width:67.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=150 valign=top style='width:112.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Output length</span></b></p>
-   </td>
-   <td width=102 valign=top style='width:76.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Comments</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=120 valign=top style='width:1.25in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Encrypt</span></p>
-  </td>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKK_ARIA</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>multiple of block
-  size</span></p>
-  </td>
-  <td width=150 valign=top style='width:112.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>same as input length</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>no final part</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=120 valign=top style='width:1.25in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Decrypt</span></p>
-  </td>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKK_ARIA</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>multiple of block
-  size</span></p>
-  </td>
-  <td width=150 valign=top style='width:112.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>same as input length</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>no final part</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=120 valign=top style='width:1.25in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_WrapKey</span></p>
-  </td>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKK_ARIA</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=150 valign=top style='width:112.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>input length rounded
-  up to multiple of the block size</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=120 valign=top style='width:1.25in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_UnwrapKey</span></p>
-  </td>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKK_ARIA</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>multiple of block
-  size</span></p>
-  </td>
-  <td width=150 valign=top style='width:112.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>determined by type of
-  key being unwrapped or CKA_VALUE_LEN</span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal style='margin-top:12.0pt'>For this mechanism, the
-ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure specify
-the supported range of Aria key sizes, in bytes.</p>
-
-<h3><a name="_Toc441850666"></a><a name="_Toc441162588"></a><a
-name="_Toc416960229"></a><a name="_Toc437440751"></a><a name="_Toc395187983"></a><a
-name="_Toc391471345"></a><a name="_Toc370634632"></a><a name="_Toc151796140"></a><a
-name="_Toc228807401"></a><a name="_Toc228894852">2.37.6 ARIA-CBC with PKCS
-padding</a></h3>
-
-<p class=MsoNormal>ARIA-CBC with PKCS padding, denoted <b>CKM_ARIA_CBC_PAD</b>,
-is a mechanism for single- and multiple-part encryption and decryption; key
-wrapping; and key unwrapping, based on ARIA; cipher-block chaining mode; and
-the block cipher padding method detailed in PKCS #7.</p>
-
-<p class=MsoNormal>It has a parameter, a 16-byte initialization vector.</p>
-
-<p class=MsoNormal>The PKCS padding in this mechanism allows the length of the
-plaintext value to be recovered from the ciphertext value.  Therefore, when
-unwrapping keys with this mechanism, no value should be specified for the <b>CKA_VALUE_LEN</b>
-attribute.</p>
-
-<p class=MsoNormal>In addition to being able to wrap and unwrap secret keys,
-this mechanism can wrap and unwrap RSA, Diffie-Hellman, X9.42 Diffie-Hellman,
-EC (also related to ECDSA) and DSA private keys (see Section TBA for details). 
-The entries in the table below for data length constraints when wrapping and
-unwrapping keys do not apply to wrapping and unwrapping private keys.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of data are
-summarized in the following table:</p>
-
-<p class=MsoCaption><a name="_Toc151796164"></a><a name="_Toc228807567">Table </a>125, ARIA-CBC with PKCS Padding: Key and Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=114 valign=top style='width:85.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=138 valign=top style='width:103.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=90 valign=top style='width:67.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=198 valign=top style='width:148.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Output length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border:solid black 1.0pt;
-  border-left:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Encrypt</span></p>
-  </td>
-  <td width=138 valign=top style='width:103.5pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKK_ARIA</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=198 valign=top style='width:148.5pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>input length rounded
-  up to multiple of the block size</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Decrypt</span></p>
-  </td>
-  <td width=138 valign=top style='width:103.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKK_ARIA</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>multiple of block
-  size</span></p>
-  </td>
-  <td width=198 valign=top style='width:148.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>between 1 and block
-  size bytes shorter than input length</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_WrapKey</span></p>
-  </td>
-  <td width=138 valign=top style='width:103.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKK_ARIA</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=198 valign=top style='width:148.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>input length rounded
-  up to multiple of the block size</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=114 valign=top style='width:85.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_UnwrapKey</span></p>
-  </td>
-  <td width=138 valign=top style='width:103.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKK_ARIA</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>multiple of block
-  size</span></p>
-  </td>
-  <td width=198 valign=top style='width:148.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>between 1 and block
-  length bytes shorter than input length</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-ARIA key sizes, in bytes.</p>
-
-<h3><a name="_Toc441850667"></a><a name="_Toc441162589"></a><a
-name="_Toc416960230"></a><a name="_Toc437440752"></a><a name="_Toc395187984"></a><a
-name="_Toc391471346"></a><a name="_Toc370634633"></a><a name="_Toc151796141"></a><a
-name="_Toc228807402"></a><a name="_Toc228894853">2.37.7 General-length ARIA-MAC</a></h3>
-
-<p class=MsoNormal>General-length ARIA -MAC, denoted <b>CKM_ARIA_MAC_GENERAL</b>,
-is a mechanism for single- and multiple-part signatures and verification, based
-on ARIA and data authentication as defined in [FIPS 113].</p>
-
-<p class=MsoNormal>It has a parameter, a <b>CK_MAC_GENERAL_PARAMS </b>structure,
-which specifies the output length desired from the mechanism.</p>
-
-<p class=MsoNormal>The output bytes from this mechanism are taken from the
-start of the final ARIA cipher block produced in the MACing process.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of data are
-summarized in the following table:</p>
-
-<p class=MsoCaption><a name="_Toc151796165"></a><a name="_Toc228807568">Table </a>126, General-length ARIA-MAC: Key and Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=78 valign=top style='width:58.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=144 valign=top style='width:1.5in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='text-align:justify;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=64 valign=top style='width:48.15pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Data length</span></b></p>
-   </td>
-   <td width=266 valign=top style='width:199.35pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Signature length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=78 valign=top style='width:58.5pt;border:solid black 1.0pt;
-  border-left:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>C_Sign</span></p>
-  </td>
-  <td width=144 valign=top style='width:1.5in;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>CKK_ARIA</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.15pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=266 valign=top style='width:199.35pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>0-block size, as
-  specified in parameters</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=78 valign=top style='width:58.5pt;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Verify</span></p>
-  </td>
-  <td width=144 valign=top style='width:1.5in;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>CKK_ARIA</span></p>
-  </td>
-  <td width=64 valign=top style='width:48.15pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=266 valign=top style='width:199.35pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>0-block size, as
-  specified in parameters</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-ARIA key sizes, in bytes.</p>
-
-<h3><a name="_Toc441850668"></a><a name="_Toc441162590"></a><a
-name="_Toc416960231"></a><a name="_Toc437440753"></a><a name="_Toc395187985"></a><a
-name="_Toc391471347"></a><a name="_Toc370634634"></a><a name="_Toc151796142"></a><a
-name="_Toc228807403"></a><a name="_Toc228894854">2.37.8 ARIA-MAC</a></h3>
-
-<p class=MsoNormal>ARIA-MAC, denoted by <b>CKM_ARIA_MAC</b>, is a special case
-of the general-length ARIA-MAC mechanism. ARIA-MAC always produces and verifies
-MACs that are half the block size in length.</p>
-
-<p class=MsoNormal>It does not have a parameter.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of data are
-summarized in the following table:</p>
-
-<p class=MsoCaption><a name="_Toc151796166"></a><a name="_Toc228807569">Table </a>127, ARIA-MAC: Key and Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=78 valign=top style='width:58.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=150 valign=top style='width:112.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=58 valign=top style='width:43.65pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Data length</span></b></p>
-   </td>
-   <td width=212 valign=top style='width:158.85pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Signature length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=78 valign=top style='width:58.5pt;border:solid black 1.0pt;
-  border-left:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>C_Sign</span></p>
-  </td>
-  <td width=150 valign=top style='width:112.5pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>CKK_ARIA</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.65pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=212 valign=top style='width:158.85pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>½ block size (8
-  bytes)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=78 valign=top style='width:58.5pt;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Verify</span></p>
-  </td>
-  <td width=150 valign=top style='width:112.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKK_ARIA</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.65pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>any</span></p>
-  </td>
-  <td width=212 valign=top style='width:158.85pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>½ block size (8
-  bytes)</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-ARIA key sizes, in bytes.</p>
-
-<h2><a name="_Toc441850669"></a><a name="_Toc441162591"></a><a
-name="_Toc416960232"></a><a name="_Toc437440754"></a><a name="_Toc395187986"></a><a
-name="_Toc391471348"></a><a name="_Toc370634635"></a><a name="_Toc151796143"></a><a
-name="_Toc228807404"></a><a name="_Toc228894855">2.38 Key derivation by data
-encryption - ARIA</a></h2>
-
-<p class=MsoNormal>These mechanisms allow derivation of keys using the result
-of an encryption operation as the key value. They are for use with the
-C_DeriveKey function.</p>
-
-<h3><a name="_Toc441850670"></a><a name="_Toc441162592"></a><a
-name="_Toc416960233"></a><a name="_Toc437440755"></a><a name="_Toc395187987"></a><a
-name="_Toc391471349"></a><a name="_Toc370634636"></a><a name="_Toc151796144"></a><a
-name="_Toc228807405"></a><a name="_Toc228894856">2.38.1 Definitions</a></h3>
-
-<p class=MsoNormal><span lang=DE>Mechanisms:</span></p>
-
-<p class=MsoNormal style='margin-left:.5in'><span lang=DE>CKM_</span><span
-lang=DE>ARIA</span><span lang=DE>_ECB_ENCRYPT_DATA</span></p>
-
-<p class=MsoNormal style='margin-left:.5in'><span lang=DE>CKM_</span><span
-lang=DE>ARIA</span><span lang=DE>_CBC_ENCRYPT_DATA</span></p>
-
-<p class=MsoNormal><span lang=DE>&nbsp;</span></p>
-
-<p class=CCode>typedef struct CK_ARIA_CBC_ENCRYPT_DATA_PARAMS {</p>
-
-<p class=CCode>  CK_BYTE      iv[16];</p>
-
-<p class=CCode>  CK_BYTE_PTR  pData;</p>
-
-<p class=CCode>  CK_ULONG     length;</p>
-
-<p class=CCode>} CK_ARIA_CBC_ENCRYPT_DATA_PARAMS;</p>
-
-<p class=CCode>typedef CK_ARIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR</p>
-
-<p class=CCode>CK_ARIA_CBC_ENCRYPT_DATA_PARAMS_PTR;</p>
-
-<h3><a name="_Toc441850671"></a><a name="_Toc441162593"></a><a
-name="_Toc416960234"></a><a name="_Toc437440756"></a><a name="_Toc395187988"></a><a
-name="_Toc391471350"></a><a name="_Toc370634637"></a><a name="_Toc151796145"></a><a
-name="_Toc228807406"></a><a name="_Toc228894857">2.38.2 Mechanism Parameters</a></h3>
-
-<p class=MsoNormal>Uses CK_ARIA_CBC_ENCRYPT_DATA_PARAMS,  and
-CK_KEY_DERIVATION_STRING_DATA. </p>
-
-<p class=MsoCaption><a name="_Toc151796167"></a><a name="_Toc228807570">Table </a>128, Mechanism Parameters for Aria-based key derivation</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='border-collapse:collapse;border:none'>
- <tr>
-  <td width=281 valign=top style='width:210.95pt;border:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span lang=IT style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_</span><span
-  lang=IT style='font-size:10.0pt;font-family:"Arial",sans-serif'>ARIA</span><span
-  lang=IT style='font-size:10.0pt;font-family:"Arial",sans-serif'>_ECB_ENCRYPT_DATA</span></p>
-  </td>
-  <td width=309 valign=top style='width:231.85pt;border:solid windowtext 1.5pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Uses
-  CK_KEY_DERIVATION_STRING_DATA structure. Parameter is the data to be
-  encrypted and must be a multiple of 16 long.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=281 valign=top style='width:210.95pt;border:solid windowtext 1.5pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>ARIA</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>_CBC_ENCRYPT_DATA</span></p>
-  </td>
-  <td width=309 valign=top style='width:231.85pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.5pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Uses
-  CK_</span><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>ARIA</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>_CBC_ENCRYPT_DATA_PARAMS.
-  Parameter is an 16 byte IV value followed by the data. The data value part
-  must be a multiple of 16 bytes long.</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<h2><a name="_Toc441850672"></a><a name="_Toc441162594"></a><a
-name="_Toc416960235"></a><a name="_Toc437440757"></a><a name="_Toc395187989"></a><a
-name="_Toc391471351"></a><a name="_Toc370634638"></a><a name="_Toc228807407"></a><a
-name="_Toc228894858">2.39 SEED</a></h2>
-
-<p class=MsoNormal>SEED is a symmetric block cipher developed by the South
-Korean Information Security Agency (KISA).  It has a 128-bit key size and a
-128-bit block size.</p>
-
-<p class=MsoNormal>Its specification has been published as Internet [RFC 4269].</p>
-
-<p class=MsoNormal><span style='color:black'>RFCs have been published defining
-the use of SEED in</span></p>
-
-<p class=MsoNormal><span style='color:black'>TLS    </span><a
-href="ftp://ftp.rfc-editor.org/in-notes/rfc4162.txt">ftp://ftp.rfc-editor.org/in-notes/rfc4162.txt</a></p>
-
-<p class=MsoNormal><span style='color:black'>IPsec  </span><a
-href="ftp://ftp.rfc-editor.org/in-notes/rfc4196.txt">ftp://ftp.rfc-editor.org/in-notes/rfc4196.txt</a></p>
-
-<p class=MsoNormal><span style='color:black'>CMS    </span><a
-href="ftp://ftp.rfc-editor.org/in-notes/rfc4010.txt">ftp://ftp.rfc-editor.org/in-notes/rfc4010.txt</a></p>
-
-<p class=MsoNormal><span style='color:black'>&nbsp;</span></p>
-
-<p class=MsoNormal><span style='color:black'>TLS cipher suites that use SEED
-include:</span></p>
-
-<p class=CCode style='margin-left:.8in'>      CipherSuite
-TLS_RSA_WITH_SEED_CBC_SHA      = { 0x00, 0x96};</p>
-
-<p class=CCode style='margin-left:.8in'>      CipherSuite
-TLS_DH_DSS_WITH_SEED_CBC_SHA   = { 0x00, 0x97};</p>
-
-<p class=CCode style='margin-left:.8in'>      CipherSuite
-TLS_DH_RSA_WITH_SEED_CBC_SHA   = { 0x00, 0x98};</p>
-
-<p class=CCode style='margin-left:.8in'>      CipherSuite
-TLS_DHE_DSS_WITH_SEED_CBC_SHA  = { 0x00, 0x99};</p>
-
-<p class=CCode style='margin-left:.8in'>      CipherSuite
-TLS_DHE_RSA_WITH_SEED_CBC_SHA  = { 0x00, 0x9A};</p>
-
-<p class=CCode style='margin-left:.8in'>      CipherSuite
-TLS_DH_anon_WITH_SEED_CBC_SHA  = { 0x00, 0x9B};</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt;text-autospace:
-none'><span style='color:black'>&nbsp;</span></p>
-
-<p class=MsoNormal>As with any block cipher, it can be used in the ECB, CBC, OFB
-and CFB modes of operation, as well as in a MAC algorithm such as HMAC.</p>
-
-<p class=MsoNormal>OIDs have been published for all these uses.  A list may be
-seen at <a href="http://www.alvestrand.no/objectid/1.2.410.200004.1.html">http://www.alvestrand.no/objectid/1.2.410.200004.1.html</a></p>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>&nbsp;</span></i></p>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>129</span></i><i><span style='font-size:9.0pt'>, SEED
-Mechanisms vs. Functions</span></i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0 width=570
- style='width:427.5pt;margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=234 valign=top style='width:175.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-   </td>
-   <td width=336 colspan=7 valign=top style='width:3.5in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Functions</span></b></p>
-   </td>
-  </tr>
-  <tr>
-   <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Mechanism</span></b></p>
-   </td>
-   <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Encrypt</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Decrypt</span></b></p>
-   </td>
-   <td width=47 valign=top style='width:35.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Sign</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Verify</span></b></p>
-   </td>
-   <td width=35 valign=top style='width:26.5pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>SR</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>VR</span></b><sup><span lang=SV style='font-size:10.0pt;
-   font-family:"Arial",sans-serif'>1</span></sup></p>
-   </td>
-   <td width=47 valign=top style='width:35.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>Digest</span></b></p>
-   </td>
-   <td width=41 valign=top style='width:30.9pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Gen.</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> Key/</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Pair</span></b></p>
-   </td>
-   <td width=58 valign=top style='width:43.7pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Wrap</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Unwrap</span></b></p>
-   </td>
-   <td width=53 valign=top style='width:39.8pt;border-top:solid black 1.0pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Derive</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SEED_KEY_GEN</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>SEED</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>_ECB</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>SEED</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>_CBC</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>SEED</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>_CBC_PAD</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>SEED</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>_MAC_GENERAL</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>SEED</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>_MAC</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=CCode style='margin-left:0in;text-indent:0in'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>SEED</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>_ECB_ENCRYPT_DATA</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>SEED</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>_CBC_ENCRYPT_DATA</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc441850673"></a><a name="_Toc441162595"></a><a
-name="_Toc416960236"></a><a name="_Toc437440758"></a><a name="_Toc395187990"></a><a
-name="_Toc391471352"></a><a name="_Toc370634639"></a><a name="_Toc228807408"></a><a
-name="_Toc228894859">2.39.1 Definitions</a></h3>
-
-<p class=MsoNormal>This section defines the key type “CKK_SEED” for type
-CK_KEY_TYPE as used in the CKA_KEY_TYPE attribute of key objects.</p>
-
-<p class=MsoNormal>Mechanisms:</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SEED_KEY_GEN                </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SEED_ECB                    </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SEED_CBC                    </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SEED_MAC                    </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SEED_MAC_GENERAL            </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SEED_CBC_PAD</p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<p class=MsoNormal>For all of these mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> are always 16.</p>
-
-<h3><a name="_Toc441850674"></a><a name="_Toc441162596"></a><a
-name="_Toc416960237"></a><a name="_Toc437440759"></a><a name="_Toc395187991"></a><a
-name="_Toc391471353"></a><a name="_Toc370634640"></a><a name="_Toc228807409"></a><a
-name="_Toc228894860">2.39.2 SEED secret key objects</a></h3>
-
-<p class=MsoNormal>SEED secret key objects (object class <b>CKO_SECRET_KEY, </b>key
-type <b>CKK_SEED</b>) hold SEED keys.  The following table defines the secret
-key object attributes, in addition to the common attributes defined for this
-object class:</p>
-
-<p class=MsoCaption><a name="_Toc228807571">Table </a>130, SEED Secret Key
-Object Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=174 valign=top style='width:130.5pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Attribute</span></b></p>
-   </td>
-   <td width=102 valign=top style='width:76.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Data type</span></b></p>
-   </td>
-   <td width=171 valign=top style='width:128.4pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=174 valign=top style='width:130.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_VALUE<sup>1,4,6,7</sup></span></p>
-  </td>
-  <td width=102 valign=top style='width:76.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Byte array</span></p>
-  </td>
-  <td width=171 valign=top style='width:128.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Key value (always 16 bytes long)</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>- <span class=MsoFootnoteReference>Refer to [PKCS
-#11-Base]  table 10 for footnotes.</span></sup></p>
-
-<p class=MsoNormal>The following is a sample template for creating a SEED
-secret key object:</p>
-
-<p class=CCode>CK_OBJECT_CLASS class = CKO_SECRET_KEY;</p>
-
-<p class=CCode>CK_KEY_TYPE keyType = CKK_SEED;</p>
-
-<p class=CCode>CK_UTF8CHAR label[] = “A SEED secret key object”;</p>
-
-<p class=CCode>CK_BYTE value[] = {...};</p>
-
-<p class=CCode>CK_BBOOL true = CK_TRUE;</p>
-
-<p class=CCode>CK_ATTRIBUTE template[] = {</p>
-
-<p class=CCode>  {CKA_CLASS, &amp;class, sizeof(class)},</p>
-
-<p class=CCode>  {CKA_KEY_TYPE, &amp;keyType, sizeof(keyType)},</p>
-
-<p class=CCode>  {CKA_TOKEN, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_LABEL, label, sizeof(label)-1},</p>
-
-<p class=CCode>  {CKA_ENCRYPT, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>  {CKA_VALUE, value, sizeof(value)}</p>
-
-<p class=CCode>};</p>
-
-<h3><a name="_Toc441850675"></a><a name="_Toc441162597"></a><a
-name="_Toc416960238"></a><a name="_Toc437440760"></a><a name="_Toc395187992"></a><a
-name="_Toc391471354"></a><a name="_Toc370634641"></a><a name="_Toc228807410"></a><a
-name="_Toc228894861">2.39.3 SEED key generation</a></h3>
-
-<p class=MsoNormal>The SEED key generation mechanism, denoted CKM_SEED_KEY_GEN,
-is a key generation mechanism for SEED.</p>
-
-<p class=MsoNormal>It does not have a parameter.</p>
-
-<p class=MsoNormal>The mechanism generates SEED keys.</p>
-
-<p class=MsoNormal>The mechanism contributes the <b>CKA_CLASS</b>, <b>CKA_KEY_TYPE</b>,
-and <b>CKA_VALUE</b> attributes to the new key. Other attributes supported by
-the SEED key type (specifically, the flags indicating which functions the key
-supports) may be specified in the template for the key, or else are assigned
-default initial values.</p>
-
-<h3><a name="_Toc441850676"></a><a name="_Toc441162598"></a><a
-name="_Toc416960239"></a><a name="_Toc437440761"></a><a name="_Toc395187993"></a><a
-name="_Toc391471355"></a><a name="_Toc370634642"></a><a name="_Toc228807411"></a><a
-name="_Toc228894862">2.39.4 SEED-ECB</a></h3>
-
-<p class=MsoNormal>SEED-ECB, denoted <b>CKM_SEED_ECB</b>, is a mechanism for
-single- and multiple-part encryption and decryption; key wrapping; and key
-unwrapping, based on SEED and electronic codebook mode.</p>
-
-<p class=MsoNormal>It does not have a parameter.</p>
-
-<h3><a name="_Toc441850677"></a><a name="_Toc441162599"></a><a
-name="_Toc416960240"></a><a name="_Toc437440762"></a><a name="_Toc395187994"></a><a
-name="_Toc391471356"></a><a name="_Toc370634643"></a><a name="_Toc228807412"></a><a
-name="_Toc228894863">2.39.5 SEED-CBC</a></h3>
-
-<p class=MsoNormal>SEED-CBC, denoted <b>CKM_SEED_CBC</b>, is a mechanism for
-single- and multiple-part encryption and decryption; key wrapping; and key
-unwrapping, based on SEED and cipher-block chaining mode.</p>
-
-<p class=MsoNormal>It has a parameter, a 16-byte initialization vector.</p>
-
-<h3><a name="_Toc441850678"></a><a name="_Toc441162600"></a><a
-name="_Toc416960241"></a><a name="_Toc437440763"></a><a name="_Toc395187995"></a><a
-name="_Toc391471357"></a><a name="_Toc370634644"></a><a name="_Toc228807413"></a><a
-name="_Toc228894864">2.39.6 SEED-CBC with PKCS padding</a></h3>
-
-<p class=MsoNormal>SEED-CBC with PKCS padding, denoted <b>CKM_SEED_CBC_PAD</b>,
-is a mechanism for single- and multiple-part encryption and decryption; key
-wrapping; and key unwrapping, based on SEED; cipher-block chaining mode; and
-the block cipher padding method detailed in PKCS #7.</p>
-
-<p class=MsoNormal>It has a parameter, a 16-byte initialization vector.</p>
-
-<h3><a name="_Toc441850679"></a><a name="_Toc441162601"></a><a
-name="_Toc416960242"></a><a name="_Toc437440764"></a><a name="_Toc395187996"></a><a
-name="_Toc391471358"></a><a name="_Toc370634645"></a><a name="_Toc228807414"></a><a
-name="_Toc228894865">2.39.7 General-length SEED-MAC</a></h3>
-
-<p class=MsoNormal>General-length SEED-MAC, denoted <b>CKM_SEED_MAC_GENERAL</b>,
-is a mechanism for single- and multiple-part signatures and verification, based
-on SEED and data authentication as defined in 0.</p>
-
-<p class=MsoNormal>It has a parameter, a <b>CK_MAC_GENERAL_PARAMS </b>structure,
-which specifies the output length desired from the mechanism.</p>
-
-<p class=MsoNormal>The output bytes from this mechanism are taken from the
-start of the final cipher block produced in the MACing process.</p>
-
-<h3><a name="_Toc441850680"></a><a name="_Toc441162602"></a><a
-name="_Toc416960243"></a><a name="_Toc437440765"></a><a name="_Toc395187997"></a><a
-name="_Toc391471359"></a><a name="_Toc370634646"></a><a name="_Toc228807415"></a><a
-name="_Toc228894866">2.39.8 SEED-MAC</a></h3>
-
-<p class=MsoNormal>SEED-MAC, denoted by <b>CKM_SEED_MAC</b>, is a special case
-of the general-length SEED-MAC mechanism. SEED-MAC always produces and verifies
-MACs that are half the block size in length.</p>
-
-<p class=MsoNormal>It does not have a parameter.</p>
-
-<h2><a name="_Toc441850681"></a><a name="_Toc441162603"></a><a
-name="_Toc416960244"></a><a name="_Toc437440766"></a><a name="_Toc395187998"></a><a
-name="_Toc391471360"></a><a name="_Toc370634647"></a><a name="_Toc228807416"></a><a
-name="_Toc228894867">2.40 Key derivation by data encryption - SEED</a></h2>
-
-<p class=MsoNormal>These mechanisms allow derivation of keys using the result
-of an encryption operation as the key value. They are for use with the
-C_DeriveKey function.</p>
-
-<h3><a name="_Toc441850682"></a><a name="_Toc441162604"></a><a
-name="_Toc416960245"></a><a name="_Toc437440767"></a><a name="_Toc395187999"></a><a
-name="_Toc391471361"></a><a name="_Toc370634648"></a><a name="_Toc228807417"></a><a
-name="_Toc228894868">2.40.1 Definitions</a></h3>
-
-<p class=MsoNormal><span lang=DE>Mechanisms:</span></p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SEED_ECB_ENCRYPT_DATA</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_SEED_CBC_ENCRYPT_DATA</p>
-
-<p class=CCode style='page-break-after:avoid'><span style='font-family:"Arial",sans-serif'>&nbsp;</span></p>
-
-<div style='border:solid #AEBDCC 1.0pt;padding:5.0pt 5.0pt 5.0pt 5.0pt;
-background:#F3F5F7'><pre style='margin-left:1.1in !msorm;text-indent:-.8in !msorm;
-background:white !msorm;border:none !msorm;mso-style-name:C_Code !msorm;
-background:#F3F5F7;border:none;padding:0in'><span style='font-size:12.0pt !msorm;
-font-family:"Courier New" !msorm;color:windowtext !msorm'><span
-style='font-family:Courier;color:black'>typedef struct CK_SEED_CBC_ENCRYPT_DATA_PARAMS </span></span><span
-style='font-size:12.0pt !msorm;font-family:"Courier New" !msorm'><span
-class=msoDel><del cite="mailto:TCA" datetime="2016-01-20T14:55">CK_CBC_ENCRYPT_DATA_PARAMS;</del></span></span><span
-style='font-size:12.0pt !msorm'><span style='font-family:Courier;color:black'><span
-class=msoIns><ins cite="mailto:TCA" datetime="2016-01-20T14:55">{    </ins></span></span></span></pre><pre
-style='background:#F3F5F7;border:none;padding:0in'><span class=msoDel><del
-cite="mailto:TCA" datetime="2016-01-20T14:55">typedef</del></span><span
-style='font-family:Courier;color:black'><span class=msoIns><ins
-cite="mailto:TCA" datetime="2016-01-20T14:55"> </ins></span><span
-style='font-family:"Arial Unicode MS",sans-serif !msorm;color:windowtext !msorm'> CK_</span><span
-class=msoIns><ins cite="mailto:TCA" datetime="2016-01-20T14:55">BYTE      iv[16];</ins></span></span></pre><pre
-style='background:#F3F5F7;border:none;padding:0in'><span style='font-family:
-Courier;color:black'><span class=msoIns><ins cite="mailto:TCA"
-datetime="2016-01-20T14:55">  CK_BYTE_PTR  pData;</ins></span></span></pre><pre
-style='background:#F3F5F7;border:none;padding:0in'><span style='font-family:
-Courier;color:black'><span class=msoIns><ins cite="mailto:TCA"
-datetime="2016-01-20T14:55">  CK_ULONG     length; </ins></span></span></pre><pre
-style='margin-left:1.1in !msorm;text-indent:-.8in !msorm;background:white !msorm;
-border:none !msorm;mso-style-name:C_Code !msorm;background:#F3F5F7;border:none;
-padding:0in'><span style='font-size:12.0pt !msorm'><span style='font-family:
-Courier;color:black'><span class=msoIns><ins cite="mailto:TCA"
-datetime="2016-01-20T14:55">}  CK_SEED_</ins></span></span></span><span
-style='font-size:12.0pt !msorm;font-family:"Courier New" !msorm;color:windowtext !msorm'><span
-style='font-family:Courier;color:black'>CBC_ENCRYPT_DATA_PARAMS</span></span><span
-style='font-size:12.0pt !msorm;font-family:"Courier New" !msorm'><span
-class=msoDel><del cite="mailto:TCA" datetime="2016-01-20T14:55"> CK_PTR</del></span></span><span
-style='font-size:12.0pt !msorm'><span style='font-family:Courier;color:black'><span
-class=msoIns><ins cite="mailto:TCA" datetime="2016-01-20T14:55">;</ins></span></span></span></pre><pre
-style='background:#F3F5F7;border:none;padding:0in'><span style='font-family:
-Courier;color:black'><span class=msoIns><ins cite="mailto:TCA"
-datetime="2016-01-20T14:55">typedef </ins></span><span style='font-family:"Arial Unicode MS",sans-serif !msorm;
-color:windowtext !msorm'>CK_</span><span class=msoIns><ins cite="mailto:TCA"
-datetime="2016-01-20T14:55">SEED_</ins></span><span style='font-family:"Arial Unicode MS",sans-serif !msorm;
-color:windowtext !msorm'>CBC_ENCRYPT_DATA_PARAMS</span><span class=msoIns><ins
-cite="mailto:TCA" datetime="2016-01-20T14:55"> CK</ins></span><span
-style='font-family:"Arial Unicode MS",sans-serif !msorm;color:windowtext !msorm'>_PTR</span></span><span
-class=msoDel><del cite="mailto:TCA" datetime="2016-01-20T14:55">;</del></span><span
-style='font-family:Courier;color:black'><span class=msoIns><ins
-cite="mailto:TCA" datetime="2016-01-20T14:55"> CK_SEED_CBC_ENCRYPT_DATA_PARAMS_PTR;</ins></span></span></pre></div>
-
-<p class=CCode>&nbsp;</p>
-
-<h3><a name="_Toc441850683"></a><a name="_Toc441162605"></a><a
-name="_Toc416960246"></a><a name="_Toc437440768"></a><a name="_Toc395188000"></a><a
-name="_Toc391471362"></a><a name="_Toc370634649"></a><a name="_Toc228807418"></a><a
-name="_Toc228894869">2.40.2 Mechanism Parameters</a></h3>
-
-<p class=MsoCaption><a name="_Toc228807572">Table </a>131, Mechanism Parameters
-for SEED-based key derivation</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0 width=621
- style='border-collapse:collapse;border:none'>
- <tr>
-  <td width=281 valign=top style='width:210.95pt;border:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>SEED</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>_ECB_ENCRYPT_DATA</span></p>
-  </td>
-  <td width=340 valign=top style='width:255.15pt;border:solid windowtext 1.5pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Uses
-  CK_KEY_DERIVATION_STRING_DATA structure. Parameter is the data to be
-  encrypted and must be a multiple of 16 long.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=281 valign=top style='width:210.95pt;border:solid windowtext 1.5pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>SEED</span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>_CBC_ENCRYPT_DATA</span></p>
-  </td>
-  <td width=340 valign=top style='width:255.15pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.5pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Uses
-  CK_CBC_ENCRYPT_DATA_PARAMS. Parameter is an 16 byte IV value followed by the
-  data. The data value part must be a multiple of 16 bytes long.</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<h2><a name="_Toc441850684"></a><a name="_Toc441162606"></a><a
-name="_Toc416960247"></a><a name="_Toc437440769"></a><a name="_Toc395188001"></a><a
-name="_Toc391471363"></a><a name="_Toc370634650"></a><a name="_Toc228807419"></a><a
-name="_Toc228894870">2.41 OTP</a></h2>
-
-<h3><a name="_Toc441850685"></a><a name="_Toc441162607"></a><a
-name="_Toc416960248"></a><a name="_Toc437440770"></a><a name="_Toc395188002"></a><a
-name="_Toc391471364"></a><a name="_Toc370634651"></a><a name="_Ref94436304"></a><a
-name="_Toc96126750"></a><a name="_Toc98037587"></a><a name="_Toc98570750"></a><a
-name="_Toc107129960"></a><a name="_Toc107636194"></a><a name="_Toc119999191"></a><a
-name="_Toc122756429"></a><a name="_Toc228807420"></a><a name="_Toc228894871">2.41.1
-Usage overview</a></h3>
-
-<p class=MsoNormal>OTP tokens represented as PKCS #11 mechanisms may be used in
-a variety of ways. The usage cases can be categorized according to the type of
-sought functionality.</p>
-
-<h3><a name="_Toc441850686"></a><a name="_Toc441162608"></a><a
-name="_Toc416960249"></a><a name="_Toc437440771"></a><a name="_Toc395188003"></a><a
-name="_Toc391471365"></a><a name="_Toc370634652"></a><a name="_Toc81113948"></a><a
-name="_Toc96126751"></a><a name="_Toc98037588"></a><a name="_Toc98570751"></a><a
-name="_Toc107129961"></a><a name="_Toc107636195"></a><a name="_Toc119999192"></a><a
-name="_Toc122756430"></a><a name="_Toc228807421"></a><a name="_Toc228894872">2.41.2
-Case 1: Generation of OTP values</a></h3>
-
-<p class=MsoNormal align=center style='text-align:center'>.<img border=0
-width=275 height=388
-src="pkcs11-curr-v2.40-errata01-os-complete_files/image002.png"></p>
-
-<p class=MsoCaption><a name="_Ref76269207">Figure </a>1: Retrieving OTP values
-through C_Sign</p>
-
-<p class=MsoNormal>Figure 1 shows an integration of PKCS #11 into an
-application that needs to authenticate users holding OTP tokens. In this
-particular example, a connected hardware token is used, but a software token is
-equally possible. The application invokes <b>C_Sign</b> to retrieve the OTP
-value from the token. In the example, the application then passes the retrieved
-OTP value to a client API that sends it via the network to an authentication
-server. The client API may implement a standard authentication protocol such as
-RADIUS [RFC 2865] or EAP [RFC 3748], or a proprietary protocol such as that
-used by RSA Security's ACE/Agent<sup>®</sup> software.</p>
-
-<h3><a name="_Toc441850687"></a><a name="_Toc441162609"></a><a
-name="_Toc416960250"></a><a name="_Toc437440772"></a><a name="_Toc395188004"></a><a
-name="_Toc391471366"></a><a name="_Toc370634653"></a><a name="_Toc81113949"></a><a
-name="_Toc96126752"></a><a name="_Toc98037589"></a><a name="_Toc98570752"></a><a
-name="_Toc107129962"></a><a name="_Toc107636196"></a><a name="_Toc119999193"></a><a
-name="_Toc122756431"></a><a name="_Toc228807422"></a><a name="_Toc228894873">2.41.3
-Case 2: Verification of provided OTP values</a></h3>
-
-<p class=MsoNormal align=center style='text-align:center'><img border=0
-width=273 height=387
-src="pkcs11-curr-v2.40-errata01-os-complete_files/image003.png"></p>
-
-<p class=MsoCaption><a name="_Ref76275318">Figure </a>2: Server-side
-verification of OTP values</p>
-
-<p class=MsoNormal>Figure 2 illustrates the server-side equivalent of the
-scenario depicted in Figure 1. In this case, a server application invokes <b>C_Verify</b>
-with the received OTP value as the signature value to be verified.</p>
-
-<h3><a name="_Toc441850688"></a><a name="_Toc441162610"></a><a
-name="_Toc416960251"></a><a name="_Toc437440773"></a><a name="_Toc395188005"></a><a
-name="_Toc391471367"></a><a name="_Toc370634654"></a><a name="_Toc81113950"></a><a
-name="_Toc96126753"></a><a name="_Toc98037590"></a><a name="_Toc98570753"></a><a
-name="_Toc107129963"></a><a name="_Toc107636197"></a><a name="_Toc119999194"></a><a
-name="_Toc122756432"></a><a name="_Toc228807423"></a><a name="_Toc228894874">2.41.4
-Case 3: Generation of OTP keys</a></h3>
-
-<p class=MsoNormal align=center style='text-align:center'><img border=0
-width=201 height=348
-src="pkcs11-curr-v2.40-errata01-os-complete_files/image004.png"></p>
-
-<p class=MsoCaption><a name="_Ref76276864">Figure </a>3: Generation of an OTP
-key</p>
-
-<p class=MsoNormal>Figure 3 shows an integration of PKCS #11 into an
-application that generates OTP keys. The application invokes <b>C_GenerateKey</b>
-to generate an OTP key of a particular type on the token. The key may
-subsequently be used as a basis to generate OTP values.</p>
-
-<h3><a name="_Toc81113951"></a><a name="_Toc98037591"></a><a name="_Toc96126754"></a><a
-name="_Ref94435349"></a><a name="_Toc441850689"></a><a name="_Toc441162611"></a><a
-name="_Toc416960252"></a><a name="_Toc437440774"></a><a name="_Toc395188006"></a><a
-name="_Toc391471368"></a><a name="_Toc370634655"></a><a name="_Toc228894875"></a><a
-name="_Toc228807424"></a><a name="_Toc122756433"></a><a name="_Toc119999195"></a><a
-name="_Toc107636198"></a><a name="_Toc107129964"></a><a name="_Toc98570754"></a><a
-name="_Toc75597169"></a><a name="_Toc75597170"></a><a name="_Toc75597171"></a>2.41.5
-OTP objects</h3>
-
-<h4><a name="_Toc437440775"></a><a name="_Toc98570755"></a><a
-name="_Toc107129965"></a><a name="_Toc107636199"></a><a name="_Toc119999196"></a><a
-name="_Toc122756434">2.41.5.1 Key objects</a></h4>
-
-<p class=MsoNormal>OTP key objects (object class <b>CKO_OTP_KEY</b>) hold
-secret keys used by OTP tokens.  The following table defines the attributes
-common to all OTP keys, in addition to the attributes defined for secret keys,
-all of which are inherited by this class:</p>
-
-<p class=MsoCaption><a name="_Toc228807573">Table </a>132: Common OTP key
-attributes</p>
-
-<table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0
- style='border-collapse:collapse;border-collapse:collapse !msorm'>
- <tr>
-  <td width=282 valign=top style='width:211.5pt;width:189.0pt !msorm;
-  padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><b><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Attribute</span></b></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;width:1.0in !msorm;padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><b><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Data type</span></b></p>
-  </td>
-  <td width=204 valign=top style='width:153.0pt;width:171.0pt !msorm;
-  padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><b><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Meaning</span></b></p>
-  </td>
- </tr>
- <tr>
-  <td width=282 valign=top style='width:211.5pt;width:189.0pt !msorm;
-  padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_OTP_FORMAT</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;width:1.0in !msorm;padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>CK_ULONG</span></p>
-  </td>
-  <td width=204 valign=top style='width:153.0pt;width:171.0pt !msorm;
-  padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span lang=EN-GB
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Format of OTP values
-  produced with this key:</span></p>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_OTP_FORMAT_DECIMAL = Decimal (default)
-  (UTF8-encoded)</span></p>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_OTP_FORMAT_HEXADECIMAL = Hexadecimal
-  (UTF8-encoded)</span></p>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_OTP_FORMAT_ALPHANUMERIC = Alphanumeric
-  (UTF8-encoded)</span></p>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_OTP_FORMAT_BINARY = Only binary values.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=282 valign=top style='width:211.5pt;width:189.0pt !msorm;
-  padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>CKA_OTP_LENGTH<sup>9</sup></span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;width:1.0in !msorm;padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_ULONG</span></p>
-  </td>
-  <td width=204 valign=top style='width:153.0pt;width:171.0pt !msorm;
-  padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Default length of OTP values (in the
-  CKA_OTP_FORMAT) produced with this key.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=282 valign=top style='width:211.5pt;width:189.0pt !msorm;
-  padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_OTP_USER_FRIENDLY_MODE<sup>9</sup></span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;width:1.0in !msorm;padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_BBOOL</span></p>
-  </td>
-  <td width=204 valign=top style='width:153.0pt;width:171.0pt !msorm;
-  padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Set to CK_TRUE when the token is capable of
-  returning OTPs suitable for human consumption. See the description of
-  CKF_USER_FRIENDLY_OTP below.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=282 valign=top style='width:211.5pt;width:189.0pt !msorm;
-  padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_OTP _CHALLENGE_REQUIREMENT<sup>9</sup></span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;width:1.0in !msorm;padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_ULONG</span></p>
-  </td>
-  <td width=204 valign=top style='width:153.0pt;width:171.0pt !msorm;
-  padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Parameter requirements when generating or
-  verifying OTP values with this key:</span></p>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_OTP_PARAM_MANDATORY = A challenge must be
-  supplied.</span></p>
-  <p class=Table style='margin-bottom:0in;margin-bottom:.0001pt;page-break-after:
-  avoid'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CK_OTP_PARAM_OPTIONAL
-  = A challenge may be supplied but need not be.</span></p>
-  <p class=Table style='margin-bottom:0in;margin-bottom:.0001pt;page-break-after:
-  avoid'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CK_OTP_PARAM_IGNORED
-  = A challenge, if supplied, will be ignored.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=282 valign=top style='width:211.5pt;width:189.0pt !msorm;
-  padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_OTP_TIME_REQUIREMENT<sup>9</sup></span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;width:1.0in !msorm;padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_ULONG</span></p>
-  </td>
-  <td width=204 valign=top style='width:153.0pt;width:171.0pt !msorm;
-  padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Parameter requirements when generating or
-  verifying OTP values with this key:</span></p>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_OTP_PARAM_MANDATORY = A time value must be
-  supplied.</span></p>
-  <p class=Table style='margin-bottom:0in;margin-bottom:.0001pt;page-break-after:
-  avoid'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CK_OTP_PARAM_OPTIONAL
-  = A time value may be supplied but need not be.</span></p>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_OTP_PARAM_IGNORED = A time value, if
-  supplied, will be ignored.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=282 valign=top style='width:211.5pt;width:189.0pt !msorm;
-  padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_OTP_COUNTER_REQUIREMENT<sup>9</sup></span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;width:1.0in !msorm;padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_ULONG</span></p>
-  </td>
-  <td width=204 valign=top style='width:153.0pt;width:171.0pt !msorm;
-  padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Parameter requirements when generating or
-  verifying OTP values with this key:</span></p>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_OTP_PARAM_MANDATORY = A counter value must
-  be supplied.</span></p>
-  <p class=Table style='margin-bottom:0in;margin-bottom:.0001pt;page-break-after:
-  avoid'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CK_OTP_PARAM_OPTIONAL
-  = A counter value may be supplied but need not be.</span></p>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_OTP_PARAM_IGNORED = A counter value, if
-  supplied, will be ignored.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=282 valign=top style='width:211.5pt;width:189.0pt !msorm;
-  padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_OTP_PIN_REQUIREMENT<sup>9</sup></span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;width:1.0in !msorm;padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_ULONG</span></p>
-  </td>
-  <td width=204 valign=top style='width:153.0pt;width:171.0pt !msorm;
-  padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Parameter requirements when generating or
-  verifying OTP values with this key:</span></p>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_OTP_PARAM_MANDATORY = A PIN value must be
-  supplied.</span></p>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_OTP_PARAM_OPTIONAL = A PIN value may be
-  supplied but need not be (if not supplied, then library will be responsible
-  for collecting it)</span></p>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_OTP_PARAM_IGNORED = A PIN value, if
-  supplied, will be ignored.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=282 valign=top style='width:211.5pt;width:189.0pt !msorm;
-  padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_OTP_COUNTER</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;width:1.0in !msorm;padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Byte array</span></p>
-  </td>
-  <td width=204 valign=top style='width:153.0pt;width:171.0pt !msorm;
-  padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Value of the associated internal counter.
-  Default value is empty (i.e. <i>ulValueLen</i> = 0).</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=282 valign=top style='width:211.5pt;width:189.0pt !msorm;
-  padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_OTP_TIME</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;width:1.0in !msorm;padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RFC 2279 string</span></p>
-  </td>
-  <td width=204 valign=top style='width:153.0pt;width:171.0pt !msorm;
-  padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Value of the associated internal UTC time in
-  the form YYYYMMDDhhmmss. Default value is empty (i.e. <i>ulValueLen</i>= 0).</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=282 valign=top style='width:211.5pt;width:189.0pt !msorm;
-  padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_OTP_USER_IDENTIFIER</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;width:1.0in !msorm;padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RFC 2279 string</span></p>
-  </td>
-  <td width=204 valign=top style='width:153.0pt;width:171.0pt !msorm;
-  padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Text string that identifies a user associated
-  with the OTP key (may be used to enhance the user experience). Default value
-  is empty (i.e. <i>ulValueLen</i> = 0).</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=282 valign=top style='width:211.5pt;width:189.0pt !msorm;
-  padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_OTP_SERVICE_IDENTIFIER</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;width:1.0in !msorm;padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RFC 2279 string</span></p>
-  </td>
-  <td width=204 valign=top style='width:153.0pt;width:171.0pt !msorm;
-  padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Text string that identifies a service that
-  may validate OTPs generated by this key. Default value is empty (i.e. <i>ulValueLen</i>
-  = 0).</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=282 valign=top style='width:211.5pt;width:189.0pt !msorm;
-  padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_OTP_SERVICE_LOGO</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;width:1.0in !msorm;padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Byte array</span></p>
-  </td>
-  <td width=204 valign=top style='width:153.0pt;width:171.0pt !msorm;
-  padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Logotype image that identifies a service that
-  may validate OTPs generated by this key. Default value is empty (i.e. <i>ulValueLen</i>
-  = 0).</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=282 valign=top style='width:211.5pt;width:189.0pt !msorm;
-  padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_OTP_SERVICE_LOGO_TYPE</span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;width:1.0in !msorm;padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>RFC 2279 string</span></p>
-  </td>
-  <td width=204 valign=top style='width:153.0pt;width:171.0pt !msorm;
-  padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>MIME type of the CKA_OTP_SERVICE_LOGO
-  attribute value. Default value is empty (i.e. <i>ulValueLen</i> = 0).</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=282 valign=top style='width:211.5pt;width:189.0pt !msorm;
-  padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_VALUE<sup>1, 4, 6, 7</sup></span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;width:1.0in !msorm;padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Byte array</span></p>
-  </td>
-  <td width=204 valign=top style='width:153.0pt;width:171.0pt !msorm;
-  padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Value of the key.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=282 valign=top style='width:211.5pt;width:189.0pt !msorm;
-  padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_VALUE_LEN<sup>2, 3</sup></span></p>
-  </td>
-  <td width=90 valign=top style='width:67.5pt;width:1.0in !msorm;padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_ULONG</span></p>
-  </td>
-  <td width=204 valign=top style='width:153.0pt;width:171.0pt !msorm;
-  padding:0in 5.4pt 0in 5.4pt 0in 5.4pt 0in 5.4pt !msorm'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Length in bytes of key value.</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><span class=MsoFootnoteReference>Refer to [PKCS #11-Base]  table
-10 for footnotes.</span></p>
-
-<p class=MsoNormal>Note: A Cryptoki library may support PIN-code caching in
-order to reduce user interactions. An OTP-PKCS #11 application should therefore
-always consult the state of the CKA_OTP_PIN_REQUIREMENT attribute before each
-call to <b>C_SignInit</b>, as the value of this attribute may change dynamically.</p>
-
-<p class=MsoNormal>For OTP tokens with multiple keys, the keys may be
-enumerated using <b>C_FindObjects</b>. The <b>CKA_OTP_SERVICE_IDENTIFIER</b>
-and/or the <b>CKA_OTP_SERVICE_LOGO</b> attribute may be used to distinguish
-between keys. The actual choice of key for a particular operation is however
-application-specific and beyond the scope of this document.</p>
-
-<p class=MsoNormal>For all OTP keys, the CKA_ALLOWED_MECHANISMS attribute
-should be set as required.</p>
-
-<h3><a name="_Toc107636201"></a><a name="_Toc107129967"></a><a
-name="_Toc98570757"></a><a name="_Toc98037592"></a><a name="_Toc96126755"></a><a
-name="_Ref94435546"></a><a name="_Toc441850690"></a><a name="_Toc441162612"></a><a
-name="_Toc416960253"></a><a name="_Toc437440776"></a><a name="_Toc395188007"></a><a
-name="_Toc391471369"></a><a name="_Toc370634656"></a><a name="_Toc228894876"></a><a
-name="_Toc228807425"></a><a name="_Toc122756435"></a><a name="_Toc119999197"></a><a
-name="_Toc98570355"></a>2.41.6 OTP-related notifications</h3>
-
-<p class=MsoNormal>This document extends the set of defined notifications as
-follows:</p>
-
-<p class=definition0>               CKN_OTP_CHANGED       <span
-style='font-style:normal'>Cryptoki is informing the application that the OTP
-for a key on a connected token just changed. This notification is particularly
-useful when applications wish to display the current OTP value for time-based
-mechanisms.</span></p>
-
-<h3><a name="_Toc441850691"></a><a name="_Toc441162613"></a><a
-name="_Toc416960254"></a><a name="_Toc437440777"></a><a name="_Toc395188008"></a><a
-name="_Toc391471370"></a><a name="_Toc370634657"></a><a name="_Toc119999198"></a><a
-name="_Ref122504041"></a><a name="_Toc122756436"></a><a name="_Toc228807426"></a><a
-name="_Toc228894877">2.41.7 OTP mechanisms</a></h3>
-
-<p class=MsoNormal>The following table shows, for the OTP mechanisms defined in
-this document, their support by different cryptographic operations.  For any
-particular token, of course, a particular operation may well support only a
-subset of the mechanisms listed.  There is also no guarantee that a token that
-supports one mechanism for some operation supports any other mechanism for any
-other operation (or even supports that same mechanism for any other operation).</p>
-
-<p class=MsoCaption><a name="_Toc228807574">Table </a>133: OTP mechanisms vs.
-applicable functions</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=234 valign=top style='width:175.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-   </td>
-   <td width=336 colspan=7 valign=top style='width:3.5in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Functions</span></b></p>
-   </td>
-  </tr>
-  <tr>
-   <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Mechanism</span></b></p>
-   </td>
-   <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Encrypt</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Decrypt</span></b></p>
-   </td>
-   <td width=47 valign=top style='width:35.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Sign</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Verify</span></b></p>
-   </td>
-   <td width=35 valign=top style='width:26.5pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>SR</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>VR</span></b><sup><span lang=SV style='font-size:10.0pt;
-   font-family:"Arial",sans-serif'>1</span></sup></p>
-   </td>
-   <td width=47 valign=top style='width:35.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>Digest</span></b></p>
-   </td>
-   <td width=41 valign=top style='width:30.9pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Gen.</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> Key/</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Pair</span></b></p>
-   </td>
-   <td width=58 valign=top style='width:43.7pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Wrap</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Unwrap</span></b></p>
-   </td>
-   <td width=53 valign=top style='width:39.8pt;border-top:solid black 1.0pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Derive</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SECURID_KEY_GEN</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_SECURID</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_HOTP_KEY_GEN</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_HOTP</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_ACTI_KEY_GEN</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_ACTI</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>The remainder of this section will present in detail the OTP
-mechanisms and the parameters that are supplied to them.<a name="_Toc96126756"></a><a
-name="_Toc98037593"></a><a name="_Toc98570758"></a></p>
-
-<h4><a name="_Toc437440778"></a><a name="_Toc107129968"></a><a
-name="_Toc107636202"></a><a name="_Toc119999199"></a><a name="_Toc122756437">2.41.7.1
-OTP mechanism parameters</a></h4>
-
-<p class=name style='margin-top:6.0pt;margin-right:0in;margin-bottom:0in;
-margin-left:0in;margin-bottom:.0001pt;text-indent:0in'><a name="_Toc119999200"></a><a
-name="_Toc122756438"></a><a name="_Toc228807427"><span lang=X-NONE
-style='font-family:Symbol;font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span lang=X-NONE style='font-family:"Arial",sans-serif'>CK_</span></a><span
-lang=EN-AU style='font-family:"Arial",sans-serif'><span class=msoIns><ins
-cite="mailto:TCA" datetime="2016-01-20T14:55">OTP_</ins></span></span><span
-lang=X-NONE style='font-family:"Arial",sans-serif'>PARAM_TYPE</span></p>
-
-<p class=MsoNormal><span style='font-family:"Arial",sans-serif !msorm;
-color:windowtext !msorm;font-weight:bold !msorm'><span style='font-family:"Tahoma",sans-serif;
-color:black'>CK</span></span><span style='font-family:"Tahoma",sans-serif;
-color:black'><span class=msoIns><ins cite="mailto:TCA"
-datetime="2016-01-20T14:55">_OTP</ins></span></span><span style='font-family:
-"Arial",sans-serif !msorm;color:windowtext !msorm;font-weight:bold !msorm'><span
-style='font-family:"Tahoma",sans-serif;color:black'>_PARAM_TYPE</span></span><span
-style='font-family:"Arial",sans-serif !msorm;color:windowtext !msorm'><span
-style='font-family:"Tahoma",sans-serif;color:black'> </span></span>is a value
-that identifies an OTP parameter type. It is defined as follows:</p>
-
-<p class=CCode>typedef CK_ULONG CK_<span class=msoIns><ins cite="mailto:TCA"
-datetime="2016-01-20T14:55">OTP_</ins></span>PARAM_TYPE;</p>
-
-<p class=MsoNormal>The following <span style='font-family:"Arial",sans-serif !msorm;
-color:windowtext !msorm;font-weight:bold !msorm'><span style='font-family:"Tahoma",sans-serif;
-color:black'>CK</span></span><span style='font-family:"Tahoma",sans-serif;
-color:black'><span class=msoIns><ins cite="mailto:TCA"
-datetime="2016-01-20T14:55">_OTP</ins></span></span><span style='font-family:
-"Arial",sans-serif !msorm;color:windowtext !msorm;font-weight:bold !msorm'><span
-style='font-family:"Tahoma",sans-serif;color:black'>_PARAM_TYPE</span></span><span
-style='font-family:"Arial",sans-serif !msorm;color:windowtext !msorm'><span
-style='font-family:"Tahoma",sans-serif;color:black'> </span></span>types are
-defined:</p>
-
-<p class=MsoCaption><a name="_Toc228807575">Table </a>134, OTP parameter types</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=192 valign=top style='width:2.0in;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Parameter</span></b></p>
-   </td>
-   <td width=108 valign=top style='width:81.0pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Data type</span></b></p>
-   </td>
-   <td width=276 valign=top style='width:207.0pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=192 valign=top style='width:2.0in;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_OTP_PIN</span></p>
-  </td>
-  <td width=108 valign=top style='width:81.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>RFC 2279 string</span></p>
-  </td>
-  <td width=276 valign=top style='width:207.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>A UTF8 string containing a PIN for use when
-  computing or verifying PIN-based OTP values.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=192 valign=top style='width:2.0in;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_OTP_CHALLENGE</span></p>
-  </td>
-  <td width=108 valign=top style='width:81.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Byte array</span></p>
-  </td>
-  <td width=276 valign=top style='width:207.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Challenge to use when computing or verifying
-  challenge-based OTP values.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=192 valign=top style='width:2.0in;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_OTP_TIME</span></p>
-  </td>
-  <td width=108 valign=top style='width:81.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>RFC 2279 string</span></p>
-  </td>
-  <td width=276 valign=top style='width:207.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>UTC time value in the form YYYYMMDDhhmmss to
-  use when computing or verifying time-based OTP values.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=192 valign=top style='width:2.0in;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_OTP_COUNTER</span></p>
-  </td>
-  <td width=108 valign=top style='width:81.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>Byte array</span></p>
-  </td>
-  <td width=276 valign=top style='width:207.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Counter value to use when computing or
-  verifying counter-based OTP values.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=192 valign=top style='width:2.0in;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_OTP_FLAGS</span></p>
-  </td>
-  <td width=108 valign=top style='width:81.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span lang=SV style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>CK_FLAGS</span></p>
-  </td>
-  <td width=276 valign=top style='width:207.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Bit flags indicating the characteristics of
-  the sought OTP as defined below.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=192 valign=top style='width:2.0in;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_OTP_OUTPUT_LENGTH</span></p>
-  </td>
-  <td width=108 valign=top style='width:81.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_ULONG</span></p>
-  </td>
-  <td width=276 valign=top style='width:207.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Desired output length (overrides any default
-  value). A Cryptoki library will return CKR_MECHANISM_PARAM_INVALID if a
-  provided length value is not supported.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=192 valign=top style='width:2.0in;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_OTP_<span class=msoIns><ins
-  cite="mailto:TCA" datetime="2016-01-20T14:55">OUTPUT_</ins></span>FORMAT</span></p>
-  </td>
-  <td width=108 valign=top style='width:81.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_ULONG</span></p>
-  </td>
-  <td width=276 valign=top style='width:207.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Returned OTP format (allowed values are the
-  same as for CKA_OTP_FORMAT). This parameter is only intended for <b>C_Sign</b>
-  output, see paragraphs below. When not present, the returned OTP format will
-  be the same as the value of the CKA_OTP_FORMAT attribute for the key in
-  question.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=192 valign=top style='width:2.0in;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_OTP_VALUE</span></p>
-  </td>
-  <td width=108 valign=top style='width:81.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Byte array</span></p>
-  </td>
-  <td width=276 valign=top style='width:207.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>An actual OTP value. This parameter type is
-  intended for <b>C_Sign</b> output, see paragraphs below.</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=definition0>&nbsp;</p>
-
-<span style='font-size:10.0pt;font-family:"Arial",sans-serif'><br clear=all
-style='page-break-before:always'>
-</span>
-
-<p class=MsoNormal>The following table defines the possible values for the
-CK_OTP_FLAGS type:</p>
-
-<p class=MsoCaption><a name="_Toc228807576">Table </a>135: OTP Mechanism Flags</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr style='page-break-inside:avoid'>
-   <td width=204 valign=top style='width:153.0pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span lang=SV
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Bit flag</span></b></p>
-   </td>
-   <td width=96 valign=top style='width:1.0in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span lang=SV
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Mask</span></b></p>
-   </td>
-   <td width=282 valign=top style='width:211.5pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr style='page-break-inside:avoid'>
-  <td width=204 valign=top style='width:153.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKF_NEXT_OTP</span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>0x00000001</span></p>
-  </td>
-  <td width=282 valign=top style='width:211.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>True (i.e. set) if the OTP computation shall
-  be for the next OTP, rather than the current one (current being interpreted
-  in the context of the algorithm, e.g. for the current counter value or
-  current time window). A Cryptoki library shall return
-  CKR_MECHANISM_PARAM_INVALID if the CKF_NEXT_OTP flag is set and the OTP
-  mechanism in question does not support the concept of “next” OTP or the
-  library is not capable of generating the next OTP</span><a href="#_ftn5"
-  name="_ftnref5" title=""><span class=MsoFootnoteReference><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'><span
-  class=MsoFootnoteReference><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>[5]</span></span></span></span></a><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>.</span></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=204 valign=top style='width:153.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKF_</span><span lang=EN-GB style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>EXCLUDE_TIME</span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>0x00000002</span></p>
-  </td>
-  <td width=282 valign=top style='width:211.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>True (i.e. set) if the OTP computation must
-  not include a time value. Will have an effect only on mechanisms that do
-  include a time value in the OTP computation and then only if the mechanism
-  (and token) allows exclusion of this value. A Cryptoki library shall return
-  CKR_MECHANISM_PARAM_INVALID if exclusion of the value is not allowed.</span></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=204 valign=top style='width:153.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKF_EXCLUDE_COUNTER</span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>0x00000004</span></p>
-  </td>
-  <td width=282 valign=top style='width:211.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>True (i.e. set) if the OTP computation must
-  not include a counter value. Will have an effect only on mechanisms that do
-  include a counter value in the OTP computation and then only if the mechanism
-  (and token) allows exclusion of this value. A Cryptoki library shall return
-  CKR_MECHANISM_PARAM_INVALID if exclusion of the value is not allowed.</span></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=204 valign=top style='width:153.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKF_EXCLUDE_CHALLENGE</span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>0x00000008</span></p>
-  </td>
-  <td width=282 valign=top style='width:211.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>True (i.e. set) if the OTP computation must
-  not include a challenge. Will have an effect only on mechanisms that do
-  include a challenge in the OTP computation and then only if the mechanism
-  (and token) allows exclusion of this value. A Cryptoki library shall return
-  CKR_MECHANISM_PARAM_INVALID if exclusion of the value is not allowed.</span></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=204 valign=top style='width:153.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKF_EXCLUDE_PIN</span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>0x00000010</span></p>
-  </td>
-  <td width=282 valign=top style='width:211.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>True (i.e. set) if the OTP computation must
-  not include a PIN value. Will have an effect only on mechanisms that do
-  include a PIN in the OTP computation and then only if the mechanism (and
-  token) allows exclusion of this value. A Cryptoki library shall return
-  CKR_MECHANISM_PARAM_INVALID if exclusion of the value is not allowed.</span></p>
-  </td>
- </tr>
- <tr style='page-break-inside:avoid'>
-  <td width=204 valign=top style='width:153.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKF_USER_FRIENDLY_OTP</span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>0x00000020</span></p>
-  </td>
-  <td width=282 valign=top style='width:211.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>True (i.e. set) if the OTP returned shall be
-  in a form suitable for human consumption. If this flag is set, and the call
-  is successful, then the returned CK_OTP_VALUE shall be a UTF8-encoded
-  printable string. A Cryptoki library shall return CKR_MECHANISM_PARAM_INVALID
-  if this flag is set when CKA_OTP_USER_FRIENDLY_MODE for the key in question
-  is CK_FALSE.</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>Note: Even if CKA_OTP_FORMAT is not set to
-CK_OTP_FORMAT_BINARY, then there may still be value in setting the
-CKF_USER_FRIENDLY_OTP flag (assuming CKA_OTP_USER_FRIENDLY_MODE is CK_TRUE, of
-course) if the intent is for a human to read the generated OTP value, since it
-may become shorter or otherwise better suited for a user. Applications that do
-not intend to provide a returned OTP value to a user should not set the
-CKF_USER_FRIENDLY_OTP flag.</p>
-
-<p class=name style='margin-top:6.0pt;margin-right:0in;margin-bottom:0in;
-margin-left:0in;margin-bottom:.0001pt;text-indent:0in'><a name="_Toc119999201"></a><a
-name="_Toc122756439"></a><a name="_Toc228807428"><span lang=X-NONE
-style='font-family:Symbol;font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span lang=X-NONE style='font-family:"Arial",sans-serif'>CK_OTP_PARAM;
-CK_OTP_PARAM_PTR</span></a></p>
-
-<p class=MsoNormal><b>CK_OTP_PARAM</b> is a structure that includes the type,
-value, and length of an OTP parameter. It is defined as follows:</p>
-
-<p class=CCode>typedef struct CK_OTP_PARAM {</p>
-
-<p class=CCode>   <span style='font-size:12.0pt !msorm;font-family:"Courier New" !msorm;
-color:windowtext !msorm'><span style='font-size:10.0pt;font-family:"Tahoma",sans-serif;
-color:black'>CK</span></span><span style='font-size:10.0pt;font-family:"Tahoma",sans-serif;
-color:black'><span class=msoIns><ins cite="mailto:TCA"
-datetime="2016-01-20T14:55">_OTP</ins></span></span><span style='font-size:
-12.0pt !msorm;font-family:"Courier New" !msorm;color:windowtext !msorm'><span
-style='font-size:10.0pt;font-family:"Tahoma",sans-serif;color:black'>_PARAM_TYPE
-</span></span>type;</p>
-
-<p class=CCode>   CK_VOID_PTR pValue;</p>
-
-<p class=CCode>   CK_ULONG ulValueLen;</p>
-
-<p class=CCode>} CK_OTP_PARAM;</p>
-
-<p class=MsoNormal>The fields of the structure have the following meanings:</p>
-
-<p class=definition0>                                          type       <span
-style='font-style:normal'>the parameter type</span></p>
-
-<p class=definition0>                                      pValue       <span
-style='font-style:normal'>pointer to the value of the parameter</span></p>
-
-<p class=definition0>                                ulValueLen       <span
-style='font-style:normal'>length in bytes of the value</span></p>
-
-<p class=MsoNormal>If a parameter has no value, then <i>ulValueLen</i> = 0, and
-the value of <i>pValue</i> is irrelevant.  Note that <i>pValue</i> is a “void”
-pointer, facilitating the passing of arbitrary values.  Both the application
-and the Cryptoki library must ensure that the pointer can be safely cast to the
-expected type (<i>i.e.</i>, without word-alignment errors).</p>
-
-<p class=MsoNormal>CK_OTP_PARAM_PTR is a pointer to a CK_OTP_PARAM.</p>
-
-<p class=MsoNormal><a name="_Toc119999202"></a><a name="_Toc122756440"></a><a
-name="_Toc228807429"><b>CK_OTP_PARAMS; CK_OTP_PARAMS_PTR</b></a></p>
-
-<p class=MsoNormal><b>CK_OTP_PARAMS</b> is a structure that is used to provide
-parameters for OTP mechanisms in a generic fashion. It is defined as follows:</p>
-
-<p class=CCode>typedef struct CK_OTP_PARAMS {</p>
-
-<p class=CCode>   CK_OTP_PARAM_PTR pParams;</p>
-
-<p class=CCode>   CK_ULONG ulCount;</p>
-
-<p class=CCode>} CK_OTP_PARAMS;</p>
-
-<p class=MsoNormal>The fields of the structure have the following meanings:</p>
-
-<p class=definition0>                                   pParams       <span
-style='font-style:normal'>pointer to an array of OTP parameters</span></p>
-
-<p class=definition0>                                     ulCount       <span
-style='font-style:normal'>the number of parameters in the array</span></p>
-
-<p class=MsoNormal><b>CK_OTP_PARAMS_PTR</b> is a pointer to a <b>CK_OTP_PARAMS</b>.</p>
-
-<p class=MsoNormal>When calling C_SignInit or C_VerifyInit with a mechanism
-that takes a <b>CK_OTP_PARAMS</b> structure as a parameter, the <b>CK_OTP_PARAMS</b>
-structure shall be populated in accordance with the <b>CKA_OTP_<i>X</i>_REQUIREMENT</b>
-key attributes for the identified key, where <i>X</i> is PIN, CHALLENGE, TIME,
-or COUNTER.</p>
-
-<p class=MsoNormal>For example, if CKA_OTP_TIME_REQUIREMENT =
-CK_OTP_PARAM_MANDATORY, then the CK_OTP_TIME parameter shall be present. If
-CKA_OTP_TIME_REQUIREMENT = CK_OTP_PARAM_OPTIONAL, then a CK_OTP_TIME parameter
-may be present. If it is not present, then the library may collect it (during
-the C_Sign call). If CKA_OTP_TIME_REQUIREMENT = CK_OTP_PARAM_IGNORED, then a
-provided CK_OTP_TIME parameter will always be ignored. Additionally, a provided
-CK_OTP_TIME parameter will always be ignored if CKF_EXCLUDE_TIME is set in a
-CK_OTP_FLAGS parameter. Similarly, if this flag is set, a library will not
-attempt to collect the value itself, and it will also instruct the token not to
-make use of any internal value, subject to token policies. It is an error
-(CKR_MECHANISM_PARAM_INVALID) to set the CKF_EXCLUDE_TIME flag when the
-CKA_OTP_TIME_REQUIREMENT attribute is CK_OTP_PARAM_MANDATORY.</p>
-
-<p class=MsoNormal>The above discussion holds for all CKA_OTP_<i>X</i>_REQUIREMENT
-attributes (<i>i.e</i>., CKA_OTP_PIN_REQUIREMENT, CKA_OTP_CHALLENGE_<span
-class=msoDel><del cite="mailto:TCA" datetime="2016-01-20T14:55">REQURIEMENT</del></span><span
-class=msoIns><ins cite="mailto:TCA" datetime="2016-01-20T14:55">REQUIREMENT</ins></span>,
-CKA_OTP_COUNTER_REQUIREMENT, CKA_OTP_TIME_REQUIREMENT). A library may set a
-particular CKA_OTP_<i>X</i>_REQUIREMENT attribute to CK_OTP_PARAM_OPTIONAL even
-if it is required by the mechanism as long as the token (or the library itself)
-has the capability of providing the value to the computation. One example of
-this is a token with an on-board clock.</p>
-
-<p class=MsoNormal>In addition, applications may use the CK_OTP_FLAGS, the
-CK_OTP<span class=msoIns><ins cite="mailto:TCA" datetime="2016-01-20T14:55">_OUTPUT</ins></span>_FORMAT
-and the CKA_OTP_LENGTH parameters to set additional parameters.</p>
-
-<p class=MsoNormal><a name="_Toc119999203"></a><a name="_Toc122756441"></a><a
-name="_Toc228807430"><b>CK_OTP_SIGNATURE_INFO, CK_OTP_SIGNATURE_INFO_PTR</b></a></p>
-
-<p class=MsoNormal><b>CK_OTP_SIGNATURE_INFO</b> is a structure that is returned
-by all OTP mechanisms in successful calls to <b>C_Sign</b> (<b>C_SignFinal</b>).
-The structure informs applications of actual parameter values used in
-particular OTP computations in addition to the OTP value itself. It is used by
-all mechanisms for which the key belongs to the class CKO_OTP_KEY and is
-defined as follows:</p>
-
-<p class=CCode>typedef struct CK_OTP_SIGNATURE_INFO {</p>
-
-<p class=CCode>   CK_OTP_PARAM_PTR pParams;</p>
-
-<p class=CCode>   CK_ULONG ulCount;</p>
-
-<p class=CCode>} CK_OTP_SIGNATURE_INFO;</p>
-
-<p class=MsoNormal>The fields of the structure have the following meanings:</p>
-
-<p class=definition0>                                   pParams       <span
-style='font-style:normal'>pointer to an array of OTP parameter values</span></p>
-
-<p class=definition0>                                     ulCount       <span
-style='font-style:normal'>the number of parameters in the array</span></p>
-
-<p class=MsoNormal>After successful calls to <b>C_Sign</b> or <b>C_SignFinal</b>
-with an OTP mechanism, the <i>pSignature</i> parameter will be set to point to
-a <b>CK_OTP_SIGNATURE_INFO</b> structure. One of the parameters in this structure
-will be the OTP value itself, identified with the <b>CK_OTP_VALUE</b> tag.
-Other parameters may be present for informational purposes, e.g. the actual
-time used in the OTP calculation. In order to simplify OTP validations,
-authentication protocols may permit authenticating parties to send some or all
-of these parameters in addition to OTP values themselves. Applications should
-therefore check for their presence in returned <b>CK_OTP_SIGNATURE_INFO </b>values<b>
-</b>whenever such circumstances apply.</p>
-
-<p class=MsoNormal>Since <b>C_Sign</b> and <b>C_SignFinal</b> follows the
-convention described in Section 11.2 on producing output, a call to <b>C_Sign </b>(or
-<b>C_SignFinal</b>) with <i>pSignature</i> set to NULL_PTR will return (in the <i>pulSignatureLen</i>
-parameter) the required number of bytes to hold the <b>CK_OTP_SIGNATURE_INFO</b>
-structure <i>as well as all the data in all its <b>CK_OTP_PARAM</b> components</i>.
-If an application allocates a memory block based on this information, it shall
-therefore not subsequently de-allocate components of such a received value but
-rather de-allocate the complete <b>CK_OTP_PARAMS</b> structure itself. A
-Cryptoki library that is called with a non-NULL <i>pSignature</i> pointer will
-assume that it points to a <i>contiguous </i>memory block of the size indicated
-by the <i>pulSignatureLen</i> parameter.</p>
-
-<p class=MsoNormal>When verifying an OTP value using an OTP mechanism, <i>pSignature</i>
-shall be set to the OTP value itself, e.g. the value of the <b>CK_OTP_VALUE</b>
-component of a <b>CK_OTP_PARAMS </b>structure returned by a call to <b>C_Sign</b>.
-The <b>CK_OTP_PARAMS</b> value supplied in the <b>C_VerifyInit</b> call sets
-the values to use in the verification operation.</p>
-
-<p class=MsoNormal><b>CK_OTP_SIGNATURE_INFO_PTR</b> points to a <b>CK_OTP_SIGNATURE_INFO.</b></p>
-
-<h3><a name="_Toc441850692"></a><a name="_Toc441162614"></a><a
-name="_Toc416960255"></a><a name="_Toc437440779"></a><a name="_Toc395188009"></a><a
-name="_Toc391471371"></a><a name="_Toc370634658"></a><a name="_Toc228894878"></a><a
-name="_Toc228807431"></a><a name="_Toc122756442"></a><a name="_Toc119999204"></a><a
-name="_Toc107636243"></a><a name="_Toc107130009"></a><a name="_Toc113768586"></a><a
-name="_Toc113768640"></a><a name="_Toc113769044"></a><a name="_Toc113769319"></a><a
-name="_Toc113944044"></a><a name="_Toc107130008"></a><a name="_Toc107636242"></a><a
-name="_Toc107636419"></a>2.41.8 RSA SecurID</h3>
-
-<h4><a name="_Toc437440780"></a><a name="_Toc96126757"></a><a
-name="_Toc98037594"></a><a name="_Toc98570759"></a><a name="_Toc107130010"></a><a
-name="_Toc107636244"></a><a name="_Toc119999205"></a><a name="_Toc122756443">2.41.8.1
-RSA SecurID secret key objects</a></h4>
-
-<p class=MsoNormal>RSA SecurID secret key objects (object class <b>CKO_OTP_KEY,
-</b>key type <b>CKK_SECURID</b>) hold RSA SecurID secret keys.  The following
-table defines the RSA SecurID secret key object attributes, in addition to the
-common attributes defined for this object class:</p>
-
-<p class=MsoCaption><a name="_Toc228807577">Table </a>136, RSA SecurID secret
-key object attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=228 valign=top style='width:171.0pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Attribute</span></b></p>
-   </td>
-   <td width=96 valign=top style='width:1.0in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Data type</span></b></p>
-   </td>
-   <td width=252 valign=top style='width:189.0pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=228 valign=top style='width:171.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_OTP_TIME_INTERVAL<sup>1</sup></span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CK_ULONG</span></p>
-  </td>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>Interval between OTP values produced with
-  this key, in seconds. Default is 60.</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><span class=MsoFootnoteReference>Refer to [PKCS #11-Base]  table
-10 for footnotes.</span>. <span class=MsoCommentReference><span
-style='font-size:8.0pt;display:none'>.</span></span></p>
-
-<p class=MsoNormal>The following is a sample template for creating an RSA
-SecurID secret key object:</p>
-
-<p class=CCode>CK_OBJECT_CLASS class = CKO_OTP_KEY;</p>
-
-<p class=CCode>CK_KEY_TYPE keyType = CKK_SECURID;</p>
-
-<p class=CCode>CK_DATE endDate = {...};</p>
-
-<p class=CCode>CK_UTF8CHAR label[] = “RSA SecurID secret key object”;</p>
-
-<p class=CCode>CK_BYTE keyId[]= {...};</p>
-
-<p class=CCode>CK_ULONG outputFormat = CK_OTP_FORMAT_DECIMAL;</p>
-
-<p class=CCode>CK_ULONG outputLength = 6;</p>
-
-<p class=CCode>CK_ULONG needPIN = CK_OTP_PARAM_MANDATORY;</p>
-
-<p class=CCode>CK_ULONG timeInterval = 60;</p>
-
-<p class=CCode>CK_BYTE value[] = {...};</p>
-
-<p class=CCode>   CK_BBOOL true = CK_TRUE;</p>
-
-<p class=CCode>CK_ATTRIBUTE template[] = {</p>
-
-<p class=CCode>   {CKA_CLASS, &amp;class, sizeof(class)},</p>
-
-<p class=CCode>   {CKA_KEY_TYPE, &amp;keyType, sizeof(keyType)},</p>
-
-<p class=CCode>   {CKA_END_DATE, &amp;endDate, sizeof(endDate)},</p>
-
-<p class=CCode>   {CKA_TOKEN, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>   {CKA_SENSITIVE, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>   {CKA_LABEL, label, sizeof(label)-1},</p>
-
-<p class=CCode>   {CKA_SIGN, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>   {CKA_VERIFY, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>   {CKA_ID, keyId, sizeof(keyId)},</p>
-
-<p class=CCode>   {CKA_OTP_FORMAT, &amp;outputFormat, sizeof(outputFormat)},</p>
-
-<p class=CCode>   {CKA_OTP_LENGTH, &amp;outputLength, sizeof(outputLength)},</p>
-
-<p class=CCode>   {CKA_OTP_PIN_REQUIREMENT, &amp;needPIN, sizeof(needPIN)},</p>
-
-<p class=CCode>   {CKA_OTP_TIME_INTERVAL, &amp;timeInterval,
-sizeof(timeInterval)},</p>
-
-<p class=CCode>   {CKA_VALUE, value, sizeof(value)}</p>
-
-<p class=CCode>};</p>
-
-<h3><a name="_Toc441850693"></a><a name="_Toc441162615"></a><a
-name="_Toc416960256"></a><a name="_Toc437440781"></a><a name="_Toc395188010"></a><a
-name="_Toc391471372"></a><a name="_Toc370634659"></a><a name="_Toc96126760"></a><a
-name="_Toc98037597"></a><a name="_Toc98570761"></a><a name="_Toc107130011"></a><a
-name="_Toc107636245"></a><a name="_Toc119999206"></a><a name="_Toc122756444"></a><a
-name="_Toc228807432"></a><a name="_Toc228894879">2.41.9 RSA SecurID key
-generation</a></h3>
-
-<p class=MsoNormal>The RSA SecurID key generation mechanism, denoted <b>CKM_SECURID_KEY_GEN</b>,
-is a key generation mechanism for the RSA SecurID algorithm.</p>
-
-<p class=MsoNormal>It does not have a parameter.</p>
-
-<p class=MsoNormal>The mechanism generates RSA SecurID keys with a particular
-set of attributes as specified in the template for the key.</p>
-
-<p class=MsoNormal>The mechanism contributes at least the <b>CKA_CLASS</b>, <b>CKA_KEY_TYPE</b>,
-<b>CKA_VALUE_LEN</b>, and <b>CKA_VALUE</b> attributes to the new key. Other
-attributes supported by the RSA SecurID key type may be specified in the
-template for the key, or else are assigned default initial values</p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-SecurID key sizes, in bytes.</p>
-
-<h3><a name="_Toc441850694"></a><a name="_Toc441162616"></a><a
-name="_Toc416960257"></a><a name="_Toc437440782"></a><a name="_Toc395188011"></a><a
-name="_Toc391471373"></a><a name="_Toc370634660"></a><a name="_Toc96126761"></a><a
-name="_Toc98037598"></a><a name="_Toc98570762"></a><a name="_Toc107130012"></a><a
-name="_Toc107636246"></a><a name="_Toc119999207"></a><a name="_Toc122756445"></a><a
-name="_Toc228807433"></a><a name="_Toc228894880">2.41.10 RSA SecurID OTP
-generation and validation</a></h3>
-
-<p class=MsoNormal><b>CKM_SECURID</b> is the mechanism for the retrieval and verification
-of RSA SecurID OTP values.</p>
-
-<p class=MsoNormal>The mechanism takes a pointer to a <b>CK_OTP_PARAMS</b>
-structure as a parameter.</p>
-
-<p class=MsoNormal>When signing or verifying using the <b>CKM_SECURID</b>
-mechanism, <i>pData</i> shall be set to NULL_PTR and <i>ulDataLen </i>shall be
-set to 0.</p>
-
-<h3><a name="_Toc441850695"></a><a name="_Toc441162617"></a><a
-name="_Toc416960258"></a><a name="_Toc437440783"></a><a name="_Toc395188012"></a><a
-name="_Toc391471374"></a><a name="_Toc370634661"></a><a name="_Toc96126762"></a><a
-name="_Toc98037599"></a><a name="_Toc98570763"></a><a name="_Toc107130013"></a><a
-name="_Toc107636247"></a><a name="_Toc119999208"></a><a name="_Toc122756446"></a><a
-name="_Toc228807434"></a><a name="_Toc228894881">2.41.11 Return values</a></h3>
-
-<p class=MsoNormal>Support for the CKM_SECURID mechanism extends the set of
-return values for C_Verify with the following values:</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_NEW_PIN_MODE: The supplied OTP was not accepted and the
-library requests a new OTP computed using a new PIN. The new PIN is set through
-means out of scope for this document.</p>
-
-<p class=MsoNormal style='margin-left:.25in;text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>CKR_NEXT_OTP: The supplied OTP was correct but indicated a larger
-than normal drift in the token's internal state (e.g. clock, counter). To
-ensure this was not due to a temporary problem, the application should provide
-the next one-time password to the library for verification.<a
-name="_Toc75597185"></a></p>
-
-<h3><a name="_Toc441850696"></a><a name="_Toc441162618"></a><a
-name="_Toc416960259"></a><a name="_Toc437440784"></a><a name="_Toc395188013"></a><a
-name="_Toc391471375"></a><a name="_Toc370634662"></a><a name="_Toc98037600"></a><a
-name="_Toc98570764"></a><a name="_Toc107130014"></a><a name="_Toc107636248"></a><a
-name="_Toc119999209"></a><a name="_Toc122756447"></a><a name="_Toc228807435"></a><a
-name="_Toc228894882">2.41.12 OATH HOTP</a></h3>
-
-<h4><a name="_Toc437440785"></a><a name="_Toc81113952"></a><a
-name="_Toc98037601"></a><a name="_Toc98570765"></a><a name="_Toc107130015"></a><a
-name="_Toc107636249"></a><a name="_Toc119999210"></a><a name="_Toc122756448">2.41.12.1
-OATH HOTP secret key objects</a></h4>
-
-<p class=MsoNormal>HOTP secret key objects (object class <b>CKO_OTP_KEY, </b>key
-type <b>CKK_HOTP</b>) hold generic secret keys and associated counter values.</p>
-
-<p class=MsoNormal>The <b>CKA_OTP_COUNTER </b>value may be set at key
-generation; however, some tokens may set it to a fixed initial value. Depending
-on the token’s security policy, this value may not be modified and/or may not
-be revealed if the object has its <b>CKA_SENSITIVE</b> attribute set to CK_TRUE
-or its <b>CKA_EXTRACTABLE</b> attribute set to CK_FALSE.</p>
-
-<p class=MsoNormal>For HOTP keys, the <b>CKA_OTP_COUNTER </b>value<b> </b>shall
-be an 8 bytes unsigned integer in big endian (i.e. network byte order) form.
-The same holds true for a <b>CK_OTP_COUNTER</b> value in a <b>CK_OTP_PARAM </b>structure.</p>
-
-<p class=MsoNormal>The following is a sample template for creating a HOTP
-secret key object:</p>
-
-<p class=CCode>CK_OBJECT_CLASS class = CKO_OTP_KEY;</p>
-
-<p class=CCode>CK_KEY_TYPE keyType = CKK_HOTP;</p>
-
-<p class=CCode>CK_UTF8CHAR label[] = “HOTP secret key object”;</p>
-
-<p class=CCode>CK_BYTE keyId[]= {...};</p>
-
-<p class=CCode>CK_ULONG outputFormat = CK_OTP_FORMAT_DECIMAL;</p>
-
-<p class=CCode>CK_ULONG outputLength = 6;</p>
-
-<p class=CCode>CK_DATE endDate = {...};</p>
-
-<p class=CCode>CK_BYTE counterValue[8] = {0};</p>
-
-<p class=CCode>CK_BYTE value[] = {...};</p>
-
-<p class=CCode>   CK_BBOOL true = CK_TRUE;</p>
-
-<p class=CCode>CK_ATTRIBUTE template[] = {</p>
-
-<p class=CCode>   {CKA_CLASS, &amp;class, sizeof(class)},</p>
-
-<p class=CCode>   {CKA_KEY_TYPE, &amp;keyType, sizeof(keyType)},</p>
-
-<p class=CCode>   {CKA_END_DATE, &amp;endDate, sizeof(endDate)},</p>
-
-<p class=CCode>   {CKA_TOKEN, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>   {CKA_SENSITIVE, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>   {CKA_LABEL, label, sizeof(label)-1},</p>
-
-<p class=CCode>   {CKA_SIGN, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>   {CKA_VERIFY, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>   {CKA_ID, keyId, sizeof(keyId)},</p>
-
-<p class=CCode>   {CKA_OTP_FORMAT, &amp;outputFormat, sizeof(outputFormat)},</p>
-
-<p class=CCode>   {CKA_OTP_LENGTH, &amp;outputLength, sizeof(outputLength)},</p>
-
-<p class=CCode>   {CKA_OTP_COUNTER, counterValue, sizeof(counterValue)},</p>
-
-<p class=CCode>   {CKA_VALUE, value, sizeof(value)}</p>
-
-<p class=CCode>};</p>
-
-<h4><a name="_Toc437440786"></a><a name="_Toc81113955"></a><a
-name="_Toc98037604"></a><a name="_Toc98570767"></a><a name="_Toc107130043"></a><a
-name="_Toc107636277"></a><a name="_Toc119999211"></a><a name="_Toc122756449">2.41.12.2
-HOTP key generation</a></h4>
-
-<p class=MsoNormal>The HOTP key generation mechanism, denoted <b>CKM_HOTP_KEY_GEN</b>,
-is a key generation mechanism for the HOTP algorithm.</p>
-
-<p class=MsoNormal>It does not have a parameter.</p>
-
-<p class=MsoNormal>The mechanism generates HOTP keys with a particular set of
-attributes as specified in the template for the key.</p>
-
-<p class=MsoNormal>The mechanism contributes at least the <b>CKA_CLASS</b>, <b>CKA_KEY_TYPE</b>,
-<b>CKA_OTP_COUNTER</b>, <b>CKA_VALUE</b> and <b>CKA_VALUE_LEN</b> attributes to
-the new key. Other attributes supported by the HOTP key type may be specified
-in the template for the key, or else are assigned default initial values.</p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure specify the supported range of
-HOTP key sizes, in bytes.</p>
-
-<h4><a name="_Toc437440787"></a><a name="_Toc98037605"></a><a
-name="_Toc98570768"></a><a name="_Toc107130044"></a><a name="_Toc107636278"></a><a
-name="_Toc119999212"></a><a name="_Toc122756450"></a><a name="_Toc81113956">2.41.12.3
-HOTP OTP generation</a> and validation</h4>
-
-<p class=MsoNormal><b>CKM_HOTP</b> is the mechanism for the retrieval and
-verification of HOTP OTP values based on the current internal counter, or a
-provided counter.</p>
-
-<p class=MsoNormal>The mechanism takes a pointer to a <b>CK_OTP_PARAMS</b>
-structure as a parameter.</p>
-
-<p class=MsoNormal>As for the <b>CKM_SECURID</b> mechanism, when signing or
-verifying using the <b>CKM_HOTP</b> mechanism, <i>pData</i> shall be set to
-NULL_PTR and <i>ulDataLen </i>shall be set to 0.</p>
-
-<p class=MsoNormal>For verify operations, the counter value <b>CK_OTP_COUNTER</b>
-must be provided as a <b>CK_OTP_PARAM </b>parameter to <b>C_VerifyInit</b>.
-When verifying an OTP value using the <b>CKM_HOTP</b> mechanism, <i>pSignature</i>
-shall be set to the OTP value itself, e.g. the value of the <b>CK_OTP_VALUE</b>
-component of a <b>CK_OTP_PARAMS </b>structure in the case of an earlier call to
-<b>C_Sign</b>.</p>
-
-<h3><a name="_Toc441850697"></a><a name="_Toc441162619"></a><a
-name="_Toc416960260"></a><a name="_Toc437440788"></a><a name="_Toc395188014"></a><a
-name="_Toc391471376"></a><a name="_Toc370634663"></a><a name="_Toc119999213"></a><a
-name="_Toc122756451"></a><a name="_Toc228807436"></a><a name="_Toc228894883">2.41.13
-ActivIdentity ACTI</a></h3>
-
-<h4><a name="_Toc437440789"></a><a name="_Toc119999214"></a><a
-name="_Toc122756452">2.41.13.1 ACTI secret key objects</a></h4>
-
-<p class=MsoNormal>ACTI secret key objects (object class <b>CKO_OTP_KEY, </b>key
-type <b>CKK_ACTI</b>) hold ActivIdentity ACTI secret keys.</p>
-
-<p class=MsoNormal>For ACTI keys, the <b>CKA_OTP_COUNTER </b>value shall be an
-8 bytes unsigned integer in big endian (i.e. network byte order) form. The same
-holds true for the <b>CK_OTP_COUNTER </b>value in the <b>CK_OTP_PARAM </b>structure.</p>
-
-<p class=MsoNormal>The <b>CKA_OTP_COUNTER </b>value may be set at key
-generation; however, some tokens may set it to a fixed initial value. Depending
-on the token’s security policy, this value may not be modified and/or may not
-be revealed if the object has its <b>CKA_SENSITIVE </b>attribute set to CK_TRUE
-or its <b>CKA_EXTRACTABLE </b>attribute set to CK_FALSE.</p>
-
-<p class=MsoNormal>The <b>CKA_OTP_TIME </b>value may be set at key generation;
-however, some tokens may set it to a fixed initial value. Depending on the
-token’s security policy, this value may not be modified and/or may not be
-revealed if the object has its <b>CKA_SENSITIVE </b>attribute set to CK_TRUE or
-its <b>CKA_EXTRACTABLE </b>attribute set to CK_FALSE.</p>
-
-<p class=MsoNormal>The following is a sample template for creating an ACTI
-secret key object:</p>
-
-<p class=CCode>CK_OBJECT_CLASS class = CKO_OTP_KEY;</p>
-
-<p class=CCode>CK_KEY_TYPE keyType = CKK_ACTI;</p>
-
-<p class=CCode>CK_UTF8CHAR label[] = “ACTI secret key object”;</p>
-
-<p class=CCode>CK_BYTE keyId[]= {...};</p>
-
-<p class=CCode>CK_ULONG outputFormat = CK_OTP_FORMAT_DECIMAL;</p>
-
-<p class=CCode>CK_ULONG outputLength = 6;</p>
-
-<p class=CCode>CK_DATE endDate = {...};</p>
-
-<p class=CCode>CK_BYTE counterValue[8] = {0};</p>
-
-<p class=CCode>CK_BYTE value[] = {...};</p>
-
-<p class=CCode>CK_BBOOL true = CK_TRUE;</p>
-
-<p class=CCode>CK_ATTRIBUTE template[] = {</p>
-
-<p class=CCode>   {CKA_CLASS, &amp;class, sizeof(class)},</p>
-
-<p class=CCode>   {CKA_KEY_TYPE, &amp;keyType, sizeof(keyType)},</p>
-
-<p class=CCode>   {CKA_END_DATE, &amp;endDate, sizeof(endDate)},</p>
-
-<p class=CCode>   {CKA_TOKEN, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>   {CKA_SENSITIVE, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>   {CKA_LABEL, label, sizeof(label)-1},</p>
-
-<p class=CCode>   {CKA_SIGN, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>   {CKA_VERIFY, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>   {CKA_ID, keyId, sizeof(keyId)},</p>
-
-<p class=CCode>   {CKA_OTP_FORMAT, &amp;outputFormat,</p>
-
-<p class=CCode>   sizeof(outputFormat)},</p>
-
-<p class=CCode>   {CKA_OTP_LENGTH, &amp;outputLength,</p>
-
-<p class=CCode>   sizeof(outputLength)},</p>
-
-<p class=CCode>   {CKA_OTP_COUNTER, counterValue,</p>
-
-<p class=CCode>   sizeof(counterValue)},</p>
-
-<p class=CCode>   {CKA_VALUE, value, sizeof(value)}</p>
-
-<p class=CCode>};</p>
-
-<h4><a name="_Toc437440790"></a><a name="_Toc119999215"></a><a
-name="_Toc122756453">2.41.13.2 ACTI key generation</a></h4>
-
-<p class=MsoNormal>The ACTI key generation mechanism, denoted <b>CKM_ACTI_KEY_GEN</b>,
-is a key generation mechanism for the ACTI algorithm.</p>
-
-<p class=MsoNormal>It does not have a parameter.</p>
-
-<p class=MsoNormal>The mechanism generates ACTI keys with a particular set of
-attributes as specified in the template for the key.</p>
-
-<p class=MsoNormal>The mechanism contributes at least the <b>CKA_CLASS</b>, <b>CKA_KEY_TYPE</b>,
-<b>CKA_VALUE </b>and <b>CKA_VALUE_LEN </b>attributes to the new key. Other
-attributes supported by the ACTI key type may be specified in the template for
-the key, or else are assigned default initial values.</p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize </i>and <i>ulMaxKeySize
-</i>fields of the <b>CK_MECHANISM_INFO </b>structure specify the supported
-range of ACTI key sizes, in bytes.</p>
-
-<h3><a name="_Toc441850698"></a><a name="_Toc441162620"></a><a
-name="_Toc416960261"></a><a name="_Toc437440791"></a><a name="_Toc395188015"></a><a
-name="_Toc391471377"></a><a name="_Toc370634664"></a><a name="_Toc122756454"></a><a
-name="_Toc228807437"></a><a name="_Toc228894884">2.41.14 ACTI OTP generation
-and validation</a></h3>
-
-<p class=MsoNormal><b>CKM_ACTI </b>is the mechanism for the retrieval and
-verification of ACTI OTP values.</p>
-
-<p class=MsoNormal>The mechanism takes a pointer to a <b>CK_OTP_PARAMS </b>structure
-as a parameter.</p>
-
-<p class=MsoNormal>When signing or verifying using the<b> CKM_ACTI </b>mechanism,
-<i>pData </i>shall be set to NULL_PTR and <i>ulDataLen </i>shall be set to 0.</p>
-
-<p class=MsoNormal>When verifying an OTP value using the <b>CKM_ACTI </b>mechanism,
-<i>pSignature </i>shall be set to the OTP value itself, e.g. the value of the <b>CK_OTP_VALUE
-</b>component of a <b>CK_OTP_PARAMS </b>structure in the case of an earlier
-call to <b>C_Sign</b>.</p>
-
-<h2><a name="_Toc441850699"></a><a name="_Toc441162621"></a><a
-name="_Toc416960262"></a><a name="_Toc437440792"></a><a name="_Toc395188016"></a><a
-name="_Toc391471378"></a><a name="_Toc370634665"></a><a name="_Toc122340262"></a><a
-name="_Toc228807438"></a><a name="_Toc228894885">2.42 CT-KIP</a></h2>
-
-<h3><a name="_Toc122340263"></a><a name="_Toc122340261"></a><a
-name="_Ref122504970"></a><a name="_Ref94434902"></a><a name="_Toc441850700"></a><a
-name="_Toc441162622"></a><a name="_Toc416960263"></a><a name="_Toc437440793"></a><a
-name="_Toc395188017"></a><a name="_Toc391471379"></a><a name="_Toc370634666"></a><a
-name="_Toc122340260"></a><a name="_Toc228807439"></a><a name="_Toc228894886">2.42.1
-Principles of Operation</a></h3>
-
-<p class=MsoNormal align=center style='text-align:center'><img border=0
-width=492 height=409
-src="pkcs11-curr-v2.40-errata01-os-complete_files/image005.png"></p>
-
-<p class=MsoCaption>Figure 4: PKCS #11 and CT-KIP integration</p>
-
-<p class=MsoNormal>Figure 3 shows an integration of PKCS #11 into an
-application that generates cryptographic keys through the use of CT-KIP. The application
-invokes <b>C_DeriveKey</b> to derive a key of a particular type on the token.
-The key may subsequently be used as a basis to e.g., generate one-time password
-values. The application communicates with a CT-KIP server that participates in
-the key derivation and stores a copy of the key in its database. The key is
-transferred to the server in wrapped form, after a call to <b>C_WrapKey</b>.
-The server authenticates itself to the client and the client verifies the
-authentication by calls to <b>C_Verify</b>.</p>
-
-<h3><a name="_Toc441850701"></a><a name="_Toc441162623"></a><a
-name="_Toc416960264"></a><a name="_Toc437440794"></a><a name="_Toc395188018"></a><a
-name="_Toc391471380"></a><a name="_Toc370634667"></a><a name="_Toc228807440"></a><a
-name="_Toc228894887">2.42.2 Mechanisms</a></h3>
-
-<p class=MsoNormal>The following table shows, for the mechanisms defined in
-this document, their support by different cryptographic operations.  For any
-particular token, of course, a particular operation may well support only a
-subset of the mechanisms listed.  There is also no guarantee that a token that
-supports one mechanism for some operation supports any other mechanism for any
-other operation (or even supports that same mechanism for any other operation).</p>
-
-<p class=MsoCaption><a name="_Toc228807578">Table </a>137: CT-KIP Mechanisms
-vs. applicable functions</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=234 valign=top style='width:175.5pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-   </td>
-   <td width=336 colspan=7 valign=top style='width:3.5in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Functions</span></b></p>
-   </td>
-  </tr>
-  <tr>
-   <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Mechanism</span></b></p>
-   </td>
-   <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Encrypt</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Decrypt</span></b></p>
-   </td>
-   <td width=47 valign=top style='width:35.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Sign</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Verify</span></b></p>
-   </td>
-   <td width=35 valign=top style='width:26.5pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>SR</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>VR</span></b><sup><span lang=SV style='font-size:10.0pt;
-   font-family:"Arial",sans-serif'>1</span></sup></p>
-   </td>
-   <td width=47 valign=top style='width:35.3pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span lang=SV style='font-size:10.0pt;font-family:
-   "Arial",sans-serif'>Digest</span></b></p>
-   </td>
-   <td width=41 valign=top style='width:30.9pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Gen.</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'> Key/</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Key</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Pair</span></b></p>
-   </td>
-   <td width=58 valign=top style='width:43.7pt;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Wrap</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&amp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Unwrap</span></b></p>
-   </td>
-   <td width=53 valign=top style='width:39.8pt;border-top:solid black 1.0pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></b></p>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>Derive</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_KIP_DERIVE</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_KIP_WRAP</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=234 valign=top style='width:175.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left;page-break-after:
-  auto'><span style='font-size:10.0pt;font-family:"Arial",sans-serif'>CKM_KIP_MAC</span></p>
-  </td>
-  <td width=54 valign=top style='width:40.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=35 valign=top style='width:26.5pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=47 valign=top style='width:35.3pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=41 valign=top style='width:30.9pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.7pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=53 valign=top style='width:39.8pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>The remainder of this section will present in detail the
-mechanisms and the parameters that are supplied to them.</p>
-
-<h3><a name="_Toc441850702"></a><a name="_Toc441162624"></a><a
-name="_Toc416960265"></a><a name="_Toc437440795"></a><a name="_Toc395188019"></a><a
-name="_Toc391471381"></a><a name="_Toc370634668"></a><a name="_Toc228807441"></a><a
-name="_Toc228894888">2.42.3 Definitions</a></h3>
-
-<p class=MsoNormal><span lang=SV>Mechanisms:</span></p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_KIP_DERIVE                 </p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_KIP_WRAP</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_KIP_MAC</p>
-
-<h3><a name="_Toc441850703"></a><a name="_Toc441162625"></a><a
-name="_Toc416960266"></a><a name="_Toc437440796"></a><a name="_Toc395188020"></a><a
-name="_Toc391471382"></a><a name="_Toc370634669"></a><a name="_Toc122340264"></a><a
-name="_Toc228807442"></a><a name="_Toc228894889">2.42.4 CT-KIP Mechanism
-parameters</a></h3>
-
-<p class=name style='margin-top:12.0pt;margin-right:0in;margin-bottom:0in;
-margin-left:.25in;margin-bottom:.0001pt;text-indent:-.25in'><a
-name="_Toc122340265"></a><a name="_Toc228807443"><span lang=X-NONE
-style='font-family:Symbol;font-weight:normal'>¨<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span lang=X-NONE style='font-family:"Arial",sans-serif'>CK_KIP_PARAMS;
-CK_KIP_PARAMS_PTR</span></a></p>
-
-<p class=MsoNormal><b>CK_KIP_PARAMS</b> is a structure that provides the
-parameters to all the CT-KIP related mechanisms: The <b>CKM_KIP_DERIVE</b> key
-derivation mechanism, the <b>CKM_KIP_WRAP</b> key wrap and key unwrap
-mechanism, and the <b>CKM_KIP_MAC </b>signature mechanism. The structure is
-defined as follows:</p>
-
-<p class=CCode>typedef struct CK_KIP_PARAMS {</p>
-
-<p class=CCode>   CK_MECHANISM_PTR  pMechanism;</p>
-
-<p class=CCode>   CK_OBJECT_HANDLE  hKey;</p>
-
-<p class=CCode>   CK_BYTE_PTR       pSeed;</p>
-
-<p class=CCode>   CK_ULONG          ulSeedLen;</p>
-
-<p class=CCode>} CK_KIP_PARAMS;</p>
-
-<p class=MsoNormal>The fields of the structure have the following meanings:</p>
-
-<p class=definition0>                              pMechanism       <span
-style='font-style:normal'>pointer to the underlying cryptographic mechanism
-(e.g. AES, SHA-256), see further </span><span
-style='font-style:normal'>0</span><span style='font-style:normal'>, Appendix D</span></p>
-
-<p class=definition0>                                         hKey       <span
-style='font-style:normal'>handle to a key that will contribute to the entropy
-of the derived key (CKM_KIP_DERIVE) or will be used in the MAC operation
-(CKM_KIP_MAC)</span></p>
-
-<p class=definition0>                                       pSeed       <span
-style='font-style:normal'>pointer to an input seed</span></p>
-
-<p class=definition0>                                 ulSeedLen       <span
-style='font-style:normal'>length in bytes of the input seed</span></p>
-
-<p class=MsoNormal><b>CK_KIP_PARAMS_PTR</b> is a pointer to a <b>CK_KIP_PARAMS</b>
-structure.   </p>
-
-<h3><a name="_Toc441850704"></a><a name="_Toc441162626"></a><a
-name="_Toc416960267"></a><a name="_Toc437440797"></a><a name="_Toc395188021"></a><a
-name="_Toc391471383"></a><a name="_Toc370634670"></a><a name="_Toc122340266"></a><a
-name="_Toc228807444"></a><a name="_Toc228894890">2.42.5 CT-KIP key derivation</a></h3>
-
-<p class=MsoNormal>The CT-KIP key derivation mechanism, denoted <b>CKM_KIP_DERIVE</b>,
-is a key derivation mechanism that is capable of generating secret keys of potentially
-any type, subject to token limitations.</p>
-
-<p class=MsoNormal>It takes a parameter of type <b>CK_KIP_PARAMS</b> which
-allows for the passing of the desired underlying cryptographic mechanism as
-well as some other data. In particular, when the <i>hKey</i> parameter is a
-handle to an existing key, that key will be used in the key derivation in
-addition to the <i>hBaseKey</i> of <b>C_DeriveKey</b>. The <i>pSeed</i>
-parameter may be used to seed the key derivation operation.</p>
-
-<p class=MsoNormal>The mechanism derives a secret key with a particular set of
-attributes as specified in the attributes of the template for the key.</p>
-
-<p class=MsoNormal>The mechanism contributes the <b>CKA_CLASS</b> and <b>CKA_VALUE</b>
-attributes to the new key. Other attributes supported by the key type may be
-specified in the template for the key, or else will be assigned default initial
-values. Since the mechanism is generic, the <b>CKA_KEY_TYPE</b> attribute
-should be set in the template, if the key is to be used with a particular
-mechanism.</p>
-
-<h3><a name="_Toc441850705"></a><a name="_Toc441162627"></a><a
-name="_Toc416960268"></a><a name="_Toc437440798"></a><a name="_Toc395188022"></a><a
-name="_Toc391471384"></a><a name="_Toc370634671"></a><a name="_Toc122340267"></a><a
-name="_Toc228807445"></a><a name="_Toc228894891">2.42.6 CT-KIP key wrap and key
-unwrap</a></h3>
-
-<p class=MsoNormal>The CT-KIP key wrap and unwrap mechanism, denoted <b>CKM_KIP_WRAP</b>,
-is a key wrap mechanism that is capable of wrapping and unwrapping generic
-secret keys.</p>
-
-<p class=MsoNormal>It takes a parameter of type <b>CK_KIP_PARAMS</b>, which
-allows for the passing of the desired underlying cryptographic mechanism as
-well as some other data. It does not make use of the <i>hKey</i> parameter of <b>CK_KIP_PARAMS</b>.</p>
-
-<h3><a name="_Toc441850706"></a><a name="_Toc441162628"></a><a
-name="_Toc416960269"></a><a name="_Toc437440799"></a><a name="_Toc395188023"></a><a
-name="_Toc391471385"></a><a name="_Toc370634672"></a><a name="_Toc122340268"></a><a
-name="_Toc228807446"></a><a name="_Toc228894892">2.42.7 CT-KIP signature
-generation</a></h3>
-
-<p class=MsoNormal>The CT-KIP signature (MAC) mechanism, denoted <b>CKM_KIP_MAC</b>,
-is a mechanism used to produce a message authentication code of arbitrary
-length. The keys it uses are secret keys.</p>
-
-<p class=MsoNormal>It takes a parameter of type <b>CK_KIP_PARAMS</b>, which
-allows for the passing of the desired underlying cryptographic mechanism as
-well as some other data. The mechanism does not make use of the <i>pSeed</i>
-and the <i>ulSeedLen</i> parameters of <b>CT_KIP_PARAMS</b>.</p>
-
-<p class=MsoNormal>This mechanism produces a MAC of the length specified by <i>pulSignatureLen
-</i>parameter in calls to <b>C_Sign</b>.</p>
-
-<p class=MsoNormal>If a call to <b>C_Sign</b> with this mechanism fails, then
-no output will be generated.</p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<h2><a name="_Toc441850707"></a><a name="_Toc441162629"></a><a
-name="_Toc416960270"></a><a name="_Toc437440800"></a><a name="_Toc395188024"></a><a
-name="_Toc391471386"></a><a name="_Toc370634673"></a><a name="_Toc228807447"></a><a
-name="_Toc228894893">2.43 GOST</a></h2>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<p class=MsoNormal>The remainder of this section will present in detail the
-mechanisms and the parameters which are supplied to them.</p>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>&nbsp;</span></i></p>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>&nbsp;</span></i></p>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>138</span></i><i><span style='font-size:9.0pt'>, GOST Mechanisms
-vs. Functions</span></i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='border-collapse:collapse;border:none'>
- <tr style='height:17.0pt'>
-  <td width=224 rowspan=2 valign=top style='width:167.8pt;border:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.0pt'>
-  <p class=MsoNormal align=center style='text-align:center'><b>&nbsp;</b></p>
-  <p class=MsoNormal align=center style='text-align:center'><b>&nbsp;</b></p>
-  <p class=MsoNormal align=center style='text-align:center'><b>Mechanism</b></p>
-  </td>
-  <td width=380 colspan=7 valign=top style='width:284.9pt;border:solid windowtext 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt;height:17.0pt'>
-  <p class=MsoNormal align=center style='text-align:center'><b>Functions</b></p>
-  </td>
- </tr>
- <tr style='height:9.1pt'>
-  <td width=58 valign=top style='width:43.8pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:9.1pt'>
-  <p class=MsoNormal align=center style='text-align:center'><b>Encrypt  &amp; 
-  Decrypt</b></p>
-  </td>
-  <td width=49 valign=top style='width:36.6pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:9.1pt'>
-  <p class=MsoNormal align=center style='text-align:center'><b>Sign  &amp;
-  Verify</b></p>
-  </td>
-  <td width=52 valign=top style='width:38.95pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:9.1pt'>
-  <p class=MsoNormal align=center style='text-align:center'><b>SR &amp; VR</b></p>
-  </td>
-  <td width=49 valign=top style='width:37.1pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:9.1pt'>
-  <p class=MsoNormal align=center style='text-align:center'><b>&nbsp;</b></p>
-  <p class=MsoNormal align=center style='text-align:center'><b>Digest</b></p>
-  </td>
-  <td width=49 valign=top style='width:37.1pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:9.1pt'>
-  <p class=MsoNormal align=center style='text-align:center'><b>Gen. Key/ Key
-  Pair</b></p>
-  </td>
-  <td width=62 valign=top style='width:46.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:9.1pt'>
-  <p class=MsoNormal align=center style='text-align:center'><b>Wrap  &amp;
-  Unwrap</b></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:9.1pt'>
-  <p class=MsoNormal align=center style='text-align:center'><b>&nbsp;</b></p>
-  <p class=MsoNormal align=center style='text-align:center'><b>Derive</b></p>
-  </td>
- </tr>
- <tr style='height:18.25pt'>
-  <td width=224 valign=top style='width:167.8pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt;height:18.25pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>CKM_GOST28147_KEY_GEN</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.8pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:18.25pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:36.6pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:18.25pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=52 valign=top style='width:38.95pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:18.25pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:37.1pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:18.25pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:37.1pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:18.25pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=62 valign=top style='width:46.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:18.25pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:18.25pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr style='height:17.3pt'>
-  <td width=224 valign=top style='width:167.8pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>CKM_ GOST28147_ECB</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.8pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=49 valign=top style='width:36.6pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=52 valign=top style='width:38.95pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:37.1pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:37.1pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=62 valign=top style='width:46.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr style='height:17.3pt'>
-  <td width=224 valign=top style='width:167.8pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>CKM_GOST28147</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.8pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=49 valign=top style='width:36.6pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=52 valign=top style='width:38.95pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:37.1pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:37.1pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=62 valign=top style='width:46.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr style='height:17.3pt'>
-  <td width=224 valign=top style='width:167.8pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>CKM_ GOST28147_MAC</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.8pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:36.6pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=52 valign=top style='width:38.95pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:37.1pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:37.1pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=62 valign=top style='width:46.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr style='height:17.3pt'>
-  <td width=224 valign=top style='width:167.8pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>CKM_ GOST28147_KEY_WRAP</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.8pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:36.6pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=52 valign=top style='width:38.95pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:37.1pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:37.1pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=62 valign=top style='width:46.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr style='height:17.3pt'>
-  <td width=224 valign=top style='width:167.8pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>CKM_GOSTR3411</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.8pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:36.6pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=52 valign=top style='width:38.95pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:37.1pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=49 valign=top style='width:37.1pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=62 valign=top style='width:46.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr style='height:17.3pt'>
-  <td width=224 valign=top style='width:167.8pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>CKM_GOSTR3411_HMAC</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.8pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:36.6pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=52 valign=top style='width:38.95pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:37.1pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:37.1pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=62 valign=top style='width:46.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr style='height:17.3pt'>
-  <td width=224 valign=top style='width:167.8pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>CKM_GOSTR3410_KEY_PAIR_GEN</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.8pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:36.6pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=52 valign=top style='width:38.95pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:37.1pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:37.1pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=62 valign=top style='width:46.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr style='height:17.3pt'>
-  <td width=224 valign=top style='width:167.8pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>CKM_GOSTR3410</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.8pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:36.6pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span><sup><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>1</span></sup></p>
-  </td>
-  <td width=52 valign=top style='width:38.95pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:37.1pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:37.1pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=62 valign=top style='width:46.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr style='height:17.3pt'>
-  <td width=224 valign=top style='width:167.8pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.75pt 0in 5.75pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>CKM_GOSTR3410_WITH_<span class=msoDel><del
-  cite="mailto:TCA" datetime="2016-01-20T14:55">GOST3411</del></span><span
-  class=msoIns><ins cite="mailto:TCA" datetime="2016-01-20T14:55">GOSTR3411</ins></span></span></p>
-  </td>
-  <td width=58 valign=top style='width:43.8pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:36.6pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=52 valign=top style='width:38.95pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:37.1pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:37.1pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=62 valign=top style='width:46.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr style='height:17.3pt'>
-  <td width=224 valign=top style='width:167.8pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>CKM_GOSTR3410_KEY_WRAP</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.8pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:36.6pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=52 valign=top style='width:38.95pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:37.1pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:37.1pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=62 valign=top style='width:46.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr style='height:17.3pt'>
-  <td width=224 valign=top style='width:167.8pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>CKM_GOSTR3410_DERIVE</span></p>
-  </td>
-  <td width=58 valign=top style='width:43.8pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:36.6pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=52 valign=top style='width:38.95pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:37.1pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=49 valign=top style='width:37.1pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=62 valign=top style='width:46.35pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:"Arial",sans-serif'>&nbsp;</span></p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:17.3pt'>
-  <p class=TableSmallFont style='page-break-after:auto'><span style='font-size:
-  10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>1</sup> <span class=MsoFootnoteReference>Single-part
-operations only</span></p>
-
-<h2><a name="_Toc441850708"></a><a name="_Toc441162630"></a><a
-name="_Toc416960271"></a><a name="_Toc437440801"></a><a name="_Toc395188025"></a><a
-name="_Toc391471387"></a><a name="_Toc370634674"></a><a name="_Toc228807448"></a><a
-name="_Toc228894894">2.44 GOST 28147-89</a></h2>
-
-<p class=MsoNormal>GOST 28147-89 is a block cipher with 64-bit block size and
-256-bit keys.</p>
-
-<h3><a name="_Toc441850709"></a><a name="_Toc441162631"></a><a
-name="_Toc416960272"></a><a name="_Toc437440802"></a><a name="_Toc395188026"></a><a
-name="_Toc391471388"></a><a name="_Toc370634675"></a><a name="_Toc228807449"></a><a
-name="_Toc228894895">2.44.1 Definitions</a> </h3>
-
-<p class=MsoNormal>This section defines the key type “CKK_GOST28147” for type
-CK_KEY_TYPE as used in the CKA_KEY_TYPE attribute of key objects and domain
-parameter objects.</p>
-
-<p class=MsoNormal>Mechanisms:</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_GOST28147_KEY_GEN</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_GOST28147_ECB</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_GOST28147</p>
-
-<p class=MsoNormal style='margin-left:.5in'> CKM_GOST28147_MAC</p>
-
-<p class=MsoNormal style='margin-left:.5in'> CKM_GOST28147_KEY_WRAP</p>
-
-<h3><a name="_Toc441850710"></a><a name="_Toc441162632"></a><a
-name="_Toc416960273"></a><a name="_Toc437440803"></a><a name="_Toc395188027"></a><a
-name="_Toc391471389"></a><a name="_Toc370634676"></a><a name="_Toc228807450"></a><a
-name="_Toc228894896">2.44.2 GOST 28147-89 secret key objects</a> </h3>
-
-<p class=MsoNormal>GOST&nbsp;28147&#8209;89 secret key objects (object class <b>CKO_SECRET_KEY,
-</b>key type <b>CKK_GOST28147</b>) hold GOST&nbsp;28147&#8209;89 keys. The
-following table defines the GOST&nbsp;28147&#8209;89 secret key object
-attributes, in addition to the common attributes defined for this object class:</p>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>139</span></i><i><span style='font-size:9.0pt'>, GOST
-28147-89 Secret Key Object Attributes </span></i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0 width=586
- style='width:439.45pt;margin-left:5.65pt;border-collapse:collapse;border:none'>
- <tr>
-  <td width=225 valign=top style='width:168.85pt;border-top:1.5pt;border-left:
-  1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:windowtext;
-  border-style:solid;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal><b>Attribute</b></p>
-  </td>
-  <td width=105 valign=top style='width:78.45pt;border-top:solid windowtext 1.5pt;
-  border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal><b>Data type</b></p>
-  </td>
-  <td width=256 valign=top style='width:192.15pt;border-top:solid windowtext 1.5pt;
-  border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal><b>Meaning </b></p>
-  </td>
- </tr>
- <tr>
-  <td width=225 valign=top style='width:168.85pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.0pt;border-right:
-  solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>CKA_VALUE<sup>1,4,6,7</sup></p>
-  </td>
-  <td width=105 valign=top style='width:78.45pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Byte array</p>
-  </td>
-  <td width=256 valign=top style='width:192.15pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>32 bytes in little endian order</p>
-  </td>
- </tr>
- <tr>
-  <td width=225 valign=top style='width:168.85pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.5pt;border-right:
-  solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>CKA_GOST28147_PARAMS<sup>1,3,5</sup></p>
-  </td>
-  <td width=105 valign=top style='width:78.45pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.5pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Byte array </p>
-  </td>
-  <td width=256 valign=top style='width:192.15pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.5pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>DER-encoding of the object identifier indicating the data
-  object type of GOST&nbsp;28147&#8209;89. </p>
-  <p class=MsoNormal>When key is used the domain parameter object of key type
-  CKK_GOST28147 must be specified with the same attribute CKA_OBJECT_ID </p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal style='page-break-after:avoid'><span
-class=MsoFootnoteReference>Refer to [PKCS #11-Base]  Table 10 for footnotes</span></p>
-
-<p class=MsoNormal>The following is a sample template for creating a
-GOST&nbsp;28147&#8209;89 secret key object:</p>
-
-<p class=CCode>CK_OBJECT_CLASS class = CKO_SECRET_KEY;</p>
-
-<p class=CCode>CK_KEY_TYPE keyType = CKK_GOST28147;</p>
-
-<p class=CCode>CK_UTF8CHAR label[] = “A GOST 28147-89 secret key object”;</p>
-
-<p class=CCode>CK_BYTE value[32] = {...};</p>
-
-<p class=CCode>CK_BYTE params_oid[] = {0x06, 0x07, 0x2a, 0x85, 0x03, 0x02,
-0x02, 0x1f, 0x00};</p>
-
-<p class=CCode>CK_BBOOL true = CK_TRUE;</p>
-
-<p class=CCode>CK_ATTRIBUTE template[] = {</p>
-
-<p class=CCode>    {CKA_CLASS, &amp;class, sizeof(class)},</p>
-
-<p class=CCode>    {CKA_KEY_TYPE, &amp;keyType, sizeof(keyType)},</p>
-
-<p class=CCode>    {CKA_TOKEN, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>    {CKA_LABEL, label, sizeof(label)-1},</p>
-
-<p class=CCode>    {CKA_ENCRYPT, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>    {CKA_GOST28147_PARAMS, params_oid, sizeof(params_oid)},</p>
-
-<p class=CCode>    {CKA_VALUE, value, sizeof(value)}</p>
-
-<p class=CCode>};</p>
-
-<h3><a name="_Toc441850711"></a><a name="_Toc441162633"></a><a
-name="_Toc416960274"></a><a name="_Toc437440804"></a><a name="_Toc395188028"></a><a
-name="_Toc391471390"></a><a name="_Toc370634677"></a><a name="_Toc228807451"></a><a
-name="_Toc228894897">2.44.3 GOST 28147-89 domain parameter objects</a></h3>
-
-<p class=MsoNormal>GOST&nbsp;28147&#8209;89 domain parameter objects (object
-class <b>CKO_DOMAIN_PARAMETERS, </b>key type <b>CKK_GOST28147</b>) hold GOST&nbsp;28147&#8209;89
-domain parameters.  </p>
-
-<p class=MsoNormal>The following table defines the GOST&nbsp;28147&#8209;89 domain
-parameter object attributes, in addition to the common attributes defined for
-this object class:</p>
-
-<p class=MsoCaption><a name="_Toc76209812"></a><a name="_Ref505614849">Table </a>140,
-GOST 28147-89 Domain Parameter Object Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=168 valign=top style='width:1.75in;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Attribute</span></b></p>
-   </td>
-   <td width=120 valign=top style='width:1.25in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Data Type</span></b></p>
-   </td>
-   <td width=300 valign=top style='width:225.0pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=168 valign=top style='width:1.75in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_VALUE<sup>1</sup></span></p>
-  </td>
-  <td width=120 valign=top style='width:1.25in;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Byte array</span></p>
-  </td>
-  <td width=300 valign=top style='width:225.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>DER-encoding of the domain parameters as it
-  was introduced in [4] section 8.1 (type <i>Gost28147-89-ParamSetParameters</i>)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=168 valign=top style='width:1.75in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_OBJECT_ID<sup>1</sup></span></p>
-  </td>
-  <td width=120 valign=top style='width:1.25in;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Byte array</span></p>
-  </td>
-  <td width=300 valign=top style='width:225.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>DER-encoding of the object identifier
-  indicating the domain parameters </span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal style='page-break-after:avoid'><span
-class=MsoFootnoteReference>Refer to [PKCS #11-Base]  Table 10 for footnotes</span></p>
-
-<p class=MsoNormal>For any particular token, there is no guarantee that a token
-supports domain parameters loading up and/or fetching out. Furthermore,
-applications, that make direct use of domain parameters objects, should take in
-account that <b>CKA_VALUE</b> attribute may be inaccessible.</p>
-
-<p class=MsoNormal>The following is a sample template for creating a
-GOST&nbsp;28147&#8209;89 domain parameter object:</p>
-
-<p class=CCode>CK_OBJECT_CLASS class = CKO_DOMAIN_PARAMETERS;</p>
-
-<p class=CCode>CK_KEY_TYPE keyType = CKK_GOST28147;</p>
-
-<p class=CCode>CK_UTF8CHAR label[] = “A GOST 28147-89 cryptographic parameters
-object”;</p>
-
-<p class=CCode>CK_BYTE oid[] = {0x06, 0x07, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x1f,
-0x00};</p>
-
-<p class=CCode>CK_BYTE value[] = {</p>
-
-<p class=CCode>   0x30,0x62,0x04,0x40,0x4c,0xde,0x38,0x9c,0x29,0x89,0xef,0xb6,0xff,0xeb,0x56,</p>
-
-<p class=CCode>   <span lang=IT>0xc5,0x5e,0xc2,0x9b,0x02,0x98,0x75,0x61,0x3b,0x11,0x3f,0x89,0x60,0x03,0x97,</span></p>
-
-<p class=CCode><span lang=IT>   0x0c,0x79,0x8a,0xa1,0xd5,0x5d,0xe2,0x10,0xad,0x43,0x37,0x5d,0xb3,0x8e,0xb4,</span></p>
-
-<p class=CCode><span lang=IT>   0x2c,0x77,0xe7,0xcd,0x46,0xca,0xfa,0xd6,0x6a,0x20,0x1f,0x70,0xf4,0x1e,0xa4,</span></p>
-
-<p class=CCode><span lang=IT>   0xab,0x03,0xf2,0x21,0x65,0xb8,0x44,0xd8,0x02,0x01,0x00,0x02,0x01,0x40,</span></p>
-
-<p class=CCode><span lang=IT>   0x30,0x0b,0x06,0x07,0x2a,0x85,0x03,0x02,0x02,0x0e,0x00,0x05,0x00</span></p>
-
-<p class=CCode>};</p>
-
-<p class=CCode>CK_BBOOL true = CK_TRUE;</p>
-
-<p class=CCode>CK_ATTRIBUTE template[] = {</p>
-
-<p class=CCode>    {CKA_CLASS, &amp;class, sizeof(class)},</p>
-
-<p class=CCode>    {CKA_KEY_TYPE, &amp;keyType, sizeof(keyType)},</p>
-
-<p class=CCode>    {CKA_TOKEN, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>    {CKA_LABEL, label, sizeof(label)-1},</p>
-
-<p class=CCode>    {CKA_OBJECT_ID, oid, sizeof(oid)},</p>
-
-<p class=CCode>    {CKA_VALUE, value, sizeof(value)}</p>
-
-<p class=CCode>};</p>
-
-<h3><a name="_Toc441850712"></a><a name="_Toc441162634"></a><a
-name="_Toc416960275"></a><a name="_Toc437440805"></a><a name="_Toc395188029"></a><a
-name="_Toc391471391"></a><a name="_Toc370634678"></a><a name="_Toc228807452"></a><a
-name="_Toc228894898">2.44.4 GOST 28147-89 key generation</a> </h3>
-
-<p class=MsoNormal>The GOST&nbsp;28147&#8209;89 key generation mechanism,
-denoted <b>CKM_GOST28147_KEY_GEN</b>, is a key generation mechanism for
-GOST&nbsp;28147&#8209;89.</p>
-
-<p class=MsoNormal>It does not have a parameter.</p>
-
-<p class=MsoNormal>The mechanism contributes the <b>CKA_CLASS</b>, <b>CKA_KEY_TYPE</b>,
-and <b>CKA_VALUE </b>attributes to the new key. Other attributes supported by
-the GOST&nbsp;28147&#8209;89 key type may be specified for objects of object
-class <b>CKO_SECRET_KEY</b>.</p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO </b>are not used.</p>
-
-<h3><a name="_Toc441850713"></a><a name="_Toc441162635"></a><a
-name="_Toc416960276"></a><a name="_Toc437440806"></a><a name="_Toc395188030"></a><a
-name="_Toc391471392"></a><a name="_Toc370634679"></a><a name="_Toc228807453"></a><a
-name="_Toc228894899">2.44.5 GOST 28147-89-ECB</a> </h3>
-
-<p class=MsoNormal>GOST&nbsp;28147&#8209;89-ECB, denoted <b>CKM_GOST28147_ECB</b>,
-is a mechanism for single and multiple-part encryption and decryption; key
-wrapping; and key unwrapping, based on GOST&nbsp;28147&#8209;89 and electronic
-codebook mode.</p>
-
-<p class=MsoNormal>It does not have a parameter.</p>
-
-<p class=MsoNormal>This mechanism can wrap and unwrap any secret key. Of
-course, a particular token may not be able to wrap/unwrap every secret key that
-it supports.</p>
-
-<p class=MsoNormal>For wrapping (<b>C_WrapKey</b>), the mechanism encrypts the
-value of the <b>CKA_VALUE </b>attribute of the key that is wrapped, padded on
-the trailing end with up to block size so that the resulting length is a
-multiple of the block size.</p>
-
-<p class=MsoNormal>For unwrapping (<b>C_UnwrapKey</b>), the mechanism decrypts
-the wrapped key, and truncates the result according to the <b>CKA_KEY_TYPE </b>attribute
-of the template and, if it has one, and the key type supports it, the <b>CKA_VALUE_LEN
-</b>attribute of the template. The mechanism contributes the result as the <b>CKA_VALUE
-</b>attribute of the new key.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of data are
-summarized in the following table:</p>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>141</span></i><i><span style='font-size:9.0pt'>, GOST
-28147-89-ECB: Key and Data Length </span></i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0 width=552
- style='width:413.75pt;margin-left:5.65pt;border-collapse:collapse;border:none'>
- <tr>
-  <td width=118 valign=top style='width:88.15pt;border-top:1.5pt;border-left:
-  1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:windowtext;
-  border-style:solid;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal><b>Function</b></p>
-  </td>
-  <td width=143 valign=top style='width:107.5pt;border-top:solid windowtext 1.5pt;
-  border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal><b>Key type</b></p>
-  </td>
-  <td width=99 valign=top style='width:74.1pt;border-top:solid windowtext 1.5pt;
-  border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal><b>Input length</b></p>
-  </td>
-  <td width=192 valign=top style='width:2.0in;border-top:solid windowtext 1.5pt;
-  border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal><b>Output length</b></p>
-  </td>
- </tr>
- <tr>
-  <td width=118 valign=top style='width:88.15pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.0pt;border-right:
-  solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>C_Encrypt</p>
-  </td>
-  <td width=143 valign=top style='width:107.5pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>CKK_GOST28147</p>
-  </td>
-  <td width=99 style='width:74.1pt;border-top:none;border-left:none;border-bottom:
-  solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=center style='text-align:center'>Multiple of block
-  size</p>
-  </td>
-  <td width=192 valign=top style='width:2.0in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Same as input length </p>
-  </td>
- </tr>
- <tr>
-  <td width=118 valign=top style='width:88.15pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.0pt;border-right:
-  solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>C_Decrypt</p>
-  </td>
-  <td width=143 valign=top style='width:107.5pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>CKK_GOST28147</p>
-  </td>
-  <td width=99 style='width:74.1pt;border-top:none;border-left:none;border-bottom:
-  solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=center style='text-align:center'>Multiple of block
-  size</p>
-  </td>
-  <td width=192 valign=top style='width:2.0in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Same as input length </p>
-  </td>
- </tr>
- <tr style='height:6.9pt'>
-  <td width=118 valign=top style='width:88.15pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.0pt;border-right:
-  solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;height:6.9pt'>
-  <p class=MsoNormal>C_WrapKey</p>
-  </td>
-  <td width=143 valign=top style='width:107.5pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:6.9pt'>
-  <p class=MsoNormal>CKK_GOST28147</p>
-  </td>
-  <td width=99 style='width:74.1pt;border-top:none;border-left:none;border-bottom:
-  solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;
-  height:6.9pt'>
-  <p class=MsoNormal align=center style='text-align:center'>Any</p>
-  </td>
-  <td width=192 valign=top style='width:2.0in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt;height:6.9pt'>
-  <p class=MsoNormal>Input length rounded up to multiple of block size</p>
-  </td>
- </tr>
- <tr style='height:6.9pt'>
-  <td width=118 valign=top style='width:88.15pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.5pt;border-right:
-  solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;height:6.9pt'>
-  <p class=MsoNormal>C_UnwrapKey</p>
-  </td>
-  <td width=143 valign=top style='width:107.5pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.5pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:6.9pt'>
-  <p class=MsoNormal>CKK_GOST28147</p>
-  </td>
-  <td width=99 style='width:74.1pt;border-top:none;border-left:none;border-bottom:
-  solid windowtext 1.5pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;
-  height:6.9pt'>
-  <p class=MsoNormal align=center style='text-align:center'>Multiple of block
-  size</p>
-  </td>
-  <td width=192 valign=top style='width:2.0in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.5pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt;height:6.9pt'>
-  <p class=MsoNormal>Determined by type of key being unwrapped</p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO</b> structure are not used.</p>
-
-<h3><a name="_Toc441850714"></a><a name="_Toc441162636"></a><a
-name="_Toc416960277"></a><a name="_Toc437440807"></a><a name="_Toc395188031"></a><a
-name="_Toc391471393"></a><a name="_Toc370634680"></a><a name="_Toc228807454"></a><a
-name="_Toc228894900">2.44.6 GOST 28147-89 encryption mode except ECB</a></h3>
-
-<p class=MsoNormal>GOST&nbsp;28147&#8209;89 encryption mode except ECB, denoted
-<b>CKM_GOST28147</b>, is a mechanism for single and multiple-part encryption
-and decryption; key wrapping; and key unwrapping, based on [GOST&nbsp;28147&#8209;89]
-and CFB, counter mode, and additional CBC mode defined in [RFC 4357] section 2.
-Encryption’s parameters are specified in object identifier of attribute <b>CKA_GOST28147_PARAMS</b>.</p>
-
-<p class=MsoNormal>It has a parameter, which is an 8-byte initialization
-vector. This parameter may be omitted then a zero initialization vector is
-used.</p>
-
-<p class=MsoNormal>This mechanism can wrap and unwrap any secret key. Of
-course, a particular token may not be able to wrap/unwrap every secret key that
-it supports. </p>
-
-<p class=MsoNormal>For wrapping (<b>C_WrapKey</b>), the mechanism encrypts the
-value of the <b>CKA_VALUE </b>attribute of the key that is wrapped.</p>
-
-<p class=MsoNormal>For unwrapping (<b>C_UnwrapKey</b>), the mechanism decrypts
-the wrapped key, and contributes the result as the <b>CKA_VALUE </b>attribute
-of the new key.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of data are
-summarized in the following table:</p>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>142</span></i><i><span style='font-size:9.0pt'>, GOST
-28147-89 encryption modes except ECB: Key and Data Length</span></i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0 width=552
- style='width:413.75pt;margin-left:5.65pt;border-collapse:collapse;border:none'>
- <tr>
-  <td width=118 style='width:88.15pt;border-top:1.5pt;border-left:1.5pt;
-  border-bottom:1.0pt;border-right:1.0pt;border-color:windowtext;border-style:
-  solid;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal><b>Function</b></p>
-  </td>
-  <td width=143 style='width:107.5pt;border-top:solid windowtext 1.5pt;
-  border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal><b>Key type</b></p>
-  </td>
-  <td width=86 style='width:64.15pt;border-top:solid windowtext 1.5pt;
-  border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal><b>Input length</b></p>
-  </td>
-  <td width=205 style='width:153.95pt;border-top:solid windowtext 1.5pt;
-  border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal><b>Output length</b></p>
-  </td>
- </tr>
- <tr>
-  <td width=118 valign=top style='width:88.15pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.0pt;border-right:
-  solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>C_Encrypt</p>
-  </td>
-  <td width=143 valign=top style='width:107.5pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>CKK_GOST28147</p>
-  </td>
-  <td width=86 style='width:64.15pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=center style='text-align:center'>Any</p>
-  </td>
-  <td width=205 rowspan=4 valign=top style='width:153.95pt;border-top:none;
-  border-left:none;border-bottom:solid windowtext 1.5pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>For counter mode and CFB is the same as input length. For
-  CBC is the same as input length padded on the trailing end with up to block
-  size so that the resulting length is a multiple of the block size</p>
-  </td>
- </tr>
- <tr>
-  <td width=118 valign=top style='width:88.15pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.0pt;border-right:
-  solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>C_Decrypt</p>
-  </td>
-  <td width=143 valign=top style='width:107.5pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>CKK_GOST28147</p>
-  </td>
-  <td width=86 style='width:64.15pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=center style='text-align:center'>Any</p>
-  </td>
- </tr>
- <tr style='height:6.9pt'>
-  <td width=118 valign=top style='width:88.15pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.0pt;border-right:
-  solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;height:6.9pt'>
-  <p class=MsoNormal>C_WrapKey</p>
-  </td>
-  <td width=143 valign=top style='width:107.5pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:6.9pt'>
-  <p class=MsoNormal>CKK_GOST28147</p>
-  </td>
-  <td width=86 style='width:64.15pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:6.9pt'>
-  <p class=MsoNormal align=center style='text-align:center'>Any</p>
-  </td>
- </tr>
- <tr style='height:6.9pt'>
-  <td width=118 valign=top style='width:88.15pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.5pt;border-right:
-  solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt;height:6.9pt'>
-  <p class=MsoNormal>C_UnwrapKey</p>
-  </td>
-  <td width=143 valign=top style='width:107.5pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.5pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:6.9pt'>
-  <p class=MsoNormal>CKK_GOST28147</p>
-  </td>
-  <td width=86 style='width:64.15pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.5pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt;height:6.9pt'>
-  <p class=MsoNormal align=center style='text-align:center'>Any</p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO </b>structure are not used.</p>
-
-<h3><a name="_Toc441850715"></a><a name="_Toc441162637"></a><a
-name="_Toc416960278"></a><a name="_Toc437440808"></a><a name="_Toc395188032"></a><a
-name="_Toc391471394"></a><a name="_Toc370634681"></a><a name="_Toc228807455"></a><a
-name="_Toc228894901">2.44.7 GOST 28147-89-MAC</a> </h3>
-
-<p class=MsoNormal>GOST 28147-89-MAC, denoted <b>CKM_GOST28147_MAC</b>, is a
-mechanism for data integrity and authentication based on GOST 28147-89 and key
-meshing algorithms [RFC 4357] section 2.3.</p>
-
-<p class=MsoNormal>MACing parameters are specified in object identifier of
-attribute <b>CKA_GOST28147_PARAMS</b>.</p>
-
-<p class=MsoNormal>The output bytes from this mechanism are taken from the
-start of the final GOST&nbsp;28147&#8209;89 cipher block produced in the MACing
-process.</p>
-
-<p class=MsoNormal>It has a parameter, which is an 8-byte MAC initialization
-vector. This parameter may be omitted then a zero initialization vector is
-used.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of data are
-summarized in the following table:</p>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>143</span></i><i><span style='font-size:9.0pt'>,
-GOST28147-89-MAC: Key and Data Length </span></i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0 width=586
- style='width:439.45pt;margin-left:5.65pt;border-collapse:collapse;border:none'>
- <tr>
-  <td width=118 style='width:88.6pt;border-top:1.5pt;border-left:1.5pt;
-  border-bottom:1.0pt;border-right:1.0pt;border-color:windowtext;border-style:
-  solid;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal><b>Function</b></p>
-  </td>
-  <td width=117 style='width:87.55pt;border-top:solid windowtext 1.5pt;
-  border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal><b>Key type</b></p>
-  </td>
-  <td width=107 style='width:80.45pt;border-top:solid windowtext 1.5pt;
-  border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal><b>Data length</b></p>
-  </td>
-  <td width=244 style='width:182.85pt;border-top:solid windowtext 1.5pt;
-  border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal><b>Signature length</b></p>
-  </td>
- </tr>
- <tr>
-  <td width=118 valign=top style='width:88.6pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.0pt;border-right:
-  solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>C_Sign</p>
-  </td>
-  <td width=117 valign=top style='width:87.55pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>CKK_GOST28147</p>
-  </td>
-  <td width=107 style='width:80.45pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=center style='text-align:center'>Any</p>
-  </td>
-  <td width=244 style='width:182.85pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=center style='text-align:center'>4 bytes</p>
-  </td>
- </tr>
- <tr>
-  <td width=118 valign=top style='width:88.6pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.5pt;border-right:
-  solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>C_Verify</p>
-  </td>
-  <td width=117 valign=top style='width:87.55pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.5pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>CKK_GOST28147</p>
-  </td>
-  <td width=107 style='width:80.45pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.5pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=center style='text-align:center'>Any</p>
-  </td>
-  <td width=244 style='width:182.85pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.5pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=center style='text-align:center'>4 bytes</p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO </b>structure are not used.<br>
-<br>
-</p>
-
-<p class=MsoNormal><b>GOST 28147-89 keys wrapping/unwrapping with GOST 28147-89</b></p>
-
-<p class=MsoNormal>GOST&nbsp;28147&#8209;89 keys as a KEK (key encryption keys)
-for encryption GOST&nbsp;28147&#8209;89 keys, denoted by <b>CKM_GOST28147_KEY_WRAP</b>,
-is a mechanism for key wrapping; and key unwrapping, based on GOST&nbsp;28147&#8209;89.
-Its purpose is to encrypt and decrypt keys have been generated by key
-generation mechanism for GOST&nbsp;28147&#8209;89.</p>
-
-<p class=MsoNormal>For wrapping (<b>C_WrapKey</b>), the mechanism first
-computes MAC from the value of the <b>CKA_VALUE </b>attribute of the key that
-is wrapped and then encrypts in ECB mode the value of the <b>CKA_VALUE </b>attribute
-of the key that is wrapped. The result is 32 bytes of the key that is wrapped
-and 4 bytes of MAC.</p>
-
-<p class=MsoNormal>For unwrapping (<b>C_UnwrapKey</b>), the mechanism first
-decrypts in ECB mode the 32 bytes of the key that was wrapped and then computes
-MAC from the unwrapped key. Then compared together 4 bytes MAC has computed and
-4 bytes MAC of the input. If these two MACs do not match the wrapped key is
-disallowed. The mechanism contributes the result as the <b>CKA_VALUE </b>attribute
-of the unwrapped key.</p>
-
-<p class=MsoNormal>It has a parameter, which is an 8-byte MAC initialization
-vector. This parameter may be omitted then a zero initialization vector is
-used.</p>
-
-<p class=MsoNormal>Constraints on key types and the length of data are
-summarized in the following table:</p>
-
-<p class=MsoNormal><i><span style='font-size:9.0pt'>Table </span></i><i><span style='font-size:9.0pt'>144</span></i><i><span style='font-size:9.0pt'>, GOST
-28147-89 keys as KEK: Key and Data Length </span></i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0 width=586
- style='width:439.45pt;margin-left:5.65pt;border-collapse:collapse;border:none'>
- <tr>
-  <td width=118 style='width:88.6pt;border-top:1.5pt;border-left:1.5pt;
-  border-bottom:1.0pt;border-right:1.0pt;border-color:windowtext;border-style:
-  solid;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal><b>Function</b></p>
-  </td>
-  <td width=117 style='width:87.55pt;border-top:solid windowtext 1.5pt;
-  border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal><b>Key type</b></p>
-  </td>
-  <td width=107 style='width:80.45pt;border-top:solid windowtext 1.5pt;
-  border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal><b>Input length</b></p>
-  </td>
-  <td width=244 style='width:182.85pt;border-top:solid windowtext 1.5pt;
-  border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal><b>Output length</b></p>
-  </td>
- </tr>
- <tr>
-  <td width=118 valign=top style='width:88.6pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.0pt;border-right:
-  solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>C_WrapKey</p>
-  </td>
-  <td width=117 valign=top style='width:87.55pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>CKK_GOST28147</p>
-  </td>
-  <td width=107 style='width:80.45pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=center style='text-align:center'>32 bytes</p>
-  </td>
-  <td width=244 style='width:182.85pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=center style='text-align:center'>36 bytes</p>
-  </td>
- </tr>
- <tr>
-  <td width=118 valign=top style='width:88.6pt;border-top:none;border-left:
-  solid windowtext 1.5pt;border-bottom:solid windowtext 1.5pt;border-right:
-  solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>C_UnwrapKey</p>
-  </td>
-  <td width=117 valign=top style='width:87.55pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.5pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>CKK_GOST28147</p>
-  </td>
-  <td width=107 style='width:80.45pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.5pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=center style='text-align:center'>32 bytes</p>
-  </td>
-  <td width=244 style='width:182.85pt;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.5pt;border-right:solid windowtext 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=center style='text-align:center'>36 bytes</p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO </b>structure are not used.<br>
-<br>
-</p>
-
-<p class=MsoNormal><b>GOST R 34.11-94 </b></p>
-
-<p class=MsoNormal>GOST R 34.11-94 is a mechanism for message digesting,
-following the hash algorithm with 256-bit message digest defined in [GOST R
-34.11-94].</p>
-
-<h3><a name="_Toc441850716"></a><a name="_Toc441162638"></a><a
-name="_Toc416960279"></a><a name="_Toc437440809"></a><a name="_Toc395188033"></a><a
-name="_Toc391471395"></a><a name="_Toc370634682"></a><a name="_Toc228807456"></a><a
-name="_Toc228894902">2.44.8 Definitions</a> </h3>
-
-<p class=MsoNormal>This section defines the key type “CKK_GOSTR3411” for type
-CK_KEY_TYPE as used in the CKA_KEY_TYPE attribute of domain parameter objects.</p>
-
-<p class=MsoNormal>Mechanisms:</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_GOSTR3411</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_GOSTR3411_HMAC</p>
-
-<h3><a name="_Toc441850717"></a><a name="_Toc441162639"></a><a
-name="_Toc416960280"></a><a name="_Toc437440810"></a><a name="_Toc395188034"></a><a
-name="_Toc391471396"></a><a name="_Toc370634683"></a><a name="_Toc228807457"></a><a
-name="_Toc228894903">2.44.9 GOST R 34.11-94 domain parameter objects</a></h3>
-
-<p class=MsoNormal>GOST&nbsp;R&nbsp;34.11-94 domain parameter objects (object
-class <b>CKO_DOMAIN_PARAMETERS, </b>key type <b>CKK_GOSTR3411</b>) hold GOST R
-34.11-94 domain parameters.  </p>
-
-<p class=MsoNormal>The following table defines the GOST R 34.11-94 domain
-parameter object attributes, in addition to the common attributes defined for
-this object class:</p>
-
-<p class=MsoCaption>Table 145, GOST R 34.11-94 Domain Parameter Object
-Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=168 valign=top style='width:1.75in;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Attribute</span></b></p>
-   </td>
-   <td width=120 valign=top style='width:1.25in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Data Type</span></b></p>
-   </td>
-   <td width=300 valign=top style='width:225.0pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=168 valign=top style='width:1.75in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_VALUE<sup>1</sup></span></p>
-  </td>
-  <td width=120 valign=top style='width:1.25in;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Byte array</span></p>
-  </td>
-  <td width=300 valign=top style='width:225.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>DER-encoding of the domain parameters as it
-  was introduced in [4] section 8.2 (type <i>GostR3411-94-ParamSetParameters</i>)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=168 valign=top style='width:1.75in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_OBJECT_ID<sup>1</sup></span></p>
-  </td>
-  <td width=120 valign=top style='width:1.25in;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Byte array</span></p>
-  </td>
-  <td width=300 valign=top style='width:225.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>DER-encoding of the object identifier
-  indicating the domain parameters </span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal style='page-break-after:avoid'><span
-class=MsoFootnoteReference>Refer to [PKCS #11-Base]  Table 10 for footnotes</span></p>
-
-<p class=MsoNormal>For any particular token, there is no guarantee that a token
-supports domain parameters loading up and/or fetching out. Furthermore,
-applications, that make direct use of domain parameters objects, should take in
-account that <b>CKA_VALUE</b> attribute may be inaccessible.</p>
-
-<p class=MsoNormal>The following is a sample template for creating a GOST R
-34.11-94 domain parameter object:</p>
-
-<p class=CCode><span style='font-size:10.0pt'>CK_OBJECT_CLASS class =
-CKO_DOMAIN_PARAMETERS;</span></p>
-
-<p class=CCode><span style='font-size:10.0pt'>CK_KEY_TYPE keyType =
-CKK_GOSTR3411;</span></p>
-
-<p class=CCode><span style='font-size:10.0pt'>CK_UTF8CHAR label[] = “A GOST
-R34.11-94 cryptographic parameters object”;</span></p>
-
-<p class=CCode><span style='font-size:10.0pt'>CK_BYTE oid[] = {0x06, 0x07,
-0x2a, 0x85, 0x03, 0x02, 0x02, 0x1e, 0x00};</span></p>
-
-<p class=CCode><span style='font-size:10.0pt'>CK_BYTE value[] = {</span></p>
-
-<p class=CCode><span style='font-size:10.0pt'>    </span><span lang=IT
-style='font-size:10.0pt'>0x30,0x64,0x04,0x40,0x4e,0x57,0x64,0xd1,0xab,0x8d,0xcb,0xbf,0x94,0x1a,0x7a,</span></p>
-
-<p class=CCode><span lang=IT style='font-size:10.0pt'>    0x4d,0x2c,0xd1,0x10,0x10,0xd6,0xa0,0x57,0x35,0x8d,0x38,0xf2,0xf7,0x0f,0x49,</span></p>
-
-<p class=CCode><span lang=IT style='font-size:10.0pt'>    0xd1,0x5a,0xea,0x2f,0x8d,0x94,0x62,0xee,0x43,0x09,0xb3,0xf4,0xa6,0xa2,0x18,</span></p>
-
-<p class=CCode><span lang=IT style='font-size:10.0pt'>    0xc6,0x98,0xe3,0xc1,0x7c,0xe5,0x7e,0x70,0x6b,0x09,0x66,0xf7,0x02,0x3c,0x8b,</span></p>
-
-<p class=CCode><span lang=IT style='font-size:10.0pt'>    0x55,0x95,0xbf,0x28,0x39,0xb3,0x2e,0xcc,0x04,0x20,0x00,0x00,0x00,0x00,0x00,</span></p>
-
-<p class=CCode><span lang=IT style='font-size:10.0pt'>    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,</span></p>
-
-<p class=CCode><span lang=IT style='font-size:10.0pt'>    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00</span></p>
-
-<p class=CCode><span style='font-size:10.0pt'>};</span></p>
-
-<p class=CCode><span style='font-size:10.0pt'>CK_BBOOL true = CK_TRUE;</span></p>
-
-<p class=CCode><span style='font-size:10.0pt'>CK_ATTRIBUTE template[] = {</span></p>
-
-<p class=CCode><span style='font-size:10.0pt'>    {CKA_CLASS, &amp;class,
-sizeof(class)},</span></p>
-
-<p class=CCode><span style='font-size:10.0pt'>    {CKA_KEY_TYPE, &amp;keyType,
-sizeof(keyType)},</span></p>
-
-<p class=CCode><span style='font-size:10.0pt'>    {CKA_TOKEN, &amp;true,
-sizeof(true)},</span></p>
-
-<p class=CCode><span style='font-size:10.0pt'>    {CKA_LABEL, label,
-sizeof(label)-1},</span></p>
-
-<p class=CCode><span style='font-size:10.0pt'>    {CKA_OBJECT_ID, oid,
-sizeof(oid)},</span></p>
-
-<p class=CCode><span style='font-size:10.0pt'>    {CKA_VALUE, value,
-sizeof(value)}</span></p>
-
-<p class=CCode><span style='font-size:10.0pt'>};</span></p>
-
-<h3><a name="_Toc441850718"></a><a name="_Toc441162640"></a><a
-name="_Toc416960281"></a><a name="_Toc437440811"></a><a name="_Toc395188035"></a><a
-name="_Toc391471397"></a><a name="_Toc370634684"></a><a name="_Toc228807458"></a><a
-name="_Toc228894904">2.44.10 GOST R 34.11-94 digest</a></h3>
-
-<p class=MsoNormal>GOST R 34.11-94 digest, denoted <b>CKM_GOSTR3411,</b> is a
-mechanism for message digesting based on GOST R 34.11-94 hash algorithm [GOST R
-34.11-94].</p>
-
-<p class=MsoNormal>As a parameter this mechanism utilizes a DER-encoding of the
-object identifier. A mechanism parameter may be missed then parameters of the
-object identifier <i>id-GostR3411-94-CryptoProParamSet</i> [RFC 4357] (section
-11.2) must be used.</p>
-
-<p class=MsoNormal>Constraints on the length of input and output data are
-summarized in the following table.  For single-part digesting, the data and the
-digest may begin at the same location in memory.</p>
-
-<p class=MsoCaption><a name="_Toc76209910">Table </a>146, GOST R 34.11-94: Data
-Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=76 valign=top style='width:57.3pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=99 valign=top style='width:74.55pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=105 valign=top style='width:79.05pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Digest length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=76 valign=top style='width:57.3pt;border-top:1.0pt;border-left:
-  1.5pt;border-bottom:1.5pt;border-right:1.0pt;border-color:black;border-style:
-  solid;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Digest</span></p>
-  </td>
-  <td width=99 valign=top style='width:74.55pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Any</span></p>
-  </td>
-  <td width=105 valign=top style='width:79.05pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  lang=RU style='font-size:10.0pt;font-family:"Arial",sans-serif'>32 </span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>bytes</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO </b>structure are not used.</p>
-
-<h3><a name="_Toc441850719"></a><a name="_Toc441162641"></a><a
-name="_Toc416960282"></a><a name="_Toc437440812"></a><a name="_Toc395188036"></a><a
-name="_Toc391471398"></a><a name="_Toc370634685"></a><a name="_Toc228807459"></a><a
-name="_Toc228894905">2.44.11 GOST R 34.11-94 HMAC</a></h3>
-
-<p class=MsoNormal>GOST R 34.11-94 HMAC mechanism, denoted <b>CKM_GOSTR3411_HMAC</b>,
-is a mechanism for signatures and verification.  It uses the HMAC construction,
-based on the GOST R 34.11-94 hash function [GOST R 34.11-94] and core HMAC
-algorithm [RFC 2104]. The keys it uses are of generic key type <b>CKK_GENERIC_SECRET</b>
-or <b>CKK_GOST28147</b>.</p>
-
-<p class=MsoNormal>To be conformed to GOST R 34.11-94 hash algorithm [GOST R
-34.11-94] the block length of core HMAC algorithm is 32 bytes long (see [RFC
-2104] section 2, and [RFC 4357] section 3).</p>
-
-<p class=MsoNormal>As a parameter this mechanism utilizes a DER-encoding of the
-object identifier. A mechanism parameter may be missed then parameters of the
-object identifier <i>id-GostR3411-94-CryptoProParamSet</i> [RFC 4357] (section
-11.2) must be used.</p>
-
-<p class=MsoNormal>Signatures (MACs) produced by this mechanism are of 32 bytes
-long.</p>
-
-<p class=MsoNormal>Constraints on the length of input and output data are
-summarized in the following table:</p>
-
-<p class=MsoCaption><a name="_Toc76209911">Table </a>147, GOST R 34.11-94 HMAC:
-Key And Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=84 valign=top style='width:63.0pt;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=204 valign=top style='width:153.0pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=108 valign=top style='width:81.0pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Data length</span></b></p>
-   </td>
-   <td width=132 valign=top style='width:99.0pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:none;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Signature length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=84 valign=top style='width:63.0pt;border:solid black 1.0pt;
-  border-left:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Sign</span></p>
-  </td>
-  <td width=204 style='width:153.0pt;border:solid black 1.0pt;border-left:none;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKK_GENERIC_SECRET or CKK_GOST28147</span></p>
-  </td>
-  <td width=108 valign=top style='width:81.0pt;border:solid black 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Any</span></p>
-  </td>
-  <td width=132 valign=top style='width:99.0pt;border-top:solid black 1.0pt;
-  border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  lang=RU style='font-size:10.0pt;font-family:"Arial",sans-serif'>32 </span><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>byte</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=84 valign=top style='width:63.0pt;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Verify</span></p>
-  </td>
-  <td width=204 style='width:153.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKK_GENERIC_SECRET or CKK_GOST28147</span></p>
-  </td>
-  <td width=108 valign=top style='width:81.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Any</span></p>
-  </td>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>32 bytes</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO </b>structure are not used.</p>
-
-<h2><a name="_Toc441850720"></a><a name="_Toc441162642"></a><a
-name="_Toc416960283"></a><a name="_Toc437440813"></a><a name="_Toc395188037"></a><a
-name="_Toc391471399"></a><a name="_Toc370634686"></a><a name="_Toc228807460"></a><a
-name="_Toc228894906">2.45 GOST R 34.10-2001</a></h2>
-
-<p class=MsoNormal>GOST R 34.10-2001 is a mechanism for single- and
-multiple-part signatures and verification, following the digital signature
-algorithm defined in [GOST R 34.10-2001].</p>
-
-<h3><a name="_Toc441850721"></a><a name="_Toc441162643"></a><a
-name="_Toc416960284"></a><a name="_Toc437440814"></a><a name="_Toc395188038"></a><a
-name="_Toc391471400"></a><a name="_Toc370634687"></a><a name="_Toc228807461"></a><a
-name="_Toc228894907">2.45.1 Definitions</a> </h3>
-
-<p class=MsoNormal>This section defines the key type “CKK_GOSTR3410” for type
-CK_KEY_TYPE as used in the CKA_KEY_TYPE attribute of key objects and domain
-parameter objects.</p>
-
-<p class=MsoNormal>Mechanisms:</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_GOSTR3410_KEY_PAIR_GEN</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_GOSTR3410</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_GOSTR3410_WITH_GOSTR3411</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_GOSTR3410</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_GOSTR3410_KEY_WRAP</p>
-
-<p class=MsoNormal style='margin-left:.5in'>CKM_GOSTR3410_DERIVE</p>
-
-<h3><a name="_Toc441850722"></a><a name="_Toc441162644"></a><a
-name="_Toc416960285"></a><a name="_Toc437440815"></a><a name="_Toc395188039"></a><a
-name="_Toc391471401"></a><a name="_Toc370634688"></a><a name="_Toc228807462"></a><a
-name="_Toc228894908">2.45.2 GOST R 34.10-2001 public key objects</a></h3>
-
-<p class=MsoNormal>GOST&nbsp;R&nbsp;34.10-2001 public key objects (object class
-<b>CKO_PUBLIC_KEY, </b>key type <b>CKK_GOSTR3410</b>) hold GOST R 34.10-2001
-public keys.</p>
-
-<p class=MsoNormal>The following table defines the GOST R 34.10-2001 public key
-object attributes, in addition to the common attributes defined for this object
-class:</p>
-
-<p class=MsoCaption>Table 148, GOST R 34.10-2001 Public Key Object Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=228 valign=top style='width:171.0pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Attribute</span></b></p>
-   </td>
-   <td width=84 valign=top style='width:63.0pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Data Type</span></b></p>
-   </td>
-   <td width=264 valign=top style='width:2.75in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=228 valign=top style='width:171.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_VALUE<sup>1,4</sup></span></p>
-  </td>
-  <td width=84 valign=top style='width:63.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Byte array</span></p>
-  </td>
-  <td width=264 valign=top style='width:2.75in;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>64 bytes for public key; 32 bytes for each
-  coordinates X and Y of elliptic curve point P(X,&nbsp;Y) in little endian
-  order</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=228 valign=top style='width:171.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_GOSTR3410_PARAMS<sup>1,3</sup></span></p>
-  </td>
-  <td width=84 valign=top style='width:63.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Byte array</span></p>
-  </td>
-  <td width=264 valign=top style='width:2.75in;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>DER-encoding of the object identifier indicating the data
-  object type of GOST R 34.10-2001. </p>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>When key is used the domain parameter object
-  of key type CKK_GOSTR3410 must be specified with the same attribute
-  CKA_OBJECT_ID</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=228 valign=top style='width:171.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_GOSTR3411_PARAMS<sup>1,3,8</sup></span></p>
-  </td>
-  <td width=84 valign=top style='width:63.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Byte array</span></p>
-  </td>
-  <td width=264 valign=top style='width:2.75in;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>DER-encoding of the object identifier indicating the data
-  object type of GOST R 34.11-94. </p>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>When key is used the domain parameter object
-  of key type CKK_GOSTR3411 must be specified with the same attribute
-  CKA_OBJECT_ID</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=228 valign=top style='width:171.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_GOST28147_PARAMS<sup>8</sup></span></p>
-  </td>
-  <td width=84 valign=top style='width:63.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Byte array</span></p>
-  </td>
-  <td width=264 valign=top style='width:2.75in;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>DER-encoding of the object identifier indicating the data
-  object type of GOST&nbsp;28147&#8209;89.</p>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>When key is used the domain parameter object
-  of key type CKK_GOST28147 must be specified with the same attribute
-  CKA_OBJECT_ID. The attribute value may be omitted</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal style='page-break-after:avoid'><span
-class=MsoFootnoteReference>Refer to [PKCS #11-Base]  Table 10 for footnotes</span></p>
-
-<p class=MsoNormal>The following is a sample template for creating an GOST R
-34.10-2001 public key object:</p>
-
-<p class=CCode>CK_OBJECT_CLASS class = CKO_PUBLIC_KEY;</p>
-
-<p class=CCode>CK_KEY_TYPE keyType = CKK_GOSTR3410;</p>
-
-<p class=CCode>CK_UTF8CHAR label[] = “A GOST R34.10-2001 public key object”;</p>
-
-<p class=CCode>CK_BYTE gostR3410params_oid[] = </p>
-
-<p class=CCode>   {0x06, 0x07, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x23, 0x00};</p>
-
-<p class=CCode>CK_BYTE gostR3411params_oid[] = </p>
-
-<p class=CCode>   {0x06, 0x07, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x1e, 0x00};</p>
-
-<p class=CCode>CK_BYTE gost28147params_oid[] = </p>
-
-<p class=CCode>   {0x06, 0x07, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x1f, 0x00};</p>
-
-<p class=CCode>CK_BYTE value[64] = {...};</p>
-
-<p class=CCode>CK_BBOOL true = CK_TRUE;</p>
-
-<p class=CCode>CK_ATTRIBUTE template[] = {</p>
-
-<p class=CCode>    {CKA_CLASS, &amp;class, sizeof(class)},</p>
-
-<p class=CCode>    {CKA_KEY_TYPE, &amp;keyType, sizeof(keyType)},</p>
-
-<p class=CCode>    {CKA_TOKEN, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>    {CKA_LABEL, label, sizeof(label)-1},</p>
-
-<p class=CCode>    {CKA_GOSTR3410_PARAMS, gostR3410params_oid,
-sizeof(gostR3410params_oid)},</p>
-
-<p class=CCode>    {CKA_GOSTR3411_PARAMS, gostR3411params_oid,
-sizeof(gostR3411params_oid)},</p>
-
-<p class=CCode>    {CKA_GOST28147_PARAMS, gost28147params_oid, sizeof(gost28147params_oid)},</p>
-
-<p class=CCode>    {CKA_VALUE, value, sizeof(value)}</p>
-
-<p class=CCode>};</p>
-
-<h3><a name="_Toc441850723"></a><a name="_Toc441162645"></a><a
-name="_Toc416960286"></a><a name="_Toc437440816"></a><a name="_Toc395188040"></a><a
-name="_Toc391471402"></a><a name="_Toc370634689"></a><a name="_Toc228807463"></a><a
-name="_Toc228894909">2.45.3 GOST R 34.10-2001 private key objects</a></h3>
-
-<p class=MsoNormal>GOST&nbsp;R&nbsp;34.10-2001 private key objects (object
-class <b>CKO_PRIVATE_KEY, </b>key type <b>CKK_GOSTR3410</b>) hold GOST R
-34.10-2001 private keys.</p>
-
-<p class=MsoNormal>The following table defines the GOST R 34.10-2001 private
-key object attributes, in addition to the common attributes defined for this
-object class:</p>
-
-<p class=MsoNormal><i>Table </i><i><span
-style='font-size:9.0pt'>149</span></i><i>, GOST R 34.10-2001 Private Key Object
-Attributes</i></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=240 valign=top style='width:2.5in;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Attribute</span></b></p>
-   </td>
-   <td width=84 valign=top style='width:63.0pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Data Type</span></b></p>
-   </td>
-   <td width=252 valign=top style='width:189.0pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=240 valign=top style='width:2.5in;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_VALUE<sup>1,4,6,7</sup></span></p>
-  </td>
-  <td width=84 valign=top style='width:63.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Byte array</span></p>
-  </td>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>32 bytes for private key in little endian
-  order</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=240 valign=top style='width:2.5in;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_GOSTR3410_PARAMS<sup>1,4,6</sup></span></p>
-  </td>
-  <td width=84 valign=top style='width:63.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Byte array</span></p>
-  </td>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>DER-encoding of the object identifier indicating the data
-  object type of GOST R 34.10-2001.</p>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>When key is used the domain parameter object
-  of key type CKK_GOSTR3410 must be specified with the same attribute
-  CKA_OBJECT_ID </span></p>
-  </td>
- </tr>
- <tr>
-  <td width=240 valign=top style='width:2.5in;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_GOSTR3411_PARAMS<sup>1,4,6,8</sup></span></p>
-  </td>
-  <td width=84 valign=top style='width:63.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Byte array</span></p>
-  </td>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>DER-encoding of the object identifier indicating the data
-  object type of GOST R 34.11-94.</p>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>When key is used the domain parameter object
-  of key type CKK_GOSTR3411 must be specified with the same attribute
-  CKA_OBJECT_ID</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=240 valign=top style='width:2.5in;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_GOST28147_PARAMS4<sup>4,6,8</sup></span></p>
-  </td>
-  <td width=84 valign=top style='width:63.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Byte array</span></p>
-  </td>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>DER-encoding of the object identifier indicating the data
-  object type of GOST&nbsp;28147&#8209;89.</p>
-  <p class=MsoNormal>When key is used the domain parameter object of key type
-  CKK_GOST28147 must be specified with the same attribute CKA_OBJECT_ID. The
-  attribute value may be omitted</p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal style='page-break-after:avoid'><span
-class=MsoFootnoteReference>Refer to [PKCS #11-Base]  Table 10 for footnotes</span></p>
-
-<p class=MsoNormal>Note that when generating an GOST&nbsp;R&nbsp;34.10-2001
-private key, the GOST&nbsp;R&nbsp;34.10-2001 domain parameters are <i>not</i>
-specified in the key’s template.  This is because GOST&nbsp;R&nbsp;34.10-2001
-private keys are only generated as part of an GOST&nbsp;R&nbsp;34.10-2001 key <i>pair</i>,
-and the GOST&nbsp;R&nbsp;34.10-2001 domain parameters for the pair are
-specified in the template for the GOST&nbsp;R&nbsp;34.10-2001 public key.</p>
-
-<p class=MsoNormal>The following is a sample template for creating an GOST R
-34.10-2001 private key object:</p>
-
-<p class=CCode>CK_OBJECT_CLASS class = CKO_PRIVATE_KEY;</p>
-
-<p class=CCode>CK_KEY_TYPE keyType = CKK_GOSTR3410;</p>
-
-<p class=CCode>CK_UTF8CHAR label[] = “A GOST R34.10-2001 private key object”;</p>
-
-<p class=CCode>CK_BYTE subject[] = {...};</p>
-
-<p class=CCode>CK_BYTE id[] = {123};</p>
-
-<p class=CCode>CK_BYTE gostR3410params_oid[] = </p>
-
-<p class=CCode>   {0x06, 0x07, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x23, 0x00};</p>
-
-<p class=CCode>CK_BYTE gostR3411params_oid[] = </p>
-
-<p class=CCode>   {0x06, 0x07, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x1e, 0x00};</p>
-
-<p class=CCode>CK_BYTE gost28147params_oid[] = </p>
-
-<p class=CCode>   {0x06, 0x07, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x1f, 0x00};</p>
-
-<p class=CCode>CK_BYTE value[32] = {...};</p>
-
-<p class=CCode>CK_BBOOL true = CK_TRUE;</p>
-
-<p class=CCode>CK_ATTRIBUTE template[] = {</p>
-
-<p class=CCode>    {CKA_CLASS, &amp;class, sizeof(class)},</p>
-
-<p class=CCode>    {CKA_KEY_TYPE, &amp;keyType, sizeof(keyType)},</p>
-
-<p class=CCode>    {CKA_TOKEN, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>    {CKA_LABEL, label, sizeof(label)-1},</p>
-
-<p class=CCode>    {CKA_SUBJECT, subject, sizeof(subject)},</p>
-
-<p class=CCode>    {CKA_ID, id, sizeof(id)},</p>
-
-<p class=CCode>    {CKA_SENSITIVE, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>    {CKA_SIGN, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>    {CKA_GOSTR3410_PARAMS, gostR3410params_oid,
-sizeof(gostR3410params_oid)},</p>
-
-<p class=CCode>    {CKA_GOSTR3411_PARAMS, gostR3411params_oid,
-sizeof(gostR3411params_oid)},</p>
-
-<p class=CCode>    {CKA_GOST28147_PARAMS, gost28147params_oid,
-sizeof(gost28147params_oid)},</p>
-
-<p class=CCode>    {CKA_VALUE, value, sizeof(value)}</p>
-
-<p class=CCode>};</p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<h3><a name="_Toc441850724"></a><a name="_Toc441162646"></a><a
-name="_Toc416960287"></a><a name="_Toc437440817"></a><a name="_Toc395188041"></a><a
-name="_Toc391471403"></a><a name="_Toc370634690"></a><a name="_Toc228807464"></a><a
-name="_Toc228894910">2.45.4 GOST R 34.10-2001 domain parameter objects</a></h3>
-
-<p class=MsoNormal>GOST&nbsp;R&nbsp;34.10-2001 domain parameter objects (object
-class <b>CKO_DOMAIN_PARAMETERS, </b>key type <b>CKK_GOSTR3410</b>) hold
-GOST&nbsp;R&nbsp;34.10&#8209;2001 domain parameters.</p>
-
-<p class=MsoNormal>The following table defines the GOST R 34.10-2001 domain
-parameter object attributes, in addition to the common attributes defined for
-this object class:</p>
-
-<p class=MsoCaption>Table 150, GOST R 34.10-2001 Domain Parameter Object
-Attributes</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=168 valign=top style='width:1.75in;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Attribute</span></b></p>
-   </td>
-   <td width=120 valign=top style='width:1.25in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Data Type</span></b></p>
-   </td>
-   <td width=300 valign=top style='width:225.0pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Meaning</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=168 valign=top style='width:1.75in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_VALUE<sup>1</sup></span></p>
-  </td>
-  <td width=120 valign=top style='width:1.25in;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Byte array</span></p>
-  </td>
-  <td width=300 valign=top style='width:225.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>DER-encoding of the domain parameters as it
-  was introduced in [4] section 8.4 (type <i>GostR3410-2001-ParamSetParameters</i>)</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=168 valign=top style='width:1.75in;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKA_OBJECT_ID<sup>1</sup></span></p>
-  </td>
-  <td width=120 valign=top style='width:1.25in;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Byte array</span></p>
-  </td>
-  <td width=300 valign=top style='width:225.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>DER-encoding of the object identifier
-  indicating the domain parameters </span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal style='page-break-after:avoid'><span
-class=MsoFootnoteReference>Refer to [PKCS #11-Base]  Table 10 for footnotes</span></p>
-
-<p class=MsoNormal>For any particular token, there is no guarantee that a token
-supports domain parameters loading up and/or fetching out. Furthermore,
-applications, that make direct use of domain parameters objects, should take in
-account that <b>CKA_VALUE</b> attribute may be inaccessible.</p>
-
-<p class=MsoNormal>The following is a sample template for creating a GOST R
-34.10-2001 domain parameter object:</p>
-
-<p class=CCode>CK_OBJECT_CLASS class = CKO_DOMAIN_PARAMETERS;</p>
-
-<p class=CCode>CK_KEY_TYPE keyType = CKK_GOSTR3410;</p>
-
-<p class=CCode>CK_UTF8CHAR label[] = “A GOST R34.10-2001 cryptographic
-parameters object”;</p>
-
-<p class=CCode>CK_BYTE oid[] = </p>
-
-<p class=CCode>   {0x06, 0x07, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x23, 0x00};</p>
-
-<p class=CCode>CK_BYTE value[] = {</p>
-
-<p class=CCode>   0x30,0x81,0x90,0x02,0x01,0x07,0x02,0x20,0x5f,0xbf,0xf4,0x98,</p>
-
-<p class=CCode>   0xaa,0x93,0x8c,0xe7,0x39,0xb8,0xe0,0x22,0xfb,0xaf,0xef,0x40,</p>
-
-<p class=CCode>   <span lang=IT>0x56,0x3f,0x6e,0x6a,0x34,0x72,0xfc,0x2a,0x51,0x4c,0x0c,0xe9,</span></p>
-
-<p class=CCode><span lang=IT>   0xda,0xe2,0x3b,0x7e,0x02,0x21,0x00,0x80,0x00,0x00,0x00,0x00,</span></p>
-
-<p class=CCode><span lang=IT>   0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,</span></p>
-
-<p class=CCode><span lang=IT>   0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,</span></p>
-
-<p class=CCode><span lang=IT>   0x00,0x04,0x31,0x02,0x21,0x00,0x80,0x00,0x00,0x00,0x00,0x00,</span></p>
-
-<p class=CCode><span lang=IT>   </span>0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x50,0xfe,</p>
-
-<p class=CCode>   0x8a,0x18,0x92,0x97,0x61,0x54,0xc5,0x9c,0xfc,0x19,0x3a,0xcc,</p>
-
-<p class=CCode>   <span lang=FR-CH>0xf5,0xb3,0x02,0x01,0x02,0x02,0x20,0x08,0xe2,0xa8,0xa0,0xe6,</span></p>
-
-<p class=CCode><span lang=FR-CH>   </span><span lang=IT>0x51,0x47,0xd4,0xbd,0x63,0x16,0x03,0x0e,0x16,0xd1,0x9c,0x85,</span></p>
-
-<p class=CCode><span lang=IT>   0xc9,0x7f,0x0a,0x9c,0xa2,0x67,0x12,0x2b,0x96,0xab,0xbc,0xea,</span></p>
-
-<p class=CCode><span lang=IT>   0x7e,0x8f,0xc8</span></p>
-
-<p class=CCode>};</p>
-
-<p class=CCode>CK_BBOOL true = CK_TRUE;</p>
-
-<p class=CCode>CK_ATTRIBUTE template[] = {</p>
-
-<p class=CCode>    {CKA_CLASS, &amp;class, sizeof(class)},</p>
-
-<p class=CCode>    {CKA_KEY_TYPE, &amp;keyType, sizeof(keyType)},</p>
-
-<p class=CCode>    {CKA_TOKEN, &amp;true, sizeof(true)},</p>
-
-<p class=CCode>    {CKA_LABEL, label, sizeof(label)-1},</p>
-
-<p class=CCode>    {CKA_OBJECT_ID, oid, sizeof(oid)},</p>
-
-<p class=CCode>    {CKA_VALUE, value, sizeof(value)}</p>
-
-<p class=CCode>};</p>
-
-<p class=CCode>&nbsp;</p>
-
-<h3><a name="_Toc441850725"></a><a name="_Toc441162647"></a><a
-name="_Toc416960288"></a><a name="_Toc437440818"></a><a name="_Toc395188042"></a><a
-name="_Toc391471404"></a><a name="_Toc370634691"></a><a name="_Ref231378651"></a><a
-name="_Toc228807465"></a><a name="_Toc228894911">2.45.5 GOST R 34.10-2001
-mechanism parameters</a> </h3>
-
-<p class=MsoNormal>&#9830;  <b><span style='font-size:12.0pt'>CK_GOSTR3410_KEY_WRAP_PARAMS</span></b></p>
-
-<p class=MsoNormal><b>CK_GOSTR3410_KEY_WRAP_PARAMS </b>is a structure that
-provides the parameters to the<b> CKM_GOSTR3410_KEY_WRAP </b>mechanism. </p>
-
-<p class=MsoNormal>It is defined as follows:</p>
-
-<p class=CCode>typedef struct CK_GOSTR3410_KEY_WRAP_PARAMS {</p>
-
-<p class=CCode>        CK_BYTE_PTR      pWrapOID;</p>
-
-<p class=CCode>        CK_ULONG         ulWrapOIDLen;</p>
-
-<p class=CCode>        CK_BYTE_PTR      pUKM;</p>
-
-<p class=CCode>        CK_ULONG         ulUKMLen;</p>
-
-<p class=CCode>        CK_OBJECT_HANDLE hKey;</p>
-
-<p class=CCode>} CK_GOSTR3410_KEY_WRAP_PARAMS;</p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<p class=MsoNormal>The fields of the structure have the following meanings:</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0 width=586
- style='width:439.45pt;margin-left:5.65pt;border-collapse:collapse;border:none'>
- <tr>
-  <td width=217 valign=top style='width:162.8pt;border:solid white 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=right style='text-align:right'><i>pWrapOID</i></p>
-  </td>
-  <td width=19 valign=top style='width:14.15pt;border:solid white 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=right style='text-align:right'>&nbsp;</p>
-  </td>
-  <td width=350 valign=top style='width:262.5pt;border:solid white 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>pointer to a data with DER-encoding of the object
-  identifier indicating the data object type of GOST&nbsp;28147&#8209;89. If
-  pointer takes NULL_PTR value in C_WrapKey operation then parameters are
-  specified in object identifier of attribute CKA_GOSTR3411_PARAMS must be
-  used. For C_UnwrapKey operation the pointer is not used and must take
-  NULL_PTR value anytime</p>
-  </td>
- </tr>
- <tr>
-  <td width=217 valign=top style='width:162.8pt;border:solid white 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=right style='text-align:right'><i>ulWrapOIDLen</i></p>
-  </td>
-  <td width=19 valign=top style='width:14.15pt;border-top:none;border-left:
-  none;border-bottom:solid white 1.0pt;border-right:solid white 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=right style='text-align:right'>&nbsp;</p>
-  </td>
-  <td width=350 valign=top style='width:262.5pt;border-top:none;border-left:
-  none;border-bottom:solid white 1.0pt;border-right:solid white 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>length of data with DER-encoding of the object identifier
-  indicating the data object type of GOST&nbsp;28147&#8209;89</p>
-  </td>
- </tr>
- <tr>
-  <td width=217 valign=top style='width:162.8pt;border:solid white 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=right style='text-align:right'><i>pUKM</i></p>
-  </td>
-  <td width=19 valign=top style='width:14.15pt;border-top:none;border-left:
-  none;border-bottom:solid white 1.0pt;border-right:solid white 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=right style='text-align:right'>&nbsp;</p>
-  </td>
-  <td width=350 valign=top style='width:262.5pt;border-top:none;border-left:
-  none;border-bottom:solid white 1.0pt;border-right:solid white 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>pointer to a data with UKM. If pointer takes NULL_PTR
-  value in C_WrapKey operation then random value of UKM will be used. If
-  pointer takes non-NULL_PTR value in C_UnwrapKey operation then the pointer
-  value will be compared with UKM value of wrapped key. If these two values do
-  not match the wrapped key will be rejected</p>
-  </td>
- </tr>
- <tr>
-  <td width=217 valign=top style='width:162.8pt;border:solid white 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=right style='text-align:right'><i>ulUKMLen</i></p>
-  </td>
-  <td width=19 valign=top style='width:14.15pt;border-top:none;border-left:
-  none;border-bottom:solid white 1.0pt;border-right:solid white 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=right style='text-align:right'>&nbsp;</p>
-  </td>
-  <td width=350 valign=top style='width:262.5pt;border-top:none;border-left:
-  none;border-bottom:solid white 1.0pt;border-right:solid white 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>length of UKM data. If <i>pUKM</i>-pointer is different
-  from NULL_PTR then equal to 8 </p>
-  </td>
- </tr>
- <tr>
-  <td width=217 valign=top style='width:162.8pt;border:solid white 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=right style='text-align:right'><i>hKey</i></p>
-  </td>
-  <td width=19 valign=top style='width:14.15pt;border-top:none;border-left:
-  none;border-bottom:solid white 1.0pt;border-right:solid white 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=right style='text-align:right'>&nbsp;</p>
-  </td>
-  <td width=350 valign=top style='width:262.5pt;border-top:none;border-left:
-  none;border-bottom:solid white 1.0pt;border-right:solid white 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>key handle. Key handle of a sender for C_WrapKey
-  operation. Key handle of a receiver for C_UnwrapKey operation. When key
-  handle takes CK_INVALID_HANDLE value then an ephemeral (one time) key pair of
-  a sender will be used</p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><b><span style='font-family:"Tahoma",sans-serif;color:black'><span
-class=msoIns><ins cite="mailto:TCA" datetime="2016-01-20T14:55">CK_GOSTR3410_KEY_WRAP_PARAMS_PTR</ins></span></span></b><span
-style='font-family:"Tahoma",sans-serif;color:black'><span class=msoIns><ins
-cite="mailto:TCA" datetime="2016-01-20T14:55"> is a pointer to a <b>CK_GOSTR3410_KEY_WRAP_PARAMS</b>.</ins></span></span></p>
-
-<p class=MsoNormal>&#9830;  <b><span style='font-size:12.0pt'>CK_GOSTR3410_DERIVE_PARAMS</span></b></p>
-
-<p class=MsoNormal><b>CK_GOSTR3410_DERIVE_PARAMS </b>is a structure that
-provides the parameters to the<b> CKM_GOSTR3410_DERIVE </b>mechanism. </p>
-
-<p class=MsoNormal>It is defined as follows:</p>
-
-<p class=CCode>typedef struct CK_GOSTR3410_DERIVE_PARAMS { </p>
-
-<p class=CCode>  CK_EC_KDF_TYPE kdf; </p>
-
-<p class=CCode>  CK_BYTE_PTR    pPublicData; </p>
-
-<p class=CCode>  CK_ULONG       ulPublicDataLen; </p>
-
-<p class=CCode>  CK_BYTE_PTR    pUKM; </p>
-
-<p class=CCode>  CK_ULONG       ulUKMLen; </p>
-
-<p class=CCode>} CK_GOSTR3410_DERIVE_PARAMS;</p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<p class=MsoNormal>The fields of the structure have the following meanings:</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0 width=586
- style='width:439.45pt;margin-left:5.65pt;border-collapse:collapse;border:none'>
- <tr>
-  <td width=217 valign=top style='width:162.8pt;border:solid white 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=right style='text-align:right'><i>kdf</i></p>
-  </td>
-  <td width=19 valign=top style='width:14.15pt;border:solid white 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=right style='text-align:right'>&nbsp;</p>
-  </td>
-  <td width=350 valign=top style='width:262.5pt;border:solid white 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt;text-autospace:
-  none'><span style='color:#00A000 !msorm'><span style='color:black'>additional
-  key diversification algorithm identifier. Possible values are CKD_NULL and
-  CKD_CPDIVERSIFY_KDF.  In case of CKD_NULL, result of the key derivation
-  function</span></span></p>
-  <p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt;text-autospace:
-  none'><span style='color:#00A000 !msorm'><span style='color:black'>described
-  in [RFC 4357], section 5.2 is used directly; In case of CKD_CPDIVERSIFY_KDF,
-  the resulting key value is additionally processed with algorithm from [RFC
-  4357], section 6.5.</span></span></p>
-  <p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt;text-autospace:
-  none'><span style='color:#00A000'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=217 valign=top style='width:162.8pt;border:solid white 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=right style='text-align:right'><i>pPublicData</i><sup>1</sup></p>
-  </td>
-  <td width=19 valign=top style='width:14.15pt;border-top:none;border-left:
-  none;border-bottom:solid white 1.0pt;border-right:solid white 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=right style='text-align:right'>&nbsp;</p>
-  </td>
-  <td width=350 valign=top style='width:262.5pt;border-top:none;border-left:
-  none;border-bottom:solid white 1.0pt;border-right:solid white 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>pointer to data with public key of a receiver</p>
-  </td>
- </tr>
- <tr>
-  <td width=217 valign=top style='width:162.8pt;border:solid white 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=right style='text-align:right'><i>ulPublicDataLen</i></p>
-  </td>
-  <td width=19 valign=top style='width:14.15pt;border-top:none;border-left:
-  none;border-bottom:solid white 1.0pt;border-right:solid white 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=right style='text-align:right'>&nbsp;</p>
-  </td>
-  <td width=350 valign=top style='width:262.5pt;border-top:none;border-left:
-  none;border-bottom:solid white 1.0pt;border-right:solid white 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>length of data with public key of a receiver (must be 64)</p>
-  </td>
- </tr>
- <tr>
-  <td width=217 valign=top style='width:162.8pt;border:solid white 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=right style='text-align:right'><i>pUKM</i></p>
-  </td>
-  <td width=19 valign=top style='width:14.15pt;border-top:none;border-left:
-  none;border-bottom:solid white 1.0pt;border-right:solid white 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=right style='text-align:right'>&nbsp;</p>
-  </td>
-  <td width=350 valign=top style='width:262.5pt;border-top:none;border-left:
-  none;border-bottom:solid white 1.0pt;border-right:solid white 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>pointer to a UKM data </p>
-  </td>
- </tr>
- <tr>
-  <td width=217 valign=top style='width:162.8pt;border:solid white 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=right style='text-align:right'><i>ulUKMLen</i></p>
-  </td>
-  <td width=19 valign=top style='width:14.15pt;border-top:none;border-left:
-  none;border-bottom:solid white 1.0pt;border-right:solid white 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=right style='text-align:right'>&nbsp;</p>
-  </td>
-  <td width=350 valign=top style='width:262.5pt;border-top:none;border-left:
-  none;border-bottom:solid white 1.0pt;border-right:solid white 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>length of UKM data in bytes (must be 8)</p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<p class=MsoNormal><sup>1 <span class=MsoFootnoteReference>Public key of a
-receiver is an octet string of 64 bytes long. The public key octets correspond
-to the concatenation of X and Y coordinates of a point. Any one of them is 32
-bytes long and represented in little endian order.</span></sup></p>
-
-<p class=MsoNormal><span class=msoIns><ins cite="mailto:TCA"
-datetime="2016-01-20T14:55">&nbsp;</ins></span></p>
-
-<p class=MsoNormal><span class=MsoFootnoteReference><span class=msoIns><ins
-cite="mailto:TCA" datetime="2016-01-20T14:55">&nbsp;</ins></span></span></p>
-
-<p class=MsoNormal><a name="_Toc395188043"></a><a name="_Toc391471405"></a><a
-name="_Toc370634692"></a><a name="_Toc228807466"></a><a name="_Toc228894912"><b><span
-style='font-family:"Tahoma",sans-serif;color:black'><span class=msoIns><ins
-cite="mailto:TCA" datetime="2016-01-20T14:55">CK_GOSTR3410_DERIVE_PARAMS_PTR</ins></span></span></b></a><span
-style='font-family:"Tahoma",sans-serif;color:black'><span class=msoIns><ins
-cite="mailto:TCA" datetime="2016-01-20T14:55"> is a pointer to a <b>CK_GOSTR3410_DERIVE_PARAMS</b>.</ins></span></span></p>
-
-<h3><a name="_Toc441850726"></a><a name="_Toc441162648"></a><a
-name="_Toc416960289"></a><a name="_Toc437440819">2.45.6 GOST R 34.10-2001 key
-pair generation</a></h3>
-
-<p class=MsoNormal>The GOST&nbsp;R&nbsp;34.10&#8209;2001 key pair generation
-mechanism, denoted <b>CKM_GOSTR3410_KEY_PAIR_GEN</b>, is a key pair generation
-mechanism for GOST&nbsp;R&nbsp;34.10&#8209;2001.</p>
-
-<p class=MsoNormal>This mechanism does not have a parameter.</p>
-
-<p class=MsoNormal>The mechanism generates GOST&nbsp;R&nbsp;34.10&#8209;2001
-public/private key pairs with particular GOST&nbsp;R&nbsp;34.10&#8209;2001
-domain parameters, as specified in the <b>CKA_GOSTR3410_PARAMS</b>, <b>CKA_GOSTR3411_PARAMS</b>,
-and <b>CKA_GOST28147_PARAMS</b> attributes of the template for the public key. 
-Note that <b>CKA_GOST28147_PARAMS</b> attribute may not be present in the
-template.</p>
-
-<p class=MsoNormal>The mechanism contributes the <b>CKA_CLASS</b>, <b>CKA_KEY_TYPE</b>,
-and <b>CKA_VALUE</b> attributes to the new public key and the <b>CKA_CLASS</b>,
-<b>CKA_KEY_TYPE</b>, <b>CKA_VALUE</b>, and<b> CKA_GOSTR3410_PARAMS</b>, <b>CKA_GOSTR3411_PARAMS</b>,
-<b>CKA_GOST28147_PARAMS</b> attributes to the new private key.</p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO </b>structure are not used.</p>
-
-<h3><a name="_Toc441850727"></a><a name="_Toc441162649"></a><a
-name="_Toc416960290"></a><a name="_Toc437440820"></a><a name="_Toc395188044"></a><a
-name="_Toc391471406"></a><a name="_Toc370634693"></a><a name="_Toc228807467"></a><a
-name="_Toc228894913">2.45.7 GOST R 34.10-2001 without hashing</a></h3>
-
-<p class=MsoNormal>The GOST&nbsp;R&nbsp;34.10&#8209;2001 without hashing
-mechanism, denoted <b>CKM_GOSTR3410</b>, is a mechanism for single-part
-signatures and verification for GOST&nbsp;R&nbsp;34.10&#8209;2001.  (This
-mechanism corresponds only to the part of GOST&nbsp;R&nbsp;34.10&#8209;2001
-that processes the 32-bytes hash value; it does not compute the hash value.)</p>
-
-<p class=MsoNormal>This mechanism does not have a parameter.</p>
-
-<p class=MsoNormal><span lang=EN-GB>For the purposes of these mechanisms, a </span>GOST&nbsp;R&nbsp;34.10&#8209;2001<span
-lang=EN-GB> signature is an octet string of 64 bytes long. The signature octets
-correspond to the concatenation of the </span>GOST&nbsp;R&nbsp;34.10&#8209;2001
-<span lang=EN-GB>values <i>s </i>and<i> r’</i>, both represented as a 32 bytes
-octet string in big endian order with the most significant byte first [</span>RFC
-4490<span lang=EN-GB>] section 3.2, and [</span>RFC 4491<span lang=EN-GB>]
-section 2.2.2.</span></p>
-
-<p class=MsoNormal><span lang=EN-GB>The input for the mechanism is an octet
-string of 32 bytes long with digest has computed by means of </span>GOST&nbsp;R&nbsp;34.11&#8209;94
-hash algorithm in the context of signed or should be signed message.</p>
-
-<p class=MsoCaption><a name="_Toc76209837">Table </a>151, GOST R 34.10-2001
-without hashing: Key and Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=108 valign=top style='width:81.0pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=144 valign=top style='width:1.5in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=108 valign=top style='width:81.0pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=120 valign=top style='width:1.25in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Output length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=108 valign=top style='width:81.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Sign<sup>1</sup></span></p>
-  </td>
-  <td width=144 valign=top style='width:1.5in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKK_GOSTR3410</span></p>
-  </td>
-  <td width=108 valign=top style='width:81.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>32 bytes</span></p>
-  </td>
-  <td width=120 valign=top style='width:1.25in;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>64 bytes</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=108 valign=top style='width:81.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Verify<sup>1</sup></span></p>
-  </td>
-  <td width=144 valign=top style='width:1.5in;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKK_GOSTR3410</span></p>
-  </td>
-  <td width=108 valign=top style='width:81.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>32 bytes</span></p>
-  </td>
-  <td width=120 valign=top style='width:1.25in;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>64 bytes</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><sup>1</sup> <span class=MsoFootnoteReference>Single-part
-operations only.</span></p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO </b>structure are not used.</p>
-
-<h3><a name="_Toc441850728"></a><a name="_Toc441162650"></a><a
-name="_Toc416960291"></a><a name="_Toc437440821"></a><a name="_Toc395188045"></a><a
-name="_Toc391471407"></a><a name="_Toc370634694"></a><a name="_Toc228807468"></a><a
-name="_Toc228894914">2.45.8 GOST R 34.10-2001 with GOST R 34.11-94</a></h3>
-
-<p class=MsoNormal>The GOST&nbsp;R&nbsp;34.10&#8209;2001 with
-GOST&nbsp;R&nbsp;34.11&#8209;94, denoted <b>CKM_GOSTR3410_WITH_GOSTR3411</b>,
-is a mechanism for signatures and verification for GOST&nbsp;R&nbsp;34.10&#8209;2001.
-This mechanism computes the entire GOST&nbsp;R&nbsp;34.10&#8209;2001
-specification, including the hashing with GOST&nbsp;R&nbsp;34.11&#8209;94 hash
-algorithm.</p>
-
-<p class=MsoNormal>As a parameter this mechanism utilizes a DER-encoding of the
-object identifier indicating GOST&nbsp;R&nbsp;34.11&#8209;94 data object type.
-A mechanism parameter may be missed then parameters are specified in object
-identifier of attribute <b>CKA_GOSTR3411_PARAMS</b> must be used.</p>
-
-<p class=MsoNormal><a name=z1></a><span lang=EN-GB>For the purposes of these
-mechanisms, a </span>GOST&nbsp;R&nbsp;34.10&#8209;2001<span lang=EN-GB>
-signature is an octet string of 64 bytes long. The signature octets correspond
-to the concatenation of the </span>GOST&nbsp;R&nbsp;34.10&#8209;2001<span
-lang=EN-GB> values <i>s </i>and<i> r’</i>, both represented as a 32 bytes octet
-string in big endian order with the most significant byte first [</span>RFC
-4490<span lang=EN-GB>] section 3.2, and [RFC 4491] section 2.2.2.</span></p>
-
-<p class=MsoNormal><span lang=EN-GB>The input for the mechanism is signed or
-should be signed message of any length. Single- and multiple-part signature
-operations are available.</span></p>
-
-<p class=MsoCaption>Table 152, GOST R 34.10-2001 with GOST R 34.11-94: Key and
-Data Length</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=108 valign=top style='width:81.0pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Function</span></b></p>
-   </td>
-   <td width=144 valign=top style='width:1.5in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial",sans-serif'>Key type</span></b></p>
-   </td>
-   <td width=108 valign=top style='width:81.0pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Input length</span></b></p>
-   </td>
-   <td width=120 valign=top style='width:1.25in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table align=center style='text-align:center;page-break-after:avoid'><b><span
-   style='font-size:10.0pt;font-family:"Arial",sans-serif'>Output length</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=108 valign=top style='width:81.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Sign</span></p>
-  </td>
-  <td width=144 valign=top style='width:1.5in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKK_GOSTR3410</span></p>
-  </td>
-  <td width=108 valign=top style='width:81.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Any</span></p>
-  </td>
-  <td width=120 valign=top style='width:1.25in;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>64 bytes</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=108 valign=top style='width:81.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>C_Verify</span></p>
-  </td>
-  <td width=144 valign=top style='width:1.5in;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial",sans-serif'>CKK_GOSTR3410</span></p>
-  </td>
-  <td width=108 valign=top style='width:81.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>Any</span></p>
-  </td>
-  <td width=120 valign=top style='width:1.25in;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table align=center style='text-align:center;page-break-after:avoid'><span
-  style='font-size:10.0pt;font-family:"Arial",sans-serif'>64 bytes</span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>For this mechanism, the ulMinKeySize and ulMaxKeySize fields
-of the CK_MECHANISM_INFO structure are not used.</p>
-
-<h3><a name="_Toc441850729"></a><a name="_Toc441162651"></a><a
-name="_Toc416960292"></a><a name="_Toc437440822"></a><a name="_Toc395188046"></a><a
-name="_Toc391471408"></a><a name="_Toc370634695"></a><a name="_Toc228807469"></a><a
-name="_Toc228894915">2.45.9 GOST 28147-89 keys wrapping/unwrapping with GOST R
-34.10-2001</a></h3>
-
-<p class=MsoNormal>GOST R 34.10-2001 keys as a KEK (key encryption keys) for
-encryption GOST 28147 keys, denoted by <b>CKM_GOSTR3410_KEY_WRAP</b>, is a
-mechanism for key wrapping; and key unwrapping, based on GOST R 34.10-2001. Its
-purpose is to encrypt and decrypt keys have been generated by key generation
-mechanism for GOST&nbsp;28147&#8209;89. An encryption algorithm from [RFC 4490]
-(section 5.2) must be used. Encrypted key is a DER-encoded structure of ASN.1 <i>GostR3410-KeyTransport</i>
-type [RFC 4490] section 4.2.</p>
-
-<p class=MsoNormal>It has a parameter, a <b>CK_GOSTR3410_KEY_WRAP_PARAMS </b>structure
-defined in section 2.45.5.</p>
-
-<p class=MsoNormal>For unwrapping (<b>C_UnwrapKey</b>), the mechanism decrypts
-the wrapped key, and contributes the result as the <b>CKA_VALUE </b>attribute
-of the new key.</p>
-
-<p class=MsoNormal>For this mechanism, the <i>ulMinKeySize</i> and <i>ulMaxKeySize</i>
-fields of the <b>CK_MECHANISM_INFO </b>structure are not used.</p>
-
-<h4><a name="_Toc437440823">2.45.9.1 Common key derivation with assistance of
-GOST R 34.10-2001 keys</a></h4>
-
-<p class=MsoNormal>Common key derivation, denoted <b>CKM_GOSTR3410_DERIVE, </b>is
-a mechanism for key derivation with assistance of GOST&nbsp;R&nbsp;34.10&#8209;2001
-private and public keys.<a name=z2></a> The key of the mechanism must be of
-object class <b>CKO_DOMAIN_PARAMETERS</b> and<b> </b>key type <b>CKK_GOSTR3410</b>.
-An algorithm for key derivation from [RFC 4357] (section 5.2) must be used.</p>
-
-<p class=MsoNormal>The mechanism contributes the result as the <b>CKA_VALUE </b>attribute
-of the new private key. All other attributes must be specified in a template
-for creating private key object.</p>
-
-<div style='border:none;border-top:solid gray 1.0pt;padding:6.0pt 0in 0in 0in'>
-
-<h1 style='margin-left:0in;text-indent:0in'><a name="_Toc441850730"></a><a
-name="_Toc441162652"></a><a name="_Toc416960293"></a><a name="_Toc437440824"></a><a
-name="_Toc395188047"></a><a name="_Toc391471409"></a><a name="_Toc370634696"></a><a
-name="_Toc368481875">3<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;
-</span>PKCS #11 Implementation Conformance</a></h1>
-
-</div>
-
-<p class=MsoNormal>An implementation is a conforming implementation if it meets
-the conditions specified in one or more server profiles specified in <b>[PKCS
-#11-Prof].</b></p>
-
-<p class=MsoNormal>If a PKCS #11 implementation claims support for a particular
-profile, then the implementation SHALL conform to all normative statements
-within the clauses specified for that profile and for any subclauses to each of
-those clauses<span style='font-family:"Courier New"'>.</span></p>
-
-<div style='border:none;border-top:solid gray 1.0pt;padding:6.0pt 0in 0in 0in'>
-
-<p class=AppendixHeading1><a name="_Toc441850731"></a><a name="_Toc441162653"></a><a
-name="_Toc416960294"></a><a name="_Toc437440825"></a><a name="_Toc395188048"></a><a
-name="_Toc391471410"></a><a name="_Toc370634697"></a><a name="_Toc228894932">Appendix
-A.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span>Acknowledgments</a></p>
-
-</div>
-
-<p class=MsoNormal>The following individuals have participated in the creation of
-this specification and are gratefully acknowledged:</p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<p class=Titlepageinfo>Participants:</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>&nbsp;</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Gil Abel,
-Athena Smartcard Solutions, Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Warren
-Armstrong, QuintessenceLabs</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Jeff
-Bartell, Semper Foris Solutions LLC</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Peter
-Bartok, Venafi, Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Anthony
-Berglas, Cryptsoft </p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Joseph
-Brand, Semper Fortis Solutions LLC</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Kelley
-Burgin, National Security Agency</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Robert
-Burns, Thales e-Security</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Wan-Teh
-Chang, Google Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Hai-May
-Chao, Oracle</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Janice
-Cheng, Vormetric, Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Sangrae Cho,
-Electronics and Telecommunications Research Institute (ETRI)</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Doron Cohen,
-SafeNet, Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Fadi Cotran,
-Futurex</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Tony Cox,
-Cryptsoft </p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Christopher
-Duane, EMC</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Chris Dunn,
-SafeNet, Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Valerie
-Fenwick, Oracle</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Terry
-Fletcher, SafeNet, Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Susan
-Gleeson, Oracle</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Sven Gossel,
-Charismathics</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>John Green,
-QuintessenceLabs</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Robert
-Griffin, EMC</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Paul
-Grojean, Individual</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Peter
-Gutmann, Individual</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Dennis E.
-Hamilton, Individual</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Thomas
-Hardjono, M.I.T.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Tim Hudson,
-Cryptsoft</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Gershon
-Janssen, Individual</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Seunghun
-Jin, Electronics and Telecommunications Research Institute (ETRI)</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Wang
-Jingman, Feitan Technologies</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Andrey
-Jivsov, Symantec Corp.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Mark Joseph,
-P6R</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Stefan
-Kaesar, Infineon Technologies</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Greg
-Kazmierczak, Wave Systems Corp.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Mark Knight,
-Thales e-Security</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=DE-CH>Darren Krahn, Google Inc.</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=DE-CH>Alex Krasnov, Infineon Technologies AG</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Dina
-Kurktchi-Nimeh, Oracle</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Mark
-Lambiase, SecureAuth Corporation</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Lawrence
-Lee, GoTrust Technology Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=FR-CH>John Leiseboer, QuintessenceLabs </span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=FR-CH>Sean Leon, Infineon Technologies</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=FR-CH>Geoffrey Li, Infineon Technologies</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=FR-CH>Howie Liu, Infineon Technologies</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Hal
-Lockhart, Oracle</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Robert
-Lockhart, Thales e-Security</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Dale Moberg,
-Axway Software</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Darren
-Moffat, Oracle</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Valery
-Osheter, SafeNet, Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Sean
-Parkinson, EMC</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Rob
-Philpott, EMC</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Mark Powers,
-Oracle</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Ajai Puri,
-SafeNet, Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Robert
-Relyea, Red Hat</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Saikat Saha,
-Oracle</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=IT>Subhash Sankuratripati, NetApp</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=IT>Anthony Scarpino, Oracle</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Johann
-Schoetz, Infineon Technologies AG</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Rayees
-Shamsuddin, Wave Systems Corp.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=IT>Radhika Siravara, Oracle</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=IT>Brian Smith, Mozilla Corporation</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>David Smith,
-Venafi, Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Ryan Smith,
-Futurex</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Jerry Smith,
-US Department of Defense (DoD)</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Oscar So,
-Oracle</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Graham
-Steel, Cryptosense</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Michael
-Stevens, QuintessenceLabs </p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Michael
-StJohns, Individual</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Jim Susoy,
-P6R</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Sander
-Temme, Thales e-Security</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Kiran Thota,
-VMware, Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Walter-John
-Turnes, Gemini Security Solutions, Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=DE-CH>Stef Walter, Red Hat</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=DE-CH>James Wang, Vormetric</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=DE-CH>Jeff Webb, Dell</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=DE-CH>Peng Yu, Feitian Technologies</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=DE-CH>Magda Zdunkiewicz, Cryptsoft </span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=DE-CH>Chris Zimman, Individual</span></p>
-
-<div style='border:none;border-top:solid gray 1.0pt;padding:6.0pt 0in 0in 0in'>
-
-<p class=AppendixHeading1><a name="_Toc85472898"></a><a name="_Toc287332014"></a><a
-name="_Toc228894936"></a><a name="_Toc441850732"></a><a name="_Toc441162654"></a><a
-name="_Toc416960295"></a><a name="_Toc437440826"></a><a name="_Toc395188049"></a><a
-name="_Toc391471411"></a><a name="_Toc370634698"><span lang=DE-CH>Appendix B.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span lang=DE-CH>Manifest Constants</span></a></p>
-
-</div>
-
-<p class=MsoNormal><span class=msoIns><ins cite="mailto:Paul"
-datetime="2016-01-29T16:01">The definitions for manifest constants specified in
-this document can be found in the following normative computer language
-definition files:</ins></span></p>
-
-<p class=MsoTableColorfulListAccent1 style='text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><a
-href="file://qnap1-l/archive/standards/pkcs11/v2.40errata/include/pkcs11-v2.40/pkcs11.h"><span
-class=msoIns><ins cite="mailto:Paul" datetime="2016-01-29T16:01">include/pkcs11-v2.40/pkcs11.h</ins></span></a></p>
-
-<p class=MsoTableColorfulListAccent1 style='text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><a
-href="file://qnap1-l/archive/standards/pkcs11/v2.40errata/include/pkcs11-v2.40/pkcs11t.h"><span
-class=msoIns><ins cite="mailto:Paul" datetime="2016-01-29T16:01">include/pkcs11-v2.40/pkcs11t.h</ins></span></a></p>
-
-<p class=MsoTableColorfulListAccent1 style='text-indent:-.25in'><span
-style='font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><a
-href="file://qnap1-l/archive/standards/pkcs11/v2.40errata/include/pkcs11-v2.40/pkcs11f.h"><span
-class=msoIns><ins cite="mailto:Paul" datetime="2016-01-29T16:01">include/pkcs11-v2.40/pkcs11f.h</ins></span></a></p>
-
-<p class=MsoNormal><span class=msoIns><ins cite="mailto:Paul"
-datetime="2016-01-29T16:10">These files are linked from the </ins></span><a
-href="#RelatedWork"><span class=msoIns><ins cite="mailto:Paul"
-datetime="2016-01-29T16:11">Related Work</ins></span></a><span class=msoIns><ins
-cite="mailto:Paul" datetime="2016-01-29T16:10"> section at the top of this
-specification.</ins></span></p>
-
-<p class=MsoNormal><span class=msoDel><del cite="mailto:Paul"
-datetime="2016-01-29T16:06">The definitions for manifest constants specified in
-this document can be found in the computer language definition files referenced
-on the title page of this document</del></span>.</p>
-
-<p class=MsoNormal><span class=msoDel><del cite="mailto:Paul"
-datetime="2016-01-29T16:02">The following definitions can be found in [PKCS11_T_H].</del></span></p>
-
-<p class=MsoNormal><b><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">      /*</del></span></b></p>
-
-<p class=MsoNormal style='text-indent:.25in'><b><span class=msoDel><del
-cite="mailto:TCA" datetime="2016-01-20T14:55">      Copyright © OASIS Open
-2013.  All Rights Reserved.  </del></span></b></p>
-
-<p class=MsoNormal style='margin-left:.25in !msorm'><b><span class=msoDel><del
-cite="mailto:TCA" datetime="2016-01-20T14:55">            All capitalized terms
-in </del></span><span class=msoDel><del cite="mailto:Paul"
-datetime="2016-01-29T17:07">the following </del></span><span class=msoDel><del
-cite="mailto:TCA" datetime="2016-01-20T14:55">text have the meanings assigned
-to them in the </del></span></b></p>
-
-<p class=MsoNormal style='margin-left:.25in'><b><span class=msoDel><del
-cite="mailto:TCA" datetime="2016-01-20T14:55">      OASIS Intellectual Property
-Rights Policy (the &quot;OASIS IPR Policy&quot;).              </del></span></b></p>
-
-<p class=MsoNormal style='text-indent:.25in'><b><span class=msoDel><del
-cite="mailto:TCA" datetime="2016-01-20T14:55">*/</del></span></b></p>
-
-<p class=MsoNormal><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">&nbsp;</del></span></p>
-
-<p class=MsoNormal><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">Also, refer <b>[PKCS #11-Base]</b> and <b>[PKCS
-#11-Hist]</b> for additional definitions.</del></span></p>
-
-<h2><a name="_Toc416960296"></a><a name="_Toc395188050"></a><a
-name="_Toc391471412"></a><a name="_Toc370634699"></a><a name="_Toc228807471"></a><a
-name="_Toc228894917"><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">B.1 OTP Definitions</del></span></a></h2>
-
-<p class=MsoNormal><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">Note: A C or C++ source file in a Cryptoki
-application or library can define all the types, mechanisms, and other
-constants described here by including the header file otp-pkcs11.h. When
-including the otp-pkcs11.h header file, it should be preceded by an inclusion
-of the top-level Cryptoki header file pkcs11.h, and the source file must also
-specify the preprocessor directives indicated in Section 8 of [PKCS #11-B].</del></span></p>
-
-<p class=CCode style='margin-left:.25in;text-indent:0in'><span
-style='font-size:10.0pt;font-family:"Arial",sans-serif'><span class=msoDel><del
-cite="mailto:TCA" datetime="2016-01-20T14:55">&nbsp;</del></span></span></p>
-
-<h2><a name="_Toc323610961"></a><a name="_Toc383864977"></a><a
-name="_Toc405794956"></a><a name="_Toc72656536"></a><a name="_Toc96126764"></a><a
-name="_Toc98037607"></a><a name="_Toc98570770"></a><a name="_Toc416960297"></a><a
-name="_Toc395188051"></a><a name="_Toc391471413"></a><a name="_Toc370634700"></a><a
-name="_Toc107130047"></a><a name="_Toc107636281"></a><a name="_Toc119999217"></a><a
-name="_Toc122756456"></a><a name="_Toc228807472"></a><a name="_Toc228894918"><span
-class=msoDel><del cite="mailto:TCA" datetime="2016-01-20T14:55">B.2 Object
-classes</del></span></a></h2>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKO_DATA                         0x00000000</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKO_CERTIFICATE                  0x00000001</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKO_PUBLIC_KEY                   0x00000002</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKO_PRIVATE_KEY                  0x00000003</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKO_SECRET_KEY                   0x00000004</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKO_HW_FEATURE                   0x00000005</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKO_DOMAIN_PARAMETERS             0x00000006</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKO_MECHANISM                    0x00000007</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKO_OTP_KEY                      0x00000008</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">&nbsp;</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKO_VENDOR_DEFINED               0x80000000</del></span></p>
-
-<h2><a name="_Toc416960298"></a><a name="_Toc395188052"></a><a
-name="_Toc391471414"></a><a name="_Toc370634701"></a><a name="_Toc107130048"></a><a
-name="_Toc107636282"></a><a name="_Toc119999218"></a><a name="_Toc122756457"></a><a
-name="_Toc228807473"></a><a name="_Toc228894919"><span class=msoDel><del
-cite="mailto:TCA" datetime="2016-01-20T14:55">B.3 Key types</del></span></a></h2>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKK_RSA                          0x00000000</del></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKK_DSA                          0x00000001</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKK_DH                           0x00000002</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKK_ECDSA                        0x00000003</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKK_EC                           0x00000003</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKK_X9_42_DH                     0x00000004</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKK_KEA                          0x00000005</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKK_GENERIC_SECRET               0x00000010</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKK_RC2                          0x00000011</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKK_RC4                          0x00000012</del></span></span></p>
-
-<p class=CCode><span lang=DE-CH><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKK_DES                          0x00000013</del></span></span></p>
-
-<p class=CCode><span lang=DE-CH><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKK_DES2                         0x00000014</del></span></span></p>
-
-<p class=CCode><span lang=DE-CH><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKK_DES3                         0x00000015</del></span></span></p>
-
-<p class=CCode><span lang=DE-CH><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKK_CAST                         0x00000016</del></span></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKK_CAST3                        0x00000017</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKK_CAST5                        0x00000018</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKK_CAST128                      0x00000018</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKK_RC5                          0x00000019</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKK_IDEA                         0x0000001A</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKK_SKIPJACK                     0x0000001B</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKK_BATON                        0x0000001C</del></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKK_JUNIPER                      0x0000001D</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKK_CDMF                         0x0000001E</del></span></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKK_AES                          0x0000001F</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKK_BLOWFISH                     0x00000020</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKK_TWOFISH                      0x00000021</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKK_SECURID                      0x00000022</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKK_HOTP                         0x00000023</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKK_ACTI                         0x00000024</del></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKK_CAMELLIA                     0x00000025</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKK_ARIA                         0x00000026</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKK_SHA512_224_HMAC              0x00000027</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKK_SHA512_256_HMAC              0x00000028</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKK_SHA512_T_HMAC                0x00000029</del></span></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKK_VENDOR_DEFINED               0x80000000</del></span></p>
-
-<h2><a name="_Toc416960299"></a><a name="_Toc395188053"></a><a
-name="_Toc391471415"></a><a name="_Toc370634702"></a><a name="_Toc81113961"></a><a
-name="_Toc96126765"></a><a name="_Toc98037608"></a><a name="_Toc98570771"></a><a
-name="_Toc107130049"></a><a name="_Toc107636283"></a><a name="_Toc119999219"></a><a
-name="_Toc122756458"></a><a name="_Toc228807474"></a><a name="_Toc228894920"><span
-class=msoDel><del cite="mailto:TCA" datetime="2016-01-20T14:55">B.4 Mechanisms</del></span></a></h2>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_RSA_PKCS_KEY_PAIR_GEN         0x00000000</del></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_RSA_PKCS                      0x00000001</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_RSA_9796                      0x00000002</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_RSA_X_509                     0x00000003</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_MD2_RSA_PKCS                  0x00000004</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_MD5_RSA_PKCS                  0x00000005</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA1_RSA_PKCS                 0x00000006</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_RIPEMD128_RSA_PKCS            0x00000007</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_RIPEMD160_RSA_PKCS            0x00000008</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_RSA_PKCS_OAEP                 0x00000009</del></span></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_RSA_X9_31_KEY_PAIR_GEN        0x0000000A</del></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_RSA_X9_31                     0x0000000B</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA1_RSA_X9_31                0x0000000C</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_RSA_PKCS_PSS                  0x0000000D</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA1_RSA_PKCS_PSS             0x0000000E</del></span></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_DSA_KEY_PAIR_GEN              0x00000010</del></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_DSA                           0x00000011</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_DSA_SHA1                      0x00000012</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_DSA_FIPS_G_GEN                0x00000013</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_DSA_SHA224                    0x00000014</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_DSA_SHA256                    0x00000015</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_DSA_SHA384                    0x00000016</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_DSA_SHA512                    0x00000017</del></span></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_DH_PKCS_KEY_PAIR_GEN          0x00000020</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_DH_PKCS_DERIVE                0x00000021</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_X9_42_DH_KEY_PAIR_GEN         0x00000030</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_X9_42_DH_DERIVE               0x00000031</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_X9_42_DH_HYBRID_DERIVE        0x00000032</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_X9_42_MQV_DERIVE              0x00000033</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA256_RSA_PKCS               0x00000040</del></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA384_RSA_PKCS               0x00000041</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA512_RSA_PKCS               0x00000042</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA256_RSA_PKCS_PSS           0x00000043</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA384_RSA_PKCS_PSS           0x00000044</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA512_RSA_PKCS_PSS           0x00000045</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA224_RSA_PKCS               0x00000046</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA224_RSA_PKCS_PSS           0x00000047</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA512_224                    0x00000048</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA512_224_HMAC               0x00000049</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA512_224_HMAC_GENERAL       0x0000004A</del></span></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA512_224_KEY_DERIVATION     0x0000004B</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA512_256                    0x0000004C</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA512_256_HMAC               0x0000004D</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA512_256_HMAC_GENERAL       0x0000004E</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA512_256_KEY_DERIVATION     0x0000004F</del></span></p>
-
-<p class=CCode><span lang=DE-CH><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA512_T                      0x00000050</del></span></span></p>
-
-<p class=CCode><span lang=DE-CH><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA512_T_HMAC                 0x00000051</del></span></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA512_T_HMAC_GENERAL         0x00000052</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA512_T_KEY_DERIVATION       0x00000053</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_RC2_KEY_GEN                   0x00000100</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_RC2_ECB                       0x00000101</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_RC2_CBC                       0x00000102</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_RC2_MAC                       0x00000103</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_RC2_MAC_GENERAL               0x00000104</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_RC2_CBC_PAD                   0x00000105</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_RC4_KEY_GEN                   0x00000110</del></span></p>
-
-<p class=CCode><span lang=DE-CH><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_RC4                           0x00000111</del></span></span></p>
-
-<p class=CCode><span lang=DE-CH><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_DES_KEY_GEN                   0x00000120</del></span></span></p>
-
-<p class=CCode><span lang=DE-CH><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_DES_ECB                       0x00000121</del></span></span></p>
-
-<p class=CCode><span lang=DE-CH><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_DES_CBC                       0x00000122</del></span></span></p>
-
-<p class=CCode><span lang=DE-CH><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_DES_MAC                       0x00000123</del></span></span></p>
-
-<p class=CCode><span lang=DE-CH><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_DES_MAC_GENERAL               0x00000124</del></span></span></p>
-
-<p class=CCode><span lang=DE-CH><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_DES_CBC_PAD                   0x00000125</del></span></span></p>
-
-<p class=CCode><span lang=DE-CH><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_DES2_KEY_GEN                  0x00000130</del></span></span></p>
-
-<p class=CCode><span lang=DE-CH><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_DES3_KEY_GEN                  0x00000131</del></span></span></p>
-
-<p class=CCode><span lang=DE-CH><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_DES3_ECB                      0x00000132</del></span></span></p>
-
-<p class=CCode><span lang=DE-CH><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_DES3_CBC                      0x00000133</del></span></span></p>
-
-<p class=CCode><span lang=DE-CH><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_DES3_MAC                      0x00000134</del></span></span></p>
-
-<p class=CCode><span lang=DE-CH><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_DES3_MAC_GENERAL              0x00000135</del></span></span></p>
-
-<p class=CCode><span lang=DE-CH><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_DES3_CBC_PAD                  0x00000136</del></span></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CDMF_KEY_GEN                  0x00000140</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CDMF_ECB                      0x00000141</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CDMF_CBC                      0x00000142</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CDMF_MAC                      0x00000143</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CDMF_MAC_GENERAL              0x00000144</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CDMF_CBC_PAD                  0x00000145</del></span></p>
-
-<p class=CCode><span lang=DE-CH><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_DES_OFB64                     0x00000150</del></span></span></p>
-
-<p class=CCode><span lang=DE-CH><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_DES_OFB8                      0x00000151</del></span></span></p>
-
-<p class=CCode><span lang=DE-CH><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_DES_CFB64                     0x00000152</del></span></span></p>
-
-<p class=CCode><span lang=DE-CH><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_DES_CFB8                      0x00000153</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_MD2                           0x00000200</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_MD2_HMAC                      0x00000201</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_MD2_HMAC_GENERAL              0x00000202</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_MD5                           0x00000210</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_MD5_HMAC                      0x00000211</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_MD5_HMAC_GENERAL              0x00000212</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA_1                         0x00000220</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA_1_HMAC                    0x00000221</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA_1_HMAC_GENERAL            0x00000222</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_RIPEMD128                     0x00000230</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_RIPEMD128_HMAC                0x00000231</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_RIPEMD128_HMAC_GENERAL        0x00000232</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_RIPEMD160                     0x00000240</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_RIPEMD160_HMAC                0x00000241</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_RIPEMD160_HMAC_GENERAL        0x00000242</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA256                        0x00000250</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA256_HMAC                   0x00000251</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA256_HMAC_GENERAL           0x00000252</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA224                        0x00000255</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA224_HMAC                   0x00000256</del></span></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA224_HMAC_GENERAL           0x00000257</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA384                        0x00000260</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA384_HMAC                   0x00000261</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA384_HMAC_GENERAL           0x00000262</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA512                        0x00000270</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA512_HMAC                   0x00000271</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA512_HMAC_GENERAL           0x00000272</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SECURID_KEY_GEN               0x00000280</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SECURID                       0x00000282</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_HOTP_KEY_GEN                  0x00000290</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_HOTP                          0x00000291</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_ACTI                          0x000002A0</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_ACTI_KEY_GEN                  0x000002A1</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CAST_KEY_GEN                  0x00000300</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CAST_ECB                      0x00000301</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CAST_CBC                      0x00000302</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CAST_MAC                      0x00000303</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CAST_MAC_GENERAL              0x00000304</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CAST_CBC_PAD                  0x00000305</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CAST3_KEY_GEN                 0x00000310</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CAST3_ECB                     0x00000311</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CAST3_CBC                     0x00000312</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CAST3_MAC                     0x00000313</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CAST3_MAC_GENERAL             0x00000314</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CAST3_CBC_PAD                 0x00000315</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CAST5_KEY_GEN                 0x00000320</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CAST128_KEY_GEN               0x00000320</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CAST5_ECB                     0x00000321</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CAST128_ECB                   0x00000321</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CAST5_CBC                     0x00000322</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CAST128_CBC                   0x00000322</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CAST5_MAC                     0x00000323</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CAST128_MAC                   0x00000323</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CAST5_MAC_GENERAL             0x00000324</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CAST128_MAC_GENERAL           0x00000324</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CAST5_CBC_PAD                 0x00000325</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CAST128_CBC_PAD               0x00000325</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_RC5_KEY_GEN                   0x00000330</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_RC5_ECB                       0x00000331</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_RC5_CBC                       0x00000332</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_RC5_MAC                       0x00000333</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_RC5_MAC_GENERAL               0x00000334</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_RC5_CBC_PAD                   0x00000335</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_IDEA_KEY_GEN                  0x00000340</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_IDEA_ECB                      0x00000341</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_IDEA_CBC                      0x00000342</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_IDEA_MAC                      0x00000343</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_IDEA_MAC_GENERAL              0x00000344</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_IDEA_CBC_PAD                  0x00000345</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_GENERIC_SECRET_KEY_GEN        0x00000350</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CONCATENATE_BASE_AND_KEY      0x00000360</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CONCATENATE_BASE_AND_DATA     0x00000362</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CONCATENATE_DATA_AND_BASE     0x00000363</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_XOR_BASE_AND_DATA             0x00000364</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_EXTRACT_KEY_FROM_KEY          0x00000365</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SSL3_PRE_MASTER_KEY_GEN       0x00000370</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SSL3_MASTER_KEY_DERIVE        0x00000371</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SSL3_KEY_AND_MAC_DERIVE       0x00000372</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SSL3_MASTER_KEY_DERIVE_DH     0x00000373</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_TLS_PRE_MASTER_KEY_GEN        0x00000374</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_TLS_MASTER_KEY_DERIVE         0x00000375</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_TLS_KEY_AND_MAC_DERIVE        0x00000376</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_TLS_MASTER_KEY_DERIVE_DH      0x00000377</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_TLS_PRF                       0x00000378</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SSL3_MD5_MAC                  0x00000380</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SSL3_SHA1_MAC                 0x00000381</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_MD5_KEY_DERIVATION            0x00000390</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_MD2_KEY_DERIVATION            0x00000391</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA1_KEY_DERIVATION           0x00000392</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA256_KEY_DERIVATION         0x00000393</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA384_KEY_DERIVATION         0x00000394</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA512_KEY_DERIVATION         0x00000395</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SHA224_KEY_DERIVATION         0x00000396</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_PBE_MD2_DES_CBC               0x000003A0</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_PBE_MD5_DES_CBC               0x000003A1</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_PBE_MD5_CAST_CBC              0x000003A2</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_PBE_MD5_CAST3_CBC             0x000003A3</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_PBE_MD5_CAST5_CBC             0x000003A4</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_PBE_MD5_CAST128_CBC           0x000003A4</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_PBE_SHA1_CAST5_CBC            0x000003A5</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_PBE_SHA1_CAST128_CBC          0x000003A5</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_PBE_SHA1_RC4_128              0x000003A6</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_PBE_SHA1_RC4_40               0x000003A7</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_PBE_SHA1_DES3_EDE_CBC         0x000003A8</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_PBE_SHA1_DES2_EDE_CBC         0x000003A9</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_PBE_SHA1_RC2_128_CBC          0x000003AA</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_PBE_SHA1_RC2_40_CBC           0x000003AB</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_PKCS5_PBKD2                   0x000003B0</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_PBA_SHA1_WITH_SHA1_HMAC       0x000003C0</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_WTLS_PRE_MASTER_KEY_GEN       0x000003D0</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_WTLS_MASTER_KEY_DERIVE        0x000003D1</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC
-0x000003D2</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_WTLS_PRF                      0x000003D3</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE
-0x000003D4</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE
-0x000003D5</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_TLS10_MAC_SERVER             0x000003D6     </del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_TLS10_MAC_CLIENT             0x000003D7</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_TLS12_MAC                    0x000003D8</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_TLS12_MASTER_KEY_DERIVE      
-0x000003E0</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_TLS12_KEY_AND_MAC_DERIVE     
-0x000003E1</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_TLS12_MASTER_KEY_DERIVE_DH   
-0x000003E2</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_TLS12_KEY_SAFE_DERIVE        
-0x000003E3</del></span></p>
-
-<p class=CCode style='margin-left:0in;text-indent:0in'><span class=msoDel><del
-cite="mailto:TCA" datetime="2016-01-20T14:55">   </del></span><span lang=IT><span
-class=msoDel><del cite="mailto:TCA" datetime="2016-01-20T14:55">#define
-CKM_TLS_MAC                       0x000003E4</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_TLS_KDF                      0x000003E5</del></span></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_KEY_WRAP_LYNKS                0x00000400</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_KEY_WRAP_SET_OAEP             0x00000401</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CMS_SIG                       0x00000500</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_KIP_DERIVE                    0x00000510</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_KIP_WRAP                      0x00000511</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_KIP_MAC                       0x00000512</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CAMELLIA_KEY_GEN              0x00000550</del></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CAMELLIA_ECB                  0x00000551</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CAMELLIA_CBC                  0x00000552</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CAMELLIA_MAC                  0x00000553</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CAMELLIA_MAC_GENERAL          0x00000554</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CAMELLIA_CBC_PAD              0x00000555</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CAMELLIA_ECB_ENCRYPT_DATA     0x00000556</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CAMELLIA_CBC_ENCRYPT_DATA     0x00000557</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_CAMELLIA_CTR                  0x00000558</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_ARIA_KEY_GEN                  0x00000560</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_ARIA_ECB                      0x00000561</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_ARIA_CBC                      0x00000562</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_ARIA_MAC                      0x00000563</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_ARIA_MAC_GENERAL              0x00000564</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_ARIA_CBC_PAD                  0x00000565</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_ARIA_ECB_ENCRYPT_DATA         0x00000566</del></span></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_ARIA_CBC_ENCRYPT_DATA         0x00000567</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SKIPJACK_KEY_GEN              0x00001000</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SKIPJACK_ECB64                0x00001001</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SKIPJACK_CBC64                0x00001002</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SKIPJACK_OFB64                0x00001003</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SKIPJACK_CFB64                0x00001004</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SKIPJACK_CFB32                0x00001005</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SKIPJACK_CFB16                0x00001006</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SKIPJACK_CFB8                 0x00001007</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SKIPJACK_WRAP                 0x00001008</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SKIPJACK_PRIVATE_WRAP         0x00001009</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_SKIPJACK_RELAYX               0x0000100a</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_KEA_KEY_PAIR_GEN              0x00001010</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_KEA_KEY_DERIVE                0x00001011</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_FORTEZZA_TIMESTAMP            0x00001020</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_BATON_KEY_GEN                 0x00001030</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_BATON_ECB128                  0x00001031</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_BATON_ECB96                   0x00001032</del></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_BATON_CBC128                  0x00001033</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_BATON_COUNTER                0x00001034</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_BATON_SHUFFLE                 0x00001035</del></span></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_BATON_WRAP                    0x00001036</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_ECDSA_KEY_PAIR_GEN            0x00001040</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_EC_KEY_PAIR_GEN               0x00001040</del></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_ECDSA                         0x00001041</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_ECDSA_SHA1                    0x00001042</del></span></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_ECDH1_DERIVE                  0x00001050</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_ECDH1_COFACTOR_DERIVE         0x00001051</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_ECMQV_DERIVE                  0x00001052</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_ECDH_AES_KEY_WRAP             0x00001053</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_RSA_AES_KEY_WRAP              0x00001054</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_JUNIPER_KEY_GEN               0x00001060</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_JUNIPER_ECB128                0x00001061</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_JUNIPER_CBC128                0x00001062</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_JUNIPER_COUNTER               0x00001063</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_JUNIPER_SHUFFLE               0x00001064</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_JUNIPER_WRAP                  0x00001065</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_FASTHASH                      0x00001070</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_AES_KEY_GEN                   0x00001080</del></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_AES_ECB                       0x00001081</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_AES_CBC                       0x00001082</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_AES_MAC                       0x00001083</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_AES_MAC_GENERAL               0x00001084</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_AES_CBC_PAD                   0x00001085</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_AES_CTR                       0x00001086</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_AES_GCM                       0x00001087</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_AES_CCM                       0x00001088</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_AES_CMAC_GENERAL              0x00001089</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_AES_CMAC                      0x0000108A</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_AES_CTS                       0x0000108B</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_AES_XCBC_MAC                  0x0000108C</del></span></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_AES_XCBC_MAC_96               0x0000108D</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_BLOWFISH_KEY_GEN             0x00001090</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_BLOWFISH_CBC                  0x00001091</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_TWOFISH_KEY_GEN               0x00001092</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_TWOFISH_CBC                   0x00001093</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_BLOWFISH_CBC_PAD              0x00001094</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_TWOFISH_CBC_PAD               0x00001095</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_DES_ECB_ENCRYPT_DATA          0x00001100</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_DES_CBC_ENCRYPT_DATA          0x00001101</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_DES3_ECB_ENCRYPT_DATA         0x00001102</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_DES3_CBC_ENCRYPT_DATA         0x00001103</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_AES_ECB_ENCRYPT_DATA          0x00001104</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_AES_CBC_ENCRYPT_DATA          0x00001105</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_GOSTR3410_KEY_PAIR_GEN        0x00001200</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_GOSTR3410                     0x00001201</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_GOSTR3410_WITH_GOSTR3411      0x00001202</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_GOSTR3410_KEY_WRAP            0x00001203</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_GOSTR3410_DERIVE              0x00001204</del></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_GOSTR3411                     0x00001210</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_GOSTR3411_HMAC                0x00001211</del></span></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_GOST28147_KEY_GEN             0x00001220</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_GOST28147_ECB                 0x00001221</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_GOST28147                     0x00001222</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_GOST28147_MAC                 0x00001223</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_GOST28147_KEY_WRAP            0x00001224</del></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_DSA_PARAMETER_GEN             0x00002000</del></span></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_DH_PKCS_PARAMETER_GEN         0x00002001</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_X9_42_DH_PKCS_PARAMETER_GEN   0x00002002</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_DSA_PROBABLISTIC_PARAMETER_GEN
-0x00002003</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN
-0x00002004</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_AES_OFB                       0x00002104</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_AES_CFB64                     0x00002105</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_AES_CFB8                      0x00002106</del></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_AES_CFB128                    0x00002107</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_AES_CFB1                      0x00002108</del></span></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_AES_KEY_WRAP                 0x00002109</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_AES_KEY_WRAP_PAD             0x0000210A</del></span></p>
-
-<p class=CCode style='margin-left:0in;text-indent:0in'><span class=msoDel><del
-cite="mailto:TCA" datetime="2016-01-20T14:55">   #define CKM_RSA_PKCS_TPM_1_1          
-   0x00004001</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_RSA_PKCS_OAEP_TPM_1_1         0x00004002</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">&nbsp;</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKM_VENDOR_DEFINED                0x80000000</del></span></p>
-
-<h2><a name="_Toc416960300"></a><a name="_Toc395188054"></a><a
-name="_Toc391471416"></a><a name="_Toc370634703"></a><a name="_Toc81113962"></a><a
-name="_Toc96126766"></a><a name="_Toc98037609"></a><a name="_Toc98570772"></a><a
-name="_Toc107130050"></a><a name="_Toc107636284"></a><a name="_Toc119999220"></a><a
-name="_Toc122756459"></a><a name="_Toc228807475"></a><a name="_Toc228894921"><span
-class=msoDel><del cite="mailto:TCA" datetime="2016-01-20T14:55">B.5 Attributes</del></span></a></h2>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_CLASS                         0x00000000</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_TOKEN                         0x00000001</del></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_PRIVATE                       0x00000002</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_LABEL                         0x00000003</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_APPLICATION                   0x00000010</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_VALUE                         0x00000011</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_OBJECT_ID                     0x00000012</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_CERTIFICATE_TYPE              0x00000080</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_ISSUER                        0x00000081</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_SERIAL_NUMBER                 0x00000082</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_AC_ISSUER                     0x00000083</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_OWNER                         0x00000084</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_ATTR_TYPES                    0x00000085</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_TRUSTED                       0x00000086</del></span></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_CERTIFICATE_CATEGORY          0x00000087</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_JAVA_MIDP_SECURITY_DOMAIN     0x00000088</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_URL                          0x00000089</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY    0x0000008A</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_HASH_OF_ISSUER_PUBLIC_KEY     0x0000008B</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_CHECK_VALUE                  0x00000090</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_KEY_TYPE                      0x00000100</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_SUBJECT                       0x00000101</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_ID                            0x00000102</del></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_SENSITIVE                     0x00000103</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_ENCRYPT                       0x00000104</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_DECRYPT                       0x00000105</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_WRAP                         0x00000106</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_UNWRAP                        0x00000107</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_SIGN                         0x00000108</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_SIGN_RECOVER                  0x00000109</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_VERIFY                        0x0000010A</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_VERIFY_RECOVER                0x0000010B</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_DERIVE                        0x0000010C</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_START_DATE                    0x00000110</del></span></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_END_DATE                      0x00000111</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_MODULUS                       0x00000120</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_MODULUS_BITS                  0x00000121</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_PUBLIC_EXPONENT               0x00000122</del></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_PRIVATE_EXPONENT              0x00000123</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_PRIME_1                       0x00000124</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_PRIME_2                       0x00000125</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_EXPONENT_1                    0x00000126</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_EXPONENT_2                    0x00000127</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_COEFFICIENT                   0x00000128</del></span></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_PUBLIC_KEY_INFO               0x00000129</del></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_PRIME                         0x00000130</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_SUBPRIME                      0x00000131</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_BASE                         0x00000132</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_PRIME_BITS                    0x00000133</del></span></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_SUBPRIME_BITS                 0x00000134</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_SUB_PRIME_BITS                CKA_SUBPRIME_BITS</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_VALUE_BITS                    0x00000160</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_VALUE_LEN                     0x00000161</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_EXTRACTABLE                   0x00000162</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_LOCAL                         0x00000163</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_NEVER_EXTRACTABLE             0x00000164</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_ALWAYS_SENSITIVE              0x00000165</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_KEY_GEN_MECHANISM             0x00000166</del></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_MODIFIABLE                    0x00000170</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_DESTROYABLE                   0x00000172</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_ECDSA_PARAMS                  0x00000180</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_EC_PARAMS                     0x00000180</del></span></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_EC_POINT                      0x00000181</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_SECONDARY_AUTH                0x00000200</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_AUTH_PIN_FLAGS                0x00000201</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_ALWAYS_AUTHENTICATE           0x00000202</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">&nbsp;</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_WRAP_WITH_TRUSTED             0x00000210</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_WRAP_TEMPLATE  
-(CKF_ARRAY_ATTRIBUTE|0x00000211)</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_UNWRAP_TEMPLATE
-(CKF_ARRAY_ATTRIBUTE|0x00000212)</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_OTP_FORMAT                    0x00000220</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_OTP_LENGTH                    0x00000221</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_OTP_TIME_INTERVAL             0x00000222</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_OTP_USER_FRIENDLY_MODE        0x00000223</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_OTP_CHALLENGE_REQUIREMENT     0x00000224</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_OTP_TIME_REQUIREMENT          0x00000225</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_OTP_COUNTER_REQUIREMENT       0x00000226</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_OTP_PIN_REQUIREMENT           0x00000227</del></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_OTP_USER_IDENTIFIER           0x0000022A</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_OTP_SERVICE_IDENTIFIER        0x0000022B</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_OTP_SERVICE_LOGO              0x0000022C</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_OTP_SERVICE_LOGO_TYPE         0x0000022D</del></span></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_OTP_COUNTER                   0x0000022E</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_OTP_TIME                      0x0000022F</del></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_GOSTR3410_PARAMS              0x00000250</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_GOSTR3411_PARAMS              0x00000251</del></span></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_GOST28147_PARAMS              0x00000252</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_HW_FEATURE_TYPE               0x00000300</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_RESET_ON_INIT                 0x00000301</del></span></p>
-
-<p class=CCode><span lang=DE-CH><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_HAS_RESET                     0x00000302</del></span></span></p>
-
-<p class=CCode><span lang=DE-CH><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_PIXEL_X                      0x00000400</del></span></span></p>
-
-<p class=CCode><span lang=DE-CH><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_PIXEL_Y                      0x00000401</del></span></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_RESOLUTION                   0x00000402</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_CHAR_ROWS                    0x00000403</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_CHAR_COLUMNS                 0x00000404</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_COLOR                        0x00000405</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_BITS_PER_PIXEL               0x00000406</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_CHAR_SETS                    0x00000480</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_ENCODING_METHODS             0x00000481</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_MIME_TYPES                   0x00000482</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_MECHANISM_TYPE               0x00000500</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_REQUIRED_CMS_ATTRIBUTES       0x00000501</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_DEFAULT_CMS_ATTRIBUTES        0x00000502</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_SUPPORTED_CMS_ATTRIBUTES      0x00000503</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_ALLOWED_MECHANISMS       (CKF_ARRAY_ATTRIBUTE|0x00000600)</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">&nbsp;</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKA_VENDOR_DEFINED               0x80000000</del></span></p>
-
-<h2 style='margin-left:0in;text-indent:0in'><a name="_Toc81113963"></a><a
-name="_Toc96126767"></a><a name="_Toc416960301"></a><a name="_Toc395188055"></a><a
-name="_Toc391471417"></a><a name="_Toc370634704"></a><a name="_Toc98037610"></a><a
-name="_Toc98570773"></a><a name="_Toc107130051"></a><a name="_Toc107636285"></a><a
-name="_Toc119999221"></a><a name="_Toc122756460"></a><a name="_Toc228807476"></a><a
-name="_Toc228894922"><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">B.6 Attribute constants</del></span></a></h2>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CK_OTP_FORMAT_DECIMAL             0UL</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CK_OTP_FORMAT_HEXADECIMAL         1UL</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CK_OTP_FORMAT_ALPHANUMERIC        2UL</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CK_OTP_FORMAT_BINARY              3UL</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CK_OTP_PARAM_IGNORED             0UL</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CK_OTP_PARAM_OPTIONAL             1UL</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CK_OTP_PARAM_MANDATORY            2UL</del></span></p>
-
-<h2><a name="_Toc107636287"></a><a name="_Toc107130052"></a><a
-name="_Toc98570774"></a><a name="_Toc98037611"></a><a name="_Toc416960302"></a><a
-name="_Toc395188056"></a><a name="_Toc391471418"></a><a name="_Toc370634705"></a><a
-name="_Toc228894923"></a><a name="_Toc228807477"></a><a name="_Toc122756461"></a><a
-name="_Toc119999222"><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">B.7 Other constants</del></span></a></h2>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CK_OTP_VALUE                     0UL</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CK_OTP_PIN                       1UL</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CK_OTP_CHALLENGE                 2UL</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CK_OTP_TIME                      3UL</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CK_OTP_COUNTER                   4UL</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CK_OTP_FLAGS                      5UL</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CK_OTP_OUTPUT_LENGTH             6UL</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CK_OTP_FORMAT                     7UL</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKF_NEXT_OTP                     0x00000001UL</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKF_EXCLUDE_TIME                 0x00000002UL</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKF_EXCLUDE_COUNTER              0x00000004UL</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKF_EXCLUDE_CHALLENGE             0x00000008UL</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKF_EXCLUDE_PIN                  0x00000010UL</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKF_USER_FRIENDLY_OTP             0x00000020UL</del></span></p>
-
-<h2><a name="_Toc416960303"></a><a name="_Toc395188057"></a><a
-name="_Toc391471419"></a><a name="_Toc370634706"></a><a name="_Toc119999223"></a><a
-name="_Toc122756462"></a><a name="_Toc228807478"></a><a name="_Toc228894924"><span
-class=msoDel><del cite="mailto:TCA" datetime="2016-01-20T14:55">B.8 Notifications</del></span></a></h2>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKN_OTP_CHANGED                   1UL</del></span></p>
-
-<h2><a name="_Toc416960304"></a><a name="_Toc395188058"></a><a
-name="_Toc391471420"></a><a name="_Toc370634707"></a><a name="_Toc119999224"></a><a
-name="_Toc122756463"></a><a name="_Toc228807479"></a><a name="_Toc228894925"><span
-class=msoDel><del cite="mailto:TCA" datetime="2016-01-20T14:55">B.9 Return
-values</del></span></a><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">                          </del></span></h2>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_OK                           0x00000000</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_CANCEL                       0x00000001</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_HOST_MEMORY                  0x00000002</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_SLOT_ID_INVALID              
-0x00000003</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_GENERAL_ERROR                 0x00000005</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_FUNCTION_FAILED              
-0x00000006</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_ARGUMENTS_BAD                 0x00000007</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_NO_EVENT                      0x00000008</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_NEED_TO_CREATE_THREADS       
-0x00000009</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_CANT_LOCK                     0x0000000A</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_ATTRIBUTE_READ_ONLY          
-0x00000010</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_ATTRIBUTE_SENSITIVE          
-0x00000011</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_ATTRIBUTE_TYPE_INVALID       
-0x00000012</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_ATTRIBUTE_VALUE_INVALID      
-0x00000013</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_ACTION_PROHIBITED            
-0x0000001B</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_DATA_INVALID                  0x00000020</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_DATA_LEN_RANGE                0x00000021</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_DEVICE_ERROR                  0x00000030</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_DEVICE_MEMORY                 0x00000031</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_DEVICE_REMOVED                0x00000032</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_ENCRYPTED_DATA_INVALID       
-0x00000040</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_ENCRYPTED_DATA_LEN_RANGE     
-0x00000041</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_FUNCTION_CANCELED            
-0x00000050</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_FUNCTION_NOT_PARALLEL        
-0x00000051</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_FUNCTION_NOT_SUPPORTED       
-0x00000054</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_KEY_HANDLE_INVALID           
-0x00000060</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">&nbsp;</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_KEY_SIZE_RANGE                0x00000062</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_KEY_TYPE_INCONSISTENT        
-0x00000063</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_KEY_NOT_NEEDED                0x00000064</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_KEY_CHANGED                  
-0x00000065</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_KEY_NEEDED                   0x00000066</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_KEY_INDIGESTIBLE             
-0x00000067</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_KEY_FUNCTION_NOT_PERMITTED    0x00000068</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_KEY_NOT_WRAPPABLE            
-0x00000069</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_KEY_UNEXTRACTABLE            
-0x0000006A</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_MECHANISM_INVALID            
-0x00000070</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_MECHANISM_PARAM_INVALID      
-0x00000071</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_OBJECT_HANDLE_INVALID        
-0x00000082</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_OPERATION_ACTIVE             
-0x00000090</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_OPERATION_NOT_INITIALIZED     0x00000091</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_PIN_INCORRECT                 0x000000A0</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_PIN_INVALID                  0x000000A1</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_PIN_LEN_RANGE                 0x000000A2</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_PIN_EXPIRED                  0x000000A3</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_PIN_LOCKED                   0x000000A4</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_SESSION_CLOSED                0x000000B0</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_SESSION_COUNT                 0x000000B1</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_SESSION_HANDLE_INVALID       
-0x000000B3</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_SESSION_PARALLEL_NOT_SUPPORTED
-0x000000B4</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_SESSION_READ_ONLY            
-0x000000B5</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_SESSION_EXISTS                0x000000B6</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_SESSION_READ_ONLY_EXISTS     
-0x000000B7</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_SESSION_READ_WRITE_SO_EXISTS  0x000000B8</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">&nbsp;</del></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_SIGNATURE_INVALID            
-0x000000C0</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_SIGNATURE_LEN_RANGE          
-0x000000C1</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_TEMPLATE_INCOMPLETE          
-0x000000D0</del></span></span></p>
-
-<p class=CCode><span lang=IT><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_TEMPLATE_INCONSISTENT        
-0x000000D1</del></span></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_TOKEN_NOT_PRESENT            
-0x000000E0</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_TOKEN_NOT_RECOGNIZED         
-0x000000E1</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_TOKEN_WRITE_PROTECTED        
-0x000000E2</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_UNWRAPPING_KEY_HANDLE_INVALID
-0x000000F0</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_UNWRAPPING_KEY_SIZE_RANGE     0x000000F1</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT
-0x000000F2</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_USER_ALREADY_LOGGED_IN       
-0x00000100</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_USER_NOT_LOGGED_IN           
-0x00000101</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_USER_PIN_NOT_INITIALIZED     
-0x00000102</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_USER_TYPE_INVALID             0x00000103</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN
-0x00000104</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_USER_TOO_MANY_TYPES          
-0x00000105</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">&nbsp;</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_WRAPPED_KEY_INVALID          
-0x00000110</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_WRAPPED_KEY_LEN_RANGE        
-0x00000112</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_WRAPPING_KEY_HANDLE_INVALID   0x00000113</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_WRAPPING_KEY_SIZE_RANGE      
-0x00000114</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT
-0x00000115</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_RANDOM_SEED_NOT_SUPPORTED     0x00000120</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_RANDOM_NO_RNG                 0x00000121</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_DOMAIN_PARAMS_INVALID        
-0x00000130</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_CURVE_NOT_SUPPORTED          
-0x00000140</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_BUFFER_TOO_SMALL             
-0x00000150</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_SAVED_STATE_INVALID          
-0x00000160</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_INFORMATION_SENSITIVE        
-0x00000170</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_STATE_UNSAVEABLE             
-0x00000180</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_CRYPTOKI_NOT_INITIALIZED     
-0x00000190</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_CRYPTOKI_ALREADY_INITIALIZED  0x00000191</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_MUTEX_BAD                     0x000001A0</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_MUTEX_NOT_LOCKED             
-0x000001A1</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_NEW_PIN_MODE                  0x000001B0</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_NEXT_OTP                      0x000001B1</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_EXCEEDED_MAX_ITERATIONS      
-0x000001C0</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_FIPS_SELF_TEST_FAILED        
-0x000001C1</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_LIBRARY_LOAD_FAILED          
-0x000001C2</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_PIN_TOO_WEAK                  0x000001C3</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_PUBLIC_KEY_INVALID           
-0x000001C4</del></span></p>
-
-<p class=CCode><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_FUNCTION_REJECTED            
-0x00000200</del></span></p>
-
-<p class=MsoNormal style='margin-top:0in !msorm;margin-right:0in !msorm;
-margin-bottom:0in !msorm;margin-left:1.1in !msorm;text-indent:-.8in !msorm;
-mso-style-name:C_Code !msorm'><span style='font-size:12.0pt !msorm;font-family:
-"Courier New" !msorm'><span class=msoDel><del cite="mailto:TCA"
-datetime="2016-01-20T14:55">#define CKR_VENDOR_DEFINED                           
-       0x80000000</del></span></span></p>
-
-<div style='border:none;border-top:solid gray 1.0pt;padding:6.0pt 0in 0in 0in'>
-
-<p class=AppendixHeading1><a name="_Toc441850733"></a><a name="_Toc441162655"></a><a
-name="_Toc416960305"></a><a name="_Toc437440827"></a><a name="_Toc395188059"></a><a
-name="_Toc391471421"></a><a name="_Toc370634708"></a><a name="_Toc107636286"></a><a
-name="_Toc107636463"></a>Appendix C.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span>Revision History</p>
-
-</div>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='border-collapse:collapse;border:none'>
- <tr>
-  <td width=103 valign=top style='width:77.4pt;border:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=center style='text-align:center'><b>Revision</b></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border:solid windowtext 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=center style='text-align:center'><b>Date</b></p>
-  </td>
-  <td width=144 valign=top style='width:1.5in;border:solid windowtext 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=center style='text-align:center'><b>Editor</b></p>
-  </td>
-  <td width=295 valign=top style='width:221.4pt;border:solid windowtext 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal><b>Changes Made</b></p>
-  </td>
- </tr>
- <tr>
-  <td width=103 valign=top style='width:77.4pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>wd01</p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Apr 29, 2013</p>
-  </td>
-  <td width=144 valign=top style='width:1.5in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Chris Zimman</p>
-  </td>
-  <td width=295 valign=top style='width:221.4pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Initial Template Import</p>
-  </td>
- </tr>
- <tr>
-  <td width=103 valign=top style='width:77.4pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>wd02</p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>July 7, 2013</p>
-  </td>
-  <td width=144 valign=top style='width:1.5in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Chris Zimman</p>
-  </td>
-  <td width=295 valign=top style='width:221.4pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>2<sup>nd</sup> Working Draft</p>
-  </td>
- </tr>
- <tr>
-  <td width=103 valign=top style='width:77.4pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>wd03</p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Aug 16, 2013</p>
-  </td>
-  <td width=144 valign=top style='width:1.5in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Chris Zimman</p>
-  </td>
-  <td width=295 valign=top style='width:221.4pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>3<sup>rd</sup> Working Draft</p>
-  </td>
- </tr>
- <tr>
-  <td width=103 valign=top style='width:77.4pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>wd04</p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Oct 1, 2013</p>
-  </td>
-  <td width=144 valign=top style='width:1.5in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Chris Zimman</p>
-  </td>
-  <td width=295 valign=top style='width:221.4pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Incorporation of ballot items, prep for Committee
-  Specification Draft promotion</p>
-  </td>
- </tr>
- <tr>
-  <td width=103 valign=top style='width:77.4pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>wd05</p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Oct 7, 2013</p>
-  </td>
-  <td width=144 valign=top style='width:1.5in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Chris Zimman</p>
-  </td>
-  <td width=295 valign=top style='width:221.4pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Reviewed for typos and proof.  Candidate for Committee
-  Specification Draft promotion.</p>
-  </td>
- </tr>
- <tr>
-  <td width=103 valign=top style='width:77.4pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>wd06</p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Oct 27, 2013</p>
-  </td>
-  <td width=144 valign=top style='width:1.5in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Robert Griffin</p>
-  </td>
-  <td width=295 valign=top style='width:221.4pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Final participants list and other editorial changes for
-  Committee Specification Draft</p>
-  </td>
- </tr>
- <tr>
-  <td width=103 valign=top style='width:77.4pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Cds01</p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Oct. 30, 2013</p>
-  </td>
-  <td width=144 valign=top style='width:1.5in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>OASIS</p>
-  </td>
-  <td width=295 valign=top style='width:221.4pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Committee Specification Draft</p>
-  </td>
- </tr>
- <tr>
-  <td width=103 valign=top style='width:77.4pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>wd07</p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Feb 18, 2014</p>
-  </td>
-  <td width=144 valign=top style='width:1.5in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Chris Zimman</p>
-  </td>
-  <td width=295 valign=top style='width:221.4pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Incorporation of changes and feedback from public review</p>
-  </td>
- </tr>
- <tr>
-  <td width=103 valign=top style='width:77.4pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>wd08</p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Feb 27, 2014</p>
-  </td>
-  <td width=144 valign=top style='width:1.5in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Chris Zimman</p>
-  </td>
-  <td width=295 valign=top style='width:221.4pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Incorporation of changes and feedback from public review</p>
-  </td>
- </tr>
- <tr>
-  <td width=103 valign=top style='width:77.4pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>wd09</p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Mar 10, 2014</p>
-  </td>
-  <td width=144 valign=top style='width:1.5in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Chris Zimman</p>
-  </td>
-  <td width=295 valign=top style='width:221.4pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Incorporation of voted upon changes from last meeting</p>
-  </td>
- </tr>
- <tr>
-  <td width=103 valign=top style='width:77.4pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>csd02</p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Apr. 23, 2014</p>
-  </td>
-  <td width=144 valign=top style='width:1.5in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>OASIS</p>
-  </td>
-  <td width=295 valign=top style='width:221.4pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Committee Specification Draft</p>
-  </td>
- </tr>
- <tr>
-  <td width=103 valign=top style='width:77.4pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>wd10</p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Jun 11, 2014</p>
-  </td>
-  <td width=144 valign=top style='width:1.5in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Chris Zimman</p>
-  </td>
-  <td width=295 valign=top style='width:221.4pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Removed AES-XTS mechanism</p>
-  </td>
- </tr>
- <tr>
-  <td width=103 valign=top style='width:77.4pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>wd11</p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Jul. 2, 2014</p>
-  </td>
-  <td width=144 valign=top style='width:1.5in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Chris Zimman</p>
-  </td>
-  <td width=295 valign=top style='width:221.4pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Corrections to manifest constants</p>
-  </td>
- </tr>
- <tr>
-  <td width=103 valign=top style='width:77.4pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>csd03</p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Jul. 16, 2014</p>
-  </td>
-  <td width=144 valign=top style='width:1.5in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>OASIS</p>
-  </td>
-  <td width=295 valign=top style='width:221.4pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Committee Specification Draft</p>
-  </td>
- </tr>
- <tr>
-  <td width=103 valign=top style='width:77.4pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>csd03a</p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Sep 3 2014</p>
-  </td>
-  <td width=144 valign=top style='width:1.5in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Robert Griffin</p>
-  </td>
-  <td width=295 valign=top style='width:221.4pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Updated revision history and participant list in
-  preparation for Committee Specification ballot</p>
-  </td>
- </tr>
- <tr>
-  <td width=103 valign=top style='width:77.4pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>wd12</p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Nov 3 2014</p>
-  </td>
-  <td width=144 valign=top style='width:1.5in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Robert Griffin </p>
-  </td>
-  <td width=295 valign=top style='width:221.4pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Editorial corrections</p>
-  </td>
- </tr>
- <tr>
-  <td width=103 valign=top style='width:77.4pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal><span class=msoIns><ins cite="mailto:TCA"
-  datetime="2016-01-20T14:55">os</ins></span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal><span class=msoIns><ins cite="mailto:TCA"
-  datetime="2016-01-20T14:55">Apr 14 2015</ins></span></p>
-  </td>
-  <td width=144 valign=top style='width:1.5in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal><span class=msoIns><ins cite="mailto:TCA"
-  datetime="2016-01-20T14:55">OASIS</ins></span></p>
-  </td>
-  <td width=295 valign=top style='width:221.4pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal><span class=msoIns><ins cite="mailto:TCA"
-  datetime="2016-01-20T14:55">OASIS Standard</ins></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=103 valign=top style='width:77.4pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal><span class=msoIns><ins cite="mailto:TCA"
-  datetime="2016-01-20T14:55">os-rev01</ins></span></p>
-  </td>
-  <td width=96 valign=top style='width:1.0in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal><span class=msoIns><ins cite="mailto:TCA"
-  datetime="2016-01-20T14:55">Dec 9 2015</ins></span></p>
-  </td>
-  <td width=144 valign=top style='width:1.5in;border-top:none;border-left:none;
-  border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal><span class=msoIns><ins cite="mailto:TCA"
-  datetime="2016-01-20T14:55">Robert Griffin / Tim Hudson</ins></span></p>
-  </td>
-  <td width=295 valign=top style='width:221.4pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal><span class=msoIns><ins cite="mailto:TCA"
-  datetime="2016-01-20T14:55">Change bar edits corresponding to Errata01</ins></span></p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>&nbsp;</p>
-
-</div>
-
-<div><br clear=all>
-
-<hr align=left size=1 width="33%">
-
-<div id=ftn1>
-
-<p class=MsoFootnoteText><a href="#_ftnref1" name="_ftn1" title=""><span
-class=MsoFootnoteReference><span class=MsoFootnoteReference><span
-style='font-size:10.0pt;font-family:"Arial",sans-serif'>[1]</span></span></span></a>
-<span class=MsoFootnoteReference>The encoding in V2.20 was not specified and
-resulted in different implementations choosing different encodings.
-Applications relying only on a V2.20 encoding (e.g. the DER variant) other than
-the one specified now (raw) may not work with all V2.30 compliant tokens.</span></p>
-
-</div>
-
-<div id=ftn2>
-
-<p class=MsoFootnoteText><a href="#_ftnref2" name="_ftn2" title=""><span
-class=MsoFootnoteReference><span class=MsoFootnoteReference><span
-style='font-size:10.0pt;font-family:"Arial",sans-serif'>[2]</span></span></span></a>
-<span class=MsoFootnoteReference>Note that the rules regarding the
-CKA_SENSITIVE, CKA_EXTRACTABLE, CKA_ALWAYS_SENSITIVE, and CKA_NEVER_EXTRACTABLE
-attributes have changed in version 2.11 to match the policy used by other key
-derivation mechanisms such as CKM_SSL3_MASTER_KEY_DERIVE. </span></p>
-
-</div>
-
-<div id=ftn3>
-
-<p class=MsoNormal><a href="#_ftnref3" name="_ftn3" title=""><span
-class=FootnoteCharacters><span class=FootnoteCharacters><span style='font-size:
-10.0pt;font-family:"Arial",sans-serif'>[3]</span></span></span></a><br
-clear=all style='page-break-before:always'>
-             “*” indicates 0 or more calls may be made as required</p>
-
-</div>
-
-<div id=ftn4>
-
-<p class=MsoFootnoteText><a href="#_ftnref4" name="_ftn4" title=""><span
-class=MsoFootnoteReference><span class=MsoFootnoteReference><span
-style='font-size:10.0pt;font-family:"Arial",sans-serif'>[4]</span></span></span></a>
-<span class=MsoFootnoteReference>“*” indicates 0 or more calls may be made as
-required</span></p>
-
-</div>
-
-<div id=ftn5>
-
-<p class=MsoFootnoteText><a href="#_ftnref5" name="_ftn5" title=""><span
-class=MsoFootnoteReference><span style='font-size:14.0pt'><span
-class=MsoFootnoteReference><span style='font-size:14.0pt;font-family:"Arial",sans-serif'>[5]</span></span></span></span></a><span
-style='font-size:14.0pt'> <span class=MsoFootnoteReference>Applications that
-may need to retrieve the next OTP should be prepared to handle this
-situation.&nbsp;For example, an application could store the OTP value returned
-by C_Sign so that, if a next OTP is required, it can compare it to the OTP
-value returned by subsequent calls to C_Sign should it turn out that the
-library does not support the CKF_NEXT_OTP flag.</span></span></p>
-
-</div>
-
-</div>
-
-</body>
-
-</html>
diff --git a/pkcs11-docs/pkcs11-v240-usage-guide.html b/pkcs11-docs/pkcs11-v240-usage-guide.html
deleted file mode 100644
index f848de0..0000000
--- a/pkcs11-docs/pkcs11-v240-usage-guide.html
+++ /dev/null
@@ -1,4755 +0,0 @@
-<html>
-
-<head>
-<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
-<meta name=Generator content="Microsoft Word 14 (filtered)">
-<base href="http://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/cn02/pkcs11-ug-v2.40-cn02.html">
-<title>PKCS #11 Cryptographic Token Interface Usage Guide Version 2.40</title>
-<style>
-<!--
- /* Font Definitions */
- @font-face
-	{font-family:Wingdings;
-	panose-1:5 0 0 0 0 0 0 0 0 0;}
-@font-face
-	{font-family:"Cambria Math";
-	panose-1:2 4 5 3 5 4 6 3 2 4;}
-@font-face
-	{font-family:"Arial Unicode MS";
-	panose-1:2 11 6 4 2 2 2 2 2 4;}
-@font-face
-	{font-family:Cambria;
-	panose-1:2 4 5 3 5 4 6 3 2 4;}
-@font-face
-	{font-family:Calibri;
-	panose-1:2 15 5 2 2 2 4 3 2 4;}
-@font-face
-	{font-family:Tahoma;
-	panose-1:2 11 6 4 3 5 4 4 2 4;}
-@font-face
-	{font-family:"Malgun Gothic";
-	panose-1:2 11 5 3 2 0 0 2 0 4;}
-@font-face
-	{font-family:"\@Malgun Gothic";
-	panose-1:2 11 5 3 2 0 0 2 0 4;}
-@font-face
-	{font-family:"\@Arial Unicode MS";
-	panose-1:2 11 6 4 2 2 2 2 2 4;}
- /* Style Definitions */
- p.MsoNormal, li.MsoNormal, div.MsoNormal
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:8.0pt;
-	margin-left:0in;
-	line-height:110%;
-	font-size:11.0pt;
-	font-family:"Calibri","sans-serif";}
-h1
-	{mso-style-link:"Heading 1 Char";
-	margin-top:.25in;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:.3in;
-	margin-bottom:.0001pt;
-	text-indent:-.3in;
-	page-break-after:avoid;
-	font-size:16.0pt;
-	font-family:"Cambria","serif";
-	color:#A1985A;
-	font-weight:normal;}
-h2
-	{mso-style-name:"Heading 2\,H2";
-	mso-style-link:"Heading 2 Char\,H2 Char";
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:.4in;
-	text-indent:-.4in;
-	page-break-after:avoid;
-	font-size:14.0pt;
-	font-family:"Cambria","serif";
-	color:#A1985A;
-	font-weight:normal;}
-h3
-	{mso-style-name:"Heading 3\,H3";
-	mso-style-link:"Heading 3 Char\,H3 Char";
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:.5in;
-	text-indent:-.5in;
-	page-break-after:avoid;
-	font-size:13.0pt;
-	font-family:"Cambria","serif";
-	color:#A1985A;
-	font-weight:normal;}
-h4
-	{mso-style-name:"Heading 4\,H4";
-	mso-style-link:"Heading 4 Char\,H4 Char";
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:.6in;
-	text-indent:-.6in;
-	page-break-after:avoid;
-	font-size:12.0pt;
-	font-family:"Cambria","serif";
-	color:#A1985A;
-	font-weight:normal;}
-h5
-	{mso-style-link:"Heading 5 Char";
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:.7in;
-	text-indent:-.7in;
-	page-break-after:avoid;
-	font-size:12.0pt;
-	font-family:"Cambria","serif";
-	color:#A1985A;
-	font-weight:normal;}
-h6
-	{mso-style-link:"Heading 6 Char";
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:.8in;
-	text-indent:-.8in;
-	page-break-after:avoid;
-	font-size:11.0pt;
-	font-family:"Cambria","serif";
-	color:#A1985A;
-	font-weight:normal;}
-p.MsoHeading7, li.MsoHeading7, div.MsoHeading7
-	{mso-style-link:"Heading 7 Char";
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:.9in;
-	text-indent:-.9in;
-	page-break-after:avoid;
-	font-size:11.0pt;
-	font-family:"Cambria","serif";
-	color:#A1985A;}
-p.MsoHeading8, li.MsoHeading8, div.MsoHeading8
-	{mso-style-link:"Heading 8 Char";
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:1.0in;
-	text-indent:-1.0in;
-	page-break-after:avoid;
-	font-size:11.0pt;
-	font-family:"Cambria","serif";
-	color:#A1985A;
-	font-style:italic;}
-p.MsoHeading9, li.MsoHeading9, div.MsoHeading9
-	{mso-style-link:"Heading 9 Char";
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:1.1in;
-	text-indent:-1.1in;
-	page-break-after:avoid;
-	font-size:11.0pt;
-	font-family:"Cambria","serif";
-	color:#A1985A;
-	font-style:italic;}
-p.MsoToc1, li.MsoToc1, div.MsoToc1
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:8.0pt;
-	margin-left:0in;
-	line-height:110%;
-	font-size:11.0pt;
-	font-family:"Calibri","sans-serif";}
-p.MsoToc2, li.MsoToc2, div.MsoToc2
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:8.0pt;
-	margin-left:10.5pt;
-	line-height:110%;
-	font-size:11.0pt;
-	font-family:"Calibri","sans-serif";}
-p.MsoToc3, li.MsoToc3, div.MsoToc3
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:8.0pt;
-	margin-left:21.0pt;
-	line-height:110%;
-	font-size:11.0pt;
-	font-family:"Calibri","sans-serif";}
-p.MsoFootnoteText, li.MsoFootnoteText, div.MsoFootnoteText
-	{mso-style-link:"Footnote Text Char";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:8.0pt;
-	margin-left:0in;
-	line-height:110%;
-	font-size:10.0pt;
-	font-family:"Calibri","sans-serif";}
-p.MsoHeader, li.MsoHeader, div.MsoHeader
-	{mso-style-link:"Header Char";
-	margin:0in;
-	margin-bottom:.0001pt;
-	font-size:11.0pt;
-	font-family:"Calibri","sans-serif";}
-p.MsoFooter, li.MsoFooter, div.MsoFooter
-	{mso-style-link:"Footer Char";
-	margin:0in;
-	margin-bottom:.0001pt;
-	font-size:11.0pt;
-	font-family:"Calibri","sans-serif";}
-p.MsoCaption, li.MsoCaption, div.MsoCaption
-	{margin-top:0in;
-	margin-right:0in;
-	margin-bottom:8.0pt;
-	margin-left:0in;
-	font-size:10.0pt;
-	font-family:"Calibri","sans-serif";
-	font-variant:small-caps;
-	color:#675E47;
-	letter-spacing:.3pt;
-	font-weight:bold;}
-span.MsoFootnoteReference
-	{vertical-align:super;}
-span.MsoPageNumber
-	{font-family:"Arial","sans-serif";
-	color:white;
-	font-weight:bold;}
-p.MsoListBullet, li.MsoListBullet, div.MsoListBullet
-	{margin-top:4.0pt;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:.25in;
-	text-indent:-.25in;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";}
-p.MsoTitle, li.MsoTitle, div.MsoTitle
-	{mso-style-link:"Title Char";
-	margin:0in;
-	margin-bottom:.0001pt;
-	font-size:40.0pt;
-	font-family:"Cambria","serif";
-	color:#A1985A;}
-p.MsoTitleCxSpFirst, li.MsoTitleCxSpFirst, div.MsoTitleCxSpFirst
-	{mso-style-link:"Title Char";
-	margin:0in;
-	margin-bottom:.0001pt;
-	font-size:40.0pt;
-	font-family:"Cambria","serif";
-	color:#A1985A;}
-p.MsoTitleCxSpMiddle, li.MsoTitleCxSpMiddle, div.MsoTitleCxSpMiddle
-	{mso-style-link:"Title Char";
-	margin:0in;
-	margin-bottom:.0001pt;
-	font-size:40.0pt;
-	font-family:"Cambria","serif";
-	color:#A1985A;}
-p.MsoTitleCxSpLast, li.MsoTitleCxSpLast, div.MsoTitleCxSpLast
-	{mso-style-link:"Title Char";
-	margin:0in;
-	margin-bottom:.0001pt;
-	font-size:40.0pt;
-	font-family:"Cambria","serif";
-	color:#A1985A;}
-p.MsoMessageHeader, li.MsoMessageHeader, div.MsoMessageHeader
-	{mso-style-link:"Message Header Char";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:.75in;
-	text-align:justify;
-	text-indent:-.75in;
-	background:#CCCCCC;
-	border:none;
-	padding:0in;
-	font-size:12.0pt;
-	font-family:"Arial","sans-serif";}
-p.MsoSubtitle, li.MsoSubtitle, div.MsoSubtitle
-	{mso-style-link:"Subtitle Char";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:8.0pt;
-	margin-left:0in;
-	line-height:110%;
-	font-size:16.0pt;
-	font-family:"Cambria","serif";
-	color:#A1985A;}
-p.MsoNoteHeading, li.MsoNoteHeading, div.MsoNoteHeading
-	{mso-style-link:"Note Heading Char";
-	margin-top:4.0pt;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:0in;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";}
-a:link, span.MsoHyperlink
-	{color:blue;
-	text-decoration:underline;}
-a:visited, span.MsoHyperlinkFollowed
-	{color:purple;
-	text-decoration:underline;}
-em
-	{color:#675E47;}
-p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
-	{mso-style-link:"Balloon Text Char";
-	margin:0in;
-	margin-bottom:.0001pt;
-	font-size:8.0pt;
-	font-family:"Tahoma","sans-serif";}
-span.Heading1Char
-	{mso-style-name:"Heading 1 Char";
-	mso-style-link:"Heading 1";
-	font-family:"Cambria","serif";
-	color:#A1985A;}
-span.Heading2Char
-	{mso-style-name:"Heading 2 Char\,H2 Char";
-	mso-style-link:"Heading 2\,H2";
-	font-family:"Cambria","serif";
-	color:#A1985A;}
-span.Heading3Char
-	{mso-style-name:"Heading 3 Char\,H3 Char";
-	mso-style-link:"Heading 3\,H3";
-	font-family:"Arial","sans-serif";
-	color:#3B006F;
-	font-weight:bold;}
-span.TitleChar
-	{mso-style-name:"Title Char";
-	mso-style-link:Title;
-	font-family:"Cambria","serif";
-	color:#A1985A;}
-span.SubtitleChar
-	{mso-style-name:"Subtitle Char";
-	mso-style-link:Subtitle;
-	font-family:"Cambria","serif";
-	color:#A1985A;}
-span.BalloonTextChar
-	{mso-style-name:"Balloon Text Char";
-	mso-style-link:"Balloon Text";
-	font-family:"Tahoma","sans-serif";}
-span.Heading4Char
-	{mso-style-name:"Heading 4 Char\,H4 Char";
-	mso-style-link:"Heading 4\,H4";
-	font-family:"Arial","sans-serif";
-	color:#3B006F;
-	font-weight:bold;}
-span.Heading5Char
-	{mso-style-name:"Heading 5 Char";
-	mso-style-link:"Heading 5";
-	font-family:"Arial","sans-serif";
-	color:#3B006F;
-	font-weight:bold;}
-span.Heading6Char
-	{mso-style-name:"Heading 6 Char";
-	mso-style-link:"Heading 6";
-	font-family:"Arial","sans-serif";
-	color:#3B006F;
-	font-weight:bold;}
-span.Heading7Char
-	{mso-style-name:"Heading 7 Char";
-	mso-style-link:"Heading 7";
-	font-family:"Arial","sans-serif";
-	color:#3B006F;
-	font-weight:bold;}
-span.Heading8Char
-	{mso-style-name:"Heading 8 Char";
-	mso-style-link:"Heading 8";
-	font-family:"Arial","sans-serif";
-	color:#3B006F;
-	font-weight:bold;
-	font-style:italic;}
-span.Heading9Char
-	{mso-style-name:"Heading 9 Char";
-	mso-style-link:"Heading 9";
-	font-family:"Arial","sans-serif";
-	color:#3B006F;
-	font-weight:bold;
-	font-style:italic;}
-span.ColorfulGrid-Accent1Char
-	{mso-style-name:"Colorful Grid - Accent 1 Char";
-	mso-style-link:"Colorful Grid - Accent 1";
-	font-family:"Cambria","serif";
-	color:#A9A57C;
-	font-style:italic;}
-span.LightShading-Accent2Char
-	{mso-style-name:"Light Shading - Accent 2 Char";
-	mso-style-link:"Light Shading - Accent 2";
-	font-family:"Malgun Gothic","sans-serif";
-	color:white;
-	background:#A9A57C;
-	font-weight:bold;
-	font-style:italic;}
-span.SubtleEmphasis
-	{mso-style-name:"Subtle Emphasis";
-	color:black;
-	font-style:italic;}
-span.IntenseEmphasis
-	{mso-style-name:"Intense Emphasis";
-	color:#A9A57C;
-	font-weight:bold;
-	font-style:italic;}
-span.SubtleReference
-	{mso-style-name:"Subtle Reference";
-	font-variant:small-caps;
-	color:#9CBEBD;
-	text-decoration:underline;}
-span.IntenseReference
-	{mso-style-name:"Intense Reference";
-	font-variant:small-caps;
-	color:#9CBEBD;
-	letter-spacing:.25pt;
-	font-weight:bold;
-	text-decoration:underline;}
-span.BookTitle
-	{mso-style-name:"Book Title";
-	font-variant:small-caps;
-	text-transform:none;
-	letter-spacing:.5pt;
-	font-weight:bold;}
-p.TOCHeading, li.TOCHeading, div.TOCHeading
-	{mso-style-name:"TOC Heading";
-	margin-top:24.0pt;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:.3in;
-	margin-bottom:.0001pt;
-	text-indent:-.3in;
-	line-height:110%;
-	page-break-after:avoid;
-	font-size:14.0pt;
-	font-family:"Cambria","serif";
-	color:#848057;
-	font-weight:bold;}
-p.PersonalName, li.PersonalName, div.PersonalName
-	{mso-style-name:"Personal Name";
-	margin:0in;
-	margin-bottom:.0001pt;
-	font-size:14.0pt;
-	font-family:"Cambria","serif";
-	color:#A1985A;
-	font-weight:bold;}
-p.PersonalNameCxSpFirst, li.PersonalNameCxSpFirst, div.PersonalNameCxSpFirst
-	{mso-style-name:"Personal NameCxSpFirst";
-	margin:0in;
-	margin-bottom:.0001pt;
-	font-size:14.0pt;
-	font-family:"Cambria","serif";
-	color:#A1985A;
-	font-weight:bold;}
-p.PersonalNameCxSpMiddle, li.PersonalNameCxSpMiddle, div.PersonalNameCxSpMiddle
-	{mso-style-name:"Personal NameCxSpMiddle";
-	margin:0in;
-	margin-bottom:.0001pt;
-	font-size:14.0pt;
-	font-family:"Cambria","serif";
-	color:#A1985A;
-	font-weight:bold;}
-p.PersonalNameCxSpLast, li.PersonalNameCxSpLast, div.PersonalNameCxSpLast
-	{mso-style-name:"Personal NameCxSpLast";
-	margin:0in;
-	margin-bottom:.0001pt;
-	font-size:14.0pt;
-	font-family:"Cambria","serif";
-	color:#A1985A;
-	font-weight:bold;}
-span.MediumGrid2Char
-	{mso-style-name:"Medium Grid 2 Char";
-	mso-style-link:"Medium Grid 2";}
-span.HeaderChar
-	{mso-style-name:"Header Char";
-	mso-style-link:Header;}
-span.FooterChar
-	{mso-style-name:"Footer Char";
-	mso-style-link:Footer;}
-p.Abstract, li.Abstract, div.Abstract
-	{mso-style-name:Abstract;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:0in;
-	font-size:11.0pt;
-	font-family:"Calibri","sans-serif";}
-p.AppendixHeading1, li.AppendixHeading1, div.AppendixHeading1
-	{mso-style-name:AppendixHeading1;
-	mso-style-link:"AppendixHeading1 Char";
-	margin-right:0in;
-	margin-left:.25in;
-	text-indent:-.25in;
-	page-break-before:always;
-	page-break-after:avoid;
-	border:none;
-	padding:0in;
-	font-size:18.0pt;
-	font-family:"Cambria","serif";
-	color:#A1985A;}
-p.AppendixHeading3, li.AppendixHeading3, div.AppendixHeading3
-	{mso-style-name:AppendixHeading3;
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:.5in;
-	text-indent:-.5in;
-	page-break-after:avoid;
-	font-size:13.0pt;
-	font-family:"Cambria","serif";
-	color:#A1985A;}
-p.Titlepageinfo, li.Titlepageinfo, div.Titlepageinfo
-	{mso-style-name:"Title page info";
-	margin:0in;
-	margin-bottom:.0001pt;
-	page-break-after:avoid;
-	font-size:12.0pt;
-	font-family:"Cambria","serif";
-	color:#A1985A;
-	font-weight:bold;}
-p.Titlepageinfodescription, li.Titlepageinfodescription, div.Titlepageinfodescription
-	{mso-style-name:"Title page info description";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:0in;
-	line-height:110%;
-	font-size:11.0pt;
-	font-family:"Calibri","sans-serif";}
-p.TitlepageinfodescriptionCxSpFirst, li.TitlepageinfodescriptionCxSpFirst, div.TitlepageinfodescriptionCxSpFirst
-	{mso-style-name:"Title page info descriptionCxSpFirst";
-	margin:0in;
-	margin-bottom:.0001pt;
-	line-height:110%;
-	font-size:11.0pt;
-	font-family:"Calibri","sans-serif";}
-p.TitlepageinfodescriptionCxSpMiddle, li.TitlepageinfodescriptionCxSpMiddle, div.TitlepageinfodescriptionCxSpMiddle
-	{mso-style-name:"Title page info descriptionCxSpMiddle";
-	margin:0in;
-	margin-bottom:.0001pt;
-	line-height:110%;
-	font-size:11.0pt;
-	font-family:"Calibri","sans-serif";}
-p.TitlepageinfodescriptionCxSpLast, li.TitlepageinfodescriptionCxSpLast, div.TitlepageinfodescriptionCxSpLast
-	{mso-style-name:"Title page info descriptionCxSpLast";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:0in;
-	line-height:110%;
-	font-size:11.0pt;
-	font-family:"Calibri","sans-serif";}
-p.RelatedWork, li.RelatedWork, div.RelatedWork
-	{mso-style-name:"Related Work";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:.25in;
-	text-indent:0in;
-	line-height:110%;
-	font-size:11.0pt;
-	font-family:"Calibri","sans-serif";}
-p.RelatedWorkCxSpFirst, li.RelatedWorkCxSpFirst, div.RelatedWorkCxSpFirst
-	{mso-style-name:"Related WorkCxSpFirst";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:.25in;
-	margin-bottom:.0001pt;
-	text-indent:0in;
-	line-height:110%;
-	font-size:11.0pt;
-	font-family:"Calibri","sans-serif";}
-p.RelatedWorkCxSpMiddle, li.RelatedWorkCxSpMiddle, div.RelatedWorkCxSpMiddle
-	{mso-style-name:"Related WorkCxSpMiddle";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:0in;
-	margin-left:.25in;
-	margin-bottom:.0001pt;
-	text-indent:0in;
-	line-height:110%;
-	font-size:11.0pt;
-	font-family:"Calibri","sans-serif";}
-p.RelatedWorkCxSpLast, li.RelatedWorkCxSpLast, div.RelatedWorkCxSpLast
-	{mso-style-name:"Related WorkCxSpLast";
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:.25in;
-	text-indent:0in;
-	line-height:110%;
-	font-size:11.0pt;
-	font-family:"Calibri","sans-serif";}
-span.Refterm
-	{mso-style-name:"Ref term";
-	font-weight:bold;}
-p.Ref, li.Ref, div.Ref
-	{mso-style-name:Ref;
-	margin-top:2.0pt;
-	margin-right:0in;
-	margin-bottom:2.0pt;
-	margin-left:1.5in;
-	text-indent:-1.25in;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";
-	color:black;}
-p.Notices, li.Notices, div.Notices
-	{mso-style-name:Notices;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:12.0pt;
-	margin-left:0in;
-	page-break-before:always;
-	border:none;
-	padding:0in;
-	font-size:18.0pt;
-	font-family:"Arial","sans-serif";
-	color:#3B006F;
-	font-weight:bold;}
-p.Note, li.Note, div.Note
-	{mso-style-name:Note;
-	margin-top:6.0pt;
-	margin-right:.5in;
-	margin-bottom:6.0pt;
-	margin-left:.5in;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";}
-span.NoteHeadingChar
-	{mso-style-name:"Note Heading Char";
-	mso-style-link:"Note Heading";
-	font-family:"Arial","sans-serif";}
-span.Keyword
-	{mso-style-name:Keyword;
-	font-family:"Courier New";}
-p.Example, li.Example, div.Example
-	{mso-style-name:Example;
-	margin-top:0in;
-	margin-right:.3in;
-	margin-bottom:0in;
-	margin-left:.3in;
-	margin-bottom:.0001pt;
-	background:#E6E6E6;
-	font-size:9.0pt;
-	font-family:"Courier New";}
-p.Examplesmall, li.Examplesmall, div.Examplesmall
-	{mso-style-name:"Example small";
-	margin-top:0in;
-	margin-right:.3in;
-	margin-bottom:0in;
-	margin-left:.3in;
-	margin-bottom:.0001pt;
-	background:#E6E6E6;
-	font-size:8.0pt;
-	font-family:"Courier New";}
-p.Definition, li.Definition, div.Definition
-	{mso-style-name:Definition;
-	margin-top:4.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:.5in;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";}
-p.Definitionterm, li.Definitionterm, div.Definitionterm
-	{mso-style-name:"Definition term";
-	margin-top:4.0pt;
-	margin-right:2.0in;
-	margin-bottom:4.0pt;
-	margin-left:0in;
-	font-size:10.0pt;
-	font-family:"Arial","sans-serif";
-	font-weight:bold;}
-p.Code, li.Code, div.Code
-	{mso-style-name:Code;
-	margin-top:0in;
-	margin-right:.3in;
-	margin-bottom:0in;
-	margin-left:.3in;
-	margin-bottom:.0001pt;
-	background:#D9D9D9;
-	border:none;
-	padding:0in;
-	font-size:9.0pt;
-	font-family:"Courier New";}
-p.Codesmall, li.Codesmall, div.Codesmall
-	{mso-style-name:"Code small";
-	margin-top:0in;
-	margin-right:.3in;
-	margin-bottom:0in;
-	margin-left:.3in;
-	margin-bottom:.0001pt;
-	background:#E6E6E6;
-	border:none;
-	padding:0in;
-	font-size:8.0pt;
-	font-family:"Courier New";}
-p.Heading1WP, li.Heading1WP, div.Heading1WP
-	{mso-style-name:"Heading 1 WP";
-	mso-style-link:"Heading 1 WP Char";
-	margin-top:24.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:.3in;
-	text-indent:-.3in;
-	page-break-before:always;
-	page-break-after:avoid;
-	border:none;
-	padding:0in;
-	font-size:18.0pt;
-	font-family:"Cambria","serif";
-	color:#A1985A;}
-p.Contributor, li.Contributor, div.Contributor
-	{mso-style-name:Contributor;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:0in;
-	line-height:110%;
-	font-size:11.0pt;
-	font-family:"Calibri","sans-serif";}
-p.ContributorCxSpFirst, li.ContributorCxSpFirst, div.ContributorCxSpFirst
-	{mso-style-name:ContributorCxSpFirst;
-	margin:0in;
-	margin-bottom:.0001pt;
-	line-height:110%;
-	font-size:11.0pt;
-	font-family:"Calibri","sans-serif";}
-p.ContributorCxSpMiddle, li.ContributorCxSpMiddle, div.ContributorCxSpMiddle
-	{mso-style-name:ContributorCxSpMiddle;
-	margin:0in;
-	margin-bottom:.0001pt;
-	line-height:110%;
-	font-size:11.0pt;
-	font-family:"Calibri","sans-serif";}
-p.ContributorCxSpLast, li.ContributorCxSpLast, div.ContributorCxSpLast
-	{mso-style-name:ContributorCxSpLast;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:4.0pt;
-	margin-left:0in;
-	line-height:110%;
-	font-size:11.0pt;
-	font-family:"Calibri","sans-serif";}
-p.TOCHeadingWP, li.TOCHeadingWP, div.TOCHeadingWP
-	{mso-style-name:"TOC Heading WP";
-	mso-style-link:"TOC Heading WP Char";
-	margin-top:24.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:0in;
-	page-break-before:always;
-	page-break-after:avoid;
-	border:none;
-	padding:0in;
-	font-size:18.0pt;
-	font-family:"Cambria","serif";
-	color:#A1985A;}
-span.Heading1WPChar
-	{mso-style-name:"Heading 1 WP Char";
-	mso-style-link:"Heading 1 WP";
-	font-family:"Cambria","serif";
-	color:#A1985A;}
-span.TOCHeadingWPChar
-	{mso-style-name:"TOC Heading WP Char";
-	mso-style-link:"TOC Heading WP";
-	font-family:"Cambria","serif";
-	color:#A1985A;}
-p.AppendixHeading2, li.AppendixHeading2, div.AppendixHeading2
-	{mso-style-name:AppendixHeading2;
-	margin-top:12.0pt;
-	margin-right:0in;
-	margin-bottom:6.0pt;
-	margin-left:.4in;
-	text-indent:-.4in;
-	page-break-after:avoid;
-	font-size:14.0pt;
-	font-family:"Cambria","serif";
-	color:#A1985A;}
-span.FootnoteTextChar
-	{mso-style-name:"Footnote Text Char";
-	mso-style-link:"Footnote Text";}
-p.Default, li.Default, div.Default
-	{mso-style-name:Default;
-	margin:0in;
-	margin-bottom:.0001pt;
-	text-autospace:none;
-	font-size:12.0pt;
-	font-family:"Calibri","sans-serif";
-	color:black;}
-p.Table, li.Table, div.Table
-	{mso-style-name:Table;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:2.0pt;
-	margin-left:0in;
-	font-size:12.0pt;
-	font-family:"Times New Roman","serif";}
-p.TableSmallFont, li.TableSmallFont, div.TableSmallFont
-	{mso-style-name:TableSmallFont;
-	margin-top:0in;
-	margin-right:0in;
-	margin-bottom:2.0pt;
-	margin-left:0in;
-	text-align:center;
-	page-break-after:avoid;
-	font-size:8.0pt;
-	font-family:"Times New Roman","serif";}
-span.AppendixHeading1Char
-	{mso-style-name:"AppendixHeading1 Char";
-	mso-style-link:AppendixHeading1;
-	font-family:"Cambria","serif";
-	color:#A1985A;}
-span.MessageHeaderChar
-	{mso-style-name:"Message Header Char";
-	mso-style-link:"Message Header";
-	font-family:"Arial","sans-serif";
-	background:#CCCCCC;}
- /* Page Definitions */
- @page WordSection1
-	{size:8.5in 11.0in;
-	margin:1.0in 1.25in 1.0in 1.25in;}
-div.WordSection1
-	{page:WordSection1;}
-@page WordSection2
-	{size:8.5in 11.0in;
-	margin:1.0in 1.25in 1.0in 1.25in;}
-div.WordSection2
-	{page:WordSection2;}
- /* List Definitions */
- ol
-	{margin-bottom:0in;}
-ul
-	{margin-bottom:0in;}
--->
-</style>
-
-</head>
-
-<body lang=EN-US link=blue vlink=purple>
-
-<div class=WordSection1>
-
-<p class=MsoNormal style='margin-bottom:10.0pt;line-height:115%'><img
-width=192 height=1056 src="pkcs11-ug-v2.40-cn02_files/image001.png" align=left
-hspace=15><img width=153 height=40 id="Picture 1"
-src="pkcs11-ug-v2.40-cn02_files/image002.png"></p>
-
-<p class=MsoNormal style='margin-bottom:10.0pt;line-height:115%'><span
-class=TitleChar><span style='font-size:24.0pt;line-height:115%'>PKCS #11
-Cryptographic Token Interface Usage Guide Version 2.40</span></span></p>
-
-<p class=MsoSubtitle>Committee Note 02</p>
-
-<p class=MsoSubtitle>16 November 2014</p>
-
-<p class=Titlepageinfo><span style='font-size:14.0pt'>Specification URIs</span></p>
-
-<p class=Titlepageinfo>This version:</p>
-
-<p class=TitlepageinfodescriptionCxSpFirst><span class=MsoHyperlink><span
-style='text-decoration:none'><a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/cn02/pkcs11-ug-v2.40-cn02.doc"><span
-style='text-decoration:none'>http://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/cn02/pkcs11-ug-v2.40-cn02.doc</span></a>
-</span></span><span class=MsoHyperlink><span style='color:windowtext;
-text-decoration:none'>(Authoritative)</span></span></p>
-
-<p class=TitlepageinfodescriptionCxSpMiddle><span class=MsoHyperlink><span
-style='text-decoration:none'><a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/cn02/pkcs11-ug-v2.40-cn02.html"><span
-style='text-decoration:none'>http://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/cn02/pkcs11-ug-v2.40-cn02.html</span></a></span></span></p>
-
-<p class=TitlepageinfodescriptionCxSpLast><span class=MsoHyperlink><span
-style='text-decoration:none'><a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/cn02/pkcs11-ug-v2.40-cn02.pdf"><span
-style='text-decoration:none'>http://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/cn02/pkcs11-ug-v2.40-cn02.pdf</span></a></span></span></p>
-
-<p class=Titlepageinfo>Previous version:</p>
-
-<p class=TitlepageinfodescriptionCxSpFirst><span style='color:blue'><a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/cn01/pkcs11-ug-v2.40-cn01.doc"><span
-style='text-decoration:none'>http://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/cn01/pkcs11-ug-v2.40-cn01.doc</span></a>
-</span>(Authoritative)</p>
-
-<p class=TitlepageinfodescriptionCxSpMiddle><span style='color:blue'><a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/cn01/pkcs11-ug-v2.40-cn01.html"><span
-style='text-decoration:none'>http://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/cn01/pkcs11-ug-v2.40-cn01.html</span></a></span></p>
-
-<p class=TitlepageinfodescriptionCxSpLast><span style='color:blue'><a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/cn01/pkcs11-ug-v2.40-cn01.pdf"><span
-style='text-decoration:none'>http://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/cn01/pkcs11-ug-v2.40-cn01.pdf</span></a></span></p>
-
-<p class=Titlepageinfo>Latest version:</p>
-
-<p class=TitlepageinfodescriptionCxSpFirst><span style='color:blue'><a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/pkcs11-ug-v2.40.doc"><span
-style='text-decoration:none'>http://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/pkcs11-ug-v2.40.doc</span></a>
-</span>(Authoritative)</p>
-
-<p class=TitlepageinfodescriptionCxSpMiddle><span style='color:blue'><a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/pkcs11-ug-v2.40.html"><span
-style='text-decoration:none'>http://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/pkcs11-ug-v2.40.html</span></a></span></p>
-
-<p class=TitlepageinfodescriptionCxSpLast><span style='color:blue'><a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/pkcs11-ug-v2.40.pdf"><span
-style='text-decoration:none'>http://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/pkcs11-ug-v2.40.pdf</span></a></span></p>
-
-<p class=Titlepageinfo>Technical Committee:</p>
-
-<p class=Titlepageinfodescription><a
-href="https://www.oasis-open.org/committees/pkcs11/"><span style='text-decoration:
-none'>OASIS PKCS 11 TC</span></a></p>
-
-<p class=Titlepageinfo>Chairs:</p>
-
-<p class=ContributorCxSpFirst>Robert Griffin (<a
-href="mailto:robert.griffin@rsa.com"><span style='text-decoration:none'>robert.griffin@rsa.com</span></a>),
-<a href="http://www.emc.com/"><span style='text-decoration:none'>EMC
-Corporation</span></a></p>
-
-<p class=ContributorCxSpLast>Valerie Fenwick (<a
-href="mailto:valerie.fenwick@oracle.com"><span style='text-decoration:none'>valerie.fenwick@oracle.com</span></a>),
-<a href="http://www.oracle.com/"><span style='text-decoration:none'>Oracle</span></a></p>
-
-<p class=Titlepageinfo>Editors:</p>
-
-<p class=ContributorCxSpFirst>John Leiseboer (<a
-href="mailto:jl@quintessencelabs.com"><span style='text-decoration:none'>jl@quintessencelabs.com</span></a>),
-<a href="http://www.quintessencelabs.com/"><span style='text-decoration:none'>QuintessenceLabs
-Pty Ltd.</span></a></p>
-
-<p class=ContributorCxSpLast>Robert Griffin (<a
-href="mailto:robert.griffin@rsa.com"><span style='text-decoration:none'>robert.griffin@rsa.com</span></a>),
-<a href="http://www.emc.com/"><span style='text-decoration:none'>EMC
-Corporation</span></a></p>
-
-<p class=Titlepageinfo>Related work:</p>
-
-<p class=RelatedWorkCxSpFirst style='margin-left:0in;text-indent:0in'>This document
-is related to:</p>
-
-<p class=RelatedWorkCxSpMiddle><span style='font-family:Symbol'>·<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><i>PKCS #11 Cryptographic Token Interface Base Specification
-Version 2.40</i>. Edited by Susan Gleeson and Chris Zimman. Latest version. <a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html"><span
-style='text-decoration:none'>http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html</span></a>.</p>
-
-<p class=RelatedWorkCxSpMiddle><span style='font-family:Symbol'>·<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><i>PKCS #11 Cryptographic Token Interface Current Mechanisms
-Specification Version 2.40</i>. Edited by Susan Gleeson and Chris Zimman.
-Latest version. <a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/pkcs11-curr-v2.40.html"><span
-style='text-decoration:none'>http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/pkcs11-curr-v2.40.html</span></a>.</p>
-
-<p class=RelatedWorkCxSpMiddle><span style='font-family:Symbol'>·<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><i>PKCS #11 Cryptographic Token Interface Historical Mechanisms
-Specification Version 2.40</i>. Edited by Susan Gleeson and Chris Zimman.
-Latest version. <a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-hist/v2.40/pkcs11-hist-v2.40.html"><span
-style='text-decoration:none'>http://docs.oasis-open.org/pkcs11/pkcs11-hist/v2.40/pkcs11-hist-v2.40.html</span></a>.</p>
-
-<p class=RelatedWorkCxSpLast><span style='font-family:Symbol'>·<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><i>PKCS #11 Cryptographic Token Interface Profiles Version 2.40</i>.
-Edited by Tim Hudson. Latest version. <a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-profiles/v2.40/pkcs11-profiles-v2.40.html"><span
-style='text-decoration:none'>http://docs.oasis-open.org/pkcs11/pkcs11-profiles/v2.40/pkcs11-profiles-v2.40.html</span></a>.</p>
-
-<p class=Titlepageinfo>Abstract:</p>
-
-<p class=Abstract>This document provides guidance on using PKCS #11 Version
-2.40.</p>
-
-<p class=Titlepageinfo>Status:</p>
-
-<p class=Titlepageinfodescription>This document was last revised or approved by
-the OASIS PKCS 11 TC on the above date. The level of approval is also listed
-above. Check the “Latest version” location noted above for possible later
-revisions of this document.</p>
-
-<p class=TitlepageinfodescriptionCxSpLast>Technical Committee members should
-send comments on this document to the Technical Committee’s email list. Others
-should send comments to the Technical Committee by using the “<span
-class=MsoHyperlink><span style='text-decoration:none'><a
-href="https://www.oasis-open.org/committees/comments/index.php?wg_abbrev=pkcs11"><span
-style='text-decoration:none'>Send A Comment</span></a></span></span>” button on
-the Technical Committee’s web page at <span class=MsoHyperlink><span
-style='text-decoration:none'><a
-href="https://www.oasis-open.org/committees/pkcs11/"><span style='text-decoration:
-none'>https://www.oasis-open.org/committees/pkcs11/</span></a>.</span></span></p>
-
-<p class=Titlepageinfo>Citation format:</p>
-
-<p class=Titlepageinfodescription>When referencing this document the following
-citation format should be used:</p>
-
-<p class=Abstract><span class=Refterm>[PKCS11-UG-v2.40]</span></p>
-
-<p class=Abstract><i>PKCS #11 Cryptographic Token Interface Usage Guide Version
-2.40.</i> Edited by John Leiseboer and Robert Griffin. 16 November 2014. OASIS
-Committee Note 02. <a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/cn02/pkcs11-ug-v2.40-cn02.html"><span
-style='text-decoration:none'>http://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/cn02/pkcs11-ug-v2.40-cn02.html</span></a>.
-Latest version: <a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/pkcs11-ug-v2.40.html"><span
-style='text-decoration:none'>http://docs.oasis-open.org/pkcs11/pkcs11-ug/v2.40/pkcs11-ug-v2.40.html</span></a>.</p>
-
-<p class=Abstract>&nbsp;</p>
-
-<p class=Abstract>&nbsp;</p>
-
-<p class=MsoNormal>Copyright © OASIS Open 2014.  All Rights Reserved.</p>
-
-<p class=MsoNormal>All capitalized terms in the following text have the
-meanings assigned to them in the OASIS Intellectual Property Rights Policy (the
-&quot;OASIS IPR Policy&quot;). The full <a
-href="https://www.oasis-open.org/policies-guidelines/ipr">Policy</a> may be
-found at the OASIS website.</p>
-
-<p class=MsoNormal>This document and translations of it may be copied and
-furnished to others, and derivative works that comment on or otherwise explain
-it or assist in its implementation may be prepared, copied, published, and
-distributed, in whole or in part, without restriction of any kind, provided
-that the above copyright notice and this section are included on all such
-copies and derivative works. However, this document itself may not be modified
-in any way, including by removing the copyright notice or references to OASIS,
-except as needed for the purpose of developing any document or deliverable
-produced by an OASIS Technical Committee (in which case the rules applicable to
-copyrights, as set forth in the OASIS IPR Policy, must be followed) or as
-required to translate it into languages other than English.</p>
-
-<p class=MsoNormal>The limited permissions granted above are perpetual and will
-not be revoked by OASIS or its successors or assigns.</p>
-
-<p class=MsoNormal>This document and the information contained herein is
-provided on an &quot;AS IS&quot; basis and OASIS DISCLAIMS ALL WARRANTIES,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
-THE INFORMATION HEREIN WILL NOT INFRINGE ANY OWNERSHIP RIGHTS OR ANY IMPLIED
-WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.</p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<div style='border:none;border-top:solid #A1985A 1.0pt;padding:6.0pt 0in 0in 0in'>
-
-<p class=TOCHeadingWP>Table of Contents</p>
-
-</div>
-
-<p class=MsoToc1><a name="_Toc287337061"></a><a name="_Toc287336978"></a><a
-name="_Toc287336977"></a><a href="#_Toc406759974">1<span style='color:windowtext;
-text-decoration:none'>       </span>Introduction<span style='color:windowtext;
-display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>6</span></a></p>
-
-<p class=MsoToc2><a href="#_Toc406759976">1.1 Description of this Document<span
-style='color:windowtext;display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>6</span></a></p>
-
-<p class=MsoToc2><a href="#_Toc406759977">1.2 Terminology<span
-style='color:windowtext;display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>6</span></a></p>
-
-<p class=MsoToc2><a href="#_Toc406759978">1.3 References (normative)<span
-style='color:windowtext;display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>6</span></a></p>
-
-<p class=MsoToc2><a href="#_Toc406759979">1.4 References (non-normative)<span
-style='color:windowtext;display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>6</span></a></p>
-
-<p class=MsoToc1><a href="#_Toc406759980">2<span style='color:windowtext;
-text-decoration:none'>       </span>General overview<span style='color:windowtext;
-display:none;text-decoration:none'>.. </span><span
-style='color:windowtext;display:none;text-decoration:none'>8</span></a></p>
-
-<p class=MsoToc2><a href="#_Toc406759981">2.1 Introduction<span
-style='color:windowtext;display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>8</span></a></p>
-
-<p class=MsoToc2><a href="#_Toc406759982">2.2 General model<span
-style='color:windowtext;display:none;text-decoration:none'> </span><span
-style='color:windowtext;display:none;text-decoration:none'>8</span></a></p>
-
-<p class=MsoToc2><a href="#_Toc406759983">2.3 Logical view of a token<span
-style='color:windowtext;display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>10</span></a></p>
-
-<p class=MsoToc2><a href="#_Toc406759984">2.4 Users<span style='color:windowtext;
-display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>11</span></a></p>
-
-<p class=MsoToc2><a href="#_Toc406759985">2.5 Applications and their use of
-Cryptoki<span style='color:windowtext;display:none;text-decoration:none'> </span><span
-style='color:windowtext;display:none;text-decoration:none'>12</span></a></p>
-
-<p class=MsoToc3><a href="#_Toc406759986">2.5.1 General Guidance<span
-style='color:windowtext;display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>12</span></a></p>
-
-<p class=MsoToc3><a href="#_Toc406759987">2.5.2 Applications and processes<span
-style='color:windowtext;display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>12</span></a></p>
-
-<p class=MsoToc3><a href="#_Toc406759988">2.5.3 Applications and threads<span
-style='color:windowtext;display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>12</span></a></p>
-
-<p class=MsoToc2><a href="#_Toc406759989">2.6 Sessions<span style='color:windowtext;
-display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>13</span></a></p>
-
-<p class=MsoToc3><a href="#_Toc406759990">2.6.1 General Guidance<span
-style='color:windowtext;display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>13</span></a></p>
-
-<p class=MsoToc3><a href="#_Toc406759991">2.6.2 Read-only session states<span
-style='color:windowtext;display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>14</span></a></p>
-
-<p class=MsoToc3><a href="#_Toc406759992">2.6.3 Read/write session states<span
-style='color:windowtext;display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>15</span></a></p>
-
-<p class=MsoToc3><a href="#_Toc406759993">2.6.4 Permitted object accesses by
-sessions<span style='color:windowtext;display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>16</span></a></p>
-
-<p class=MsoToc3><a href="#_Toc406759994">2.6.5 Session events<span
-style='color:windowtext;display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>16</span></a></p>
-
-<p class=MsoToc3><a href="#_Toc406759995">2.6.6 Session handles and object
-handles<span style='color:windowtext;display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>17</span></a></p>
-
-<p class=MsoToc3><a href="#_Toc406759996">2.6.7 Capabilities of sessions<span
-style='color:windowtext;display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>17</span></a></p>
-
-<p class=MsoToc3><a href="#_Toc406759997">2.6.8 Example of use of sessions<span
-style='color:windowtext;display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>18</span></a></p>
-
-<p class=MsoToc1><a href="#_Toc406759998">3<span style='color:windowtext;
-text-decoration:none'>       </span>Security considerations<span
-style='color:windowtext;display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>21</span></a></p>
-
-<p class=MsoToc2><a href="#_Toc406759999">3.1 General Guidance<span
-style='color:windowtext;display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>21</span></a></p>
-
-<p class=MsoToc2><a href="#_Toc406760000">3.2 Padded Oracle Attacks<span
-style='color:windowtext;display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>22</span></a></p>
-
-<p class=MsoToc1><a href="#_Toc406760001">4<span style='color:windowtext;
-text-decoration:none'>       </span>Cryptoki tips and reminders<span
-style='color:windowtext;display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>23</span></a></p>
-
-<p class=MsoToc2><a href="#_Toc406760002">4.1 Operations, sessions, and threads<span
-style='color:windowtext;display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>23</span></a></p>
-
-<p class=MsoToc2><a href="#_Toc406760003">4.2 Multiple Application Access
-Behavior<span style='color:windowtext;display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>23</span></a></p>
-
-<p class=MsoToc2><a href="#_Toc406760004">4.3 Objects, attributes, and
-templates<span style='color:windowtext;display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>24</span></a></p>
-
-<p class=MsoToc2><a href="#_Toc406760005">4.4 Signing with recovery<span
-style='color:windowtext;display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>24</span></a></p>
-
-<p class=MsoToc1><a href="#_Toc406760006">5<span style='color:windowtext;
-text-decoration:none'>       </span>Comparison of Cryptoki and other APIs<span
-style='color:windowtext;display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>25</span></a></p>
-
-<p class=MsoToc2><a href="#_Toc406760007">5.1 FORTEZZA CIPG<span
-style='color:windowtext;display:none;text-decoration:none'>.. </span><span
-style='color:windowtext;display:none;text-decoration:none'>25</span></a></p>
-
-<p class=MsoToc2><a href="#_Toc406760008">5.2 GCS-API<span style='color:windowtext;
-display:none;text-decoration:none'> </span><span
-style='color:windowtext;display:none;text-decoration:none'>26</span></a></p>
-
-<p class=MsoToc1><a href="#_Toc406760009">6<span style='color:windowtext;
-text-decoration:none'>       </span>Deprecated PKCS #11 Functionality<span
-style='color:windowtext;display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>28</span></a></p>
-
-<p class=MsoToc2><a href="#_Toc406760010">6.1 Secondary authentication
-(Deprecated)<span style='color:windowtext;display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>28</span></a></p>
-
-<p class=MsoToc2><a href="#_Toc406760011">6.2 Method for Exposing Multiple-PINs
-on a Token Through Cryptoki (deprecated)<span style='color:windowtext;
-display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>28</span></a></p>
-
-<p class=MsoToc2><a href="#_Toc406760012">6.3 Non-Normative Token Profiles<span
-style='color:windowtext;display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>28</span></a></p>
-
-<p class=MsoToc3><a href="#_Toc406760013">6.3.1 Description of this Section<span
-style='color:windowtext;display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>28</span></a></p>
-
-<p class=MsoToc3><a href="#_Toc406760014">6.3.2 Government authentication-only<span
-style='color:windowtext;display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>29</span></a></p>
-
-<p class=MsoToc3><a href="#_Toc406760015">6.3.3 Cellular Digital Packet Data<span
-style='color:windowtext;display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>29</span></a></p>
-
-<p class=MsoToc3><a href="#_Toc406760016">6.3.4 Other profiles<span
-style='color:windowtext;display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>29</span></a></p>
-
-<p class=MsoToc1><a href="#_Toc406760017">Appendix A.<span style='color:windowtext;
-text-decoration:none'>    </span>Acknowledgments<span style='color:windowtext;
-display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>30</span></a></p>
-
-<p class=MsoToc1><a href="#_Toc406760018">Appendix B.<span style='color:windowtext;
-text-decoration:none'>     </span>Revision History<span style='color:windowtext;
-display:none;text-decoration:none'>. </span><span
-style='color:windowtext;display:none;text-decoration:none'>32</span></a></p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-</div>
-
-<span style='font-size:11.0pt;line-height:110%;font-family:"Calibri","sans-serif"'><br
-clear=all style='page-break-before:auto'>
-</span>
-
-<div class=WordSection2>
-
-<div style='border:none;border-top:solid #A1985A 1.0pt;padding:6.0pt 0in 0in 0in'>
-
-<p class=Heading1WP><a name="_Toc406759974"></a><a name="_Toc386027470"></a><a
-name="_Toc380217959">1<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span>Introduction</a></p>
-
-</div>
-
-<h2><a name="_Toc287337062"></a><a name="_Toc287336979"></a><a
-name="_Toc406759976"></a><a name="_Toc386027471"></a><a name="_Toc380217960">1.1
-Description of this Document</a> </h2>
-
-<p class=Default><span style='font-size:11.0pt'>This <u>PKCS #11 Cryptographic
-Token Interface Usage Guide</u> Version 2.40 is intended to complement <b>[PKCS11-Base],
- [PKCS11-Curr], [PKCS11-Hist] </b>and<b> [PKCS11-Prof]  </b>by providing
-guidance on how to implement the PKCS #11 interface most effectively. In
-particular, it includes the following guidance: </span></p>
-
-<p class=Default><span style='font-size:11.0pt'>&nbsp;</span></p>
-
-<p class=Default style='margin-top:0in;margin-right:0in;margin-bottom:3.5pt;
-margin-left:.5in;text-indent:-.25in'><span style='font-size:11.0pt;font-family:
-Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-size:11.0pt'>General overview information and clarification
-of assumptions and requirements that drive or influence the design of PKCS #11
-and the implementation of PKCS #11-compliant solutions. </span></p>
-
-<p class=Default style='margin-top:0in;margin-right:0in;margin-bottom:3.5pt;
-margin-left:.5in;text-indent:-.25in'><span style='font-size:11.0pt;font-family:
-Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-size:11.0pt'>Specific recommendations for
-implementation of particular PKCS #11 functionality. </span></p>
-
-<p class=Default style='margin-left:.5in;text-indent:-.25in'><span
-style='font-size:11.0pt;font-family:Symbol'>·<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span><span style='font-size:11.0pt'>Functionality considered for
-inclusion in PKCS #11 V2.40, but deferred to subsequent versions of the
-standard.</span></p>
-
-<p class=Default><span style='font-size:11.0pt'>&nbsp;</span></p>
-
-<p class=Default><span style='font-size:11.0pt'>Guidance regarding conformant
-PKCS #11 implementations is provided in [<b>PKCS11-Prof</b>].  </span></p>
-
-<h2><a name="_Toc406759977"></a><a name="_Toc386027472"></a><a
-name="_Toc380217961">1.2 Terminology</a></h2>
-
-<p class=MsoNormal>For a list of terminologies refer to <b>[PKCS11-Spec]</b>.</p>
-
-<h2><a name="_Toc406759978"></a><a name="_Toc386027473"></a><a
-name="_Toc380217962">1.3 References (normative)</a></h2>
-
-<p class=MsoNormal>This is a non-standars track document and does not contain
-normative references.</p>
-
-<h2><a name="_Toc406759979"></a><a name="_Toc386027474"></a><a
-name="_Toc380217963">1.4 References</a> (non-normative)</h2>
-
-<p class=Ref><b><span style='color:#3B006F'>&nbsp;</span></b></p>
-
-<p class=Ref><b><span lang=IT style='color:#3B006F'>[FORTEZZA]</span></b><span
-class=Refterm><span lang=IT style='font-weight:normal'>           </span></span><i><span
-lang=IT>FORTEZZA CIPG Application Programming Interface</span></i><span
-lang=IT> </span><a href="http://cryptome.org/jya/fortezza.htm"><span lang=IT
-style='text-decoration:none'>http://cryptome.org/jya/fortezza.htm</span></a><span
-lang=IT>.</span></p>
-
-<p class=Ref><b><span style='color:#3B006F'>[GCS-API]</span></b><span
-class=Refterm><span style='font-weight:normal'>               </span></span><i>Generic
-Cryptographic Service API Base (GCS-API). X/Open Preliminary Specifications.
-June 1996.</i> <a
-href="http://archive.opengroup.org/publications/archive/CDROM/p442.pdf"><span
-style='text-decoration:none'>http://archive.opengroup.org/publications/archive/CDROM/p442.pdf</span></a>.</p>
-
-<p class=Ref><b><span style='color:#3B006F'>[PKCS11-Base]</span></b><span
-class=Refterm><span style='font-weight:normal'>       </span></span><i>PKCS #11
-Cryptographic Token Interface Base Specification Version 2.40</i>. Edited by
-Susan Gleeson and Chris Zimman. Latest version. <a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html"><span
-style='text-decoration:none'>http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html</span></a>.</p>
-
-<p class=Ref><b><span style='color:#3B006F'>[PKCS11-Curr]</span></b><span
-class=Refterm><span style='font-weight:normal'>        </span></span><i>PKCS
-#11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40</i>.
-Edited by Susan Gleeson and Chris Zimman. Latest version. <a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/pkcs11-curr-v2.40.html"><span
-style='text-decoration:none'>http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/pkcs11-curr-v2.40.html</span></a>.</p>
-
-<p class=Ref><b><span style='color:#3B006F'>[PKCS11-Hist]</span></b><span
-class=Refterm><span style='font-weight:normal'>         </span></span><i>PKCS
-#11 Cryptographic Token Interface Historical Mechanisms Specification Version
-2.40</i>. Edited by Susan Gleeson and Chris Zimman. Latest version. <a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-hist/v2.40/pkcs11-hist-v2.40.html"><span
-style='text-decoration:none'>http://docs.oasis-open.org/pkcs11/pkcs11-hist/v2.40/pkcs11-hist-v2.40.html</span></a>.</p>
-
-<p class=Ref><b><span style='color:#3B006F'>[PKCS11-Prof]</span></b><span
-class=Refterm><span style='font-weight:normal'>        </span></span><i>PKCS
-#11 Cryptographic Token Interface Profiles Version 2.40</i>. Edited by Tim
-Hudson. Latest version. <a
-href="http://docs.oasis-open.org/pkcs11/pkcs11-profiles/v2.40/pkcs11-profiles-v2.40.html"><span
-style='text-decoration:none'>http://docs.oasis-open.org/pkcs11/pkcs11-profiles/v2.40/pkcs11-profiles-v2.40.html</span></a>.</p>
-
-<p class=Ref><b><span style='color:#3B006F'>[PKCS11_V2.11]     </span></b><span
-style='color:#3B006F'>PKCS #11 Cryptographic Token Interface Standard Version
-2.11, Revision 1. November 2001. </span><a
-href="ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v211/pkcs-11v2-11r1.doc"><span
-style='text-decoration:none'>ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v211/pkcs-11v2-11r1.doc</span></a><span
-style='color:#3B006F'>.</span></p>
-
-<p class=Ref>&nbsp;</p>
-
-<div style='border:none;border-top:solid #A1985A 1.0pt;padding:6.0pt 0in 0in 0in'>
-
-<p class=Heading1WP><a name="_Toc406759980"></a><a name="_Toc386027475"></a><a
-name="_Toc380217964"></a><a name="_Toc356917275"></a><a name="_Toc235002205"></a><a
-name="_Toc72655991">2<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span>General overview</a></p>
-
-</div>
-
-<h2 style='margin-top:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:
-0in;text-align:justify;text-indent:0in'><a name="_Toc72655992"></a><a
-name="_Toc405794609"></a><a name="_Toc385057788"></a><a name="_Toc383864801"></a><a
-name="_Toc323610790"></a><a name="_Toc323205361"></a><a name="_Toc323024030"></a><a
-name="_Toc323000670"></a><a name="_Toc322945057"></a><a name="_Toc322855261"></a><a
-name="_Toc319315665"></a><a name="_Toc319313672"></a><a name="_Toc319313479"></a><a
-name="_Toc319287638"></a><a name="_Toc406759981"></a><a name="_Toc386027476"></a><a
-name="_Toc380217965"></a><a name="_Toc356917276"></a><a name="_Toc235002206">2.1
-Introduction</a></h2>
-
-<p class=MsoNormal>Portable computing devices such as smart cards, PCMCIA
-cards, and smart diskettes are ideal tools for implementing public-key
-cryptography, as they provide a way to store the private-key component of a
-public-key/private-key pair securely, under the control of a single user.  With
-such a device, a cryptographic application, rather than performing
-cryptographic operations itself, utilizes the device to perform the operations,
-with sensitive information such as private keys never being revealed.  As more
-applications are developed for public-key cryptography, a standard programming
-interface for these devices becomes increasingly valuable.  This standard
-addresses this and other needs.</p>
-
-<h2 style='margin-top:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:
-0in;text-align:justify;text-indent:0in'><a name="_Toc406759982"></a><a
-name="_Toc386027477"></a><a name="_Toc380217966"></a><a name="_Toc356917278"></a><a
-name="_Toc235002208"></a><a name="_Toc72655993"></a><a name="_Toc405794610"></a><a
-name="_Toc385057789"></a><a name="_Toc383864802"></a><a name="_Toc323610791"></a><a
-name="_Toc323205362"></a><a name="_Toc323024031"></a><a name="_Toc323000671"></a><a
-name="_Toc322945058"></a><a name="_Toc322855262"></a><a name="_Toc319315666"></a><a
-name="_Toc319313673"></a><a name="_Toc319313480"></a><a name="_Toc319287639">2.2
-General model</a></h2>
-
-<p class=MsoNormal>Cryptoki's general model is illustrated in the following
-figure. The model begins with one or more applications that need to perform
-certain cryptographic operations, and ends with one or more cryptographic
-devices, on which some or all of the operations are actually performed.  A user
-may or may not be associated with an application.</p>
-
-<p class=MsoNormal style='page-break-after:avoid'><img border=0 width=576
-height=420 src="pkcs11-ug-v2.40-cn02_files/image003.png"></p>
-
-<p class=MsoCaption><a name="_Toc225305925"><span style='font-family:"Arial","sans-serif";
-font-variant:normal !important;text-transform:uppercase'>Figure </span></a><span
-style='font-family:"Arial","sans-serif";font-variant:normal !important;
-text-transform:uppercase'>1</span><span style='font-family:"Arial","sans-serif";
-font-variant:normal !important;text-transform:uppercase'>: General Cryptoki
-Model</span></p>
-
-<p class=MsoNormal>Cryptoki provides an interface to one or more cryptographic
-devices that are active in the system through a number of “slots”.  Each slot,
-which corresponds to a physical reader or other device interface, may contain a
-token.  A token is typically “present in the slot” when a cryptographic device
-is present in the reader.  Of course, since Cryptoki provides a logical view of
-slots and tokens, there may be other physical interpretations.  It is possible
-that multiple slots may share the same physical reader.  The point is that a
-system has some number of slots, and applications can connect to tokens in any
-or all of those slots.</p>
-
-<p class=MsoNormal>A cryptographic device can perform some cryptographic
-operations, following a certain command set; these commands are typically
-passed through standard device drivers, for instance PCMCIA card services or
-socket services.  Cryptoki makes each cryptographic device look logically like
-every other device, regardless of the implementation technology.  Thus the
-application need not interface directly to the device drivers (or even know
-which ones are involved); Cryptoki hides these details.  Indeed, the underlying
-“device” may be implemented entirely in software (for instance, as a process
-running on a server)—no special hardware is necessary.</p>
-
-<p class=MsoNormal><a name="_Toc319315667"></a><a name="_Toc319313674"></a><a
-name="_Toc319313481"></a><a name="_Toc319287640">Cryptoki is likely to be
-implemented as a library supporting the functions in the interface, and
-applications will be linked to the library.  An application may be linked to
-Cryptoki directly; alternatively, Cryptoki can be a so-called “shared” library
-(or dynamic link library), in which case the application would link the library
-dynamically.  Shared libraries are fairly straightforward to produce in
-operating systems such as Microsoft Windows and OS/2, and can be achieved
-without too much difficulty in UNIX and DOS systems.</a></p>
-
-<p class=MsoNormal>The dynamic approach certainly has advantages as new
-libraries are made available, but from a security perspective, there are some
-drawbacks.  In particular, if a library is easily replaced, then there is the
-possibility that an attacker can substitute a rogue library that intercepts a
-user’s PIN.  From a security perspective, therefore, direct linking is
-generally preferable, although code-signing techniques can prevent many of the
-security risks of dynamic linking.  In any case, whether the linking is direct
-or dynamic, the programming interface between the application and a Cryptoki
-library remains the same.</p>
-
-<p class=MsoNormal>The kinds of devices and capabilities supported will depend
-on the particular Cryptoki library.  This standard specifies only the interface
-to the library, not its features.  In particular, not all libraries will
-support all the mechanisms (algorithms) defined in this interface (since not
-all tokens are expected to support all the mechanisms), and libraries will
-likely support only a subset of all the kinds of cryptographic devices that are
-available.  (The more kinds, the better, of course, and it is anticipated that
-libraries will be developed supporting multiple kinds of token, rather than
-just those from a single vendor.) It is expected that as applications are
-developed that interface to Cryptoki, standard library and token “profiles”
-will emerge.</p>
-
-<h2 style='margin-top:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:
-0in;text-align:justify;text-indent:0in'><a name="_Toc406759983"></a><a
-name="_Toc386027478"></a><a name="_Toc380217967"></a><a name="_Toc356917279"></a><a
-name="_Toc235002209"></a><a name="_Toc72655994"></a><a name="_Toc405794611"></a><a
-name="_Toc385057790"></a><a name="_Toc383864803"></a><a name="_Toc323610792"></a><a
-name="_Toc323205363"></a><a name="_Toc323024032"></a><a name="_Toc323000672"></a><a
-name="_Toc322945059"></a><a name="_Toc322855263">2.3 Logical view of a token</a></h2>
-
-<p class=MsoNormal>Cryptoki’s logical view of a token is a device that stores
-objects and can perform cryptographic functions.  Cryptoki defines three
-classes of object:  data, certificates, and keys. A data object is defined by
-an application. A certificate object stores a certificate. A key object stores
-a cryptographic key. The key may be a public key, a private key, or a secret
-key; each of these types of keys has subtypes for use in specific mechanisms. 
-This view is illustrated in the following figure:</p>
-
-<p class=MsoNormal style='page-break-after:avoid'><img border=0 width=576
-height=192 src="pkcs11-ug-v2.40-cn02_files/image004.png"></p>
-
-<p class=MsoCaption><a name="_Toc225305926"><span style='font-family:"Arial","sans-serif";
-font-variant:normal !important;text-transform:uppercase'>Figure </span></a><span
-style='font-family:"Arial","sans-serif";font-variant:normal !important;
-text-transform:uppercase'>2</span><span style='font-family:"Arial","sans-serif";
-font-variant:normal !important;text-transform:uppercase'>: Object Hierarchy</span></p>
-
-<p class=MsoNormal>Objects are also classified according to their lifetime and
-visibility.  “Token objects” are visible to all applications connected to the
-token that have sufficient permission, and remain on the token even after the
-“sessions” (connections between an application and the token) are closed and
-the token is removed from its slot.  “Session objects” are more temporary:
-whenever a session is closed by any means, all session objects created by that
-session are automatically destroyed.  In addition, session objects are only
-visible to the application which created them.</p>
-
-<p class=MsoNormal>Further classification defines access requirements. 
-Applications are not required to log into the token to view “public objects”;
-however, to view “private objects”, a user must be authenticated to the token
-by a PIN or some other token-dependent method (for example, a biometric
-device)..A token can create and destroy objects, manipulate them, and search
-for them.  It can also perform cryptographic functions with objects.  A token
-may have an internal random number generator.</p>
-
-<p class=MsoNormal>It is important to distinguish between the logical view of a
-token and the actual implementation, because not all cryptographic devices will
-have this concept of “objects,” or be able to perform every kind of
-cryptographic function.  Many devices will simply have fixed storage places for
-keys of a fixed algorithm, and be able to do a limited set of operations. 
-Cryptoki's role is to translate this into the logical view, mapping attributes
-to fixed storage elements and so on. Not all Cryptoki libraries and tokens need
-to support every object type.  It is expected that standard “profiles” will be
-developed, specifying sets of algorithms to be supported.</p>
-
-<p class=MsoNormal>“Attributes” are characteristics that distinguish an
-instance of an object.  In Cryptoki, there are general attributes, such as
-whether the object is private or public.  There are also attributes that are
-specific to a particular type of object, such as a modulus or exponent for RSA
-keys.</p>
-
-<h2 style='margin-top:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:
-0in;text-align:justify;text-indent:0in'><a name="_Toc406759984"></a><a
-name="_Toc386027479"></a><a name="_Toc380217968"></a><a name="_Toc356917280"></a><a
-name="_Toc235002210"></a><a name="_Toc72655995"></a><a name="_Toc405794612"></a><a
-name="_Toc385057791"></a><a name="_Toc383864804"></a><a name="_Toc323610793"></a><a
-name="_Toc323205364"></a><a name="_Ref323103126"></a><a name="_Toc323024033"></a><a
-name="_Toc323000673"></a><a name="_Toc322945066"></a><a name="_Toc322855264"></a><a
-name="_Toc319315671"></a><a name="_Toc319313678"></a><a name="_Toc319313485"></a><a
-name="_Toc319287644">2.4 Users</a></h2>
-
-<p class=MsoNormal>This version of Cryptoki recognizes two token user types. 
-One type is a Security Officer (SO).  The other type is the normal user. Only
-the normal user is allowed access to private objects on the token, and that
-access is granted only after the normal user has been authenticated.  Some
-tokens may also require that a user be authenticated before any cryptographic
-function can be performed on the token, whether or not it involves private
-objects. The role of the SO is to initialize a token and to set the normal
-user’s PIN (or otherwise define, by some method outside the scope of this
-version of Cryptoki, how the normal user may be authenticated), and possibly to
-manipulate some public objects.  The normal user cannot log in until the SO has
-set the normal user’s PIN.</p>
-
-<p class=MsoNormal>Other than the support for two types of user, Cryptoki does
-not address the relationship between the SO and a community of users.  In
-particular, the SO and the normal user may be the same person or may be
-different, but such matters are outside the scope of this standard.</p>
-
-<p class=MsoNormal>With respect to PINs that are entered through an
-application, Cryptoki assumes only that they are variable-length strings of
-characters from the set in [PKCS11-BASE] Table 3.  Any translation to the
-device’s requirements is left to the Cryptoki library. The following issues are
-beyond the scope of Cryptoki:</p>
-
-<p class=MsoListBullet><span style='font-family:Symbol'>·<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>Any padding of PINs.</p>
-
-<p class=MsoListBullet><span style='font-family:Symbol'>·<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span></span>How the PINs are generated (by the user, by the application, or
-by some other means).</p>
-
-<p class=MsoNormal><a name="_Toc385057792"></a><a name="_Toc383864805"></a><a
-name="_Toc323610794"></a><a name="_Toc323205365"></a><a name="_Toc323024034"></a><a
-name="_Toc323000674"></a><a name="_Toc322945091"></a><a name="_Toc322855265"></a><a
-name="_Toc319315673"></a><a name="_Toc319313680"></a><a name="_Toc319313487"></a><a
-name="_Toc319287646">PINs that are supplied by some means other than through an
-application (<i>e.g.</i>, PINs entered via a PIN pad on the token) are even
-more abstract.  Cryptoki knows how to wait (if need be) for such a PIN to be
-supplied and used, and little more.</a></p>
-
-<h2 style='margin-top:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:
-0in;text-align:justify;text-indent:0in'><a name="_Ref388878179"></a><a
-name="_Ref388878037"></a><a name="_Toc406759985"></a><a name="_Toc386027480"></a><a
-name="_Toc380217969"></a><a name="_Toc356917281"></a><a name="_Toc235002211"></a><a
-name="_Toc72655996"></a><a name="_Toc405794613"></a><a name="_Ref399916915">2.5
-Applications and their use of Cryptoki</a></h2>
-
-<h3><a name="_Toc406759986"></a><a name="_Toc386027481"></a><a
-name="_Toc380217970">2.5.1 General Guidance</a></h3>
-
-<p class=MsoNormal>To Cryptoki, an application consists of a single address
-space and all the threads of control running in it.  An application becomes a
-“Cryptoki application” by calling the Cryptoki function <b>C_Initialize</b> from
-one of its threads; after this call is made, the application can call other
-Cryptoki functions.  When the application has finished using Cryptoki, it calls
-the Cryptoki function <b>C_Finalize</b> and ceases to be a Cryptoki
-application.</p>
-
-<h3 style='margin-top:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:
-0in;text-align:justify;text-indent:0in'><a name="_Toc406759987"></a><a
-name="_Toc386027482"></a><a name="_Toc380217971"></a><a name="_Toc356917282"></a><a
-name="_Toc235002212"></a><a name="_Toc72655997"></a><a name="_Toc405794614">2.5.2
-Applications and processes</a></h3>
-
-<p class=MsoNormal>In general, on most platforms, the previous paragraph means
-that an application consists of a single process.</p>
-
-<p class=MsoNormal>Consider a UNIX process <b>P</b> which becomes a Cryptoki
-application by calling <b>C_Initialize</b>, and then uses the fork() system
-call to create a child process <b>C</b>.  Since <b>P</b> and <b>C</b> have
-separate address spaces (or will when one of them performs a write operation,
-if the operating system follows the copy-on-write paradigm), they are not part
-of the same application.  Therefore, if <b>C</b> needs to use Cryptoki, it
-needs to perform its own <b>C_Initialize</b> call.  Furthermore, if <b>C</b>
-needs to be logged into the token(s) that it will access via Cryptoki, it needs
-to log into them <i>even if <b>P</b> is already logged in</i>, since <b>P</b>
-and <b>C</b> are completely separate applications.</p>
-
-<p class=MsoNormal>In this particular case (when <b>C</b> is the child of a
-process which is a Cryptoki application), the behavior of Cryptoki is undefined
-if <b>C</b> tries to use it without its own <b>C_Initialize</b> call.  Ideally,
-such an attempt would return the value CKR_CRYPTOKI_NOT_INITIALIZED; however,
-because of the way fork() works, insisting on this return value might have a
-bad impact on the performance of libraries.  Therefore, the behavior of
-Cryptoki in this situation is left undefined.  Applications should definitely <i>not</i>
-attempt to take advantage of any potential “shortcuts” which might (or might
-not!) be available because of this.</p>
-
-<p class=MsoNormal>In the scenario specified above, <b>C</b> should actually
-call <b>C_Initialize</b> whether or not it needs to use Cryptoki; if it has no
-need to use Cryptoki, it should then call <b>C_Finalize</b> immediately thereafter. 
-This (having the child immediately call <b>C_Initialize</b> and then call <b>C_Finalize</b>
-if the parent is using Cryptoki) is considered to be good Cryptoki programming
-practice, since it can prevent the existence of dangling duplicate resources
-that were created at the time of the fork() call; however, it is not required
-by Cryptoki.</p>
-
-<h3 style='margin-top:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:
-0in;text-align:justify;text-indent:0in'><a name="_Toc406759988"></a><a
-name="_Toc386027483"></a><a name="_Toc380217972"></a><a name="_Toc356917283"></a><a
-name="_Toc235002213"></a><a name="_Toc72655998"></a><a name="_Toc405794615">2.5.3
-Applications and threads</a></h3>
-
-<p class=MsoNormal>Some applications will access a Cryptoki library in a
-multi-threaded fashion.  Cryptoki enables applications to provide information
-to libraries so that they can give appropriate support for multi-threading.  In
-particular, when an application initializes a Cryptoki library with a call to <b>C_Initialize</b>,
-it can specify one of four possible multi-threading behaviors for the library:</p>
-
-<p class=MsoNormal style='margin-top:4.0pt;margin-right:0in;margin-bottom:4.0pt;
-margin-left:.25in;text-indent:-.25in;line-height:normal'>1.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>The
-application can specify that it will not be accessing the library concurrently
-from multiple threads, and so the library need not worry about performing any
-type of locking for the sake of thread-safety.</p>
-
-<p class=MsoNormal style='margin-top:4.0pt;margin-right:0in;margin-bottom:4.0pt;
-margin-left:.25in;text-indent:-.25in;line-height:normal'>2.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>The
-application can specify that it <i>will</i> be accessing the library concurrently
-from multiple threads, and the library must be able to use native operation
-system synchronization primitives to ensure proper thread-safe behavior.</p>
-
-<p class=MsoNormal style='margin-top:4.0pt;margin-right:0in;margin-bottom:4.0pt;
-margin-left:.25in;text-indent:-.25in;line-height:normal'>3.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>The
-application can specify that it <i>will</i> be accessing the library
-concurrently from multiple threads, and the library must use a set of
-application-supplied synchronization primitives to ensure proper thread-safe
-behavior.</p>
-
-<p class=MsoNormal style='margin-top:4.0pt;margin-right:0in;margin-bottom:4.0pt;
-margin-left:.25in;text-indent:-.25in;line-height:normal'>4.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>The
-application can specify that it <i>will</i> be accessing the library
-concurrently from multiple threads, and the library must use either the native
-operating system synchronization primitives or a set of application-supplied
-synchronization primitives to ensure proper thread-safe behavior.</p>
-
-<p class=MsoNormal>The 3<sup>rd</sup> and 4<sup>th</sup> types of behavior
-listed above are appropriate for multi-threaded applications that are not using
-the native operating system thread model.  The application-supplied
-synchronization primitives consist of four functions for handling mutex (<i>mut</i>ual
-<i>ex</i>clusion) objects in the application’s threading model.  Mutex objects
-are simple objects that can be in either of two states at any given time:
-unlocked or locked.  If a call is made by a thread to lock a mutex that is
-already locked, that thread blocks (waits) until the mutex is unlocked; then it
-locks it and the call returns.  If more than one thread is blocking on a
-particular mutex, and that mutex becomes unlocked, then exactly one of those
-threads will get the lock on the mutex and return control to the caller (the
-other blocking threads will continue to block and wait for their turn).</p>
-
-<p class=MsoNormal>See [PKCS11-BASE] Section 5.1.5 for more information on
-Cryptoki’s view of mutex objects.</p>
-
-<p class=MsoNormal>In addition to providing the above thread-handling
-information to a Cryptoki library at initialization time, an application can
-also specify whether or not application threads executing library calls may use
-native operating system calls to spawn new threads.</p>
-
-<h2 style='margin-top:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:
-0in;text-align:justify;text-indent:0in'><a name="_Toc406759989"></a><a
-name="_Toc386027484"></a><a name="_Toc380217973"></a><a name="_Toc356917284"></a><a
-name="_Toc235002214"></a><a name="_Toc72655999"></a><a name="_Ref457130479"></a><a
-name="_Ref457130447"></a><a name="_Toc405794616">2.6 Sessions</a></h2>
-
-<h3><a name="_Toc406759990"></a><a name="_Toc386027485"></a><a
-name="_Toc380217974">2.6.1 General Guidance</a></h3>
-
-<p class=MsoNormal>Cryptoki requires that an application open one or more
-sessions with a token to gain access to the token’s objects and functions.  A
-session provides a logical connection between the application and the token.  A
-session can be a read/write (R/W) session or a read-only (R/O) session. 
-Read/write and read-only refer to the access to token objects, not to session
-objects.  In both session types, an application can create, read, write and
-destroy session objects, and read token objects.  However, only in a read/write
-session can an application create, modify, and destroy token objects.</p>
-
-<p class=MsoNormal>After it opens a session, an application has access to the
-token’s public objects.  All threads of a given application have access to
-exactly the same sessions and the same session objects.  To gain access to the
-token’s private objects, the normal user must log in and be authenticated.</p>
-
-<p class=MsoNormal>When a session is closed, any session objects which were
-created in that session are destroyed.  This holds even for session objects that
-are “being used” by other sessions.  That is, if a single application has
-multiple sessions open with a token, and it uses one of them to create a session
-object, then that session object is visible through any of that application’s
-sessions.  However, as soon as the session that was used to create the object
-is closed, that object is destroyed.</p>
-
-<p class=MsoNormal>Cryptoki supports multiple sessions on multiple tokens.  An
-application may have one or more sessions with one or more tokens.  In general,
-a token may have multiple sessions with one or more applications.  A particular
-token may allow an application to have only a limited number of sessions—or
-only a limited number of read/write sessions-- however.</p>
-
-<p class=MsoNormal>An open session can be in one of several states.  The
-session state determines allowable access to objects and functions that can be
-performed on them.  The session states are described in Section 2 and Section 3.</p>
-
-<h3 style='margin-top:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:
-0in;text-align:justify;text-indent:0in'><a name="_Toc406759991"></a><a
-name="_Toc386027486"></a><a name="_Toc380217975"></a><a name="_Toc356917285"></a><a
-name="_Toc235002215"></a><a name="_Toc72656000"></a><a name="_Toc405794617"></a><a
-name="_Toc385057793"></a><a name="_Ref384482971"></a><a name="_Toc383864806"></a><a
-name="_Toc323610795"></a><a name="_Toc323205366"></a><a name="_Ref323102936"></a><a
-name="_Ref323102929"></a><a name="_Toc323024035"></a><a name="_Toc323000675"></a><a
-name="_Toc322945092"></a><a name="_Toc322855266"></a><a name="_Toc319315674"></a><a
-name="_Toc319313681"></a><a name="_Toc319313488"></a><a name="_Toc319287647">2.6.2
-Read-only session states</a></h3>
-
-<p class=MsoNormal>A read-only session can be in one of two states, as
-illustrated in the following figure.  When the session is initially opened, it
-is in either the “R/O Public Session” state (if the application has no
-previously open sessions that are logged in) or the “R/O User Functions” state
-(if the application already has an open session that is logged in).  Note that
-read-only SO sessions do not exist. Read-only sessions that are open while the
-SO is logged in behave identically to the &quot;R/O Public Session&quot; state.</p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<p class=MsoNormal style='page-break-after:avoid'><img border=0 width=576
-height=228 src="pkcs11-ug-v2.40-cn02_files/image005.png"></p>
-
-<p class=MsoCaption><a name="_Toc225305927"><span style='font-family:"Arial","sans-serif";
-font-variant:normal !important;text-transform:uppercase'>Figure </span></a><span
-style='font-family:"Arial","sans-serif";font-variant:normal !important;
-text-transform:uppercase'>3</span><span style='font-family:"Arial","sans-serif";
-font-variant:normal !important;text-transform:uppercase'>: Read-Only Session
-States</span></p>
-
-<p class=MsoNormal>The following table describes the session states:<a
-name="_Toc225305936"></a><a name="_Toc405794966"></a><a name="_Toc383864505"></a></p>
-
-<p class=MsoNormal>Table 1: Read-Only Session States</p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=144 valign=top style='width:1.5in;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>State</span></b></p>
-   </td>
-   <td width=439 valign=top style='width:329.4pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Description</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=144 valign=top style='width:1.5in;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>R/O Public Session</span></p>
-  </td>
-  <td width=439 valign=top style='width:329.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>The application has opened a read-only
-  session.  The application has read-only access to public token objects and
-  read/write access to public session objects.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=144 valign=top style='width:1.5in;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>R/O User Functions</span></p>
-  </td>
-  <td width=439 valign=top style='width:329.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>The normal user has been authenticated to
-  the token. The application has read-only access to all token objects (public
-  or private) and read/write access to all session objects (public or private).</span></p>
-  </td>
- </tr>
-</table>
-
-<h3 style='margin-top:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:
-0in;text-align:justify;text-indent:0in'><a name="_Toc406759992"></a><a
-name="_Toc386027487"></a><a name="_Toc380217976"></a><a name="_Toc356917286"></a><a
-name="_Toc235002216"></a><a name="_Toc72656001"></a><a name="_Toc405794618"></a><a
-name="_Toc385057794"></a><a name="_Ref384482978"></a><a name="_Toc383864807"></a><a
-name="_Toc323610796"></a><a name="_Toc323205367"></a><a name="_Ref323102939"></a><a
-name="_Toc323024036"></a><a name="_Toc323000676"></a><a name="_Toc322945093"></a><a
-name="_Toc322855267">2.6.3 Read/write session states</a></h3>
-
-<p class=MsoNormal>A read/write session can be in one of three states, as
-illustrated in the following figure.  When the session is opened, it is in
-either the “R/W Public Session” state (if the application has no previously
-open sessions that are logged in), the “R/W User Functions” state (if the
-application already has an open session that the normal user is logged into),
-or the “R/W SO Functions” state (if the application already has an open session
-that the SO is logged into).</p>
-
-<p class=MsoNormal style='page-break-after:avoid'><img border=0 width=576
-height=378 src="pkcs11-ug-v2.40-cn02_files/image006.png"></p>
-
-<p class=MsoCaption><a name="_Toc225305928"><span style='font-family:"Arial","sans-serif";
-font-variant:normal !important;text-transform:uppercase'>Figure </span></a><span
-style='font-family:"Arial","sans-serif";font-variant:normal !important;
-text-transform:uppercase'>4</span><span style='font-family:"Arial","sans-serif";
-font-variant:normal !important;text-transform:uppercase'>: Read/Write Session
-States</span></p>
-
-<p class=MsoNormal>The following table describes the session states:</p>
-
-<p class=MsoCaption style='page-break-after:avoid'><a name="_Toc225305937"></a><a
-name="_Toc405794967"></a><a name="_Toc383864506"></a><a name="_Toc323204876"></a><a
-name="_Toc319315834"></a><a name="_Toc319314962"></a><a name="_Toc319314547"></a><a
-name="_Toc319314005"><span style='font-family:"Arial","sans-serif";font-variant:
-normal !important;text-transform:uppercase'>Table 2: Read/Write Session States</span></a></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=144 valign=top style='width:1.5in;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>State</span></b></p>
-   </td>
-   <td width=439 valign=top style='width:329.4pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Description</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=144 valign=top style='width:1.5in;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>R/W Public Session</span></p>
-  </td>
-  <td width=439 valign=top style='width:329.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>The application has opened a read/write
-  session. The application has read/write access to all public objects.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=144 valign=top style='width:1.5in;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>R/W SO Functions</span></p>
-  </td>
-  <td width=439 valign=top style='width:329.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>The Security Officer has been authenticated
-  to the token. The application has read/write access only to public objects on
-  the token, not to private objects.  The SO can set the normal user’s PIN.</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=144 valign=top style='width:1.5in;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>R/W User Functions</span></p>
-  </td>
-  <td width=439 valign=top style='width:329.4pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>The normal user has been authenticated to
-  the token. The application has read/write access to all objects.</span></p>
-  </td>
- </tr>
-</table>
-
-<h3 style='margin-top:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:
-0in;text-align:justify;text-indent:0in'><a name="_Toc406759993"></a><a
-name="_Toc386027488"></a><a name="_Toc380217977"></a><a name="_Toc356917287"></a><a
-name="_Toc235002217"></a><a name="_Toc72656002"></a><a name="_Toc405794619"></a><a
-name="_Toc385057795"></a><a name="_Toc383864808">2.6.4 Permitted object
-accesses by sessions</a></h3>
-
-<p class=MsoNormal>The following table summarizes the kind of access each type
-of session has to each type of object.  A given type of session has either
-read-only access, read/write access, or no access whatsoever to a given type of
-object.</p>
-
-<p class=MsoNormal>Note that creating or deleting an object requires read/write
-access to it, <i>e.g.</i>, a “R/O User Functions” session cannot create or
-delete a token object.</p>
-
-<p class=MsoCaption><a name="_Toc225305938"></a><a name="_Toc405794968"></a><a
-name="_Ref398548479"></a><a name="_Toc383864507"></a><a name="_Ref398085875"><span
-style='font-family:"Arial","sans-serif";font-variant:normal !important;
-text-transform:uppercase'>Table </span></a><span style='font-family:"Arial","sans-serif";
-font-variant:normal !important;text-transform:uppercase'>3: Access to Different
-Types Objects by Different Types of Sessions</span></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=163 valign=top style='width:1.7in;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><span
-   style='font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-   </td>
-   <td width=329 colspan=5 valign=top style='width:246.6pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Type
-   of session</span></b></p>
-   </td>
-  </tr>
-  <tr>
-   <td width=163 valign=top style='width:1.7in;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></b></p>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Type of object</span></b></p>
-   </td>
-   <td width=67 valign=top style='width:.7in;border-top:none;border-left:none;
-   border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>R/O
-   Public</span></b></p>
-   </td>
-   <td width=67 valign=top style='width:.7in;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>R/W
-   Public</span></b></p>
-   </td>
-   <td width=67 valign=top style='width:.7in;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>R/O
-   User</span></b></p>
-   </td>
-   <td width=67 valign=top style='width:.7in;border:solid black 1.0pt;
-   border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>R/W
-   User</span></b></p>
-   </td>
-   <td width=60 valign=top style='width:45.0pt;border-top:solid black 1.0pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>R/W
-   SO</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=163 valign=top style='width:1.7in;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Public session object</p>
-  </td>
-  <td width=67 valign=top style='width:.7in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>R/W</p>
-  </td>
-  <td width=67 valign=top style='width:.7in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>R/W</p>
-  </td>
-  <td width=67 valign=top style='width:.7in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>R/W</p>
-  </td>
-  <td width=67 valign=top style='width:.7in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>R/W</p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>R/W</p>
-  </td>
- </tr>
- <tr>
-  <td width=163 valign=top style='width:1.7in;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Private session object</p>
-  </td>
-  <td width=67 valign=top style='width:.7in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>&nbsp;</p>
-  </td>
-  <td width=67 valign=top style='width:.7in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>&nbsp;</p>
-  </td>
-  <td width=67 valign=top style='width:.7in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>R/W</p>
-  </td>
-  <td width=67 valign=top style='width:.7in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>R/W</p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>&nbsp;</p>
-  </td>
- </tr>
- <tr>
-  <td width=163 valign=top style='width:1.7in;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Public token object</p>
-  </td>
-  <td width=67 valign=top style='width:.7in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>R/O</p>
-  </td>
-  <td width=67 valign=top style='width:.7in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>R/W</p>
-  </td>
-  <td width=67 valign=top style='width:.7in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>R/O</p>
-  </td>
-  <td width=67 valign=top style='width:.7in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>R/W</p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>R/W</p>
-  </td>
- </tr>
- <tr>
-  <td width=163 valign=top style='width:1.7in;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Private token object</p>
-  </td>
-  <td width=67 valign=top style='width:.7in;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>&nbsp;</p>
-  </td>
-  <td width=67 valign=top style='width:.7in;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>&nbsp;</p>
-  </td>
-  <td width=67 valign=top style='width:.7in;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>R/O</p>
-  </td>
-  <td width=67 valign=top style='width:.7in;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>R/W</p>
-  </td>
-  <td width=60 valign=top style='width:45.0pt;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>&nbsp;</p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal><a name="_Toc385057796"></a><a name="_Toc383864809"></a><a
-name="_Toc323610797"></a><a name="_Toc323205368"></a><a name="_Toc323024037"></a><a
-name="_Toc323000677"></a><a name="_Toc322945094"></a><a name="_Toc322855268">As
-previously indicated, the access to a given session object which is shown in </a>Table<span style='font-family:"Arial","sans-serif"'> </span> is limited to sessions
-belonging to the application which owns that object (<i>i.e.</i>, which created
-that object).</p>
-
-<h3 style='margin-top:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:
-0in;text-align:justify;text-indent:0in'><a name="_Toc406759994"></a><a
-name="_Toc386027489"></a><a name="_Toc380217978"></a><a name="_Toc356917288"></a><a
-name="_Toc235002218"></a><a name="_Toc72656003"></a><a name="_Toc405794620">2.6.5
-Session events</a></h3>
-
-<p class=MsoNormal>Session events cause the session state to change. The
-following table describes the events:</p>
-
-<p class=MsoCaption><a name="_Toc225305939"></a><a name="_Toc405794969"></a><a
-name="_Toc383864508"></a><a name="_Toc323204877"></a><a name="_Toc319315835"></a><a
-name="_Toc319314963"></a><a name="_Toc319314548"></a><a name="_Toc319314006"><span
-style='font-family:"Arial","sans-serif";font-variant:normal !important;
-text-transform:uppercase'>Table 4: Session Events</span></a></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=132 valign=top style='width:99.0pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=MsoNormal>Event</p>
-   </td>
-   <td width=451 valign=top style='width:4.7in;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=MsoNormal>Occurs when...</p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Log In SO</p>
-  </td>
-  <td width=451 valign=top style='width:4.7in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>the SO is authenticated to the token.</p>
-  </td>
- </tr>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal><span lang=SV>Log In User</span></p>
-  </td>
-  <td width=451 valign=top style='width:4.7in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>the normal user is authenticated to the token.</p>
-  </td>
- </tr>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Log Out</p>
-  </td>
-  <td width=451 valign=top style='width:4.7in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>the application logs out the current user (SO or normal
-  user).</p>
-  </td>
- </tr>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Close Session</p>
-  </td>
-  <td width=451 valign=top style='width:4.7in;border-top:none;border-left:none;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>the application closes the session or closes all sessions.</p>
-  </td>
- </tr>
- <tr>
-  <td width=132 valign=top style='width:99.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Device Removed</p>
-  </td>
-  <td width=451 valign=top style='width:4.7in;border-top:none;border-left:none;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>the device underlying the token has been removed from its
-  slot.</p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>When the device is removed, all sessions of all applications
-are automatically logged out.  Furthermore, all sessions any applications have
-with the device are closed (this latter behavior was not present in Version 1.0
-of Cryptoki)—an application cannot have a session with a token that is not
-present. Realistically, Cryptoki may not be constantly monitoring whether or
-not the token is present, and so the token’s absence could conceivably not be
-noticed until a Cryptoki function is executed.  If the token is re-inserted
-into the slot before that, Cryptoki might never know that it was missing.</p>
-
-<p class=MsoNormal>In Cryptoki, all sessions that an application has with a
-token must have the same login/logout status (<i>i.e.</i>, for a given
-application and token, one of the following holds: all sessions are public
-sessions; all sessions are SO sessions; or all sessions are user sessions). 
-When an application’s session logs into a token, <i>all</i> of that
-application’s sessions with that token become logged in, and when an
-application’s session logs out of a token, <i>all</i> of that application’s
-sessions with that token become logged out.  Similarly, for example, if an application
-already has a R/O user session open with a token, and then opens a R/W session
-with that token, the R/W session is automatically logged in.</p>
-
-<p class=MsoNormal>This implies that a given application may not simultaneously
-have SO sessions and user sessions open with a given token.  </p>
-
-<h3 style='margin-top:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:
-0in;text-align:justify;text-indent:0in'><a name="_Toc406759995"></a><a
-name="_Toc386027490"></a><a name="_Toc380217979"></a><a name="_Toc356917289"></a><a
-name="_Toc235002219"></a><a name="_Toc72656004"></a><a name="_Toc405794621"></a><a
-name="_Toc385057797"></a><a name="_Ref384830223"></a><a name="_Toc383864810">2.6.6
-Session handles and object handles</a></h3>
-
-<p class=MsoNormal>A session handle is a Cryptoki-assigned value that
-identifies a session.  It is in many ways akin to a file handle, and is
-specified to functions to indicate which session the function should act on.
-All threads of an application have equal access to all session handles.  That
-is, anything that can be accomplished with a given file handle by one thread
-can also be accomplished with that file handle by any other thread of the same
-application.</p>
-
-<p class=MsoNormal>Cryptoki also has object handles, which are identifiers used
-to manipulate Cryptoki objects.  Object handles are similar to session handles
-in the sense that visibility of a given object through an object handle is the
-same among all threads of a given application.  R/O sessions, of course, only
-have read-only access to token objects, whereas R/W sessions have read/write
-access to token objects.</p>
-
-<p class=MsoNormal><i>Valid session handles and object handles in Cryptoki
-always have nonzero values.</i>  For developers’ convenience, Cryptoki defines the
-following symbolic value:</p>
-
-<div style='border-top:solid windowtext 1.0pt;border-left:none;border-bottom:
-solid windowtext 1.0pt;border-right:none;padding:3.0pt 0in 3.0pt 0in;
-background:#D9D9D9;margin-left:.3in;margin-right:.3in'>
-
-<p class=Code style='margin:0in;margin-bottom:.0001pt;background:#D9D9D9'>CK_INVALID_HANDLE</p>
-
-</div>
-
-<h3 style='margin-top:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:
-0in;text-align:justify;text-indent:0in'><a name="_Toc406759996"></a><a
-name="_Toc386027491"></a><a name="_Toc380217980"></a><a name="_Toc356917290"></a><a
-name="_Toc235002220"></a><a name="_Toc72656005"></a><a name="_Ref406906797"></a><a
-name="_Toc405794622"></a><a name="_Toc385057798">2.6.7 Capabilities of sessions</a></h3>
-
-<p class=MsoNormal>Very roughly speaking, there are three broad types of
-operations an open session can be used to perform: administrative operations
-(such as logging in); object management operations (such as creating or
-destroying an object on the token); and cryptographic operations (such as
-computing a message digest).  Cryptographic operations sometimes require more
-than one function call to the Cryptoki API to complete.  In general, a single
-session can perform only one operation at a time; for this reason, it may be
-desirable for a single application to open multiple sessions with a single
-token.  For efficiency’s sake, however, a single session on some tokens can
-perform the following pairs of operation types simultaneously: message
-digesting and encryption; decryption and message digesting; signature or MACing
-and encryption; and decryption and verifying signatures or MACs.  Details on
-performing simultaneous cryptographic operations in one session are provided in
-[PKCS11-Base] Section 5.12.</p>
-
-<p class=MsoNormal>A consequence of the fact that a single session can, in
-general, perform only one operation at a time is that <i>an application should
-never make multiple simultaneous function calls to Cryptoki which use a common
-session</i>.  If multiple threads of an application attempt to use a common
-session concurrently in this fashion, Cryptoki does not define what happens. 
-This means that if multiple threads of an application all need to use Cryptoki
-to access a particular token, it might be appropriate for each thread to have
-its own session with the token, unless the application can ensure by some other
-means (<i>e.g.</i>, by some locking mechanism) that no sessions are ever used
-by multiple threads simultaneously.  This is true regardless of whether or not
-the Cryptoki library was initialized in a fashion which permits safe
-multi-threaded access to it.  Even if it is safe to access the library from
-multiple threads simultaneously, it is still not necessarily safe to use <i>a
-particular session</i> from multiple threads simultaneously.</p>
-
-<h3 style='margin-top:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:
-0in;text-align:justify;text-indent:0in'><a name="_Toc406759997"></a><a
-name="_Toc386027492"></a><a name="_Toc380217981"></a><a name="_Toc356917291"></a><a
-name="_Toc235002221"></a><a name="_Toc72656006"></a><a name="_Toc405794623"></a><a
-name="_Toc385057800"></a><a name="_Ref384484147"></a><a name="_Ref384459229"></a><a
-name="_Ref384459212"></a><a name="_Ref384459188"></a><a name="_Toc383864811">2.6.8
-Example of use of sessions</a></h3>
-
-<p class=MsoNormal>We give here a detailed and lengthy example of how multiple
-applications can make use of sessions in a Cryptoki library.  Despite the
-somewhat painful level of detail, we highly recommend reading through this
-example carefully to understand session handles and object handles.</p>
-
-<p class=MsoNormal>We caution that our example is decidedly <i>not</i> meant to
-indicate how multiple applications <i>should</i> use Cryptoki simultaneously;
-rather, it is meant to clarify what uses of Cryptoki’s sessions and objects and
-handles are permissible.  In other words, instead of demonstrating good
-technique here, we demonstrate “pushing the envelope”.</p>
-
-<p class=MsoNormal>For our example, we suppose that two applications, <b>A</b>
-and <b>B</b>, are using a Cryptoki library to access a single token <b>T</b>. 
-Each application has two threads running: <b>A</b> has threads <b>A1</b> and <b>A2</b>,
-and <b>B</b> has threads <b>B1</b> and <b>B2</b>.  We assume in what follows
-that there are no instances where multiple threads of a single application
-simultaneously use the same session, and that the events of our example occur
-in the order specified, without overlapping each other in time.</p>
-
-<p class=MsoNormal style='margin-top:4.0pt;margin-right:0in;margin-bottom:4.0pt;
-margin-left:.25in;text-indent:-.25in;line-height:normal'>1.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><b>A1</b>
-and <b>B1</b> each initialize the Cryptoki library by calling <b>C_Initialize</b>
-(see <b><span style='color:#3B006F'>[PKCS11-Base] for explanation of </span></b>the
-specifics of Cryptoki functions). Note that exactly one call to <b>C_Initialize</b>
-should be made for each application (as opposed to one call for every thread,
-for example).</p>
-
-<p class=MsoNormal style='margin-top:4.0pt;margin-right:0in;margin-bottom:4.0pt;
-margin-left:.25in;text-indent:-.25in;line-height:normal'>2.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><b>A1</b>
-opens a R/W session and receives the session handle 7 for the session.  Since
-this is the first session to be opened for <b>A</b>, it is a public session.</p>
-
-<p class=MsoNormal style='margin-top:4.0pt;margin-right:0in;margin-bottom:4.0pt;
-margin-left:.25in;text-indent:-.25in;line-height:normal'>3.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><b>A2</b>
-opens a R/O session and receives the session handle 4.  Since all of <b>A</b>’s
-existing sessions are public sessions, session 4 is also a public session.</p>
-
-<p class=MsoNormal style='margin-top:4.0pt;margin-right:0in;margin-bottom:4.0pt;
-margin-left:.25in;text-indent:-.25in;line-height:normal'>4.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><b>A1</b>
-attempts to log the SO into session 7.  The attempt fails, because read-only
-sessions cannot be used to log in the SO.</p>
-
-<p class=MsoNormal style='margin-top:4.0pt;margin-right:0in;margin-bottom:4.0pt;
-margin-left:.25in;text-indent:-.25in;line-height:normal'>5.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><b>A2</b>
-logs the normal user into session 7.  This turns session 7 into a R/W user
-session, and turns session 4 into a R/O user session.  Note that because <b>A1</b>
-and <b>A2</b> belong to the same application, they have equal access to all
-sessions, and therefore, <b>A2</b> is able to perform this action.</p>
-
-<p class=MsoNormal style='margin-top:4.0pt;margin-right:0in;margin-bottom:4.0pt;
-margin-left:.25in;text-indent:-.25in;line-height:normal'>6.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><b>A2</b>
-opens a R/W session and receives the session handle 9.  Since all of <b>A</b>’s
-existing sessions are user sessions, session 9 is also a user session.</p>
-
-<p class=MsoNormal style='margin-top:4.0pt;margin-right:0in;margin-bottom:4.0pt;
-margin-left:.25in;text-indent:-.25in;line-height:normal'>7.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><b>A1</b>
-closes session 9.</p>
-
-<p class=MsoNormal style='margin-top:4.0pt;margin-right:0in;margin-bottom:4.0pt;
-margin-left:.25in;text-indent:-.25in;line-height:normal'>8.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><b>B1</b>
-attempts to log out session 4.  The attempt fails, because <b>A</b> and <b>B</b>
-have no access rights to each other’s sessions or objects.  <b>B1</b> receives
-an error message which indicates that there is no such session handle
-(CKR_SESSION_HANDLE_INVALID).</p>
-
-<p class=MsoNormal style='margin-top:4.0pt;margin-right:0in;margin-bottom:4.0pt;
-margin-left:.25in;text-indent:-.25in;line-height:normal'>9.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><b>B2</b>
-attempts to close session 4.  The attempt fails in precisely the same way as <b>B1</b>’s
-attempt to log out session 4 failed (<i>i.e.</i>, <b>B2</b> receives a
-CKR_SESSION_HANDLE_INVALID error code).</p>
-
-<p class=MsoNormal style='margin-top:4.0pt;margin-right:0in;margin-bottom:4.0pt;
-margin-left:.25in;text-indent:-.25in;line-height:normal'>10.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp; </span><b>B1</b> opens a R/W
-session and receives the session handle 7.  Note that, as far as <b>B</b> is
-concerned, this is the first occurrence of session handle 7.  <b>A</b>’s
-session 7 and <b>B</b>’s session 7 are completely different sessions.</p>
-
-<p class=MsoNormal style='margin-top:4.0pt;margin-right:0in;margin-bottom:4.0pt;
-margin-left:.25in;text-indent:-.25in;line-height:normal'>11.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp; </span><b>B1</b> logs the SO
-into [<b>B</b>’s] session 7.  This turns <b>B</b>’s session 7 into a R/W SO
-session, and has no effect on either of <b>A</b>’s sessions.</p>
-
-<p class=MsoNormal style='margin-top:4.0pt;margin-right:0in;margin-bottom:4.0pt;
-margin-left:.25in;text-indent:-.25in;line-height:normal'>12.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp; </span><b>A1</b> uses [<b>A</b>’s]
-session 7 to create a session object <b>O1</b> of some sort and receives the
-object handle 7.  Note that a Cryptoki implementation may or may not support
-separate spaces of handles for sessions and objects.</p>
-
-<p class=MsoNormal style='margin-top:4.0pt;margin-right:0in;margin-bottom:4.0pt;
-margin-left:.25in;text-indent:-.25in;line-height:normal'>13.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp; </span><b>B1</b> uses [<b>B</b>’s]
-session 7 to create a token object <b>O2</b> of some sort and receives the
-object handle 7.  As with session handles, different applications have no
-access rights to each other’s object handles, and so <b>B</b>’s object handle 7
-is entirely different from <b>A</b>’s object handle 7.  Of course, since <b>B1</b>
-is an SO session, it cannot create private objects, and so <b>O2</b> must be a
-public object (if <b>B1</b> attempted to create a private object, the attempt
-would fail with error code CKR_USER_NOT_LOGGED_IN or
-CKR_TEMPLATE_INCONSISTENT).</p>
-
-<p class=MsoNormal style='margin-top:4.0pt;margin-right:0in;margin-bottom:4.0pt;
-margin-left:.25in;text-indent:-.25in;line-height:normal'>14.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp; </span><b>B2</b> uses [<b>B</b>’s]
-session 7 to perform some operation to modify the object associated with [<b>B</b>’s]
-object handle 7.  This modifies <b>O2</b>.</p>
-
-<p class=MsoNormal style='margin-top:4.0pt;margin-right:0in;margin-bottom:4.0pt;
-margin-left:.25in;text-indent:-.25in;line-height:normal'>15.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp; </span><b>A1</b> uses [<b>A</b>’s]
-session 4 to perform an object search operation to get a handle for <b>O2</b>. 
-The search returns object handle 1.  Note that <b>A</b>’s object handle 1 and <b>B</b>’s
-object handle 7 now point to the same object.</p>
-
-<p class=MsoNormal style='margin-top:4.0pt;margin-right:0in;margin-bottom:4.0pt;
-margin-left:.25in;text-indent:-.25in;line-height:normal'>16.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp; </span><b>A1</b> attempts to
-use [<b>A</b>’s] session 4 to modify the object associated with [<b>A</b>’s]
-object handle 1.  The attempt fails, because <b>A</b>’s session 4 is a R/O
-session, and is therefore incapable of modifying <b>O2</b>, which is a token
-object.  <b>A1</b> receives an error message indicating that the session is a
-R/O session (CKR_SESSION_READ_ONLY).</p>
-
-<p class=MsoNormal style='margin-top:4.0pt;margin-right:0in;margin-bottom:4.0pt;
-margin-left:.25in;text-indent:-.25in;line-height:normal'>17.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp; </span><b>A1</b> uses [<b>A</b>’s]
-session 7 to modify the object associated with [<b>A</b>’s] object handle 1. 
-This time, since <b>A</b>’s session 7 is a R/W session, the attempt succeeds in
-modifying <b>O2</b>.</p>
-
-<p class=MsoNormal style='margin-top:4.0pt;margin-right:0in;margin-bottom:4.0pt;
-margin-left:.25in;text-indent:-.25in;line-height:normal'>18.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp; </span><b>B1</b> uses [<b>B</b>’s]
-session 7 to perform an object search operation to find <b>O1</b>.  Since <b>O1</b>
-is a session object belonging to <b>A</b>, however, the search does not
-succeed.</p>
-
-<p class=MsoNormal style='margin-top:4.0pt;margin-right:0in;margin-bottom:4.0pt;
-margin-left:.25in;text-indent:-.25in;line-height:normal'>19.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp; </span><b>A2</b> uses [<b>A</b>’s]
-session 4 to perform some operation to modify the object associated with [<b>A</b>’s]
-object handle 7.  This operation modifies <b>O1</b>.</p>
-
-<p class=MsoNormal style='margin-top:4.0pt;margin-right:0in;margin-bottom:4.0pt;
-margin-left:.25in;text-indent:-.25in;line-height:normal'>20.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp; </span><b>A2</b> uses [<b>A</b>’s]
-session 7 to destroy the object associated with [<b>A</b>’s] object handle 1. 
-This destroys <b>O2</b>.</p>
-
-<p class=MsoNormal style='margin-top:4.0pt;margin-right:0in;margin-bottom:4.0pt;
-margin-left:.25in;text-indent:-.25in;line-height:normal'>21.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp; </span><b>B1</b> attempts to
-perform some operation with the object associated with [<b>B</b>’s] object handle
-7.  The attempt fails, since there is no longer any such object.  <b>B1</b>
-receives an error message indicating that its object handle is invalid
-(CKR_OBJECT_HANDLE_INVALID).</p>
-
-<p class=MsoNormal style='margin-top:4.0pt;margin-right:0in;margin-bottom:4.0pt;
-margin-left:.25in;text-indent:-.25in;line-height:normal'>22.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp; </span><b>A1</b> logs out [<b>A</b>’s]
-session 4.  This turns <b>A</b>’s session 4 into a R/O public session, and
-turns <b>A</b>’s session 7 into a R/W public session.</p>
-
-<p class=MsoNormal style='margin-top:4.0pt;margin-right:0in;margin-bottom:4.0pt;
-margin-left:.25in;text-indent:-.25in;line-height:normal'>23.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp; </span><b>A1</b> closes [<b>A</b>’s]
-session 7.  This destroys the session object <b>O1</b>, which was created by <b>A</b>’s
-session 7.</p>
-
-<p class=MsoNormal style='margin-top:4.0pt;margin-right:0in;margin-bottom:4.0pt;
-margin-left:.25in;text-indent:-.25in;line-height:normal'>24.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp; </span><b>A2</b> attempt to
-use [<b>A</b>’s] session 4 to perform some operation with the object associated
-with [<b>A</b>’s] object handle 7.  The attempt fails, since there is no longer
-any such object.  It returns a CKR_OBJECT_HANDLE_INVALID.</p>
-
-<p class=MsoNormal style='margin-top:4.0pt;margin-right:0in;margin-bottom:4.0pt;
-margin-left:.25in;text-indent:-.25in;line-height:normal'>25.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp; </span><b>A2</b> executes a
-call to <b>C_CloseAllSessions</b>.  This closes [<b>A</b>’s] session 4.  At
-this point, if <b>A</b> were to open a new session, the session would not be
-logged in (<i>i.e.</i>, it would be a public session).</p>
-
-<p class=MsoNormal style='margin-top:4.0pt;margin-right:0in;margin-bottom:4.0pt;
-margin-left:.25in;text-indent:-.25in;line-height:normal'>26.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp; </span><b>B2</b> closes [<b>B</b>’s]
-session 7.  At this point, if <b>B</b> were to open a new session, the session
-would not be logged in.</p>
-
-<p class=MsoNormal style='margin-top:4.0pt;margin-right:0in;margin-bottom:4.0pt;
-margin-left:.25in;text-indent:-.25in;line-height:normal'>27.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp; </span><b>A</b> and <b>B</b>
-each call <b>C_Finalize</b> to indicate that they are done with the Cryptoki
-library.</p>
-
-<p class=MsoNormal style='margin-top:4.0pt;margin-right:0in;margin-bottom:4.0pt;
-margin-left:0in;line-height:normal'><b>&nbsp;</b></p>
-
-<p class=MsoNormal style='margin-top:4.0pt;margin-right:0in;margin-bottom:4.0pt;
-margin-left:0in;line-height:normal'>Modules implementing previous versions of
-PKCS #11 may return the CKR_SESSION_READ_ONLY_EXISTS and
-CKR_SESSION_READ_WRITE_SO_EXISTS error codes. </p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<div style='border:none;border-top:solid #A1985A 1.0pt;padding:6.0pt 0in 0in 0in'>
-
-<p class=Heading1WP><a name="_Toc406759998"></a><a name="_Toc386027493"></a><a
-name="_Toc380217982"></a><a name="_Toc356917294"></a><a name="_Toc235002224"></a><a
-name="_Toc72656009"></a><a name="_Toc405794625"></a><a name="_Toc385057802"></a><a
-name="_Toc383864813"></a><a name="_Toc323610799"></a><a name="_Toc323205370"></a><a
-name="_Toc323024039"></a><a name="_Toc323000679"></a><a name="_Toc322945096"></a><a
-name="_Toc322855270"></a><a name="_Toc319315670"></a><a name="_Toc319313677"></a><a
-name="_Toc319313484"></a><a name="_Toc319287643">3<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span>Security</a> considerations</p>
-
-</div>
-
-<h2><a name="_Toc406759999"></a><a name="_Toc386027494"></a><a
-name="_Toc380217983">3.1 General Guidance</a></h2>
-
-<p class=MsoNormal>As an interface to cryptographic devices, Cryptoki provides
-a basis for security in a computer or communications system.  Two of the
-particular features of the interface that facilitate such security are the
-following:</p>
-
-<p class=MsoNormal style='margin-top:4.0pt;margin-right:0in;margin-bottom:4.0pt;
-margin-left:.25in;text-indent:-.25in;line-height:normal'>1.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Access
-to private objects on the token, and possibly to cryptographic functions and/or
-certificates on the token as well, requires a PIN. Thus, possessing the
-cryptographic device that implements the token may not be sufficient to use it;
-the PIN may also be needed.</p>
-
-<p class=MsoNormal style='margin-top:4.0pt;margin-right:0in;margin-bottom:4.0pt;
-margin-left:.25in;text-indent:-.25in;line-height:normal'>2.<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Additional
-protection can be given to private keys and secret keys by marking them as
-“sensitive” or “unextractable”.  Sensitive keys cannot be revealed in plaintext
-off the token, and unextractable keys cannot be revealed off the token even
-when encrypted (though they can still be used as keys).</p>
-
-<p class=MsoNormal>It is expected that access to private, sensitive, or unextractable
-objects by means other than Cryptoki (<i>e.g.</i>, other programming
-interfaces, or reverse engineering of the device) would be difficult.</p>
-
-<p class=MsoNormal>If a device does not have a tamper-proof environment or
-protected memory in which to store private and sensitive objects, the device
-may encrypt the objects with a master key which is perhaps derived from the
-user’s PIN.  The particular mechanism for protecting private objects is left to
-the device implementation, however.</p>
-
-<p class=MsoNormal>Based on these features it should be possible to design
-applications in such a way that the token can provide adequate security for the
-objects the applications manage.</p>
-
-<p class=MsoNormal>Of course, cryptography is only one element of security, and
-the token is only one component in a system. While the token itself may be
-secure, one must also consider the security of the operating system by which
-the application interfaces to it, especially since the PIN may be passed
-through the operating system. This can make it easy for a rogue application on
-the operating system to obtain the PIN; it is also possible that other devices
-monitoring communication lines to the cryptographic device can obtain the PIN.
-Rogue applications and devices may also change the commands sent to the
-cryptographic device to obtain services other than what the application
-requested.</p>
-
-<p class=MsoNormal>It is important to be sure that the system is secure against
-such attack. Cryptoki may well play a role here; for instance, a token may be
-involved in the “booting up” of the system.</p>
-
-<p class=MsoNormal>We note that none of the attacks just described can
-compromise keys marked “sensitive,” since a key that is sensitive will always
-remain sensitive.  Similarly, a key that is unextractable cannot be modified to
-be extractable<span style='font-size:12.0pt;line-height:110%'>.</span></p>
-
-<p class=MsoNormal>An application may also want to be sure that the token is
-“legitimate” in some sense (for a variety of reasons, including export
-restrictions and basic security). This is outside the scope of the present
-standard, but it can be achieved by distributing the token with a built-in,
-certified public/private-key pair, by which the token can prove its identity.
-The certificate would be signed by an authority (presumably the one indicating
-that the token is “legitimate”) whose public key is known to the application.
-The application would verify the certificate and challenge the token to prove
-its identity by signing a time-varying message with its built-in private key.</p>
-
-<p class=MsoNormal>Once a normal user has been authenticated to the token,
-Cryptoki does not restrict which cryptographic operations the user may perform;
-the user may perform any operation supported by the token.  Some tokens may not
-even require any type of authentication to make use of its cryptographic
-functions.</p>
-
-<h2><a name="_Toc406760000"></a><a name="_Toc386027495"></a><a
-name="_Toc380217984">3.2 Padded Oracle Attacks</a></h2>
-
-<p class=MsoNormal><span style='background:white'>To protect against chosen
-ciphertext attacks, like the Bleichenbacher attack, use PKCS #1 Version 2, with
-OAEP, and disable support for PKCS #1, Version 1.5.. </span></p>
-
-<p class=MsoNormal><span style='background:white'>Furthermore, more
-specifically to smart card implementations, the requirement of the PIN and a
-long open connection to the device is required to execute the attack.&nbsp; For
-smartcard implementations, execution of these attacks requires private key
-operations and a sufficiently long open connection. It is strongly recommended
-that any applets exposing private key operations are protected using an
-encrypted PIN (a PIN not submitted in the clear), and the session is closed
-when not in use.</span></p>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<div style='border:none;border-top:solid #A1985A 1.0pt;padding:6.0pt 0in 0in 0in'>
-
-<p class=Heading1WP><a name="_Toc406760001"></a><a name="_Toc386027496"></a><a
-name="_Toc380217985"></a><a name="_Toc356917378"></a><a name="_Toc235002405">4<span
-style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span>Cryptoki tips and reminders</a></p>
-
-</div>
-
-<h2 style='margin-top:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:
-0in;text-align:justify;text-indent:0in'><a name="_Toc406760002"></a><a
-name="_Toc386027497"></a><a name="_Toc380217986"></a><a name="_Toc356917379"></a><a
-name="_Toc235002406"></a><a name="_Toc72656527"></a><a name="_Toc405794952">4.1
-Operations, sessions</a>, and threads</h2>
-
-<p class=MsoNormal>In Cryptoki, there are several different types of operations
-which can be “active” in a session.  An active operation is essentially one
-which takes more than one Cryptoki function call to perform.  The types of
-active operations are object searching; encryption; decryption;
-message-digesting; signature with appendix; signature with recovery;
-verification with appendix; and verification with recovery.</p>
-
-<p class=MsoNormal>A given session can have 0, 1, or 2 operations active at a
-time.  It can only have 2 operations active simultaneously if the token
-supports this; moreover, those two operations must be one of the four following
-pairs of operations: digesting and encryption; decryption and digesting;
-signing and encryption; decryption and verification.</p>
-
-<p class=MsoNormal>If an application attempts to initialize an operation (make
-it active) in a session, but this cannot be accomplished because of some other
-active operation(s), the application receives the error value
-CKR_OPERATION_ACTIVE.  This error value can also be received if a session has
-an active operation and the application attempts to use that session to perform
-any of various operations which do not become “active”, but which require cryptographic
-processing, such as using the token’s random number generator, or
-generating/wrapping/unwrapping/deriving a key.</p>
-
-<p class=MsoNormal>To abandon an active operation an application may have to
-complete the operation and discard the result. Closing the session will also
-have this effect.  Alternatively, the library may allow active operations to be
-abandoned by the application, simply by allowing initialization for some other
-operation. In this case CKR_OPERATION_ACTIVE will not be returned but the
-previous active operation will be unusable.</p>
-
-<p class=MsoNormal>Different threads of an application should never share
-sessions, unless they are extremely careful not to make function calls at the
-same time.  This is true even if the Cryptoki library was initialized with
-locking enabled for thread-safety.</p>
-
-<h2 style='margin-top:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:
-0in;text-align:justify;text-indent:0in'><a name="_Toc406760003"></a><a
-name="_Toc386027498"></a><a name="_Toc380217987"></a><a name="_Toc356917380"></a><a
-name="_Toc235002407"></a><a name="_Toc72656528">4.2 Multiple Application Access
-Behavior</a></h2>
-
-<p class=MsoNormal>When multiple applications, or multiple threads within an
-application, are accessing a set of common objects the issue of object
-protection becomes important. This is especially the case when application A activates
-an operation using object O, and application B attempts to delete O before
-application A has finished the operation. Unfortunately, variation in device
-capabilities makes an absolute behavior specification impractical. General
-guidelines are presented here for object protection behavior.</p>
-
-<p class=MsoNormal>Whenever possible, deleting an object in one application
-should not cause that object to become unavailable to another application or
-thread that is using the object in an active operation until that operation is
-complete. For instance, application A has begun a signature operation with
-private key P and application B attempts to delete P while the signature is in
-progress. In this case, one of two things should happen. The object is deleted
-from the device but the operation is allow to complete because the operation
-uses a temporary copy of the object, or the delete operation blocks until the
-signature operation has completed. If neither of these actions can be supported
-by an implementation, then the error code CKR_OBJECT_HANDLE_INVALID may be
-returned to application A to indicate that the key being used to perform its
-active operation has been deleted.</p>
-
-<p class=MsoNormal>Whenever possible, changing the value of an object attribute
-should impact the behavior of active operations in other applications or
-threads. If this cannot be supported by an implementation, then the appropriate
-error code indicating the reason for the failure should be returned to the
-application with the active operation.</p>
-
-<h2 style='margin-top:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:
-0in;text-align:justify;text-indent:0in'><a name="_Toc406760004"></a><a
-name="_Toc386027499"></a><a name="_Toc380217988"></a><a name="_Toc356917381"></a><a
-name="_Toc235002408"></a><a name="_Toc72656529"></a><a name="_Toc405794953">4.3
-Objects, attributes, and templates</a></h2>
-
-<p class=MsoNormal>In general, a Cryptoki function which requires a template
-for an object needs the template to specify—either explicitly or implicitly—any
-attributes that are not specified elsewhere.  If a template specifies a
-particular attribute more than once, the function can return
-CKR_TEMPLATE_INVALID or it can choose a particular value of the attribute from
-among those specified and use that value.  In any event, object attributes are
-always single-valued.</p>
-
-<h2 style='margin-top:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:
-0in;text-align:justify;text-indent:0in'><a name="_Toc406760005"></a><a
-name="_Toc386027500"></a><a name="_Toc380217989"></a><a name="_Toc356917382"></a><a
-name="_Toc235002409"></a><a name="_Toc72656530"></a><a name="_Toc405794954">4.4
-Signing with recovery</a></h2>
-
-<p class=MsoNormal>Signing with recovery is a general alternative to ordinary
-digital signatures (“signing with appendix”) which is supported by certain
-mechanisms.  Recall that for ordinary digital signatures, a signature of a
-message is computed as some function of the message and the signer’s private
-key; this signature can then be used (together with the message and the
-signer’s public key) as input to the verification process, which yields a
-simple “signature valid/signature invalid” decision.</p>
-
-<p class=MsoNormal>Signing with recovery also creates a signature from a
-message and the signer’s private key.  However, to verify this signature, no
-message is required as input.  Only the signature and the signer’s public key
-are input to the verification process, and the verification process outputs
-either “signature invalid” or—if the signature is valid—the original message.</p>
-
-<p class=MsoNormal>Consider a simple example with the <b>CKM_RSA_X_509</b>
-mechanism.  Here, a message is a byte string which we will consider to be a
-number modulo <i>n</i> (the signer’s RSA modulus).  When this mechanism is used
-for ordinary digital signatures (signatures with appendix), a signature is
-computed by raising the message to the signer’s private exponent modulo <i>n</i>. 
-To verify this signature, a verifier raises the signature to the signer’s
-public exponent modulo <i>n</i>, and accepts the signature as valid if and only
-if the result matches the original message.</p>
-
-<p class=MsoNormal>If <b>CKM_RSA_X_509</b> is used to create signatures with
-recovery, the signatures are produced in exactly the same fashion.  For this
-particular mechanism, <i>any</i> number modulo <i>n</i> is a valid signature. 
-To recover the message from a signature, the signature is raised to the
-signer’s public exponent modulo <i>n</i>.</p>
-
-<div style='border:none;border-top:solid #A1985A 1.0pt;padding:6.0pt 0in 0in 0in'>
-
-<p class=Heading1WP><a name="_Toc406760006"></a><a name="_Toc386027501"></a><a
-name="_Toc380217990"></a><a name="_Toc356917390"></a><a name="_Toc235002415"></a><a
-name="_Ref72659908"></a><a name="_Toc72656536"></a><a name="_Toc405794956"></a><a
-name="_Toc383864977"></a><a name="_Toc323610961">5<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span><span class=Heading1WPChar>Comparison of Cryptoki and other APIs</span></a></p>
-
-</div>
-
-<h2><a name="_Toc406760007"></a><a name="_Toc386027502"></a><a
-name="_Toc380217992"></a><a name="_Toc356917391"></a><a name="_Toc235002416"></a><a
-name="_Toc72656537"></a><a name="_Toc380217991"></a>5.1 FORTEZZA CIPG</h2>
-
-<p class=MsoNormal>The following table lists the FORTEZZA CIPG functions,
-together with the equivalent Cryptoki functions.  See [FORTEZZA] for more
-information on the FORTEZZA API.</p>
-
-<p class=MsoCaption><span style='font-family:"Arial","sans-serif";font-variant:
-normal !important;text-transform:uppercase'>Table 5: FORTEZZA CIPG vs. Cryptoki</span></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=210 valign=top style='width:157.5pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table><b><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>FORTEZZA
-   CIPG</span></b></p>
-   </td>
-   <td width=373 valign=top style='width:279.9pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.4pt 0in 5.4pt'>
-   <p class=Table><b><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Equivalent
-   Cryptoki</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_ChangePIN</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_InitPIN,
-  C_SetPIN</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_CheckPIN</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_Login</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_Close</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_CloseSession</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_Decrypt</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_DecryptInit,
-  C_Decrypt, C_DecryptUpdate, C_DecryptFinal</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_DeleteCertificate</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_DestroyObject</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_DeleteKey</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_DestroyObject</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_Encrypt</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span lang=FR style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_EncryptInit,
-  C_Encrypt, C_EncryptUpdate, C_EncryptFinal</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_ExtractX</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_WrapKey</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span lang=SV style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_GenerateIV</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span lang=SV style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_GenerateRandom</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span lang=SV style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_GenerateMEK</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span lang=SV style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_GenerateKey</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span lang=SV style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_GenerateRa</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span lang=SV style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_GenerateRandom</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span lang=SV style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_GenerateRandom</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span lang=SV style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_GenerateRandom</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span lang=SV style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_GenerateTEK</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span lang=SV style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_GenerateKey</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_GenerateX</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_GenerateKeyPair</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_GetCertificate</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_FindObjects</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_Configuration</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_GetTokenInfo</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_GetHash</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span lang=DE style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_DigestInit,
-  C_Digest, C_DigestUpdate, and C_DigestFinal</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_GetIV</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>No
-  equivalent</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_GetPersonalityList</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_FindObjects</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_GetState</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_GetSessionInfo</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_GetStatus</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_GetTokenInfo</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_GetTime</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_GetTokenInfo
-  or</span></p>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_GetAttributeValue(clock
-  object) <b><i>[preferred]</i></b></span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_Hash</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span lang=DE style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_DigestInit,
-  C_Digest, C_DigestUpdate, and C_DigestFinal</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_Initialize</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_Initialize</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_InitializeHash</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_DigestInit</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_InstallX</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_UnwrapKey</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_LoadCertificate</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_CreateObject</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_LoadDSAParameters</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_CreateObject</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_LoadInitValues</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span lang=SV style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_SeedRandom</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span lang=SV style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_LoadIV</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_EncryptInit,
-  C_DecryptInit</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_LoadK</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_SignInit</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_LoadPublicKeyParameters</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_CreateObject</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_LoadPIN</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_SetPIN</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_LoadX</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_CreateObject</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_Lock</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Implicit
-  in session management</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_Open</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_OpenSession</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_RelayX</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_WrapKey</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_Reset</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_CloseAllSessions</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_Restore</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Implicit
-  in session management</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_Save</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Implicit
-  in session management</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_Select</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_OpenSession</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_SetConfiguration</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>No
-  equivalent</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_SetKey</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_EncryptInit,
-  C_DecryptInit</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_SetMode</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_EncryptInit,
-  C_DecryptInit</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_SetPersonality</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_CreateObject</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_SetTime</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>No
-  equivalent</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_Sign</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_SignInit,
-  C_Sign</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_Terminate</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_CloseAllSessions</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_Timestamp</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_SignInit,
-  C_Sign</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_Unlock</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Implicit
-  in session management</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_UnwrapKey</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_UnwrapKey</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_VerifySignature</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_VerifyInit,
-  C_Verify</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_VerifyTimestamp</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_VerifyInit,
-  C_Verify</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_WrapKey</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_WrapKey</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=210 valign=top style='width:157.5pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CI_Zeroize</span></p>
-  </td>
-  <td width=373 valign=top style='width:279.9pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_InitToken</span></p>
-  </td>
- </tr>
-</table>
-
-<h2><a name="_Toc406760008"></a><a name="_Toc386027503"></a><a
-name="_Toc380217993"></a><a name="_Toc356917392"></a><a name="_Toc235002417"></a><a
-name="_Toc72656538">5.2 GCS-API</a></h2>
-
-<p class=MsoNormal>This proposed standard defines an API to high-level security
-services such as authentication of identities and data-origin, non-repudiation,
-and separation and protection. It is at a higher level than Cryptoki.  The
-following table lists the GCS-API functions with the Cryptoki functions used to
-implement the functions. Note that full support of GCS-API is left for future
-versions of Cryptoki. See [GCS-API] for more information on the API.</p>
-
-<p class=MsoCaption><span style='font-family:"Arial","sans-serif";font-variant:
-normal !important;text-transform:uppercase'>Table 6: GCS-API vs. Cryptoki</span></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.4pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=252 valign=top style='width:189.0pt;border-top:1.5pt;border-left:
-   1.5pt;border-bottom:1.0pt;border-right:1.0pt;border-color:black;border-style:
-   solid;padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>GCS-API</span></b></p>
-   </td>
-   <td width=324 valign=top style='width:243.0pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=Table style='page-break-after:avoid'><b><span style='font-size:
-   10.0pt;font-family:"Arial","sans-serif"'>Cryptoki implementation</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>retrieve_CC</span></p>
-  </td>
-  <td width=324 valign=top style='width:243.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>release_CC</span></p>
-  </td>
-  <td width=324 valign=top style='width:243.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>generate_hash</span></p>
-  </td>
-  <td width=324 valign=top style='width:243.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table style='page-break-after:avoid'><span style='font-size:10.0pt;
-  font-family:"Arial","sans-serif"'>C_DigestInit, C_Digest</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>generate_random_number</span></p>
-  </td>
-  <td width=324 valign=top style='width:243.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_GenerateRandom</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>generate_checkvalue</span></p>
-  </td>
-  <td width=324 valign=top style='width:243.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_SignInit,
-  C_Sign, C_SignUpdate, C_SignFinal</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>verify_checkvalue</span></p>
-  </td>
-  <td width=324 valign=top style='width:243.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_VerifyInit,
-  C_Verify, C_VerifyUpdate, C_VerifyFinal</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>data_encipher</span></p>
-  </td>
-  <td width=324 valign=top style='width:243.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span lang=FR style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_EncryptInit,
-  C_Encrypt, C_EncryptUpdate, C_EncryptFinal</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>data_decipher</span></p>
-  </td>
-  <td width=324 valign=top style='width:243.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_DecryptInit,
-  C_Decrypt, C_DecryptUpdate, C_DecryptFinal</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>create_CC</span></p>
-  </td>
-  <td width=324 valign=top style='width:243.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>derive_key</span></p>
-  </td>
-  <td width=324 valign=top style='width:243.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_DeriveKey</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>generate_key</span></p>
-  </td>
-  <td width=324 valign=top style='width:243.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_GenerateKey</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>store_CC</span></p>
-  </td>
-  <td width=324 valign=top style='width:243.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>delete_CC</span></p>
-  </td>
-  <td width=324 valign=top style='width:243.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>replicate_CC</span></p>
-  </td>
-  <td width=324 valign=top style='width:243.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>export_key</span></p>
-  </td>
-  <td width=324 valign=top style='width:243.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_WrapKey</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>import_key</span></p>
-  </td>
-  <td width=324 valign=top style='width:243.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_UnwrapKey</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>archive_CC</span></p>
-  </td>
-  <td width=324 valign=top style='width:243.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_WrapKey</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>restore_CC</span></p>
-  </td>
-  <td width=324 valign=top style='width:243.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_UnwrapKey</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>set_key_state</span></p>
-  </td>
-  <td width=324 valign=top style='width:243.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>generate_key_pattern</span></p>
-  </td>
-  <td width=324 valign=top style='width:243.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>verify_key_pattern</span></p>
-  </td>
-  <td width=324 valign=top style='width:243.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>derive_clear_key</span></p>
-  </td>
-  <td width=324 valign=top style='width:243.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_DeriveKey</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>generate_clear_key</span></p>
-  </td>
-  <td width=324 valign=top style='width:243.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_GenerateKey</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>load_key_parts</span></p>
-  </td>
-  <td width=324 valign=top style='width:243.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>clear_key_encipher</span></p>
-  </td>
-  <td width=324 valign=top style='width:243.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_WrapKey</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>clear_key_decipher</span></p>
-  </td>
-  <td width=324 valign=top style='width:243.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_UnwrapKey</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>change_key_context</span></p>
-  </td>
-  <td width=324 valign=top style='width:243.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>load_initial_key</span></p>
-  </td>
-  <td width=324 valign=top style='width:243.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>generate_initial_key</span></p>
-  </td>
-  <td width=324 valign=top style='width:243.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>set_current_master_key</span></p>
-  </td>
-  <td width=324 valign=top style='width:243.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>protnder_new_master_key</span></p>
-  </td>
-  <td width=324 valign=top style='width:243.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>proect_under_current_master_key</span></p>
-  </td>
-  <td width=324 valign=top style='width:243.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span lang=SV style='font-size:10.0pt;font-family:"Arial","sans-serif"'>initialise_random_number_generator</span></p>
-  </td>
-  <td width=324 valign=top style='width:243.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span lang=SV style='font-size:10.0pt;font-family:"Arial","sans-serif"'>C_SeedRandom</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span lang=SV style='font-size:10.0pt;font-family:"Arial","sans-serif"'>install_algorithm</span></p>
-  </td>
-  <td width=324 valign=top style='width:243.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span lang=SV style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span lang=SV style='font-size:10.0pt;font-family:"Arial","sans-serif"'>de_install_algorithm</span></p>
-  </td>
-  <td width=324 valign=top style='width:243.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span lang=SV style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>disable_algorithm</span></p>
-  </td>
-  <td width=324 valign=top style='width:243.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>enable_algorithm</span></p>
-  </td>
-  <td width=324 valign=top style='width:243.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=252 valign=top style='width:189.0pt;border-top:none;border-left:
-  solid black 1.5pt;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>set_defaults</span></p>
-  </td>
-  <td width=324 valign=top style='width:243.0pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=Table><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
- </tr>
-</table>
-
-<div style='border:none;border-top:solid #A1985A 1.0pt;padding:6.0pt 0in 0in 0in'>
-
-<p class=Heading1WP><a name="_Toc406760009"></a><a name="_Toc386027504"></a><a
-name="_Toc380217994">6<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span>Deprecated PKCS #11 Functionality</a></p>
-
-</div>
-
-<h2 style='margin-top:12.0pt;margin-right:0in;margin-bottom:12.0pt;margin-left:
-0in;text-align:justify;text-indent:0in'><a name="_Toc406760010"></a><a
-name="_Toc386027505"></a><a name="_Toc380217995"></a><a name="_Toc356917292"></a><a
-name="_Toc235002222"></a><a name="_Toc72656007"></a><a name="_Ref499226027"></a><a
-name="_Ref471008604">6.1 Secondary authentication</a> (Deprecated)</h2>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 1.0pt 1.0pt 1.0pt;
-background:#CCCCCC'>
-
-<p class=MsoMessageHeader><b><span lang=X-NONE>Note:</span></b><span
-lang=X-NONE>        This support may be present for backwards compatibility.
-Refer to </span>[<span lang=X-NONE>PKCS</span><span lang=X-NONE>#</span><span
-lang=X-NONE>11</span>-<span lang=X-NONE> 2.1</span>]<span lang=X-NONE>1 for
-details.</span></p>
-
-</div>
-
-<p class=MsoNormal><span lang=X-NONE>&nbsp;</span></p>
-
-<h2><a name="_Toc406760011"></a><a name="_Toc386027506"></a><a
-name="_Toc380217996"></a><a name="_Toc356917394">6.2 Method for Exposing
-Multiple-PINs on a Token Through Cryptoki (deprecated)</a></h2>
-
-<div style='border:solid windowtext 1.0pt;padding:1.0pt 1.0pt 1.0pt 1.0pt;
-background:#CCCCCC'>
-
-<p class=MsoMessageHeader><b><span lang=X-NONE>Note:</span></b><span
-lang=X-NONE>        This support may be present for backwards compatibility.
-Refer to </span>[<span lang=X-NONE>PKCS11</span>-<span lang=X-NONE>V 2.11</span>]<span
-lang=X-NONE> for details.</span></p>
-
-</div>
-
-<p class=MsoNormal>&nbsp;</p>
-
-<h2><a name="_Toc406760012"></a><a name="_Toc386027507"></a><a
-name="_Toc380217997">6.3 Non-Normative Token Profiles</a></h2>
-
-<h3><a name="_Toc406760013"></a><a name="_Toc386027508"></a><a
-name="_Toc380217998">6.3.1 Description of this Section</a></h3>
-
-<p class=MsoNormal>This section describes sample “profiles,” <i>i.e.</i>, sets
-of mechanisms, which a token should support for various common types of
-application that were defined in PKCS #11 V2.30. It is expected that these sets
-would be standardized as parts of the various applications, for instance within
-a list of requirements on the module that provides cryptographic services to
-the application (which may be a Cryptoki token in some cases). Thus, these
-profiles are intended for reference only at this point, and are not part of
-this standard.</p>
-
-<p class=MsoNormal>The following table summarizes the mechanisms relevant to
-two common types of applications:</p>
-
-<p class=MsoCaption style='page-break-after:avoid'><span style='font-family:
-"Arial","sans-serif";font-variant:normal !important;text-transform:uppercase'>Table
-7: Mechanisms and profiles</span></p>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='margin-left:5.75pt;border-collapse:collapse;border:none'>
- <thead>
-  <tr>
-   <td width=192 valign=top style='width:2.0in;border-top:solid black 1.5pt;
-   border-left:solid black 1.5pt;border-bottom:none;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></b></p>
-   </td>
-   <td width=252 colspan=2 valign=top style='width:188.65pt;border-top:solid black 1.5pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Application</span></b></p>
-   </td>
-  </tr>
-  <tr>
-   <td width=192 valign=top style='width:2.0in;border-top:none;border-left:
-   solid black 1.5pt;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></b></p>
-   <p class=TableSmallFont align=left style='text-align:left'><b><span
-   style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Mechanism</span></b></p>
-   </td>
-   <td width=126 valign=top style='width:94.15pt;border-top:none;border-left:
-   none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Government
-   Authentication-only</span></b></p>
-   </td>
-   <td width=126 valign=top style='width:94.5pt;border-top:solid black 1.0pt;
-   border-left:none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-   padding:0in 5.75pt 0in 5.75pt'>
-   <p class=TableSmallFont><b><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Cellular
-   Digital Packet Data</span></b></p>
-   </td>
-  </tr>
- </thead>
- <tr>
-  <td width=192 valign=top style='width:2.0in;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left'><span
-  style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKM_DSA_KEY_PAIR_GEN</span></p>
-  </td>
-  <td width=126 valign=top style='width:94.15pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont><span style='font-size:10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=192 valign=top style='width:2.0in;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left'><span
-  style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKM_DSA</span></p>
-  </td>
-  <td width=126 valign=top style='width:94.15pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont><span style='font-size:10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=192 valign=top style='width:2.0in;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left'><span
-  style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKM_DH_PKCS_KEY_PAIR_GEN</span></p>
-  </td>
-  <td width=126 valign=top style='width:94.15pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont><span style='font-size:10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=192 valign=top style='width:2.0in;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left'><span
-  style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKM_DH_PKCS_DERIVE</span></p>
-  </td>
-  <td width=126 valign=top style='width:94.15pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont><span style='font-size:10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=192 valign=top style='width:2.0in;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left'><span
-  style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKM_RC4_KEY_GEN</span></p>
-  </td>
-  <td width=126 valign=top style='width:94.15pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont><span style='font-size:10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=192 valign=top style='width:2.0in;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left'><span
-  style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKM_RC4</span></p>
-  </td>
-  <td width=126 valign=top style='width:94.15pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.0pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont><span style='font-size:10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
- </tr>
- <tr>
-  <td width=192 valign=top style='width:2.0in;border-top:none;border-left:solid black 1.5pt;
-  border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont align=left style='text-align:left'><span
-  style='font-size:10.0pt;font-family:"Arial","sans-serif"'>CKM_SHA_1</span></p>
-  </td>
-  <td width=126 valign=top style='width:94.15pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.0pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont><span style='font-size:10.0pt;font-family:Wingdings'>ü</span></p>
-  </td>
-  <td width=126 valign=top style='width:94.5pt;border-top:none;border-left:
-  none;border-bottom:solid black 1.5pt;border-right:solid black 1.5pt;
-  padding:0in 5.75pt 0in 5.75pt'>
-  <p class=TableSmallFont><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>&nbsp;</span></p>
-  </td>
- </tr>
-</table>
-
-<h3><a name="_Toc406760014"></a><a name="_Toc386027509"></a><a
-name="_Toc380217999"></a><a name="_Toc356917387"></a><a name="_Toc235002412"></a><a
-name="_Toc72656533">6.3.2 Government authentication-only</a></h3>
-
-<p class=MsoNormal>The U.S. government has standardized on the Digital
-Signature Algorithm as defined in FIPS PUB 186-2 for signatures and the Secure
-Hash Algorithm as defined in FIPS PUB 180-2 for message digesting. The relevant
-mechanisms include the following:</p>
-
-<p class=MsoNormal style='margin-left:.5in'>DSA key generation (512-1024 bits)</p>
-
-<p class=MsoNormal style='margin-left:.5in'>DSA (512-1024 bits)</p>
-
-<p class=MsoNormal style='margin-left:.5in'>SHA-1</p>
-
-<h3><a name="_Toc406760015"></a><a name="_Toc386027510"></a><a
-name="_Toc380218000"></a><a name="_Toc356917388"></a><a name="_Toc235002413"></a><a
-name="_Toc72656534">6.3.3 Cellular Digital Packet Data</a> </h3>
-
-<p class=MsoNormal>Cellular Digital Packet Data (CDPD) is a set of protocols
-for wireless communication. The basic set of mechanisms to support CDPD
-applications includes the following:</p>
-
-<p class=MsoNormal style='margin-left:.5in'>Diffie-Hellman key generation
-(256-1024 bits)</p>
-
-<p class=MsoNormal style='margin-left:.5in'>Diffie-Hellman key derivation
-(256-1024 bits)</p>
-
-<p class=MsoNormal style='margin-left:.5in'>RC4 key generation (40-128 bits)</p>
-
-<p class=MsoNormal style='margin-left:.5in'>RC4 (40-128 bits)</p>
-
-<p class=MsoNormal>(The initial CDPD security specification limits the size of
-the Diffie-Hellman key to 256 bits, but it has been recommended that the size
-be increased to at least 512 bits.)</p>
-
-<h3><a name="_Toc406760016"></a><a name="_Toc386027511"></a><a
-name="_Toc380218001"></a><a name="_Toc356917389"></a><a name="_Toc235002414"></a><a
-name="_Toc72656535">6.3.4 Other profiles</a> </h3>
-
-<p class=MsoNormal>The reader is also informed of the presence of other sample
-profiles defined prior to PKCS #11 v2.40.  See the documentation for previous
-versions of PKCS #11.  </p>
-
-<div style='border:none;border-top:solid gray 1.0pt;padding:6.0pt 0in 0in 0in'>
-
-<p class=AppendixHeading1><a name="_Toc406760017"></a><a name="_Toc386027512"></a><a
-name="_Toc380218003"></a><a name="_Toc287337066"></a><a name="_Toc287336983">Appendix
-A.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span>Acknowledgments</a></p>
-
-</div>
-
-<p class=MsoNormal>The following individuals have participated in the creation
-of this specification and are gratefully acknowledged:</p>
-
-<p class=MsoNormal><b>Participants:</b></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Gil Abel,
-Athena Smartcard Solutions, Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Warren
-Armstrong, QuintessenceLabs</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Jeff
-Bartell, Semper Foris Solutions LLC</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Peter
-Bartok, Venafi, Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Anthony
-Berglas, Cryptsoft </p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Joseph
-Brand, Semper Fortis Solutions LLC</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Kelley
-Burgin, National Security Agency</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Robert
-Burns, Thales e-Security</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Wan-Teh
-Chang, Google Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Hai-May
-Chao, Oracle</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Janice
-Cheng, Vormetric, Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Sangrae Cho,
-Electronics and Telecommunications Research Institute (ETRI)</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Doron Cohen,
-SafeNet, Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Fadi Cotran,
-Futurex</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Tony Cox,
-Cryptsoft </p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Christopher
-Duane, EMC</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Chris Dunn,
-SafeNet, Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Valerie
-Fenwick, Oracle</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Terry
-Fletcher, SafeNet, Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Susan
-Gleeson, Oracle</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Sven Gossel,
-Charismathics</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>John Green,
-QuintessenceLabs</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Robert
-Griffin, EMC</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Paul
-Grojean, Individual</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Peter
-Gutmann, Individual</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Dennis E.
-Hamilton, Individual</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Thomas
-Hardjono, M.I.T.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Tim Hudson,
-Cryptsoft</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Gershon
-Janssen, Individual</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Seunghun
-Jin, Electronics and Telecommunications Research Institute (ETRI)</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Wang
-Jingman, Feitan Technologies</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Andrey
-Jivsov, Symantec Corp.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Mark Joseph,
-P6R</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Stefan
-Kaesar, Infineon Technologies</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Greg
-Kazmierczak, Wave Systems Corp.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Mark Knight,
-Thales e-Security</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=DE-CH>Darren Krahn, Google Inc.</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=DE-CH>Alex Krasnov, Infineon Technologies AG</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Dina
-Kurktchi-Nimeh, Oracle</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Mark
-Lambiase, SecureAuth Corporation</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Lawrence
-Lee, GoTrust Technology Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=FR-CH>John Leiseboer, QuintessenceLabs </span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=FR-CH>Sean Leon, Infineon Technologies</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=FR-CH>Geoffrey Li, Infineon Technologies</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=FR-CH>Howie Liu, Infineon Technologies</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Hal
-Lockhart, Oracle</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Robert
-Lockhart, Thales e-Security</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Dale Moberg,
-Axway Software</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Darren
-Moffat, Oracle</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Valery
-Osheter, SafeNet, Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Sean
-Parkinson, EMC</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Rob
-Philpott, EMC</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Mark Powers,
-Oracle</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Ajai Puri,
-SafeNet, Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Robert
-Relyea, Red Hat</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Saikat Saha,
-Oracle</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=IT>Subhash Sankuratripati, NetApp</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=IT>Anthony Scarpino, Oracle</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Johann
-Schoetz, Infineon Technologies AG</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Rayees
-Shamsuddin, Wave Systems Corp.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=IT>Radhika Siravara, Oracle</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=IT>Brian Smith, Mozilla Corporation</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>David Smith,
-Venafi, Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Ryan Smith,
-Futurex</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Jerry Smith,
-US Department of Defense (DoD)</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Oscar So,
-Oracle</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Graham
-Steel, Cryptosense</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Michael
-Stevens, QuintessenceLabs </p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Michael
-StJohns, Individual</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Jim Susoy,
-P6R</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Sander
-Temme, Thales e-Security</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Kiran Thota,
-VMware, Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Walter-John
-Turnes, Gemini Security Solutions, Inc.</p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=DE-CH>Stef Walter, Red Hat</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=DE-CH>James Wang, Vormetric</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=DE-CH>Jeff Webb, Dell</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=DE-CH>Peng Yu, Feitian Technologies</span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'><span
-lang=DE-CH>Magda Zdunkiewicz, Cryptsoft </span></p>
-
-<p class=MsoNormal style='margin-bottom:0in;margin-bottom:.0001pt'>Chris
-Zimman, Individual</p>
-
-<div style='border:none;border-top:solid gray 1.0pt;padding:6.0pt 0in 0in 0in'>
-
-<p class=AppendixHeading1><a name="_Toc406760018"></a><a name="_Toc386027513"></a><a
-name="_Toc380218004">Appendix B.<span style='font:7.0pt "Times New Roman"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
-</span>Revision History</a></p>
-
-</div>
-
-<table class=MsoNormalTable border=1 cellspacing=0 cellpadding=0
- style='border-collapse:collapse;border:none'>
- <tr>
-  <td width=98 valign=top style='width:73.85pt;border:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=center style='text-align:center'><b>Revision</b></p>
-  </td>
-  <td width=91 valign=top style='width:67.95pt;border:solid windowtext 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=center style='text-align:center'><b>Date</b></p>
-  </td>
-  <td width=135 valign=top style='width:101.25pt;border:solid windowtext 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal align=center style='text-align:center'><b>Editor</b></p>
-  </td>
-  <td width=266 valign=top style='width:199.75pt;border:solid windowtext 1.0pt;
-  border-left:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal><b>Changes Made</b></p>
-  </td>
- </tr>
- <tr>
-  <td width=98 valign=top style='width:73.85pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>wd01</p>
-  </td>
-  <td width=91 valign=top style='width:67.95pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>18 March 2013</p>
-  </td>
-  <td width=135 valign=top style='width:101.25pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>John Leiseboer</p>
-  </td>
-  <td width=266 valign=top style='width:199.75pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Initial version</p>
-  </td>
- </tr>
- <tr>
-  <td width=98 valign=top style='width:73.85pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>wd02</p>
-  </td>
-  <td width=91 valign=top style='width:67.95pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>10 June 2013</p>
-  </td>
-  <td width=135 valign=top style='width:101.25pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>John Leiseboer</p>
-  </td>
-  <td width=266 valign=top style='width:199.75pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Incorporated usage information from PCKS #11 Base
-  Specification V2.30</p>
-  </td>
- </tr>
- <tr>
-  <td width=98 valign=top style='width:73.85pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>wd03</p>
-  </td>
-  <td width=91 valign=top style='width:67.95pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>10 September 2013</p>
-  </td>
-  <td width=135 valign=top style='width:101.25pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Robert Griffin</p>
-  </td>
-  <td width=266 valign=top style='width:199.75pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Incorporated new sections from approved ballots</p>
-  </td>
- </tr>
- <tr>
-  <td width=98 valign=top style='width:73.85pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>wd04</p>
-  </td>
-  <td width=91 valign=top style='width:67.95pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>16 September 2013</p>
-  </td>
-  <td width=135 valign=top style='width:101.25pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Robert Griffin</p>
-  </td>
-  <td width=266 valign=top style='width:199.75pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Updated participants list</p>
-  </td>
- </tr>
- <tr>
-  <td width=98 valign=top style='width:73.85pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>wd05</p>
-  </td>
-  <td width=91 valign=top style='width:67.95pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>1 October 2013</p>
-  </td>
-  <td width=135 valign=top style='width:101.25pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Robert Griffin</p>
-  </td>
-  <td width=266 valign=top style='width:199.75pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Removed design goals section as discussed in face-to-face
-  meeting.</p>
-  </td>
- </tr>
- <tr>
-  <td width=98 valign=top style='width:73.85pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>wd06</p>
-  </td>
-  <td width=91 valign=top style='width:67.95pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>27 October 2013</p>
-  </td>
-  <td width=135 valign=top style='width:101.25pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>John Leiseboer /  Robert Griffin</p>
-  </td>
-  <td width=266 valign=top style='width:199.75pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Final participant list and other editorial changes for
-  Committee Note Draft</p>
-  </td>
- </tr>
- <tr>
-  <td width=98 valign=top style='width:73.85pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>cnd01</p>
-  </td>
-  <td width=91 valign=top style='width:67.95pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>30 October 2013</p>
-  </td>
-  <td width=135 valign=top style='width:101.25pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>OASIS</p>
-  </td>
-  <td width=266 valign=top style='width:199.75pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Committee Note Draft</p>
-  </td>
- </tr>
- <tr>
-  <td width=98 valign=top style='width:73.85pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>wd07</p>
-  </td>
-  <td width=91 valign=top style='width:67.95pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>15 February 2014</p>
-  </td>
-  <td width=135 valign=top style='width:101.25pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Robert Griffin</p>
-  </td>
-  <td width=266 valign=top style='width:199.75pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Corrections and changes from public review</p>
-  </td>
- </tr>
- <tr>
-  <td width=98 valign=top style='width:73.85pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>cnd02</p>
-  </td>
-  <td width=91 valign=top style='width:67.95pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>23 April 2014</p>
-  </td>
-  <td width=135 valign=top style='width:101.25pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>OASIS</p>
-  </td>
-  <td width=266 valign=top style='width:199.75pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Committee Note Draft</p>
-  </td>
- </tr>
- <tr>
-  <td width=98 valign=top style='width:73.85pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>cnd02a</p>
-  </td>
-  <td width=91 valign=top style='width:67.95pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Sep 3 2014</p>
-  </td>
-  <td width=135 valign=top style='width:101.25pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>John Leiseboer / Robert Griffin</p>
-  </td>
-  <td width=266 valign=top style='width:199.75pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Updated revision history and participant list in
-  preparation for Committee Specification ballot</p>
-  </td>
- </tr>
- <tr>
-  <td width=98 valign=top style='width:73.85pt;border:solid windowtext 1.0pt;
-  border-top:none;padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>wd08</p>
-  </td>
-  <td width=91 valign=top style='width:67.95pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>3 November 2014</p>
-  </td>
-  <td width=135 valign=top style='width:101.25pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Robert Griffin</p>
-  </td>
-  <td width=266 valign=top style='width:199.75pt;border-top:none;border-left:
-  none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;
-  padding:0in 5.4pt 0in 5.4pt'>
-  <p class=MsoNormal>Editorial corrections</p>
-  </td>
- </tr>
-</table>
-
-<p class=MsoNormal>&nbsp;</p>
-
-</div>
-
-</body>
-
-</html>
diff --git a/pkcs11-docs/pkcs11.h b/pkcs11-docs/pkcs11.h
deleted file mode 100644
index 0d78dd7..0000000
--- a/pkcs11-docs/pkcs11.h
+++ /dev/null
@@ -1,265 +0,0 @@
-/* Copyright (c) OASIS Open 2016. All Rights Reserved./
- * /Distributed under the terms of the OASIS IPR Policy,
- * [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT ANY
- * IMPLIED OR EXPRESS WARRANTY; there is no warranty of MERCHANTABILITY, FITNESS FOR A
- * PARTICULAR PURPOSE or NONINFRINGEMENT of the rights of others.
- */
-        
-/* Latest version of the specification:
- * http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html
- */
-
-#ifndef _PKCS11_H_
-#define _PKCS11_H_ 1
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Before including this file (pkcs11.h) (or pkcs11t.h by
- * itself), 5 platform-specific macros must be defined.  These
- * macros are described below, and typical definitions for them
- * are also given.  Be advised that these definitions can depend
- * on both the platform and the compiler used (and possibly also
- * on whether a Cryptoki library is linked statically or
- * dynamically).
- *
- * In addition to defining these 5 macros, the packing convention
- * for Cryptoki structures should be set.  The Cryptoki
- * convention on packing is that structures should be 1-byte
- * aligned.
- *
- * If you're using Microsoft Developer Studio 5.0 to produce
- * Win32 stuff, this might be done by using the following
- * preprocessor directive before including pkcs11.h or pkcs11t.h:
- *
- * #pragma pack(push, cryptoki, 1)
- *
- * and using the following preprocessor directive after including
- * pkcs11.h or pkcs11t.h:
- *
- * #pragma pack(pop, cryptoki)
- *
- * If you're using an earlier version of Microsoft Developer
- * Studio to produce Win16 stuff, this might be done by using
- * the following preprocessor directive before including
- * pkcs11.h or pkcs11t.h:
- *
- * #pragma pack(1)
- *
- * In a UNIX environment, you're on your own for this.  You might
- * not need to do (or be able to do!) anything.
- *
- *
- * Now for the macros:
- *
- *
- * 1. CK_PTR: The indirection string for making a pointer to an
- * object.  It can be used like this:
- *
- * typedef CK_BYTE CK_PTR CK_BYTE_PTR;
- *
- * If you're using Microsoft Developer Studio 5.0 to produce
- * Win32 stuff, it might be defined by:
- *
- * #define CK_PTR *
- *
- * If you're using an earlier version of Microsoft Developer
- * Studio to produce Win16 stuff, it might be defined by:
- *
- * #define CK_PTR far *
- *
- * In a typical UNIX environment, it might be defined by:
- *
- * #define CK_PTR *
- *
- *
- * 2. CK_DECLARE_FUNCTION(returnType, name): A macro which makes
- * an importable Cryptoki library function declaration out of a
- * return type and a function name.  It should be used in the
- * following fashion:
- *
- * extern CK_DECLARE_FUNCTION(CK_RV, C_Initialize)(
- *   CK_VOID_PTR pReserved
- * );
- *
- * If you're using Microsoft Developer Studio 5.0 to declare a
- * function in a Win32 Cryptoki .dll, it might be defined by:
- *
- * #define CK_DECLARE_FUNCTION(returnType, name) \
- *   returnType __declspec(dllimport) name
- *
- * If you're using an earlier version of Microsoft Developer
- * Studio to declare a function in a Win16 Cryptoki .dll, it
- * might be defined by:
- *
- * #define CK_DECLARE_FUNCTION(returnType, name) \
- *   returnType __export _far _pascal name
- *
- * In a UNIX environment, it might be defined by:
- *
- * #define CK_DECLARE_FUNCTION(returnType, name) \
- *   returnType name
- *
- *
- * 3. CK_DECLARE_FUNCTION_POINTER(returnType, name): A macro
- * which makes a Cryptoki API function pointer declaration or
- * function pointer type declaration out of a return type and a
- * function name.  It should be used in the following fashion:
- *
- * // Define funcPtr to be a pointer to a Cryptoki API function
- * // taking arguments args and returning CK_RV.
- * CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtr)(args);
- *
- * or
- *
- * // Define funcPtrType to be the type of a pointer to a
- * // Cryptoki API function taking arguments args and returning
- * // CK_RV, and then define funcPtr to be a variable of type
- * // funcPtrType.
- * typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtrType)(args);
- * funcPtrType funcPtr;
- *
- * If you're using Microsoft Developer Studio 5.0 to access
- * functions in a Win32 Cryptoki .dll, in might be defined by:
- *
- * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
- *   returnType __declspec(dllimport) (* name)
- *
- * If you're using an earlier version of Microsoft Developer
- * Studio to access functions in a Win16 Cryptoki .dll, it might
- * be defined by:
- *
- * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
- *   returnType __export _far _pascal (* name)
- *
- * In a UNIX environment, it might be defined by:
- *
- * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
- *   returnType (* name)
- *
- *
- * 4. CK_CALLBACK_FUNCTION(returnType, name): A macro which makes
- * a function pointer type for an application callback out of
- * a return type for the callback and a name for the callback.
- * It should be used in the following fashion:
- *
- * CK_CALLBACK_FUNCTION(CK_RV, myCallback)(args);
- *
- * to declare a function pointer, myCallback, to a callback
- * which takes arguments args and returns a CK_RV.  It can also
- * be used like this:
- *
- * typedef CK_CALLBACK_FUNCTION(CK_RV, myCallbackType)(args);
- * myCallbackType myCallback;
- *
- * If you're using Microsoft Developer Studio 5.0 to do Win32
- * Cryptoki development, it might be defined by:
- *
- * #define CK_CALLBACK_FUNCTION(returnType, name) \
- *   returnType (* name)
- *
- * If you're using an earlier version of Microsoft Developer
- * Studio to do Win16 development, it might be defined by:
- *
- * #define CK_CALLBACK_FUNCTION(returnType, name) \
- *   returnType _far _pascal (* name)
- *
- * In a UNIX environment, it might be defined by:
- *
- * #define CK_CALLBACK_FUNCTION(returnType, name) \
- *   returnType (* name)
- *
- *
- * 5. NULL_PTR: This macro is the value of a NULL pointer.
- *
- * In any ANSI/ISO C environment (and in many others as well),
- * this should best be defined by
- *
- * #ifndef NULL_PTR
- * #define NULL_PTR 0
- * #endif
- */
-
-
-/* All the various Cryptoki types and #define'd values are in the
- * file pkcs11t.h.
- */
-#include "pkcs11t.h"
-
-#define __PASTE(x,y)      x##y
-
-
-/* ==============================================================
- * Define the "extern" form of all the entry points.
- * ==============================================================
- */
-
-#define CK_NEED_ARG_LIST  1
-#define CK_PKCS11_FUNCTION_INFO(name) \
-  extern CK_DECLARE_FUNCTION(CK_RV, name)
-
-/* pkcs11f.h has all the information about the Cryptoki
- * function prototypes.
- */
-#include "pkcs11f.h"
-
-#undef CK_NEED_ARG_LIST
-#undef CK_PKCS11_FUNCTION_INFO
-
-
-/* ==============================================================
- * Define the typedef form of all the entry points.  That is, for
- * each Cryptoki function C_XXX, define a type CK_C_XXX which is
- * a pointer to that kind of function.
- * ==============================================================
- */
-
-#define CK_NEED_ARG_LIST  1
-#define CK_PKCS11_FUNCTION_INFO(name) \
-  typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, __PASTE(CK_,name))
-
-/* pkcs11f.h has all the information about the Cryptoki
- * function prototypes.
- */
-#include "pkcs11f.h"
-
-#undef CK_NEED_ARG_LIST
-#undef CK_PKCS11_FUNCTION_INFO
-
-
-/* ==============================================================
- * Define structed vector of entry points.  A CK_FUNCTION_LIST
- * contains a CK_VERSION indicating a library's Cryptoki version
- * and then a whole slew of function pointers to the routines in
- * the library.  This type was declared, but not defined, in
- * pkcs11t.h.
- * ==============================================================
- */
-
-#define CK_PKCS11_FUNCTION_INFO(name) \
-  __PASTE(CK_,name) name;
-
-struct CK_FUNCTION_LIST {
-
-  CK_VERSION    version;  /* Cryptoki version */
-
-/* Pile all the function pointers into the CK_FUNCTION_LIST. */
-/* pkcs11f.h has all the information about the Cryptoki
- * function prototypes.
- */
-#include "pkcs11f.h"
-
-};
-
-#undef CK_PKCS11_FUNCTION_INFO
-
-
-#undef __PASTE
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKCS11_H_ */
-
diff --git a/pkcs11-docs/pkcs11f.h b/pkcs11-docs/pkcs11f.h
deleted file mode 100644
index ed90aff..0000000
--- a/pkcs11-docs/pkcs11f.h
+++ /dev/null
@@ -1,939 +0,0 @@
-/* Copyright (c) OASIS Open 2016. All Rights Reserved./
- * /Distributed under the terms of the OASIS IPR Policy,
- * [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT ANY
- * IMPLIED OR EXPRESS WARRANTY; there is no warranty of MERCHANTABILITY, FITNESS FOR A
- * PARTICULAR PURPOSE or NONINFRINGEMENT of the rights of others.
- */
-        
-/* Latest version of the specification:
- * http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html
- */
-
-/* This header file contains pretty much everything about all the
- * Cryptoki function prototypes.  Because this information is
- * used for more than just declaring function prototypes, the
- * order of the functions appearing herein is important, and
- * should not be altered.
- */
-
-/* General-purpose */
-
-/* C_Initialize initializes the Cryptoki library. */
-CK_PKCS11_FUNCTION_INFO(C_Initialize)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_VOID_PTR   pInitArgs  /* if this is not NULL_PTR, it gets
-                            * cast to CK_C_INITIALIZE_ARGS_PTR
-                            * and dereferenced
-                            */
-);
-#endif
-
-
-/* C_Finalize indicates that an application is done with the
- * Cryptoki library.
- */
-CK_PKCS11_FUNCTION_INFO(C_Finalize)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_VOID_PTR   pReserved  /* reserved.  Should be NULL_PTR */
-);
-#endif
-
-
-/* C_GetInfo returns general information about Cryptoki. */
-CK_PKCS11_FUNCTION_INFO(C_GetInfo)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_INFO_PTR   pInfo  /* location that receives information */
-);
-#endif
-
-
-/* C_GetFunctionList returns the function list. */
-CK_PKCS11_FUNCTION_INFO(C_GetFunctionList)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_FUNCTION_LIST_PTR_PTR ppFunctionList  /* receives pointer to
-                                            * function list
-                                            */
-);
-#endif
-
-
-
-/* Slot and token management */
-
-/* C_GetSlotList obtains a list of slots in the system. */
-CK_PKCS11_FUNCTION_INFO(C_GetSlotList)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_BBOOL       tokenPresent,  /* only slots with tokens */
-  CK_SLOT_ID_PTR pSlotList,     /* receives array of slot IDs */
-  CK_ULONG_PTR   pulCount       /* receives number of slots */
-);
-#endif
-
-
-/* C_GetSlotInfo obtains information about a particular slot in
- * the system.
- */
-CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SLOT_ID       slotID,  /* the ID of the slot */
-  CK_SLOT_INFO_PTR pInfo    /* receives the slot information */
-);
-#endif
-
-
-/* C_GetTokenInfo obtains information about a particular token
- * in the system.
- */
-CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SLOT_ID        slotID,  /* ID of the token's slot */
-  CK_TOKEN_INFO_PTR pInfo    /* receives the token information */
-);
-#endif
-
-
-/* C_GetMechanismList obtains a list of mechanism types
- * supported by a token.
- */
-CK_PKCS11_FUNCTION_INFO(C_GetMechanismList)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SLOT_ID            slotID,          /* ID of token's slot */
-  CK_MECHANISM_TYPE_PTR pMechanismList,  /* gets mech. array */
-  CK_ULONG_PTR          pulCount         /* gets # of mechs. */
-);
-#endif
-
-
-/* C_GetMechanismInfo obtains information about a particular
- * mechanism possibly supported by a token.
- */
-CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SLOT_ID            slotID,  /* ID of the token's slot */
-  CK_MECHANISM_TYPE     type,    /* type of mechanism */
-  CK_MECHANISM_INFO_PTR pInfo    /* receives mechanism info */
-);
-#endif
-
-
-/* C_InitToken initializes a token. */
-CK_PKCS11_FUNCTION_INFO(C_InitToken)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SLOT_ID      slotID,    /* ID of the token's slot */
-  CK_UTF8CHAR_PTR pPin,      /* the SO's initial PIN */
-  CK_ULONG        ulPinLen,  /* length in bytes of the PIN */
-  CK_UTF8CHAR_PTR pLabel     /* 32-byte token label (blank padded) */
-);
-#endif
-
-
-/* C_InitPIN initializes the normal user's PIN. */
-CK_PKCS11_FUNCTION_INFO(C_InitPIN)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_UTF8CHAR_PTR   pPin,      /* the normal user's PIN */
-  CK_ULONG          ulPinLen   /* length in bytes of the PIN */
-);
-#endif
-
-
-/* C_SetPIN modifies the PIN of the user who is logged in. */
-CK_PKCS11_FUNCTION_INFO(C_SetPIN)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_UTF8CHAR_PTR   pOldPin,   /* the old PIN */
-  CK_ULONG          ulOldLen,  /* length of the old PIN */
-  CK_UTF8CHAR_PTR   pNewPin,   /* the new PIN */
-  CK_ULONG          ulNewLen   /* length of the new PIN */
-);
-#endif
-
-
-
-/* Session management */
-
-/* C_OpenSession opens a session between an application and a
- * token.
- */
-CK_PKCS11_FUNCTION_INFO(C_OpenSession)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SLOT_ID            slotID,        /* the slot's ID */
-  CK_FLAGS              flags,         /* from CK_SESSION_INFO */
-  CK_VOID_PTR           pApplication,  /* passed to callback */
-  CK_NOTIFY             Notify,        /* callback function */
-  CK_SESSION_HANDLE_PTR phSession      /* gets session handle */
-);
-#endif
-
-
-/* C_CloseSession closes a session between an application and a
- * token.
- */
-CK_PKCS11_FUNCTION_INFO(C_CloseSession)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession  /* the session's handle */
-);
-#endif
-
-
-/* C_CloseAllSessions closes all sessions with a token. */
-CK_PKCS11_FUNCTION_INFO(C_CloseAllSessions)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SLOT_ID     slotID  /* the token's slot */
-);
-#endif
-
-
-/* C_GetSessionInfo obtains information about the session. */
-CK_PKCS11_FUNCTION_INFO(C_GetSessionInfo)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE   hSession,  /* the session's handle */
-  CK_SESSION_INFO_PTR pInfo      /* receives session info */
-);
-#endif
-
-
-/* C_GetOperationState obtains the state of the cryptographic operation
- * in a session.
- */
-CK_PKCS11_FUNCTION_INFO(C_GetOperationState)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,             /* session's handle */
-  CK_BYTE_PTR       pOperationState,      /* gets state */
-  CK_ULONG_PTR      pulOperationStateLen  /* gets state length */
-);
-#endif
-
-
-/* C_SetOperationState restores the state of the cryptographic
- * operation in a session.
- */
-CK_PKCS11_FUNCTION_INFO(C_SetOperationState)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,            /* session's handle */
-  CK_BYTE_PTR      pOperationState,      /* holds state */
-  CK_ULONG         ulOperationStateLen,  /* holds state length */
-  CK_OBJECT_HANDLE hEncryptionKey,       /* en/decryption key */
-  CK_OBJECT_HANDLE hAuthenticationKey    /* sign/verify key */
-);
-#endif
-
-
-/* C_Login logs a user into a token. */
-CK_PKCS11_FUNCTION_INFO(C_Login)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_USER_TYPE      userType,  /* the user type */
-  CK_UTF8CHAR_PTR   pPin,      /* the user's PIN */
-  CK_ULONG          ulPinLen   /* the length of the PIN */
-);
-#endif
-
-
-/* C_Logout logs a user out from a token. */
-CK_PKCS11_FUNCTION_INFO(C_Logout)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession  /* the session's handle */
-);
-#endif
-
-
-
-/* Object management */
-
-/* C_CreateObject creates a new object. */
-CK_PKCS11_FUNCTION_INFO(C_CreateObject)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,    /* the session's handle */
-  CK_ATTRIBUTE_PTR  pTemplate,   /* the object's template */
-  CK_ULONG          ulCount,     /* attributes in template */
-  CK_OBJECT_HANDLE_PTR phObject  /* gets new object's handle. */
-);
-#endif
-
-
-/* C_CopyObject copies an object, creating a new object for the
- * copy.
- */
-CK_PKCS11_FUNCTION_INFO(C_CopyObject)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE    hSession,    /* the session's handle */
-  CK_OBJECT_HANDLE     hObject,     /* the object's handle */
-  CK_ATTRIBUTE_PTR     pTemplate,   /* template for new object */
-  CK_ULONG             ulCount,     /* attributes in template */
-  CK_OBJECT_HANDLE_PTR phNewObject  /* receives handle of copy */
-);
-#endif
-
-
-/* C_DestroyObject destroys an object. */
-CK_PKCS11_FUNCTION_INFO(C_DestroyObject)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_OBJECT_HANDLE  hObject    /* the object's handle */
-);
-#endif
-
-
-/* C_GetObjectSize gets the size of an object in bytes. */
-CK_PKCS11_FUNCTION_INFO(C_GetObjectSize)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_OBJECT_HANDLE  hObject,   /* the object's handle */
-  CK_ULONG_PTR      pulSize    /* receives size of object */
-);
-#endif
-
-
-/* C_GetAttributeValue obtains the value of one or more object
- * attributes.
- */
-CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,   /* the session's handle */
-  CK_OBJECT_HANDLE  hObject,    /* the object's handle */
-  CK_ATTRIBUTE_PTR  pTemplate,  /* specifies attrs; gets vals */
-  CK_ULONG          ulCount     /* attributes in template */
-);
-#endif
-
-
-/* C_SetAttributeValue modifies the value of one or more object
- * attributes.
- */
-CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,   /* the session's handle */
-  CK_OBJECT_HANDLE  hObject,    /* the object's handle */
-  CK_ATTRIBUTE_PTR  pTemplate,  /* specifies attrs and values */
-  CK_ULONG          ulCount     /* attributes in template */
-);
-#endif
-
-
-/* C_FindObjectsInit initializes a search for token and session
- * objects that match a template.
- */
-CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,   /* the session's handle */
-  CK_ATTRIBUTE_PTR  pTemplate,  /* attribute values to match */
-  CK_ULONG          ulCount     /* attrs in search template */
-);
-#endif
-
-
-/* C_FindObjects continues a search for token and session
- * objects that match a template, obtaining additional object
- * handles.
- */
-CK_PKCS11_FUNCTION_INFO(C_FindObjects)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE    hSession,          /* session's handle */
- CK_OBJECT_HANDLE_PTR phObject,          /* gets obj. handles */
- CK_ULONG             ulMaxObjectCount,  /* max handles to get */
- CK_ULONG_PTR         pulObjectCount     /* actual # returned */
-);
-#endif
-
-
-/* C_FindObjectsFinal finishes a search for token and session
- * objects.
- */
-CK_PKCS11_FUNCTION_INFO(C_FindObjectsFinal)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession  /* the session's handle */
-);
-#endif
-
-
-
-/* Encryption and decryption */
-
-/* C_EncryptInit initializes an encryption operation. */
-CK_PKCS11_FUNCTION_INFO(C_EncryptInit)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,    /* the session's handle */
-  CK_MECHANISM_PTR  pMechanism,  /* the encryption mechanism */
-  CK_OBJECT_HANDLE  hKey         /* handle of encryption key */
-);
-#endif
-
-
-/* C_Encrypt encrypts single-part data. */
-CK_PKCS11_FUNCTION_INFO(C_Encrypt)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,            /* session's handle */
-  CK_BYTE_PTR       pData,               /* the plaintext data */
-  CK_ULONG          ulDataLen,           /* bytes of plaintext */
-  CK_BYTE_PTR       pEncryptedData,      /* gets ciphertext */
-  CK_ULONG_PTR      pulEncryptedDataLen  /* gets c-text size */
-);
-#endif
-
-
-/* C_EncryptUpdate continues a multiple-part encryption
- * operation.
- */
-CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,           /* session's handle */
-  CK_BYTE_PTR       pPart,              /* the plaintext data */
-  CK_ULONG          ulPartLen,          /* plaintext data len */
-  CK_BYTE_PTR       pEncryptedPart,     /* gets ciphertext */
-  CK_ULONG_PTR      pulEncryptedPartLen /* gets c-text size */
-);
-#endif
-
-
-/* C_EncryptFinal finishes a multiple-part encryption
- * operation.
- */
-CK_PKCS11_FUNCTION_INFO(C_EncryptFinal)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,                /* session handle */
-  CK_BYTE_PTR       pLastEncryptedPart,      /* last c-text */
-  CK_ULONG_PTR      pulLastEncryptedPartLen  /* gets last size */
-);
-#endif
-
-
-/* C_DecryptInit initializes a decryption operation. */
-CK_PKCS11_FUNCTION_INFO(C_DecryptInit)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,    /* the session's handle */
-  CK_MECHANISM_PTR  pMechanism,  /* the decryption mechanism */
-  CK_OBJECT_HANDLE  hKey         /* handle of decryption key */
-);
-#endif
-
-
-/* C_Decrypt decrypts encrypted data in a single part. */
-CK_PKCS11_FUNCTION_INFO(C_Decrypt)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,           /* session's handle */
-  CK_BYTE_PTR       pEncryptedData,     /* ciphertext */
-  CK_ULONG          ulEncryptedDataLen, /* ciphertext length */
-  CK_BYTE_PTR       pData,              /* gets plaintext */
-  CK_ULONG_PTR      pulDataLen          /* gets p-text size */
-);
-#endif
-
-
-/* C_DecryptUpdate continues a multiple-part decryption
- * operation.
- */
-CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,            /* session's handle */
-  CK_BYTE_PTR       pEncryptedPart,      /* encrypted data */
-  CK_ULONG          ulEncryptedPartLen,  /* input length */
-  CK_BYTE_PTR       pPart,               /* gets plaintext */
-  CK_ULONG_PTR      pulPartLen           /* p-text size */
-);
-#endif
-
-
-/* C_DecryptFinal finishes a multiple-part decryption
- * operation.
- */
-CK_PKCS11_FUNCTION_INFO(C_DecryptFinal)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,       /* the session's handle */
-  CK_BYTE_PTR       pLastPart,      /* gets plaintext */
-  CK_ULONG_PTR      pulLastPartLen  /* p-text size */
-);
-#endif
-
-
-
-/* Message digesting */
-
-/* C_DigestInit initializes a message-digesting operation. */
-CK_PKCS11_FUNCTION_INFO(C_DigestInit)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,   /* the session's handle */
-  CK_MECHANISM_PTR  pMechanism  /* the digesting mechanism */
-);
-#endif
-
-
-/* C_Digest digests data in a single part. */
-CK_PKCS11_FUNCTION_INFO(C_Digest)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,     /* the session's handle */
-  CK_BYTE_PTR       pData,        /* data to be digested */
-  CK_ULONG          ulDataLen,    /* bytes of data to digest */
-  CK_BYTE_PTR       pDigest,      /* gets the message digest */
-  CK_ULONG_PTR      pulDigestLen  /* gets digest length */
-);
-#endif
-
-
-/* C_DigestUpdate continues a multiple-part message-digesting
- * operation.
- */
-CK_PKCS11_FUNCTION_INFO(C_DigestUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_BYTE_PTR       pPart,     /* data to be digested */
-  CK_ULONG          ulPartLen  /* bytes of data to be digested */
-);
-#endif
-
-
-/* C_DigestKey continues a multi-part message-digesting
- * operation, by digesting the value of a secret key as part of
- * the data already digested.
- */
-CK_PKCS11_FUNCTION_INFO(C_DigestKey)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_OBJECT_HANDLE  hKey       /* secret key to digest */
-);
-#endif
-
-
-/* C_DigestFinal finishes a multiple-part message-digesting
- * operation.
- */
-CK_PKCS11_FUNCTION_INFO(C_DigestFinal)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,     /* the session's handle */
-  CK_BYTE_PTR       pDigest,      /* gets the message digest */
-  CK_ULONG_PTR      pulDigestLen  /* gets byte count of digest */
-);
-#endif
-
-
-
-/* Signing and MACing */
-
-/* C_SignInit initializes a signature (private key encryption)
- * operation, where the signature is (will be) an appendix to
- * the data, and plaintext cannot be recovered from the
- * signature.
- */
-CK_PKCS11_FUNCTION_INFO(C_SignInit)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,    /* the session's handle */
-  CK_MECHANISM_PTR  pMechanism,  /* the signature mechanism */
-  CK_OBJECT_HANDLE  hKey         /* handle of signature key */
-);
-#endif
-
-
-/* C_Sign signs (encrypts with private key) data in a single
- * part, where the signature is (will be) an appendix to the
- * data, and plaintext cannot be recovered from the signature.
- */
-CK_PKCS11_FUNCTION_INFO(C_Sign)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,        /* the session's handle */
-  CK_BYTE_PTR       pData,           /* the data to sign */
-  CK_ULONG          ulDataLen,       /* count of bytes to sign */
-  CK_BYTE_PTR       pSignature,      /* gets the signature */
-  CK_ULONG_PTR      pulSignatureLen  /* gets signature length */
-);
-#endif
-
-
-/* C_SignUpdate continues a multiple-part signature operation,
- * where the signature is (will be) an appendix to the data,
- * and plaintext cannot be recovered from the signature.
- */
-CK_PKCS11_FUNCTION_INFO(C_SignUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_BYTE_PTR       pPart,     /* the data to sign */
-  CK_ULONG          ulPartLen  /* count of bytes to sign */
-);
-#endif
-
-
-/* C_SignFinal finishes a multiple-part signature operation,
- * returning the signature.
- */
-CK_PKCS11_FUNCTION_INFO(C_SignFinal)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,        /* the session's handle */
-  CK_BYTE_PTR       pSignature,      /* gets the signature */
-  CK_ULONG_PTR      pulSignatureLen  /* gets signature length */
-);
-#endif
-
-
-/* C_SignRecoverInit initializes a signature operation, where
- * the data can be recovered from the signature.
- */
-CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,   /* the session's handle */
-  CK_MECHANISM_PTR  pMechanism, /* the signature mechanism */
-  CK_OBJECT_HANDLE  hKey        /* handle of the signature key */
-);
-#endif
-
-
-/* C_SignRecover signs data in a single operation, where the
- * data can be recovered from the signature.
- */
-CK_PKCS11_FUNCTION_INFO(C_SignRecover)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,        /* the session's handle */
-  CK_BYTE_PTR       pData,           /* the data to sign */
-  CK_ULONG          ulDataLen,       /* count of bytes to sign */
-  CK_BYTE_PTR       pSignature,      /* gets the signature */
-  CK_ULONG_PTR      pulSignatureLen  /* gets signature length */
-);
-#endif
-
-
-
-/* Verifying signatures and MACs */
-
-/* C_VerifyInit initializes a verification operation, where the
- * signature is an appendix to the data, and plaintext cannot
- * cannot be recovered from the signature (e.g. DSA).
- */
-CK_PKCS11_FUNCTION_INFO(C_VerifyInit)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,    /* the session's handle */
-  CK_MECHANISM_PTR  pMechanism,  /* the verification mechanism */
-  CK_OBJECT_HANDLE  hKey         /* verification key */
-);
-#endif
-
-
-/* C_Verify verifies a signature in a single-part operation,
- * where the signature is an appendix to the data, and plaintext
- * cannot be recovered from the signature.
- */
-CK_PKCS11_FUNCTION_INFO(C_Verify)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,       /* the session's handle */
-  CK_BYTE_PTR       pData,          /* signed data */
-  CK_ULONG          ulDataLen,      /* length of signed data */
-  CK_BYTE_PTR       pSignature,     /* signature */
-  CK_ULONG          ulSignatureLen  /* signature length*/
-);
-#endif
-
-
-/* C_VerifyUpdate continues a multiple-part verification
- * operation, where the signature is an appendix to the data,
- * and plaintext cannot be recovered from the signature.
- */
-CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_BYTE_PTR       pPart,     /* signed data */
-  CK_ULONG          ulPartLen  /* length of signed data */
-);
-#endif
-
-
-/* C_VerifyFinal finishes a multiple-part verification
- * operation, checking the signature.
- */
-CK_PKCS11_FUNCTION_INFO(C_VerifyFinal)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,       /* the session's handle */
-  CK_BYTE_PTR       pSignature,     /* signature to verify */
-  CK_ULONG          ulSignatureLen  /* signature length */
-);
-#endif
-
-
-/* C_VerifyRecoverInit initializes a signature verification
- * operation, where the data is recovered from the signature.
- */
-CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,    /* the session's handle */
-  CK_MECHANISM_PTR  pMechanism,  /* the verification mechanism */
-  CK_OBJECT_HANDLE  hKey         /* verification key */
-);
-#endif
-
-
-/* C_VerifyRecover verifies a signature in a single-part
- * operation, where the data is recovered from the signature.
- */
-CK_PKCS11_FUNCTION_INFO(C_VerifyRecover)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,        /* the session's handle */
-  CK_BYTE_PTR       pSignature,      /* signature to verify */
-  CK_ULONG          ulSignatureLen,  /* signature length */
-  CK_BYTE_PTR       pData,           /* gets signed data */
-  CK_ULONG_PTR      pulDataLen       /* gets signed data len */
-);
-#endif
-
-
-
-/* Dual-function cryptographic operations */
-
-/* C_DigestEncryptUpdate continues a multiple-part digesting
- * and encryption operation.
- */
-CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,            /* session's handle */
-  CK_BYTE_PTR       pPart,               /* the plaintext data */
-  CK_ULONG          ulPartLen,           /* plaintext length */
-  CK_BYTE_PTR       pEncryptedPart,      /* gets ciphertext */
-  CK_ULONG_PTR      pulEncryptedPartLen  /* gets c-text length */
-);
-#endif
-
-
-/* C_DecryptDigestUpdate continues a multiple-part decryption and
- * digesting operation.
- */
-CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,            /* session's handle */
-  CK_BYTE_PTR       pEncryptedPart,      /* ciphertext */
-  CK_ULONG          ulEncryptedPartLen,  /* ciphertext length */
-  CK_BYTE_PTR       pPart,               /* gets plaintext */
-  CK_ULONG_PTR      pulPartLen           /* gets plaintext len */
-);
-#endif
-
-
-/* C_SignEncryptUpdate continues a multiple-part signing and
- * encryption operation.
- */
-CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,            /* session's handle */
-  CK_BYTE_PTR       pPart,               /* the plaintext data */
-  CK_ULONG          ulPartLen,           /* plaintext length */
-  CK_BYTE_PTR       pEncryptedPart,      /* gets ciphertext */
-  CK_ULONG_PTR      pulEncryptedPartLen  /* gets c-text length */
-);
-#endif
-
-
-/* C_DecryptVerifyUpdate continues a multiple-part decryption and
- * verify operation.
- */
-CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,            /* session's handle */
-  CK_BYTE_PTR       pEncryptedPart,      /* ciphertext */
-  CK_ULONG          ulEncryptedPartLen,  /* ciphertext length */
-  CK_BYTE_PTR       pPart,               /* gets plaintext */
-  CK_ULONG_PTR      pulPartLen           /* gets p-text length */
-);
-#endif
-
-
-
-/* Key management */
-
-/* C_GenerateKey generates a secret key, creating a new key
- * object.
- */
-CK_PKCS11_FUNCTION_INFO(C_GenerateKey)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE    hSession,    /* the session's handle */
-  CK_MECHANISM_PTR     pMechanism,  /* key generation mech. */
-  CK_ATTRIBUTE_PTR     pTemplate,   /* template for new key */
-  CK_ULONG             ulCount,     /* # of attrs in template */
-  CK_OBJECT_HANDLE_PTR phKey        /* gets handle of new key */
-);
-#endif
-
-
-/* C_GenerateKeyPair generates a public-key/private-key pair,
- * creating new key objects.
- */
-CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE    hSession,                    /* session handle */
-  CK_MECHANISM_PTR     pMechanism,                  /* key-gen mech. */
-  CK_ATTRIBUTE_PTR     pPublicKeyTemplate,          /* template for pub. key */
-  CK_ULONG             ulPublicKeyAttributeCount,   /* # pub. attrs. */
-  CK_ATTRIBUTE_PTR     pPrivateKeyTemplate,         /* template for priv. key */
-  CK_ULONG             ulPrivateKeyAttributeCount,  /* # priv.  attrs. */
-  CK_OBJECT_HANDLE_PTR phPublicKey,                 /* gets pub. key handle */
-  CK_OBJECT_HANDLE_PTR phPrivateKey                 /* gets priv. key handle */
-);
-#endif
-
-
-/* C_WrapKey wraps (i.e., encrypts) a key. */
-CK_PKCS11_FUNCTION_INFO(C_WrapKey)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,        /* the session's handle */
-  CK_MECHANISM_PTR  pMechanism,      /* the wrapping mechanism */
-  CK_OBJECT_HANDLE  hWrappingKey,    /* wrapping key */
-  CK_OBJECT_HANDLE  hKey,            /* key to be wrapped */
-  CK_BYTE_PTR       pWrappedKey,     /* gets wrapped key */
-  CK_ULONG_PTR      pulWrappedKeyLen /* gets wrapped key size */
-);
-#endif
-
-
-/* C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new
- * key object.
- */
-CK_PKCS11_FUNCTION_INFO(C_UnwrapKey)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE    hSession,          /* session's handle */
-  CK_MECHANISM_PTR     pMechanism,        /* unwrapping mech. */
-  CK_OBJECT_HANDLE     hUnwrappingKey,    /* unwrapping key */
-  CK_BYTE_PTR          pWrappedKey,       /* the wrapped key */
-  CK_ULONG             ulWrappedKeyLen,   /* wrapped key len */
-  CK_ATTRIBUTE_PTR     pTemplate,         /* new key template */
-  CK_ULONG             ulAttributeCount,  /* template length */
-  CK_OBJECT_HANDLE_PTR phKey              /* gets new handle */
-);
-#endif
-
-
-/* C_DeriveKey derives a key from a base key, creating a new key
- * object.
- */
-CK_PKCS11_FUNCTION_INFO(C_DeriveKey)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE    hSession,          /* session's handle */
-  CK_MECHANISM_PTR     pMechanism,        /* key deriv. mech. */
-  CK_OBJECT_HANDLE     hBaseKey,          /* base key */
-  CK_ATTRIBUTE_PTR     pTemplate,         /* new key template */
-  CK_ULONG             ulAttributeCount,  /* template length */
-  CK_OBJECT_HANDLE_PTR phKey              /* gets new handle */
-);
-#endif
-
-
-
-/* Random number generation */
-
-/* C_SeedRandom mixes additional seed material into the token's
- * random number generator.
- */
-CK_PKCS11_FUNCTION_INFO(C_SeedRandom)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_BYTE_PTR       pSeed,     /* the seed material */
-  CK_ULONG          ulSeedLen  /* length of seed material */
-);
-#endif
-
-
-/* C_GenerateRandom generates random data. */
-CK_PKCS11_FUNCTION_INFO(C_GenerateRandom)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,    /* the session's handle */
-  CK_BYTE_PTR       RandomData,  /* receives the random data */
-  CK_ULONG          ulRandomLen  /* # of bytes to generate */
-);
-#endif
-
-
-
-/* Parallel function management */
-
-/* C_GetFunctionStatus is a legacy function; it obtains an
- * updated status of a function running in parallel with an
- * application.
- */
-CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession  /* the session's handle */
-);
-#endif
-
-
-/* C_CancelFunction is a legacy function; it cancels a function
- * running in parallel.
- */
-CK_PKCS11_FUNCTION_INFO(C_CancelFunction)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession  /* the session's handle */
-);
-#endif
-
-
-/* C_WaitForSlotEvent waits for a slot event (token insertion,
- * removal, etc.) to occur.
- */
-CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_FLAGS flags,        /* blocking/nonblocking flag */
-  CK_SLOT_ID_PTR pSlot,  /* location that receives the slot ID */
-  CK_VOID_PTR pRserved   /* reserved.  Should be NULL_PTR */
-);
-#endif
-
diff --git a/pkcs11-docs/pkcs11t.h b/pkcs11-docs/pkcs11t.h
deleted file mode 100644
index c13e67c..0000000
--- a/pkcs11-docs/pkcs11t.h
+++ /dev/null
@@ -1,2003 +0,0 @@
-/* Copyright (c) OASIS Open 2016. All Rights Reserved./
- * /Distributed under the terms of the OASIS IPR Policy,
- * [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT ANY
- * IMPLIED OR EXPRESS WARRANTY; there is no warranty of MERCHANTABILITY, FITNESS FOR A
- * PARTICULAR PURPOSE or NONINFRINGEMENT of the rights of others.
- */
-        
-/* Latest version of the specification:
- * http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html
- */
-
-/* See top of pkcs11.h for information about the macros that
- * must be defined and the structure-packing conventions that
- * must be set before including this file.
- */
-
-#ifndef _PKCS11T_H_
-#define _PKCS11T_H_ 1
-
-#define CRYPTOKI_VERSION_MAJOR          2
-#define CRYPTOKI_VERSION_MINOR          40
-#define CRYPTOKI_VERSION_AMENDMENT      0
-
-#define CK_TRUE         1
-#define CK_FALSE        0
-
-#ifndef CK_DISABLE_TRUE_FALSE
-#ifndef FALSE
-#define FALSE CK_FALSE
-#endif
-#ifndef TRUE
-#define TRUE CK_TRUE
-#endif
-#endif
-
-/* an unsigned 8-bit value */
-typedef unsigned char     CK_BYTE;
-
-/* an unsigned 8-bit character */
-typedef CK_BYTE           CK_CHAR;
-
-/* an 8-bit UTF-8 character */
-typedef CK_BYTE           CK_UTF8CHAR;
-
-/* a BYTE-sized Boolean flag */
-typedef CK_BYTE           CK_BBOOL;
-
-/* an unsigned value, at least 32 bits long */
-typedef unsigned long int CK_ULONG;
-
-/* a signed value, the same size as a CK_ULONG */
-typedef long int          CK_LONG;
-
-/* at least 32 bits; each bit is a Boolean flag */
-typedef CK_ULONG          CK_FLAGS;
-
-
-/* some special values for certain CK_ULONG variables */
-#define CK_UNAVAILABLE_INFORMATION      (~0UL)
-#define CK_EFFECTIVELY_INFINITE         0UL
-
-
-typedef CK_BYTE     CK_PTR   CK_BYTE_PTR;
-typedef CK_CHAR     CK_PTR   CK_CHAR_PTR;
-typedef CK_UTF8CHAR CK_PTR   CK_UTF8CHAR_PTR;
-typedef CK_ULONG    CK_PTR   CK_ULONG_PTR;
-typedef void        CK_PTR   CK_VOID_PTR;
-
-/* Pointer to a CK_VOID_PTR-- i.e., pointer to pointer to void */
-typedef CK_VOID_PTR CK_PTR CK_VOID_PTR_PTR;
-
-
-/* The following value is always invalid if used as a session
- * handle or object handle
- */
-#define CK_INVALID_HANDLE       0UL
-
-
-typedef struct CK_VERSION {
-  CK_BYTE       major;  /* integer portion of version number */
-  CK_BYTE       minor;  /* 1/100ths portion of version number */
-} CK_VERSION;
-
-typedef CK_VERSION CK_PTR CK_VERSION_PTR;
-
-
-typedef struct CK_INFO {
-  CK_VERSION    cryptokiVersion;     /* Cryptoki interface ver */
-  CK_UTF8CHAR   manufacturerID[32];  /* blank padded */
-  CK_FLAGS      flags;               /* must be zero */
-  CK_UTF8CHAR   libraryDescription[32];  /* blank padded */
-  CK_VERSION    libraryVersion;          /* version of library */
-} CK_INFO;
-
-typedef CK_INFO CK_PTR    CK_INFO_PTR;
-
-
-/* CK_NOTIFICATION enumerates the types of notifications that
- * Cryptoki provides to an application
- */
-typedef CK_ULONG CK_NOTIFICATION;
-#define CKN_SURRENDER           0UL
-#define CKN_OTP_CHANGED         1UL
-
-typedef CK_ULONG          CK_SLOT_ID;
-
-typedef CK_SLOT_ID CK_PTR CK_SLOT_ID_PTR;
-
-
-/* CK_SLOT_INFO provides information about a slot */
-typedef struct CK_SLOT_INFO {
-  CK_UTF8CHAR   slotDescription[64];  /* blank padded */
-  CK_UTF8CHAR   manufacturerID[32];   /* blank padded */
-  CK_FLAGS      flags;
-
-  CK_VERSION    hardwareVersion;  /* version of hardware */
-  CK_VERSION    firmwareVersion;  /* version of firmware */
-} CK_SLOT_INFO;
-
-/* flags: bit flags that provide capabilities of the slot
- *      Bit Flag              Mask        Meaning
- */
-#define CKF_TOKEN_PRESENT     0x00000001UL  /* a token is there */
-#define CKF_REMOVABLE_DEVICE  0x00000002UL  /* removable devices*/
-#define CKF_HW_SLOT           0x00000004UL  /* hardware slot */
-
-typedef CK_SLOT_INFO CK_PTR CK_SLOT_INFO_PTR;
-
-
-/* CK_TOKEN_INFO provides information about a token */
-typedef struct CK_TOKEN_INFO {
-  CK_UTF8CHAR   label[32];           /* blank padded */
-  CK_UTF8CHAR   manufacturerID[32];  /* blank padded */
-  CK_UTF8CHAR   model[16];           /* blank padded */
-  CK_CHAR       serialNumber[16];    /* blank padded */
-  CK_FLAGS      flags;               /* see below */
-
-  CK_ULONG      ulMaxSessionCount;     /* max open sessions */
-  CK_ULONG      ulSessionCount;        /* sess. now open */
-  CK_ULONG      ulMaxRwSessionCount;   /* max R/W sessions */
-  CK_ULONG      ulRwSessionCount;      /* R/W sess. now open */
-  CK_ULONG      ulMaxPinLen;           /* in bytes */
-  CK_ULONG      ulMinPinLen;           /* in bytes */
-  CK_ULONG      ulTotalPublicMemory;   /* in bytes */
-  CK_ULONG      ulFreePublicMemory;    /* in bytes */
-  CK_ULONG      ulTotalPrivateMemory;  /* in bytes */
-  CK_ULONG      ulFreePrivateMemory;   /* in bytes */
-  CK_VERSION    hardwareVersion;       /* version of hardware */
-  CK_VERSION    firmwareVersion;       /* version of firmware */
-  CK_CHAR       utcTime[16];           /* time */
-} CK_TOKEN_INFO;
-
-/* The flags parameter is defined as follows:
- *      Bit Flag                    Mask        Meaning
- */
-#define CKF_RNG                     0x00000001UL  /* has random # generator */
-#define CKF_WRITE_PROTECTED         0x00000002UL  /* token is write-protected */
-#define CKF_LOGIN_REQUIRED          0x00000004UL  /* user must login */
-#define CKF_USER_PIN_INITIALIZED    0x00000008UL  /* normal user's PIN is set */
-
-/* CKF_RESTORE_KEY_NOT_NEEDED.  If it is set,
- * that means that *every* time the state of cryptographic
- * operations of a session is successfully saved, all keys
- * needed to continue those operations are stored in the state
- */
-#define CKF_RESTORE_KEY_NOT_NEEDED  0x00000020UL
-
-/* CKF_CLOCK_ON_TOKEN.  If it is set, that means
- * that the token has some sort of clock.  The time on that
- * clock is returned in the token info structure
- */
-#define CKF_CLOCK_ON_TOKEN          0x00000040UL
-
-/* CKF_PROTECTED_AUTHENTICATION_PATH.  If it is
- * set, that means that there is some way for the user to login
- * without sending a PIN through the Cryptoki library itself
- */
-#define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100UL
-
-/* CKF_DUAL_CRYPTO_OPERATIONS.  If it is true,
- * that means that a single session with the token can perform
- * dual simultaneous cryptographic operations (digest and
- * encrypt; decrypt and digest; sign and encrypt; and decrypt
- * and sign)
- */
-#define CKF_DUAL_CRYPTO_OPERATIONS  0x00000200UL
-
-/* CKF_TOKEN_INITIALIZED. If it is true, the
- * token has been initialized using C_InitializeToken or an
- * equivalent mechanism outside the scope of PKCS #11.
- * Calling C_InitializeToken when this flag is set will cause
- * the token to be reinitialized.
- */
-#define CKF_TOKEN_INITIALIZED       0x00000400UL
-
-/* CKF_SECONDARY_AUTHENTICATION. If it is
- * true, the token supports secondary authentication for
- * private key objects.
- */
-#define CKF_SECONDARY_AUTHENTICATION  0x00000800UL
-
-/* CKF_USER_PIN_COUNT_LOW. If it is true, an
- * incorrect user login PIN has been entered at least once
- * since the last successful authentication.
- */
-#define CKF_USER_PIN_COUNT_LOW       0x00010000UL
-
-/* CKF_USER_PIN_FINAL_TRY. If it is true,
- * supplying an incorrect user PIN will it to become locked.
- */
-#define CKF_USER_PIN_FINAL_TRY       0x00020000UL
-
-/* CKF_USER_PIN_LOCKED. If it is true, the
- * user PIN has been locked. User login to the token is not
- * possible.
- */
-#define CKF_USER_PIN_LOCKED          0x00040000UL
-
-/* CKF_USER_PIN_TO_BE_CHANGED. If it is true,
- * the user PIN value is the default value set by token
- * initialization or manufacturing, or the PIN has been
- * expired by the card.
- */
-#define CKF_USER_PIN_TO_BE_CHANGED   0x00080000UL
-
-/* CKF_SO_PIN_COUNT_LOW. If it is true, an
- * incorrect SO login PIN has been entered at least once since
- * the last successful authentication.
- */
-#define CKF_SO_PIN_COUNT_LOW         0x00100000UL
-
-/* CKF_SO_PIN_FINAL_TRY. If it is true,
- * supplying an incorrect SO PIN will it to become locked.
- */
-#define CKF_SO_PIN_FINAL_TRY         0x00200000UL
-
-/* CKF_SO_PIN_LOCKED. If it is true, the SO
- * PIN has been locked. SO login to the token is not possible.
- */
-#define CKF_SO_PIN_LOCKED            0x00400000UL
-
-/* CKF_SO_PIN_TO_BE_CHANGED. If it is true,
- * the SO PIN value is the default value set by token
- * initialization or manufacturing, or the PIN has been
- * expired by the card.
- */
-#define CKF_SO_PIN_TO_BE_CHANGED     0x00800000UL
-
-#define CKF_ERROR_STATE              0x01000000UL
-
-typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR;
-
-
-/* CK_SESSION_HANDLE is a Cryptoki-assigned value that
- * identifies a session
- */
-typedef CK_ULONG          CK_SESSION_HANDLE;
-
-typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR;
-
-
-/* CK_USER_TYPE enumerates the types of Cryptoki users */
-typedef CK_ULONG          CK_USER_TYPE;
-/* Security Officer */
-#define CKU_SO                  0UL
-/* Normal user */
-#define CKU_USER                1UL
-/* Context specific */
-#define CKU_CONTEXT_SPECIFIC    2UL
-
-/* CK_STATE enumerates the session states */
-typedef CK_ULONG          CK_STATE;
-#define CKS_RO_PUBLIC_SESSION   0UL
-#define CKS_RO_USER_FUNCTIONS   1UL
-#define CKS_RW_PUBLIC_SESSION   2UL
-#define CKS_RW_USER_FUNCTIONS   3UL
-#define CKS_RW_SO_FUNCTIONS     4UL
-
-/* CK_SESSION_INFO provides information about a session */
-typedef struct CK_SESSION_INFO {
-  CK_SLOT_ID    slotID;
-  CK_STATE      state;
-  CK_FLAGS      flags;          /* see below */
-  CK_ULONG      ulDeviceError;  /* device-dependent error code */
-} CK_SESSION_INFO;
-
-/* The flags are defined in the following table:
- *      Bit Flag                Mask        Meaning
- */
-#define CKF_RW_SESSION          0x00000002UL /* session is r/w */
-#define CKF_SERIAL_SESSION      0x00000004UL /* no parallel    */
-
-typedef CK_SESSION_INFO CK_PTR CK_SESSION_INFO_PTR;
-
-
-/* CK_OBJECT_HANDLE is a token-specific identifier for an
- * object
- */
-typedef CK_ULONG          CK_OBJECT_HANDLE;
-
-typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR;
-
-
-/* CK_OBJECT_CLASS is a value that identifies the classes (or
- * types) of objects that Cryptoki recognizes.  It is defined
- * as follows:
- */
-typedef CK_ULONG          CK_OBJECT_CLASS;
-
-/* The following classes of objects are defined: */
-#define CKO_DATA              0x00000000UL
-#define CKO_CERTIFICATE       0x00000001UL
-#define CKO_PUBLIC_KEY        0x00000002UL
-#define CKO_PRIVATE_KEY       0x00000003UL
-#define CKO_SECRET_KEY        0x00000004UL
-#define CKO_HW_FEATURE        0x00000005UL
-#define CKO_DOMAIN_PARAMETERS 0x00000006UL
-#define CKO_MECHANISM         0x00000007UL
-#define CKO_OTP_KEY           0x00000008UL
-
-#define CKO_VENDOR_DEFINED    0x80000000UL
-
-typedef CK_OBJECT_CLASS CK_PTR CK_OBJECT_CLASS_PTR;
-
-/* CK_HW_FEATURE_TYPE is a value that identifies the hardware feature type
- * of an object with CK_OBJECT_CLASS equal to CKO_HW_FEATURE.
- */
-typedef CK_ULONG          CK_HW_FEATURE_TYPE;
-
-/* The following hardware feature types are defined */
-#define CKH_MONOTONIC_COUNTER  0x00000001UL
-#define CKH_CLOCK              0x00000002UL
-#define CKH_USER_INTERFACE     0x00000003UL
-#define CKH_VENDOR_DEFINED     0x80000000UL
-
-/* CK_KEY_TYPE is a value that identifies a key type */
-typedef CK_ULONG          CK_KEY_TYPE;
-
-/* the following key types are defined: */
-#define CKK_RSA                 0x00000000UL
-#define CKK_DSA                 0x00000001UL
-#define CKK_DH                  0x00000002UL
-#define CKK_ECDSA               0x00000003UL /* Deprecated */
-#define CKK_EC                  0x00000003UL
-#define CKK_X9_42_DH            0x00000004UL
-#define CKK_KEA                 0x00000005UL
-#define CKK_GENERIC_SECRET      0x00000010UL
-#define CKK_RC2                 0x00000011UL
-#define CKK_RC4                 0x00000012UL
-#define CKK_DES                 0x00000013UL
-#define CKK_DES2                0x00000014UL
-#define CKK_DES3                0x00000015UL
-#define CKK_CAST                0x00000016UL
-#define CKK_CAST3               0x00000017UL
-#define CKK_CAST5               0x00000018UL /* Deprecated */
-#define CKK_CAST128             0x00000018UL
-#define CKK_RC5                 0x00000019UL
-#define CKK_IDEA                0x0000001AUL
-#define CKK_SKIPJACK            0x0000001BUL
-#define CKK_BATON               0x0000001CUL
-#define CKK_JUNIPER             0x0000001DUL
-#define CKK_CDMF                0x0000001EUL
-#define CKK_AES                 0x0000001FUL
-#define CKK_BLOWFISH            0x00000020UL
-#define CKK_TWOFISH             0x00000021UL
-#define CKK_SECURID             0x00000022UL
-#define CKK_HOTP                0x00000023UL
-#define CKK_ACTI                0x00000024UL
-#define CKK_CAMELLIA            0x00000025UL
-#define CKK_ARIA                0x00000026UL
-
-#define CKK_MD5_HMAC            0x00000027UL
-#define CKK_SHA_1_HMAC          0x00000028UL
-#define CKK_RIPEMD128_HMAC      0x00000029UL
-#define CKK_RIPEMD160_HMAC      0x0000002AUL
-#define CKK_SHA256_HMAC         0x0000002BUL
-#define CKK_SHA384_HMAC         0x0000002CUL
-#define CKK_SHA512_HMAC         0x0000002DUL
-#define CKK_SHA224_HMAC         0x0000002EUL
-
-#define CKK_SEED                0x0000002FUL
-#define CKK_GOSTR3410           0x00000030UL
-#define CKK_GOSTR3411           0x00000031UL
-#define CKK_GOST28147           0x00000032UL
-
-
-
-#define CKK_VENDOR_DEFINED      0x80000000UL
-
-
-/* CK_CERTIFICATE_TYPE is a value that identifies a certificate
- * type
- */
-typedef CK_ULONG          CK_CERTIFICATE_TYPE;
-
-#define CK_CERTIFICATE_CATEGORY_UNSPECIFIED     0UL
-#define CK_CERTIFICATE_CATEGORY_TOKEN_USER      1UL
-#define CK_CERTIFICATE_CATEGORY_AUTHORITY       2UL
-#define CK_CERTIFICATE_CATEGORY_OTHER_ENTITY    3UL
-
-#define CK_SECURITY_DOMAIN_UNSPECIFIED     0UL
-#define CK_SECURITY_DOMAIN_MANUFACTURER    1UL
-#define CK_SECURITY_DOMAIN_OPERATOR        2UL
-#define CK_SECURITY_DOMAIN_THIRD_PARTY     3UL
-
-
-/* The following certificate types are defined: */
-#define CKC_X_509               0x00000000UL
-#define CKC_X_509_ATTR_CERT     0x00000001UL
-#define CKC_WTLS                0x00000002UL
-#define CKC_VENDOR_DEFINED      0x80000000UL
-
-
-/* CK_ATTRIBUTE_TYPE is a value that identifies an attribute
- * type
- */
-typedef CK_ULONG          CK_ATTRIBUTE_TYPE;
-
-/* The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which
- * consists of an array of values.
- */
-#define CKF_ARRAY_ATTRIBUTE     0x40000000UL
-
-/* The following OTP-related defines relate to the CKA_OTP_FORMAT attribute */
-#define CK_OTP_FORMAT_DECIMAL           0UL
-#define CK_OTP_FORMAT_HEXADECIMAL       1UL
-#define CK_OTP_FORMAT_ALPHANUMERIC      2UL
-#define CK_OTP_FORMAT_BINARY            3UL
-
-/* The following OTP-related defines relate to the CKA_OTP_..._REQUIREMENT
- * attributes
- */
-#define CK_OTP_PARAM_IGNORED            0UL
-#define CK_OTP_PARAM_OPTIONAL           1UL
-#define CK_OTP_PARAM_MANDATORY          2UL
-
-/* The following attribute types are defined: */
-#define CKA_CLASS              0x00000000UL
-#define CKA_TOKEN              0x00000001UL
-#define CKA_PRIVATE            0x00000002UL
-#define CKA_LABEL              0x00000003UL
-#define CKA_APPLICATION        0x00000010UL
-#define CKA_VALUE              0x00000011UL
-#define CKA_OBJECT_ID          0x00000012UL
-#define CKA_CERTIFICATE_TYPE   0x00000080UL
-#define CKA_ISSUER             0x00000081UL
-#define CKA_SERIAL_NUMBER      0x00000082UL
-#define CKA_AC_ISSUER          0x00000083UL
-#define CKA_OWNER              0x00000084UL
-#define CKA_ATTR_TYPES         0x00000085UL
-#define CKA_TRUSTED            0x00000086UL
-#define CKA_CERTIFICATE_CATEGORY        0x00000087UL
-#define CKA_JAVA_MIDP_SECURITY_DOMAIN   0x00000088UL
-#define CKA_URL                         0x00000089UL
-#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY  0x0000008AUL
-#define CKA_HASH_OF_ISSUER_PUBLIC_KEY   0x0000008BUL
-#define CKA_NAME_HASH_ALGORITHM         0x0000008CUL
-#define CKA_CHECK_VALUE                 0x00000090UL
-
-#define CKA_KEY_TYPE           0x00000100UL
-#define CKA_SUBJECT            0x00000101UL
-#define CKA_ID                 0x00000102UL
-#define CKA_SENSITIVE          0x00000103UL
-#define CKA_ENCRYPT            0x00000104UL
-#define CKA_DECRYPT            0x00000105UL
-#define CKA_WRAP               0x00000106UL
-#define CKA_UNWRAP             0x00000107UL
-#define CKA_SIGN               0x00000108UL
-#define CKA_SIGN_RECOVER       0x00000109UL
-#define CKA_VERIFY             0x0000010AUL
-#define CKA_VERIFY_RECOVER     0x0000010BUL
-#define CKA_DERIVE             0x0000010CUL
-#define CKA_START_DATE         0x00000110UL
-#define CKA_END_DATE           0x00000111UL
-#define CKA_MODULUS            0x00000120UL
-#define CKA_MODULUS_BITS       0x00000121UL
-#define CKA_PUBLIC_EXPONENT    0x00000122UL
-#define CKA_PRIVATE_EXPONENT   0x00000123UL
-#define CKA_PRIME_1            0x00000124UL
-#define CKA_PRIME_2            0x00000125UL
-#define CKA_EXPONENT_1         0x00000126UL
-#define CKA_EXPONENT_2         0x00000127UL
-#define CKA_COEFFICIENT        0x00000128UL
-#define CKA_PUBLIC_KEY_INFO    0x00000129UL
-#define CKA_PRIME              0x00000130UL
-#define CKA_SUBPRIME           0x00000131UL
-#define CKA_BASE               0x00000132UL
-
-#define CKA_PRIME_BITS         0x00000133UL
-#define CKA_SUBPRIME_BITS      0x00000134UL
-#define CKA_SUB_PRIME_BITS     CKA_SUBPRIME_BITS
-
-#define CKA_VALUE_BITS         0x00000160UL
-#define CKA_VALUE_LEN          0x00000161UL
-#define CKA_EXTRACTABLE        0x00000162UL
-#define CKA_LOCAL              0x00000163UL
-#define CKA_NEVER_EXTRACTABLE  0x00000164UL
-#define CKA_ALWAYS_SENSITIVE   0x00000165UL
-#define CKA_KEY_GEN_MECHANISM  0x00000166UL
-
-#define CKA_MODIFIABLE         0x00000170UL
-#define CKA_COPYABLE           0x00000171UL
-
-#define CKA_DESTROYABLE        0x00000172UL
-
-#define CKA_ECDSA_PARAMS       0x00000180UL /* Deprecated */
-#define CKA_EC_PARAMS          0x00000180UL
-
-#define CKA_EC_POINT           0x00000181UL
-
-#define CKA_SECONDARY_AUTH     0x00000200UL /* Deprecated */
-#define CKA_AUTH_PIN_FLAGS     0x00000201UL /* Deprecated */
-
-#define CKA_ALWAYS_AUTHENTICATE  0x00000202UL
-
-#define CKA_WRAP_WITH_TRUSTED    0x00000210UL
-#define CKA_WRAP_TEMPLATE        (CKF_ARRAY_ATTRIBUTE|0x00000211UL)
-#define CKA_UNWRAP_TEMPLATE      (CKF_ARRAY_ATTRIBUTE|0x00000212UL)
-#define CKA_DERIVE_TEMPLATE      (CKF_ARRAY_ATTRIBUTE|0x00000213UL)
-
-#define CKA_OTP_FORMAT                0x00000220UL
-#define CKA_OTP_LENGTH                0x00000221UL
-#define CKA_OTP_TIME_INTERVAL         0x00000222UL
-#define CKA_OTP_USER_FRIENDLY_MODE    0x00000223UL
-#define CKA_OTP_CHALLENGE_REQUIREMENT 0x00000224UL
-#define CKA_OTP_TIME_REQUIREMENT      0x00000225UL
-#define CKA_OTP_COUNTER_REQUIREMENT   0x00000226UL
-#define CKA_OTP_PIN_REQUIREMENT       0x00000227UL
-#define CKA_OTP_COUNTER               0x0000022EUL
-#define CKA_OTP_TIME                  0x0000022FUL
-#define CKA_OTP_USER_IDENTIFIER       0x0000022AUL
-#define CKA_OTP_SERVICE_IDENTIFIER    0x0000022BUL
-#define CKA_OTP_SERVICE_LOGO          0x0000022CUL
-#define CKA_OTP_SERVICE_LOGO_TYPE     0x0000022DUL
-
-#define CKA_GOSTR3410_PARAMS            0x00000250UL
-#define CKA_GOSTR3411_PARAMS            0x00000251UL
-#define CKA_GOST28147_PARAMS            0x00000252UL
-
-#define CKA_HW_FEATURE_TYPE             0x00000300UL
-#define CKA_RESET_ON_INIT               0x00000301UL
-#define CKA_HAS_RESET                   0x00000302UL
-
-#define CKA_PIXEL_X                     0x00000400UL
-#define CKA_PIXEL_Y                     0x00000401UL
-#define CKA_RESOLUTION                  0x00000402UL
-#define CKA_CHAR_ROWS                   0x00000403UL
-#define CKA_CHAR_COLUMNS                0x00000404UL
-#define CKA_COLOR                       0x00000405UL
-#define CKA_BITS_PER_PIXEL              0x00000406UL
-#define CKA_CHAR_SETS                   0x00000480UL
-#define CKA_ENCODING_METHODS            0x00000481UL
-#define CKA_MIME_TYPES                  0x00000482UL
-#define CKA_MECHANISM_TYPE              0x00000500UL
-#define CKA_REQUIRED_CMS_ATTRIBUTES     0x00000501UL
-#define CKA_DEFAULT_CMS_ATTRIBUTES      0x00000502UL
-#define CKA_SUPPORTED_CMS_ATTRIBUTES    0x00000503UL
-#define CKA_ALLOWED_MECHANISMS          (CKF_ARRAY_ATTRIBUTE|0x00000600UL)
-
-#define CKA_VENDOR_DEFINED              0x80000000UL
-
-/* CK_ATTRIBUTE is a structure that includes the type, length
- * and value of an attribute
- */
-typedef struct CK_ATTRIBUTE {
-  CK_ATTRIBUTE_TYPE type;
-  CK_VOID_PTR       pValue;
-  CK_ULONG          ulValueLen;  /* in bytes */
-} CK_ATTRIBUTE;
-
-typedef CK_ATTRIBUTE CK_PTR CK_ATTRIBUTE_PTR;
-
-/* CK_DATE is a structure that defines a date */
-typedef struct CK_DATE{
-  CK_CHAR       year[4];   /* the year ("1900" - "9999") */
-  CK_CHAR       month[2];  /* the month ("01" - "12") */
-  CK_CHAR       day[2];    /* the day   ("01" - "31") */
-} CK_DATE;
-
-
-/* CK_MECHANISM_TYPE is a value that identifies a mechanism
- * type
- */
-typedef CK_ULONG          CK_MECHANISM_TYPE;
-
-/* the following mechanism types are defined: */
-#define CKM_RSA_PKCS_KEY_PAIR_GEN      0x00000000UL
-#define CKM_RSA_PKCS                   0x00000001UL
-#define CKM_RSA_9796                   0x00000002UL
-#define CKM_RSA_X_509                  0x00000003UL
-
-#define CKM_MD2_RSA_PKCS               0x00000004UL
-#define CKM_MD5_RSA_PKCS               0x00000005UL
-#define CKM_SHA1_RSA_PKCS              0x00000006UL
-
-#define CKM_RIPEMD128_RSA_PKCS         0x00000007UL
-#define CKM_RIPEMD160_RSA_PKCS         0x00000008UL
-#define CKM_RSA_PKCS_OAEP              0x00000009UL
-
-#define CKM_RSA_X9_31_KEY_PAIR_GEN     0x0000000AUL
-#define CKM_RSA_X9_31                  0x0000000BUL
-#define CKM_SHA1_RSA_X9_31             0x0000000CUL
-#define CKM_RSA_PKCS_PSS               0x0000000DUL
-#define CKM_SHA1_RSA_PKCS_PSS          0x0000000EUL
-
-#define CKM_DSA_KEY_PAIR_GEN           0x00000010UL
-#define CKM_DSA                        0x00000011UL
-#define CKM_DSA_SHA1                   0x00000012UL
-#define CKM_DSA_SHA224                 0x00000013UL
-#define CKM_DSA_SHA256                 0x00000014UL
-#define CKM_DSA_SHA384                 0x00000015UL
-#define CKM_DSA_SHA512                 0x00000016UL
-
-#define CKM_DH_PKCS_KEY_PAIR_GEN       0x00000020UL
-#define CKM_DH_PKCS_DERIVE             0x00000021UL
-
-#define CKM_X9_42_DH_KEY_PAIR_GEN      0x00000030UL
-#define CKM_X9_42_DH_DERIVE            0x00000031UL
-#define CKM_X9_42_DH_HYBRID_DERIVE     0x00000032UL
-#define CKM_X9_42_MQV_DERIVE           0x00000033UL
-
-#define CKM_SHA256_RSA_PKCS            0x00000040UL
-#define CKM_SHA384_RSA_PKCS            0x00000041UL
-#define CKM_SHA512_RSA_PKCS            0x00000042UL
-#define CKM_SHA256_RSA_PKCS_PSS        0x00000043UL
-#define CKM_SHA384_RSA_PKCS_PSS        0x00000044UL
-#define CKM_SHA512_RSA_PKCS_PSS        0x00000045UL
-
-#define CKM_SHA224_RSA_PKCS            0x00000046UL
-#define CKM_SHA224_RSA_PKCS_PSS        0x00000047UL
-
-#define CKM_SHA512_224                 0x00000048UL
-#define CKM_SHA512_224_HMAC            0x00000049UL
-#define CKM_SHA512_224_HMAC_GENERAL    0x0000004AUL
-#define CKM_SHA512_224_KEY_DERIVATION  0x0000004BUL
-#define CKM_SHA512_256                 0x0000004CUL
-#define CKM_SHA512_256_HMAC            0x0000004DUL
-#define CKM_SHA512_256_HMAC_GENERAL    0x0000004EUL
-#define CKM_SHA512_256_KEY_DERIVATION  0x0000004FUL
-
-#define CKM_SHA512_T                   0x00000050UL
-#define CKM_SHA512_T_HMAC              0x00000051UL
-#define CKM_SHA512_T_HMAC_GENERAL      0x00000052UL
-#define CKM_SHA512_T_KEY_DERIVATION    0x00000053UL
-
-#define CKM_RC2_KEY_GEN                0x00000100UL
-#define CKM_RC2_ECB                    0x00000101UL
-#define CKM_RC2_CBC                    0x00000102UL
-#define CKM_RC2_MAC                    0x00000103UL
-
-#define CKM_RC2_MAC_GENERAL            0x00000104UL
-#define CKM_RC2_CBC_PAD                0x00000105UL
-
-#define CKM_RC4_KEY_GEN                0x00000110UL
-#define CKM_RC4                        0x00000111UL
-#define CKM_DES_KEY_GEN                0x00000120UL
-#define CKM_DES_ECB                    0x00000121UL
-#define CKM_DES_CBC                    0x00000122UL
-#define CKM_DES_MAC                    0x00000123UL
-
-#define CKM_DES_MAC_GENERAL            0x00000124UL
-#define CKM_DES_CBC_PAD                0x00000125UL
-
-#define CKM_DES2_KEY_GEN               0x00000130UL
-#define CKM_DES3_KEY_GEN               0x00000131UL
-#define CKM_DES3_ECB                   0x00000132UL
-#define CKM_DES3_CBC                   0x00000133UL
-#define CKM_DES3_MAC                   0x00000134UL
-
-#define CKM_DES3_MAC_GENERAL           0x00000135UL
-#define CKM_DES3_CBC_PAD               0x00000136UL
-#define CKM_DES3_CMAC_GENERAL          0x00000137UL
-#define CKM_DES3_CMAC                  0x00000138UL
-#define CKM_CDMF_KEY_GEN               0x00000140UL
-#define CKM_CDMF_ECB                   0x00000141UL
-#define CKM_CDMF_CBC                   0x00000142UL
-#define CKM_CDMF_MAC                   0x00000143UL
-#define CKM_CDMF_MAC_GENERAL           0x00000144UL
-#define CKM_CDMF_CBC_PAD               0x00000145UL
-
-#define CKM_DES_OFB64                  0x00000150UL
-#define CKM_DES_OFB8                   0x00000151UL
-#define CKM_DES_CFB64                  0x00000152UL
-#define CKM_DES_CFB8                   0x00000153UL
-
-#define CKM_MD2                        0x00000200UL
-
-#define CKM_MD2_HMAC                   0x00000201UL
-#define CKM_MD2_HMAC_GENERAL           0x00000202UL
-
-#define CKM_MD5                        0x00000210UL
-
-#define CKM_MD5_HMAC                   0x00000211UL
-#define CKM_MD5_HMAC_GENERAL           0x00000212UL
-
-#define CKM_SHA_1                      0x00000220UL
-
-#define CKM_SHA_1_HMAC                 0x00000221UL
-#define CKM_SHA_1_HMAC_GENERAL         0x00000222UL
-
-#define CKM_RIPEMD128                  0x00000230UL
-#define CKM_RIPEMD128_HMAC             0x00000231UL
-#define CKM_RIPEMD128_HMAC_GENERAL     0x00000232UL
-#define CKM_RIPEMD160                  0x00000240UL
-#define CKM_RIPEMD160_HMAC             0x00000241UL
-#define CKM_RIPEMD160_HMAC_GENERAL     0x00000242UL
-
-#define CKM_SHA256                     0x00000250UL
-#define CKM_SHA256_HMAC                0x00000251UL
-#define CKM_SHA256_HMAC_GENERAL        0x00000252UL
-#define CKM_SHA224                     0x00000255UL
-#define CKM_SHA224_HMAC                0x00000256UL
-#define CKM_SHA224_HMAC_GENERAL        0x00000257UL
-#define CKM_SHA384                     0x00000260UL
-#define CKM_SHA384_HMAC                0x00000261UL
-#define CKM_SHA384_HMAC_GENERAL        0x00000262UL
-#define CKM_SHA512                     0x00000270UL
-#define CKM_SHA512_HMAC                0x00000271UL
-#define CKM_SHA512_HMAC_GENERAL        0x00000272UL
-#define CKM_SECURID_KEY_GEN            0x00000280UL
-#define CKM_SECURID                    0x00000282UL
-#define CKM_HOTP_KEY_GEN               0x00000290UL
-#define CKM_HOTP                       0x00000291UL
-#define CKM_ACTI                       0x000002A0UL
-#define CKM_ACTI_KEY_GEN               0x000002A1UL
-
-#define CKM_CAST_KEY_GEN               0x00000300UL
-#define CKM_CAST_ECB                   0x00000301UL
-#define CKM_CAST_CBC                   0x00000302UL
-#define CKM_CAST_MAC                   0x00000303UL
-#define CKM_CAST_MAC_GENERAL           0x00000304UL
-#define CKM_CAST_CBC_PAD               0x00000305UL
-#define CKM_CAST3_KEY_GEN              0x00000310UL
-#define CKM_CAST3_ECB                  0x00000311UL
-#define CKM_CAST3_CBC                  0x00000312UL
-#define CKM_CAST3_MAC                  0x00000313UL
-#define CKM_CAST3_MAC_GENERAL          0x00000314UL
-#define CKM_CAST3_CBC_PAD              0x00000315UL
-/* Note that CAST128 and CAST5 are the same algorithm */
-#define CKM_CAST5_KEY_GEN              0x00000320UL
-#define CKM_CAST128_KEY_GEN            0x00000320UL
-#define CKM_CAST5_ECB                  0x00000321UL
-#define CKM_CAST128_ECB                0x00000321UL
-#define CKM_CAST5_CBC                  0x00000322UL /* Deprecated */
-#define CKM_CAST128_CBC                0x00000322UL
-#define CKM_CAST5_MAC                  0x00000323UL /* Deprecated */
-#define CKM_CAST128_MAC                0x00000323UL
-#define CKM_CAST5_MAC_GENERAL          0x00000324UL /* Deprecated */
-#define CKM_CAST128_MAC_GENERAL        0x00000324UL
-#define CKM_CAST5_CBC_PAD              0x00000325UL /* Deprecated */
-#define CKM_CAST128_CBC_PAD            0x00000325UL
-#define CKM_RC5_KEY_GEN                0x00000330UL
-#define CKM_RC5_ECB                    0x00000331UL
-#define CKM_RC5_CBC                    0x00000332UL
-#define CKM_RC5_MAC                    0x00000333UL
-#define CKM_RC5_MAC_GENERAL            0x00000334UL
-#define CKM_RC5_CBC_PAD                0x00000335UL
-#define CKM_IDEA_KEY_GEN               0x00000340UL
-#define CKM_IDEA_ECB                   0x00000341UL
-#define CKM_IDEA_CBC                   0x00000342UL
-#define CKM_IDEA_MAC                   0x00000343UL
-#define CKM_IDEA_MAC_GENERAL           0x00000344UL
-#define CKM_IDEA_CBC_PAD               0x00000345UL
-#define CKM_GENERIC_SECRET_KEY_GEN     0x00000350UL
-#define CKM_CONCATENATE_BASE_AND_KEY   0x00000360UL
-#define CKM_CONCATENATE_BASE_AND_DATA  0x00000362UL
-#define CKM_CONCATENATE_DATA_AND_BASE  0x00000363UL
-#define CKM_XOR_BASE_AND_DATA          0x00000364UL
-#define CKM_EXTRACT_KEY_FROM_KEY       0x00000365UL
-#define CKM_SSL3_PRE_MASTER_KEY_GEN    0x00000370UL
-#define CKM_SSL3_MASTER_KEY_DERIVE     0x00000371UL
-#define CKM_SSL3_KEY_AND_MAC_DERIVE    0x00000372UL
-
-#define CKM_SSL3_MASTER_KEY_DERIVE_DH  0x00000373UL
-#define CKM_TLS_PRE_MASTER_KEY_GEN     0x00000374UL
-#define CKM_TLS_MASTER_KEY_DERIVE      0x00000375UL
-#define CKM_TLS_KEY_AND_MAC_DERIVE     0x00000376UL
-#define CKM_TLS_MASTER_KEY_DERIVE_DH   0x00000377UL
-
-#define CKM_TLS_PRF                    0x00000378UL
-
-#define CKM_SSL3_MD5_MAC               0x00000380UL
-#define CKM_SSL3_SHA1_MAC              0x00000381UL
-#define CKM_MD5_KEY_DERIVATION         0x00000390UL
-#define CKM_MD2_KEY_DERIVATION         0x00000391UL
-#define CKM_SHA1_KEY_DERIVATION        0x00000392UL
-
-#define CKM_SHA256_KEY_DERIVATION      0x00000393UL
-#define CKM_SHA384_KEY_DERIVATION      0x00000394UL
-#define CKM_SHA512_KEY_DERIVATION      0x00000395UL
-#define CKM_SHA224_KEY_DERIVATION      0x00000396UL
-
-#define CKM_PBE_MD2_DES_CBC            0x000003A0UL
-#define CKM_PBE_MD5_DES_CBC            0x000003A1UL
-#define CKM_PBE_MD5_CAST_CBC           0x000003A2UL
-#define CKM_PBE_MD5_CAST3_CBC          0x000003A3UL
-#define CKM_PBE_MD5_CAST5_CBC          0x000003A4UL /* Deprecated */
-#define CKM_PBE_MD5_CAST128_CBC        0x000003A4UL
-#define CKM_PBE_SHA1_CAST5_CBC         0x000003A5UL /* Deprecated */
-#define CKM_PBE_SHA1_CAST128_CBC       0x000003A5UL
-#define CKM_PBE_SHA1_RC4_128           0x000003A6UL
-#define CKM_PBE_SHA1_RC4_40            0x000003A7UL
-#define CKM_PBE_SHA1_DES3_EDE_CBC      0x000003A8UL
-#define CKM_PBE_SHA1_DES2_EDE_CBC      0x000003A9UL
-#define CKM_PBE_SHA1_RC2_128_CBC       0x000003AAUL
-#define CKM_PBE_SHA1_RC2_40_CBC        0x000003ABUL
-
-#define CKM_PKCS5_PBKD2                0x000003B0UL
-
-#define CKM_PBA_SHA1_WITH_SHA1_HMAC    0x000003C0UL
-
-#define CKM_WTLS_PRE_MASTER_KEY_GEN         0x000003D0UL
-#define CKM_WTLS_MASTER_KEY_DERIVE          0x000003D1UL
-#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC   0x000003D2UL
-#define CKM_WTLS_PRF                        0x000003D3UL
-#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE  0x000003D4UL
-#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE  0x000003D5UL
-
-#define CKM_TLS10_MAC_SERVER                0x000003D6UL
-#define CKM_TLS10_MAC_CLIENT                0x000003D7UL
-#define CKM_TLS12_MAC                       0x000003D8UL
-#define CKM_TLS12_KDF                       0x000003D9UL
-#define CKM_TLS12_MASTER_KEY_DERIVE         0x000003E0UL
-#define CKM_TLS12_KEY_AND_MAC_DERIVE        0x000003E1UL
-#define CKM_TLS12_MASTER_KEY_DERIVE_DH      0x000003E2UL
-#define CKM_TLS12_KEY_SAFE_DERIVE           0x000003E3UL
-#define CKM_TLS_MAC                         0x000003E4UL
-#define CKM_TLS_KDF                         0x000003E5UL
-
-#define CKM_KEY_WRAP_LYNKS             0x00000400UL
-#define CKM_KEY_WRAP_SET_OAEP          0x00000401UL
-
-#define CKM_CMS_SIG                    0x00000500UL
-#define CKM_KIP_DERIVE                 0x00000510UL
-#define CKM_KIP_WRAP                   0x00000511UL
-#define CKM_KIP_MAC                    0x00000512UL
-
-#define CKM_CAMELLIA_KEY_GEN           0x00000550UL
-#define CKM_CAMELLIA_ECB               0x00000551UL
-#define CKM_CAMELLIA_CBC               0x00000552UL
-#define CKM_CAMELLIA_MAC               0x00000553UL
-#define CKM_CAMELLIA_MAC_GENERAL       0x00000554UL
-#define CKM_CAMELLIA_CBC_PAD           0x00000555UL
-#define CKM_CAMELLIA_ECB_ENCRYPT_DATA  0x00000556UL
-#define CKM_CAMELLIA_CBC_ENCRYPT_DATA  0x00000557UL
-#define CKM_CAMELLIA_CTR               0x00000558UL
-
-#define CKM_ARIA_KEY_GEN               0x00000560UL
-#define CKM_ARIA_ECB                   0x00000561UL
-#define CKM_ARIA_CBC                   0x00000562UL
-#define CKM_ARIA_MAC                   0x00000563UL
-#define CKM_ARIA_MAC_GENERAL           0x00000564UL
-#define CKM_ARIA_CBC_PAD               0x00000565UL
-#define CKM_ARIA_ECB_ENCRYPT_DATA      0x00000566UL
-#define CKM_ARIA_CBC_ENCRYPT_DATA      0x00000567UL
-
-#define CKM_SEED_KEY_GEN               0x00000650UL
-#define CKM_SEED_ECB                   0x00000651UL
-#define CKM_SEED_CBC                   0x00000652UL
-#define CKM_SEED_MAC                   0x00000653UL
-#define CKM_SEED_MAC_GENERAL           0x00000654UL
-#define CKM_SEED_CBC_PAD               0x00000655UL
-#define CKM_SEED_ECB_ENCRYPT_DATA      0x00000656UL
-#define CKM_SEED_CBC_ENCRYPT_DATA      0x00000657UL
-
-#define CKM_SKIPJACK_KEY_GEN           0x00001000UL
-#define CKM_SKIPJACK_ECB64             0x00001001UL
-#define CKM_SKIPJACK_CBC64             0x00001002UL
-#define CKM_SKIPJACK_OFB64             0x00001003UL
-#define CKM_SKIPJACK_CFB64             0x00001004UL
-#define CKM_SKIPJACK_CFB32             0x00001005UL
-#define CKM_SKIPJACK_CFB16             0x00001006UL
-#define CKM_SKIPJACK_CFB8              0x00001007UL
-#define CKM_SKIPJACK_WRAP              0x00001008UL
-#define CKM_SKIPJACK_PRIVATE_WRAP      0x00001009UL
-#define CKM_SKIPJACK_RELAYX            0x0000100aUL
-#define CKM_KEA_KEY_PAIR_GEN           0x00001010UL
-#define CKM_KEA_KEY_DERIVE             0x00001011UL
-#define CKM_KEA_DERIVE                 0x00001012UL
-#define CKM_FORTEZZA_TIMESTAMP         0x00001020UL
-#define CKM_BATON_KEY_GEN              0x00001030UL
-#define CKM_BATON_ECB128               0x00001031UL
-#define CKM_BATON_ECB96                0x00001032UL
-#define CKM_BATON_CBC128               0x00001033UL
-#define CKM_BATON_COUNTER              0x00001034UL
-#define CKM_BATON_SHUFFLE              0x00001035UL
-#define CKM_BATON_WRAP                 0x00001036UL
-
-#define CKM_ECDSA_KEY_PAIR_GEN         0x00001040UL /* Deprecated */
-#define CKM_EC_KEY_PAIR_GEN            0x00001040UL
-
-#define CKM_ECDSA                      0x00001041UL
-#define CKM_ECDSA_SHA1                 0x00001042UL
-#define CKM_ECDSA_SHA224               0x00001043UL
-#define CKM_ECDSA_SHA256               0x00001044UL
-#define CKM_ECDSA_SHA384               0x00001045UL
-#define CKM_ECDSA_SHA512               0x00001046UL
-
-#define CKM_ECDH1_DERIVE               0x00001050UL
-#define CKM_ECDH1_COFACTOR_DERIVE      0x00001051UL
-#define CKM_ECMQV_DERIVE               0x00001052UL
-
-#define CKM_ECDH_AES_KEY_WRAP          0x00001053UL
-#define CKM_RSA_AES_KEY_WRAP           0x00001054UL
-
-#define CKM_JUNIPER_KEY_GEN            0x00001060UL
-#define CKM_JUNIPER_ECB128             0x00001061UL
-#define CKM_JUNIPER_CBC128             0x00001062UL
-#define CKM_JUNIPER_COUNTER            0x00001063UL
-#define CKM_JUNIPER_SHUFFLE            0x00001064UL
-#define CKM_JUNIPER_WRAP               0x00001065UL
-#define CKM_FASTHASH                   0x00001070UL
-
-#define CKM_AES_KEY_GEN                0x00001080UL
-#define CKM_AES_ECB                    0x00001081UL
-#define CKM_AES_CBC                    0x00001082UL
-#define CKM_AES_MAC                    0x00001083UL
-#define CKM_AES_MAC_GENERAL            0x00001084UL
-#define CKM_AES_CBC_PAD                0x00001085UL
-#define CKM_AES_CTR                    0x00001086UL
-#define CKM_AES_GCM                    0x00001087UL
-#define CKM_AES_CCM                    0x00001088UL
-#define CKM_AES_CTS                    0x00001089UL
-#define CKM_AES_CMAC                   0x0000108AUL
-#define CKM_AES_CMAC_GENERAL           0x0000108BUL
-
-#define CKM_AES_XCBC_MAC               0x0000108CUL
-#define CKM_AES_XCBC_MAC_96            0x0000108DUL
-#define CKM_AES_GMAC                   0x0000108EUL
-
-#define CKM_BLOWFISH_KEY_GEN           0x00001090UL
-#define CKM_BLOWFISH_CBC               0x00001091UL
-#define CKM_TWOFISH_KEY_GEN            0x00001092UL
-#define CKM_TWOFISH_CBC                0x00001093UL
-#define CKM_BLOWFISH_CBC_PAD           0x00001094UL
-#define CKM_TWOFISH_CBC_PAD            0x00001095UL
-
-#define CKM_DES_ECB_ENCRYPT_DATA       0x00001100UL
-#define CKM_DES_CBC_ENCRYPT_DATA       0x00001101UL
-#define CKM_DES3_ECB_ENCRYPT_DATA      0x00001102UL
-#define CKM_DES3_CBC_ENCRYPT_DATA      0x00001103UL
-#define CKM_AES_ECB_ENCRYPT_DATA       0x00001104UL
-#define CKM_AES_CBC_ENCRYPT_DATA       0x00001105UL
-
-#define CKM_GOSTR3410_KEY_PAIR_GEN     0x00001200UL
-#define CKM_GOSTR3410                  0x00001201UL
-#define CKM_GOSTR3410_WITH_GOSTR3411   0x00001202UL
-#define CKM_GOSTR3410_KEY_WRAP         0x00001203UL
-#define CKM_GOSTR3410_DERIVE           0x00001204UL
-#define CKM_GOSTR3411                  0x00001210UL
-#define CKM_GOSTR3411_HMAC             0x00001211UL
-#define CKM_GOST28147_KEY_GEN          0x00001220UL
-#define CKM_GOST28147_ECB              0x00001221UL
-#define CKM_GOST28147                  0x00001222UL
-#define CKM_GOST28147_MAC              0x00001223UL
-#define CKM_GOST28147_KEY_WRAP         0x00001224UL
-
-#define CKM_DSA_PARAMETER_GEN          0x00002000UL
-#define CKM_DH_PKCS_PARAMETER_GEN      0x00002001UL
-#define CKM_X9_42_DH_PARAMETER_GEN     0x00002002UL
-#define CKM_DSA_PROBABLISTIC_PARAMETER_GEN    0x00002003UL
-#define CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN    0x00002004UL
-
-#define CKM_AES_OFB                    0x00002104UL
-#define CKM_AES_CFB64                  0x00002105UL
-#define CKM_AES_CFB8                   0x00002106UL
-#define CKM_AES_CFB128                 0x00002107UL
-
-#define CKM_AES_CFB1                   0x00002108UL
-#define CKM_AES_KEY_WRAP               0x00002109UL     /* WAS: 0x00001090 */
-#define CKM_AES_KEY_WRAP_PAD           0x0000210AUL     /* WAS: 0x00001091 */
-
-#define CKM_RSA_PKCS_TPM_1_1           0x00004001UL
-#define CKM_RSA_PKCS_OAEP_TPM_1_1      0x00004002UL
-
-#define CKM_VENDOR_DEFINED             0x80000000UL
-
-typedef CK_MECHANISM_TYPE CK_PTR CK_MECHANISM_TYPE_PTR;
-
-
-/* CK_MECHANISM is a structure that specifies a particular
- * mechanism
- */
-typedef struct CK_MECHANISM {
-  CK_MECHANISM_TYPE mechanism;
-  CK_VOID_PTR       pParameter;
-  CK_ULONG          ulParameterLen;  /* in bytes */
-} CK_MECHANISM;
-
-typedef CK_MECHANISM CK_PTR CK_MECHANISM_PTR;
-
-
-/* CK_MECHANISM_INFO provides information about a particular
- * mechanism
- */
-typedef struct CK_MECHANISM_INFO {
-    CK_ULONG    ulMinKeySize;
-    CK_ULONG    ulMaxKeySize;
-    CK_FLAGS    flags;
-} CK_MECHANISM_INFO;
-
-/* The flags are defined as follows:
- *      Bit Flag               Mask          Meaning */
-#define CKF_HW                 0x00000001UL  /* performed by HW */
-
-/* Specify whether or not a mechanism can be used for a particular task */
-#define CKF_ENCRYPT            0x00000100UL
-#define CKF_DECRYPT            0x00000200UL
-#define CKF_DIGEST             0x00000400UL
-#define CKF_SIGN               0x00000800UL
-#define CKF_SIGN_RECOVER       0x00001000UL
-#define CKF_VERIFY             0x00002000UL
-#define CKF_VERIFY_RECOVER     0x00004000UL
-#define CKF_GENERATE           0x00008000UL
-#define CKF_GENERATE_KEY_PAIR  0x00010000UL
-#define CKF_WRAP               0x00020000UL
-#define CKF_UNWRAP             0x00040000UL
-#define CKF_DERIVE             0x00080000UL
-
-/* Describe a token's EC capabilities not available in mechanism
- * information.
- */
-#define CKF_EC_F_P             0x00100000UL
-#define CKF_EC_F_2M            0x00200000UL
-#define CKF_EC_ECPARAMETERS    0x00400000UL
-#define CKF_EC_NAMEDCURVE      0x00800000UL
-#define CKF_EC_UNCOMPRESS      0x01000000UL
-#define CKF_EC_COMPRESS        0x02000000UL
-
-#define CKF_EXTENSION          0x80000000UL
-
-typedef CK_MECHANISM_INFO CK_PTR CK_MECHANISM_INFO_PTR;
-
-/* CK_RV is a value that identifies the return value of a
- * Cryptoki function
- */
-typedef CK_ULONG          CK_RV;
-
-#define CKR_OK                                0x00000000UL
-#define CKR_CANCEL                            0x00000001UL
-#define CKR_HOST_MEMORY                       0x00000002UL
-#define CKR_SLOT_ID_INVALID                   0x00000003UL
-
-#define CKR_GENERAL_ERROR                     0x00000005UL
-#define CKR_FUNCTION_FAILED                   0x00000006UL
-
-#define CKR_ARGUMENTS_BAD                     0x00000007UL
-#define CKR_NO_EVENT                          0x00000008UL
-#define CKR_NEED_TO_CREATE_THREADS            0x00000009UL
-#define CKR_CANT_LOCK                         0x0000000AUL
-
-#define CKR_ATTRIBUTE_READ_ONLY               0x00000010UL
-#define CKR_ATTRIBUTE_SENSITIVE               0x00000011UL
-#define CKR_ATTRIBUTE_TYPE_INVALID            0x00000012UL
-#define CKR_ATTRIBUTE_VALUE_INVALID           0x00000013UL
-
-#define CKR_ACTION_PROHIBITED                 0x0000001BUL
-
-#define CKR_DATA_INVALID                      0x00000020UL
-#define CKR_DATA_LEN_RANGE                    0x00000021UL
-#define CKR_DEVICE_ERROR                      0x00000030UL
-#define CKR_DEVICE_MEMORY                     0x00000031UL
-#define CKR_DEVICE_REMOVED                    0x00000032UL
-#define CKR_ENCRYPTED_DATA_INVALID            0x00000040UL
-#define CKR_ENCRYPTED_DATA_LEN_RANGE          0x00000041UL
-#define CKR_FUNCTION_CANCELED                 0x00000050UL
-#define CKR_FUNCTION_NOT_PARALLEL             0x00000051UL
-
-#define CKR_FUNCTION_NOT_SUPPORTED            0x00000054UL
-
-#define CKR_KEY_HANDLE_INVALID                0x00000060UL
-
-#define CKR_KEY_SIZE_RANGE                    0x00000062UL
-#define CKR_KEY_TYPE_INCONSISTENT             0x00000063UL
-
-#define CKR_KEY_NOT_NEEDED                    0x00000064UL
-#define CKR_KEY_CHANGED                       0x00000065UL
-#define CKR_KEY_NEEDED                        0x00000066UL
-#define CKR_KEY_INDIGESTIBLE                  0x00000067UL
-#define CKR_KEY_FUNCTION_NOT_PERMITTED        0x00000068UL
-#define CKR_KEY_NOT_WRAPPABLE                 0x00000069UL
-#define CKR_KEY_UNEXTRACTABLE                 0x0000006AUL
-
-#define CKR_MECHANISM_INVALID                 0x00000070UL
-#define CKR_MECHANISM_PARAM_INVALID           0x00000071UL
-
-#define CKR_OBJECT_HANDLE_INVALID             0x00000082UL
-#define CKR_OPERATION_ACTIVE                  0x00000090UL
-#define CKR_OPERATION_NOT_INITIALIZED         0x00000091UL
-#define CKR_PIN_INCORRECT                     0x000000A0UL
-#define CKR_PIN_INVALID                       0x000000A1UL
-#define CKR_PIN_LEN_RANGE                     0x000000A2UL
-
-#define CKR_PIN_EXPIRED                       0x000000A3UL
-#define CKR_PIN_LOCKED                        0x000000A4UL
-
-#define CKR_SESSION_CLOSED                    0x000000B0UL
-#define CKR_SESSION_COUNT                     0x000000B1UL
-#define CKR_SESSION_HANDLE_INVALID            0x000000B3UL
-#define CKR_SESSION_PARALLEL_NOT_SUPPORTED    0x000000B4UL
-#define CKR_SESSION_READ_ONLY                 0x000000B5UL
-#define CKR_SESSION_EXISTS                    0x000000B6UL
-
-#define CKR_SESSION_READ_ONLY_EXISTS          0x000000B7UL
-#define CKR_SESSION_READ_WRITE_SO_EXISTS      0x000000B8UL
-
-#define CKR_SIGNATURE_INVALID                 0x000000C0UL
-#define CKR_SIGNATURE_LEN_RANGE               0x000000C1UL
-#define CKR_TEMPLATE_INCOMPLETE               0x000000D0UL
-#define CKR_TEMPLATE_INCONSISTENT             0x000000D1UL
-#define CKR_TOKEN_NOT_PRESENT                 0x000000E0UL
-#define CKR_TOKEN_NOT_RECOGNIZED              0x000000E1UL
-#define CKR_TOKEN_WRITE_PROTECTED             0x000000E2UL
-#define CKR_UNWRAPPING_KEY_HANDLE_INVALID     0x000000F0UL
-#define CKR_UNWRAPPING_KEY_SIZE_RANGE         0x000000F1UL
-#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT  0x000000F2UL
-#define CKR_USER_ALREADY_LOGGED_IN            0x00000100UL
-#define CKR_USER_NOT_LOGGED_IN                0x00000101UL
-#define CKR_USER_PIN_NOT_INITIALIZED          0x00000102UL
-#define CKR_USER_TYPE_INVALID                 0x00000103UL
-
-#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN    0x00000104UL
-#define CKR_USER_TOO_MANY_TYPES               0x00000105UL
-
-#define CKR_WRAPPED_KEY_INVALID               0x00000110UL
-#define CKR_WRAPPED_KEY_LEN_RANGE             0x00000112UL
-#define CKR_WRAPPING_KEY_HANDLE_INVALID       0x00000113UL
-#define CKR_WRAPPING_KEY_SIZE_RANGE           0x00000114UL
-#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT    0x00000115UL
-#define CKR_RANDOM_SEED_NOT_SUPPORTED         0x00000120UL
-
-#define CKR_RANDOM_NO_RNG                     0x00000121UL
-
-#define CKR_DOMAIN_PARAMS_INVALID             0x00000130UL
-
-#define CKR_CURVE_NOT_SUPPORTED               0x00000140UL
-
-#define CKR_BUFFER_TOO_SMALL                  0x00000150UL
-#define CKR_SAVED_STATE_INVALID               0x00000160UL
-#define CKR_INFORMATION_SENSITIVE             0x00000170UL
-#define CKR_STATE_UNSAVEABLE                  0x00000180UL
-
-#define CKR_CRYPTOKI_NOT_INITIALIZED          0x00000190UL
-#define CKR_CRYPTOKI_ALREADY_INITIALIZED      0x00000191UL
-#define CKR_MUTEX_BAD                         0x000001A0UL
-#define CKR_MUTEX_NOT_LOCKED                  0x000001A1UL
-
-#define CKR_NEW_PIN_MODE                      0x000001B0UL
-#define CKR_NEXT_OTP                          0x000001B1UL
-
-#define CKR_EXCEEDED_MAX_ITERATIONS           0x000001B5UL
-#define CKR_FIPS_SELF_TEST_FAILED             0x000001B6UL
-#define CKR_LIBRARY_LOAD_FAILED               0x000001B7UL
-#define CKR_PIN_TOO_WEAK                      0x000001B8UL
-#define CKR_PUBLIC_KEY_INVALID                0x000001B9UL
-
-#define CKR_FUNCTION_REJECTED                 0x00000200UL
-
-#define CKR_VENDOR_DEFINED                    0x80000000UL
-
-
-/* CK_NOTIFY is an application callback that processes events */
-typedef CK_CALLBACK_FUNCTION(CK_RV, CK_NOTIFY)(
-  CK_SESSION_HANDLE hSession,     /* the session's handle */
-  CK_NOTIFICATION   event,
-  CK_VOID_PTR       pApplication  /* passed to C_OpenSession */
-);
-
-
-/* CK_FUNCTION_LIST is a structure holding a Cryptoki spec
- * version and pointers of appropriate types to all the
- * Cryptoki functions
- */
-typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST;
-
-typedef CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR;
-
-typedef CK_FUNCTION_LIST_PTR CK_PTR CK_FUNCTION_LIST_PTR_PTR;
-
-
-/* CK_CREATEMUTEX is an application callback for creating a
- * mutex object
- */
-typedef CK_CALLBACK_FUNCTION(CK_RV, CK_CREATEMUTEX)(
-  CK_VOID_PTR_PTR ppMutex  /* location to receive ptr to mutex */
-);
-
-
-/* CK_DESTROYMUTEX is an application callback for destroying a
- * mutex object
- */
-typedef CK_CALLBACK_FUNCTION(CK_RV, CK_DESTROYMUTEX)(
-  CK_VOID_PTR pMutex  /* pointer to mutex */
-);
-
-
-/* CK_LOCKMUTEX is an application callback for locking a mutex */
-typedef CK_CALLBACK_FUNCTION(CK_RV, CK_LOCKMUTEX)(
-  CK_VOID_PTR pMutex  /* pointer to mutex */
-);
-
-
-/* CK_UNLOCKMUTEX is an application callback for unlocking a
- * mutex
- */
-typedef CK_CALLBACK_FUNCTION(CK_RV, CK_UNLOCKMUTEX)(
-  CK_VOID_PTR pMutex  /* pointer to mutex */
-);
-
-
-/* CK_C_INITIALIZE_ARGS provides the optional arguments to
- * C_Initialize
- */
-typedef struct CK_C_INITIALIZE_ARGS {
-  CK_CREATEMUTEX CreateMutex;
-  CK_DESTROYMUTEX DestroyMutex;
-  CK_LOCKMUTEX LockMutex;
-  CK_UNLOCKMUTEX UnlockMutex;
-  CK_FLAGS flags;
-  CK_VOID_PTR pReserved;
-} CK_C_INITIALIZE_ARGS;
-
-/* flags: bit flags that provide capabilities of the slot
- *      Bit Flag                           Mask       Meaning
- */
-#define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001UL
-#define CKF_OS_LOCKING_OK                  0x00000002UL
-
-typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR;
-
-
-/* additional flags for parameters to functions */
-
-/* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */
-#define CKF_DONT_BLOCK     1
-
-/* CK_RSA_PKCS_MGF_TYPE  is used to indicate the Message
- * Generation Function (MGF) applied to a message block when
- * formatting a message block for the PKCS #1 OAEP encryption
- * scheme.
- */
-typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE;
-
-typedef CK_RSA_PKCS_MGF_TYPE CK_PTR CK_RSA_PKCS_MGF_TYPE_PTR;
-
-/* The following MGFs are defined */
-#define CKG_MGF1_SHA1         0x00000001UL
-#define CKG_MGF1_SHA256       0x00000002UL
-#define CKG_MGF1_SHA384       0x00000003UL
-#define CKG_MGF1_SHA512       0x00000004UL
-#define CKG_MGF1_SHA224       0x00000005UL
-
-/* CK_RSA_PKCS_OAEP_SOURCE_TYPE  is used to indicate the source
- * of the encoding parameter when formatting a message block
- * for the PKCS #1 OAEP encryption scheme.
- */
-typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE;
-
-typedef CK_RSA_PKCS_OAEP_SOURCE_TYPE CK_PTR CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR;
-
-/* The following encoding parameter sources are defined */
-#define CKZ_DATA_SPECIFIED    0x00000001UL
-
-/* CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the
- * CKM_RSA_PKCS_OAEP mechanism.
- */
-typedef struct CK_RSA_PKCS_OAEP_PARAMS {
-        CK_MECHANISM_TYPE hashAlg;
-        CK_RSA_PKCS_MGF_TYPE mgf;
-        CK_RSA_PKCS_OAEP_SOURCE_TYPE source;
-        CK_VOID_PTR pSourceData;
-        CK_ULONG ulSourceDataLen;
-} CK_RSA_PKCS_OAEP_PARAMS;
-
-typedef CK_RSA_PKCS_OAEP_PARAMS CK_PTR CK_RSA_PKCS_OAEP_PARAMS_PTR;
-
-/* CK_RSA_PKCS_PSS_PARAMS provides the parameters to the
- * CKM_RSA_PKCS_PSS mechanism(s).
- */
-typedef struct CK_RSA_PKCS_PSS_PARAMS {
-        CK_MECHANISM_TYPE    hashAlg;
-        CK_RSA_PKCS_MGF_TYPE mgf;
-        CK_ULONG             sLen;
-} CK_RSA_PKCS_PSS_PARAMS;
-
-typedef CK_RSA_PKCS_PSS_PARAMS CK_PTR CK_RSA_PKCS_PSS_PARAMS_PTR;
-
-typedef CK_ULONG CK_EC_KDF_TYPE;
-
-/* The following EC Key Derivation Functions are defined */
-#define CKD_NULL                 0x00000001UL
-#define CKD_SHA1_KDF             0x00000002UL
-
-/* The following X9.42 DH key derivation functions are defined */
-#define CKD_SHA1_KDF_ASN1        0x00000003UL
-#define CKD_SHA1_KDF_CONCATENATE 0x00000004UL
-#define CKD_SHA224_KDF           0x00000005UL
-#define CKD_SHA256_KDF           0x00000006UL
-#define CKD_SHA384_KDF           0x00000007UL
-#define CKD_SHA512_KDF           0x00000008UL
-#define CKD_CPDIVERSIFY_KDF      0x00000009UL
-
-
-/* CK_ECDH1_DERIVE_PARAMS provides the parameters to the
- * CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE mechanisms,
- * where each party contributes one key pair.
- */
-typedef struct CK_ECDH1_DERIVE_PARAMS {
-  CK_EC_KDF_TYPE kdf;
-  CK_ULONG ulSharedDataLen;
-  CK_BYTE_PTR pSharedData;
-  CK_ULONG ulPublicDataLen;
-  CK_BYTE_PTR pPublicData;
-} CK_ECDH1_DERIVE_PARAMS;
-
-typedef CK_ECDH1_DERIVE_PARAMS CK_PTR CK_ECDH1_DERIVE_PARAMS_PTR;
-
-/*
- * CK_ECDH2_DERIVE_PARAMS provides the parameters to the
- * CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs.
- */
-typedef struct CK_ECDH2_DERIVE_PARAMS {
-  CK_EC_KDF_TYPE kdf;
-  CK_ULONG ulSharedDataLen;
-  CK_BYTE_PTR pSharedData;
-  CK_ULONG ulPublicDataLen;
-  CK_BYTE_PTR pPublicData;
-  CK_ULONG ulPrivateDataLen;
-  CK_OBJECT_HANDLE hPrivateData;
-  CK_ULONG ulPublicDataLen2;
-  CK_BYTE_PTR pPublicData2;
-} CK_ECDH2_DERIVE_PARAMS;
-
-typedef CK_ECDH2_DERIVE_PARAMS CK_PTR CK_ECDH2_DERIVE_PARAMS_PTR;
-
-typedef struct CK_ECMQV_DERIVE_PARAMS {
-  CK_EC_KDF_TYPE kdf;
-  CK_ULONG ulSharedDataLen;
-  CK_BYTE_PTR pSharedData;
-  CK_ULONG ulPublicDataLen;
-  CK_BYTE_PTR pPublicData;
-  CK_ULONG ulPrivateDataLen;
-  CK_OBJECT_HANDLE hPrivateData;
-  CK_ULONG ulPublicDataLen2;
-  CK_BYTE_PTR pPublicData2;
-  CK_OBJECT_HANDLE publicKey;
-} CK_ECMQV_DERIVE_PARAMS;
-
-typedef CK_ECMQV_DERIVE_PARAMS CK_PTR CK_ECMQV_DERIVE_PARAMS_PTR;
-
-/* Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the
- * CKM_X9_42_DH_PARAMETER_GEN mechanisms
- */
-typedef CK_ULONG CK_X9_42_DH_KDF_TYPE;
-typedef CK_X9_42_DH_KDF_TYPE CK_PTR CK_X9_42_DH_KDF_TYPE_PTR;
-
-/* CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the
- * CKM_X9_42_DH_DERIVE key derivation mechanism, where each party
- * contributes one key pair
- */
-typedef struct CK_X9_42_DH1_DERIVE_PARAMS {
-  CK_X9_42_DH_KDF_TYPE kdf;
-  CK_ULONG ulOtherInfoLen;
-  CK_BYTE_PTR pOtherInfo;
-  CK_ULONG ulPublicDataLen;
-  CK_BYTE_PTR pPublicData;
-} CK_X9_42_DH1_DERIVE_PARAMS;
-
-typedef struct CK_X9_42_DH1_DERIVE_PARAMS CK_PTR CK_X9_42_DH1_DERIVE_PARAMS_PTR;
-
-/* CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the
- * CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation
- * mechanisms, where each party contributes two key pairs
- */
-typedef struct CK_X9_42_DH2_DERIVE_PARAMS {
-  CK_X9_42_DH_KDF_TYPE kdf;
-  CK_ULONG ulOtherInfoLen;
-  CK_BYTE_PTR pOtherInfo;
-  CK_ULONG ulPublicDataLen;
-  CK_BYTE_PTR pPublicData;
-  CK_ULONG ulPrivateDataLen;
-  CK_OBJECT_HANDLE hPrivateData;
-  CK_ULONG ulPublicDataLen2;
-  CK_BYTE_PTR pPublicData2;
-} CK_X9_42_DH2_DERIVE_PARAMS;
-
-typedef CK_X9_42_DH2_DERIVE_PARAMS CK_PTR CK_X9_42_DH2_DERIVE_PARAMS_PTR;
-
-typedef struct CK_X9_42_MQV_DERIVE_PARAMS {
-  CK_X9_42_DH_KDF_TYPE kdf;
-  CK_ULONG ulOtherInfoLen;
-  CK_BYTE_PTR pOtherInfo;
-  CK_ULONG ulPublicDataLen;
-  CK_BYTE_PTR pPublicData;
-  CK_ULONG ulPrivateDataLen;
-  CK_OBJECT_HANDLE hPrivateData;
-  CK_ULONG ulPublicDataLen2;
-  CK_BYTE_PTR pPublicData2;
-  CK_OBJECT_HANDLE publicKey;
-} CK_X9_42_MQV_DERIVE_PARAMS;
-
-typedef CK_X9_42_MQV_DERIVE_PARAMS CK_PTR CK_X9_42_MQV_DERIVE_PARAMS_PTR;
-
-/* CK_KEA_DERIVE_PARAMS provides the parameters to the
- * CKM_KEA_DERIVE mechanism
- */
-typedef struct CK_KEA_DERIVE_PARAMS {
-  CK_BBOOL      isSender;
-  CK_ULONG      ulRandomLen;
-  CK_BYTE_PTR   pRandomA;
-  CK_BYTE_PTR   pRandomB;
-  CK_ULONG      ulPublicDataLen;
-  CK_BYTE_PTR   pPublicData;
-} CK_KEA_DERIVE_PARAMS;
-
-typedef CK_KEA_DERIVE_PARAMS CK_PTR CK_KEA_DERIVE_PARAMS_PTR;
-
-
-/* CK_RC2_PARAMS provides the parameters to the CKM_RC2_ECB and
- * CKM_RC2_MAC mechanisms.  An instance of CK_RC2_PARAMS just
- * holds the effective keysize
- */
-typedef CK_ULONG          CK_RC2_PARAMS;
-
-typedef CK_RC2_PARAMS CK_PTR CK_RC2_PARAMS_PTR;
-
-
-/* CK_RC2_CBC_PARAMS provides the parameters to the CKM_RC2_CBC
- * mechanism
- */
-typedef struct CK_RC2_CBC_PARAMS {
-  CK_ULONG      ulEffectiveBits;  /* effective bits (1-1024) */
-  CK_BYTE       iv[8];            /* IV for CBC mode */
-} CK_RC2_CBC_PARAMS;
-
-typedef CK_RC2_CBC_PARAMS CK_PTR CK_RC2_CBC_PARAMS_PTR;
-
-
-/* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the
- * CKM_RC2_MAC_GENERAL mechanism
- */
-typedef struct CK_RC2_MAC_GENERAL_PARAMS {
-  CK_ULONG      ulEffectiveBits;  /* effective bits (1-1024) */
-  CK_ULONG      ulMacLength;      /* Length of MAC in bytes */
-} CK_RC2_MAC_GENERAL_PARAMS;
-
-typedef CK_RC2_MAC_GENERAL_PARAMS CK_PTR \
-  CK_RC2_MAC_GENERAL_PARAMS_PTR;
-
-
-/* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and
- * CKM_RC5_MAC mechanisms
- */
-typedef struct CK_RC5_PARAMS {
-  CK_ULONG      ulWordsize;  /* wordsize in bits */
-  CK_ULONG      ulRounds;    /* number of rounds */
-} CK_RC5_PARAMS;
-
-typedef CK_RC5_PARAMS CK_PTR CK_RC5_PARAMS_PTR;
-
-
-/* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC
- * mechanism
- */
-typedef struct CK_RC5_CBC_PARAMS {
-  CK_ULONG      ulWordsize;  /* wordsize in bits */
-  CK_ULONG      ulRounds;    /* number of rounds */
-  CK_BYTE_PTR   pIv;         /* pointer to IV */
-  CK_ULONG      ulIvLen;     /* length of IV in bytes */
-} CK_RC5_CBC_PARAMS;
-
-typedef CK_RC5_CBC_PARAMS CK_PTR CK_RC5_CBC_PARAMS_PTR;
-
-
-/* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the
- * CKM_RC5_MAC_GENERAL mechanism
- */
-typedef struct CK_RC5_MAC_GENERAL_PARAMS {
-  CK_ULONG      ulWordsize;   /* wordsize in bits */
-  CK_ULONG      ulRounds;     /* number of rounds */
-  CK_ULONG      ulMacLength;  /* Length of MAC in bytes */
-} CK_RC5_MAC_GENERAL_PARAMS;
-
-typedef CK_RC5_MAC_GENERAL_PARAMS CK_PTR \
-  CK_RC5_MAC_GENERAL_PARAMS_PTR;
-
-/* CK_MAC_GENERAL_PARAMS provides the parameters to most block
- * ciphers' MAC_GENERAL mechanisms.  Its value is the length of
- * the MAC
- */
-typedef CK_ULONG          CK_MAC_GENERAL_PARAMS;
-
-typedef CK_MAC_GENERAL_PARAMS CK_PTR CK_MAC_GENERAL_PARAMS_PTR;
-
-typedef struct CK_DES_CBC_ENCRYPT_DATA_PARAMS {
-  CK_BYTE      iv[8];
-  CK_BYTE_PTR  pData;
-  CK_ULONG     length;
-} CK_DES_CBC_ENCRYPT_DATA_PARAMS;
-
-typedef CK_DES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR;
-
-typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS {
-  CK_BYTE      iv[16];
-  CK_BYTE_PTR  pData;
-  CK_ULONG     length;
-} CK_AES_CBC_ENCRYPT_DATA_PARAMS;
-
-typedef CK_AES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR;
-
-/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the
- * CKM_SKIPJACK_PRIVATE_WRAP mechanism
- */
-typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS {
-  CK_ULONG      ulPasswordLen;
-  CK_BYTE_PTR   pPassword;
-  CK_ULONG      ulPublicDataLen;
-  CK_BYTE_PTR   pPublicData;
-  CK_ULONG      ulPAndGLen;
-  CK_ULONG      ulQLen;
-  CK_ULONG      ulRandomLen;
-  CK_BYTE_PTR   pRandomA;
-  CK_BYTE_PTR   pPrimeP;
-  CK_BYTE_PTR   pBaseG;
-  CK_BYTE_PTR   pSubprimeQ;
-} CK_SKIPJACK_PRIVATE_WRAP_PARAMS;
-
-typedef CK_SKIPJACK_PRIVATE_WRAP_PARAMS CK_PTR \
-  CK_SKIPJACK_PRIVATE_WRAP_PARAMS_PTR;
-
-
-/* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the
- * CKM_SKIPJACK_RELAYX mechanism
- */
-typedef struct CK_SKIPJACK_RELAYX_PARAMS {
-  CK_ULONG      ulOldWrappedXLen;
-  CK_BYTE_PTR   pOldWrappedX;
-  CK_ULONG      ulOldPasswordLen;
-  CK_BYTE_PTR   pOldPassword;
-  CK_ULONG      ulOldPublicDataLen;
-  CK_BYTE_PTR   pOldPublicData;
-  CK_ULONG      ulOldRandomLen;
-  CK_BYTE_PTR   pOldRandomA;
-  CK_ULONG      ulNewPasswordLen;
-  CK_BYTE_PTR   pNewPassword;
-  CK_ULONG      ulNewPublicDataLen;
-  CK_BYTE_PTR   pNewPublicData;
-  CK_ULONG      ulNewRandomLen;
-  CK_BYTE_PTR   pNewRandomA;
-} CK_SKIPJACK_RELAYX_PARAMS;
-
-typedef CK_SKIPJACK_RELAYX_PARAMS CK_PTR \
-  CK_SKIPJACK_RELAYX_PARAMS_PTR;
-
-
-typedef struct CK_PBE_PARAMS {
-  CK_BYTE_PTR      pInitVector;
-  CK_UTF8CHAR_PTR  pPassword;
-  CK_ULONG         ulPasswordLen;
-  CK_BYTE_PTR      pSalt;
-  CK_ULONG         ulSaltLen;
-  CK_ULONG         ulIteration;
-} CK_PBE_PARAMS;
-
-typedef CK_PBE_PARAMS CK_PTR CK_PBE_PARAMS_PTR;
-
-
-/* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the
- * CKM_KEY_WRAP_SET_OAEP mechanism
- */
-typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS {
-  CK_BYTE       bBC;     /* block contents byte */
-  CK_BYTE_PTR   pX;      /* extra data */
-  CK_ULONG      ulXLen;  /* length of extra data in bytes */
-} CK_KEY_WRAP_SET_OAEP_PARAMS;
-
-typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR CK_KEY_WRAP_SET_OAEP_PARAMS_PTR;
-
-typedef struct CK_SSL3_RANDOM_DATA {
-  CK_BYTE_PTR  pClientRandom;
-  CK_ULONG     ulClientRandomLen;
-  CK_BYTE_PTR  pServerRandom;
-  CK_ULONG     ulServerRandomLen;
-} CK_SSL3_RANDOM_DATA;
-
-
-typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS {
-  CK_SSL3_RANDOM_DATA RandomInfo;
-  CK_VERSION_PTR pVersion;
-} CK_SSL3_MASTER_KEY_DERIVE_PARAMS;
-
-typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR \
-  CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR;
-
-typedef struct CK_SSL3_KEY_MAT_OUT {
-  CK_OBJECT_HANDLE hClientMacSecret;
-  CK_OBJECT_HANDLE hServerMacSecret;
-  CK_OBJECT_HANDLE hClientKey;
-  CK_OBJECT_HANDLE hServerKey;
-  CK_BYTE_PTR      pIVClient;
-  CK_BYTE_PTR      pIVServer;
-} CK_SSL3_KEY_MAT_OUT;
-
-typedef CK_SSL3_KEY_MAT_OUT CK_PTR CK_SSL3_KEY_MAT_OUT_PTR;
-
-
-typedef struct CK_SSL3_KEY_MAT_PARAMS {
-  CK_ULONG                ulMacSizeInBits;
-  CK_ULONG                ulKeySizeInBits;
-  CK_ULONG                ulIVSizeInBits;
-  CK_BBOOL                bIsExport;
-  CK_SSL3_RANDOM_DATA     RandomInfo;
-  CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
-} CK_SSL3_KEY_MAT_PARAMS;
-
-typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR CK_SSL3_KEY_MAT_PARAMS_PTR;
-
-typedef struct CK_TLS_PRF_PARAMS {
-  CK_BYTE_PTR  pSeed;
-  CK_ULONG     ulSeedLen;
-  CK_BYTE_PTR  pLabel;
-  CK_ULONG     ulLabelLen;
-  CK_BYTE_PTR  pOutput;
-  CK_ULONG_PTR pulOutputLen;
-} CK_TLS_PRF_PARAMS;
-
-typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR;
-
-typedef struct CK_WTLS_RANDOM_DATA {
-  CK_BYTE_PTR pClientRandom;
-  CK_ULONG    ulClientRandomLen;
-  CK_BYTE_PTR pServerRandom;
-  CK_ULONG    ulServerRandomLen;
-} CK_WTLS_RANDOM_DATA;
-
-typedef CK_WTLS_RANDOM_DATA CK_PTR CK_WTLS_RANDOM_DATA_PTR;
-
-typedef struct CK_WTLS_MASTER_KEY_DERIVE_PARAMS {
-  CK_MECHANISM_TYPE   DigestMechanism;
-  CK_WTLS_RANDOM_DATA RandomInfo;
-  CK_BYTE_PTR         pVersion;
-} CK_WTLS_MASTER_KEY_DERIVE_PARAMS;
-
-typedef CK_WTLS_MASTER_KEY_DERIVE_PARAMS CK_PTR \
-  CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR;
-
-typedef struct CK_WTLS_PRF_PARAMS {
-  CK_MECHANISM_TYPE DigestMechanism;
-  CK_BYTE_PTR       pSeed;
-  CK_ULONG          ulSeedLen;
-  CK_BYTE_PTR       pLabel;
-  CK_ULONG          ulLabelLen;
-  CK_BYTE_PTR       pOutput;
-  CK_ULONG_PTR      pulOutputLen;
-} CK_WTLS_PRF_PARAMS;
-
-typedef CK_WTLS_PRF_PARAMS CK_PTR CK_WTLS_PRF_PARAMS_PTR;
-
-typedef struct CK_WTLS_KEY_MAT_OUT {
-  CK_OBJECT_HANDLE hMacSecret;
-  CK_OBJECT_HANDLE hKey;
-  CK_BYTE_PTR      pIV;
-} CK_WTLS_KEY_MAT_OUT;
-
-typedef CK_WTLS_KEY_MAT_OUT CK_PTR CK_WTLS_KEY_MAT_OUT_PTR;
-
-typedef struct CK_WTLS_KEY_MAT_PARAMS {
-  CK_MECHANISM_TYPE       DigestMechanism;
-  CK_ULONG                ulMacSizeInBits;
-  CK_ULONG                ulKeySizeInBits;
-  CK_ULONG                ulIVSizeInBits;
-  CK_ULONG                ulSequenceNumber;
-  CK_BBOOL                bIsExport;
-  CK_WTLS_RANDOM_DATA     RandomInfo;
-  CK_WTLS_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
-} CK_WTLS_KEY_MAT_PARAMS;
-
-typedef CK_WTLS_KEY_MAT_PARAMS CK_PTR CK_WTLS_KEY_MAT_PARAMS_PTR;
-
-typedef struct CK_CMS_SIG_PARAMS {
-  CK_OBJECT_HANDLE      certificateHandle;
-  CK_MECHANISM_PTR      pSigningMechanism;
-  CK_MECHANISM_PTR      pDigestMechanism;
-  CK_UTF8CHAR_PTR       pContentType;
-  CK_BYTE_PTR           pRequestedAttributes;
-  CK_ULONG              ulRequestedAttributesLen;
-  CK_BYTE_PTR           pRequiredAttributes;
-  CK_ULONG              ulRequiredAttributesLen;
-} CK_CMS_SIG_PARAMS;
-
-typedef CK_CMS_SIG_PARAMS CK_PTR CK_CMS_SIG_PARAMS_PTR;
-
-typedef struct CK_KEY_DERIVATION_STRING_DATA {
-  CK_BYTE_PTR pData;
-  CK_ULONG    ulLen;
-} CK_KEY_DERIVATION_STRING_DATA;
-
-typedef CK_KEY_DERIVATION_STRING_DATA CK_PTR \
-  CK_KEY_DERIVATION_STRING_DATA_PTR;
-
-
-/* The CK_EXTRACT_PARAMS is used for the
- * CKM_EXTRACT_KEY_FROM_KEY mechanism.  It specifies which bit
- * of the base key should be used as the first bit of the
- * derived key
- */
-typedef CK_ULONG CK_EXTRACT_PARAMS;
-
-typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR;
-
-/* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to
- * indicate the Pseudo-Random Function (PRF) used to generate
- * key bits using PKCS #5 PBKDF2.
- */
-typedef CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE;
-
-typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR \
-                        CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR;
-
-#define CKP_PKCS5_PBKD2_HMAC_SHA1          0x00000001UL
-#define CKP_PKCS5_PBKD2_HMAC_GOSTR3411     0x00000002UL
-#define CKP_PKCS5_PBKD2_HMAC_SHA224        0x00000003UL
-#define CKP_PKCS5_PBKD2_HMAC_SHA256        0x00000004UL
-#define CKP_PKCS5_PBKD2_HMAC_SHA384        0x00000005UL
-#define CKP_PKCS5_PBKD2_HMAC_SHA512        0x00000006UL
-#define CKP_PKCS5_PBKD2_HMAC_SHA512_224    0x00000007UL
-#define CKP_PKCS5_PBKD2_HMAC_SHA512_256    0x00000008UL
-
-/* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the
- * source of the salt value when deriving a key using PKCS #5
- * PBKDF2.
- */
-typedef CK_ULONG CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE;
-
-typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE CK_PTR \
-                        CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR;
-
-/* The following salt value sources are defined in PKCS #5 v2.0. */
-#define CKZ_SALT_SPECIFIED        0x00000001UL
-
-/* CK_PKCS5_PBKD2_PARAMS is a structure that provides the
- * parameters to the CKM_PKCS5_PBKD2 mechanism.
- */
-typedef struct CK_PKCS5_PBKD2_PARAMS {
-        CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE           saltSource;
-        CK_VOID_PTR                                pSaltSourceData;
-        CK_ULONG                                   ulSaltSourceDataLen;
-        CK_ULONG                                   iterations;
-        CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf;
-        CK_VOID_PTR                                pPrfData;
-        CK_ULONG                                   ulPrfDataLen;
-        CK_UTF8CHAR_PTR                            pPassword;
-        CK_ULONG_PTR                               ulPasswordLen;
-} CK_PKCS5_PBKD2_PARAMS;
-
-typedef CK_PKCS5_PBKD2_PARAMS CK_PTR CK_PKCS5_PBKD2_PARAMS_PTR;
-
-/* CK_PKCS5_PBKD2_PARAMS2 is a corrected version of the CK_PKCS5_PBKD2_PARAMS
- * structure that provides the parameters to the CKM_PKCS5_PBKD2 mechanism
- * noting that the ulPasswordLen field is a CK_ULONG and not a CK_ULONG_PTR.
- */
-typedef struct CK_PKCS5_PBKD2_PARAMS2 {
-        CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource;
-        CK_VOID_PTR pSaltSourceData;
-        CK_ULONG ulSaltSourceDataLen;
-        CK_ULONG iterations;
-        CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf;
-        CK_VOID_PTR pPrfData;
-        CK_ULONG ulPrfDataLen;
-        CK_UTF8CHAR_PTR pPassword;
-        CK_ULONG ulPasswordLen;
-} CK_PKCS5_PBKD2_PARAMS2;
-
-typedef CK_PKCS5_PBKD2_PARAMS2 CK_PTR CK_PKCS5_PBKD2_PARAMS2_PTR;
-
-typedef CK_ULONG CK_OTP_PARAM_TYPE;
-typedef CK_OTP_PARAM_TYPE CK_PARAM_TYPE; /* backward compatibility */
-
-typedef struct CK_OTP_PARAM {
-    CK_OTP_PARAM_TYPE type;
-    CK_VOID_PTR pValue;
-    CK_ULONG ulValueLen;
-} CK_OTP_PARAM;
-
-typedef CK_OTP_PARAM CK_PTR CK_OTP_PARAM_PTR;
-
-typedef struct CK_OTP_PARAMS {
-    CK_OTP_PARAM_PTR pParams;
-    CK_ULONG ulCount;
-} CK_OTP_PARAMS;
-
-typedef CK_OTP_PARAMS CK_PTR CK_OTP_PARAMS_PTR;
-
-typedef struct CK_OTP_SIGNATURE_INFO {
-    CK_OTP_PARAM_PTR pParams;
-    CK_ULONG ulCount;
-} CK_OTP_SIGNATURE_INFO;
-
-typedef CK_OTP_SIGNATURE_INFO CK_PTR CK_OTP_SIGNATURE_INFO_PTR;
-
-#define CK_OTP_VALUE          0UL
-#define CK_OTP_PIN            1UL
-#define CK_OTP_CHALLENGE      2UL
-#define CK_OTP_TIME           3UL
-#define CK_OTP_COUNTER        4UL
-#define CK_OTP_FLAGS          5UL
-#define CK_OTP_OUTPUT_LENGTH  6UL
-#define CK_OTP_OUTPUT_FORMAT  7UL
-
-#define CKF_NEXT_OTP          0x00000001UL
-#define CKF_EXCLUDE_TIME      0x00000002UL
-#define CKF_EXCLUDE_COUNTER   0x00000004UL
-#define CKF_EXCLUDE_CHALLENGE 0x00000008UL
-#define CKF_EXCLUDE_PIN       0x00000010UL
-#define CKF_USER_FRIENDLY_OTP 0x00000020UL
-
-typedef struct CK_KIP_PARAMS {
-    CK_MECHANISM_PTR  pMechanism;
-    CK_OBJECT_HANDLE  hKey;
-    CK_BYTE_PTR       pSeed;
-    CK_ULONG          ulSeedLen;
-} CK_KIP_PARAMS;
-
-typedef CK_KIP_PARAMS CK_PTR CK_KIP_PARAMS_PTR;
-
-typedef struct CK_AES_CTR_PARAMS {
-    CK_ULONG ulCounterBits;
-    CK_BYTE cb[16];
-} CK_AES_CTR_PARAMS;
-
-typedef CK_AES_CTR_PARAMS CK_PTR CK_AES_CTR_PARAMS_PTR;
-
-typedef struct CK_GCM_PARAMS {
-    CK_BYTE_PTR       pIv;
-    CK_ULONG          ulIvLen;
-    CK_ULONG          ulIvBits;
-    CK_BYTE_PTR       pAAD;
-    CK_ULONG          ulAADLen;
-    CK_ULONG          ulTagBits;
-} CK_GCM_PARAMS;
-
-typedef CK_GCM_PARAMS CK_PTR CK_GCM_PARAMS_PTR;
-
-typedef struct CK_CCM_PARAMS {
-    CK_ULONG          ulDataLen;
-    CK_BYTE_PTR       pNonce;
-    CK_ULONG          ulNonceLen;
-    CK_BYTE_PTR       pAAD;
-    CK_ULONG          ulAADLen;
-    CK_ULONG          ulMACLen;
-} CK_CCM_PARAMS;
-
-typedef CK_CCM_PARAMS CK_PTR CK_CCM_PARAMS_PTR;
-
-/* Deprecated. Use CK_GCM_PARAMS */
-typedef struct CK_AES_GCM_PARAMS {
-  CK_BYTE_PTR pIv;
-  CK_ULONG ulIvLen;
-  CK_ULONG ulIvBits;
-  CK_BYTE_PTR pAAD;
-  CK_ULONG ulAADLen;
-  CK_ULONG ulTagBits;
-} CK_AES_GCM_PARAMS;
-
-typedef CK_AES_GCM_PARAMS CK_PTR CK_AES_GCM_PARAMS_PTR;
-
-/* Deprecated. Use CK_CCM_PARAMS */
-typedef struct CK_AES_CCM_PARAMS {
-    CK_ULONG          ulDataLen;
-    CK_BYTE_PTR       pNonce;
-    CK_ULONG          ulNonceLen;
-    CK_BYTE_PTR       pAAD;
-    CK_ULONG          ulAADLen;
-    CK_ULONG          ulMACLen;
-} CK_AES_CCM_PARAMS;
-
-typedef CK_AES_CCM_PARAMS CK_PTR CK_AES_CCM_PARAMS_PTR;
-
-typedef struct CK_CAMELLIA_CTR_PARAMS {
-    CK_ULONG          ulCounterBits;
-    CK_BYTE           cb[16];
-} CK_CAMELLIA_CTR_PARAMS;
-
-typedef CK_CAMELLIA_CTR_PARAMS CK_PTR CK_CAMELLIA_CTR_PARAMS_PTR;
-
-typedef struct CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS {
-    CK_BYTE           iv[16];
-    CK_BYTE_PTR       pData;
-    CK_ULONG          length;
-} CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS;
-
-typedef CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR \
-                                CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS_PTR;
-
-typedef struct CK_ARIA_CBC_ENCRYPT_DATA_PARAMS {
-    CK_BYTE           iv[16];
-    CK_BYTE_PTR       pData;
-    CK_ULONG          length;
-} CK_ARIA_CBC_ENCRYPT_DATA_PARAMS;
-
-typedef CK_ARIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR \
-                                CK_ARIA_CBC_ENCRYPT_DATA_PARAMS_PTR;
-
-typedef struct CK_DSA_PARAMETER_GEN_PARAM {
-    CK_MECHANISM_TYPE  hash;
-    CK_BYTE_PTR        pSeed;
-    CK_ULONG           ulSeedLen;
-    CK_ULONG           ulIndex;
-} CK_DSA_PARAMETER_GEN_PARAM;
-
-typedef CK_DSA_PARAMETER_GEN_PARAM CK_PTR CK_DSA_PARAMETER_GEN_PARAM_PTR;
-
-typedef struct CK_ECDH_AES_KEY_WRAP_PARAMS {
-    CK_ULONG           ulAESKeyBits;
-    CK_EC_KDF_TYPE     kdf;
-    CK_ULONG           ulSharedDataLen;
-    CK_BYTE_PTR        pSharedData;
-} CK_ECDH_AES_KEY_WRAP_PARAMS;
-
-typedef CK_ECDH_AES_KEY_WRAP_PARAMS CK_PTR CK_ECDH_AES_KEY_WRAP_PARAMS_PTR;
-
-typedef CK_ULONG CK_JAVA_MIDP_SECURITY_DOMAIN;
-
-typedef CK_ULONG CK_CERTIFICATE_CATEGORY;
-
-typedef struct CK_RSA_AES_KEY_WRAP_PARAMS {
-    CK_ULONG                      ulAESKeyBits;
-    CK_RSA_PKCS_OAEP_PARAMS_PTR   pOAEPParams;
-} CK_RSA_AES_KEY_WRAP_PARAMS;
-
-typedef CK_RSA_AES_KEY_WRAP_PARAMS CK_PTR CK_RSA_AES_KEY_WRAP_PARAMS_PTR;
-
-typedef struct CK_TLS12_MASTER_KEY_DERIVE_PARAMS {
-    CK_SSL3_RANDOM_DATA       RandomInfo;
-    CK_VERSION_PTR            pVersion;
-    CK_MECHANISM_TYPE         prfHashMechanism;
-} CK_TLS12_MASTER_KEY_DERIVE_PARAMS;
-
-typedef CK_TLS12_MASTER_KEY_DERIVE_PARAMS CK_PTR \
-                                CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR;
-
-typedef struct CK_TLS12_KEY_MAT_PARAMS {
-    CK_ULONG                  ulMacSizeInBits;
-    CK_ULONG                  ulKeySizeInBits;
-    CK_ULONG                  ulIVSizeInBits;
-    CK_BBOOL                  bIsExport;
-    CK_SSL3_RANDOM_DATA       RandomInfo;
-    CK_SSL3_KEY_MAT_OUT_PTR   pReturnedKeyMaterial;
-    CK_MECHANISM_TYPE         prfHashMechanism;
-} CK_TLS12_KEY_MAT_PARAMS;
-
-typedef CK_TLS12_KEY_MAT_PARAMS CK_PTR CK_TLS12_KEY_MAT_PARAMS_PTR;
-
-typedef struct CK_TLS_KDF_PARAMS {
-    CK_MECHANISM_TYPE         prfMechanism;
-    CK_BYTE_PTR               pLabel;
-    CK_ULONG                  ulLabelLength;
-    CK_SSL3_RANDOM_DATA       RandomInfo;
-    CK_BYTE_PTR               pContextData;
-    CK_ULONG                  ulContextDataLength;
-} CK_TLS_KDF_PARAMS;
-
-typedef CK_TLS_KDF_PARAMS CK_PTR CK_TLS_KDF_PARAMS_PTR;
-
-typedef struct CK_TLS_MAC_PARAMS {
-    CK_MECHANISM_TYPE         prfHashMechanism;
-    CK_ULONG                  ulMacLength;
-    CK_ULONG                  ulServerOrClient;
-} CK_TLS_MAC_PARAMS;
-
-typedef CK_TLS_MAC_PARAMS CK_PTR CK_TLS_MAC_PARAMS_PTR;
-
-typedef struct CK_GOSTR3410_DERIVE_PARAMS {
-    CK_EC_KDF_TYPE            kdf;
-    CK_BYTE_PTR               pPublicData;
-    CK_ULONG                  ulPublicDataLen;
-    CK_BYTE_PTR               pUKM;
-    CK_ULONG                  ulUKMLen;
-} CK_GOSTR3410_DERIVE_PARAMS;
-
-typedef CK_GOSTR3410_DERIVE_PARAMS CK_PTR CK_GOSTR3410_DERIVE_PARAMS_PTR;
-
-typedef struct CK_GOSTR3410_KEY_WRAP_PARAMS {
-    CK_BYTE_PTR               pWrapOID;
-    CK_ULONG                  ulWrapOIDLen;
-    CK_BYTE_PTR               pUKM;
-    CK_ULONG                  ulUKMLen;
-    CK_OBJECT_HANDLE          hKey;
-} CK_GOSTR3410_KEY_WRAP_PARAMS;
-
-typedef CK_GOSTR3410_KEY_WRAP_PARAMS CK_PTR CK_GOSTR3410_KEY_WRAP_PARAMS_PTR;
-
-typedef struct CK_SEED_CBC_ENCRYPT_DATA_PARAMS {
-    CK_BYTE                   iv[16];
-    CK_BYTE_PTR               pData;
-    CK_ULONG                  length;
-} CK_SEED_CBC_ENCRYPT_DATA_PARAMS;
-
-typedef CK_SEED_CBC_ENCRYPT_DATA_PARAMS CK_PTR \
-                                        CK_SEED_CBC_ENCRYPT_DATA_PARAMS_PTR;
-
-#endif /* _PKCS11T_H_ */
-