PKCS11_KERNEL(7) Standards, Environments, and Macros PKCS11_KERNEL(7)

NAME


pkcs11_kernel - PKCS#11 interface to Kernel Cryptographic Framework

SYNOPSIS


/usr/lib/security/pkcs11_kernel.so
/usr/lib/security/64/pkcs11_kernel.so


DESCRIPTION


The pkcs11_kernel.so object implements the RSA PKCS#11 v2.20
specification by using a private interface to communicate with the Kernel
Cryptographic Framework.


Each unique hardware provider is represented by a PKCS#11 slot. In a
system with no hardware Kernel Cryptographic Framework providers, this
PKCS#11 library presents no slots.


The PKCS#11 mechanisms provided by this library is determined by the
available hardware providers.


Application developers should link to libpkcs11.so rather than link
directly to pkcs11_kernel.so. See libpkcs11(3LIB).


All of the Standard PKCS#11 functions listed on libpkcs11(3LIB) are
implemented except for the following:

C_DecryptDigestUpdate
C_DecryptVerifyUpdate
C_DigestEncryptUpdate
C_GetOperationState
C_InitToken
C_InitPIN
C_SetOperationState
C_SignEncryptUpdate
C_WaitForSlotEvent


A call to these functions returns CKR_FUNCTION_NOT_SUPPORTED.


Buffers cannot be greater than 2 megabytes. For example, C_Encrypt() can
be called with a 2 megabyte buffer of plaintext and a 2 megabyte buffer
for the ciphertext.


The maximum number of object handles that can be returned by a call to
C_FindObjects() is 512.


The maximum amount of kernel memory that can be used for crypto
operations is limited by the project.max-crypto-memory resource control.
Allocations in the kernel for buffers and session-related structures are
charged against this resource control.

RETURN VALUES


The return values of each of the implemented functions are defined and
listed in the RSA PKCS#11 v2.20 specification. See
http://www.rsasecurity.com.

ATTRIBUTES


See attributes(7) for a description of the following attributes:


+--------------------+--------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+--------------------------+
|Interface Stability | Standard: PKCS#11 v2.20 |
+--------------------+--------------------------+
|MT-Level | MT-Safe with exceptions. |
| | See section 6.5.2 of RSA |
| | PKCS#11 v2.20 |
+--------------------+--------------------------+

SEE ALSO


libpkcs11(3LIB), attributes(7), pkcs11_softtoken(7), cryptoadm(8),
rctladm(8)


RSA PKCS#11 v2.20 http://www.rsasecurity.com

NOTES


Applications that have an open session to a PKCS#11 slot make the
corresponding hardware provider driver not unloadable. An administrator
must close the applications that have an PKCS#11 session open to the
hardware provider to make the driver unloadable.

illumos October 27, 2005 PKCS11_KERNEL(7)