From 6655c155cfb81ce2e22efdd98a79b858ad655d66 Mon Sep 17 00:00:00 2001
From: Joao Henrique <joao.henrique1299@hotmail.com>
Date: Tue, 1 Jul 2025 21:31:10 -0300
Subject: [PATCH 01/21] feat: add initial dockerfile do easier the build

feat: temporary commit with cache

feat: remove cache
---
 Dockerfile | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 Dockerfile

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 000000000..3e0a1bff0
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,42 @@
+FROM ubuntu:24.04 AS softhsm_builder
+
+RUN apt update && \
+    apt install -y \
+    automake \
+    autoconf \
+    libtool \
+    pkg-config \
+    openssl \
+    libbotan-2-dev \
+    make \
+    g++ \
+    libssl-dev \
+    libsqlite3-dev \
+    libp11-kit-dev \
+    libcppunit-dev \
+    sudo \
+    git
+
+WORKDIR /app
+COPY . /app
+
+RUN sh autogen.sh
+
+RUN ./configure --with-objectstore-backend-db --disable-gost --enable-eddsa --enable-ecc --with-crypto-backend=openssl
+
+RUN make
+# Tests
+# RUN make check
+
+RUN make install
+
+# If needed, the conf file definitions goes here.
+# about conf file: man softhsm2.conf
+
+RUN mkdir -p /var/lib/softhsm/tokens/
+
+RUN softhsm2-util --init-token --slot 0 --label "My SoftHSM Token" --so-pin 0000 --pin 0000
+
+RUN apt install -y opensc opensc-pkcs11
+
+CMD ["bash"]

From af467c34530416c2c60c560bc20444d0a35e2033 Mon Sep 17 00:00:00 2001
From: Joao Henrique <joao.henrique1299@hotmail.com>
Date: Thu, 14 Aug 2025 22:13:17 -0300
Subject: [PATCH 02/21] feat: using openssl 3.5.1 to build softhsmv2

---
 Dockerfile | 39 ++++++++++++++++++++++++++++++++++-----
 1 file changed, 34 insertions(+), 5 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 3e0a1bff0..48a9d5eef 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,16 +1,47 @@
+FROM ubuntu:24.04 AS openssl_builder
+
+RUN apt update && \
+    apt install -y \
+    build-essential \
+    make \
+    libtext-template-perl \
+    wget \
+    git && \
+    rm -rf /var/lib/apt/lists/*
+
+WORKDIR /crypt
+
+RUN wget https://github.com/openssl/openssl/archive/refs/tags/openssl-3.5.1.tar.gz && \
+    mkdir openssl && \
+    tar -xvf openssl-3.5.1.tar.gz -C openssl --strip-components=1 && \
+    rm openssl-3.5.1.tar.gz
+
+WORKDIR /crypt/openssl
+
+RUN ./config --prefix=/usr/local --openssldir=/usr/local/ssl -Wl,-rpath=/usr/local/lib && \
+    make -j$(nproc) && \
+    make install
+
 FROM ubuntu:24.04 AS softhsm_builder
 
+COPY --from=openssl_builder /usr/local/bin/openssl /usr/local/bin/
+COPY --from=openssl_builder /usr/local/lib64/ /usr/local/lib64/
+COPY --from=openssl_builder /usr/local/ssl/ /usr/local/ssl/
+COPY --from=openssl_builder /usr/local/include/ /usr/local/include/
+
+RUN echo '/usr/local/lib64' > /etc/ld.so.conf.d/openssl.conf && \
+    ldconfig
+
+ENV LD_LIBRARY_PATH=/usr/local/lib64
+
 RUN apt update && \
     apt install -y \
     automake \
     autoconf \
     libtool \
     pkg-config \
-    openssl \
-    libbotan-2-dev \
     make \
     g++ \
-    libssl-dev \
     libsqlite3-dev \
     libp11-kit-dev \
     libcppunit-dev \
@@ -25,8 +56,6 @@ RUN sh autogen.sh
 RUN ./configure --with-objectstore-backend-db --disable-gost --enable-eddsa --enable-ecc --with-crypto-backend=openssl
 
 RUN make
-# Tests
-# RUN make check
 
 RUN make install
 

From 4fa5d9c606768ada11b5d2e40318d07ba6beceb7 Mon Sep 17 00:00:00 2001
From: Joao Henrique <joao.henrique1299@hotmail.com>
Date: Thu, 21 Aug 2025 22:43:30 -0300
Subject: [PATCH 03/21] chore: dockerfile remove ecc keys, enable only eddsa

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 48a9d5eef..64c279367 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -53,7 +53,7 @@ COPY . /app
 
 RUN sh autogen.sh
 
-RUN ./configure --with-objectstore-backend-db --disable-gost --enable-eddsa --enable-ecc --with-crypto-backend=openssl
+RUN ./configure --with-objectstore-backend-db --disable-gost --enable-eddsa --with-crypto-backend=openssl
 
 RUN make
 

From 48e8cc6c9633197e993b3fb09522e88f6cef11a4 Mon Sep 17 00:00:00 2001
From: Joao Henrique <joao.henrique1299@hotmail.com>
Date: Thu, 28 Aug 2025 21:37:42 -0300
Subject: [PATCH 04/21] fix: install opensc and pkcs11 at begining

---
 Dockerfile | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 64c279367..67435f02a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -46,7 +46,8 @@ RUN apt update && \
     libp11-kit-dev \
     libcppunit-dev \
     sudo \
-    git
+    opensc \
+    opensc-pkcs11
 
 WORKDIR /app
 COPY . /app
@@ -66,6 +67,4 @@ RUN mkdir -p /var/lib/softhsm/tokens/
 
 RUN softhsm2-util --init-token --slot 0 --label "My SoftHSM Token" --so-pin 0000 --pin 0000
 
-RUN apt install -y opensc opensc-pkcs11
-
 CMD ["bash"]

From ae0a50ec4ab9b2e74b376170a0cf5f796b6e0b4e Mon Sep 17 00:00:00 2001
From: Joao Henrique <joao.henrique1299@hotmail.com>
Date: Tue, 4 Nov 2025 22:56:53 -0300
Subject: [PATCH 05/21] docs: remove logs used on exploratory process

removed logs used to learn about how softhsm handle crypto algorithms
---
 src/lib/P11Objects.cpp               |  8 ----
 src/lib/SoftHSM.cpp                  | 67 ----------------------------
 src/lib/crypto/OSSLSLHDSA.cpp        |  8 ----
 src/lib/crypto/OSSLSLHPrivateKey.cpp |  1 -
 src/lib/crypto/OSSLSLHPublicKey.cpp  |  1 -
 5 files changed, 85 deletions(-)

diff --git a/src/lib/P11Objects.cpp b/src/lib/P11Objects.cpp
index f3a83e5d7..4b15556a7 100644
--- a/src/lib/P11Objects.cpp
+++ b/src/lib/P11Objects.cpp
@@ -189,12 +189,10 @@ CK_RV P11Object::loadTemplate(Token *token, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG
 // Save template
 CK_RV P11Object::saveTemplate(Token *token, bool isPrivate, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, int op)
 {
-	INFO_MSG("INIT saveTemplate, OBJECT_OP_GENERATE %d, isPrivate %d", OBJECT_OP_GENERATE == op,isPrivate)
 	if (osobject == NULL)
 		return CKR_GENERAL_ERROR;
 	if (osobject->startTransaction() == false)
 		return CKR_GENERAL_ERROR;
-	INFO_MSG("osobject is not NULL and started transaction OK")
 
 	if (op == OBJECT_OP_SET)
 	{
@@ -300,8 +298,6 @@ CK_RV P11Object::saveTemplate(Token *token, bool isPrivate, CK_ATTRIBUTE_PTR pTe
 	{
 		return CKR_GENERAL_ERROR;
 	}
-
-	INFO_MSG("END saveTemplate")
 	return CKR_OK;
 }
 
@@ -944,7 +940,6 @@ P11SLHPublicKeyObj::P11SLHPublicKeyObj()
 // Add attributes
 bool P11SLHPublicKeyObj::init(OSObject *inobject)
 {
-	INFO_MSG("INIT P11SLHPublicKeyObj");
 	if (initialized) return true;
 	if (inobject == NULL) return false;
 
@@ -978,7 +973,6 @@ bool P11SLHPublicKeyObj::init(OSObject *inobject)
 	attributes[attrValue->getType()] = attrValue;
 
 	initialized = true;
-	INFO_MSG("END P11SLHPublicKeyObj");
 	return true;
 }
 
@@ -1396,7 +1390,6 @@ P11SLHPrivateKeyObj::P11SLHPrivateKeyObj()
 // Add attributes
 bool P11SLHPrivateKeyObj::init(OSObject *inobject)
 {
-	INFO_MSG("INIT P11SLHPrivateKeyObj");
 	if (initialized) return true;
 	if (inobject == NULL) return false;
 
@@ -1430,7 +1423,6 @@ bool P11SLHPrivateKeyObj::init(OSObject *inobject)
 	attributes[attrValue->getType()] = attrValue;
 
 	initialized = true;
-	INFO_MSG("END P11SLHPrivateKeyObj");
 	return true;
 }
 
diff --git a/src/lib/SoftHSM.cpp b/src/lib/SoftHSM.cpp
index b13bc01fa..2ada1e55f 100644
--- a/src/lib/SoftHSM.cpp
+++ b/src/lib/SoftHSM.cpp
@@ -233,7 +233,6 @@ static CK_RV extractObjectInformation(CK_ATTRIBUTE_PTR pTemplate,
 			case CKA_CLASS:
 				if (pTemplate[i].ulValueLen == sizeof(CK_OBJECT_CLASS))
 				{
-					INFO_MSG("Extracted CKA_CLASS");
 					objClass = *(CK_OBJECT_CLASS_PTR)pTemplate[i].pValue;
 					bHasClass = true;
 				}
@@ -241,7 +240,6 @@ static CK_RV extractObjectInformation(CK_ATTRIBUTE_PTR pTemplate,
 			case CKA_KEY_TYPE:
 				if (pTemplate[i].ulValueLen == sizeof(CK_KEY_TYPE))
 				{
-					INFO_MSG("Extracted CKA_KEY_TYPE");
 					keyType = *(CK_KEY_TYPE*)pTemplate[i].pValue;
 					bHasKeyType = true;
 				}
@@ -249,7 +247,6 @@ static CK_RV extractObjectInformation(CK_ATTRIBUTE_PTR pTemplate,
 			case CKA_CERTIFICATE_TYPE:
 				if (pTemplate[i].ulValueLen == sizeof(CK_CERTIFICATE_TYPE))
 				{
-					INFO_MSG("Extracted CKA_CERTIFICATE_TYPE");
 					certType = *(CK_CERTIFICATE_TYPE*)pTemplate[i].pValue;
 					bHasCertType = true;
 				}
@@ -257,14 +254,12 @@ static CK_RV extractObjectInformation(CK_ATTRIBUTE_PTR pTemplate,
 			case CKA_TOKEN:
 				if (pTemplate[i].ulValueLen == sizeof(CK_BBOOL))
 				{
-					INFO_MSG("Extracted CKA_TOKEN");
 					isOnToken = *(CK_BBOOL*)pTemplate[i].pValue;
 				}
 				break;
 			case CKA_PRIVATE:
 				if (pTemplate[i].ulValueLen == sizeof(CK_BBOOL))
 				{
-					INFO_MSG("Extracted CKA_PRIVATE");
 					isPrivate = *(CK_BBOOL*)pTemplate[i].pValue;
 					bHasPrivate = true;
 				}
@@ -274,9 +269,6 @@ static CK_RV extractObjectInformation(CK_ATTRIBUTE_PTR pTemplate,
 		}
 	}
 
-	INFO_MSG("(class = %d, key_type = %d, cert_type = %d, private = %d, isOnToken=%d, isPrivate=%d)",
-			bHasClass, bHasKeyType, bHasCertType, bHasPrivate, isOnToken, isPrivate);
-
 	if (bImplicit)
 	{
 		return CKR_OK;
@@ -4148,7 +4140,6 @@ CK_RV SoftHSM::MacSignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechani
 // AsymmetricAlgorithm version of C_SignInit
 CK_RV SoftHSM::AsymSignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
 {
-	INFO_MSG("here init signature")
 	if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
 
 	if (pMechanism == NULL_PTR) return CKR_ARGUMENTS_BAD;
@@ -4704,7 +4695,6 @@ static CK_RV MacSign(Session* session, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK
 // AsymmetricAlgorithm version of C_Sign
 static CK_RV AsymSign(Session* session, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)
 {
-	INFO_MSG("here signs the message")
 	AsymmetricAlgorithm* asymCrypto = session->getAsymmetricCryptoOp();
 	AsymMech::Type mechanism = session->getMechanism();
 	PrivateKey* privateKey = session->getPrivateKey();
@@ -4777,7 +4767,6 @@ static CK_RV AsymSign(Session* session, CK_BYTE_PTR pData, CK_ULONG ulDataLen, C
 	*pulSignatureLen = size;
 
 	session->resetOp();
-	INFO_MSG("Signature finished.");
 	return CKR_OK;
 }
 
@@ -5603,7 +5592,6 @@ CK_RV SoftHSM::AsymVerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMech
 #ifdef WITH_SLHDSA
 	else if (isSLHDSA)
 	{
-		INFO_MSG("INIT take SLH-DSA public key.");
 		asymCrypto = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::SLHDSA);
 		if (asymCrypto == NULL) return CKR_MECHANISM_INVALID;
 
@@ -5620,7 +5608,6 @@ CK_RV SoftHSM::AsymVerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMech
 			CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
 			return CKR_GENERAL_ERROR;
 		}
-		INFO_MSG("END take SLH-DSA public key.");
 	}
 #endif
 	else
@@ -5663,7 +5650,6 @@ CK_RV SoftHSM::AsymVerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMech
 	session->setAllowSinglePartOp(true);
 	session->setPublicKey(publicKey);
 
-	INFO_MSG("END AsymVerifyInit.");
 	return CKR_OK;
 }
 
@@ -6249,7 +6235,6 @@ CK_RV SoftHSM::C_GenerateKeyPair
 	CK_BBOOL ispublicKeyToken = CK_FALSE;
 	CK_BBOOL ispublicKeyPrivate = CK_FALSE;
 	bool isPublicKeyImplicit = true;
-	INFO_MSG("INIT public key extractObjectInformation (CKM_SLH_KEY_PAIR_GEN, CKK_SLHDSA)");
 	extractObjectInformation(pPublicKeyTemplate, ulPublicKeyAttributeCount, publicKeyClass, keyType, dummy, ispublicKeyToken, ispublicKeyPrivate, isPublicKeyImplicit);
 
 	// Report errors caused by accidental template mix-ups in the application using this cryptoki lib.
@@ -6270,14 +6255,12 @@ CK_RV SoftHSM::C_GenerateKeyPair
 	if (pMechanism->mechanism == CKM_SLH_KEY_PAIR_GEN && keyType != CKK_SLHDSA)
 		return CKR_TEMPLATE_INCONSISTENT;
 
-	INFO_MSG("END public key extractObjectInformation (CKM_SLH_KEY_PAIR_GEN, CKK_SLHDSA)");
 	// Extract information from the private key template that is needed to create the object.
 	CK_OBJECT_CLASS privateKeyClass = CKO_PRIVATE_KEY;
 	CK_BBOOL isprivateKeyToken = CK_FALSE;
 	CK_BBOOL isprivateKeyPrivate = CK_TRUE;
 	bool isPrivateKeyImplicit = true;
 
-	INFO_MSG("INIT private key extractObjectInformation (CKM_SLH_KEY_PAIR_GEN, CKK_SLHDSA)");
 	extractObjectInformation(pPrivateKeyTemplate, ulPrivateKeyAttributeCount, privateKeyClass, keyType, dummy, isprivateKeyToken, isprivateKeyPrivate, isPrivateKeyImplicit);
 
 	// Report errors caused by accidental template mix-ups in the application using this cryptoki lib.
@@ -6297,7 +6280,6 @@ CK_RV SoftHSM::C_GenerateKeyPair
 		return CKR_TEMPLATE_INCONSISTENT;
 	if (pMechanism->mechanism == CKM_SLH_KEY_PAIR_GEN && keyType != CKK_SLHDSA)
 		return CKR_TEMPLATE_INCONSISTENT;
-	INFO_MSG("END private key extractObjectInformation (CKM_SLH_KEY_PAIR_GEN, CKK_SLHDSA)");
 
 	// Check user credentials
 	CK_RV rv = haveWrite(session->getState(), ispublicKeyToken || isprivateKeyToken, ispublicKeyPrivate || isprivateKeyPrivate);
@@ -10115,8 +10097,6 @@ CK_RV SoftHSM::generateSLH
 				break;
 		}
 	}
-	INFO_MSG("Extracted public key params <%s>", params.const_byte_str());
-
 
 	// The parameters must be specified to be able to generate a key pair.
 	if (params.size() == 0) {
@@ -10127,7 +10107,6 @@ CK_RV SoftHSM::generateSLH
 	// Set the parameters
 	SLHParameters p;
 	p.setName(params);
-	INFO_MSG("seted params for SLH-DSA");
 
 	// Generate key pair
 	AsymmetricKeyPair* kp = NULL;
@@ -10140,10 +10119,8 @@ CK_RV SoftHSM::generateSLH
 		return CKR_GENERAL_ERROR;
 	}
 
-	INFO_MSG("INIT Get Public/Private Key");
 	SLHPublicKey* pub = (SLHPublicKey*) kp->getPublicKey();
 	SLHPrivateKey* priv = (SLHPrivateKey*) kp->getPrivateKey();
-	INFO_MSG("END Get Public/Private Key");
 
 	CK_RV rv = CKR_OK;
 
@@ -10180,15 +10157,12 @@ CK_RV SoftHSM::generateSLH
 
 		if (rv == CKR_OK)
 		{
-			INFO_MSG("INIT PublicKey CreateObject");
 			rv = this->CreateObject(hSession,publicKeyAttribs,publicKeyAttribsCount,phPublicKey,OBJECT_OP_GENERATE);
-			INFO_MSG("END PublicKey CreateObject");
 		}
 
 		// Store the attributes that are being supplied by the key generation to the object
 		if (rv == CKR_OK)
 		{
-			INFO_MSG("INIT PublicKey STORING");
 			OSObject* osobject = (OSObject*)handleManager->getObject(*phPublicKey);
 			if (osobject == NULL_PTR || !osobject->isValid()) {
 				rv = CKR_FUNCTION_FAILED;
@@ -10221,7 +10195,6 @@ CK_RV SoftHSM::generateSLH
 					rv = CKR_FUNCTION_FAILED;
 			} else
 				rv = CKR_FUNCTION_FAILED;
-			INFO_MSG("END PublicKey STORING");
 		}
 	}
 
@@ -10256,15 +10229,12 @@ CK_RV SoftHSM::generateSLH
 
 		if (rv == CKR_OK)
 		{
-			INFO_MSG("INIT PrivateKey CreateObject");
 			rv = this->CreateObject(hSession,privateKeyAttribs,privateKeyAttribsCount,phPrivateKey,OBJECT_OP_GENERATE);
-			INFO_MSG("END PrivateKey CreateObject");
 		}
 
 		// Store the attributes that are being supplied by the key generation to the object
 		if (rv == CKR_OK)
 		{
-			INFO_MSG("INIT PrivateKey STORING");
 			OSObject* osobject = (OSObject*)handleManager->getObject(*phPrivateKey);
 			if (osobject == NULL_PTR || !osobject->isValid()) {
 				rv = CKR_FUNCTION_FAILED;
@@ -10303,7 +10273,6 @@ CK_RV SoftHSM::generateSLH
 					rv = CKR_FUNCTION_FAILED;
 			} else
 				rv = CKR_FUNCTION_FAILED;
-			INFO_MSG("END PrivateKey STORING");
 		}
 	}
 
@@ -12640,33 +12609,24 @@ CK_RV SoftHSM::deriveSymmetric
 
 CK_RV SoftHSM::CreateObject(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phObject, int op)
 {
-	INFO_MSG("INIT CreateObject");
-
 	if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
-	INFO_MSG("isInitialised OK");
 
 	if (pTemplate == NULL_PTR) return CKR_ARGUMENTS_BAD;
-	INFO_MSG("template OK");
 	if (phObject == NULL_PTR) return CKR_ARGUMENTS_BAD;
-	INFO_MSG("phObject OK");
 
 	// Get the session
 	Session* session = (Session*)handleManager->getSession(hSession);
 	if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
-	INFO_MSG("session OK");
 
 	// Get the slot
 	Slot* slot = session->getSlot();
 	if (slot == NULL_PTR) return CKR_GENERAL_ERROR;
-	INFO_MSG("slot OK");
 
 	// Get the token
 	Token* token = session->getToken();
 	if (token == NULL_PTR) return CKR_GENERAL_ERROR;
-	INFO_MSG("token OK");
 
 	// Extract information from the template that is needed to create the object.
-	INFO_MSG("INIT wheird extraction with RSA");
 	CK_OBJECT_CLASS objClass = CKO_DATA;
 	CK_KEY_TYPE keyType = CKK_RSA;
 	CK_CERTIFICATE_TYPE certType = CKC_X_509;
@@ -12679,7 +12639,6 @@ CK_RV SoftHSM::CreateObject(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTempla
 		ERROR_MSG("Mandatory attribute not present in template");
 		return rv;
 	}
-	INFO_MSG("END wheird extraction with RSA");
 
 	// Check user credentials
 	rv = haveWrite(session->getState(), isOnToken, isPrivate);
@@ -12692,9 +12651,6 @@ CK_RV SoftHSM::CreateObject(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTempla
 
 		return rv;
 	}
-	INFO_MSG("checked user credentials OK");
-
-	INFO_MSG("INIT change order of attributes");
 	// Change order of attributes
 	const CK_ULONG maxAttribs = 32;
 	CK_ATTRIBUTE attribs[maxAttribs];
@@ -12710,55 +12666,38 @@ CK_RV SoftHSM::CreateObject(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTempla
 		switch (pTemplate[i].type)
 		{
 			case CKA_CHECK_VALUE:
-				INFO_MSG("CKA_CHECK_VALUE found");
 				saveAttribs[saveAttribsCount++] = pTemplate[i];
 				break;
 			default:
-				INFO_MSG("DEFAULT found");
 				attribs[attribsCount++] = pTemplate[i];
 		}
 	}
 	for (CK_ULONG i=0; i < saveAttribsCount; i++)
-	{
-		INFO_MSG("saveAttrib appended to attribs");
 		attribs[attribsCount++] = saveAttribs[i];
-	}
-	INFO_MSG("END change order of attributes");
-
-	INFO_MSG("objClass = %d, eq CKO_PRIVATE_KEY = %d, eq CKO_PUBLIC_KEY = %d", objClass, objClass == CKO_PRIVATE_KEY, objClass == CKO_PUBLIC_KEY)
 
 	P11Object* p11object = NULL;
 	rv = newP11Object(objClass,keyType,certType,&p11object);
 	if (rv != CKR_OK)
 		return rv;
-	INFO_MSG("created newP11Object OK")
 
 	// Create the object in session or on the token
 	OSObject *object = NULL_PTR;
 	if (isOnToken)
-	{
-		INFO_MSG("try create object on TOKEN")
 		object = (OSObject*) token->createObject();
-	}
 	else
-	{
-		INFO_MSG("try create object on SESSION")
 		object = sessionObjectStore->createObject(slot->getSlotID(), hSession, isPrivate != CK_FALSE);
-	}
 
 	if (object == NULL || !p11object->init(object))
 	{
 		delete p11object;
 		return CKR_GENERAL_ERROR;
 	}
-	INFO_MSG("created object OK")
 
 	rv = p11object->saveTemplate(token, isPrivate != CK_FALSE, attribs,attribsCount,op);
 	delete p11object;
 	if (rv != CKR_OK)
 		return rv;
 
-	INFO_MSG("saveTemplate OK")
 	if (op == OBJECT_OP_CREATE)
 	{
 		if (objClass == CKO_PUBLIC_KEY &&
@@ -12782,14 +12721,11 @@ CK_RV SoftHSM::CreateObject(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTempla
 
 	if (isOnToken)
 	{
-		INFO_MSG("add object on token")
 		*phObject = handleManager->addTokenObject(slot->getSlotID(), isPrivate != CK_FALSE, object);
 	} else {
-		INFO_MSG("add object on session")
 		*phObject = handleManager->addSessionObject(slot->getSlotID(), hSession, isPrivate != CK_FALSE, object);
 	}
 
-	INFO_MSG("END CreateObject");
 	return CKR_OK;
 }
 
@@ -13141,10 +13077,7 @@ CK_RV SoftHSM::getSLHPublicKey(SLHPublicKey* publicKey, Token* token, OSObject*
 		value = key->getByteStringValue(CKA_SLHDSA_PARAMS);
 	}
 
-	INFO_MSG("INIT setDerPublicKey");
 	publicKey->setDerPublicKey(value);
-	INFO_MSG("END setDerPublicKey");
-
 	return CKR_OK;
 }
 
diff --git a/src/lib/crypto/OSSLSLHDSA.cpp b/src/lib/crypto/OSSLSLHDSA.cpp
index 53d6bd1c5..049f9d641 100644
--- a/src/lib/crypto/OSSLSLHDSA.cpp
+++ b/src/lib/crypto/OSSLSLHDSA.cpp
@@ -134,7 +134,6 @@ bool OSSLSLHDSA::verify(PublicKey* publicKey, const ByteString& originalData,
 		       const ByteString& signature, const AsymMech::Type mechanism,
 		       const void* /* param = NULL */, const size_t /* paramLen = 0 */)
 {
-	INFO_MSG("Init verify");
 	if (mechanism != AsymMech::SLHDSA)
 	{
 		ERROR_MSG("Invalid mechanism supplied (%i)", mechanism);
@@ -250,7 +249,6 @@ bool OSSLSLHDSA::generateKeyPair(AsymmetricKeyPair** ppKeyPair, AsymmetricParame
 	SLHParameters* params = (SLHParameters*) parameters;
 
 	const unsigned char* name = params->getName().const_byte_str();
-	INFO_MSG("SLH-DSA name: <%s>", name);
 
 	// Generate the key-pair
 	EVP_PKEY* pkey = NULL;
@@ -258,7 +256,6 @@ bool OSSLSLHDSA::generateKeyPair(AsymmetricKeyPair** ppKeyPair, AsymmetricParame
 	if (ctx == NULL)
 	{
 		ERROR_MSG("Failed to instantiate OpenSSL SLHDSA context");
-
 		return false;
 	}
 	int ret = EVP_PKEY_keygen_init(ctx);
@@ -280,13 +277,8 @@ bool OSSLSLHDSA::generateKeyPair(AsymmetricKeyPair** ppKeyPair, AsymmetricParame
 	// Create an asymmetric key-pair object to return
 	OSSLSLHKeyPair* kp = new OSSLSLHKeyPair();
 
-	INFO_MSG("INIT PublicKey.setFromOSSL");
 	((OSSLSLHPublicKey*) kp->getPublicKey())->setFromOSSL(pkey);
-	INFO_MSG("END PublicKey.setFromOSSL");
-
-	INFO_MSG("INIT Private.setFromOSSL");
 	((OSSLSLHPrivateKey*) kp->getPrivateKey())->setFromOSSL(pkey);
-	INFO_MSG("END Private.setFromOSSL");
 
 	*ppKeyPair = kp;
 
diff --git a/src/lib/crypto/OSSLSLHPrivateKey.cpp b/src/lib/crypto/OSSLSLHPrivateKey.cpp
index 2946ca8d0..043296bc5 100644
--- a/src/lib/crypto/OSSLSLHPrivateKey.cpp
+++ b/src/lib/crypto/OSSLSLHPrivateKey.cpp
@@ -77,7 +77,6 @@ unsigned long OSSLSLHPrivateKey::getOrderLength() const
   size_t name_len = strnlen(name, 100);
   size_t signature_size = 0;
 
-  INFO_MSG("name %s", name);
   if (strncmp(&name[name_len - 4], "128s", 4) == 0) {
     signature_size = 7856;
   } else if (strncmp(&name[name_len - 4], "128f", 4) == 0) {
diff --git a/src/lib/crypto/OSSLSLHPublicKey.cpp b/src/lib/crypto/OSSLSLHPublicKey.cpp
index fc782eb26..cb1790090 100644
--- a/src/lib/crypto/OSSLSLHPublicKey.cpp
+++ b/src/lib/crypto/OSSLSLHPublicKey.cpp
@@ -76,7 +76,6 @@ unsigned long OSSLSLHPublicKey::getOrderLength() const
   size_t name_len = strnlen(name, 100);
   size_t signature_size = 0;
 
-  INFO_MSG("name %s", name);
   if (strncmp(&name[name_len - 4], "128s", 4) == 0) {
     signature_size = 7856;
   } else if (strncmp(&name[name_len - 4], "128f", 4) == 0) {

From ddfc8757fc69f2889cc54ab107701ee9f4de6c1a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jo=C3=A3o=20Henrique?=
 <42558165+JoaoHenrique12@users.noreply.github.com>
Date: Thu, 11 Sep 2025 22:05:45 -0300
Subject: [PATCH 06/21] feat: duplicate eddsa (#2)

* feat: duplicate m4 files, still using NID from EDDSA

Update dockerfile to use --with-slhdsa

* feat: duplicate SLH(Public|Private)Key.(cpp|h)

* feat: duplicate OSSLSLH(Public|Private)Key.(cpp|h)

* feat: duplicate OSSLSLHKeypair.(cpp|h)

* feat: add SLHDSA mech and algo to AsymmetricAlgorithm.h

* feat: duplicate OSSLSLHDSA.(cpp|h)

* feat: duplicate on OSSLCryptoFactory.cpp

* feat: OSSLUtil.(cpp|h), duplication by definition

* feat: add duplicated files to crypto/CMakeLists.txt

* feat: duplicate P11ED(Public|Private)KeyObj for slhdsa

PTAL on EC params, update it later, CKK_EC_EDWARDS

* feat: duplicate softhsm2-util-ossl.(cpp|h)

* feat: duplicate SoftHSM.(cpp|h)

* fix: force disable eddsa to avoid conflict with cases and tables

* fix: compilation error by add crypto/Makefile.am cpp new files

grep -r OSSLEDDSA

* feat: add syslog to container

* fix: key gen on SLH-DSA

* fix: add default log level info

* refactor: use separated pkcs constants (with same value) for slh-dsa

* feat(pkcs11): add ibm implementation to access cryptographic tokens
---
 Dockerfile                             |   18 +-
 hpcs-pkcs11/README.md                  |  130 ++
 hpcs-pkcs11/samples/ep11.h             | 1858 ++++++++++++++++++++++
 hpcs-pkcs11/samples/grep11.h           |   25 +
 hpcs-pkcs11/samples/pkcs11-attrs.c     |  872 +++++++++++
 hpcs-pkcs11/samples/pkcs11-btc.c       |  391 +++++
 hpcs-pkcs11/samples/pkcs11-checksum.c  |  497 ++++++
 hpcs-pkcs11/samples/pkcs11-crypto.c    |  394 +++++
 hpcs-pkcs11/samples/pkcs11-dilithium.c |  213 +++
 hpcs-pkcs11/samples/pkcs11-object.c    |  225 +++
 hpcs-pkcs11/samples/pkcs11-slhdsa.c    |  331 ++++
 hpcs-pkcs11/samples/pkcs11.h           |  265 ++++
 hpcs-pkcs11/samples/pkcs11f.h          |  939 +++++++++++
 hpcs-pkcs11/samples/pkcs11t.h          | 2003 ++++++++++++++++++++++++
 hpcs-pkcs11/samples/sample.h           |   23 +
 m4/acx_crypto_backend.m4               |   30 +
 m4/acx_openssl_slhdsa.m4               |   44 +
 src/bin/dump/tables.h                  |    4 +
 src/bin/util/softhsm2-util-ossl.cpp    |  202 +++
 src/bin/util/softhsm2-util-ossl.h      |   28 +-
 src/lib/P11Objects.cpp                 |   90 ++
 src/lib/P11Objects.h                   |   26 +
 src/lib/SoftHSM.cpp                    |  434 ++++-
 src/lib/SoftHSM.h                      |   18 +
 src/lib/crypto/AsymmetricAlgorithm.h   |    6 +-
 src/lib/crypto/CMakeLists.txt          |    6 +
 src/lib/crypto/Makefile.am             |    6 +
 src/lib/crypto/OSSLCryptoFactory.cpp   |    7 +
 src/lib/crypto/OSSLSLHDSA.cpp          |  495 ++++++
 src/lib/crypto/OSSLSLHDSA.h            |   81 +
 src/lib/crypto/OSSLSLHKeyPair.cpp      |   71 +
 src/lib/crypto/OSSLSLHKeyPair.h        |   67 +
 src/lib/crypto/OSSLSLHPrivateKey.cpp   |  290 ++++
 src/lib/crypto/OSSLSLHPrivateKey.h     |   89 ++
 src/lib/crypto/OSSLSLHPublicKey.cpp    |  258 +++
 src/lib/crypto/OSSLSLHPublicKey.h      |   80 +
 src/lib/crypto/OSSLUtil.cpp            |    2 +-
 src/lib/crypto/OSSLUtil.h              |    4 +-
 src/lib/crypto/SLHPrivateKey.cpp       |  106 ++
 src/lib/crypto/SLHPrivateKey.h         |   82 +
 src/lib/crypto/SLHPublicKey.cpp        |  104 ++
 src/lib/crypto/SLHPublicKey.h          |   75 +
 src/lib/pkcs11/pkcs11.h                |    4 +
 43 files changed, 10882 insertions(+), 11 deletions(-)
 create mode 100644 hpcs-pkcs11/README.md
 create mode 100644 hpcs-pkcs11/samples/ep11.h
 create mode 100644 hpcs-pkcs11/samples/grep11.h
 create mode 100644 hpcs-pkcs11/samples/pkcs11-attrs.c
 create mode 100644 hpcs-pkcs11/samples/pkcs11-btc.c
 create mode 100644 hpcs-pkcs11/samples/pkcs11-checksum.c
 create mode 100644 hpcs-pkcs11/samples/pkcs11-crypto.c
 create mode 100644 hpcs-pkcs11/samples/pkcs11-dilithium.c
 create mode 100644 hpcs-pkcs11/samples/pkcs11-object.c
 create mode 100644 hpcs-pkcs11/samples/pkcs11-slhdsa.c
 create mode 100644 hpcs-pkcs11/samples/pkcs11.h
 create mode 100644 hpcs-pkcs11/samples/pkcs11f.h
 create mode 100644 hpcs-pkcs11/samples/pkcs11t.h
 create mode 100644 hpcs-pkcs11/samples/sample.h
 create mode 100644 m4/acx_openssl_slhdsa.m4
 create mode 100644 src/lib/crypto/OSSLSLHDSA.cpp
 create mode 100644 src/lib/crypto/OSSLSLHDSA.h
 create mode 100644 src/lib/crypto/OSSLSLHKeyPair.cpp
 create mode 100644 src/lib/crypto/OSSLSLHKeyPair.h
 create mode 100644 src/lib/crypto/OSSLSLHPrivateKey.cpp
 create mode 100644 src/lib/crypto/OSSLSLHPrivateKey.h
 create mode 100644 src/lib/crypto/OSSLSLHPublicKey.cpp
 create mode 100644 src/lib/crypto/OSSLSLHPublicKey.h
 create mode 100644 src/lib/crypto/SLHPrivateKey.cpp
 create mode 100644 src/lib/crypto/SLHPrivateKey.h
 create mode 100644 src/lib/crypto/SLHPublicKey.cpp
 create mode 100644 src/lib/crypto/SLHPublicKey.h

diff --git a/Dockerfile b/Dockerfile
index 67435f02a..a2a4e85ac 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -47,14 +47,15 @@ RUN apt update && \
     libcppunit-dev \
     sudo \
     opensc \
-    opensc-pkcs11
+    opensc-pkcs11 \
+    busybox-syslogd
 
 WORKDIR /app
 COPY . /app
 
 RUN sh autogen.sh
 
-RUN ./configure --with-objectstore-backend-db --disable-gost --enable-eddsa --with-crypto-backend=openssl
+RUN ./configure --with-objectstore-backend-db --disable-gost --disable-eddsa --enable-slhdsa --with-crypto-backend=openssl
 
 RUN make
 
@@ -63,7 +64,18 @@ RUN make install
 # If needed, the conf file definitions goes here.
 # about conf file: man softhsm2.conf
 
-RUN mkdir -p /var/lib/softhsm/tokens/
+# Create config dir and log file
+RUN mkdir -p /etc/softhsm /var/lib/softhsm/tokens
+
+# Write softhsm2.conf
+RUN cat > /etc/softhsm2.conf <<'EOF'
+directories.tokendir = /var/lib/softhsm/tokens/
+
+log.level = INFO
+EOF
+
+# INIT SYSLOG
+# syslogd -n -O /var/log/syslog &
 
 RUN softhsm2-util --init-token --slot 0 --label "My SoftHSM Token" --so-pin 0000 --pin 0000
 
diff --git a/hpcs-pkcs11/README.md b/hpcs-pkcs11/README.md
new file mode 100644
index 000000000..028db84be
--- /dev/null
+++ b/hpcs-pkcs11/README.md
@@ -0,0 +1,130 @@
+# Overview
+
+IBM Cloud® Hyper Protect Crypto Services is a dedicated key management service and hardware security module (HSM). This service allows you to take ownership of a cloud HSM to fully manage your encryption keys and to perform cryptographic operations. Hyper Protect Crypto Services is also the only service in the cloud industry that is built on FIPS 140-2 Level 4-certified hardware.
+
+# Installing the PKCS #11 files
+
+The files contained in this repository allow clients to access a cloud HSM via the HPCS service using a PKCS #11 library and its associated configuration file. The files are categorized by *releases*, which can be accessed from the hpcs-pkcs11 repository's [releases URL](https://github.com/IBM-Cloud/hpcs-pkcs11/releases).
+
+**NOTE:** The PKCS #11 library, for both the amd64 and s390x platforms, is currently supported only on Linux (GLIBC distros only, so not compatible with Alpine for now).
+
+There are two files used along with your PKCS #11 application:
+1. The PKCS #11 library:  pkcs11-grep11-**platform**.so.**major.minor.build**
+
+   - **platform** is amd64 or s390x
+  
+   - **major.minor.build** refers to the version of the library
+
+   - **NOTE:** Refer to step 1 of the IBM Cloud HPCS documentation topic, [Set up the PKCS #11 library](https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-set-up-pkcs-api), for instructions on where to place the PKCS #11 library file.
+
+2. The PKCS #11 client configuration file: *grep11client.yaml*
+   - Before you update the configuration file, PKCS #11 users must first be set up. Follow the steps outlined in the IBM Cloud Hyper Protect Crypto Services documentation topic, [Best practices for setting up PKCS #11 user types](https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-best-practice-pkcs11-access#step2-create-service-id-api-key), to complete the PKCS #11 user setup tasks.
+
+   - Changes to the configuration file are needed after you download it. Update the *grep11client.yaml* configuration file by following step 3 of the IBM Cloud Hyper Protect Crypto Services documentation topic: [Set up the PKCS #11 configuration file](https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-set-up-pkcs-api)
+
+   - **NOTE:** The *grep11client.yaml* configuration file must be moved into the same directory as the application (e.g., pkcs11-tool) using the PKCS #11 library or in the directory `/etc/ep11client`.
+
+## Verify the integrity and authenticity of the PKCS #11 library
+
+For maximum security, you can optionally verify the integrity and authenticity of the PKCS #11 library. Hyper Protect Crypto Services enable [signed code verification](https://en.wikipedia.org/wiki/Code_signing) to ensure that the signature matches the original code. If the downloaded PKCS #11 library file is altered or corrupted, a different signature is produced and the verification fails. To make sure the files are not tampered with or corrupted during the download process, complete the following steps by using the [OpenSSL command-line tool](https://wiki.openssl.org/index.php/Binaries).
+
+1. Download the latest version of the following files from the hpcs-pkcs11 repository's [releases URL](https://github.com/IBM-Cloud/hpcs-pkcs11/releases) to the same directory where you store the PKCS #11 library:
+
+    - `pkcs11-grep11-<platform>.so.<version>.sig`: The signed cryptographic hash of the PKCS #11 library, where **platform** is either *amd64* or *s390x*  and **version** is the major.minor.build (e.g., 2.3.4) of the signature file. Both **platform** and **version** must match the respective **platform** and **version** of the PKCS #11 library that is used.
+
+    - `signing_cert.pem`: The signing certificate for the HPCS PKCS #11 files.
+    
+    - `digicert_cert.pem`: An intermediate code signing certificate to prove the Hyper Protect Crypto Services PKCS #11 files signing certificate.
+
+2. Extract the public key from the signing certificate `signing_cert.pem` to the `sigkey.pub` file with the following command by using the OpenSSL command-line tool:
+
+   `openssl x509 -pubkey -noout -in signing_cert.pem -out sigkey.pub`
+
+3. Verify the integrity of the PKCS #11 library file with the following command:
+
+   `openssl dgst -sha256 -verify sigkey.pub -signature pkcs11-grep11-<platform>.so.<version>.sig pkcs11-grep11-<platform>.so.<version>`
+
+   **NOTE:** Replace **platform** with either *amd64* or *s390x* and replace **version** with the major.minor.build (e.g., 2.3.4) of the library.
+
+   When the verification is successful, `Verified OK` is displayed.
+
+4. Verify the authenticity and validity of the signing certificate with the following command:
+
+   `openssl ocsp -no_nonce -issuer digicert_cert.pem -cert signing_cert.pem -VAfile digicert_cert.pem -text -url http://ocsp.digicert.com -respout ocsptest`
+
+   When the verification is successful, `Response verify OK` and `signing_cert.pem: good` are displayed in the output.
+
+5. If the verification fails, cancel the installation and contact [IBM for support](https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-getting-help).
+
+## Initializing the Keystores
+
+Prior to using the PKCS #11 library, the keystores must be initialized. To initialize the keystores, the security officer (SO) user needs to perform a `C_InitToken` operation. Once the keystores have been initialized, normal and anonymous users can proceed with key operations such as `C_GenerateKey` or `C_GenerateKeyPair`.
+
+A keystore becomes an **authenticated keystore** if it is configured with a password. For more details please check [Performing cryptographic operations with the PKCS #11 API](https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-set-up-pkcs-api#step3-setup-configuration-file).
+
+## Getting started
+
+The `samples` directory in this repository contains source code that could be used to test your HPCS instance, the PKCS11 library, and the PKCS11 library's configuration file.  Follow the instructions inside pkcs11-crypto.c to get started.
+
+The sample code performs the following operations:
+
+* Intialize a token
+* Open a session
+* Login as a normal user
+* Create an AES key
+* Create an EC key pair
+* Encrypt data and decrypt data using the AES key
+* Sign and verify data using the EC key pair
+* Logout, close session and finalize
+
+pkcs11-dilithium.c demonstrates how to generate a Dilithium key pair, followed by signing and verifying data using the Dilithium key pair.
+
+# Attributes 
+We support a subset of attributes of the PKCS#11 specification. The following table shows:
+1. Which attributes are allowed to be used for PKCS11 requests (key generation, unwrapping, and key derivation).
+2. Data type of each attribute and the key types that are applicable.
+3. What attributes are generated after key or key pairs are generated.
+
+| Attribute                                                                            | Category | Applies to key types              | Allowed in template | Value type  | Library default | Filled by HPCS | Read only<br>After generation |
+| ------------------------------------------------------------------------------------ | -------- | --------------------------------- | ------------------- | ----------- | --------------- | -------------- | ----------------------------- |
+| CKA\_CLASS                                                                          | 1        | All                               | y                   | Integer     | Depends <sup>[1](#cka-class)</sup>        |                | y                             |
+| CKA\_TOKEN                                                                          | 3        | All                               | y                   | Bool        | FALSE           |                | y                             |
+| CKA\_PRIVATE                                                                        | 3        | All                               | y                   | Bool        | Depends <sup>[2](#cka-private)</sup>        |                | y                             |
+| CKA\_MODIFIABLE                                                                     | 3        | All                               | y                   | Bool        | TRUE            | y              | Read only if FALSE            |
+| CKA\_LABEL                                                                          | 4        | All                               | y                   | Bytes       | empty           |                |                               |
+| CKA\_KEY\_TYPE                                                                       | 1        | All                               | y                   | Integer     |                 |                | y                             |
+| CKA\_ID                                                                              | 4        | All                               | y                   | Bytes       | empty           |                |                               |
+| CKA\_DERIVE                                                                          | 1        | All                               | y                   | Bool        | FALSE           |                |                               |
+| CKA\_LOCAL                                                                           | 1        | All but public key                |                     | Bool        |                 | y              | y                             |
+| CKA\_KEY\_GEN\_MECHANISM                                                             | 2        | All                               |                     | Integer     |                 | y              | y                             |
+| CKA\_GREP11\_WKID                                                                    | 2        | private key<br>secret key         |                     | Big integer |                 | y              | y                             |
+| CKA\_SUBJECT                                                                         | 4        | public key<br>private key         | y                   | Bytes       | empty           |                |                               |
+| CKA\_ENCRYPT<br>CKA\_DECRYPT<br>CKA\_SIGN<br>CKA\_VERIFY<br>CKA\_WRAP<br>CKA\_UNWRAP | 1        | All when allowed <br>by algorithm | y                   | Bool        |                 | y              |                               |
+| CKA\_SENSITIVE                                                                      | 2        | private key<br>secret key         | y                   | Bool        |                 |                | y                             |
+| CKA\_ALWAYS\_SENSITIVE                                                               | 2        | private key<br>secret key         |                     | Bool        |                 | y              | y                             |
+| CKA\_WRAP\_WITH\_TRUSTED                                                             | 1        | private key<br>secret key         | y                   | Bool        | FALSE           | y              |                               |
+| CKA\_EXTRACTABLE                                                                     | 1        | private key<br>secret key         | y                   | Bool        | FALSE           | y              | Read only if FALSE            |
+| CKA\_NEVER\_EXTRACTABLE                                                             | 1        | private key<br>secret key         |                     | Bool        |                 | y              | y                             |
+| CKA\_CHECK\_VALUE                                                                    | 2        | secret key                        |                     | Bytes       |                 | y              | y                             |
+| CKA\_TRUSTED                                                                         | 1        | public key<br>secret key          | y                   | Bool        |                 | y              |                               |
+| CKA\_PUBLIC\_KEY\_INFO                                                               | 2        | public key                        | y                   | Bool        |                 | y              | y                             |
+| CKA\_MODULUS\_BITS                                                                  | 1        | RSA public key                    | y                   | Integer     |                 |                | y                             |
+| CKA\_MODULUS                                                                        | 2        | RSA public key<br>RSA private key |                     | Big integer |                 | y              | y                             |
+| CKA\_PUBLIC\_EXPONENT                                                               | 1        | RSA public key<br>RSA private key | y                   | Big integer |                 |                | y                             |
+| CKA\_EC\_PARAMS                                                                     | 1        | EC public key<br>EC private key   | y                   | Bytes       |                 |                | y                             |
+| CKA\_EC\_POINT                                                                      | 2        | EC public key                     |                     | Bytes       |                 | y              | y                             |
+| CKA\_VALUE\_LEN                                                                      | 1        | Generate secret key<br>AES key    | y                   | integer     |                 |                | y                             |
+| CKA\_IBM\_PQC\_PARAMS                                                               | 1        | Dilithium public key              | y                   | Bytes       |                 |                | y                             |
+
+<a name="cka-class">1</a>. Default value of `CKA_CLASS` is based on mechanisms and key types:
+
+| Function         | Mechanism                                                                                                              | Default value                                                                                  |
+| ---------------- | ---------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------- |
+| GenerateKey      | CKM\_AES\_KEY\_GEN<br>CKM\_DES2\_KEY\_GEN<br>CKM\_DES3\_KEY\_GEN<br>CKM\_GENERIC\_SECRET\_KEY\_GEN                     | CKO\_SECRET\_KEY                                                                               |
+| GenerateKeyPairs | CKM\_EC\_KEY\_PAIR\_GEN<br>CKM\_RSA\_PKCS\_KEY\_PAIR\_GEN<br>CKM\_RSA\_X9\_31\_KEY\_PAIR\_GEN<br>CKM\_IBM\_DILITHIUM                          | CKO\_PUBLIC\_KEY & CKO\_PRIVATE\_KEY                                                           |
+| UnwrapKey        | CKM\_AES\_CBC<br>CKM\_AES\_CBC\_PAD<br>CKM\_DES3\_CBC<br>CKM\_DES3\_CBC\_PAD<br>CKM\_RSA\_PKCS<br>CKM\_RSA\_PKCS\_OAEP | CKO\_SECRET\_KEY if key type is AES, DES2 or DES3. Otherwise, the default is CKO\_PRIVATE\_KEY |
+| DeriveKey        |                                                                                                                        | CKO\_SECRET\_KEY                                                                               |
+
+
+<a name="cka-private">2</a>. Default value of `CKA_PRIVATE` is TRUE if the `Normal user` is logged in, otherwise, it is FALSE
+ 
diff --git a/hpcs-pkcs11/samples/ep11.h b/hpcs-pkcs11/samples/ep11.h
new file mode 100644
index 000000000..d8939f9f8
--- /dev/null
+++ b/hpcs-pkcs11/samples/ep11.h
@@ -0,0 +1,1858 @@
+/*----------------------------------------------------------------------
+ * This EP11 header file is distributed under the following license
+ *
+ * Copyright 2022 IBM Corp. All Rights Reserved
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the copyright holder nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ *----------------------------------------------------------------------
+ *  EP11 service mail address: EP11SUPP@de.ibm.com
+ *
+ *  Use this mail address for Bugs and Comments with the EP11 product.
+ *----------------------------------------------------------------------*/
+
+
+#if !defined(XCP_H__)
+#define XCP_H__ 
+#if !defined(CKR_OK)
+#include "pkcs11.h"
+#endif
+#if !defined(INT64_MIN)
+#error "We need 64-bit <stdint.h> types, please include before this file."
+#endif
+#define MAX_FNAME_CHARS 256
+#define XCP_OK 0
+#define XCP_EINTERNAL -1
+#define XCP_EARG -2
+#define XCP_ETARGET -3
+#define XCP_EMEMORY -4
+#define XCP_EMUTEX -5
+#define XCP_EINIT -6
+#define XCP_EDEVICE -7
+#define XCP_EGROUP -8
+#define XCP_ESIZE -9
+#define XCP_EINVALID -10
+#define XCP_ERESPONSE -11
+#define XCP_EAPI -12
+#define XCP_MOD_EOBSOLETE -101
+#define XCP_MOD_EVERSION -102
+#define XCP_MOD_EFLAGS -103
+#define XCP_MOD_EMODULE -104
+#define XCP_MOD_EDOMAIN -105
+#define XCP_MOD_EINIT -106
+#define XCP_MOD_EPROBE -107
+#define XCP_COMMON_PUBLIC_H__ 
+#define XCP_API_VERSION 0x0810
+#define XCP_API_ORDINAL 0x0004
+#define XCP_HOST_API_VER 0x040000
+#define XCP_HSM_AGENT_ID 0x5843
+#define XCP_HSM_USERDEF32 0x01234567
+#define XCP_API_ALLOW_PROTKEY 0x0004
+typedef enum {
+ XCP_FNVAR_SIZEQUERY = 1,
+ XCP_FNVAR_MULTIDATA = 2,
+ XCP_FNVAR_MULTISIZEQ = 3
+} XCP_FNVariant_t;
+#define CKR_IBM_WKID_MISMATCH (CKR_VENDOR_DEFINED +0x10001)
+#define CKR_IBM_INTERNAL_ERROR (CKR_VENDOR_DEFINED +0x10002)
+#define CKR_IBM_TRANSPORT_ERROR (CKR_VENDOR_DEFINED +0x10003)
+#define CKR_IBM_BLOB_ERROR (CKR_VENDOR_DEFINED +0x10004)
+#define CKR_IBM_BLOBKEY_CONFLICT (CKR_VENDOR_DEFINED +0x10005)
+#define CKR_IBM_MODE_CONFLICT (CKR_VENDOR_DEFINED +0x10006)
+#define CKR_IBM_NONCRT_KEY_SIZE (CKR_VENDOR_DEFINED +0x10008)
+#define CKR_IBM_WK_NOT_INITIALIZED (CKR_VENDOR_DEFINED +0x10009)
+#define CKR_IBM_OA_API_ERROR (CKR_VENDOR_DEFINED +0x1000a)
+#define CKR_IBM_REQ_TIMEOUT (CKR_VENDOR_DEFINED +0x1000b)
+#define CKR_IBM_READONLY (CKR_VENDOR_DEFINED +0x1000c)
+#define CKR_IBM_STATIC_POLICY (CKR_VENDOR_DEFINED +0x1000d)
+#define CKR_IBM_TRANSPORT_LIMIT (CKR_VENDOR_DEFINED +0x10010)
+#define CKR_IBM_FCV_NOT_SET (CKR_VENDOR_DEFINED +0x10011)
+#define CKR_IBM_PERF_CATEGORY_INVALID (CKR_VENDOR_DEFINED +0x10012)
+#define CKR_IBM_API_MISMATCH (CKR_VENDOR_DEFINED +0x10013)
+#define CKR_IBM_TARGET_INVALID (CKR_VENDOR_DEFINED +0x10030)
+#define CKR_IBM_PQC_PARAMS_NOT_SUPPORTED (CKR_VENDOR_DEFINED +0x10031)
+#define CKR_IBM_ERROR_STATE (CKR_VENDOR_DEFINED +0x10101)
+#define CKM_IBM_SHA3_224 (CKM_VENDOR_DEFINED +0x10001)
+#define CKM_IBM_SHA3_256 (CKM_VENDOR_DEFINED +0x10002)
+#define CKM_IBM_SHA3_384 (CKM_VENDOR_DEFINED +0x10003)
+#define CKM_IBM_SHA3_512 (CKM_VENDOR_DEFINED +0x10004)
+#define CKM_IBM_CMAC (CKM_VENDOR_DEFINED +0x10007)
+#define CKM_IBM_ECDSA_SHA224 (CKM_VENDOR_DEFINED +0x10008)
+#define CKM_IBM_ECDSA_SHA256 (CKM_VENDOR_DEFINED +0x10009)
+#define CKM_IBM_ECDSA_SHA384 (CKM_VENDOR_DEFINED +0x1000a)
+#define CKM_IBM_ECDSA_SHA512 (CKM_VENDOR_DEFINED +0x1000b)
+#define CKM_IBM_EC_MULTIPLY (CKM_VENDOR_DEFINED +0x1000c)
+#define CKM_IBM_EAC (CKM_VENDOR_DEFINED +0x1000d)
+#define XCP_EAC_NONCE_MAX_BYTES 64
+#define XCP_EAC_INFO_MAX_BYTES 64
+typedef enum {
+ EACV_IBM_KEK_V101 = 1,
+ EACV_IBM_MACK_V101 = 2,
+ EACV_IBM_PWD_V200 = 3,
+ EACV_IBM_HKDF = 4,
+ EACV_IBM_BCHAIN_TCERT0
+                    = 5
+} EAC_Var_t;
+#define CKM_IBM_TESTCODE (CKM_VENDOR_DEFINED +0x1000e)
+#define CKM_IBM_SHA512_256 (CKM_VENDOR_DEFINED +0x10012)
+#define CKM_IBM_SHA512_224 (CKM_VENDOR_DEFINED +0x10013)
+#define CKM_IBM_SHA512_256_HMAC (CKM_VENDOR_DEFINED +0x10014)
+#define CKM_IBM_SHA512_224_HMAC (CKM_VENDOR_DEFINED +0x10015)
+#define CKM_IBM_EC_X25519 (CKM_VENDOR_DEFINED +0x1001b)
+#define CKM_IBM_ED25519_SHA512 (CKM_VENDOR_DEFINED +0x1001c)
+#define CKM_IBM_EC_X448 (CKM_VENDOR_DEFINED +0x1001e)
+#define CKM_IBM_ED448_SHA3 (CKM_VENDOR_DEFINED +0x1001f)
+#define CKM_IBM_SIPHASH (CKM_VENDOR_DEFINED +0x10021)
+#define CKM_IBM_DILITHIUM (CKM_VENDOR_DEFINED +0x10023)
+#define CKM_IBM_KYBER (CKM_VENDOR_DEFINED +0x10024)
+#define CKM_IBM_SHA3_224_HMAC (CKM_VENDOR_DEFINED +0x10025)
+#define CKM_IBM_SHA3_256_HMAC (CKM_VENDOR_DEFINED +0x10026)
+#define CKM_IBM_SHA3_384_HMAC (CKM_VENDOR_DEFINED +0x10027)
+#define CKM_IBM_SHA3_512_HMAC (CKM_VENDOR_DEFINED +0x10028)
+#define CKM_IBM_EC_X25519_RAW (CKM_VENDOR_DEFINED +0x10029)
+#define CKM_IBM_EC_X448_RAW (CKM_VENDOR_DEFINED +0x10030)
+#define CKM_IBM_ECDSA_OTHER (CKM_VENDOR_DEFINED +0x10031)
+typedef enum {
+ ECSG_IBM_ECSDSA_S256 = 3,
+ ECSG_IBM_ECSDSA_COMPR_MULTI = 5,
+ ECSG_IBM_MAX = ECSG_IBM_ECSDSA_COMPR_MULTI,
+} ECSG_Var_t;
+#define CK_IBM_ECSG_IBM_ECSDSA_S256 ECSG_IBM_ECSDSA_S256
+#define CK_IBM_ECSG_IBM_ECDSA_COMPR_MULTI_S256 ECSG_IBM_ECDSA_COMPR_MULTI_S256
+#define CK_IBM_ECSG_IBM_MAX ECSG_IBM_MAX
+#define CKM_IBM_CLEARKEY_TRANSPORT (CKM_VENDOR_DEFINED +0x20001)
+#define CKM_IBM_ATTRIBUTEBOUND_WRAP (CKM_VENDOR_DEFINED +0x20004)
+#define CKM_IBM_TRANSPORTKEY (CKM_VENDOR_DEFINED +0x20005)
+#define CKM_IBM_DH_PKCS_DERIVE_RAW (CKM_VENDOR_DEFINED +0x20006)
+#define CKM_IBM_ECDH1_DERIVE_RAW (CKM_VENDOR_DEFINED +0x20007)
+#define CKM_IBM_WIRETEST (CKM_VENDOR_DEFINED +0x30004)
+#define CKM_IBM_RETAINKEY (CKM_VENDOR_DEFINED +0x40001)
+#define CKM_IBM_CPACF_WRAP (CKM_VENDOR_DEFINED +0x60001)
+#define CKM_IBM_BTC_DERIVE (CKM_VENDOR_DEFINED +0x70001)
+#define CKA_IBM_RESTRICTABLE (CKA_VENDOR_DEFINED +0x10001)
+#define CKA_IBM_NEVER_MODIFIABLE (CKA_VENDOR_DEFINED +0x10002)
+#define CKA_IBM_RETAINKEY (CKA_VENDOR_DEFINED +0x10003)
+#define CKA_IBM_ATTRBOUND (CKA_VENDOR_DEFINED +0x10004)
+#define CKA_IBM_KEYTYPE (CKA_VENDOR_DEFINED +0x10005)
+#define CKA_IBM_CV (CKA_VENDOR_DEFINED +0x10006)
+#define CKA_IBM_MACKEY (CKA_VENDOR_DEFINED +0x10007)
+#define CKA_IBM_USE_AS_DATA (CKA_VENDOR_DEFINED +0x10008)
+#define CKA_IBM_STRUCT_PARAMS (CKA_VENDOR_DEFINED +0x10009)
+#define CKA_IBM_STD_COMPLIANCE1 (CKA_VENDOR_DEFINED +0x1000a)
+#define CKA_IBM_PROTKEY_EXTRACTABLE (CKA_VENDOR_DEFINED +0x1000c)
+#define CKA_IBM_PROTKEY_NEVER_EXTRACTABLE (CKA_VENDOR_DEFINED +0x1000d)
+#define CKA_IBM_PQC_PARAMS (CKA_VENDOR_DEFINED +0x1000e)
+#define CKA_IBM_LOGIN_SESSION (CKA_VENDOR_DEFINED +0x1000f)
+#define CKA_IBM_MACED_PUBLIC_KEY_INFO (CKA_VENDOR_DEFINED +0x20002)
+#define CKA_IBM_WIRETEST (CKA_VENDOR_DEFINED +0x20001)
+#define CKK_IBM_PQC_DILITHIUM (CKK_VENDOR_DEFINED +0x10023)
+#define CKK_IBM_PQC_KYBER (CKK_VENDOR_DEFINED +0x10024)
+#define XCP_MOD_ERROR_STATE_OFF 0x00000000
+#define XCP_MOD_ERROR_STATE_MODULE_SELFTEST 0x00000001
+#define XCP_MOD_ERROR_STATE_KEYPAIR_GEN_PCT 0x00000002
+#define XCP_MOD_ERROR_STATE_SYSTEST_CMD 0x00000003
+#define XCP_MOD_ERROR_STATE_TRNG_HEALTH 0x00000004
+#define XCP_HMAC_BYTES ((size_t) (256 /8))
+#define XCP_FWID_BYTES ((size_t) (256 /8))
+#define XCP_WK_BYTES ((size_t) (256 /8))
+#define XCP_WKID_BYTES ((size_t) (128 /8))
+#define XCP_BLOBCLRATTR_BYTES 8
+#define XCP_BLOBCLRMODE_BYTES 8
+#define XCP_WRAP_BLOCKSIZE ((size_t) (128 /8))
+#define XCP_MACKEY_BYTES (256 /8)
+#define XCP_PIN_SALT_BYTES XCP_WRAP_BLOCKSIZE
+#define XCP_PINBLOB_BYTES \
+        (XCP_WK_BYTES +XCP_PIN_SALT_BYTES +XCP_HMAC_BYTES)
+#define XCP_PBE_TYPE_CLEAR 0
+#define XCP_PBE_TYPE_BLOB 1
+#define XCP_PBE_TYPE_MAX (XCP_PBE_TYPE_BLOB)
+#define XCP_PBE_HDR_BYTES 16
+#define XCP_PBE_PWD_MAX_BYTES 1024
+#define XCP_PBE_SALT_MAX_BYTES 256
+#define XCP_MECH_WIRE_PRM_BYTES ((size_t) 4)
+#define XCP_MECH_PRM_MAX_BYTES \
+        (XCP_MECH_WIRE_PRM_BYTES +XCP_PBE_HDR_BYTES \
+         +XCP_PBE_PWD_MAX_BYTES +XCP_PBE_SALT_MAX_BYTES)
+#define XCP_WIRE_FILEHDR_BYTES ((size_t) (4+4+4))
+#define XCP_PBE_ITER_MAX (64*1024)
+#define XCP_CSP_CONFIG_BYTES 40
+#define XCP_SESSIONBLOB_SALT_BYTES 16
+#define XCP_SESSIONBLOB_BYTES \
+         (XCP_WK_BYTES +XCP_SESSIONBLOB_SALT_BYTES +XCP_HMAC_BYTES)
+#define XCP_SIZEQ_WIRE_BYTES 8
+#define XCP_PSS_WIRE_BYTES (4+4+4)
+#define XCP_PSS_DEFAULT_VALUE 0xffffffff
+#define XCP_OAEP_MIN_WIRE_BYTES (4+4+4)
+#define XCP_OAEP_MAX_SOURCE_BYTES 1024
+#define XCP_SHAKE_WIRE_BYTES 4
+#define XCP_ECDH1_DERIVE_MIN_WIRE_BYTES (4+4+4)
+#define XCP_BTC_MIN_WIRE_BYTES (4+4+4+4)
+#define XCP_BIP0032_CHAINCODE_BYTES 32
+#define XCP_BTC_VERSION 1
+#define XCP_KYBER_KEM_VERSION 0
+#define XCP_KYBER_KEM_MIN_WIRE_BYTES (4 + 4 + 4 + 4 + 4 + 4)
+#define XCP_KYBER_RAW_BYTES 32
+#define XCP_ECDH1_DERIVE_MAX_PUBLIC_BYTES 1024
+#define XCP_ECDH1_DERIVE_MAX_SHARED_BYTES 1024
+#define XCP_RETAINID_BYTES (XCP_HMAC_BYTES +XCP_HMAC_BYTES)
+#define XCP_RETAINLABEL_BYTES ((size_t) 64)
+#define XCP_RETAINID_SHORT_BYTES 4
+typedef enum {
+ CKF_IBM_HW_EXTWNG = 1,
+ CKF_IBM_HW_ATTEST = 2,
+ CKF_IBM_HW_BATTERY = 4,
+ CKF_IBM_HW_SYSTEST = 8,
+ CKF_IBM_HW_RETAIN = 0x10,
+ CKF_IBM_HW_AUDIT = 0x40,
+ CKF_IBM_HW_ADM_DOMIMPORT
+                    = 0x0200,
+ CKF_IBM_HW_PROTKEY_TOLERATION
+                    = 0x0400,
+ CKF_IBM_HW_DUAL_OA = 0x1000,
+} XCP_CK_EXTFLAGS_t;
+#define XCP_MAX_MODULES 256
+#define XCP_SERIALNR_CHARS 8
+#define XCP_DOMAIN_INSTANCE_BYTES 4
+#define XCP_WRAPKEY_BYTES 32
+#define XCP_SPKISALT_BYTES 8
+#define XCP_DOMAINS 256
+#define XCP_DOMAIN_BYTES 4
+#define XCP_MAX_ADMINS 8
+#define XCP_MAX_KEYPARTS 20
+#define XCP_MIN_PINBYTES 8
+#define XCP_MAX_PINBYTES 16
+#define XCP_CERT_MAX_BYTES ((size_t) 12288)
+#define XCP_CERTHASH_BYTES (256/8)
+#define XCP_ADMCTR_BYTES ((size_t) (128/8))
+#define XCP_KEYCSUM_BYTES (256/8)
+#define XCP_MAX_EC_COORD_BYTES ((size_t) 66)
+#define XCP_MIN_EC_CURVE_BITS 192
+#define XCP_MAX_EC_CURVE_BITS 521
+#define XCP_MAX_DIL_SIGNATURE_BYTES 4668
+#define XCP_MAX_SINFO_META_BYTES 100
+#define MOD_MAX_SYMMKEY_BYTES 256
+#define XCP_FCV_PUBLIC_BYTES ((size_t) 76)
+typedef enum {
+ XCP_FCV_RSA_BYTES = (76+ 4096/8),
+ XCP_FCV_EC_BYTES = (76+ 2*66),
+ XCP_FCV_MAX_BYTES = XCP_FCV_RSA_BYTES
+} XCP_FCV_Bytes_t;
+#define PKCS11_CHECKSUM_BYTES ((size_t) 3)
+#define XCP_KEYBITS_FIELD_BYTES ((size_t) 4)
+#define XCP_RSPSIG_RSA (4096 / 8)
+#define XCP_RSPSIG_MAX_BYTES (XCP_MAX_SINFO_META_BYTES + \
+                                  XCP_RSPSIG_RSA)
+#define XCP_RSPSIG_QS_MAX_BYTES (XCP_MAX_SINFO_META_BYTES + \
+                                  XCP_MAX_DIL_SIGNATURE_BYTES)
+#define XCP_RSA_PKCS_MIN_PAD 11
+#define XCP_LOG_STATE_BYTES (256 /8)
+#define XCP_LOG_HEADER_BYTE 0x42
+#define XCP_LOGEV_SPEC (0xffff0000)
+#define XCP_LOGEV_QUERY 0
+#define XCP_LOGEV_FUNCTION 1
+#define XCP_LOGEV_ADMFUNCTION 2
+#define XCP_LOGEV_STARTUP 3
+#define XCP_LOGEV_SHUTDOWN 4
+#define XCP_LOGEV_SELFTEST 5
+#define XCP_LOGEV_DOM_IMPORT 6
+#define XCP_LOGEV_DOM_EXPORT 7
+#define XCP_LOGEV_FAILURE 8
+#define XCP_LOGEV_GENERATE 9
+#define XCP_LOGEV_REMOVE 10
+#define XCP_LOGEV_SPECIFIC 11
+#define XCP_LOGEV_STATE_IMPORT 12
+#define XCP_LOGEV_STATE_EXPORT 13
+#define XCP_LOGEV_IMPORT 14
+#define XCP_LOGEV_EXPORT 15
+#define XCP_LOGSPEV_TRANSACT_ZEROIZE (XCP_LOGEV_SPEC +1)
+#define XCP_LOGSPEV_KAT_FAILED (XCP_LOGEV_SPEC +2)
+#define XCP_LOGSPEV_KAT_COMPLETED (XCP_LOGEV_SPEC +3)
+#define XCP_LOGSPEV_EARLY_Q_START (XCP_LOGEV_SPEC +4)
+#define XCP_LOGSPEV_EARLY_Q_END (XCP_LOGEV_SPEC +5)
+#define XCP_LOGSPEV_AUDIT_NEWCHAIN (XCP_LOGEV_SPEC +6)
+#define XCP_LOGSPEV_TIMECHG_BEFORE (XCP_LOGEV_SPEC +7)
+#define XCP_LOGSPEV_TIMECHG_AFTER (XCP_LOGEV_SPEC +8)
+#define XCP_LOGSPEV_MODSTIMPORT_START (XCP_LOGEV_SPEC +9)
+#define XCP_LOGSPEV_MODSTIMPORT_FAIL (XCP_LOGEV_SPEC +10)
+#define XCP_LOGSPEV_MODSTIMPORT_END (XCP_LOGEV_SPEC +11)
+#define XCP_LOGSPEV_MODSTEXPORT_START (XCP_LOGEV_SPEC +12)
+#define XCP_LOGSPEV_MODSTEXPORT_FAIL (XCP_LOGEV_SPEC +13)
+typedef enum {
+ XCP_LOGSYS_AUDIT = 1,
+ XCP_LOGSYS_CRYPTTEST = 2,
+ XCP_LOGSYS_SELFTEST = 3,
+ XCP_LOGSYS_FULL = 4,
+ XCP_LOGSYS_WK = 5,
+ XCP_LOGSYS_STATE = 6
+} XCP_LogSystem_t;
+#define XCP_LOGFL_WK_PRESENT 0x80000000
+#define XCP_LOGFL_COMPLIANCE_PRESENT 0x40000000
+#define XCP_LOGFL_FINALWK_PRESENT 0x20000000
+#define XCP_LOGFL_KEYREC0_PRESENT 0x10000000
+#define XCP_LOGFL_KEYREC0_COMPL 0x08000000
+#define XCP_LOGFL_KEYREC1_PRESENT 0x04000000
+#define XCP_LOGFL_KEYREC2_PRESENT 0x02000000
+#define XCP_LOGFL_FINTIME_PRESENT 0x01000000
+#define XCP_LOGFL_SALT0_PRESENT 0x00800000
+#define XCP_LOGFL_SALT1_PRESENT 0x00400000
+#define XCP_LOGFL_SALT2_PRESENT 0x00200000
+#define XCP_LOGFL_REASON_PRESENT 0x00100000
+#define XCP_LOGFL_SEQPRF_PRESENT 0x00080000
+typedef enum {
+ XCP_IMPRKEY_RSA_2048 = 0,
+ XCP_IMPRKEY_RSA_4096 = 1,
+ XCP_IMPRKEY_EC_P256 = 2,
+ XCP_IMPRKEY_EC_P521 = 3,
+ XCP_IMPRKEY_EC_BP256r = 4,
+ XCP_IMPRKEY_EC_BP320r = 5,
+ XCP_IMPRKEY_EC_BP512r = 6,
+ XCP_IMPRKEY_RSA_3072 = 7,
+ XCP_IMPRKEY_EC_P521_TKE = 8,
+ XCP_IMPRKEY_MAX = XCP_IMPRKEY_EC_P521_TKE
+} XCP_IMPRKEY_t;
+typedef enum {
+ XCP_OAKEY_RSA_4096 = 1,
+ XCP_OAKEY_ECC_P521 = 2,
+ XCP_OAKEY_DIL_87R2 = 3,
+ XCP_OAKEY_MAX = XCP_OAKEY_DIL_87R2
+} XCP_OAKEY_t;
+typedef struct CK_RETAINEDKEY_PARAMS {
+ CK_ULONG credits;
+ CK_VOID_PTR rkData;
+ CK_ULONG rkdLen;
+} CK_RETAINEDKEY_PARAMS;
+typedef enum {
+ XCP_OPCAT_ASYMM_SLOW = 1,
+ XCP_OPCAT_ASYMM_FAST = 2,
+ XCP_OPCAT_SYMM_PARTIAL = 3,
+ XCP_OPCAT_SYMM_FULL = 4,
+ XCP_OPCAT_ASYMM_GEN = 5,
+ XCP_OPCAT_ASYMM_MAX = XCP_OPCAT_ASYMM_GEN
+} XCP_OPCAT_t;
+typedef enum {
+ CK_IBM_XCPQ_API = 0,
+ CK_IBM_XCPQ_MODULE = 1,
+ CK_IBM_XCPQ_DOMAINS = 2,
+ CK_IBM_XCPQ_DOMAIN = 3,
+ CK_IBM_XCPQ_SELFTEST = 4,
+ CK_IBM_XCPQ_EXT_CAPS = 5,
+ CK_IBM_XCPQ_EXT_CAPLIST = 6,
+ CK_IBM_XCPQ_AUDITLOG = 8,
+ CK_IBM_XCPQ_EC_CURVES = 10,
+ CK_IBM_XCPQ_COMPAT = 11,
+ CK_IBM_XCPQ_EC_CURVEGRPS
+                         = 12,
+ CK_IBM_XCPQ_CP_BLACKLIST
+                         = 13,
+        CK_IBM_XCPQ_PQC_STRENGTHS
+                                = 14,
+ CK_IBM_XCPQ_MAX = CK_IBM_XCPQ_PQC_STRENGTHS
+} CK_IBM_XCPQUERY_t;
+typedef enum {
+ CK_IBM_XCPMSQ_DEFAULT = 0,
+ CK_IBM_XCPMSQ_DESCRTEXT = 1,
+ CK_IBM_XCPMSQ_FNLIST = 2,
+ CK_IBM_XCPMSQ_FNS = 3,
+ CK_IBM_XCPMSQ_MOD_V1 = 4,
+ CK_IBM_XCPMSQ_ATTRLIST = 5,
+ CK_IBM_XCPMSQ_ATTRS = 6,
+ CK_IBM_XCPMSQ_MOD_V2 = 7,
+ CK_IBM_XCPMSQ_MAX = CK_IBM_XCPMSQ_MOD_V2
+} CK_IBM_XCPMSUBQUERY_t;
+#define XCP_MSQ_FNLIST_SIZE 16
+#define XCP_XCPMSQ_FNS_SIZE 1
+#define CK_IBM_XCP_HOSTQ_IDX 0xff000000
+#define CK_IBM_XCPHQ_COUNT 0xff000000
+#define CK_IBM_XCPHQ_VERSION 0xff000001
+#define CK_IBM_XCPHQ_VERSION_HASH 0xff000002
+#define CK_IBM_XCPHQ_DIAGS 0xff000003
+#define CK_IBM_XCPHQ_HVERSION 0xff000004
+#define CK_IBM_XCPHQ_TGT_MODE 0xff000005
+#define CK_IBM_XCPHQ_ECDH_DERPRM 0xff000006
+#define CK__IBM_XCPHQ_MAX CK_IBM_XCPHQ_TGT_MODE
+typedef enum {
+ CK_IBM_XCPHQ_TGT_MODES_TGTGRP = 1,
+ CK_IBM_XCPHQ_TGT_MODES_MAX = CK_IBM_XCPHQ_TGT_MODES_TGTGRP
+} CK_IBM_XCPHQ_TGT_MODES_t;
+typedef enum {
+ CK_IBM_XCPXQ_AUDIT_EV_BYTES = 2,
+ CK_IBM_XCPXQ_AUDIT_ENTRIES = 3,
+ CK_IBM_XCPXQ_DEBUGLVL_MAX = 4,
+ CK_IBM_XCPXQ_ERRINJECT_FREQ = 5,
+ CK_IBM_XCPXQ_MULTIDATA_N = 6,
+ CK_IBM_XCPXQ_IMPEXP_CAPS = 7,
+ CK_IBM_XCPXQ_CERT_MAXBYTES = 8,
+ CK_IBM_XCPXQ_MOD_COUNTERS = 9,
+ CK_IBM_XCPXQ_MAX_SESSIONS = 12,
+ CK_IBM_XCPXQ_AVAIL_SESSIONS = 13,
+ CK_IBM_XCPXQ_BTC_CAP = 14,
+ CK_IBM_XCPXQ_ECDSA_OTHER = 15,
+ CK_IBM_XCPXQ_OA_CAP = 16,
+ CK_IBM_XCPXQ_MAXIDX = CK_IBM_XCPXQ_OA_CAP,
+} CK_IBM_XCPEXTCAP_t;
+#define CK_IBM_DOM_ADMIND 1
+#define CK_IBM_DOM_CURR_WK 2
+#define CK_IBM_DOM_NEXT_WK 4
+#define CK_IBM_DOM_COMMITTED_NWK 8
+#define CK_IBM_DOM_IMPRINTED 0x10
+#define CK_IBM_DOM_IMPRINTS 0x80000000
+#define CK_IBM_DOM_PROTKEY_ALLOW 0x20
+#define CK_IBM_DOM_ACTIVE \
+        (CK_IBM_DOM_ADMIND | \
+         CK_IBM_DOM_CURR_WK | \
+         CK_IBM_DOM_NEXT_WK | \
+         CK_IBM_DOM_COMMITTED_NWK | \
+         CK_IBM_DOM_IMPRINTED)
+typedef enum {
+ CK_IBM_ECCURVE_NIST = 1,
+ CK_IBM_ECCURVE_BPOOL = 2,
+ CK_IBM_ECCURVE_S256K1 = 4,
+ CK_IBM_ECCURVE_25519 = 8,
+ CK_IBM_ECCURVE_ED448 = 0x20,
+} CK_IBM_ECCURVEQ_t;
+typedef struct CK_IBM_XCPAPI_INFO {
+ CK_ULONG firmwareApi;
+ CK_ULONG firmwareConfig;
+} CK_IBM_XCPAPI_INFO;
+typedef CK_IBM_XCPAPI_INFO CK_PTR CK_IBM_XCPAPI_INFO_PTR;
+#define CK_IBM_XCP_INFO_MEMBERS_V0 \
+ CK_ULONG firmwareApi; \
+                                                                        \
+ CK_ULONG firmwareId; \
+ CK_VERSION firmwareVersion; \
+ CK_VERSION cspVersion; \
+                                                                        \
+ CK_BYTE firmwareConfig[ 32 ]; \
+ CK_BYTE xcpConfig[ 32 ]; \
+ CK_BYTE cspConfig[ 32 ]; \
+ CK_CHAR serialNumber[ 16 ]; \
+ CK_CHAR utcTime[ 16 ]; \
+ CK_ULONG opMode2; \
+ CK_ULONG opMode1; \
+ CK_FLAGS flags; \
+ CK_FLAGS extflags; \
+ CK_ULONG domains; \
+ CK_ULONG symmStateBytes; \
+ CK_ULONG digestStateBytes; \
+ CK_ULONG pinBlockBytes; \
+ CK_ULONG symmKeyBytes; \
+ CK_ULONG spkiBytes; \
+ CK_ULONG prvkeyBytes; \
+ CK_ULONG maxPayloadBytes; \
+ CK_ULONG cpProfileBytes; \
+ CK_ULONG controlPoints;
+#define CK_IBM_XCP_DESCINFO_MEMBER \
+ CK_CHAR manufacturerID[ 32 ]; \
+ CK_CHAR model[ 16 ];
+#define CK_IBM_XCP_ADMATTRLIST_MEMBER \
+ CK_BYTE perm_modes[ 8 ]; \
+ CK_BYTE infra_modes[ 8 ]; \
+ CK_BYTE comp_modes[ 8 ];
+#define CK_IBM_XCP_ADMATTRCOUNT_MEMBER \
+ CK_BYTE perm_count; \
+ CK_BYTE infra_count; \
+ CK_BYTE comp_count;
+#define CK_IBM_XCP_ADMATTRLIST_MEMBER_V2 \
+ CK_BYTE perm_ext01_modes[ 8 ];
+#define CK_IBM_XCP_ADMATTRCOUNT_MEMBER_V2 \
+ CK_BYTE perm_ext01_count;
+typedef struct CK_IBM_XCP_INFO {
+ CK_IBM_XCP_INFO_MEMBERS_V0
+} CK_IBM_XCP_INFO;
+typedef struct CK_IBM_XCP_INFO_V1 {
+ CK_IBM_XCP_INFO_MEMBERS_V0
+ CK_IBM_XCP_DESCINFO_MEMBER
+ CK_BYTE fnid_mask[ 16 ];
+ CK_BYTE fnid_count;
+ CK_IBM_XCP_ADMATTRLIST_MEMBER
+ CK_IBM_XCP_ADMATTRCOUNT_MEMBER
+} CK_IBM_XCP_INFO_V1;
+typedef struct CK_IBM_XCP_INFO_V2 {
+ CK_IBM_XCP_INFO_MEMBERS_V0
+ CK_IBM_XCP_DESCINFO_MEMBER
+ CK_BYTE fnid_mask[ 16 ];
+ CK_BYTE fnid_count;
+ CK_IBM_XCP_ADMATTRLIST_MEMBER
+ CK_IBM_XCP_ADMATTRCOUNT_MEMBER
+ CK_IBM_XCP_ADMATTRLIST_MEMBER_V2
+ CK_IBM_XCP_ADMATTRCOUNT_MEMBER_V2
+} CK_IBM_XCP_INFO_V2;
+typedef struct CK_IBM_XCP_DESCINFO {
+ CK_IBM_XCP_DESCINFO_MEMBER
+} CK_IBM_XCP_DESCINFO;
+typedef struct CK_IBM_XCP_ATTRLIST {
+ CK_IBM_XCP_ADMATTRLIST_MEMBER
+ CK_IBM_XCP_ADMATTRLIST_MEMBER_V2
+} CK_IBM_XCP_ATTRLIST;
+typedef struct CK_IBM_XCP_ATTRCOUNT {
+ CK_IBM_XCP_ADMATTRCOUNT_MEMBER
+ CK_IBM_XCP_ADMATTRCOUNT_MEMBER_V2
+} CK_IBM_XCP_ATTRCOUNT;
+#define CK_IBM_XCP_INFO_INIT0 \
+        { 0,0, {0,0,},{0,0,}, {0,},{0,},{0,}, {0,},{0,}, \
+          0,0, 0,0, 0,0,0,0,0,0,0, 0,0,0, }
+#define CK_IBM_XCP_INFO_V2_INIT0 \
+        { 0,0, {0,0,},{0,0,}, {0,},{0,},{0,}, {0,},{0,}, \
+          0,0, 0,0, 0,0,0,0,0,0,0, 0,0,0, \
+          {0}, {0}, {0}, 0, {0}, {0}, {0}, 0, 0, 0, \
+          {0}, 0}
+typedef CK_IBM_XCP_INFO CK_PTR CK_IBM_XCP_INFO_PTR;
+typedef CK_IBM_XCP_INFO_V1 CK_PTR CK_IBM_XCP_INFO_V1_PTR;
+typedef CK_IBM_XCP_INFO_V2 CK_PTR CK_IBM_XCP_INFO_V2_PTR;
+typedef CK_IBM_XCP_DESCINFO CK_PTR CK_IBM_XCP_DESCINFO_PTR;
+typedef CK_IBM_XCP_ATTRLIST CK_PTR CK_IBM_XCP_ATTRLIST_PTR;
+typedef CK_IBM_XCP_ATTRCOUNT CK_PTR CK_IBM_XCP_ATTRCOUNT_PTR;
+typedef struct CK_IBM_DOMAIN_INFO {
+ CK_ULONG domain;
+ CK_BYTE wk[ XCP_KEYCSUM_BYTES ];
+ CK_BYTE nextwk[ XCP_KEYCSUM_BYTES ];
+ CK_ULONG flags;
+ CK_BYTE mode[ 8 ];
+} CK_IBM_DOMAIN_INFO;
+#define CK_IBM_DOMAIN_INFO_INIT0 { 0, { 0, }, { 0, }, 0, { 0, } }
+typedef CK_IBM_DOMAIN_INFO CK_PTR CK_IBM_DOMAIN_INFO_PTR;
+typedef struct CK_IBM_BTC_DERIVE_PARAMS {
+ CK_ULONG type;
+ CK_ULONG childKeyIndex;
+ CK_BYTE_PTR pChainCode;
+ CK_ULONG ulChainCodeLen;
+ CK_ULONG version;
+} CK_IBM_BTC_DERIVE_PARAMS;
+typedef CK_IBM_BTC_DERIVE_PARAMS CK_PTR CK_IBM_BTC_DERIVE_PARAMS_PTR;
+#define CK_IBM_BIP0032_HARDENED (0x80000000)
+typedef enum {
+ CK_IBM_BIP0032_PRV2PRV = 1,
+ CK_IBM_BIP0032_PRV2PUB = 2,
+ CK_IBM_BIP0032_PUB2PUB = 3,
+ CK_IBM_BIP0032_MASTERK = 4,
+ CK_IBM_SLIP0010_PRV2PRV = 5,
+ CK_IBM_SLIP0010_PRV2PUB = 6,
+ CK_IBM_SLIP0010_PUB2PUB = 7,
+ CK_IBM_SLIP0010_MASTERK = 8,
+} CK_IBM_BTC_t;
+typedef enum {
+ XCP_KEM_ENCAPSULATE = 1,
+ XCP_KEM_DECAPSULATE = 2,
+} XCP_KEM_t;
+typedef CK_ULONG CK_IBM_KEM_MODE;
+#define CK_IBM_KEM_ENCAPSULATE XCP_KEM_ENCAPSULATE
+#define CK_IBM_KEM_DECAPSULATE XCP_KEM_DECAPSULATE
+typedef struct XCP_KYBER_KEM_PARAMS {
+ CK_ULONG version;
+ CK_IBM_KEM_MODE mode;
+ CK_ULONG kdf;
+ CK_BBOOL prepend;
+ CK_BYTE *pCipher;
+ CK_ULONG ulCipherLen;
+ CK_BYTE *pSharedData;
+ CK_ULONG ulSharedDataLen;
+ CK_BYTE *pBlob;
+ CK_ULONG ulBlobLen;
+} XCP_KYBER_KEM_PARAMS_t;
+typedef enum {
+ XCP_BLOB_EXTRACTABLE = 1,
+ XCP_BLOB_NEVER_EXTRACTABLE = 2,
+ XCP_BLOB_MODIFIABLE = 4,
+ XCP_BLOB_NEVER_MODIFIABLE = 8,
+ XCP_BLOB_RESTRICTABLE = 0x10,
+ XCP_BLOB_LOCAL = 0x20,
+ XCP_BLOB_ATTRBOUND = 0x40,
+ XCP_BLOB_USE_AS_DATA = 0x80,
+ XCP_BLOB_SIGN = 0x0100,
+ XCP_BLOB_SIGN_RECOVER = 0x0200,
+ XCP_BLOB_DECRYPT = 0x0400,
+ XCP_BLOB_ENCRYPT = 0x0800,
+ XCP_BLOB_DERIVE = 0x1000,
+ XCP_BLOB_UNWRAP = 0x2000,
+ XCP_BLOB_WRAP = 0x4000,
+ XCP_BLOB_VERIFY = 0x8000,
+ XCP_BLOB_VERIFY_RECOVER = 0x010000,
+ XCP_BLOB_TRUSTED = 0x020000,
+ XCP_BLOB_WRAP_W_TRUSTED = 0x040000,
+ XCP_BLOB_RETAINED = 0x080000,
+ XCP_BLOB_ALWAYS_RETAINED = 0x100000,
+ XCP_BLOB_PROTKEY_EXTRACTABLE = 0x200000,
+ XCP_BLOB_PROTKEY_NEVER_EXTRACTABLE = 0x400000,
+ XCP_BLOB_BIT_MAX = XCP_BLOB_PROTKEY_NEVER_EXTRACTABLE
+} XCP_Attr_t;
+#define XCP_CPID_BYTES 8
+#define XCP_CPBLOCK_BITS 128
+typedef enum {
+    XCP_CPB_ADD_CPBS = 0,
+    XCP_CPB_DELETE_CPBS = 1,
+    XCP_CPB_SIGN_ASYMM = 2,
+    XCP_CPB_SIGN_SYMM = 3,
+    XCP_CPB_SIGVERIFY_SYMM = 4,
+    XCP_CPB_ENCRYPT_SYMM = 5,
+    XCP_CPB_DECRYPT_ASYMM = 6,
+    XCP_CPB_DECRYPT_SYMM = 7,
+    XCP_CPB_WRAP_ASYMM = 8,
+    XCP_CPB_WRAP_SYMM = 9,
+    XCP_CPB_UNWRAP_ASYMM = 10,
+    XCP_CPB_UNWRAP_SYMM = 11,
+    XCP_CPB_KEYGEN_ASYMM = 12,
+    XCP_CPB_KEYGEN_SYMM = 13,
+    XCP_CPB_RETAINKEYS = 14,
+    XCP_CPB_SKIP_KEYTESTS = 15,
+    XCP_CPB_NON_ATTRBOUND = 16,
+    XCP_CPB_MODIFY_OBJECTS = 17,
+    XCP_CPB_RNG_SEED = 18,
+    XCP_CPB_ALG_RAW_RSA = 19,
+    XCP_CPB_ALG_NFIPS2009 = 20,
+    XCP_CPB_ALG_NBSI2009 = 21,
+    XCP_CPB_KEYSZ_HMAC_ANY = 22,
+    XCP_CPB_KEYSZ_BELOW80BIT = 23,
+    XCP_CPB_KEYSZ_80BIT = 24,
+    XCP_CPB_KEYSZ_112BIT = 25,
+    XCP_CPB_KEYSZ_128BIT = 26,
+    XCP_CPB_KEYSZ_192BIT = 27,
+    XCP_CPB_KEYSZ_256BIT = 28,
+    XCP_CPB_KEYSZ_RSA65536 = 29,
+    XCP_CPB_ALG_RSA = 30,
+    XCP_CPB_ALG_DSA = 31,
+    XCP_CPB_ALG_EC = 32,
+    XCP_CPB_ALG_EC_BPOOLCRV = 33,
+    XCP_CPB_ALG_EC_NISTCRV = 34,
+    XCP_CPB_ALG_NFIPS2011 = 35,
+    XCP_CPB_ALG_NBSI2011 = 36,
+    XCP_CPB_USER_SET_TRUSTED = 37,
+    XCP_CPB_ALG_SKIP_CROSSCHK = 38,
+    XCP_CPB_WRAP_CRYPT_KEYS = 39,
+    XCP_CPB_SIGN_CRYPT_KEYS = 40,
+    XCP_CPB_WRAP_SIGN_KEYS = 41,
+    XCP_CPB_USER_SET_ATTRBOUND = 42,
+    XCP_CPB_ALLOW_PASSPHRASE = 43,
+    XCP_CPB_WRAP_STRONGER_KEY = 44,
+    XCP_CPB_WRAP_WITH_RAW_SPKI = 45,
+    XCP_CPB_ALG_DH = 46,
+    XCP_CPB_DERIVE = 47,
+    XCP_CPB_ALLOW_NONSESSION = 48,
+    XCP_CPB_ALG_EC_25519 = 55,
+    XCP_CPB_ALG_EC_SECGCRV = 60,
+    XCP_CPB_ALG_NBSI2017 = 61,
+    XCP_CPB_CPACF_PK = 64,
+    XCP_CPB_ALG_PQC = 65,
+    XCP_CPB_BTC = 66,
+    XCP_CPB_ECDSA_OTHER = 67,
+    XCP_CPB_ALG_NFIPS2021 = 68,
+    XCP_CPB_ALG_NFIPS2024 = 69,
+    XCP_CPB_COMPAT_LEGACY_SHA3 = 70,
+    XCP_CPB_DSA_PARAMETER_GEN = 71,
+    XCP_CPB_DERIVE_NON_AB_KEYS = 72,
+    XCP_CPBITS_MAX = XCP_CPB_DERIVE_NON_AB_KEYS
+} XCP_CPbit_t;
+#define XCP_CPCOUNT \
+  (((XCP_CPBITS_MAX +XCP_CPBLOCK_BITS-1) /XCP_CPBLOCK_BITS) *XCP_CPBLOCK_BITS)
+#define XCP_CP_BYTES (XCP_CPCOUNT /8)
+#define XCP_CPB__INVERT (XCP_CPCOUNT-1)
+#define XCP_ADM_QUERY 0x10000
+typedef enum {
+ XCP_ADM_ADMIN_LOGIN = 1,
+ XCP_ADM_DOM_ADMIN_LOGIN = 2,
+ XCP_ADM_ADMIN_LOGOUT = 3,
+ XCP_ADM_DOM_ADMIN_LOGOUT = 4,
+ XCP_ADM_ADMIN_REPLACE = 5,
+ XCP_ADM_DOM_ADMIN_REPLACE = 6,
+ XCP_ADM_SET_ATTR = 7,
+ XCP_ADM_DOM_SET_ATTR = 8,
+ XCP_ADM_GEN_DOM_IMPORTER = 9,
+ XCP_ADM_GEN_WK = 10,
+ XCP_ADM_EXPORT_WK = 11,
+ XCP_ADM_EXPORT_NEXT_WK = 38,
+ XCP_ADM_IMPORT_WK = 12,
+ XCP_ADM_COMMIT_WK = 13,
+ XCP_ADM_FINALIZE_WK = 14,
+ XCP_ADM_ZEROIZE = 15,
+ XCP_ADM_DOM_ZEROIZE = 16,
+ XCP_ADM_DOM_CTRLPOINT_SET = 17,
+ XCP_ADM_DOM_CTRLPOINT_ADD = 18,
+ XCP_ADM_DOM_CTRLPOINT_DEL = 19,
+ XCP_ADM_SET_CLOCK = 20,
+ XCP_ADM_SET_FCV = 21,
+ XCP_ADM_CTRLPOINT_SET = 22,
+ XCP_ADM_CTRLPOINT_ADD = 23,
+ XCP_ADM_CTRLPOINT_DEL = 24,
+ XCP_ADM_REENCRYPT = 25,
+ XCP_ADM_RK_REMOVE = 26,
+ XCP_ADM_CLEAR_WK = 27,
+ XCP_ADM_CLEAR_NEXT_WK = 28,
+ XCP_ADM_SYSTEM_ZEROIZE = 29,
+ XCP_ADM_EXPORT_STATE = 30,
+ XCP_ADM_IMPORT_STATE = 31,
+ XCP_ADM_COMMIT_STATE = 32,
+ XCP_ADM_REMOVE_STATE = 33,
+ XCP_ADM_GEN_MODULE_IMPORTER= 34,
+ XCP_ADM_SET_TRUSTED = 35,
+ XCP_ADM_DOMAINS_ZEROIZE = 36,
+ XCP_ADM_SESSION_REMOVE = 39,
+ XCP_ADMQ_ADMIN = 1 | XCP_ADM_QUERY,
+ XCP_ADMQ_DOMADMIN = 2 | XCP_ADM_QUERY,
+ XCP_ADMQ_DEVICE_CERT = 3 | XCP_ADM_QUERY,
+ XCP_ADMQ_DOM_IMPORTER_CERT = 4 | XCP_ADM_QUERY,
+ XCP_ADMQ_CTRLPOINTS = 5 | XCP_ADM_QUERY,
+ XCP_ADMQ_DOM_CTRLPOINTS = 6 | XCP_ADM_QUERY,
+ XCP_ADMQ_WK = 7 | XCP_ADM_QUERY,
+ XCP_ADMQ_NEXT_WK = 8 | XCP_ADM_QUERY,
+ XCP_ADMQ_ATTRS = 9 | XCP_ADM_QUERY,
+ XCP_ADMQ_DOM_ATTRS = 10 | XCP_ADM_QUERY,
+ XCP_ADMQ_FCV = 11 | XCP_ADM_QUERY,
+ XCP_ADMQ_WK_ORIGINS = 12 | XCP_ADM_QUERY,
+ XCP_ADMQ_RKLIST = 13 | XCP_ADM_QUERY,
+ XCP_ADMQ_INTERNAL_STATE = 14 | XCP_ADM_QUERY,
+ XCP_ADMQ_IMPORTER_CERT = 15 | XCP_ADM_QUERY,
+ XCP_ADMQ_AUDIT_STATE = 16 | XCP_ADM_QUERY,
+ XCP_ADMQ_LASTCMD_DOM_MASK = 17 | XCP_ADM_QUERY,
+ XCP_ADMQ_SVCADMIN = 18 | XCP_ADM_QUERY,
+} XCP_Admcmd_t;
+typedef enum {
+ XCP_ADMINT_SIGN_THR = 1,
+ XCP_ADMINT_REVOKE_THR = 2,
+ XCP_ADMINT_PERMS = 3,
+ XCP_ADMINT_MODE = 4,
+ XCP_ADMINT_STD = 5,
+ XCP_ADMINT_PERMS_EXT01 = 6,
+ XCP_ADMINT_IDX_MAX = XCP_ADMINT_PERMS_EXT01
+} XCP_AdmAttr_t;
+#define XCP_ADMIN_ATTRIBUTE_COUNT XCP_ADMINT_IDX_MAX
+#define XCP_ADM_SIGTHR__DEFAULT 0
+#define XCP_ADM_REVTHR__DEFAULT 0
+#define XCP_ADMP_WK_IMPORT 1
+#define XCP_ADMP_WK_EXPORT 2
+#define XCP_ADMP_WK_1PART 4
+#define XCP_ADMP_WK_RANDOM 8
+#define XCP_ADMP_1SIGN 0x10
+#define XCP_ADMP_CP_1SIGN 0x20
+#define XCP_ADMP_ZERO_1SIGN 0x40
+#define XCP_ADMP_NO_DOMAIN_IMPRINT \
+                                  0x0080
+#define XCP_ADMP_STATE_IMPORT 0x0100
+#define XCP_ADMP_STATE_EXPORT 0x0200
+#define XCP_ADMP_STATE_1PART 0x0400
+#define XCP_ADMP_DO_NOT_DISTURB 0x2000
+#define XCP_ADMP_CHG_WK_IMPORT 0x10000
+#define XCP_ADMP_CHG_WK_EXPORT 0x20000
+#define XCP_ADMP_CHG_WK_1PART 0x40000
+#define XCP_ADMP_CHG_WK_RANDOM 0x80000
+#define XCP_ADMP_CHG_SIGN_THR 0x100000
+#define XCP_ADMP_CHG_REVOKE_THR 0x200000
+#define XCP_ADMP_CHG_1SIGN 0x400000
+#define XCP_ADMP_CHG_CP_1SIGN 0x800000
+#define XCP_ADMP_CHG_ZERO_1SIGN \
+                              0x01000000
+#define XCP_ADMP_CHG_ST_IMPORT \
+                              0x02000000
+#define XCP_ADMP_CHG_ST_EXPORT \
+                              0x04000000
+#define XCP_ADMP_CHG_ST_1PART 0x08000000
+#define XCP_ADMP_CHG_DO_NOT_DISTURB \
+                              0x80000000
+#define XCP_ADMP_NQS_OA_SIGNATURES 1
+#define XCP_ADMP_QS_OA_SIGNATURES 2
+#define XCP_ADMP_NQS_ADM_SIGNATURES 4
+#define XCP_ADMP_QS_ADM_SIGNATURES 8
+#define XCP_ADMP_CHG_NQS_OA_SIGNATURES \
+                                 0x10000
+#define XCP_ADMP_CHG_QS_OA_SIGNATURES \
+                                 0x20000
+#define XCP_ADMP_CHG_NQS_ADM_SIGNATURES \
+                                 0x40000
+#define XCP_ADMP_CHG_QS_ADM_SIGNATURES \
+                                 0x80000
+#define XCP_ADMP__CHGBITS \
+       (XCP_ADMP_CHG_WK_IMPORT | \
+        XCP_ADMP_CHG_WK_EXPORT | \
+        XCP_ADMP_CHG_WK_1PART | \
+        XCP_ADMP_CHG_WK_RANDOM | \
+        XCP_ADMP_CHG_SIGN_THR | \
+        XCP_ADMP_CHG_REVOKE_THR | \
+        XCP_ADMP_CHG_1SIGN | \
+        XCP_ADMP_CHG_CP_1SIGN | \
+        XCP_ADMP_CHG_ZERO_1SIGN | \
+        XCP_ADMP_CHG_ST_IMPORT | \
+        XCP_ADMP_CHG_ST_EXPORT | \
+        XCP_ADMP_CHG_ST_1PART | \
+        XCP_ADMP_CHG_DO_NOT_DISTURB)
+#define XCP_ADMP__PERMS \
+       (XCP_ADMP_WK_IMPORT | \
+        XCP_ADMP_WK_EXPORT | \
+        XCP_ADMP_WK_1PART | \
+        XCP_ADMP_WK_RANDOM | \
+        XCP_ADMP_1SIGN | \
+        XCP_ADMP_CP_1SIGN | \
+        XCP_ADMP_ZERO_1SIGN | \
+        XCP_ADMP_NO_DOMAIN_IMPRINT | \
+        XCP_ADMP_STATE_IMPORT | \
+        XCP_ADMP_STATE_EXPORT | \
+        XCP_ADMP_STATE_1PART | \
+        XCP_ADMP_DO_NOT_DISTURB)
+#define XCP_ADMP__CHGBITS_EXT01 \
+       (XCP_ADMP_CHG_NQS_OA_SIGNATURES | \
+        XCP_ADMP_CHG_QS_OA_SIGNATURES | \
+        XCP_ADMP_CHG_NQS_ADM_SIGNATURES | \
+        XCP_ADMP_CHG_QS_ADM_SIGNATURES)
+#define XCP_ADMP__PERMS_EXT01 \
+       (XCP_ADMP_NQS_OA_SIGNATURES | \
+        XCP_ADMP_QS_OA_SIGNATURES | \
+        XCP_ADMP_NQS_ADM_SIGNATURES | \
+        XCP_ADMP_QS_ADM_SIGNATURES)
+#define XCP__ADMP_SUP_EXT01 (XCP_ADMP__PERMS_EXT01 | \
+                             XCP_ADMP__CHGBITS_EXT01)
+#define XCP_ADMP__DEFAULT \
+       (XCP_ADMP_WK_IMPORT | \
+        XCP_ADMP_1SIGN | \
+        XCP_ADMP__CHGBITS)
+#define XCP_ADMP__DEFAULT_EXT01 \
+       (XCP_ADMP__CHGBITS_EXT01 | \
+        XCP_ADMP_NQS_OA_SIGNATURES | \
+        XCP_ADMP_QS_OA_SIGNATURES | \
+        XCP_ADMP_NQS_ADM_SIGNATURES | \
+        XCP_ADMP_QS_ADM_SIGNATURES)
+#define XCPM_ADMP__MODULE_DEFAULTS_MASK \
+       (XCP_ADMP_DO_NOT_DISTURB | \
+        XCP_ADMP_CHG_DO_NOT_DISTURB)
+#define XCPM_ADMP__MODULE_DEFAULTS_MASK_EXT01 \
+       (XCP_ADMP_NQS_OA_SIGNATURES | \
+        XCP_ADMP_CHG_NQS_OA_SIGNATURES | \
+        XCP_ADMP_QS_OA_SIGNATURES | \
+        XCP_ADMP_CHG_QS_OA_SIGNATURES | \
+        XCP_ADMP_NQS_ADM_SIGNATURES | \
+        XCP_ADMP_CHG_NQS_ADM_SIGNATURES | \
+        XCP_ADMP_QS_ADM_SIGNATURES | \
+        XCP_ADMP_CHG_QS_ADM_SIGNATURES)
+#define XCP_ADMP__CARD_MASK \
+      ~(XCP_ADMP_WK_IMPORT | \
+        XCP_ADMP_WK_EXPORT | \
+        XCP_ADMP_WK_1PART | \
+        XCP_ADMP_WK_RANDOM | \
+        XCP_ADMP_CP_1SIGN | \
+        XCP_ADMP_CHG_WK_IMPORT | \
+        XCP_ADMP_CHG_WK_EXPORT | \
+        XCP_ADMP_CHG_WK_1PART | \
+        XCP_ADMP_CHG_WK_RANDOM | \
+        XCP_ADMP_CHG_CP_1SIGN)
+#define XCP_ADMP__CARD_MASK_EXT01 \
+       ~(0U)
+#define XCP_ADMP__DOM_MASK \
+      ~(XCP_ADMP_NO_DOMAIN_IMPRINT | \
+        XCP_ADMP_STATE_IMPORT | \
+        XCP_ADMP_STATE_EXPORT | \
+        XCP_ADMP_STATE_1PART | \
+        XCP_ADMP_CHG_ST_IMPORT | \
+        XCP_ADMP_CHG_ST_EXPORT | \
+        XCP_ADMP_CHG_ST_1PART)
+#define XCP_ADMP__DOM_MASK_EXT01 \
+      ~(0U)
+#define XCP__ADMP_SUP ((XCP_ADMP__PERMS | XCP_ADMP__CHGBITS) &\
+                       ~XCP_ADMP_NOT_SUP)
+#define XCP_ADMM_AUTHENTICATED 1U
+#define XCP_ADMM_EXTWNG 2U
+#define XCP_ADMM_STR_112BIT 4U
+#define XCP_ADMM_STR_128BIT 8U
+#define XCP_ADMM_STR_160BIT 0x10U
+#define XCP_ADMM_STR_192BIT 0x20U
+#define XCP_ADMM_STR_256BIT 0x40U
+#define XCP_ADMM_WKCLEAN_EXTWNG 0x80U
+#define XCP_ADMM_BATT_LOW 0x0100U
+#define XCP_ADMM_API_ACTIVE 0x0200U
+#define XCP_ADMM__DEFAULT \
+       (XCP_ADMM_EXTWNG | \
+        XCP_ADMM_API_ACTIVE)
+#define XCP_ADMM__MASK \
+        (XCP_ADMM_AUTHENTICATED | \
+         XCP_ADMM_EXTWNG | \
+         XCP_ADMM_STR_112BIT | \
+         XCP_ADMM_STR_128BIT | \
+         XCP_ADMM_STR_160BIT | \
+         XCP_ADMM_STR_192BIT | \
+         XCP_ADMM_STR_256BIT | \
+         XCP_ADMM_WKCLEAN_EXTWNG | \
+         XCP_ADMM_BATT_LOW | \
+         XCP_ADMM_API_ACTIVE)
+#define XCP_ADMM__CARD_ONLY_ATTR \
+       (XCP_ADMM_EXTWNG | \
+        XCP_ADMM_WKCLEAN_EXTWNG | \
+        XCP_ADMM_API_ACTIVE)
+#define XCP_ADMM__READ_ONLY_ATTR \
+       (XCP_ADMM_AUTHENTICATED | \
+        XCP_ADMM_BATT_LOW)
+#define XCP__ADMM_ADMSTR \
+       (XCP_ADMM_STR_112BIT | \
+        XCP_ADMM_STR_128BIT | \
+        XCP_ADMM_STR_160BIT | \
+        XCP_ADMM_STR_192BIT | \
+        XCP_ADMM_STR_256BIT)
+#define XCP__ADMM_SUP XCP_ADMM__MASK
+#define XCP_ADMS_FIPS2009 1
+#define XCP_ADMS_BSI2009 2
+#define XCP_ADMS_FIPS2011 4
+#define XCP_ADMS_BSI2011 8
+#define XCP_ADMS_SIGG_IMPORT 0x10
+#define XCP_ADMS_SIGG 0x20
+#define XCP_ADMS_BSICC2017 0x40
+#define XCP_ADMS_FIPS2021 0x80
+#define XCP_ADMS_FIPS2024 0x100
+#define XCP_ADMS_ADM_FIPS2021 0x200
+#define XCP_ADMS__ALL \
+       (XCP_ADMS_FIPS2009 | \
+        XCP_ADMS_BSI2009 | \
+        XCP_ADMS_FIPS2011 | \
+        XCP_ADMS_BSI2011 | \
+        XCP_ADMS_BSICC2017 | \
+        XCP_ADMS_FIPS2021 | \
+        XCP_ADMS_FIPS2024 | \
+        XCP_ADMS_ADM_FIPS2021)
+#define XCP_ADMS__SUPP (XCP_ADMS__ALL & \
+                         ~(XCP_ADMS_FIPS2021 | \
+                           XCP_ADMS_ADM_FIPS2021 | \
+                           XCP_ADMS_FIPS2024))
+#define XCP__ADMP_SUP_LEGACY \
+       (XCP_ADMP_WK_IMPORT | \
+        XCP_ADMP_WK_EXPORT | \
+        XCP_ADMP_WK_1PART | \
+        XCP_ADMP_WK_RANDOM | \
+        XCP_ADMP_1SIGN | \
+        XCP_ADMP_CP_1SIGN | \
+        XCP_ADMP_ZERO_1SIGN | \
+        XCP_ADMP_NO_DOMAIN_IMPRINT | \
+        XCP_ADMP_STATE_IMPORT | \
+        XCP_ADMP_STATE_EXPORT | \
+        XCP_ADMP_STATE_1PART | \
+        XCP_ADMP_CHG_WK_IMPORT | \
+        XCP_ADMP_CHG_WK_EXPORT | \
+        XCP_ADMP_CHG_WK_1PART | \
+        XCP_ADMP_CHG_WK_RANDOM | \
+        XCP_ADMP_CHG_SIGN_THR | \
+        XCP_ADMP_CHG_REVOKE_THR | \
+        XCP_ADMP_CHG_1SIGN | \
+        XCP_ADMP_CHG_CP_1SIGN | \
+        XCP_ADMP_CHG_ZERO_1SIGN | \
+        XCP_ADMP_CHG_ST_IMPORT | \
+        XCP_ADMP_CHG_ST_EXPORT | \
+        XCP_ADMP_CHG_ST_1PART)
+#define XCP__ADMM_SUP_LEGACY \
+       (XCP_ADMM_AUTHENTICATED | \
+        XCP_ADMM_EXTWNG | \
+        XCP_ADMM_WKCLEAN_EXTWNG | \
+        XCP_ADMM_BATT_LOW | \
+        XCP_ADMM_API_ACTIVE)
+#define XCP_ADMS__ALL_LEGACY \
+       (XCP_ADMS_FIPS2009 | \
+        XCP_ADMS_BSI2009 | \
+        XCP_ADMS_FIPS2011 | \
+        XCP_ADMS_BSI2011 | \
+        XCP_ADMS_BSICC2017)
+#define XCP__ADMP_SUP_EXT01_LEGACY (0)
+#define XCP_ADMS_IS_BSI(mode) (!!((mode) & (XCP_ADMS_BSI2009 | \
+                                             XCP_ADMS_BSI2011 | \
+                                             XCP_ADMS_BSICC2017 )) )
+#define XCP_ADM_IMPEXP_KEYS__MASK \
+         ((1 << XCP_IMPRKEY_RSA_2048) | \
+          (1 << XCP_IMPRKEY_EC_P256) | \
+          (1 << XCP_IMPRKEY_EC_P521) | \
+          (1 << XCP_IMPRKEY_EC_BP256r) | \
+          (1 << XCP_IMPRKEY_EC_BP320r) | \
+          (1 << XCP_IMPRKEY_EC_BP512r) | \
+          (1 << XCP_IMPRKEY_EC_P521_TKE))
+#define XCP_LOG_KEYREC_BYTES 24
+#define XCP_LOG_SEQNR_BYTES 6
+#define XCP_LOG_INSTANCEID_BYTES 2
+#define XCP_LOG_TIMET_BYTES (4+2)
+#define XCP_LOG_SEQNR_OFFSET ((size_t) 4)
+#define XCP_LOG_SEQPRF_BASE_BYTES \
+         ((size_t) XCP_LOG_SEQNR_BYTES +XCP_LOG_TIMET_BYTES)
+#define XCP_LOG_COMPLIANCE_BYTES 8
+#define XCP_LOG_REASON_BYTES 4
+#define XCP_LOG_SALTUNIT_BYTES 4
+#define XCP_LOG_SALT_MAX_UNITS 3
+#define XCP_LOG_SALT_MAX_BYTES \
+        (XCP_LOG_SALT_MAX_UNITS * XCP_LOG_SALTUNIT_BYTES)
+#define XCP_LOG_PRFSALT_BYTES ((size_t) 64/8)
+#define XCP_LOG_CONTEXT_BYTES \
+        (2* XCP_SERIALNR_CHARS+ \
+         2+2+ \
+         4+4+ \
+         4+4 )
+#define XCP_LOG_OPTFIELD_MAX_BYTES \
+        (2* XCP_WK_BYTES + \
+            XCP_LOG_COMPLIANCE_BYTES + \
+         3* XCP_LOG_KEYREC_BYTES + \
+            XCP_LOG_TIMET_BYTES + \
+     XCP_LOG_COMPLIANCE_BYTES + \
+            XCP_LOG_REASON_BYTES + \
+            XCP_LOG_SALT_MAX_BYTES)
+#define XCP_LOG_HEADER_BYTES \
+        (1+1+2 + \
+         XCP_LOG_SEQNR_BYTES + \
+         XCP_LOG_TIMET_BYTES)
+#define XCP_LOG_ENTRY_MAX_BYTES \
+        (XCP_LOG_HEADER_BYTES + \
+         XCP_LOG_STATE_BYTES + \
+         XCP_LOG_CONTEXT_BYTES + \
+         XCP_LOG_OPTFIELD_MAX_BYTES + \
+         XCP_LOG_STATE_BYTES)
+typedef enum {
+ XCP_STSTYPE_SECTIONCOUNT = 1,
+ XCP_STSTYPE_DOMAINIDX_MAX = 2,
+ XCP_STSTYPE_DOMAINS_MASK = 3,
+ XCP_STSTYPE_SERIALNR = 4,
+ XCP_STSTYPE_CREATE_TIME = 5,
+ XCP_STSTYPE_FCV = 6,
+ XCP_STSTYPE_CARD_QUERY = 7,
+ XCP_STSTYPE_CARD_ADM_SKIS = 8,
+ XCP_STSTYPE_CARD_ADM_CERTS = 9,
+ XCP_STSTYPE_DOM_ADM_SKIS = 10,
+ XCP_STSTYPE_DOM_ADM_CERTS = 11,
+ XCP_STSTYPE_DOM_QUERY = 12,
+ XCP_STSTYPE_KPH_SKIS = 13,
+ XCP_STSTYPE_CARD_ATTRS = 14,
+ XCP_STSTYPE_DOM_ATTRS = 15,
+ XCP_STSTYPE_CARD_TRANSCTR = 16,
+ XCP_STSTYPE_DOM_TRANSCTR = 17,
+ XCP_STSTYPE_WK_ENCR_ALG = 18,
+ XCP_STSTYPE_WK_ENCR_DATA = 19,
+ XCP_STSTYPE_SIG_CERT_COUNT = 20,
+ XCP_STSTYPE_SIG_CERTS = 21,
+ XCP_STSTYPE_FILE_SIG = 22,
+ XCP_STSTYPE_DOM_CPS = 23,
+ XCP_STSTYPE_STATE_SALT = 24,
+ XCP_STSTYPE_KEYPART = 25,
+ XCP_STSTYPE_KEYPART_SIG = 26,
+ XCP_STSTYPE_KEYPART_COUNT = 27,
+ XCP_STSTYPE_KEYPART_LIMIT = 28,
+ XCP_STSTYPE_KEYPART_CERT = 29,
+ XCP_STSTYPE_CERT_AUTH = 30,
+ XCP_STSTYPE_STATE_SCOPE = 31,
+ XCP_STSTYPE_MULTIIMPORT_MASK = 32,
+ XCP_STSTYPE_CPS_MASK = 33,
+ XCP_STSTYPE_CARD_QUERY_V1 = 34,
+ XCP_STSTYPE_CARD_QUERY_V2 = 35,
+ XCP_STSTYPE_CARD_EXTADM_SKIS = 36,
+ XCP_STSTYPE_CARD_EXTADM_CERTS = 37,
+ XCP_STSTYPE_DOM_EXTADM_SKIS = 38,
+ XCP_STSTYPE_DOM_EXTADM_CERTS = 39,
+ XCP_STSTYPE_MAX = XCP_STSTYPE_DOM_EXTADM_CERTS
+} XCP_StateSection_t;
+typedef enum {
+ XCP_STALG_AES256_CBC = 1
+} XCP_StateEncrAlg_t;
+typedef enum {
+ XCP_FILEID_SAVED_STATE = 1,
+ XCP_FILEID_KEYPARTS = 2,
+ XCP_FILEID_TESTDATA = 3,
+ XCP_FILEID_EXPREQUEST = 4,
+ XCP_FILEID_MAX = XCP_FILEID_EXPREQUEST
+} XCP_FileId_t;
+typedef enum {
+ XCP_STDATA_DOMAIN = 1,
+ XCP_STDATA_NONSENSITIVE = 2,
+ XCP_STWK_KP_NO_CERT = 4,
+ XCP_STWK_KP_NO_OA_CHAIN = 8,
+ XCP_STDATA_NQS = 0x20,
+ XCP_STDATA_QS = 0x40,
+ XCP_STDATA_MAX = ((XCP_STDATA_QS *2) -1)
+} XCP_StateType_t;
+#define XCP_STSTYPE_TYPE_BYTES 2
+#define XCP_STSTYPE_TYPEID_BYTES 4
+#define XCP_EC_P192 "\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x01"
+#define XCP_EC_P192_BYTES 10
+#define XCP_EC_P224 "\x06\x05\x2b\x81\x04\x00\x21"
+#define XCP_EC_P224_BYTES 7
+#define XCP_EC_P256 "\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07"
+#define XCP_EC_P256_BYTES 10
+#define XCP_EC_P384 "\x06\x05\x2b\x81\x04\x00\x22"
+#define XCP_EC_P384_BYTES 7
+#define XCP_EC_P521 "\x06\x05\x2b\x81\x04\x00\x23"
+#define XCP_EC_P521_BYTES 7
+#define XCP_EC_P192_NAME "\x50\x2d\x31\x39\x32"
+#define XCP_EC_P192_NAME_BYTES 5
+#define XCP_EC_P224_NAME "\x50\x2d\x32\x32\x34"
+#define XCP_EC_P224_NAME_BYTES 5
+#define XCP_EC_P256_NAME "\x50\x2d\x32\x35\x36"
+#define XCP_EC_P256_NAME_BYTES 5
+#define XCP_EC_P384_NAME "\x50\x2d\x33\x38\x34"
+#define XCP_EC_P384_NAME_BYTES 5
+#define XCP_EC_P521_NAME "\x50\x2d\x35\x32\x31"
+#define XCP_EC_P521_NAME_BYTES 5
+#define XCP_EC_BP160R "\x06\x09\x2b\x24\x03\x03\x02\x08\x01\x01\x01"
+#define XCP_EC_BP160R_BYTES 11
+#define XCP_EC_BP160T "\x06\x09\x2b\x24\x03\x03\x02\x08\x01\x01\x02"
+#define XCP_EC_BP160T_BYTES 11
+#define XCP_EC_BP192R "\x06\x09\x2b\x24\x03\x03\x02\x08\x01\x01\x03"
+#define XCP_EC_BP192R_BYTES 11
+#define XCP_EC_BP192T "\x06\x09\x2b\x24\x03\x03\x02\x08\x01\x01\x04"
+#define XCP_EC_BP192T_BYTES 11
+#define XCP_EC_BP224R "\x06\x09\x2b\x24\x03\x03\x02\x08\x01\x01\x05"
+#define XCP_EC_BP224R_BYTES 11
+#define XCP_EC_BP224T "\x06\x09\x2b\x24\x03\x03\x02\x08\x01\x01\x06"
+#define XCP_EC_BP224T_BYTES 11
+#define XCP_EC_BP256R "\x06\x09\x2b\x24\x03\x03\x02\x08\x01\x01\x07"
+#define XCP_EC_BP256R_BYTES 11
+#define XCP_EC_BP256T "\x06\x09\x2b\x24\x03\x03\x02\x08\x01\x01\x08"
+#define XCP_EC_BP256T_BYTES 11
+#define XCP_EC_BP320R "\x06\x09\x2b\x24\x03\x03\x02\x08\x01\x01\x09"
+#define XCP_EC_BP320R_BYTES 11
+#define XCP_EC_BP320T "\x06\x09\x2b\x24\x03\x03\x02\x08\x01\x01\x0a"
+#define XCP_EC_BP320T_BYTES 11
+#define XCP_EC_BP384R "\x06\x09\x2b\x24\x03\x03\x02\x08\x01\x01\x0b"
+#define XCP_EC_BP384R_BYTES 11
+#define XCP_EC_BP384T "\x06\x09\x2b\x24\x03\x03\x02\x08\x01\x01\x0c"
+#define XCP_EC_BP384T_BYTES 11
+#define XCP_EC_BP512R "\x06\x09\x2b\x24\x03\x03\x02\x08\x01\x01\x0d"
+#define XCP_EC_BP512R_BYTES 11
+#define XCP_EC_BP512T "\x06\x09\x2b\x24\x03\x03\x02\x08\x01\x01\x0e"
+#define XCP_EC_BP512T_BYTES 11
+#define XCP_EC_BPOID_BYTES 11
+#define XCP_EC_BPOIDS 14
+#define XCP_EC_BP160R_NAME "\x42\x50\x2d\x31\x36\x30\x52"
+#define XCP_EC_BP160R_NAME_BYTES 7
+#define XCP_EC_BP160T_NAME "\x42\x50\x2d\x31\x36\x30\x54"
+#define XCP_EC_BP160T_NAME_BYTES 7
+#define XCP_EC_BP192R_NAME "\x42\x50\x2d\x31\x39\x32\x52"
+#define XCP_EC_BP192R_NAME_BYTES 7
+#define XCP_EC_BP192T_NAME "\x42\x50\x2d\x31\x39\x32\x54"
+#define XCP_EC_BP192T_NAME_BYTES 7
+#define XCP_EC_BP224R_NAME "\x42\x50\x2d\x32\x32\x34\x52"
+#define XCP_EC_BP224R_NAME_BYTES 7
+#define XCP_EC_BP224T_NAME "\x42\x50\x2d\x32\x32\x34\x54"
+#define XCP_EC_BP224T_NAME_BYTES 7
+#define XCP_EC_BP256R_NAME "\x42\x50\x2d\x32\x35\x36\x52"
+#define XCP_EC_BP256R_NAME_BYTES 7
+#define XCP_EC_BP256T_NAME "\x42\x50\x2d\x32\x35\x36\x54"
+#define XCP_EC_BP256T_NAME_BYTES 7
+#define XCP_EC_BP320R_NAME "\x42\x50\x2d\x33\x32\x30\x52"
+#define XCP_EC_BP320R_NAME_BYTES 7
+#define XCP_EC_BP320T_NAME "\x42\x50\x2d\x33\x32\x30\x54"
+#define XCP_EC_BP320T_NAME_BYTES 7
+#define XCP_EC_BP384R_NAME "\x42\x50\x2d\x33\x38\x34\x52"
+#define XCP_EC_BP384R_NAME_BYTES 7
+#define XCP_EC_BP384T_NAME "\x42\x50\x2d\x33\x38\x34\x54"
+#define XCP_EC_BP384T_NAME_BYTES 7
+#define XCP_EC_BP512R_NAME "\x42\x50\x2d\x35\x31\x32\x52"
+#define XCP_EC_BP512R_NAME_BYTES 7
+#define XCP_EC_BP512T_NAME "\x42\x50\x2d\x35\x31\x32\x54"
+#define XCP_EC_BP512T_NAME_BYTES 7
+#define XCP_EC_S256K1 "\x06\x05" "\x2b\x81\x04\x00\x0a"
+#define XCP_EC_S256K1_BYTES 7
+#define XCP_EC_S256K1_NAME "\x53\x45\x43\x50\x32\x35\x36\x4b\x31"
+#define XCP_EC_S256K1_NAME_BYTES 9
+#define XCP_EC_X25519 "\x06\x03\x2b\x65\x6e"
+#define XCP_EC_X25519_BYTES 5
+#define XCP_EC_X25519_NAME "\x63\x75\x72\x76\x65\x32\x35\x35\x31\x39"
+#define XCP_EC_X25519_NAME_BYTES 10
+#define XCP_EC_X448 "\x06\x03\x2b\x65\x6f"
+#define XCP_EC_X448_BYTES 5
+#define XCP_EC_X448_NAME "\x78\x34\x34\x38"
+#define XCP_EC_X448_NAME_BYTES 4
+#define XCP_EC_DSA25519 "\x06\x03\x2b\x65\x70"
+#define XCP_EC_DSA25519_BYTES 5
+#define XCP_EC_DSA25519_NAME "\x65\x64\x32\x35\x35\x31\x39"
+#define XCP_EC_DSA25519_NAME_BYTES 7
+#define XCP_EC_DSA448 "\x06\x03\x2b\x65\x71"
+#define XCP_EC_DSA448_BYTES 5
+#define XCP_EC_DSA448_NAME "\x65\x64\x34\x34\x38"
+#define XCP_EC_DSA448_NAME_BYTES 5
+#define XCP_EC_MAX_ID_BYTES 11
+typedef enum {
+ XCP_EC_C_NIST_P192 = 1,
+ XCP_EC_C_NIST_P224 = 2,
+ XCP_EC_C_NIST_P256 = 3,
+ XCP_EC_C_NIST_P384 = 4,
+ XCP_EC_C_NIST_P521 = 5,
+ XCP_EC_C_BP160R = 6,
+ XCP_EC_C_BP160T = 7,
+ XCP_EC_C_BP192R = 8,
+ XCP_EC_C_BP192T = 9,
+ XCP_EC_C_BP224R = 10,
+ XCP_EC_C_BP224T = 11,
+ XCP_EC_C_BP256R = 12,
+ XCP_EC_C_BP256T = 13,
+ XCP_EC_C_BP320R = 14,
+ XCP_EC_C_BP320T = 15,
+ XCP_EC_C_BP384R = 16,
+ XCP_EC_C_BP384T = 17,
+ XCP_EC_C_BP512R = 18,
+ XCP_EC_C_BP512T = 19,
+ XCP_EC_C_25519 = 20,
+ XCP_EC_C_SECP256K1 = 23,
+ XCP_EC_C_ED448 = 24,
+ XCP_EC_C_448 = 25,
+ XCP_EC_C_ED25519 = 26,
+ XCP_EC_C_MAX = 27
+} XCP_ECcurve_t;
+typedef enum {
+ XCP_EC_CG_NIST = 1,
+ XCP_EC_CG_BPOOL = 2,
+ XCP_EC_CG_C25519 = 3,
+ XCP_EC_CG_SECP256K1 = 4,
+ XCP_EC_CG_C448 = 6,
+ XCP_EC_CG_MAX = XCP_EC_CG_C448
+} XCP_ECCurveGrp_t;
+#define XCP_PQC_DILITHIUM_R2_54 "\x6\xb\x2b\x6\x1\x4\x1\x2\x82\xb\x1\x5\x4"
+#define XCP_PQC_DILITHIUM_R2_54_BYTES 13
+#define XCP_PQC_DILITHIUM_R2_65 "\x6\xb\x2b\x6\x1\x4\x1\x2\x82\xb\x1\x6\x5"
+#define XCP_PQC_DILITHIUM_R2_65_BYTES 13
+#define XCP_PQC_DILITHIUM_R2_87 "\x6\xb\x2b\x6\x1\x4\x1\x2\x82\xb\x1\x8\x7"
+#define XCP_PQC_DILITHIUM_R2_87_BYTES 13
+#define XCP_PQC_DILITHIUM_R3_44 "\x6\xb\x2b\x6\x1\x4\x1\x2\x82\xb\x7\x4\x4"
+#define XCP_PQC_DILITHIUM_R3_44_BYTES 13
+#define XCP_PQC_DILITHIUM_R3_65 "\x6\xb\x2b\x6\x1\x4\x1\x2\x82\xb\x7\x6\x5"
+#define XCP_PQC_DILITHIUM_R3_65_BYTES 13
+#define XCP_PQC_DILITHIUM_R3_87 "\x6\xb\x2b\x6\x1\x4\x1\x2\x82\xb\x7\x8\x7"
+#define XCP_PQC_DILITHIUM_R3_87_BYTES 13
+#define XCP_PQC_KYBER_R2_512 "\x6\x9\x2B\x6\x1\x4\x1\x2\x82\xB\x5"
+#define XCP_PQC_KYBER_R2_512_BYTES 11
+#define XCP_PQC_KYBER_R2_768 "\x6\xB\x2B\x6\x1\x4\x1\x2\x82\xB\x5\x3\x3"
+#define XCP_PQC_KYBER_R2_768_BYTES 13
+#define XCP_PQC_KYBER_R2_1024 "\x6\xB\x2B\x6\x1\x4\x1\x2\x82\xB\x5\x4\x4"
+#define XCP_PQC_KYBER_R2_1024_BYTES 13
+typedef enum {
+ XCP_PQC_S_DILITHIUM_R2_54 = 1,
+ XCP_PQC_S_DILITHIUM_R2_65 = 2,
+ XCP_PQC_S_DILITHIUM_R2_87 = 3,
+ XCP_PQC_S_DILITHIUM_R3_44 = 4,
+ XCP_PQC_S_DILITHIUM_R3_65 = 5,
+ XCP_PQC_S_DILITHIUM_R3_87 = 6,
+ XCP_PQC_S_KYBER_R2_512 = 7,
+ XCP_PQC_S_KYBER_R2_768 = 8,
+ XCP_PQC_S_KYBER_R2_1024 = 9,
+ XCP_PQC_MAX = XCP_PQC_S_KYBER_R2_1024,
+} XCP_PQCStrength_t;
+#define XCP_VERS_QUERY_REQ 0x30,0x03,0x04,0x01,0x00
+#define XCP_VERS_QUERY_REQ_BYTES 5
+typedef enum {
+ XCP_DEV_SET_WK = 1,
+ XCP_DEV_SET_NEXT_WK = 2,
+ XCP_DEV_AES_ENCR_CYCLE = 3,
+ XCP_DEV_AES_DECR_CYCLE = 4,
+ XCP_DEV_DES_ENCR_CYCLE = 5,
+ XCP_DEV_DES_DECR_CYCLE = 6,
+ XCP_DEV_ZEROIZE_CARD = 7,
+ XCP_DEV_ZEROIZE_DOMAIN = 8,
+ XCP_DEV_SET_DOMAIN_CPS = 9,
+ XCP_DEV_SET_WK_RAW = 10,
+ XCP_DEV_COMMIT_NEXT_WK = 11,
+ XCP_DEVQ_ADMINLIST = 12,
+ XCP_DEVQ_DOM_ADMINLIST = 13,
+ XCP_DEV_SET_NEXT_WK_RAW = 14,
+ XCP_DEV_FSMODE = 15,
+ XCP_DEV_ADMSIGN = 16,
+ XCP_DEV_FSWRITE = 17,
+ XCP_DEV_DSA_PQG_GEN = 18,
+ XCP_DEVQ_BLOBCONFIG = 19,
+ XCP_DEV_RSA_X931_KEYGEN = 20,
+ XCP_DEV_RNGSTATE = 21,
+ XCP_DEV_RNG_SEED = 22,
+ XCP_DEVQ_ENTROPY = 23,
+ XCP_DEVQ_PERFMODE = 24,
+ XCP_DEV_PERFMODE = 25,
+ XCP_DEV_RSA_DECR_CYCLE = 26,
+ XCP_DEV_RSACRT_DECR_CYCLE = 27,
+ XCP_DEV_ECMUL_CYCLE = 28,
+ XCP_DEV_PERFMARK = 29,
+ XCP_DEVQ_PERF_LOCK = 30,
+ XCP_DEVQ_PERF_WAKE = 31,
+ XCP_DEVQ_PERF_SCALE = 32,
+ XCP_DEV_CACHE_MODE = 33,
+ XCP_DEVQ_CACHE_STATS = 34,
+ XCP_DEV_DELAY = 35,
+ XCP_DEV_COMPRESS = 36,
+ XCP_DEV_XOR_FF = 37,
+ XCP_DEV_PRF = 38,
+ XCP_DEV_TRANSPORTSTATE1 = 39,
+ XCP_DEVQ_CACHEINDEX = 40,
+ XCP_DEVQ_CSP_OBJCOUNT = 41,
+ XCP_DEV_CSPTYPE = 42,
+ XCP_DEV_FCV = 43,
+ XCP_DEV_CLEAR_FCV = 44,
+ XCP_DEVQ_ASSERTIONS = 45,
+ XCP_DEV_TEST_LATESTART = 46,
+ XCP_DEV_ENVSEED = 47,
+ XCP_DEVQ_RAWENTROPY = 48,
+ XCP_DEV_EC_SIGVER_CYCLE = 49,
+ XCP_DEV_DRAIN_ENTROPY = 50,
+ XCP_DEV_CONV_EC_BLOB = 51,
+ XCP_DEVQ_COUNTERS = 52,
+ XCP_DEV_RSACRT_MSG_CYCLE = 53,
+ XCP_DEV_AUDIT_CYCLE = 54,
+ XCP_DEV_EDDSA = 55,
+ XCP_DEV_ECDH = 56,
+ XCP_DEV_PQC_DILITHIUM = 57,
+ XCP_DEV_ABORT = 63,
+ XCP_DEV_DRNG = 64,
+ XCP_DEV_DRNG_RESEED = 65,
+ XCP_DEV_FAULT_INJECT = 66,
+ XCP_DEVQ_FAULTLIST = 67,
+ XCP_DEV_FLIP_ERRORSTATE = 68,
+ XCP_DEV_AESKW = 69,
+ XCP_DEV_UNIT_TEST = 72,
+ XCP_DEV_MAX_INDEX = XCP_DEV_UNIT_TEST
+} XCP_DEVcmd_t;
+#define XCP_DEV_MAX_DATABYTES ((size_t) 64000)
+#define XCP_DEV_MAX_ITERATIONS ((unsigned int) 128*1024)
+#define XCP_DEV_C25519 (unsigned int)255
+#define XCP_DEV_C448 (unsigned int)448
+#define XCP_DEV_ED25519 ~((unsigned int)255)
+#define XCP_DEV_ED448 ~((unsigned int)448)
+#define XCP_DEV_ED25519_2 ~((unsigned int)256)
+#define XCP_DEV_ED448_2 ~((unsigned int)456)
+#define XCP_DEV_AESKW_WRAP (unsigned int)1
+#define XCP_DEV_AESKW_UNWRAP (unsigned int)2
+#define XCP_DEV_AESKW_WRAP_PAD (unsigned int)3
+#define XCP_DEV_AESKW_UNWRAP_PAD (unsigned int)4
+typedef enum {
+ XCP_DEVC_CACHE_ACTIVE = 1,
+ XCP_DEVC_CACHE_INACTIVE = 2,
+ XCP_DEVC_CACHE_FLUSH = 4,
+} XCP_DEVcache_t;
+typedef enum {
+ XCP_DEV_RNG_TRNG = 0,
+ XCP_DEV_RNG_DRNG = 1,
+ XCP_DEV_RNG_MIXED = 2,
+ XCP_DEV_RNG_SWDRNG = 4,
+ XCP_DEV_RNG_TYPE_MAX = XCP_DEV_RNG_SWDRNG
+} XCP_DEVrng_t;
+typedef enum {
+ XCP_DEVFS_QUERY = 0,
+ XCP_DEVFS_READONLY = 1,
+ XCP_DEVFS_NOACCESS = 2
+} XCP_DEVfs_t;
+#define XCP_DEV_CTR_SIZE 4
+#define XCP_DEV_CTR_TYPE uint32_t
+typedef enum {
+ XCP_DEV_FAULT_EXPR = 1,
+ XCP_DEV_FAULT_FUNC = 2,
+ XCP_DEV_FAULT_MSLEEP = 4,
+ XCP_DEV_FAULT_RV = 8,
+ XCP_DEV_FAULT_DBIT = 16,
+ XCP_DEV_FAULT_DNULL = 32,
+ XCP_DEV_FAULT_RBIT = 64,
+} XCP_DEVfault_t;
+#if !defined(CKG_VENDOR_DEFINED)
+#define CKG_VENDOR_DEFINED 0x80000000UL
+#endif
+#define CKG_IBM_MGF1_SHA3_224 (CKG_VENDOR_DEFINED +1)
+#define CKG_IBM_MGF1_SHA3_256 (CKG_VENDOR_DEFINED +2)
+#define CKG_IBM_MGF1_SHA3_384 (CKG_VENDOR_DEFINED +3)
+#define CKG_IBM_MGF1_SHA3_512 (CKG_VENDOR_DEFINED +4)
+#if !defined(CKD_VENDOR_DEFINED)
+#define CKD_VENDOR_DEFINED 0x80000000UL
+#endif
+#define CKD_IBM_HYBRID_NULL (CKD_VENDOR_DEFINED + 0x00000001UL)
+#define CKD_IBM_HYBRID_SHA1_KDF (CKD_VENDOR_DEFINED + 0x00000002UL)
+#define CKD_IBM_HYBRID_SHA224_KDF (CKD_VENDOR_DEFINED + 0x00000003UL)
+#define CKD_IBM_HYBRID_SHA256_KDF (CKD_VENDOR_DEFINED + 0x00000004UL)
+#define CKD_IBM_HYBRID_SHA384_KDF (CKD_VENDOR_DEFINED + 0x00000005UL)
+#define CKD_IBM_HYBRID_SHA512_KDF (CKD_VENDOR_DEFINED + 0x00000006UL)
+#define XCP_MODEL_CEX4P 4
+#define XCP_MODEL_CEX5P 5
+#define XCP_MODEL_CEX6P 6
+#define XCP_MODEL_CEX7P 7
+#define XCP_MODEL_CEX8P 8
+#define XCP_MAX_GRPIDX 1024u
+#define XCPTGTMASK_SET_DOM(mask,domain) \
+                           ((mask)[((domain)/8)] |= (1 << (7-(domain)%8)))
+#define XCPTGTMASK_DOM_IS_SET(mask,domain) \
+                           ((mask)[((domain)/8)] & (1 << (7-(domain)%8)))
+#define XCPTGTMASK_CLR_DOM(mask,domain) \
+                           ((mask)[((domain)/8)] &= ~(1 << (7-(domain)%8)))
+#define XCP_TGTFL_WCAP 0x10000000
+#define XCP_TGTFL_WCAP_SQ 0x20000000
+#define XCP_TGTFL_SET_SCMD 0x40000000
+#define XCP_TGTFL_API_CHKD 0x80000000
+#define XCP_TGTFL_NO_LOCK 0x01000000
+#define XCP_TGTFL_CHK_ATTR 0x02000000
+#define XCP_TGTFL_SET_ACMD 0x04000000
+#define XCP_TGTFL_NO_SPLIT 0x08000000
+#define XCP_MAXCONNECTIONS 64
+#define XCP_MAX_PORT 0xffff
+typedef struct XCP_ModuleSocket {
+ char host[ MAX_FNAME_CHARS +1 ];
+ uint32_t port;
+} *XCP_ModuleSocket_t ;
+typedef struct XCP_DomainPerf {
+ unsigned int lastperf[ 256 ];
+} *XCP_DomainPerf_t;
+#define XCP_MOD_VERSION 2
+typedef struct XCP_Module {
+ uint32_t version;
+ uint64_t flags;
+ uint32_t domains;
+ unsigned char domainmask[ 256 /8 ];
+ struct XCP_ModuleSocket socket;
+ uint32_t module_nr;
+ void *mhandle;
+ struct XCP_DomainPerf perf;
+ uint32_t api;
+} *XCP_Module_t ;
+typedef enum {
+ XCP_MFL_SOCKET = 1,
+ XCP_MFL_MODULE = 2,
+ XCP_MFL_MHANDLE = 4,
+ XCP_MFL_PERF = 8,
+ XCP_MFL_VIRTUAL = 0x10,
+ XCP_MFL_STRICT = 0x20,
+ XCP_MFL_PROBE = 0x40,
+ XCP_MFL_ALW_TGT_ADD = 0x80,
+ XCP_MFL_MAX = 0xff
+} XCP_Module_Flags;
+typedef uint64_t target_t;
+#define XCP_TGT_INIT ~0UL
+#define XCP_TGT_FMT "x%016" PRIx64
+int m_add_module(XCP_Module_t module, target_t *target) ;
+int m_rm_module(XCP_Module_t module, target_t target) ;
+CK_RV m_admin (unsigned char *response1, size_t *r1len,
+               unsigned char *response2, size_t *r2len,
+         const unsigned char *cmd, size_t clen,
+         const unsigned char *sigs, size_t slen,
+                         target_t target) ;
+CK_RV m_Login ( CK_UTF8CHAR_PTR pin, CK_ULONG pinlen,
+            const unsigned char *nonce, size_t nlen,
+                  unsigned char *pinblob, size_t *pinbloblen,
+                       target_t target) ;
+CK_RV m_Logout ( const unsigned char *pin, size_t len, target_t target) ;
+CK_RV m_LoginExtended( CK_UTF8CHAR_PTR pin, CK_ULONG pinlen,
+                   const unsigned char *nonce, size_t nlen,
+                   const unsigned char *xstruct, size_t xslen,
+                         unsigned char *pinblob, size_t *pinbloblen,
+                              target_t target) ;
+CK_RV m_LogoutExtended( CK_UTF8CHAR_PTR pin, CK_ULONG pinlen,
+                    const unsigned char *nonce, size_t nlen,
+                    const unsigned char *xstruct, size_t xslen,
+                               target_t target) ;
+CK_RV m_GenerateRandom (CK_BYTE_PTR rnd, CK_ULONG len, target_t target) ;
+CK_RV m_SeedRandom (CK_BYTE_PTR pSeed, CK_ULONG ulSeedLen,
+                       target_t target) ;
+CK_RV m_DigestInit (unsigned char *state, size_t *len,
+               const CK_MECHANISM_PTR pmech,
+                             target_t target) ;
+CK_RV m_Digest (const unsigned char *state, size_t slen,
+                        CK_BYTE_PTR data, CK_ULONG len,
+                        CK_BYTE_PTR digest, CK_ULONG_PTR dglen,
+                           target_t target) ;
+CK_RV m_DigestUpdate (unsigned char *state, size_t slen,
+                        CK_BYTE_PTR data, CK_ULONG dlen,
+                           target_t target) ;
+CK_RV m_DigestKey (unsigned char *state, size_t slen,
+                const unsigned char *key, size_t klen,
+                           target_t target) ;
+CK_RV m_DigestFinal (const unsigned char *state, size_t slen,
+                              CK_BYTE_PTR digest, CK_ULONG_PTR dlen,
+                                 target_t target) ;
+CK_RV m_DigestSingle (CK_MECHANISM_PTR pmech,
+                           CK_BYTE_PTR data, CK_ULONG len,
+                           CK_BYTE_PTR digest, CK_ULONG_PTR dlen,
+                              target_t target) ;
+CK_RV m_GenerateKey (CK_MECHANISM_PTR pmech,
+                     CK_ATTRIBUTE_PTR ptempl, CK_ULONG templcount,
+                  const unsigned char *pin, size_t pinlen,
+                        unsigned char *key, size_t *klen,
+                        unsigned char *csum, size_t *clen,
+                             target_t target) ;
+CK_RV m_GenerateKeyPair (CK_MECHANISM_PTR pmech,
+                         CK_ATTRIBUTE_PTR ppublic, CK_ULONG pubattrs,
+                         CK_ATTRIBUTE_PTR pprivate, CK_ULONG prvattrs,
+                      const unsigned char *pin, size_t pinlen,
+                            unsigned char *key, size_t *klen,
+                            unsigned char *pubkey, size_t *pklen,
+                                 target_t target) ;
+CK_RV m_WrapKey (const unsigned char *key, size_t keylen,
+                 const unsigned char *kek, size_t keklen,
+                 const unsigned char *mackey, size_t mklen,
+              const CK_MECHANISM_PTR pmech,
+                         CK_BYTE_PTR wrapped, CK_ULONG_PTR wlen,
+                            target_t target) ;
+CK_RV m_UnwrapKey (const CK_BYTE_PTR wrapped, CK_ULONG wlen,
+                   const unsigned char *kek, size_t keklen,
+                   const unsigned char *mackey, size_t mklen,
+                   const unsigned char *pin, size_t pinlen,
+                const CK_MECHANISM_PTR uwmech,
+                const CK_ATTRIBUTE_PTR ptempl, CK_ULONG pcount,
+                         unsigned char *unwrapped, size_t *uwlen,
+                           CK_BYTE_PTR csum, CK_ULONG *cslen,
+                              target_t target) ;
+CK_RV m_DeriveKey ( CK_MECHANISM_PTR pderivemech,
+                    CK_ATTRIBUTE_PTR ptempl, CK_ULONG templcount,
+                 const unsigned char *basekey, size_t bklen,
+                 const unsigned char *data, size_t dlen,
+                 const unsigned char *pin, size_t pinlen,
+                       unsigned char *newkey, size_t *nklen,
+                       unsigned char *csum, size_t *cslen,
+                       target_t target) ;
+CK_RV m_GetAttributeValue (const unsigned char *obj, size_t olen,
+                              CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
+                                      target_t target) ;
+CK_RV m_SetAttributeValue (unsigned char *obj, size_t olen,
+                              CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
+                                      target_t target) ;
+CK_RV m_GetMechanismList (CK_SLOT_ID slot,
+               CK_MECHANISM_TYPE_PTR mechs,
+                        CK_ULONG_PTR count,
+                            target_t target) ;
+CK_RV m_GetMechanismInfo (CK_SLOT_ID slot,
+                   CK_MECHANISM_TYPE mech,
+               CK_MECHANISM_INFO_PTR pmechinfo,
+                            target_t target) ;
+CK_RV m_get_xcp_info (CK_VOID_PTR pinfo, CK_ULONG_PTR infbytes,
+                     unsigned int query,
+                     unsigned int subquery,
+                         target_t target) ;
+CK_RV m_EncryptInit (unsigned char *state, size_t *slen,
+                         CK_MECHANISM_PTR pmech,
+                      const unsigned char *key, size_t klen,
+                                 target_t target) ;
+CK_RV m_DecryptInit (unsigned char *state, size_t *slen,
+                         CK_MECHANISM_PTR pmech,
+                      const unsigned char *key, size_t klen,
+                                 target_t target) ;
+CK_RV m_EncryptUpdate (unsigned char *state, size_t slen,
+                              CK_BYTE_PTR plain, CK_ULONG plen,
+                              CK_BYTE_PTR cipher, CK_ULONG_PTR clen,
+                                 target_t target) ;
+CK_RV m_DecryptUpdate (unsigned char *state, size_t slen,
+                              CK_BYTE_PTR cipher, CK_ULONG clen,
+                              CK_BYTE_PTR plain, CK_ULONG_PTR plen,
+                                 target_t target) ;
+CK_RV m_Encrypt (const unsigned char *state, size_t slen,
+                               CK_BYTE_PTR plain, CK_ULONG plen,
+                               CK_BYTE_PTR cipher, CK_ULONG_PTR clen,
+                                  target_t target) ;
+CK_RV m_Decrypt (const unsigned char *state, size_t slen,
+                               CK_BYTE_PTR cipher, CK_ULONG clen,
+                               CK_BYTE_PTR plain, CK_ULONG_PTR plen,
+                                  target_t target) ;
+CK_RV m_EncryptFinal (const unsigned char *state, size_t slen,
+                               CK_BYTE_PTR output, CK_ULONG_PTR len,
+                                  target_t target) ;
+CK_RV m_DecryptFinal (const unsigned char *state, size_t slen,
+                               CK_BYTE_PTR output, CK_ULONG_PTR len,
+                                  target_t target) ;
+CK_RV m_EncryptSingle (const unsigned char *key, size_t klen,
+                          CK_MECHANISM_PTR mech,
+                               CK_BYTE_PTR plain, CK_ULONG plen,
+                               CK_BYTE_PTR cipher, CK_ULONG_PTR clen,
+                                  target_t target) ;
+CK_RV m_DecryptSingle (const unsigned char *key, size_t klen,
+                          CK_MECHANISM_PTR mech,
+                               CK_BYTE_PTR cipher, CK_ULONG clen,
+                               CK_BYTE_PTR plain, CK_ULONG_PTR plen,
+                                  target_t target) ;
+CK_RV m_SignInit (unsigned char *state, size_t *slen,
+                   CK_MECHANISM_PTR alg,
+                const unsigned char *key, size_t klen,
+                           target_t target) ;
+CK_RV m_VerifyInit (unsigned char *state, size_t *slen,
+                   CK_MECHANISM_PTR alg,
+                const unsigned char *key, size_t klen,
+                           target_t target) ;
+CK_RV m_SignUpdate (unsigned char *state, size_t slen,
+                        CK_BYTE_PTR data, CK_ULONG dlen,
+                           target_t target) ;
+CK_RV m_VerifyUpdate (unsigned char *state, size_t slen,
+                        CK_BYTE_PTR data, CK_ULONG dlen,
+                           target_t target) ;
+CK_RV m_SignFinal (const unsigned char *state, size_t stlen,
+                              CK_BYTE_PTR sig, CK_ULONG_PTR siglen,
+                                 target_t target) ;
+CK_RV m_VerifyFinal (const unsigned char *state, size_t stlen,
+                              CK_BYTE_PTR sig, CK_ULONG siglen,
+                                 target_t target) ;
+CK_RV m_Sign (const unsigned char *state, size_t stlen,
+                        CK_BYTE_PTR data, CK_ULONG dlen,
+                        CK_BYTE_PTR sig, CK_ULONG_PTR siglen,
+                           target_t target) ;
+CK_RV m_Verify (const unsigned char *state, size_t stlen,
+                        CK_BYTE_PTR data, CK_ULONG dlen,
+                        CK_BYTE_PTR sig, CK_ULONG siglen,
+                           target_t target) ;
+CK_RV m_SignSingle (const unsigned char *key, size_t klen,
+                         CK_MECHANISM_PTR pmech,
+                              CK_BYTE_PTR data, CK_ULONG dlen,
+                              CK_BYTE_PTR sig, CK_ULONG_PTR slen,
+                                 target_t target) ;
+CK_RV m_VerifySingle (const unsigned char *key, size_t klen,
+                         CK_MECHANISM_PTR pmech,
+                              CK_BYTE_PTR data, CK_ULONG dlen,
+                              CK_BYTE_PTR sig, CK_ULONG slen,
+                                 target_t target) ;
+#define XCP_CHN_RETURN_RAW 1
+#define XCP_CHN_HIGH_PRIORITY 2
+#define XCP_CHN_MEDIUM_PRIORITY 4
+#define XCP_CHN_NODEV_LOG_SKIP 8
+#define XCP_CHN_PARSE_IRV 0x10
+CK_RV m_wire (unsigned char *rsp, size_t *rsplen, CK_RV *irv,
+        const unsigned char *req, size_t reqlen,
+               unsigned int flags,
+                   target_t target) ;
+#define XCP_W_NO_SEND_CPRB 1
+#define XCP_W_NO_RECV_CPRB 2
+int m_init(void);
+int m_shutdown(void);
+#define XCP_BUILD_ID 0x4801b799
+#define XCP_BUILD_DATE 0x20230120
+#define XCP_BUILD_TIME 0x135721
+#define __XCP_REASONCODES_H__ 1
+typedef enum {
+ XCP_RSC_NO_IMPORTER = 1,
+ XCP_RSC_NO_KEYPARTS = 2,
+ XCP_RSC_IMPR_CMDBLK_BER = 3,
+ XCP_RSC_IMPR_CMDBLK_FIELDS = 4,
+ XCP_RSC_IMPR_CMDBLK_FIELDCOUNT = 5,
+ XCP_RSC_IMPR_EMBEDDED_FN = 6,
+ XCP_RSC_IMPR_DOMAIN_DIFF = 7,
+ XCP_RSC_IMPR_NO_INT_CMDBLK = 8,
+ XCP_RSC_IMPR_NO_INT_SIGNATURE = 9,
+ XCP_RSC_IMPR_BAD_CMDBLK_BER = 10,
+ XCP_RSC_CMD_EMBEDDED_FN = 11,
+ XCP_RSC_CMD_DOMAIN_RANGE = 12,
+ XCP_RSC_DOMAIN_INST_FMT = 13,
+ XCP_RSC_DOMAIN_INST_MISMATCH = 14,
+ XCP_RSC_MODULE_INST_FMT = 15,
+ XCP_RSC_MODULE_INST_MISMATCH = 16,
+ XCP_RSC_MODULE_SERNO_MISMATCH = 17,
+ XCP_RSC_TCTR_FMT = 18,
+ XCP_RSC_TCTR_VALUE = 19,
+ XCP_RSC_DOMAIN_INST_DIFF = 20,
+ XCP_RSC_SIGS_INSUFFICIENT = 21,
+ XCP_RSC_SIGS_REJECTED = 22,
+ XCP_RSC_RCPTINFO_FMT = 23,
+ XCP_RSC_RCPTINFO_ENCRD_SIZE = 24,
+ XCP_RSC_RCPTINFO_ECDH_SRC = 25,
+ XCP_RSC_RCPTINFO_KDF_SHARED = 26,
+ XCP_RSC_RCPTINFO_KDF = 27,
+ XCP_RSC_RCPTINFO_KEY_SIZE = 28,
+ XCP_RSC_RCPTINFO_KEY_MIXMODE = 29,
+ XCP_RSC_RCPTINFO_KEY_VPS_DIFF = 30,
+ XCP_RSC_RCPTINFO_KEY_VPS_MISMATCH = 31,
+ XCP_RSC_SKI_MALFORMED = 32,
+ XCP_RSC_SKI_NOT_FOUND = 33,
+ XCP_RSC_MODE_IMPRINT = 34,
+ XCP_RSC_MODE_NONIMPRINT = 35,
+ XCP_RSC_IMPRINT_EXIT_INVD = 36,
+ XCP_RSC_CP_MODE_SET = 37,
+ XCP_RSC_SKI_FOUND = 38,
+ XCP_RSC_ADMINLIST_FULL = 39,
+ XCP_RSC_CERT_FMT = 40,
+ XCP_RSC_ATTRS_FMT = 41,
+ XCP_RSC_ATTRS_TYPE_INVALID = 42,
+ XCP_RSC_ATTRS_REPEAT = 43,
+ XCP_RSC_CPS_FMT = 44,
+ XCP_RSC_CPS_SET_INCONSISTENT = 45,
+ XCP_RSC_CPS_PREVENT_ADD = 46,
+ XCP_RSC_CPS_PREVENT_DEL = 47,
+ XCP_RSC_WK_MISMATCH = 48,
+ XCP_RSC_WK_MISSING = 49,
+ XCP_RSC_NEXT_WK_MISSING = 50,
+ XCP_RSC_EC_IMPORT_SYMM = 51,
+ XCP_RSC_RANDOM_WK_PROHIBITED = 52,
+ XCP_RSC_WKS_PRESENT = 53,
+ XCP_RSC_IMPR_FIELD_SIZE = 54,
+ XCP_RSC_IMPORTER_INVD_TYPE = 55,
+ XCP_RSC_IMPR_REVOKE_ZERO = 56,
+ XCP_RSC_IMPR_TOOMANY_SIGNERS = 57,
+ XCP_RSC_IMPR_TOOMANY_REVOKERS = 58,
+ XCP_RSC_OAIDX_FIELD_SIZE = 59,
+ XCP_RSC_OAIDX_INVALID = 60,
+ XCP_RSC_FCV_NOT_PRESENT = 61,
+ XCP_RSC_FCV_FMT = 62,
+ XCP_RSC_FCV_DIFFERS = 63,
+ XCP_RSC_COMMITTED_WK_MISSING = 64,
+ XCP_RSC_IMPR_EMBEDDED_FN_FMT = 65,
+ XCP_RSC_LOGOUT_BELOW_THRESHOLD = 66,
+ XCP_RSC_LOGOUT_NO_SINGLE_SIGN = 67,
+ XCP_RSC_LOGOUT_LAST_ADMIN = 68,
+ XCP_RSC_REACTIVATE_RO_ATTRS = 69,
+ XCP_RSC_CHG_PROTECTED_ATTRS = 70,
+ XCP_RSC_CHG_PROTECTED_THRESHOLD = 71,
+ XCP_RSC_CHG_READONLY_ATTRS = 72,
+ XCP_RSC_INACTIVE_CHG_ATTRS = 73,
+ XCP_RSC_CHG_ATTRS_PREVENTED = 74,
+ XCP_RSC_IMPR_MANY_KEYPARTS = 75,
+ XCP_RSC_LOWERING_SIGNERS_TO_ZERO = 76,
+ XCP_RSC_LOWERING_REVOKERS_TO_ZERO = 77,
+ XCP_RSC_CHG_SIGNERS_TO_ONE_NO_1SIGN = 78,
+ XCP_RSC_CHG_REVOKERS_TO_ONE_NO_1SIGN = 79,
+ XCP_RSC_IMPORT_WK_PROHIBITED = 80,
+ XCP_RSC_IMPR_SINGLE_KEYPART = 81,
+ XCP_RSC_IMPR_CSP = 82,
+ XCP_RSC_QUERY_DMASK_VERSION = 83,
+ XCP_RSC_QUERY_DMASK_FMT = 84,
+ XCP_RSC_LEAVE_DOM_IMPR_CARD_STILL = 85,
+ XCP_RSC_BLOB_REENCRYPT_REJECT = 86,
+ XCP_RSC_TOO_MANY_SIGNERINFOS = 87,
+ XCP_RSC_NO_GLOBAL_CONTEXT = 88,
+ XCP_RSC_ATTRS_TOO_MANY = 89,
+ XCP_RSC_CP_SET_INVALID = 90,
+ XCP_RSC_RK_IDLEN_INVALID = 91,
+ XCP_RSC_RK_ID_INVALID = 92,
+ XCP_RSC_FILEID_UNKNOWN = 93,
+ XCP_RSC_FILEID_UNSUPPORTED = 94,
+ XCP_RSC_CPS_REJECTED_FCV = 95,
+ XCP_RSC_EXPR_KEYPART_LIMIT = 96,
+ XCP_RSC_EXPR_KEYPART_ZEROLIMIT = 97,
+ XCP_RSC_EXPR_KEYPART_DIFF_LIMIT = 98,
+ XCP_RSC_EXPR_KEYPART_DIFF_COUNT = 99,
+ XCP_RSC_EXPR_DOMMASK_DIFF = 100,
+ XCP_RSC_EXPR_INDEX_INVALID = 101,
+ XCP_RSC_EXPR_CERT_INVALID = 102,
+ XCP_RSC_IMPR_STATE_STRUCT = 103,
+ XCP_RSC_EXPR_AUTHCERT_INVALID = 104,
+ XCP_RSC_IMPR_KEYPARTS_STRUCT = 105,
+ XCP_RSC_IMPR_STATE_REPEAT = 106,
+ XCP_RSC_IMPR_ENCR_ALG = 107,
+ XCP_RSC_IMPR_FILESIG_INFRASTRUCTURE = 108,
+ XCP_RSC_IMPR_FILESIG = 109,
+ XCP_RSC_EXPR_SINGLE_KEYPART = 110,
+ XCP_RSC_IMPR_KEYPARTS_REASSEMBLY = 111,
+ XCP_RSC_IMPR_KEYPARTS_CONFLICT = 112,
+ XCP_RSC_IMPR_ENCRD_DATA_DIFF = 113,
+ XCP_RSC_IMPR_ENCRD_DATA_STRUCT = 114,
+ XCP_RSC_IMPR_ENCR_PARAMS = 115,
+ XCP_RSC_IMPR_ENCRD_CONSISTENCY = 116,
+ XCP_RSC_BLOB_SETTRUST_REJECT = 117,
+ XCP_RSC_BLOB_SETCLK_FIELD = 118,
+ XCP_RSC_BLOB_SETCLK_TIME = 119,
+ XCP_RSC_EXPR_SCOPE_INVALID = 120,
+ XCP_RSC_IMPR_SCOPE_INVALID = 121,
+ XCP_RSC_IMPR_SCOPE_DOM_RES_VIOLATION = 122,
+ XCP_RSC_IMPR_AMBIGUOUS_DOMAIN_SOURCE = 123,
+ XCP_RSC_IMPR_MDOMAIN_IMPORT_MASK_INVALID = 124,
+ XCP_RSC_IMPR_NO_CARD_IMPORTER = 125,
+ XCP_RSC_IMPR_IMPORT_DOM_DATA_FAILED = 126,
+ XCP_RSC_IMPR_IMPORT_DOM_WKS_FAILED = 127,
+ XCP_RSC_IMPR_IMPORT_TGT_DOM_ZEROIZE_FAILED = 128,
+ XCP_RSC_AUDIT_QUERY_PAYLOAD_SIZE = 129,
+ XCP_RSC_AUDIT_QUERY_INVALID_INDEX = 130,
+ XCP_RSC_EXPORT_WK_PROHIBITED = 131,
+ XCP_RSC_EXPORT_STATE_PROHIBITED = 132,
+ XCP_RSC_IMPORT_STATE_PROHIBITED = 133,
+ XCP_RSC_EXPORT_WK_UNAUTHORIZED = 134,
+ XCP_RSC_OA_SIG_POLICY_VIOLATION = 135,
+ XCP_RSC_OA_SIG_NOT_SUPPORTED = 136,
+ XCP_RSC_ASN_FMT_INVALID = 137,
+ XCP_RSC_CERT_TYPE_INVALID = 138,
+ XCP_RSC_ROLE_ID_INVALID = 139,
+ XCP_RSC_ADM_SIG_POLICY_VIOLATION = 140,
+ XCP_RSC_KEY_STRENGTH_POLICY_VIOLATION = 141,
+ XCP_RSC_ADM_SIG_CHANGE_PROHIBITED = 142,
+ XCP_RSC_KEY_STRENGTH_CHANGE_PROHIBITED = 143,
+ XCP_RSC_MAX = XCP_RSC_KEY_STRENGTH_CHANGE_PROHIBITED
+} XCP_ReasonCode_t ;
+#define __MIN_MOD_FNID 1
+#define __MAX_MOD_FNID 42
+#define __FNID_Login 1
+#define __FNID_Logout 2
+#define __FNID_SeedRandom 3
+#define __FNID_GenerateRandom 4
+#define __FNID_DigestInit 5
+#define __FNID_DigestUpdate 6
+#define __FNID_DigestKey 7
+#define __FNID_DigestFinal 8
+#define __FNID_Digest 9
+#define __FNID_DigestSingle 10
+#define __FNID_EncryptInit 11
+#define __FNID_DecryptInit 12
+#define __FNID_EncryptUpdate 13
+#define __FNID_DecryptUpdate 14
+#define __FNID_EncryptFinal 15
+#define __FNID_DecryptFinal 16
+#define __FNID_Encrypt 17
+#define __FNID_Decrypt 18
+#define __FNID_EncryptSingle 19
+#define __FNID_DecryptSingle 20
+#define __FNID_GenerateKey 21
+#define __FNID_GenerateKeyPair 22
+#define __FNID_SignInit 23
+#define __FNID_SignUpdate 24
+#define __FNID_SignFinal 25
+#define __FNID_Sign 26
+#define __FNID_VerifyInit 27
+#define __FNID_VerifyUpdate 28
+#define __FNID_VerifyFinal 29
+#define __FNID_Verify 30
+#define __FNID_SignSingle 31
+#define __FNID_VerifySingle 32
+#define __FNID_WrapKey 33
+#define __FNID_UnwrapKey 34
+#define __FNID_DeriveKey 35
+#define __FNID_GetMechanismList 36
+#define __FNID_GetMechanismInfo 37
+#define __FNID_get_xcp_info 38
+#define __FNID_GetAttributeValue 39
+#define __FNID_SetAttributeValue 40
+#define __FNID_admin 41
+#define __FNID_ReencryptSingle 42
+#define __FNID_NEXT_AVAILABLE 43
+#define __FNID_MAX __FNID_ReencryptSingle
+#define XCP__FNIDS_BIT0 0x8000000000000000ULL
+#define XCP__FNIDS_DW0 \
+       ( (XCP__FNIDS_BIT0) |\
+         (XCP__FNIDS_BIT0 >> __FNID_Login) |\
+         (XCP__FNIDS_BIT0 >> __FNID_Logout) |\
+         (XCP__FNIDS_BIT0 >> __FNID_SeedRandom) |\
+         (XCP__FNIDS_BIT0 >> __FNID_GenerateRandom) |\
+         (XCP__FNIDS_BIT0 >> __FNID_DigestInit) |\
+         (XCP__FNIDS_BIT0 >> __FNID_DigestUpdate) |\
+                                                   \
+         (XCP__FNIDS_BIT0 >> __FNID_DigestFinal) |\
+         (XCP__FNIDS_BIT0 >> __FNID_Digest) |\
+         (XCP__FNIDS_BIT0 >> __FNID_DigestSingle) |\
+         (XCP__FNIDS_BIT0 >> __FNID_EncryptInit) |\
+         (XCP__FNIDS_BIT0 >> __FNID_DecryptInit) |\
+         (XCP__FNIDS_BIT0 >> __FNID_EncryptUpdate) |\
+         (XCP__FNIDS_BIT0 >> __FNID_DecryptUpdate) |\
+         (XCP__FNIDS_BIT0 >> __FNID_EncryptFinal) |\
+         (XCP__FNIDS_BIT0 >> __FNID_DecryptFinal) |\
+         (XCP__FNIDS_BIT0 >> __FNID_Encrypt) |\
+         (XCP__FNIDS_BIT0 >> __FNID_Decrypt) |\
+         (XCP__FNIDS_BIT0 >> __FNID_EncryptSingle) |\
+         (XCP__FNIDS_BIT0 >> __FNID_DecryptSingle) |\
+         (XCP__FNIDS_BIT0 >> __FNID_GenerateKey) |\
+         (XCP__FNIDS_BIT0 >> __FNID_GenerateKeyPair) |\
+         (XCP__FNIDS_BIT0 >> __FNID_SignInit) |\
+         (XCP__FNIDS_BIT0 >> __FNID_SignUpdate) |\
+         (XCP__FNIDS_BIT0 >> __FNID_SignFinal) |\
+         (XCP__FNIDS_BIT0 >> __FNID_Sign) |\
+         (XCP__FNIDS_BIT0 >> __FNID_VerifyInit) |\
+         (XCP__FNIDS_BIT0 >> __FNID_VerifyUpdate) |\
+         (XCP__FNIDS_BIT0 >> __FNID_VerifyFinal) |\
+         (XCP__FNIDS_BIT0 >> __FNID_Verify) |\
+         (XCP__FNIDS_BIT0 >> __FNID_SignSingle) |\
+         (XCP__FNIDS_BIT0 >> __FNID_VerifySingle) |\
+         (XCP__FNIDS_BIT0 >> __FNID_WrapKey) |\
+         (XCP__FNIDS_BIT0 >> __FNID_UnwrapKey) |\
+         (XCP__FNIDS_BIT0 >> __FNID_DeriveKey) |\
+         (XCP__FNIDS_BIT0 >> __FNID_GetMechanismList) |\
+         (XCP__FNIDS_BIT0 >> __FNID_GetMechanismInfo) |\
+         (XCP__FNIDS_BIT0 >> __FNID_get_xcp_info) |\
+         (XCP__FNIDS_BIT0 >> __FNID_GetAttributeValue) |\
+         (XCP__FNIDS_BIT0 >> __FNID_SetAttributeValue) |\
+         (XCP__FNIDS_BIT0 >> __FNID_admin) |\
+         (XCP__FNIDS_BIT0 >> __FNID_ReencryptSingle))
+#define XCP__FNIDS_DW1 0
+#define __HOST2MOD_DATAPRM 9
+#define __MOD2HOST_DATAPRM 2
+#endif
\ No newline at end of file
diff --git a/hpcs-pkcs11/samples/grep11.h b/hpcs-pkcs11/samples/grep11.h
new file mode 100644
index 000000000..202ce87e9
--- /dev/null
+++ b/hpcs-pkcs11/samples/grep11.h
@@ -0,0 +1,25 @@
+/*
+Copyright IBM Corp. All Rights Reserved.
+SPDX-License-Identifier: Apache-2.0
+*/
+
+#ifndef _GREP11_H_
+#define _GREP11_H_ 1
+
+#if !defined(CKR_VENDOR_DEFINED)
+#error "We need CKR_VENDOR_DEFINED type from <pkcs11.h>, please include before this file."
+#endif
+
+#define CKR_VENDOR_DEFINED_GREP11        CKR_VENDOR_DEFINED + 0x40000
+#define CKR_IBM_GREP11_NOT_AUTHENTICATED CKR_VENDOR_DEFINED_GREP11 + 0x01
+#define CKR_IBM_GREP11_CANNOT_UNMARSHAL  CKR_VENDOR_DEFINED_GREP11 + 0x02
+#define CKR_IBM_GREP11_CANNOT_MARSHAL    CKR_VENDOR_DEFINED_GREP11 + 0x03
+#define CKR_IBM_GREP11_CONFLICT          CKR_VENDOR_DEFINED_GREP11 + 0x04
+#define CKR_IBM_GREP11_DBINTERNAL        CKR_VENDOR_DEFINED_GREP11 + 0x05
+#define CKR_IBM_GREP11_MISSING           CKR_VENDOR_DEFINED_GREP11 + 0x06
+
+#define CKA_VENDOR_DEFINED_GREP11        CKA_VENDOR_DEFINED + 0x40000
+#define CKA_GREP11_TOKEN_LABEL           CKA_VENDOR_DEFINED_GREP11 + 0x01
+#define CKA_GREP11_WKID                  CKA_VENDOR_DEFINED_GREP11 + 0x02
+#define CKA_GREP11_KEYSTORE_PASSWORD     CKA_VENDOR_DEFINED_GREP11 + 0x03
+#endif
diff --git a/hpcs-pkcs11/samples/pkcs11-attrs.c b/hpcs-pkcs11/samples/pkcs11-attrs.c
new file mode 100644
index 000000000..6fc299c75
--- /dev/null
+++ b/hpcs-pkcs11/samples/pkcs11-attrs.c
@@ -0,0 +1,872 @@
+ /****************************************************************
+ * Copyright IBM Corp. All Rights Reserved.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * pkcs11-attrs.c
+ *
+ * A sample application demonstrating how to extract and display key attributes using the PKCS11 library
+ * 
+ * Compile using:
+ * gcc -o pkcs11-attrs pkcs11-attrs.c -ldl
+ * 
+ * Usage:
+ * ./pkcs11-attrs -p <path to pkcs11 library> -s <SO user API key> -u <normal user API key> -l <label> -m [generate|load]
+ * Ensure that the grep11client.yaml PKCS11 configuration file is in the /etc/ep11client directory. You may
+ * need to create the /etc/ep11client directory, if it does not exist.
+ *
+ * Please refer to https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-set-up-pkcs-api
+ * for more information about the setup of the PKCS11 library and its configuration file.
+ * 
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <getopt.h>
+#include <ctype.h>
+#include <memory.h>
+#include <dlfcn.h>
+#include <sys/timeb.h>
+#include "sample.h"
+
+typedef enum {
+    ATTR_INVALID = 0,
+    ATTR_BYTEARRAY = 1,
+    ATTR_INTEGER = 2,
+    ATTR_BOOL = 3,
+}AttrGRPCType;
+
+typedef struct {
+    CK_ATTRIBUTE_TYPE typeId;
+    AttrGRPCType grpcType;
+}AttrIDType;
+
+AttrIDType attrToType[] = {
+        {CKA_CLASS,                      ATTR_INTEGER},   // CK_OBJECT_CLASS,
+        {CKA_TOKEN,                      ATTR_BOOL},      // CK_BBOOL,
+        {CKA_PRIVATE,                    ATTR_BOOL},      // CK_BBOOL,
+        {CKA_LABEL,                      ATTR_BYTEARRAY}, // CK_BYTEARRAY,
+
+        // future
+        // {CKA_VALUE,                      ATTR_BYTEARRAY}, // CK_BYTEARRAY,
+
+        {CKA_TRUSTED,                    ATTR_BOOL},      // CK_BBOOL,
+        {CKA_CHECK_VALUE,                ATTR_BYTEARRAY}, // CK_BYTEARRAY,
+        {CKA_KEY_TYPE,                   ATTR_INTEGER},   // CK_KEY_TYPE,
+        {CKA_SUBJECT,                    ATTR_BYTEARRAY}, // CK_BYTEARRAY,
+        {CKA_ID,                         ATTR_BYTEARRAY}, // CK_BYTEARRAY,
+
+        {CKA_ENCRYPT,                    ATTR_BOOL},      // CK_BBOOL,
+        {CKA_DECRYPT,                    ATTR_BOOL},      // CK_BBOOL,
+        {CKA_WRAP,                       ATTR_BOOL},      // CK_BBOOL,
+        {CKA_UNWRAP,                     ATTR_BOOL},      // CK_BBOOL,
+        {CKA_SIGN,                       ATTR_BOOL},      // CK_BBOOL,
+        {CKA_VERIFY,                     ATTR_BOOL},      // CK_BBOOL,
+        {CKA_DERIVE,                     ATTR_BOOL},      // CK_BBOOL,
+        {CKA_MODULUS,                    ATTR_BYTEARRAY}, // CK_BIGINTEGER,
+        {CKA_MODULUS_BITS,               ATTR_INTEGER},   // CK_ULONG,
+        {CKA_PUBLIC_EXPONENT,            ATTR_BYTEARRAY}, // CK_BIGINTEGER,
+
+        // future
+        // {CKA_PRIME,                      ATTR_BYTEARRAY}, // CK_BIGINTEGER,
+        // {CKA_SUBPRIME,                   ATTR_BYTEARRAY}, // CK_BIGINTEGER,
+        // {CKA_BASE,                       ATTR_BYTEARRAY}, // CK_BIGINTEGER,
+        // {CKA_PRIME_BITS,                 ATTR_INTEGER},   // CK_ULONG,
+
+        {CKA_VALUE_LEN,                  ATTR_INTEGER},   // CK_ULONG,
+        {CKA_EXTRACTABLE,                ATTR_BOOL},      // CK_BBOOL,
+        {CKA_LOCAL,                      ATTR_BOOL},      // CK_BBOOL,
+        {CKA_NEVER_EXTRACTABLE,          ATTR_BOOL},      // CK_BBOOL,
+        {CKA_MODIFIABLE,                 ATTR_BOOL},      // CK_BBOOL,
+        {CKA_EC_PARAMS,                  ATTR_BYTEARRAY}, // CK_BYTEARRAY,
+        {CKA_EC_POINT,                   ATTR_BYTEARRAY}, // CK_BYTEARRAY,
+        {CKA_WRAP_WITH_TRUSTED,          ATTR_BOOL},      // CK_BBOOL,
+
+        // Vendor extension
+        {CKA_GREP11_WKID,                ATTR_BYTEARRAY},
+};
+
+typedef struct {
+    CK_ATTRIBUTE_TYPE typeId;
+    char* str;
+}AttrIDString;
+
+AttrIDString attrToString[] = {
+        {CKA_CLASS,                          "CKA_CLASS"},
+        {CKA_TOKEN,                          "CKA_TOKEN"},
+        {CKA_PRIVATE,                        "CKA_PRIVATE"},
+        {CKA_LABEL,                          "CKA_LABEL"},
+        // {CKA_VALUE,                          "CKA_VALUE"},
+        {CKA_TRUSTED,                        "CKA_TRUSTED"},
+        {CKA_CHECK_VALUE,                    "CKA_CHECK_VALUE"},
+        {CKA_KEY_TYPE,                       "CKA_KEY_TYPE"},
+        {CKA_SUBJECT,                        "CKA_SUBJECT"},
+        {CKA_ID,                             "CKA_ID"},
+        {CKA_ENCRYPT,                        "CKA_ENCRYPT"},
+        {CKA_DECRYPT,                        "CKA_DECRYPT"},
+        {CKA_WRAP,                           "CKA_WRAP"},
+        {CKA_UNWRAP,                         "CKA_UNWRAP"},
+        {CKA_SIGN,                           "CKA_SIGN"},
+        {CKA_VERIFY,                         "CKA_VERIFY"},
+        {CKA_DERIVE,                         "CKA_DERIVE"},
+        {CKA_MODULUS,                        "CKA_MODULUS"},
+        {CKA_MODULUS_BITS,                   "CKA_MODULUS_BITS"},
+        {CKA_PUBLIC_EXPONENT,                "CKA_PUBLIC_EXPONENT"},
+        // {CKA_PRIME,                          "CKA_PRIME"},
+        // {CKA_SUBPRIME,                       "CKA_SUBPRIME"},
+        // {CKA_BASE,                           "CKA_BASE"},
+        // {CKA_PRIME_BITS,                     "CKA_PRIME_BITS"},
+        {CKA_VALUE_LEN,                      "CKA_VALUE_LEN"},
+        {CKA_EXTRACTABLE,                    "CKA_EXTRACTABLE"},
+        {CKA_LOCAL,                          "CKA_LOCAL"},
+        {CKA_NEVER_EXTRACTABLE,              "CKA_NEVER_EXTRACTABLE"},
+        {CKA_MODIFIABLE,                     "CKA_MODIFIABLE"},
+        {CKA_EC_PARAMS,                      "CKA_EC_PARAMS"},
+        {CKA_EC_POINT,                       "CKA_EC_POINT"},
+        {CKA_WRAP_WITH_TRUSTED,              "CKA_WRAP_WITH_TRUSTED"},
+        {CKA_GREP11_WKID,                    "CKA_GREP11_WKID"},
+};
+
+CK_ATTRIBUTE_TYPE commonAttrType[] = {
+        CKA_CLASS,
+        CKA_TOKEN,
+        CKA_PRIVATE,
+        CKA_MODIFIABLE,
+        CKA_LABEL,
+        CKA_KEY_TYPE,
+        CKA_ID,
+        CKA_DERIVE,
+};
+const int commonAttrAmt = (sizeof(commonAttrType)) / sizeof(CK_ATTRIBUTE_TYPE);
+
+CK_ATTRIBUTE_TYPE secretKeyAttrType[] = {
+        CKA_ENCRYPT,
+        CKA_DECRYPT,
+        CKA_WRAP,
+        CKA_UNWRAP,
+        CKA_EXTRACTABLE,
+        CKA_NEVER_EXTRACTABLE,
+        CKA_CHECK_VALUE,
+        CKA_WRAP_WITH_TRUSTED,
+        CKA_TRUSTED,
+        CKA_VALUE_LEN,
+        CKA_LOCAL,
+        CKA_GREP11_WKID,
+};
+const int secretKeyAttrAmt = (sizeof(secretKeyAttrType)) / sizeof(CK_ATTRIBUTE_TYPE);
+
+CK_ATTRIBUTE_TYPE publicKeyAttrType[] = {
+        CKA_SUBJECT,
+        CKA_ENCRYPT,
+        CKA_VERIFY,
+        CKA_WRAP,
+        CKA_TRUSTED,
+        CKA_MODULUS_BITS,
+        CKA_MODULUS,
+        CKA_PUBLIC_EXPONENT,
+        CKA_EC_PARAMS,
+        CKA_EC_POINT,
+};
+const int publicKeyAttrAmt = (sizeof(publicKeyAttrType)) / sizeof(CK_ATTRIBUTE_TYPE);
+
+CK_ATTRIBUTE_TYPE privateKeyAttrType[] = {
+        CKA_SUBJECT,
+        CKA_DECRYPT,
+        CKA_SIGN,
+        CKA_UNWRAP,
+        CKA_EXTRACTABLE,
+        CKA_NEVER_EXTRACTABLE,
+        CKA_WRAP_WITH_TRUSTED,
+        CKA_MODULUS,  // future
+        CKA_PUBLIC_EXPONENT, // future
+        CKA_EC_PARAMS, // future
+        CKA_LOCAL,
+        CKA_GREP11_WKID,
+};
+const int privateKeyAttrAmt = (sizeof(privateKeyAttrType)) / sizeof(CK_ATTRIBUTE_TYPE);
+
+const char * getKeyTypeStr(CK_KEY_TYPE keyType) {
+    switch (keyType) {
+    case CKK_AES:
+        return "AES";
+    case CKK_RSA:
+        return "RSA";
+    case CKK_EC:
+        return "EC";
+    case CKK_DES3:
+        return "DES3";
+    case CKK_DES2:
+        return "DES2";
+    default:
+        return "Unknown key type";
+    }
+}
+
+const char * getObjectClassStr(CK_OBJECT_CLASS objClass) {
+    switch (objClass) {
+    case CKO_PUBLIC_KEY:
+        return "Public key";
+    case CKO_PRIVATE_KEY:
+        return "Private key";
+    case CKO_SECRET_KEY:
+        return "Secret key (Symmetric key)";
+    default:
+        return "Unknow object type";
+    }
+}
+
+AttrGRPCType getAttrType(CK_ATTRIBUTE_TYPE typeId) {
+    for (int i = 0; i < sizeof(attrToType)/sizeof(AttrIDType); i++) {
+        if (typeId == attrToType[i].typeId) {
+            return attrToType[i].grpcType;
+        }
+    }
+    return ATTR_INVALID;
+}
+
+const char * getAttrString(CK_ATTRIBUTE_TYPE typeId) {
+    for (int i = 0; i < sizeof(attrToString)/sizeof(AttrIDString); i++) {
+        if (typeId == attrToString[i].typeId) {
+            return attrToString[i].str;
+        }
+    }
+    return NULL;
+}
+
+// getDecimalFromBytes returns long number for hex. Returning value is undefined if it exceeds 64 bits.
+unsigned long getDecimalFromBytes(const unsigned char *src, int len) {
+    unsigned long ret = 0;
+
+    for (int i = 0; i < len; i++) {
+        ret <<= 8;
+        ret += (int)src[i];
+    }
+    return ret;
+}
+
+const static int printWidth = 25;
+
+void PrintByteBuf(CK_ATTRIBUTE_TYPE attrType, const char * header, const unsigned char * data, unsigned long len) {
+#define CH_PER_LINE (16)
+    char strBuf[128];
+    unsigned long i;
+    //output format: 4 spaces + CH_PER_LINE * 3 HEX data divided by single colon
+    char line[4 + CH_PER_LINE * 3 + 1];
+    static char itohex[CH_PER_LINE] = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
+
+    switch (attrType) {
+    case CKA_PUBLIC_EXPONENT:
+        fprintf(stdout, "%-*s: %ld\n", printWidth, header, getDecimalFromBytes(data, len));
+        return;
+    case CKA_EC_PARAMS:
+    case CKA_LABEL:
+        memcpy(strBuf, data, len);
+        strBuf[len] = 0;
+        fprintf(stdout, "%-*s: %s\n", printWidth, header, strBuf);
+        return;
+    default:
+        fprintf(stdout, "%-*s[%lu]\n", printWidth, header, len);
+    }
+
+    line[sizeof(line) - 1] = 0;
+    for (i = 0; i < len; i++) {
+        //4 print spaces for address
+        if (i % CH_PER_LINE == 0) {
+            if (i > 0) {
+                //last line is done
+                fprintf(stdout, "%s\n", line);
+            }
+            memset(line, ' ', sizeof(line) - 1);
+        }
+        //each byte is translated into 'ab ' form, 3 print spaces
+        line[4 + (i % CH_PER_LINE) * 3] = itohex[data[i] >> 4];
+        line[4 + (i % CH_PER_LINE) * 3 + 1] = itohex[data[i] & 0xf];
+        line[4 + (i % CH_PER_LINE) * 3 + 2] = ':';
+    }
+    if (i % CH_PER_LINE != 15) {
+        //shorter line
+        fprintf(stdout, "%s\n", line);
+    }
+    fprintf(stdout, "\n");
+}
+
+void freeTemplate(CK_ATTRIBUTE_PTR pAttrs, CK_ULONG amt) {
+    for (int i = 0; i < amt; i++) {
+        if (pAttrs[i].pValue != NULL) {
+            free(pAttrs[i].pValue);
+        }
+    }
+    free((void *)pAttrs);
+    return;
+}
+
+// The returned memory pointer must be freed by freeTemplate()
+CK_ATTRIBUTE_PTR allocTemplate(CK_OBJECT_CLASS objClass, CK_ULONG* amt) {
+    CK_ATTRIBUTE_PTR pAttrs;
+
+    int i, extraAttrAmt, totalAttrAmt = commonAttrAmt;
+
+    switch (objClass) {
+    case CKO_SECRET_KEY:
+        extraAttrAmt = secretKeyAttrAmt;
+        break;
+    case CKO_PUBLIC_KEY:
+        extraAttrAmt = publicKeyAttrAmt;
+        break;
+    case CKO_PRIVATE_KEY:
+        extraAttrAmt = privateKeyAttrAmt;
+        break;
+    default:
+        return NULL;
+    }
+
+    totalAttrAmt += extraAttrAmt;
+    CK_ATTRIBUTE_TYPE allAttrIdList[totalAttrAmt];
+
+    for (i = 0; i < commonAttrAmt; i++) {
+        allAttrIdList[i] = commonAttrType[i];
+    }
+
+    switch (objClass) {
+    case CKO_SECRET_KEY:
+        for (i = commonAttrAmt; i < commonAttrAmt + extraAttrAmt; i++) {
+            allAttrIdList[i] = secretKeyAttrType[i - commonAttrAmt];
+        }
+        break;
+    case CKO_PUBLIC_KEY:
+        for (i = commonAttrAmt; i < commonAttrAmt + extraAttrAmt; i++) {
+            allAttrIdList[i] = publicKeyAttrType[i - commonAttrAmt];
+        }
+        break;
+    case CKO_PRIVATE_KEY:
+        for (i = commonAttrAmt; i < commonAttrAmt + extraAttrAmt; i++) {
+            allAttrIdList[i] = privateKeyAttrType[i - commonAttrAmt];
+        }
+        break;
+    default:
+        return NULL;
+    }
+    size_t bufferSize = totalAttrAmt * sizeof(CK_ATTRIBUTE);
+    pAttrs = (CK_ATTRIBUTE_PTR)malloc(bufferSize);
+    if (pAttrs == NULL) {
+        return NULL;
+    }
+    memset((void *)pAttrs, 0, bufferSize);
+
+    for (i = 0; i < totalAttrAmt; i++) {
+        AttrGRPCType t = getAttrType(allAttrIdList[i]);
+        size_t memSize = 0;
+        pAttrs[i].type = allAttrIdList[i];
+        switch (t) {
+        case ATTR_BOOL:
+            memSize = 1;
+            break;
+        case ATTR_INTEGER:
+            memSize = 8;
+            break;
+        case ATTR_BYTEARRAY:
+            memSize = 1024; // enough for any byte attribute
+            break;
+        default:
+            printf("Unexpected GRPC type for %lx\n", allAttrIdList[i]);
+            exit(1);
+        }
+        pAttrs[i].pValue = malloc(memSize);
+        if ( pAttrs[i].pValue == NULL) {
+            printf("not enough memory!\n");
+            exit(1);
+        }
+        pAttrs[i].ulValueLen = (CK_ULONG)memSize;
+    }
+    *amt = (CK_ULONG)totalAttrAmt;
+    return pAttrs;
+}
+
+CK_FUNCTION_LIST  *funcs;
+CK_BYTE           tokenNameBuf[32];
+const char        tokenName[] = "testToken";
+
+void PrintAttrs(CK_ATTRIBUTE* pAttrs, int amount) {
+    CK_ATTRIBUTE* pAttr = pAttrs;
+    AttrGRPCType t;
+    const char *str;
+    unsigned char *pCh;
+    unsigned long ulongVale;
+    for (int i = 0; i < amount; i++) {
+        t = getAttrType(pAttr[i].type);
+        if (t == ATTR_INVALID) {
+            printf("Unrecognized attribute type %lx\n", pAttr[i].type);
+            continue;
+        }
+        str = getAttrString(pAttr[i].type);
+        if (str == NULL) {
+            printf("Unrecognized attribute type %lx\n", pAttr[i].type);
+            continue;
+        }
+        if (pAttr[i].ulValueLen == CK_UNAVAILABLE_INFORMATION) {
+            //printf("%-*s: %s\n", printWidth, str, "Unavailable");
+            continue;
+        }
+        if (t == ATTR_BYTEARRAY && pAttr[i].ulValueLen == 0) {
+            printf("%-*s: %s\n", printWidth, str, "Empty");
+            continue;
+        }
+
+        switch (t) {
+        case ATTR_BOOL:
+            pCh = (unsigned char *)pAttr[i].pValue;
+            printf("%-*s: %s\n", printWidth, str, pCh[0] == 0? "FALSE":"TRUE");
+            break;
+        case ATTR_INTEGER:
+            if (pAttr[i].ulValueLen != sizeof(ulongVale)) {
+                printf("Integer attribute is not 8 bytes: %ld\n", pAttr[i].ulValueLen);
+                continue;
+            }
+            ulongVale = *((unsigned long *)pAttr[i].pValue);
+            switch (pAttr[i].type) {
+            case CKA_KEY_TYPE:
+                printf("%-*s: %s\n", printWidth, str, getKeyTypeStr(ulongVale));
+                break;
+            case CKA_CLASS:
+                printf("%-*s: %s\n", printWidth, str, getObjectClassStr(ulongVale));
+                break;
+            default:
+                printf("%-*s: %08lx\n", printWidth, str, ulongVale);
+            }
+
+            break;
+        case ATTR_BYTEARRAY:
+            PrintByteBuf(pAttr[i].type, str, (const unsigned char *)pAttr[i].pValue, pAttr[i].ulValueLen);
+            break;
+        default:
+            break;
+        }
+    }
+    printf("\n");
+}
+
+void PrintKeyAttrs(CK_SESSION_HANDLE session, CK_OBJECT_CLASS objClass, CK_OBJECT_HANDLE hKey) {
+    CK_ULONG amt = 0;
+    CK_ATTRIBUTE_PTR pTemplate = NULL;
+    CK_RV rc;
+
+    pTemplate = allocTemplate(objClass, &amt);
+    if (pTemplate == NULL) {
+        printf("error allocTemplate\n");
+        funcs->C_Finalize( NULL );
+        return;
+    }
+
+    funcs->C_GetAttributeValue(session, hKey, pTemplate, amt);
+
+    PrintAttrs(pTemplate, amt);
+    freeTemplate(pTemplate, amt);
+    return;
+}
+
+CK_UTF8CHAR         soPin[256] = {0};
+CK_UTF8CHAR         userPin[256] = {0};
+char                pkcs11LibName[1024] = {0};
+char                inputKeyLabel[1024] = {0}; // There are default labels for 3 different types of keys
+int                 mode = 1; // 1: generate keys (default), 2: load keys with the same label
+char                strUsage[] = "./pkcs11-attrs -p <path to pkcs11 library> -s <SO user API key> -u <normal user API key> -l <label> -m [generate|load]";
+
+void getArgs(int argc, char **argv) {
+    int c, n;
+
+    static struct option long_options[] = {
+        {"librarypath",    required_argument, NULL, 'p'},
+        {"SOpin",     required_argument, NULL, 's'},
+        {"userpin",   required_argument, NULL, 'u'},
+        {"label",   optional_argument, NULL, 'l'},
+        {"mode",    optional_argument, NULL, 'm'}, // "generate" or "load"
+        {0, 0, 0, 0}
+    };
+
+    while (1)
+    {
+      c = getopt_long (argc, argv, "p:s:u:l:m:", long_options, NULL);
+
+      /* Detect the end of the options. */
+      if (c == -1)
+        break;
+
+      switch (c)
+        {
+        case 'p':
+          n = snprintf(pkcs11LibName, sizeof(pkcs11LibName), "%s", optarg);
+          if (n < strlen(optarg)) {
+              printf("Path to library is too long\n");
+              exit(1);
+          }
+          break;
+
+        case 's':
+            n = snprintf((char *)soPin, sizeof(soPin), "%s", optarg);
+            if (n < strlen(optarg)) {
+                printf("SO PIN is too long\n");
+                exit(1);
+            }
+          break;
+
+        case 'u':
+            n = snprintf((char *)userPin, sizeof(userPin), "%s", optarg);
+            if (n < strlen(optarg)) {
+                printf("Normal user PIN is too long\n");
+                exit(1);
+            }
+          break;
+
+        case 'l':
+            n = snprintf((char *)inputKeyLabel, sizeof(inputKeyLabel), "%s", optarg);
+            if (n < strlen(optarg)) {
+                printf("Key label is too long\n");
+                exit(1);
+            }
+            break;
+
+        case 'm':
+            if (strncmp(optarg, "generate", strlen("generate")) == 0) {
+                mode = 1;
+            } else if (strncmp(optarg, "load", strlen("load")) == 0) {
+                mode = 2;
+            } else {
+                printf("Invalid mode %s\n", optarg);
+                exit(1);
+            }
+            break;
+        default:
+          printf("%s\n", strUsage);
+          exit(1);
+        }
+    }
+
+    if (strlen((char *)soPin) == 0 && mode == 1) {
+        printf("PIN for the SO user must be provided when generating keys\n");
+        exit(1);
+    }
+    if (strlen((char *)userPin) == 0 || strlen(pkcs11LibName) == 0) {
+        printf("%s\n", strUsage);
+        exit(1);
+    }
+}
+
+// find_key returns 0 if no key is found or more than one object is found
+CK_OBJECT_HANDLE find_key(CK_SESSION_HANDLE session, CK_ATTRIBUTE *pTmpl, CK_ULONG tmplAmt) {
+    CK_RV                   rc;
+    CK_OBJECT_HANDLE        handles[64];
+    CK_ULONG                amtHandle = 0;
+
+    rc = funcs->C_FindObjectsInit(session, pTmpl, tmplAmt);
+    if (rc != CKR_OK) {
+       printf("error C_FindObjectsInit: rc=0x%04lx\n", rc );
+       return !CKR_OK;
+    }
+
+    rc = funcs->C_FindObjects( session, handles, sizeof(handles)/ sizeof(CK_OBJECT_HANDLE), &amtHandle);
+    if (rc != CKR_OK) {
+       printf("error C_FindObjects: rc=0x%04lx\n", rc );
+       return !CKR_OK;
+    }
+    funcs->C_FindObjectsFinal(session);
+
+    if (amtHandle != 1) {
+        printf("Zero or more than 1 object found: %ld\n", amtHandle);
+        return 0;
+    }
+    return handles[0];
+}
+
+int main( int argc, char **argv )
+{
+   CK_C_INITIALIZE_ARGS  initArgs;
+   CK_RV                   rc;
+   CK_FLAGS                flags = 0;
+   CK_SESSION_HANDLE       session;
+   CK_MECHANISM            mech;
+   CK_OBJECT_HANDLE        publicKey, privateKey, aesKey;
+   static CK_BBOOL         isTrue = TRUE;
+   static CK_BBOOL         isFalse = FALSE;
+
+   CK_RV                   (*pFunc)();
+   void                    *pkcs11Lib;
+ 
+   getArgs(argc, argv);
+
+   printf("Opening the PKCS11 library...\n");
+   pkcs11Lib = dlopen(pkcs11LibName, RTLD_NOW);
+   if ( pkcs11Lib == NULL ) {
+      printf("%s not found. Ensure that the PKCS11 library is in the system library path or LD_LIBRARY_PATH\n", pkcs11LibName);
+      return !CKR_OK;
+   }
+ 
+   printf("Getting the PKCS11 function list...\n");
+   pFunc = (CK_RV (*)())dlsym(pkcs11Lib, "C_GetFunctionList");
+   if (pFunc == NULL ) {
+      printf("C_GetFunctionList() not found in module %s\n", pkcs11LibName);
+      return !CKR_OK;
+   }
+   rc = pFunc(&funcs);
+   if (rc != CKR_OK) {
+      printf("error C_GetFunctionList: rc=0x%04lx\n", rc );
+      return !CKR_OK;
+   }
+ 
+   printf("Initializing the PKCS11 environment...\n");
+   memset( &initArgs, 0x0, sizeof(initArgs) );
+   rc = funcs->C_Initialize( &initArgs );
+   if (rc != CKR_OK) {
+      printf("error C_Initialize: rc=0x%04lx\n", rc );
+      return !CKR_OK;
+   }
+
+   if (mode == 1) {
+       printf("Initializing the token... \n");
+       memset(tokenNameBuf, ' ', sizeof(tokenNameBuf)); /* Token name is left justified, padded with blanks */
+       memcpy(tokenNameBuf, tokenName, strlen(tokenName));
+
+       /* C_InitToken cleans up private and public keystores. This only needs to be done once.
+        * Subsequent C_InitToken calls will delete any existing keys within the keystores
+        */
+       rc = funcs->C_InitToken(0, soPin, strlen((const char *) soPin), tokenNameBuf);
+       if (rc != CKR_OK) {
+          printf("error C_InitToken: rc=0x%04lx\n", rc );
+          funcs->C_Finalize( NULL );
+          return !CKR_OK;
+       }
+   }
+ 
+   flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
+   printf("Opening a session... \n");
+   rc = funcs->C_OpenSession( 0, flags, (CK_VOID_PTR) NULL, NULL, &session );
+   if (rc != CKR_OK) {
+      printf("error C_OpenSession: rc=0x%04lx\n", rc );
+      funcs->C_Finalize( NULL );
+      return !CKR_OK;
+   }
+ 
+   printf("Logging in as normal user... \n");
+   rc = funcs->C_Login( session, CKU_USER, userPin, strlen((const char *) userPin));
+   if (rc != CKR_OK) {
+      printf("error C_Login: rc=0x%04lx\n", rc );
+      funcs->C_Finalize( NULL );
+      return !CKR_OK;
+   }
+
+   char aesLabel[1024] = "AES key label";
+   char rsaPubLabel[1024] = "RSA public key label";
+   char rsaPrivLabel[1024] = "RSA private key label";
+   char ecPubLabel[1024] = "ECDSA public key label";
+   char ecPrivLabel[1024] = "ECDSA private key label";
+
+   if (strlen(inputKeyLabel) > 0) {
+       strcpy(aesLabel, inputKeyLabel);
+       strcpy(rsaPubLabel, inputKeyLabel);
+       strcpy(rsaPrivLabel, inputKeyLabel);
+       strcpy(ecPubLabel, inputKeyLabel);
+       strcpy(ecPrivLabel, inputKeyLabel);
+   }
+
+   // Load AES and RSA/EC public and private keys from PKCS#11 the key store
+   if (mode == 2) {
+        CK_OBJECT_HANDLE hKey;
+        CK_OBJECT_CLASS objClass = CKO_SECRET_KEY;
+        CK_KEY_TYPE keyType = CKK_AES;
+        char *pLabel = aesLabel;
+
+       CK_ATTRIBUTE find_tmpl[] = {
+        {CKA_LABEL,        pLabel,    strlen(pLabel) },
+        {CKA_CLASS,        &objClass,    sizeof(objClass) },
+        {CKA_KEY_TYPE,     &keyType,    sizeof(keyType) },
+       };
+
+       printf("Loading AES key... \n");
+       hKey = find_key(session, find_tmpl, 3);
+       if (hKey != 0) {
+           printf("AES key attributes\n");
+           PrintKeyAttrs(session, CKO_SECRET_KEY, hKey);
+       } else {
+           printf("Unexpected number of AES keys found\n");
+       }
+
+       // RSA public key
+       pLabel = rsaPubLabel;
+       objClass = CKO_PUBLIC_KEY;
+       keyType = CKK_RSA;
+       printf("Loading RSA key pair... \n");
+       hKey = find_key(session, find_tmpl, 3);
+       if (hKey != 0) {
+           printf("RSA public key attributes\n");
+           PrintKeyAttrs(session, CKO_PUBLIC_KEY, hKey);
+       } else {
+           printf("Unexpected number of RSA public keys found\n");
+       }
+       // RSA private key
+       pLabel = rsaPrivLabel;
+       objClass = CKO_PRIVATE_KEY;
+       hKey = find_key(session, find_tmpl, 3);
+       if (hKey != 0) {
+           printf("RSA private key attributes\n");
+           PrintKeyAttrs(session, CKO_PRIVATE_KEY, hKey);
+       } else {
+           printf("Unexpected number of RSA private keys found\n");
+       }
+
+       // EC public key
+       pLabel = ecPubLabel;
+       objClass = CKO_PUBLIC_KEY;
+       keyType = CKK_EC;
+       printf("Loading EC key pair... \n");
+       hKey = find_key(session, find_tmpl, 3);
+       if (hKey != 0) {
+           printf("EC public key attributes\n");
+           PrintKeyAttrs(session, CKO_PUBLIC_KEY, hKey);
+       } else {
+           printf("Unexpected number of EC public keys found\n");
+       }
+       // EC private key
+       pLabel = ecPrivLabel;
+       objClass = CKO_PRIVATE_KEY;
+       hKey = find_key(session, find_tmpl, 3);
+       if (hKey != 0) {
+           printf("EC private key attributes\n");
+           PrintKeyAttrs(session, CKO_PRIVATE_KEY, hKey);
+       } else {
+           printf("Unexpected number of EC private keys found\n");
+       }
+
+       goto finished;
+   }
+
+   printf("Generating AES key... \n");
+   CK_ULONG aesKeyLen = 32;
+
+   CK_ATTRIBUTE aes_tmpl[] = {
+    {CKA_LABEL,        aesLabel,    strlen(aesLabel) },
+    {CKA_TOKEN,        &isTrue,     sizeof(isTrue) },
+    {CKA_VALUE_LEN,    &aesKeyLen,  sizeof(aesKeyLen) },
+    {CKA_ENCRYPT,      &isTrue,     sizeof(isTrue) },
+    {CKA_DECRYPT,      &isTrue,     sizeof(isTrue) },
+    {CKA_EXTRACTABLE,  &isFalse,    sizeof(isFalse)},
+   };
+   mech.mechanism      = CKM_AES_KEY_GEN;
+   mech.ulParameterLen = 0;
+   mech.pParameter     = NULL;
+
+   rc = funcs->C_GenerateKey( session, &mech, aes_tmpl, sizeof(aes_tmpl)/sizeof(CK_ATTRIBUTE), &aesKey);
+   if (rc != CKR_OK) {
+      printf("error C_GenerateKey: rc=0x%04lx\n", rc );
+      funcs->C_Finalize( NULL );
+      return !CKR_OK;
+   }
+
+   printf("AES key attributes\n");
+   PrintKeyAttrs(session, CKO_SECRET_KEY, aesKey);
+
+   // Print ECDSA key attributes
+   printf("Generating ECDSA key pair... \n");
+   /* Attributes for the public key to be generated */
+   CK_BYTE curve_name[] = "P-256";
+
+   CK_ATTRIBUTE pub_tmpl[] = {
+      {CKA_LABEL,        ecPubLabel,    strlen(ecPubLabel) },
+      {CKA_TOKEN,        &isTrue, sizeof(isTrue) },
+      {CKA_EC_PARAMS,    &curve_name,   strlen( (const char *) curve_name) },
+      {CKA_VERIFY,       &isTrue,  sizeof(isTrue) },
+   };
+
+   /* Attributes for the private key to be generated */
+   CK_ATTRIBUTE priv_tmpl[] =
+   {
+      {CKA_LABEL,    ecPrivLabel,    strlen(ecPrivLabel) },
+      {CKA_TOKEN,    &isTrue, sizeof(isTrue) },
+      {CKA_SIGN,     &isTrue, sizeof(isTrue) },
+      {CKA_EXTRACTABLE,  &isFalse,    sizeof(isFalse)},
+   };
+   mech.mechanism      = CKM_EC_KEY_PAIR_GEN;
+   mech.ulParameterLen = 0;
+   mech.pParameter     = NULL;
+
+   rc = funcs->C_GenerateKeyPair( session,   &mech,
+                                  pub_tmpl,   sizeof(pub_tmpl)/sizeof(CK_ATTRIBUTE),
+                                  priv_tmpl,  sizeof(priv_tmpl)/sizeof(CK_ATTRIBUTE),
+                                  &publicKey, &privateKey );
+   if (rc != CKR_OK) {
+      printf("error C_GenerateKeyPair: rc=0x%04lx\n", rc );
+      funcs->C_Finalize( NULL );
+      return !CKR_OK;
+   }
+
+   printf("ECDSA public key attributes\n");
+   PrintKeyAttrs(session, CKO_PUBLIC_KEY, publicKey);
+
+   printf("ECDSA private key attributes\n");
+   PrintKeyAttrs(session, CKO_PRIVATE_KEY, privateKey);
+
+   // Print RSA key attributes
+   unsigned long rsaBits = 2048;
+   unsigned char pubExponent[] = {0x2, 0x0, 0x1};
+   CK_ATTRIBUTE rsa_pub_tmpl[] = {
+      {CKA_LABEL,           rsaPubLabel,    strlen(rsaPubLabel) },
+      {CKA_MODULUS_BITS,    &rsaBits, sizeof(rsaBits)},
+      {CKA_PUBLIC_EXPONENT, pubExponent, sizeof(pubExponent)},
+      {CKA_TOKEN,           &isTrue, sizeof(isTrue) },
+      {CKA_VERIFY,          &isTrue,  sizeof(isTrue) },
+   };
+
+   /* Attributes for the private key to be generated */
+   CK_ATTRIBUTE rsa_priv_tmpl[] =
+   {
+      {CKA_LABEL,    rsaPrivLabel,    strlen(rsaPrivLabel) },
+      {CKA_TOKEN,    &isTrue, sizeof(isTrue) },
+      {CKA_SIGN,     &isTrue, sizeof(isTrue) },
+      {CKA_EXTRACTABLE,  &isFalse,    sizeof(isFalse)},
+   };
+   mech.mechanism      = CKM_RSA_PKCS_KEY_PAIR_GEN;
+   mech.ulParameterLen = 0;
+   mech.pParameter     = NULL;
+
+   rc = funcs->C_GenerateKeyPair( session,   &mech,
+                                  rsa_pub_tmpl,   sizeof(rsa_pub_tmpl)/sizeof(CK_ATTRIBUTE),
+                                  rsa_priv_tmpl,  sizeof(rsa_priv_tmpl)/sizeof(CK_ATTRIBUTE),
+                                  &publicKey, &privateKey );
+   if (rc != CKR_OK) {
+      printf("error C_GenerateKeyPair: rc=0x%04lx\n", rc );
+      funcs->C_Finalize( NULL );
+      return !CKR_OK;
+   }
+
+   printf("RSA public key attributes\n");
+   PrintKeyAttrs(session, CKO_PUBLIC_KEY, publicKey);
+
+   printf("RSA private key attributes\n");
+   PrintKeyAttrs(session, CKO_PRIVATE_KEY, privateKey);
+
+finished:
+
+   printf("Logging out... \n");
+   rc = funcs->C_Logout(session);
+   if (rc != CKR_OK) {
+      printf("error C_Logout: rc=0x%04lx\n", rc );
+      funcs->C_Finalize( NULL );
+      return !CKR_OK;
+   }
+
+   printf("Closing the session... \n");
+   rc = funcs->C_CloseSession( session );
+   if (rc != CKR_OK) {
+      printf("error C_CloseSession: rc=0x%04lx\n", rc );
+      return !CKR_OK;
+   }
+
+   printf("Finalizing... \n");
+   rc = funcs->C_Finalize( NULL );
+   if (rc != CKR_OK) {
+      printf("error C_Finalize: rc=0x%04lx\n", rc );
+      return !CKR_OK;
+   }
+   printf("Sample completed successfully!\n");
+   return 0;
+}
diff --git a/hpcs-pkcs11/samples/pkcs11-btc.c b/hpcs-pkcs11/samples/pkcs11-btc.c
new file mode 100644
index 000000000..6d9c8c998
--- /dev/null
+++ b/hpcs-pkcs11/samples/pkcs11-btc.c
@@ -0,0 +1,391 @@
+/****************************************************************
+ * Copyright IBM Corp. All Rights Reserved.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * pkcs11-btc.c
+ *
+ * A sample application to interact with the HPCS PKCS11 library
+ *
+ * Compile using:
+ * gcc -o pkcs11-btc pkcs11-btc.c -ldl
+ *
+ * Updates to be made within this source file:
+ * Replace the text <so-user-api-key> with the SO user's PIN.
+ * Replace the text <normal-user-api-key> with the normal user's PIN.
+ * Replace the text <pkcs11-library> with name of your pkcs11 library.
+ *
+ * Ensure that your pkcs11 library is in your library path (LD_LIBRARY_PATH)
+ * and the grep11client.yaml PKCS11 configuration file is in the /etc/ep11client directory. You may
+ * need to create the /etc/ep11client directory, if it does not exist.
+ *
+ * NOTE: This sample code is expecting a default library name of pkcs11-grep11.so (See the pkcs11LibName variable).
+ *       Feel free to change the name to match your pkcs11 library name.
+ *
+ * Please refer to https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-set-up-pkcs-api
+ * for more information about the setup of the PKCS11 library and its configuration file.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <memory.h>
+#include <dlfcn.h>
+#include <sys/timeb.h>
+#include "sample.h"
+
+CK_FUNCTION_LIST  *funcs;
+CK_BYTE           tokenNameBuf[32];
+const char        tokenName[] = "testToken";
+
+int main( int argc, char **argv )
+{
+    CK_C_INITIALIZE_ARGS  initArgs;
+    CK_RV                   rc;
+    CK_FLAGS                flags = 0;
+    CK_SESSION_HANDLE       session;
+    CK_MECHANISM            mech;
+    CK_OBJECT_HANDLE        publicKey, privateKey, childPublicKey, childPrivateKey, genericKey, masterKey;
+    static CK_BBOOL         isTrue = TRUE;
+
+    CK_RV                   (*pFunc)();
+    void                    *pkcs11Lib;
+    CK_UTF8CHAR_PTR         soPin = (unsigned char *) "<so-user-api-key>";
+    CK_UTF8CHAR_PTR         userPin = (unsigned char *) "<normal-user-api-key>";
+    char                    pkcs11LibName[] = "pkcs11-grep11.so";
+
+    printf("Opening the PKCS11 library...\n");
+    pkcs11Lib = dlopen(pkcs11LibName, RTLD_NOW);
+    if ( pkcs11Lib == NULL ) {
+        printf("%s not found. Ensure that the PKCS11 library is in the system library path or LD_LIBRARY_PATH\n", pkcs11LibName);
+        return !CKR_OK;
+    }
+
+    printf("Getting the PKCS11 function list...\n");
+    pFunc = (CK_RV (*)())dlsym(pkcs11Lib, "C_GetFunctionList");
+    if (pFunc == NULL ) {
+        printf("C_GetFunctionList() not found in module %s\n", pkcs11LibName);
+        return !CKR_OK;
+    }
+    rc = pFunc(&funcs);
+    if (rc != CKR_OK) {
+        printf("error C_GetFunctionList: rc=0x%04lx\n", rc );
+        return !CKR_OK;
+    }
+
+    printf("Initializing the PKCS11 environment...\n");
+    memset( &initArgs, 0x0, sizeof(initArgs) );
+    rc = funcs->C_Initialize( &initArgs );
+    if (rc != CKR_OK) {
+        printf("error C_Initialize: rc=0x%04lx\n", rc );
+        return !CKR_OK;
+    }
+
+    printf("Initializing the token... \n");
+    memset(tokenNameBuf, ' ', sizeof(tokenNameBuf)); /* Token name is left justified, padded with blanks */
+    memcpy(tokenNameBuf, tokenName, strlen(tokenName));
+
+    /* C_InitToken cleans up private and public keystore thus only needs to be done once.
+     * Subsequent C_InitToken calls will delete any existing keys within the keystores
+     */
+    rc= funcs->C_InitToken(0, soPin, strlen((const char *) soPin), tokenNameBuf);
+    if (rc != CKR_OK) {
+        printf("error C_InitToken: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
+    printf("Opening a session... \n");
+    rc = funcs->C_OpenSession( 0, flags, (CK_VOID_PTR) NULL, NULL, &session );
+    if (rc != CKR_OK) {
+        printf("error C_OpenSession: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    printf("Logging in as normal user... \n");
+    rc = funcs->C_Login( session, CKU_USER, userPin, strlen((const char *) userPin));
+    if (rc != CKR_OK) {
+        printf("error C_Login: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    CK_ULONG genericKeyLen = 32;
+    CK_OBJECT_CLASS objClass = CKO_SECRET_KEY;
+    CK_KEY_TYPE keyType = CKK_GENERIC_SECRET;
+    CK_ATTRIBUTE genericTmpl[] = {
+        {CKA_CLASS,           &objClass,        sizeof(objClass) },
+        {CKA_KEY_TYPE,        &keyType,        sizeof(keyType) },
+        {CKA_VALUE_LEN,       &genericKeyLen,  sizeof(genericKeyLen) },
+        {CKA_DERIVE,          &isTrue,         sizeof(isTrue) },
+        {CKA_IBM_USE_AS_DATA, &isTrue,         sizeof(isTrue) },
+    };
+
+    mech.mechanism      = CKM_GENERIC_SECRET_KEY_GEN;
+    mech.ulParameterLen = 0;
+    mech.pParameter     = NULL;
+    rc = funcs->C_GenerateKey( session, &mech, genericTmpl, sizeof(genericTmpl)/sizeof(CK_ATTRIBUTE), &genericKey);
+    if (rc != CKR_OK) {
+        printf("error C_GenerateKey: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    printf("Generating Master key... \n");
+    objClass = CKO_PRIVATE_KEY;
+    keyType = CKK_EC;
+    CK_BYTE curve_name[] = {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x0a};
+    CK_ULONG valueLen = 0;
+    CK_ATTRIBUTE masterTmpl[] = {
+        {CKA_CLASS,            &objClass,        sizeof(objClass) },
+        {CKA_KEY_TYPE,         &keyType,         sizeof(keyType) },
+        {CKA_DERIVE,           &isTrue,          sizeof(isTrue) },
+        {CKA_EC_PARAMS,        &curve_name,      sizeof(curve_name) },
+        {CKA_IBM_USE_AS_DATA,  &isTrue,          sizeof(isTrue) },
+        {CKA_VALUE_LEN,        &valueLen,        sizeof(valueLen) },
+    };
+
+    CK_BYTE chainCode[32] = {};
+    memset(chainCode, 0, 32);
+    CK_IBM_BTC_DERIVE_PARAMS btcDeriveParams = {
+        .type           = (CK_ULONG)CK_IBM_BIP0032_MASTERK,
+        .childKeyIndex  = 0,
+        .pChainCode     = chainCode,
+        .ulChainCodeLen = 0,
+        .version        = XCP_BTC_VERSION,
+    };
+
+    mech.mechanism      = CKM_IBM_BTC_DERIVE;
+    mech.pParameter     = (CK_VOID_PTR)&btcDeriveParams;
+    mech.ulParameterLen = sizeof(CK_IBM_BTC_DERIVE_PARAMS);
+    rc = funcs->C_DeriveKey(session, &mech, genericKey, masterTmpl, sizeof(masterTmpl)/sizeof(CK_ATTRIBUTE), &masterKey);
+    if (rc != CKR_OK) {
+        printf("error C_DeriveKey: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    objClass = CKO_PRIVATE_KEY;
+    keyType = CKK_EC;
+    valueLen = 0;
+    CK_ATTRIBUTE privDeriveTmpl[] = {
+        {CKA_CLASS,            &objClass,        sizeof(objClass) },
+        {CKA_KEY_TYPE,         &keyType,         sizeof(keyType) },
+        {CKA_DERIVE,           &isTrue,          sizeof(isTrue) },
+        {CKA_EC_PARAMS,        &curve_name,      sizeof(curve_name) },
+        {CKA_IBM_USE_AS_DATA,  &isTrue,          sizeof(isTrue) },
+        {CKA_VALUE_LEN,        &valueLen,        sizeof(valueLen) },
+        {CKA_SIGN,             &isTrue,          sizeof(isTrue) },
+    };
+
+    btcDeriveParams.type           = (CK_ULONG)CK_IBM_BIP0032_PRV2PRV;
+    btcDeriveParams.childKeyIndex  = 0;
+    btcDeriveParams.pChainCode     = chainCode;
+    btcDeriveParams.ulChainCodeLen = 32;
+    btcDeriveParams.version        = XCP_BTC_VERSION;
+
+    mech.mechanism      = CKM_IBM_BTC_DERIVE;
+    mech.pParameter     = (CK_VOID_PTR)&btcDeriveParams;
+    mech.ulParameterLen = sizeof(CK_IBM_BTC_DERIVE_PARAMS);
+    rc = funcs->C_DeriveKey(session, &mech, masterKey, privDeriveTmpl, sizeof(privDeriveTmpl)/sizeof(CK_ATTRIBUTE), &privateKey);
+    if (rc != CKR_OK) {
+        printf("error C_DeriveKey: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    objClass = CKO_PUBLIC_KEY;
+    keyType = CKK_EC;
+    valueLen = 0;
+    CK_ATTRIBUTE pubDeriveTmpl[] = {
+        {CKA_CLASS,            &objClass,        sizeof(objClass) },
+        {CKA_KEY_TYPE,         &keyType,         sizeof(keyType) },
+        {CKA_DERIVE,           &isTrue,          sizeof(isTrue) },
+        {CKA_EC_PARAMS,        &curve_name,      sizeof(curve_name) },
+        {CKA_IBM_USE_AS_DATA,  &isTrue,          sizeof(isTrue) },
+        {CKA_VALUE_LEN,        &valueLen,        sizeof(valueLen) },
+        {CKA_VERIFY,           &isTrue,          sizeof(isTrue) },
+    };
+
+    btcDeriveParams.type           = (CK_ULONG)CK_IBM_BIP0032_PRV2PUB;
+    btcDeriveParams.childKeyIndex  = 0;
+    btcDeriveParams.pChainCode     = chainCode;
+    btcDeriveParams.ulChainCodeLen = 32;
+    btcDeriveParams.version        = XCP_BTC_VERSION;
+
+    mech.mechanism      = CKM_IBM_BTC_DERIVE;
+    mech.pParameter     = (CK_VOID_PTR)&btcDeriveParams;
+    mech.ulParameterLen = sizeof(CK_IBM_BTC_DERIVE_PARAMS);
+    rc = funcs->C_DeriveKey(session, &mech, masterKey, pubDeriveTmpl, sizeof(pubDeriveTmpl)/sizeof(CK_ATTRIBUTE), &publicKey);
+    if (rc != CKR_OK) {
+        printf("error C_DeriveKey: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    printf("Signing with ECDSA private key... \n");
+    CK_BYTE dataToBeSigned[] = "This is data to be signed";
+    CK_ULONG dataToBeSignedLen = sizeof(dataToBeSigned) - 1;
+    CK_BYTE signature[64]; // minimum 64 bytes in P-256 case
+    CK_ULONG signatureLen = sizeof(signature);
+
+    mech.mechanism      = CKM_ECDSA;
+    mech.ulParameterLen = 0;
+    mech.pParameter     = NULL;
+    rc = funcs->C_SignInit(session, &mech, privateKey);
+    if (rc != CKR_OK) {
+        printf("error C_SignInit: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    rc = funcs->C_Sign(session, dataToBeSigned, dataToBeSignedLen, signature, &signatureLen);
+    if (rc != CKR_OK) {
+        printf("error C_Sign: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    printf("Verifying with ECDSA public key... \n");
+    rc = funcs->C_VerifyInit(session, &mech, publicKey);
+    if (rc != CKR_OK) {
+        printf("error C_VerifyInit: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    rc = funcs->C_Verify(session, dataToBeSigned, dataToBeSignedLen, signature, signatureLen);
+    if (rc != CKR_OK) {
+        printf("error C_Verify: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    unsigned char checkValue[32];
+    CK_ATTRIBUTE attrs_tmpl[] = {
+        {CKA_CHECK_VALUE, checkValue,  sizeof(checkValue) },
+    };
+    funcs->C_GetAttributeValue(session, privateKey, attrs_tmpl, sizeof(attrs_tmpl)/sizeof(CK_ATTRIBUTE));
+    if (rc != CKR_OK) {
+        printf("error C_GetAttributeValue: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    objClass = CKO_PRIVATE_KEY;
+    keyType = CKK_EC;
+    valueLen = 0;
+    CK_ATTRIBUTE childPrivDeriveTmpl[] = {
+        {CKA_CLASS,            &objClass,        sizeof(objClass) },
+        {CKA_KEY_TYPE,         &keyType,         sizeof(keyType) },
+        {CKA_DERIVE,           &isTrue,          sizeof(isTrue) },
+        {CKA_EC_PARAMS,        &curve_name,      sizeof(curve_name) },
+        {CKA_IBM_USE_AS_DATA,  &isTrue,          sizeof(isTrue) },
+        {CKA_VALUE_LEN,        &valueLen,        sizeof(valueLen) },
+        {CKA_SIGN,             &isTrue,          sizeof(isTrue) },
+    };
+
+    btcDeriveParams.type           = (CK_ULONG)CK_IBM_BIP0032_PRV2PRV;
+    btcDeriveParams.childKeyIndex  = 0;
+    btcDeriveParams.pChainCode     = checkValue;
+    btcDeriveParams.ulChainCodeLen = 32;
+    btcDeriveParams.version        = XCP_BTC_VERSION;
+
+    mech.mechanism      = CKM_IBM_BTC_DERIVE;
+    mech.pParameter     = (CK_VOID_PTR)&btcDeriveParams;
+    mech.ulParameterLen = sizeof(CK_IBM_BTC_DERIVE_PARAMS);
+    rc = funcs->C_DeriveKey(session, &mech, privateKey, childPrivDeriveTmpl, sizeof(childPrivDeriveTmpl)/sizeof(CK_ATTRIBUTE), &childPrivateKey);
+    if (rc != CKR_OK) {
+        printf("error C_DeriveKey: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    objClass = CKO_PUBLIC_KEY;
+    keyType = CKK_EC;
+    valueLen = 0;
+    CK_ATTRIBUTE childPubDeriveTmpl[] = {
+        {CKA_CLASS,            &objClass,        sizeof(objClass) },
+        {CKA_KEY_TYPE,         &keyType,         sizeof(keyType) },
+        {CKA_DERIVE,           &isTrue,          sizeof(isTrue) },
+        {CKA_EC_PARAMS,        &curve_name,      sizeof(curve_name) },
+        {CKA_IBM_USE_AS_DATA,  &isTrue,          sizeof(isTrue) },
+        {CKA_VALUE_LEN,        &valueLen,        sizeof(valueLen) },
+        {CKA_VERIFY,           &isTrue,          sizeof(isTrue) },
+    };
+
+    btcDeriveParams.type           = (CK_ULONG)CK_IBM_BIP0032_PRV2PUB;
+    btcDeriveParams.childKeyIndex  = 0;
+    btcDeriveParams.pChainCode     = checkValue;
+    btcDeriveParams.ulChainCodeLen = 32;
+    btcDeriveParams.version        = XCP_BTC_VERSION;
+
+    mech.mechanism      = CKM_IBM_BTC_DERIVE;
+    mech.pParameter     = (CK_VOID_PTR)&btcDeriveParams;
+    mech.ulParameterLen = sizeof(CK_IBM_BTC_DERIVE_PARAMS);
+    rc = funcs->C_DeriveKey(session, &mech, privateKey, childPubDeriveTmpl, sizeof(childPubDeriveTmpl)/sizeof(CK_ATTRIBUTE), &childPublicKey);
+    if (rc != CKR_OK) {
+        printf("error C_DeriveKey: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    mech.mechanism      = CKM_ECDSA;
+    mech.ulParameterLen = 0;
+    mech.pParameter     = NULL;
+    rc = funcs->C_SignInit(session, &mech, childPrivateKey);
+    if (rc != CKR_OK) {
+        printf("error C_SignInit: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    rc = funcs->C_Sign(session, dataToBeSigned, dataToBeSignedLen, signature, &signatureLen);
+    if (rc != CKR_OK) {
+        printf("error C_Sign: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    printf("Verifying with ECDSA public key... \n");
+    rc = funcs->C_VerifyInit(session, &mech, childPublicKey);
+    if (rc != CKR_OK) {
+        printf("error C_VerifyInit: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    rc = funcs->C_Verify(session, dataToBeSigned, dataToBeSignedLen, signature, signatureLen);
+    if (rc != CKR_OK) {
+        printf("error C_Verify: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    printf("Logging out... \n");
+    rc = funcs->C_Logout(session);
+    if (rc != CKR_OK) {
+        printf("error C_Logout: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    printf("Closing the session... \n");
+    rc = funcs->C_CloseSession( session );
+    if (rc != CKR_OK) {
+        printf("error C_CloseSession: rc=0x%04lx\n", rc );
+        return !CKR_OK;
+    }
+
+    printf("Finalizing... \n");
+    rc = funcs->C_Finalize( NULL );
+    if (rc != CKR_OK) {
+        printf("error C_Finalize: rc=0x%04lx\n", rc );
+        return !CKR_OK;
+    }
+    printf("Sample completed successfully!\n");
+    return 0;
+}
diff --git a/hpcs-pkcs11/samples/pkcs11-checksum.c b/hpcs-pkcs11/samples/pkcs11-checksum.c
new file mode 100644
index 000000000..0263b39e1
--- /dev/null
+++ b/hpcs-pkcs11/samples/pkcs11-checksum.c
@@ -0,0 +1,497 @@
+ /****************************************************************
+ * Copyright IBM Corp. All Rights Reserved.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * pkcs11-checksum.c
+ *
+ * A sample application demonstrating how to verify the checksum of key using the PKCS11 library
+ * 
+ * Compile using:
+ * gcc -o pkcs11-checksum pkcs11-checksum.c -ldl
+ * 
+ * Usage:
+ * /pkcs11-checksum -p <path to pkcs11 library> -s <SO user API key> -u <normal user API key> -m [generate|verify]
+ * Ensure that the grep11client.yaml PKCS11 configuration file is in the /etc/ep11client directory. You may
+ * need to create the /etc/ep11client directory, if it does not exist.
+ *
+ * Steps to verify keys:
+ * Step 1 /pkcs11-checksum -p <path to pkcs11 library> -s <SO user API key> -u <normal user API key> -m generate
+ *        Step 1 generates AES/DES3/DES2 keys and stores their respective checksums into three files (e.g. "AES_key").
+ * Step 2 /pkcs11-checksum -p <path to pkcs11 library> -s <SO user API key> -u <normal user API key> -m verify
+ *        Step 2 loads the generated keys and re-calculates their respective checksums and compares them against the checksums stored in files.
+ *        For example, this step loads the checksum from the "AES_key" file as checksum A. Then it retrieves the AES key from the keystore
+ *        and calculates checksum B. Finally, it compares checksum A and checksum B. If they match, the key store has NOT been tampered with.
+ *
+ * Please refer to https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-set-up-pkcs-api
+ * for more information about the setup of the PKCS11 library and its configuration file.
+ * 
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <getopt.h>
+#include <ctype.h>
+#include <memory.h>
+#include <dlfcn.h>
+#include <sys/timeb.h>
+#include "sample.h"
+
+const char * getKeyTypeStr(CK_KEY_TYPE keyType) {
+    switch (keyType) {
+    case CKK_AES:
+        return "AES";
+    case CKK_RSA:
+        return "RSA";
+    case CKK_EC:
+        return "EC";
+    case CKK_DES3:
+        return "DES3";
+    case CKK_DES2:
+        return "DES2";
+    default:
+        return "Unknown key type";
+    }
+}
+
+CK_FUNCTION_LIST  *funcs;
+CK_BYTE           tokenNameBuf[32];
+const char        tokenName[] = "testToken";
+
+CK_UTF8CHAR         soPin[256] = {0};
+CK_UTF8CHAR         userPin[256] = {0};
+char                pkcs11LibName[1024] = {0};
+char                fileName[1024] = {0};
+int                 opMode = 0;
+
+void getArgs(int argc, char **argv) {
+    int c, n;
+
+    static struct option long_options[] = {
+        {"librarypath",    required_argument, NULL, 'p'},
+        {"SOpin",     required_argument, NULL, 's'},
+        {"userpin",   required_argument, NULL, 'u'},
+        {"mode", required_argument, NULL, 'm'},
+        {0, 0, 0, 0}
+    };
+
+    while (1)
+    {
+      c = getopt_long (argc, argv, "p:s:u:m:", long_options, NULL);
+
+      /* Detect the end of the options. */
+      if (c == -1)
+        break;
+
+      switch (c)
+        {
+        case 'p':
+          n = snprintf(pkcs11LibName, sizeof(pkcs11LibName), "%s", optarg);
+          if (n < strlen(optarg)) {
+              printf("Path to library is too long\n");
+              exit(1);
+          }
+          break;
+
+        case 's':
+            n = snprintf((char *)soPin, sizeof(soPin), "%s", optarg);
+            if (n < strlen(optarg)) {
+                printf("SO pin is too long\n");
+                exit(1);
+            }
+          break;
+
+        case 'u':
+            n = snprintf((char *)userPin, sizeof(userPin), "%s", optarg);
+            if (n < strlen(optarg)) {
+                printf("Normal user pin is too long\n");
+                exit(1);
+            }
+          break;
+
+        case 'm':
+            if (strncmp(optarg, "generate", strlen(optarg)) == 0) {
+                opMode = 1;
+            } else if (strncmp(optarg, "verify", strlen(optarg)) == 0) {
+                opMode = 2;
+            } else {
+                printf("Usage: ./pkcs11-checksum -p <path to pkcs11 library> -s <SO user API key> -u <normal user API key> "\
+                        "-m [generate|verify]\n");
+                exit(1);
+            }
+
+            break;
+
+        default:
+          printf("Usage: ./pkcs11-checksum -p <path to pkcs11 library> -s <SO user API key> -u <normal user API key> "\
+                  "-m [generate|verify]\n");
+          exit(1);
+        }
+    }
+
+    if (strlen((char *)soPin) == 0 || strlen((char *)userPin) == 0 || strlen(pkcs11LibName) == 0) {
+        printf("Usage: ./pkcs11-attrs -p <path to pkcs11 library> -s <SO user API key> -u <normal user API key>\n");
+        exit(1);
+    }
+}
+
+const char aesLabel[] = "AES_key";
+const char des3Label[] = "DES3_key";
+const char des2Label[] = "DES2_key";
+const char genericLable[] = "Generic_key";
+
+//
+int verifyChecksumFromFile(CK_SESSION_HANDLE session, CK_KEY_TYPE keyType) {
+    CK_MECHANISM     mech;
+    const char * pLabel;
+    CK_ULONG plainSize = 0, cipherSize = 0;
+    unsigned char plain[32]; // big enough to hold AES, DES3, DES2 and generic 00 block
+    unsigned char cipher[32]; // big enough to hold AES, DES3, DES2 and generic encryption output
+    unsigned char checksumFromFile[3];
+    unsigned char checksum[3];
+    CK_RV rc;
+    int iret = -1;
+
+    memset(plain, 0, sizeof(plain));
+    CK_ATTRIBUTE attrs_tmpl[] = {
+       {CKA_CHECK_VALUE, checksum,  sizeof(checksum) },
+    };
+
+    switch (keyType) {
+    case CKK_AES:
+        mech.mechanism = CKM_AES_ECB;
+        pLabel = aesLabel;
+        plainSize = 16;
+        cipherSize = 16;
+        break;
+    case CKK_DES3:
+        mech.mechanism = CKM_DES3_ECB;
+        pLabel = des3Label;
+        plainSize = 8;
+        cipherSize = 8;
+        break;
+    case CKK_DES2:
+        mech.mechanism = CKM_DES3_ECB; // CKM_DES3_ECB supports DES2
+        pLabel = des2Label;
+        plainSize = 8;
+        cipherSize = 8;
+        break;
+    default:
+        break;
+    }
+    mech.ulParameterLen = 0;
+    mech.pParameter     = NULL;
+    printf("Verifying %s key\n", getKeyTypeStr(keyType));
+
+    // Read checksum from file
+    int hfile = -1;
+    size_t ret = 0;
+    hfile = open(pLabel, O_RDONLY);
+    if (hfile < 0) {
+        printf("error opening file %s to read\n", pLabel);
+        goto exit_func;
+    }
+    ret = read(hfile, checksumFromFile, sizeof(checksumFromFile));
+    if (ret != sizeof(checksumFromFile)) {
+        printf("error reading file %s [%ld] \n", pLabel, ret);
+        close(hfile);
+        goto exit_func;
+    }
+    printf("Checksum [%02x:%02x:%02x] is loaded from file %s\n", checksumFromFile[0], checksumFromFile[1], checksumFromFile[2], pLabel);
+    close(hfile);
+
+    // Find the key
+    CK_OBJECT_HANDLE handles[1];
+    CK_OBJECT_HANDLE  hKey;
+    CK_ATTRIBUTE find_tmpl[] = {
+     {CKA_LABEL,  (CK_VOID_PTR)pLabel,    strlen(pLabel) },
+    };
+
+    rc = funcs->C_FindObjectsInit( session, find_tmpl, sizeof(find_tmpl)/sizeof(CK_ATTRIBUTE));
+    if (rc != CKR_OK) {
+       printf("error C_FindObjectsInit: rc=0x%04lx\n", rc);
+       goto exit_func;
+    }
+    CK_ULONG actualHandles = 0;
+    rc = funcs->C_FindObjects(session, handles, sizeof(handles)/sizeof(CK_OBJECT_HANDLE), &actualHandles);
+    if (rc != CKR_OK) {
+       printf("error C_FindObjects: rc=0x%04lx\n", rc );
+       goto exit_func;
+    }
+    if (actualHandles != 1) {
+        printf("error C_FindObjects: unexpected number of objects returned: %ld\n", actualHandles );
+        goto exit_func;
+    }
+    hKey = handles[0];
+    rc = funcs->C_FindObjectsFinal(session);
+    if (rc != CKR_OK) {
+       printf("error C_FindObjectsFinal: rc=0x%04lx\n", rc );
+       goto exit_func;
+    }
+
+    // Calculate checksum with key
+    rc = funcs->C_EncryptInit(session, &mech, hKey);
+    if (rc != CKR_OK) {
+        printf("error C_EncryptInit: rc=0x%04lx\n", rc );
+        goto exit_func;
+    }
+    rc = funcs->C_Encrypt(session, plain, plainSize, cipher, &cipherSize);
+    if (rc != CKR_OK) {
+        printf("error C_Encrypt: rc=0x%04lx\n", rc );
+        goto exit_func;
+    }
+    if (plainSize != cipherSize) {
+        printf("Cipher data length [%ld] does not match plain data length [%ld]\n", cipherSize, plainSize);
+        goto exit_func;
+    }
+    printf("Calculated checksum is [%02x:%02x:%02x]\n", cipher[0], cipher[1], cipher[2]);
+
+    // Compare checksum
+    if (memcmp(checksumFromFile, cipher, sizeof(checksumFromFile)) == 0) {
+        printf("Checksum matches\n");
+    } else {
+        printf("Checksum does not match\n");
+        goto exit_func;
+    }
+
+    iret = 1;
+
+exit_func:
+    return iret;
+}
+
+// This function returns 1, if successful. Save the key checksum into a file (e.g., AES_key)
+int generateKeyChecksum(CK_SESSION_HANDLE session, CK_KEY_TYPE keyType) {
+    static CK_BBOOL  isTrue = TRUE;
+    CK_MECHANISM     mech;
+    CK_ATTRIBUTE_PTR pGenKeyTmpl;
+    int attrAmt = 0;
+    const char * pLabel;
+    CK_OBJECT_HANDLE  hKey;
+    CK_RV rc;
+    int iret = -1;
+
+    unsigned char checksum[3];
+    CK_ATTRIBUTE attrs_tmpl[] = {
+            {CKA_CHECK_VALUE, checksum,  sizeof(checksum) },
+    };
+
+    // For AES
+    CK_ULONG aesKeyLen = 16;
+    CK_ATTRIBUTE aes_tmpl[] = {
+     {CKA_LABEL,        (CK_VOID_PTR)aesLabel,    strlen(aesLabel) },
+     {CKA_TOKEN,        &isTrue,     sizeof(isTrue) },
+     {CKA_VALUE_LEN,    &aesKeyLen,  sizeof(aesKeyLen) },
+     {CKA_ENCRYPT,      &isTrue,     sizeof(isTrue) },
+     {CKA_DECRYPT,      &isTrue,     sizeof(isTrue) },
+    };
+
+    // For DES3 TBD
+    CK_ATTRIBUTE des3_tmpl[] = {
+     {CKA_LABEL,        (CK_VOID_PTR)des3Label,    strlen(des3Label) },
+     {CKA_TOKEN,        &isTrue,     sizeof(isTrue) },
+     {CKA_ENCRYPT,      &isTrue,     sizeof(isTrue) },
+     {CKA_DECRYPT,      &isTrue,     sizeof(isTrue) },
+    };
+    // For DES2 TBD
+    CK_ATTRIBUTE des2_tmpl[] = {
+     {CKA_LABEL,        (CK_VOID_PTR)des2Label,    strlen(des2Label) },
+     {CKA_TOKEN,        &isTrue,     sizeof(isTrue) },
+     {CKA_ENCRYPT,      &isTrue,     sizeof(isTrue) },
+     {CKA_DECRYPT,      &isTrue,     sizeof(isTrue) },
+    };
+    // For generic key
+
+    switch (keyType) {
+    case CKK_AES:
+        pLabel = aesLabel;
+        pGenKeyTmpl = aes_tmpl;
+        attrAmt = sizeof(aes_tmpl) / sizeof(CK_ATTRIBUTE);
+        mech.mechanism      = CKM_AES_KEY_GEN;
+        break;
+    case CKK_DES3:
+        pLabel = des3Label;
+        pGenKeyTmpl = des3_tmpl;
+        attrAmt = sizeof(des3_tmpl) / sizeof(CK_ATTRIBUTE);
+        mech.mechanism      = CKM_DES3_KEY_GEN;
+        break;
+    case CKK_DES2:
+        pLabel = des2Label;
+        pGenKeyTmpl = des2_tmpl;
+        attrAmt = sizeof(des2_tmpl) / sizeof(CK_ATTRIBUTE);
+        mech.mechanism      = CKM_DES2_KEY_GEN;
+        break;
+    default:
+        break;
+    }
+
+    mech.ulParameterLen = 0;
+    mech.pParameter     = NULL;
+    printf("Generating %s key...\n", getKeyTypeStr(keyType));
+    rc = funcs->C_GenerateKey( session, &mech, pGenKeyTmpl, attrAmt, &hKey);
+    if (rc != CKR_OK) {
+        goto exit_func;
+    }
+
+    funcs->C_GetAttributeValue(session, hKey, attrs_tmpl, sizeof(attrs_tmpl)/sizeof(CK_ATTRIBUTE));
+    if (attrs_tmpl[0].ulValueLen == CK_UNAVAILABLE_INFORMATION)  {
+        printf("CKA_CHECK_VALUE is not available\n");
+    } else if (attrs_tmpl[0].ulValueLen != 3) {
+        printf("CKA_CHECK_VALUE is not %d bytes [%ld]\n", 3, attrs_tmpl[0].ulValueLen);
+    }
+
+    int hfile = -1, ret = -1;
+    hfile = open(pLabel, O_WRONLY|O_CREAT, 0666);
+    if (hfile < 0) {
+        printf("error opening file %s to write\n", pLabel);
+        goto exit_func;
+    }
+    ret = write(hfile, checksum, sizeof(checksum));
+    if (ret < 0) {
+        printf("error writing file %s\n", pLabel);
+        goto exit_func;
+    }
+    printf("checksum is saved into file %s\n", pLabel);
+    close(hfile);
+    iret = 1;
+
+exit_func:
+    return iret;
+}
+
+int main( int argc, char **argv )
+{
+   CK_C_INITIALIZE_ARGS  initArgs;
+   CK_RV                   rc;
+   CK_FLAGS                flags = 0;
+   CK_SESSION_HANDLE       session;
+   static CK_BBOOL         isTrue = TRUE;
+
+   CK_RV                   (*pFunc)();
+   void                    *pkcs11Lib;
+ 
+   getArgs(argc, argv);
+
+   printf("Opening the PKCS11 library...\n");
+   pkcs11Lib = dlopen(pkcs11LibName, RTLD_NOW);
+   if ( pkcs11Lib == NULL ) {
+      printf("%s not found. Ensure that the PKCS11 library is in the system library path or LD_LIBRARY_PATH\n", pkcs11LibName);
+      return !CKR_OK;
+   }
+ 
+   printf("Getting the PKCS11 function list...\n");
+   pFunc = (CK_RV (*)())dlsym(pkcs11Lib, "C_GetFunctionList");
+   if (pFunc == NULL ) {
+      printf("C_GetFunctionList() not found in module %s\n", pkcs11LibName);
+      return !CKR_OK;
+   }
+   rc = pFunc(&funcs);
+   if (rc != CKR_OK) {
+      printf("error C_GetFunctionList: rc=0x%04lx\n", rc );
+      return !CKR_OK;
+   }
+ 
+   printf("Initializing the PKCS11 environment...\n");
+   memset( &initArgs, 0x0, sizeof(initArgs) );
+   rc = funcs->C_Initialize( &initArgs );
+   if (rc != CKR_OK) {
+      printf("error C_Initialize: rc=0x%04lx\n", rc );
+      return !CKR_OK;
+   }
+
+   printf("Initializing the token... \n");
+   memset(tokenNameBuf, ' ', sizeof(tokenNameBuf)); /* Token name is left justified, padded with blanks */
+   memcpy(tokenNameBuf, tokenName, strlen(tokenName));
+
+   /* C_InitToken cleans up private and public keystores. This only needs to be done once.
+    * Subsequent C_InitToken calls will delete any existing keys within the keystores
+    */
+   if (opMode == 1) {
+       // Only init token when generating new keys. Do not do that when finding a key
+       rc = funcs->C_InitToken(0, soPin, strlen((const char *) soPin), tokenNameBuf);
+       if (rc != CKR_OK) {
+          printf("error C_InitToken: rc=0x%04lx\n", rc );
+          funcs->C_Finalize( NULL );
+          return !CKR_OK;
+       }
+   }
+ 
+   flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
+   printf("Opening a session... \n");
+   rc = funcs->C_OpenSession( 0, flags, (CK_VOID_PTR) NULL, NULL, &session );
+   if (rc != CKR_OK) {
+      printf("error C_OpenSession: rc=0x%04lx\n", rc );
+      funcs->C_Finalize( NULL );
+      return !CKR_OK;
+   }
+ 
+   printf("Logging in as normal user... \n");
+   rc = funcs->C_Login( session, CKU_USER, userPin, strlen((const char *) userPin));
+   if (rc != CKR_OK) {
+      printf("error C_Login: rc=0x%04lx\n", rc );
+      funcs->C_Finalize( NULL );
+      return !CKR_OK;
+   }
+
+   if (opMode == 1) {
+       if (generateKeyChecksum(session, CKK_AES) != 1) {
+           printf("Failed to generate AES key\n");
+           funcs->C_Finalize( NULL );
+           return !CKR_OK;
+       }
+       if (generateKeyChecksum(session, CKK_DES3) != 1) {
+           printf("Failed to generate DES3 key\n");
+           funcs->C_Finalize( NULL );
+           return !CKR_OK;
+       }
+       if (generateKeyChecksum(session, CKK_DES2) != 1) {
+           printf("Failed to generate DES2 key\n");
+           funcs->C_Finalize( NULL );
+           return !CKR_OK;
+       }
+   } else {
+       if (verifyChecksumFromFile(session, CKK_AES) != 1) {
+           printf("Failed to verify AES key\n");
+           funcs->C_Finalize( NULL );
+           return !CKR_OK;
+       }
+       if (verifyChecksumFromFile(session, CKK_DES3) != 1) {
+           printf("Failed to verify DES3 key\n");
+           funcs->C_Finalize( NULL );
+           return !CKR_OK;
+       }
+       if (verifyChecksumFromFile(session, CKK_DES2) != 1) {
+           printf("Failed to verify DES2 key\n");
+           funcs->C_Finalize( NULL );
+           return !CKR_OK;
+       }
+   }
+
+   printf("Logging out... \n");
+   rc = funcs->C_Logout(session);
+   if (rc != CKR_OK) {
+      printf("error C_Logout: rc=0x%04lx\n", rc );
+      funcs->C_Finalize( NULL );
+      return !CKR_OK;
+   }
+
+   printf("Closing the session... \n");
+   rc = funcs->C_CloseSession( session );
+   if (rc != CKR_OK) {
+      printf("error C_CloseSession: rc=0x%04lx\n", rc );
+      return !CKR_OK;
+   }
+
+   printf("Finalizing... \n");
+   rc = funcs->C_Finalize( NULL );
+   if (rc != CKR_OK) {
+      printf("error C_Finalize: rc=0x%04lx\n", rc );
+      return !CKR_OK;
+   }
+   printf("Sample completed successfully!\n");
+   return 0;
+}
+
diff --git a/hpcs-pkcs11/samples/pkcs11-crypto.c b/hpcs-pkcs11/samples/pkcs11-crypto.c
new file mode 100644
index 000000000..ac79ad8ed
--- /dev/null
+++ b/hpcs-pkcs11/samples/pkcs11-crypto.c
@@ -0,0 +1,394 @@
+/****************************************************************
+ * Copyright IBM Corp. All Rights Reserved.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * pkcs11-crypto.c
+ *
+ * A sample application to interact with the HPCS PKCS11 library
+ * 
+ * Compile using:
+ * gcc -o pkcs11-crypto pkcs11-crypto.c -ldl
+ * 
+ * Updates to be made within this source file:
+ * Replace the text <so-user-api-key> with the SO user's PIN.
+ * Replace the text <normal-user-api-key> with the normal user's PIN.
+ * Replace the text <pkcs11-library> with name of your pkcs11 library.
+ * 
+ * Ensure that your pkcs11 library is in your library path (LD_LIBRARY_PATH)
+ * and the grep11client.yaml PKCS11 configuration file is in the /etc/ep11client directory. You may
+ * need to create the /etc/ep11client directory, if it does not exist.
+ *
+ * NOTE: This sample code is expecting a default library name of pkcs11-grep11.so (See the pkcs11LibName variable).
+ *       Feel free to change the name to match your pkcs11 library name.
+ *
+ * Please refer to https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-set-up-pkcs-api
+ * for more information about the setup of the PKCS11 library and its configuration file.
+ * 
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <memory.h>
+#include <dlfcn.h>
+#include <sys/timeb.h>
+#include "sample.h"
+
+CK_FUNCTION_LIST  *funcs;
+CK_BYTE           tokenNameBuf[32];
+const char        tokenName[] = "testToken";
+
+int main( int argc, char **argv )
+{
+    CK_C_INITIALIZE_ARGS  initArgs;
+    CK_RV                   rc;
+    CK_FLAGS                flags = 0;
+    CK_SESSION_HANDLE       session;
+    CK_MECHANISM            mech;
+    CK_OBJECT_HANDLE        publicKey, privateKey, aesKey;
+    static CK_BBOOL         isTrue = TRUE;
+
+    CK_RV                   (*pFunc)();
+    void                    *pkcs11Lib;
+    CK_UTF8CHAR_PTR         soPin = (unsigned char *) "<so-user-api-key>";
+    CK_UTF8CHAR_PTR         userPin = (unsigned char *) "<normal-user-api-key>";
+    char                    pkcs11LibName[] = "pkcs11-grep11.so";
+
+    printf("Opening the PKCS11 library...\n");
+    pkcs11Lib = dlopen(pkcs11LibName, RTLD_NOW);
+    if ( pkcs11Lib == NULL ) {
+        printf("%s not found. Ensure that the PKCS11 library is in the system library path or LD_LIBRARY_PATH\n", pkcs11LibName);
+        return !CKR_OK;
+    }
+
+    printf("Getting the PKCS11 function list...\n");
+    pFunc = (CK_RV (*)())dlsym(pkcs11Lib, "C_GetFunctionList");
+    if (pFunc == NULL ) {
+        printf("C_GetFunctionList() not found in module %s\n", pkcs11LibName);
+        return !CKR_OK;
+    }
+    rc = pFunc(&funcs);
+    if (rc != CKR_OK) {
+        printf("error C_GetFunctionList: rc=0x%04lx\n", rc );
+        return !CKR_OK;
+    }
+
+    printf("Initializing the PKCS11 environment...\n");
+    memset( &initArgs, 0x0, sizeof(initArgs) );
+    rc = funcs->C_Initialize( &initArgs );
+    if (rc != CKR_OK) {
+        printf("error C_Initialize: rc=0x%04lx\n", rc );
+        return !CKR_OK;
+    }
+
+    printf("Initializing the token... \n");
+    memset(tokenNameBuf, ' ', sizeof(tokenNameBuf)); /* Token name is left justified, padded with blanks */
+    memcpy(tokenNameBuf, tokenName, strlen(tokenName));
+
+    /* C_InitToken cleans up private and public keystore thus only needs to be done once.
+     * Subsequent C_InitToken calls will delete any existing keys within the keystores
+     */
+    rc= funcs->C_InitToken(0, soPin, strlen((const char *) soPin), tokenNameBuf);
+    if (rc != CKR_OK) {
+        printf("error C_InitToken: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
+    printf("Opening a session... \n");
+    rc = funcs->C_OpenSession( 0, flags, (CK_VOID_PTR) NULL, NULL, &session );
+    if (rc != CKR_OK) {
+        printf("error C_OpenSession: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    printf("Logging in as normal user... \n");
+    rc = funcs->C_Login( session, CKU_USER, userPin, strlen((const char *) userPin));
+    if (rc != CKR_OK) {
+        printf("error C_Login: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    // User AES key to encrypt & decrypt
+    printf("Generating AES key... \n");
+    CK_ULONG aesKeyLen = 16;
+    CK_ATTRIBUTE aes_tmpl[] = {
+        {CKA_TOKEN,        &isTrue,     sizeof(isTrue) },
+        {CKA_VALUE_LEN,    &aesKeyLen,  sizeof(aesKeyLen) },
+        {CKA_ENCRYPT,      &isTrue,     sizeof(isTrue) },
+        {CKA_DECRYPT,      &isTrue,     sizeof(isTrue) },
+    };
+    mech.mechanism      = CKM_AES_KEY_GEN;
+    mech.ulParameterLen = 0;
+    mech.pParameter     = NULL;
+
+    rc = funcs->C_GenerateKey( session, &mech, aes_tmpl, sizeof(aes_tmpl)/sizeof(CK_ATTRIBUTE), &aesKey);
+    if (rc != CKR_OK) {
+        printf("error C_GenerateKey: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    CK_BYTE iv[16];
+    rc = funcs->C_GenerateRandom(session, (CK_BYTE_PTR)iv, sizeof(iv));
+    if (rc != CKR_OK) {
+        printf("error C_GenerateRandom: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    CK_BYTE clearTxt[] = "this is clear text to be encrypted";
+    CK_ULONG clearTxtLen = strlen(clearTxt);
+    CK_BYTE encrypted[64]; // input length rounded up to multiple of the block size (16 bytes)
+    CK_ULONG encryptedLen = sizeof(encrypted);
+    CK_BYTE decrypted[64];
+    CK_ULONG decryptedLen = sizeof(decrypted);
+
+    mech.mechanism      = CKM_AES_CBC_PAD;
+    mech.ulParameterLen = sizeof(iv);
+    mech.pParameter     = &iv;
+
+    printf("Encrypting with AES key by using C_EncryptInit/C_Encrypt functions... \n");
+    rc = funcs->C_EncryptInit(session, &mech, aesKey);
+    if (rc != CKR_OK) {
+        printf("error C_EncryptInit: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    rc = funcs->C_Encrypt(session, clearTxt, clearTxtLen, encrypted, &encryptedLen);
+    if (rc != CKR_OK) {
+        printf("error C_Encrypt: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    printf("Decrypting with AES key by using C_DecryptInit/C_Decrypt functions... \n");
+    rc = funcs->C_DecryptInit(session, &mech, aesKey);
+    if (rc != CKR_OK) {
+        printf("error C_DecryptInit: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    rc = funcs->C_Decrypt(session, encrypted, encryptedLen, decrypted, &decryptedLen);
+    if (rc != CKR_OK) {
+        printf("error C_Decrypt: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    if ( decryptedLen != clearTxtLen || memcmp(clearTxt, decrypted, decryptedLen) != 0) {
+        printf("Clear text is different from decrypted data[%lu]\n", decryptedLen);
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    printf("Encrypting with AES key by using C_EncryptInit/C_EncryptUpdate/C_EncryptFinal functions... \n");
+    rc = funcs->C_EncryptInit(session, &mech, aesKey);
+    if (rc != CKR_OK) {
+        printf("error C_EncryptInit: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    // Encrypt the first chunk, 16 bytes
+    CK_BYTE tmp[64];
+    CK_ULONG tmplen = sizeof(tmp);
+    encryptedLen = 0;
+    rc = funcs->C_EncryptUpdate(session, clearTxt, 16, tmp, &tmplen);
+    if (rc != CKR_OK) {
+        printf("error C_EncryptUpdate: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+    memcpy(encrypted, tmp, tmplen);
+    encryptedLen += tmplen;
+
+    // Encrypt the second chunk, 16 bytes
+    tmplen = sizeof(tmp);
+    rc = funcs->C_EncryptUpdate(session, &clearTxt[16], 16, tmp, &tmplen);
+    if (rc != CKR_OK) {
+        printf("error C_EncryptUpdate: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+    memcpy(&encrypted[encryptedLen], tmp, tmplen);
+    encryptedLen += tmplen;
+
+    // Encrypt the rest bytes
+    tmplen = sizeof(tmp);
+    rc = funcs->C_EncryptUpdate(session, &clearTxt[32], (int)clearTxtLen - 32, tmp, &tmplen);
+    if (rc != CKR_OK) {
+        printf("error C_EncryptUpdate: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+    memcpy(&encrypted[encryptedLen], tmp, tmplen);
+    encryptedLen += tmplen;
+
+    tmplen = sizeof(tmp);
+    rc = funcs->C_EncryptFinal(session, tmp, &tmplen);
+    if (rc != CKR_OK) {
+        printf("error C_EncryptFinal: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+    memcpy(&encrypted[encryptedLen], tmp, tmplen);
+    encryptedLen += tmplen;
+
+    printf("Decrypting with AES key by using C_DecryptInit/C_DecryptUpdate/C_DecryptFinal functions... \n");
+    rc = funcs->C_DecryptInit(session, &mech, aesKey);
+    if (rc != CKR_OK) {
+        printf("error C_DecryptInit: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    // Decrypt the first chunk, 16 bytes
+    decryptedLen = 0;
+    tmplen = sizeof(tmp);
+    rc = funcs->C_DecryptUpdate(session, encrypted, 16, tmp, &tmplen);
+    if (rc != CKR_OK) {
+        printf("error C_DecryptUpdate: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+    memcpy(decrypted, tmp, tmplen);
+    decryptedLen += tmplen;
+
+    // Decrypt the second chunk, 16 bytes
+    tmplen = sizeof(tmp);
+    rc = funcs->C_DecryptUpdate(session, &encrypted[16], 16, tmp, &tmplen);
+    if (rc != CKR_OK) {
+        printf("error C_DecryptUpdate: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+    memcpy(&decrypted[decryptedLen], tmp, tmplen);
+    decryptedLen += tmplen;
+
+    // Decrypt the rest bytes
+    tmplen = sizeof(tmp);
+    rc = funcs->C_DecryptUpdate(session, &encrypted[32], (int)encryptedLen - 32, tmp, &tmplen);
+    if (rc != CKR_OK) {
+        printf("error C_DecryptUpdate: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+    memcpy(&decrypted[decryptedLen], tmp, tmplen);
+    decryptedLen += tmplen;
+
+    tmplen = sizeof(tmp);
+    rc = funcs->C_DecryptFinal(session, tmp, &tmplen);
+    if (rc != CKR_OK) {
+        printf("error C_DecryptFinal: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+    memcpy(&decrypted[decryptedLen], tmp, tmplen);
+    decryptedLen += tmplen;
+
+    if ( decryptedLen != clearTxtLen || memcmp(clearTxt, decrypted, decryptedLen) != 0) {
+        printf("Clear text is different from decrypted data[%lu]\n", decryptedLen);
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    // Use ECDSA key to sign & verify
+    printf("Generating ECDSA key pair... \n");
+    /* Attributes for the public key to be generated */
+    CK_BYTE curve_name[] = "P-256";
+    CK_ATTRIBUTE pub_tmpl[] = {
+        {CKA_TOKEN,           &isTrue, sizeof(isTrue) },
+        {CKA_EC_PARAMS,       &curve_name,   strlen( (const char *) curve_name) },
+        {CKA_VERIFY,          &isTrue,  sizeof(isTrue) },
+    };
+
+    /* Attributes for the private key to be generated */
+    CK_ATTRIBUTE priv_tmpl[] =
+    {
+        {CKA_TOKEN,    &isTrue, sizeof(isTrue) },
+        {CKA_SIGN,     &isTrue, sizeof(isTrue) }
+    };
+    mech.mechanism      = CKM_EC_KEY_PAIR_GEN;
+    mech.ulParameterLen = 0;
+    mech.pParameter     = NULL;
+
+    rc = funcs->C_GenerateKeyPair( session,   &mech,
+            pub_tmpl,   sizeof(pub_tmpl)/sizeof(CK_ATTRIBUTE),
+            priv_tmpl,  sizeof(priv_tmpl)/sizeof(CK_ATTRIBUTE),
+            &publicKey, &privateKey );
+    if (rc != CKR_OK) {
+        printf("error C_GenerateKeyPair: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    printf("Signing with ECDSA private key... \n");
+    CK_BYTE dataToBeSigned[] = "This is data to be signed";
+    CK_ULONG dataToBeSignedLen = sizeof(dataToBeSigned) - 1;
+    CK_BYTE signature[64]; // minimum 64 bytes in P-256 case
+    CK_ULONG signatureLen = sizeof(signature);
+
+    mech.mechanism      = CKM_ECDSA;
+    mech.ulParameterLen = 0;
+    mech.pParameter     = NULL;
+
+    rc = funcs->C_SignInit(session, &mech, privateKey);
+    if (rc != CKR_OK) {
+        printf("error C_SignInit: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    rc = funcs->C_Sign(session, dataToBeSigned, dataToBeSignedLen, signature, &signatureLen);
+    if (rc != CKR_OK) {
+        printf("error C_Sign: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    printf("Verifying with ECDSA public key... \n");
+    rc = funcs->C_VerifyInit(session, &mech, publicKey);
+    if (rc != CKR_OK) {
+        printf("error C_VerifyInit: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    rc = funcs->C_Verify(session, dataToBeSigned, dataToBeSignedLen, signature, signatureLen);
+    if (rc != CKR_OK) {
+        printf("error C_Verify: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    printf("Logging out... \n");
+    rc = funcs->C_Logout(session);
+    if (rc != CKR_OK) {
+        printf("error C_Logout: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    printf("Closing the session... \n");
+    rc = funcs->C_CloseSession( session );
+    if (rc != CKR_OK) {
+        printf("error C_CloseSession: rc=0x%04lx\n", rc );
+        return !CKR_OK;
+    }
+
+    printf("Finalizing... \n");
+    rc = funcs->C_Finalize( NULL );
+    if (rc != CKR_OK) {
+        printf("error C_Finalize: rc=0x%04lx\n", rc );
+        return !CKR_OK;
+    }
+    printf("Sample completed successfully!\n");
+    return 0;
+}
diff --git a/hpcs-pkcs11/samples/pkcs11-dilithium.c b/hpcs-pkcs11/samples/pkcs11-dilithium.c
new file mode 100644
index 000000000..12b55d628
--- /dev/null
+++ b/hpcs-pkcs11/samples/pkcs11-dilithium.c
@@ -0,0 +1,213 @@
+ /****************************************************************
+ * Copyright IBM Corp. All Rights Reserved.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * pkcs11-dilithium.c
+ *
+ * A sample application to interact with the HPCS PKCS11 library
+ * 
+ * Compile using:
+ * gcc -o pkcs11-dilithium pkcs11-dilithium.c -ldl
+ * 
+ * Updates to be made within this source file:
+ * Replace the text <so-user-api-key> with the SO user's PIN.
+ * Replace the text <normal-user-api-key> with the normal user's PIN.
+ * Replace the text <pkcs11-library> with name of your pkcs11 library.
+ * 
+ * Ensure that your pkcs11 library is in your library path (LD_LIBRARY_PATH)
+ * and the grep11client.yaml PKCS11 configuration file is in the /etc/ep11client directory. You may
+ * need to create the /etc/ep11client directory, if it does not exist.
+ *
+ * NOTE: This sample code is expecting a default library name of pkcs11-grep11.so (See the pkcs11LibName variable).
+ *       Feel free to change the name to match your pkcs11 library name.
+ *
+ * Please refer to https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-set-up-pkcs-api
+ * for more information about the setup of the PKCS11 library and its configuration file.
+ * 
+ */
+ 
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <memory.h>
+#include <dlfcn.h>
+#include <sys/timeb.h>
+#include "sample.h"
+
+CK_FUNCTION_LIST  *funcs;
+CK_BYTE           tokenNameBuf[32];
+const char        tokenName[] = "testToken";
+
+int main( int argc, char **argv )
+{
+   CK_C_INITIALIZE_ARGS  initArgs;
+   CK_RV                   rc;
+   CK_FLAGS                flags = 0;
+   CK_SESSION_HANDLE       session;
+   CK_MECHANISM            mech;
+   CK_OBJECT_HANDLE        publicKey, privateKey, aesKey;
+   static CK_BBOOL         isTrue = TRUE;
+   static CK_BBOOL         isFalse = FALSE;
+
+   CK_RV                   (*pFunc)();
+   void                    *pkcs11Lib;
+   CK_UTF8CHAR_PTR         soPin = (unsigned char *) "<so-user-api-key>";
+   CK_UTF8CHAR_PTR         userPin = (unsigned char *) "<normal-user-api-key>";
+   char                    pkcs11LibName[] = "pkcs11-grep11.so";
+ 
+   printf("Opening the PKCS11 library...\n");
+   pkcs11Lib = dlopen(pkcs11LibName, RTLD_NOW);
+   if ( pkcs11Lib == NULL ) {
+      printf("%s not found. Ensure that the PKCS11 library is in the system library path or LD_LIBRARY_PATH\n", pkcs11LibName);
+      return !CKR_OK;
+   }
+ 
+   printf("Getting the PKCS11 function list...\n");
+   pFunc = (CK_RV (*)())dlsym(pkcs11Lib, "C_GetFunctionList");
+   if (pFunc == NULL ) {
+      printf("C_GetFunctionList() not found in module %s\n", pkcs11LibName);
+      return !CKR_OK;
+   }
+   rc = pFunc(&funcs);
+   if (rc != CKR_OK) {
+      printf("error C_GetFunctionList: rc=0x%04lx\n", rc );
+      return !CKR_OK;
+   }
+ 
+   printf("Initializing the PKCS11 environment...\n");
+   memset( &initArgs, 0x0, sizeof(initArgs) );
+   rc = funcs->C_Initialize( &initArgs );
+   if (rc != CKR_OK) {
+      printf("error C_Initialize: rc=0x%04lx\n", rc );
+      return !CKR_OK;
+   }
+
+   printf("Initializing the token... \n");
+   memset(tokenNameBuf, ' ', sizeof(tokenNameBuf)); /* Token name is left justified, padded with blanks */
+   memcpy(tokenNameBuf, tokenName, strlen(tokenName));
+
+   /* C_InitToken cleans up private and public keystore thus only needs to be done once.
+    * Subsequent C_InitToken calls will delete any existing keys within the keystores
+    */
+   rc= funcs->C_InitToken(0, soPin, strlen((const char *) soPin), tokenNameBuf);
+   if (rc != CKR_OK) {
+      printf("error C_InitToken: rc=0x%04lx\n", rc );
+      funcs->C_Finalize( NULL );
+      return !CKR_OK;
+   }
+ 
+   flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
+   printf("Opening a session... \n");
+   rc = funcs->C_OpenSession( 0, flags, (CK_VOID_PTR) NULL, NULL, &session );
+   if (rc != CKR_OK) {
+      printf("error C_OpenSession: rc=0x%04lx\n", rc );
+      funcs->C_Finalize( NULL );
+      return !CKR_OK;
+   }
+ 
+   printf("Logging in as normal user... \n");
+   rc = funcs->C_Login( session, CKU_USER, userPin, strlen((const char *) userPin));
+   if (rc != CKR_OK) {
+      printf("error C_Login: rc=0x%04lx\n", rc );
+      funcs->C_Finalize( NULL );
+      return !CKR_OK;
+   }
+
+   // Use Dilithium key to sign & verify
+   printf("Generating Dilithium key pair... \n");
+   /* Attributes for the public key to be generated */
+   CK_KEY_TYPE keyType = CKK_IBM_PQC_DILITHIUM;
+   CK_BYTE dilithium[] = {0x06, 0x0b, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b, 0x01, 0x06, 0x05};
+   CK_ATTRIBUTE pub_tmpl[] = {
+      {CKA_TOKEN,           &isTrue, sizeof(isTrue) },
+      {CKA_IBM_PQC_PARAMS,  &dilithium,   sizeof(dilithium) },
+      {CKA_VERIFY,          &isTrue,  sizeof(isTrue) },
+      {CKA_KEY_TYPE,        &keyType, sizeof(keyType) },
+   };
+ 
+   /* Attributes for the private key to be generated */
+   CK_ATTRIBUTE priv_tmpl[] =
+   {
+      {CKA_TOKEN,           &isTrue, sizeof(isTrue) },
+      {CKA_SIGN,            &isTrue, sizeof(isTrue) },
+      {CKA_EXTRACTABLE,     &isFalse,  sizeof(isFalse) },
+      {CKA_KEY_TYPE,        &keyType, sizeof(keyType) },
+   };
+   mech.mechanism      = CKM_IBM_DILITHIUM;
+   mech.ulParameterLen = 0;
+   mech.pParameter     = NULL;
+ 
+   rc = funcs->C_GenerateKeyPair( session,   &mech,
+                                  pub_tmpl,   sizeof(pub_tmpl)/sizeof(CK_ATTRIBUTE),
+                                  priv_tmpl,  sizeof(priv_tmpl)/sizeof(CK_ATTRIBUTE),
+                                  &publicKey, &privateKey );
+   if (rc != CKR_OK) {
+      printf("error C_GenerateKeyPair: rc=0x%04lx\n", rc );
+      funcs->C_Finalize( NULL );
+      return !CKR_OK;
+   }
+
+   printf("Signing with Dilithium private key... \n");
+   CK_BYTE dataToBeSigned[] = "This is data to be signed";
+   CK_ULONG dataToBeSignedLen = sizeof(dataToBeSigned) - 1;
+   CK_BYTE signature[10240];
+   CK_ULONG signatureLen = sizeof(signature);
+
+   mech.mechanism      = CKM_IBM_DILITHIUM;
+   mech.ulParameterLen = 0;
+   mech.pParameter     = NULL;
+
+   rc = funcs->C_SignInit(session, &mech, privateKey);
+   if (rc != CKR_OK) {
+      printf("error C_SignInit: rc=0x%04lx\n", rc );
+      funcs->C_Finalize( NULL );
+      return !CKR_OK;
+   }
+
+   rc = funcs->C_Sign(session, dataToBeSigned, dataToBeSignedLen, signature, &signatureLen);
+   if (rc != CKR_OK) {
+      printf("error C_Sign: rc=0x%04lx\n", rc );
+      funcs->C_Finalize( NULL );
+      return !CKR_OK;
+   }
+
+   printf("Verifying with Dilithium public key... \n");
+   rc = funcs->C_VerifyInit(session, &mech, publicKey);
+   if (rc != CKR_OK) {
+      printf("error C_VerifyInit: rc=0x%04lx\n", rc );
+      funcs->C_Finalize( NULL );
+      return !CKR_OK;
+   }
+
+   rc = funcs->C_Verify(session, dataToBeSigned, dataToBeSignedLen, signature, signatureLen);
+   if (rc != CKR_OK) {
+      printf("error C_Verify: rc=0x%04lx\n", rc );
+      funcs->C_Finalize( NULL );
+      return !CKR_OK;
+   }
+
+   printf("Logging out... \n");
+   rc = funcs->C_Logout(session);
+   if (rc != CKR_OK) {
+      printf("error C_Logout: rc=0x%04lx\n", rc );
+      funcs->C_Finalize( NULL );
+      return !CKR_OK;
+   }
+
+   printf("Closing the session... \n");
+   rc = funcs->C_CloseSession( session );
+   if (rc != CKR_OK) {
+      printf("error C_CloseSession: rc=0x%04lx\n", rc );
+      return !CKR_OK;
+   }
+
+   printf("Finalizing... \n");
+   rc = funcs->C_Finalize( NULL );
+   if (rc != CKR_OK) {
+      printf("error C_Finalize: rc=0x%04lx\n", rc );
+      return !CKR_OK;
+   }
+   printf("Sample completed successfully!\n");
+   return 0;
+}
diff --git a/hpcs-pkcs11/samples/pkcs11-object.c b/hpcs-pkcs11/samples/pkcs11-object.c
new file mode 100644
index 000000000..e0f9971f1
--- /dev/null
+++ b/hpcs-pkcs11/samples/pkcs11-object.c
@@ -0,0 +1,225 @@
+/****************************************************************
+ * Copyright IBM Corp. All Rights Reserved.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * pkcs11-object.c
+ *
+ * A sample application to interact with the HPCS PKCS11 library
+ * 
+ * Compile using:
+ * gcc -o pkcs11-object pkcs11-object.c -ldl
+ * 
+ * Updates to be made within this source file:
+ * Replace the text <so-user-api-key> with the SO user's PIN.
+ * Replace the text <normal-user-api-key> with the normal user's PIN.
+ * Replace the text <pkcs11-library> with name of your pkcs11 library.
+ * 
+ * Ensure that your pkcs11 library is in your library path (LD_LIBRARY_PATH)
+ * and the grep11client.yaml PKCS11 configuration file is in the /etc/ep11client directory. You may
+ * need to create the /etc/ep11client directory, if it does not exist.
+ *
+ * NOTE: This sample code is expecting a default library name of pkcs11-grep11.so (See the pkcs11LibName variable).
+ *       Feel free to change the name to match your pkcs11 library name.
+ *
+ * Please refer to https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-set-up-pkcs-api
+ * for more information about the setup of the PKCS11 library and its configuration file.
+ * 
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <memory.h>
+#include <dlfcn.h>
+#include <sys/timeb.h>
+#include "sample.h"
+
+CK_FUNCTION_LIST  *funcs;
+CK_BYTE           tokenNameBuf[32];
+const char        tokenName[] = "testToken";
+
+int main( int argc, char **argv )
+{
+    CK_C_INITIALIZE_ARGS  initArgs;
+    CK_RV                   rc;
+    CK_FLAGS                flags = 0;
+    CK_SESSION_HANDLE       session;
+    CK_OBJECT_HANDLE        pubObject, privObject;
+    static CK_BBOOL         isTrue = TRUE;
+    static CK_BBOOL         isFalse = FALSE;
+    CK_MECHANISM            mech;
+
+    CK_RV                   (*pFunc)();
+    void                    *pkcs11Lib;
+    CK_UTF8CHAR_PTR         soPin = (unsigned char *) "<so-user-api-key>";
+    CK_UTF8CHAR_PTR         userPin = (unsigned char *) "<normal-user-api-key>";
+    char                    pkcs11LibName[] = "pkcs11-grep11.so";
+
+    printf("Opening the PKCS11 library...\n");
+    pkcs11Lib = dlopen(pkcs11LibName, RTLD_NOW);
+    if ( pkcs11Lib == NULL ) {
+        printf("%s not found. Ensure that the PKCS11 library is in the system library path or LD_LIBRARY_PATH\n", pkcs11LibName);
+        return !CKR_OK;
+    }
+
+    printf("Getting the PKCS11 function list...\n");
+    pFunc = (CK_RV (*)())dlsym(pkcs11Lib, "C_GetFunctionList");
+    if (pFunc == NULL ) {
+        printf("C_GetFunctionList() not found in module %s\n", pkcs11LibName);
+        return !CKR_OK;
+    }
+    rc = pFunc(&funcs);
+    if (rc != CKR_OK) {
+        printf("error C_GetFunctionList: rc=0x%04lx\n", rc );
+        return !CKR_OK;
+    }
+
+    printf("Initializing the PKCS11 environment...\n");
+    memset( &initArgs, 0x0, sizeof(initArgs) );
+    rc = funcs->C_Initialize( &initArgs );
+    if (rc != CKR_OK) {
+        printf("error C_Initialize: rc=0x%04lx\n", rc );
+        return !CKR_OK;
+    }
+
+    printf("Initializing the token... \n");
+    memset(tokenNameBuf, ' ', sizeof(tokenNameBuf)); /* Token name is left justified, padded with blanks */
+    memcpy(tokenNameBuf, tokenName, strlen(tokenName));
+
+    /* C_InitToken cleans up private and public keystore thus only needs to be done once.
+     * Subsequent C_InitToken calls will delete any existing keys within the keystores
+     */
+    rc= funcs->C_InitToken(0, soPin, strlen((const char *) soPin), tokenNameBuf);
+    if (rc != CKR_OK) {
+        printf("error C_InitToken: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
+    printf("Opening a session... \n");
+    rc = funcs->C_OpenSession( 0, flags, (CK_VOID_PTR) NULL, NULL, &session );
+    if (rc != CKR_OK) {
+        printf("error C_OpenSession: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    printf("Logging in as normal user... \n");
+    rc = funcs->C_Login( session, CKU_USER, userPin, strlen((const char *) userPin));
+    if (rc != CKR_OK) {
+        printf("error C_Login: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    printf("Generating ED25519 public object... \n");
+    CK_OBJECT_CLASS objClass = CKO_PUBLIC_KEY;
+    CK_KEY_TYPE keyType = CKK_ECDSA;
+    CK_BYTE curve_oid[] = {0x06, 0x03, 0x2b, 0x65, 0x70};
+    CK_BYTE ec_point[] = {0x38, 0xf9, 0x52, 0x1b, 0xdd, 0x5d, 0xaa, 0x8e, 0x78, 0xcd, 0x12, 0x5b, 0x57, 0x53, 0x1b, 0x07,
+                          0xd5, 0xe7, 0x85, 0x91, 0x62, 0x34, 0x90, 0x83, 0x0d, 0x2a, 0x5e, 0x32, 0x57, 0x53, 0xf8, 0xed}; 
+    CK_ATTRIBUTE pub_tmpl[] = {
+        {CKA_TOKEN,        &isTrue,     sizeof(isTrue) },
+        {CKA_CLASS,        &objClass,   sizeof(objClass) },
+        {CKA_KEY_TYPE,     &keyType,    sizeof(keyType) },
+        {CKA_PRIVATE,      &isFalse,    sizeof(isFalse) },
+        {CKA_VERIFY,       &isTrue,     sizeof(isTrue) },
+        {CKA_EC_PARAMS,    &curve_oid,  sizeof(curve_oid) },
+        {CKA_EC_POINT,     &ec_point,   sizeof(ec_point) },
+    };
+
+    rc = funcs->C_CreateObject(session, pub_tmpl, sizeof(pub_tmpl)/sizeof(CK_ATTRIBUTE), &pubObject);
+    if (rc != CKR_OK) {
+        printf("error C_CreateObject: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    printf("Generating ED25519 private object... \n");
+    objClass = CKO_PRIVATE_KEY;
+    CK_BYTE value[] = {0xf1, 0x4a, 0x91, 0x00, 0x5f, 0xd6, 0xdb, 0xf7, 0x6f, 0x67, 0x1d, 0x70, 0xbd, 0xc7, 0xb0, 0x91,
+                          0x5b, 0x89, 0xba, 0xb9, 0x6a, 0x60, 0x7c, 0xd8, 0x55, 0xad, 0x32, 0x56, 0xb1, 0x9b, 0x02, 0x74,
+                          0x38, 0xf9, 0x52, 0x1b, 0xdd, 0x5d, 0xaa, 0x8e, 0x78, 0xcd, 0x12, 0x5b, 0x57, 0x53, 0x1b, 0x07,
+                          0xd5, 0xe7, 0x85, 0x91, 0x62, 0x34, 0x90, 0x83, 0x0d, 0x2a, 0x5e, 0x32, 0x57, 0x53, 0xf8, 0xed}; 
+    CK_ATTRIBUTE priv_tmpl[] = {
+        {CKA_TOKEN,        &isTrue,     sizeof(isTrue) },
+        {CKA_CLASS,        &objClass,   sizeof(objClass) },
+        {CKA_KEY_TYPE,     &keyType,    sizeof(keyType) },
+        {CKA_PRIVATE,      &isTrue,     sizeof(isTrue) },
+        {CKA_SIGN,         &isTrue,     sizeof(isTrue) },
+        {CKA_EC_PARAMS,    &curve_oid,  sizeof(curve_oid) },
+        {CKA_VALUE,        &value,      sizeof(value) },
+    };
+
+    rc = funcs->C_CreateObject(session, priv_tmpl, sizeof(priv_tmpl)/sizeof(CK_ATTRIBUTE), &privObject);
+    if (rc != CKR_OK) {
+        printf("error C_CreateObject: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    printf("Signing with ED25519 private object... \n");
+    CK_BYTE dataToBeSigned[] = "This is data to be signed";
+    CK_ULONG dataToBeSignedLen = sizeof(dataToBeSigned) - 1;
+    CK_BYTE signature[64]; // minimum 64 bytes in P-256 case
+    CK_ULONG signatureLen = sizeof(signature);
+
+    mech.mechanism      = CKM_IBM_ED25519_SHA512;
+    mech.ulParameterLen = 0;
+    mech.pParameter     = NULL;
+
+    rc = funcs->C_SignInit(session, &mech, privObject);
+    if (rc != CKR_OK) {
+       printf("error C_SignInit: rc=0x%04lx\n", rc );
+       funcs->C_Finalize( NULL );
+       return !CKR_OK;
+    }
+
+    rc = funcs->C_Sign(session, dataToBeSigned, dataToBeSignedLen, signature, &signatureLen);
+    if (rc != CKR_OK) {
+       printf("error C_Sign: rc=0x%04lx\n", rc );
+       funcs->C_Finalize( NULL );
+       return !CKR_OK;
+    }
+
+    printf("Verifying with ED25519 public object... \n");
+    rc = funcs->C_VerifyInit(session, &mech, pubObject);
+    if (rc != CKR_OK) {
+       printf("error C_VerifyInit: rc=0x%04lx\n", rc );
+       funcs->C_Finalize( NULL );
+       return !CKR_OK;
+    }
+
+    rc = funcs->C_Verify(session, dataToBeSigned, dataToBeSignedLen, signature, signatureLen);
+    if (rc != CKR_OK) {
+       printf("error C_Verify: rc=0x%04lx\n", rc );
+       funcs->C_Finalize( NULL );
+       return !CKR_OK;
+    }
+
+    printf("Logging out... \n");
+    rc = funcs->C_Logout(session);
+    if (rc != CKR_OK) {
+        printf("error C_Logout: rc=0x%04lx\n", rc );
+        funcs->C_Finalize( NULL );
+        return !CKR_OK;
+    }
+
+    printf("Closing the session... \n");
+    rc = funcs->C_CloseSession( session );
+    if (rc != CKR_OK) {
+        printf("error C_CloseSession: rc=0x%04lx\n", rc );
+        return !CKR_OK;
+    }
+
+    printf("Finalizing... \n");
+    rc = funcs->C_Finalize( NULL );
+    if (rc != CKR_OK) {
+        printf("error C_Finalize: rc=0x%04lx\n", rc );
+        return !CKR_OK;
+    }
+    printf("Sample completed successfully!\n");
+    return 0;
+}
diff --git a/hpcs-pkcs11/samples/pkcs11-slhdsa.c b/hpcs-pkcs11/samples/pkcs11-slhdsa.c
new file mode 100644
index 000000000..01a533fdf
--- /dev/null
+++ b/hpcs-pkcs11/samples/pkcs11-slhdsa.c
@@ -0,0 +1,331 @@
+/*
+ * gcc -o pkcs11-eddsa pkcs11-eddsa.c -ldl
+ *
+ * Updates to be made within this source file:
+ * Replace the text <so-user-api-key> with the SO user's PIN.
+ * Replace the text <normal-user-api-key> with the normal user's PIN.
+ * Replace the text <pkcs11-library> with name of your pkcs11 library.
+ *
+ * Ensure that your pkcs11 library is in your library path (LD_LIBRARY_PATH)
+ * and the grep11client.yaml PKCS11 configuration file is in the /etc/ep11client directory. You may
+ * need to create the /etc/ep11client directory, if it does not exist.
+ *
+ * NOTE: This sample code is expecting a default library name of pkcs11-grep11.so (See the pkcs11LibName variable).
+ * Feel free to change the name to match your pkcs11 library name.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <memory.h>
+#include <dlfcn.h>
+#include <sys/timeb.h>
+#include "sample.h"
+
+#define CKK_EC_EDWARDS		(0x40UL)
+#define CKM_EC_EDWARDS_KEY_PAIR_GEN	(0x1055UL)
+#define CKM_EDDSA			(0x1057UL)
+
+CK_FUNCTION_LIST  *funcs;
+CK_BYTE           tokenNameBuf[32];
+const char        tokenName[] = "meulabel";
+
+#define DUMP_HEXA(A, B)   \
+          do {  \
+            printf("%s[%d]: \n", (char *) #A, (int) B); \
+            dump_hexa((const void*) A, (size_t) B);  \
+          } while(0) 
+
+void dump_hexa(const void* data, size_t size) {
+  char ascii[17];
+  size_t i, j;
+  ascii[16] = '\0';
+  for (i = 0; i < size; ++i) {
+    printf("%02X ", ((unsigned char*)data)[i]);
+    if (((unsigned char*)data)[i] >= ' ' && ((unsigned char*)data)[i] <= '~') {
+      ascii[i % 16] = ((unsigned char*)data)[i];
+    } else {
+      ascii[i % 16] = '.';
+    }
+    if ((i+1) % 8 == 0 || i+1 == size) {
+      printf(" ");
+      if ((i+1) % 16 == 0) {
+        printf("|  %s \n", ascii);
+      } else if (i+1 == size) {
+        ascii[(i+1) % 16] = '\0';
+        if ((i+1) % 16 <= 8) {
+          printf(" ");
+        }
+        for (j = (i+1) % 16; j < 16; ++j) {
+          printf("   ");
+        }
+        printf("|  %s \n", ascii);
+      }
+    }
+  }
+}
+
+long get_file_size(char *fname) {
+    FILE *f = fopen(fname, "r");
+    if (!f) return -1;
+    fseek(f, 0, SEEK_END);
+    long size = ftell(f);
+    fclose(f);
+    return size;
+}
+
+int main( int argc, char **argv )
+{
+  CK_C_INITIALIZE_ARGS   initArgs;
+  CK_RV                  rc;
+  CK_FLAGS               flags = 0;
+  CK_SESSION_HANDLE      session;
+  CK_MECHANISM           mech;
+  CK_OBJECT_HANDLE       publicKey, privateKey;
+  static CK_BBOOL        isTrue = TRUE;
+  static CK_BBOOL        isFalse = FALSE;
+  CK_BYTE id[] = {123};
+  CK_UTF8CHAR_PTR keyLabel = (unsigned char *) "pqlabel";
+
+  CK_RV                  (*pFunc)();
+  void                   *pkcs11Lib;
+  CK_UTF8CHAR_PTR        soPin = (unsigned char *) "0000";
+  CK_UTF8CHAR_PTR        userPin = (unsigned char *) "0000";
+  char                   pkcs11LibName[] = "libsofthsm2.so";
+  
+  if (argc != 2) {
+      printf("Usage: %s <file_to_sign>\n", argv[0]);
+      return -1;
+  }
+  
+  char* file_to_sign = argv[1];
+
+  printf("Opening the PKCS11 library...\n");
+  pkcs11Lib = dlopen(pkcs11LibName, RTLD_LAZY);
+  if ( pkcs11Lib == NULL ) {
+    printf("%s not found. Ensure that the PKCS11 library is in the system library path or LD_LIBRARY_PATH\n", pkcs11LibName);
+    return !CKR_OK;
+  }
+
+  printf("Getting the PKCS11 function list...\n");
+  pFunc = (CK_RV (*)())dlsym(pkcs11Lib, "C_GetFunctionList");
+  if (pFunc == NULL ) {
+    printf("C_GetFunctionList() not found in module %s\n", pkcs11LibName);
+    return !CKR_OK;
+  }
+  rc = pFunc(&funcs);
+  if (rc != CKR_OK) {
+    printf("error C_GetFunctionList: rc=0x%04lx\n", rc );
+    return !CKR_OK;
+  }
+
+  printf("Initializing the PKCS11 environment...\n");
+  memset( &initArgs, 0x0, sizeof(initArgs) );
+  rc = funcs->C_Initialize( &initArgs );
+  if (rc != CKR_OK) {
+    printf("error C_Initialize: rc=0x%04lx\n", rc );
+    return !CKR_OK;
+  }
+  
+  CK_SLOT_ID available_slots[10];
+  CK_ULONG num_slots = 10;
+
+  rc = funcs->C_GetSlotList(1, available_slots, &num_slots);
+  if (rc != CKR_OK) {
+    printf("Failed to get the available slots: rc=0x%04lx\n", rc);
+    return 0;
+  }
+  
+  printf("Available slots: 0x%04lx %ld\n", available_slots[0], num_slots);
+  
+  /* printf("Initializing the token... \n"); */
+  /* memset(tokenNameBuf, ' ', sizeof(tokenNameBuf));  */
+  /* memcpy(tokenNameBuf, tokenName, strlen(tokenName)); */
+  /**/
+  /* rc= funcs->C_InitToken(available_slots[0], soPin, strlen((const char *) soPin), tokenNameBuf); */
+  /* if (rc != CKR_OK) { */
+  /*   printf("error C_InitToken: rc=0x%04lx\n", rc ); */
+  /*   funcs->C_Finalize( NULL ); */
+  /*   return !CKR_OK; */
+  /* } */
+
+  flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
+  printf("Opening a session... \n");
+  rc = funcs->C_OpenSession( available_slots[0], flags, (CK_VOID_PTR) NULL, NULL, &session );
+  if (rc != CKR_OK) {
+    printf("error C_OpenSession: rc=0x%04lx\n", rc );
+    funcs->C_Finalize( NULL );
+    return !CKR_OK;
+  }
+  
+  printf("Logging in as SO... \n");
+  rc = funcs->C_Login( session, CKU_SO, soPin, strlen((const char *) soPin));
+  if (rc != CKR_OK) {
+    printf("error C_Login: rc=0x%04lx\n", rc );
+    funcs->C_Finalize( NULL );
+    return !CKR_OK;
+  }
+  
+  printf("Initing normal user pin... \n");
+  rc = funcs->C_InitPIN( session, userPin, strlen((const char *) userPin));
+  if (rc != CKR_OK) {
+    printf("error C_InitPin: rc=0x%04lx\n", rc );
+    funcs->C_Finalize( NULL );
+    return !CKR_OK;
+  }
+  
+  rc = funcs->C_Logout(session);
+  if (rc != CKR_OK) {
+    printf("error C_Logout: rc=0x%04lx\n", rc );
+    funcs->C_Finalize( NULL );
+    return !CKR_OK;
+  }
+
+  printf("Logging in as normal user... \n");
+  rc = funcs->C_Login( session, CKU_USER, userPin, strlen((const char *) userPin));
+  if (rc != CKR_OK) {
+    printf("error C_Login: rc=0x%04lx\n", rc );
+    funcs->C_Finalize( NULL );
+    return !CKR_OK;
+  }
+
+  // Use Ed25519 key to sign & verify
+  printf("Generating Ed25519 key pair... \n");
+  
+  CK_KEY_TYPE keyType = CKK_EC_EDWARDS;
+  CK_OBJECT_CLASS keyClass = CKO_PRIVATE_KEY;
+  /* DER OID for id-Ed25519 (1.3.101.112) */
+  CK_BYTE ED25519_EC_PARAMS[] = { 0x06, 0x03, 0x2B, 0x65, 0x70 };
+  
+/* Public key template */
+CK_ATTRIBUTE pub_tmpl[] = {
+    { CKA_TOKEN,     &isTrue,  sizeof(isTrue) },
+    { CKA_VERIFY,    &isTrue,  sizeof(isTrue) },
+    { CKA_LABEL,     keyLabel, (CK_ULONG)strlen((char*)keyLabel) },
+    { CKA_ID,        id,       (CK_ULONG)sizeof(id) },
+    { CKA_EC_PARAMS, (CK_VOID_PTR)ED25519_EC_PARAMS,
+                     (CK_ULONG)sizeof(ED25519_EC_PARAMS) }
+};
+
+/* Private key template */
+CK_ATTRIBUTE priv_tmpl[] = {
+    { CKA_TOKEN,   &isTrue,  sizeof(isTrue) },
+    { CKA_SIGN,    &isTrue,  sizeof(isTrue) },
+    { CKA_LABEL,   keyLabel, (CK_ULONG)strlen((char*)keyLabel) },
+    { CKA_ID,      id,       (CK_ULONG)sizeof(id) }
+};
+  
+  mech.mechanism      = CKM_EC_EDWARDS_KEY_PAIR_GEN;
+  mech.ulParameterLen = 0;
+  mech.pParameter     = NULL;
+
+  rc = funcs->C_GenerateKeyPair( session,    &mech,
+                 pub_tmpl,   sizeof(pub_tmpl)/sizeof(CK_ATTRIBUTE),
+                 priv_tmpl,  sizeof(priv_tmpl)/sizeof(CK_ATTRIBUTE),
+                 &publicKey, &privateKey );
+  if (rc != CKR_OK) {
+    printf("error C_GenerateKeyPair: rc=0x%04lx\n", rc );
+    funcs->C_Finalize( NULL );
+    return !CKR_OK;
+  }
+  
+  long file_size = get_file_size(file_to_sign);
+  if (file_size == -1) {
+      printf("Error: Could not open or read file %s\n", file_to_sign);
+      funcs->C_Finalize( NULL );
+      return !CKR_OK;
+  }
+  
+  CK_BYTE* dataToBeSigned = (CK_BYTE*) malloc(file_size);
+  if (!dataToBeSigned) {
+      printf("Error: Memory allocation failed.\n");
+      funcs->C_Finalize( NULL );
+      return !CKR_OK;
+  }
+  
+  FILE* fp = fopen(file_to_sign, "rb");
+  if (!fp) {
+      printf("Error: Could not open file %s for reading.\n", file_to_sign);
+      free(dataToBeSigned);
+      funcs->C_Finalize( NULL );
+      return !CKR_OK;
+  }
+  fread(dataToBeSigned, 1, file_size, fp);
+  fclose(fp);
+  
+  CK_ULONG dataToBeSignedLen = file_size;
+  CK_BYTE signature[1024];
+  CK_ULONG signatureLen = sizeof(signature);
+
+  printf("Signing the data from %s with Ed25519 private key... \n", file_to_sign);
+  mech.mechanism      = CKM_EDDSA;
+  mech.ulParameterLen = 0;
+  mech.pParameter     = NULL;
+
+  rc = funcs->C_SignInit(session, &mech, privateKey);
+  if (rc != CKR_OK) {
+    printf("error C_SignInit: rc=0x%04lx\n", rc );
+    free(dataToBeSigned);
+    funcs->C_Finalize( NULL );
+    return !CKR_OK;
+  }
+
+  rc = funcs->C_Sign(session, dataToBeSigned, dataToBeSignedLen, signature, &signatureLen);
+  if (rc != CKR_OK) {
+    printf("error C_Sign: rc=0x%04lx\n", rc );
+    free(dataToBeSigned);
+    funcs->C_Finalize( NULL );
+    return !CKR_OK;
+  }
+  
+  DUMP_HEXA(signature, signatureLen);
+
+  printf("Verifying the data with Ed25519 public key... \n");
+  rc = funcs->C_VerifyInit(session, &mech, publicKey);
+  if (rc != CKR_OK) {
+    printf("error C_VerifyInit: rc=0x%04lx\n", rc );
+    free(dataToBeSigned);
+    funcs->C_Finalize( NULL );
+    return !CKR_OK;
+  }
+  
+  rc = funcs->C_Verify(session, dataToBeSigned, dataToBeSignedLen, signature, signatureLen);
+  if (rc != CKR_OK) {
+    printf("error C_Verify: rc=0x%04lx\n", rc );
+    free(dataToBeSigned);
+    funcs->C_Finalize( NULL );
+    return !CKR_OK;
+  }
+  
+  printf("Signature is valid!\n");
+
+  printf("Logging out... \n");
+  rc = funcs->C_Logout(session);
+  if (rc != CKR_OK) {
+    printf("error C_Logout: rc=0x%04lx\n", rc );
+    free(dataToBeSigned);
+    funcs->C_Finalize( NULL );
+    return !CKR_OK;
+  }
+
+  printf("Closing the session... \n");
+  rc = funcs->C_CloseSession( session );
+  if (rc != CKR_OK) {
+    printf("error C_CloseSession: rc=0x%04lx\n", rc );
+    free(dataToBeSigned);
+    return !CKR_OK;
+  }
+
+  printf("Finalizing... \n");
+  rc = funcs->C_Finalize( NULL );
+  if (rc != CKR_OK) {
+    printf("error C_Finalize: rc=0x%04lx\n", rc );
+    free(dataToBeSigned);
+    return !CKR_OK;
+  }
+  
+  free(dataToBeSigned);
+  printf("Sample completed successfully!\n");
+  return 0;
+}
diff --git a/hpcs-pkcs11/samples/pkcs11.h b/hpcs-pkcs11/samples/pkcs11.h
new file mode 100644
index 000000000..0d78dd711
--- /dev/null
+++ b/hpcs-pkcs11/samples/pkcs11.h
@@ -0,0 +1,265 @@
+/* Copyright (c) OASIS Open 2016. All Rights Reserved./
+ * /Distributed under the terms of the OASIS IPR Policy,
+ * [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT ANY
+ * IMPLIED OR EXPRESS WARRANTY; there is no warranty of MERCHANTABILITY, FITNESS FOR A
+ * PARTICULAR PURPOSE or NONINFRINGEMENT of the rights of others.
+ */
+        
+/* Latest version of the specification:
+ * http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html
+ */
+
+#ifndef _PKCS11_H_
+#define _PKCS11_H_ 1
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Before including this file (pkcs11.h) (or pkcs11t.h by
+ * itself), 5 platform-specific macros must be defined.  These
+ * macros are described below, and typical definitions for them
+ * are also given.  Be advised that these definitions can depend
+ * on both the platform and the compiler used (and possibly also
+ * on whether a Cryptoki library is linked statically or
+ * dynamically).
+ *
+ * In addition to defining these 5 macros, the packing convention
+ * for Cryptoki structures should be set.  The Cryptoki
+ * convention on packing is that structures should be 1-byte
+ * aligned.
+ *
+ * If you're using Microsoft Developer Studio 5.0 to produce
+ * Win32 stuff, this might be done by using the following
+ * preprocessor directive before including pkcs11.h or pkcs11t.h:
+ *
+ * #pragma pack(push, cryptoki, 1)
+ *
+ * and using the following preprocessor directive after including
+ * pkcs11.h or pkcs11t.h:
+ *
+ * #pragma pack(pop, cryptoki)
+ *
+ * If you're using an earlier version of Microsoft Developer
+ * Studio to produce Win16 stuff, this might be done by using
+ * the following preprocessor directive before including
+ * pkcs11.h or pkcs11t.h:
+ *
+ * #pragma pack(1)
+ *
+ * In a UNIX environment, you're on your own for this.  You might
+ * not need to do (or be able to do!) anything.
+ *
+ *
+ * Now for the macros:
+ *
+ *
+ * 1. CK_PTR: The indirection string for making a pointer to an
+ * object.  It can be used like this:
+ *
+ * typedef CK_BYTE CK_PTR CK_BYTE_PTR;
+ *
+ * If you're using Microsoft Developer Studio 5.0 to produce
+ * Win32 stuff, it might be defined by:
+ *
+ * #define CK_PTR *
+ *
+ * If you're using an earlier version of Microsoft Developer
+ * Studio to produce Win16 stuff, it might be defined by:
+ *
+ * #define CK_PTR far *
+ *
+ * In a typical UNIX environment, it might be defined by:
+ *
+ * #define CK_PTR *
+ *
+ *
+ * 2. CK_DECLARE_FUNCTION(returnType, name): A macro which makes
+ * an importable Cryptoki library function declaration out of a
+ * return type and a function name.  It should be used in the
+ * following fashion:
+ *
+ * extern CK_DECLARE_FUNCTION(CK_RV, C_Initialize)(
+ *   CK_VOID_PTR pReserved
+ * );
+ *
+ * If you're using Microsoft Developer Studio 5.0 to declare a
+ * function in a Win32 Cryptoki .dll, it might be defined by:
+ *
+ * #define CK_DECLARE_FUNCTION(returnType, name) \
+ *   returnType __declspec(dllimport) name
+ *
+ * If you're using an earlier version of Microsoft Developer
+ * Studio to declare a function in a Win16 Cryptoki .dll, it
+ * might be defined by:
+ *
+ * #define CK_DECLARE_FUNCTION(returnType, name) \
+ *   returnType __export _far _pascal name
+ *
+ * In a UNIX environment, it might be defined by:
+ *
+ * #define CK_DECLARE_FUNCTION(returnType, name) \
+ *   returnType name
+ *
+ *
+ * 3. CK_DECLARE_FUNCTION_POINTER(returnType, name): A macro
+ * which makes a Cryptoki API function pointer declaration or
+ * function pointer type declaration out of a return type and a
+ * function name.  It should be used in the following fashion:
+ *
+ * // Define funcPtr to be a pointer to a Cryptoki API function
+ * // taking arguments args and returning CK_RV.
+ * CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtr)(args);
+ *
+ * or
+ *
+ * // Define funcPtrType to be the type of a pointer to a
+ * // Cryptoki API function taking arguments args and returning
+ * // CK_RV, and then define funcPtr to be a variable of type
+ * // funcPtrType.
+ * typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtrType)(args);
+ * funcPtrType funcPtr;
+ *
+ * If you're using Microsoft Developer Studio 5.0 to access
+ * functions in a Win32 Cryptoki .dll, in might be defined by:
+ *
+ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
+ *   returnType __declspec(dllimport) (* name)
+ *
+ * If you're using an earlier version of Microsoft Developer
+ * Studio to access functions in a Win16 Cryptoki .dll, it might
+ * be defined by:
+ *
+ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
+ *   returnType __export _far _pascal (* name)
+ *
+ * In a UNIX environment, it might be defined by:
+ *
+ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
+ *   returnType (* name)
+ *
+ *
+ * 4. CK_CALLBACK_FUNCTION(returnType, name): A macro which makes
+ * a function pointer type for an application callback out of
+ * a return type for the callback and a name for the callback.
+ * It should be used in the following fashion:
+ *
+ * CK_CALLBACK_FUNCTION(CK_RV, myCallback)(args);
+ *
+ * to declare a function pointer, myCallback, to a callback
+ * which takes arguments args and returns a CK_RV.  It can also
+ * be used like this:
+ *
+ * typedef CK_CALLBACK_FUNCTION(CK_RV, myCallbackType)(args);
+ * myCallbackType myCallback;
+ *
+ * If you're using Microsoft Developer Studio 5.0 to do Win32
+ * Cryptoki development, it might be defined by:
+ *
+ * #define CK_CALLBACK_FUNCTION(returnType, name) \
+ *   returnType (* name)
+ *
+ * If you're using an earlier version of Microsoft Developer
+ * Studio to do Win16 development, it might be defined by:
+ *
+ * #define CK_CALLBACK_FUNCTION(returnType, name) \
+ *   returnType _far _pascal (* name)
+ *
+ * In a UNIX environment, it might be defined by:
+ *
+ * #define CK_CALLBACK_FUNCTION(returnType, name) \
+ *   returnType (* name)
+ *
+ *
+ * 5. NULL_PTR: This macro is the value of a NULL pointer.
+ *
+ * In any ANSI/ISO C environment (and in many others as well),
+ * this should best be defined by
+ *
+ * #ifndef NULL_PTR
+ * #define NULL_PTR 0
+ * #endif
+ */
+
+
+/* All the various Cryptoki types and #define'd values are in the
+ * file pkcs11t.h.
+ */
+#include "pkcs11t.h"
+
+#define __PASTE(x,y)      x##y
+
+
+/* ==============================================================
+ * Define the "extern" form of all the entry points.
+ * ==============================================================
+ */
+
+#define CK_NEED_ARG_LIST  1
+#define CK_PKCS11_FUNCTION_INFO(name) \
+  extern CK_DECLARE_FUNCTION(CK_RV, name)
+
+/* pkcs11f.h has all the information about the Cryptoki
+ * function prototypes.
+ */
+#include "pkcs11f.h"
+
+#undef CK_NEED_ARG_LIST
+#undef CK_PKCS11_FUNCTION_INFO
+
+
+/* ==============================================================
+ * Define the typedef form of all the entry points.  That is, for
+ * each Cryptoki function C_XXX, define a type CK_C_XXX which is
+ * a pointer to that kind of function.
+ * ==============================================================
+ */
+
+#define CK_NEED_ARG_LIST  1
+#define CK_PKCS11_FUNCTION_INFO(name) \
+  typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, __PASTE(CK_,name))
+
+/* pkcs11f.h has all the information about the Cryptoki
+ * function prototypes.
+ */
+#include "pkcs11f.h"
+
+#undef CK_NEED_ARG_LIST
+#undef CK_PKCS11_FUNCTION_INFO
+
+
+/* ==============================================================
+ * Define structed vector of entry points.  A CK_FUNCTION_LIST
+ * contains a CK_VERSION indicating a library's Cryptoki version
+ * and then a whole slew of function pointers to the routines in
+ * the library.  This type was declared, but not defined, in
+ * pkcs11t.h.
+ * ==============================================================
+ */
+
+#define CK_PKCS11_FUNCTION_INFO(name) \
+  __PASTE(CK_,name) name;
+
+struct CK_FUNCTION_LIST {
+
+  CK_VERSION    version;  /* Cryptoki version */
+
+/* Pile all the function pointers into the CK_FUNCTION_LIST. */
+/* pkcs11f.h has all the information about the Cryptoki
+ * function prototypes.
+ */
+#include "pkcs11f.h"
+
+};
+
+#undef CK_PKCS11_FUNCTION_INFO
+
+
+#undef __PASTE
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKCS11_H_ */
+
diff --git a/hpcs-pkcs11/samples/pkcs11f.h b/hpcs-pkcs11/samples/pkcs11f.h
new file mode 100644
index 000000000..ed90affc5
--- /dev/null
+++ b/hpcs-pkcs11/samples/pkcs11f.h
@@ -0,0 +1,939 @@
+/* Copyright (c) OASIS Open 2016. All Rights Reserved./
+ * /Distributed under the terms of the OASIS IPR Policy,
+ * [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT ANY
+ * IMPLIED OR EXPRESS WARRANTY; there is no warranty of MERCHANTABILITY, FITNESS FOR A
+ * PARTICULAR PURPOSE or NONINFRINGEMENT of the rights of others.
+ */
+        
+/* Latest version of the specification:
+ * http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html
+ */
+
+/* This header file contains pretty much everything about all the
+ * Cryptoki function prototypes.  Because this information is
+ * used for more than just declaring function prototypes, the
+ * order of the functions appearing herein is important, and
+ * should not be altered.
+ */
+
+/* General-purpose */
+
+/* C_Initialize initializes the Cryptoki library. */
+CK_PKCS11_FUNCTION_INFO(C_Initialize)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_VOID_PTR   pInitArgs  /* if this is not NULL_PTR, it gets
+                            * cast to CK_C_INITIALIZE_ARGS_PTR
+                            * and dereferenced
+                            */
+);
+#endif
+
+
+/* C_Finalize indicates that an application is done with the
+ * Cryptoki library.
+ */
+CK_PKCS11_FUNCTION_INFO(C_Finalize)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_VOID_PTR   pReserved  /* reserved.  Should be NULL_PTR */
+);
+#endif
+
+
+/* C_GetInfo returns general information about Cryptoki. */
+CK_PKCS11_FUNCTION_INFO(C_GetInfo)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_INFO_PTR   pInfo  /* location that receives information */
+);
+#endif
+
+
+/* C_GetFunctionList returns the function list. */
+CK_PKCS11_FUNCTION_INFO(C_GetFunctionList)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_FUNCTION_LIST_PTR_PTR ppFunctionList  /* receives pointer to
+                                            * function list
+                                            */
+);
+#endif
+
+
+
+/* Slot and token management */
+
+/* C_GetSlotList obtains a list of slots in the system. */
+CK_PKCS11_FUNCTION_INFO(C_GetSlotList)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_BBOOL       tokenPresent,  /* only slots with tokens */
+  CK_SLOT_ID_PTR pSlotList,     /* receives array of slot IDs */
+  CK_ULONG_PTR   pulCount       /* receives number of slots */
+);
+#endif
+
+
+/* C_GetSlotInfo obtains information about a particular slot in
+ * the system.
+ */
+CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SLOT_ID       slotID,  /* the ID of the slot */
+  CK_SLOT_INFO_PTR pInfo    /* receives the slot information */
+);
+#endif
+
+
+/* C_GetTokenInfo obtains information about a particular token
+ * in the system.
+ */
+CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SLOT_ID        slotID,  /* ID of the token's slot */
+  CK_TOKEN_INFO_PTR pInfo    /* receives the token information */
+);
+#endif
+
+
+/* C_GetMechanismList obtains a list of mechanism types
+ * supported by a token.
+ */
+CK_PKCS11_FUNCTION_INFO(C_GetMechanismList)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SLOT_ID            slotID,          /* ID of token's slot */
+  CK_MECHANISM_TYPE_PTR pMechanismList,  /* gets mech. array */
+  CK_ULONG_PTR          pulCount         /* gets # of mechs. */
+);
+#endif
+
+
+/* C_GetMechanismInfo obtains information about a particular
+ * mechanism possibly supported by a token.
+ */
+CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SLOT_ID            slotID,  /* ID of the token's slot */
+  CK_MECHANISM_TYPE     type,    /* type of mechanism */
+  CK_MECHANISM_INFO_PTR pInfo    /* receives mechanism info */
+);
+#endif
+
+
+/* C_InitToken initializes a token. */
+CK_PKCS11_FUNCTION_INFO(C_InitToken)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SLOT_ID      slotID,    /* ID of the token's slot */
+  CK_UTF8CHAR_PTR pPin,      /* the SO's initial PIN */
+  CK_ULONG        ulPinLen,  /* length in bytes of the PIN */
+  CK_UTF8CHAR_PTR pLabel     /* 32-byte token label (blank padded) */
+);
+#endif
+
+
+/* C_InitPIN initializes the normal user's PIN. */
+CK_PKCS11_FUNCTION_INFO(C_InitPIN)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,  /* the session's handle */
+  CK_UTF8CHAR_PTR   pPin,      /* the normal user's PIN */
+  CK_ULONG          ulPinLen   /* length in bytes of the PIN */
+);
+#endif
+
+
+/* C_SetPIN modifies the PIN of the user who is logged in. */
+CK_PKCS11_FUNCTION_INFO(C_SetPIN)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,  /* the session's handle */
+  CK_UTF8CHAR_PTR   pOldPin,   /* the old PIN */
+  CK_ULONG          ulOldLen,  /* length of the old PIN */
+  CK_UTF8CHAR_PTR   pNewPin,   /* the new PIN */
+  CK_ULONG          ulNewLen   /* length of the new PIN */
+);
+#endif
+
+
+
+/* Session management */
+
+/* C_OpenSession opens a session between an application and a
+ * token.
+ */
+CK_PKCS11_FUNCTION_INFO(C_OpenSession)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SLOT_ID            slotID,        /* the slot's ID */
+  CK_FLAGS              flags,         /* from CK_SESSION_INFO */
+  CK_VOID_PTR           pApplication,  /* passed to callback */
+  CK_NOTIFY             Notify,        /* callback function */
+  CK_SESSION_HANDLE_PTR phSession      /* gets session handle */
+);
+#endif
+
+
+/* C_CloseSession closes a session between an application and a
+ * token.
+ */
+CK_PKCS11_FUNCTION_INFO(C_CloseSession)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession  /* the session's handle */
+);
+#endif
+
+
+/* C_CloseAllSessions closes all sessions with a token. */
+CK_PKCS11_FUNCTION_INFO(C_CloseAllSessions)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SLOT_ID     slotID  /* the token's slot */
+);
+#endif
+
+
+/* C_GetSessionInfo obtains information about the session. */
+CK_PKCS11_FUNCTION_INFO(C_GetSessionInfo)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE   hSession,  /* the session's handle */
+  CK_SESSION_INFO_PTR pInfo      /* receives session info */
+);
+#endif
+
+
+/* C_GetOperationState obtains the state of the cryptographic operation
+ * in a session.
+ */
+CK_PKCS11_FUNCTION_INFO(C_GetOperationState)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,             /* session's handle */
+  CK_BYTE_PTR       pOperationState,      /* gets state */
+  CK_ULONG_PTR      pulOperationStateLen  /* gets state length */
+);
+#endif
+
+
+/* C_SetOperationState restores the state of the cryptographic
+ * operation in a session.
+ */
+CK_PKCS11_FUNCTION_INFO(C_SetOperationState)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,            /* session's handle */
+  CK_BYTE_PTR      pOperationState,      /* holds state */
+  CK_ULONG         ulOperationStateLen,  /* holds state length */
+  CK_OBJECT_HANDLE hEncryptionKey,       /* en/decryption key */
+  CK_OBJECT_HANDLE hAuthenticationKey    /* sign/verify key */
+);
+#endif
+
+
+/* C_Login logs a user into a token. */
+CK_PKCS11_FUNCTION_INFO(C_Login)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,  /* the session's handle */
+  CK_USER_TYPE      userType,  /* the user type */
+  CK_UTF8CHAR_PTR   pPin,      /* the user's PIN */
+  CK_ULONG          ulPinLen   /* the length of the PIN */
+);
+#endif
+
+
+/* C_Logout logs a user out from a token. */
+CK_PKCS11_FUNCTION_INFO(C_Logout)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession  /* the session's handle */
+);
+#endif
+
+
+
+/* Object management */
+
+/* C_CreateObject creates a new object. */
+CK_PKCS11_FUNCTION_INFO(C_CreateObject)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,    /* the session's handle */
+  CK_ATTRIBUTE_PTR  pTemplate,   /* the object's template */
+  CK_ULONG          ulCount,     /* attributes in template */
+  CK_OBJECT_HANDLE_PTR phObject  /* gets new object's handle. */
+);
+#endif
+
+
+/* C_CopyObject copies an object, creating a new object for the
+ * copy.
+ */
+CK_PKCS11_FUNCTION_INFO(C_CopyObject)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE    hSession,    /* the session's handle */
+  CK_OBJECT_HANDLE     hObject,     /* the object's handle */
+  CK_ATTRIBUTE_PTR     pTemplate,   /* template for new object */
+  CK_ULONG             ulCount,     /* attributes in template */
+  CK_OBJECT_HANDLE_PTR phNewObject  /* receives handle of copy */
+);
+#endif
+
+
+/* C_DestroyObject destroys an object. */
+CK_PKCS11_FUNCTION_INFO(C_DestroyObject)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,  /* the session's handle */
+  CK_OBJECT_HANDLE  hObject    /* the object's handle */
+);
+#endif
+
+
+/* C_GetObjectSize gets the size of an object in bytes. */
+CK_PKCS11_FUNCTION_INFO(C_GetObjectSize)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,  /* the session's handle */
+  CK_OBJECT_HANDLE  hObject,   /* the object's handle */
+  CK_ULONG_PTR      pulSize    /* receives size of object */
+);
+#endif
+
+
+/* C_GetAttributeValue obtains the value of one or more object
+ * attributes.
+ */
+CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,   /* the session's handle */
+  CK_OBJECT_HANDLE  hObject,    /* the object's handle */
+  CK_ATTRIBUTE_PTR  pTemplate,  /* specifies attrs; gets vals */
+  CK_ULONG          ulCount     /* attributes in template */
+);
+#endif
+
+
+/* C_SetAttributeValue modifies the value of one or more object
+ * attributes.
+ */
+CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,   /* the session's handle */
+  CK_OBJECT_HANDLE  hObject,    /* the object's handle */
+  CK_ATTRIBUTE_PTR  pTemplate,  /* specifies attrs and values */
+  CK_ULONG          ulCount     /* attributes in template */
+);
+#endif
+
+
+/* C_FindObjectsInit initializes a search for token and session
+ * objects that match a template.
+ */
+CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,   /* the session's handle */
+  CK_ATTRIBUTE_PTR  pTemplate,  /* attribute values to match */
+  CK_ULONG          ulCount     /* attrs in search template */
+);
+#endif
+
+
+/* C_FindObjects continues a search for token and session
+ * objects that match a template, obtaining additional object
+ * handles.
+ */
+CK_PKCS11_FUNCTION_INFO(C_FindObjects)
+#ifdef CK_NEED_ARG_LIST
+(
+ CK_SESSION_HANDLE    hSession,          /* session's handle */
+ CK_OBJECT_HANDLE_PTR phObject,          /* gets obj. handles */
+ CK_ULONG             ulMaxObjectCount,  /* max handles to get */
+ CK_ULONG_PTR         pulObjectCount     /* actual # returned */
+);
+#endif
+
+
+/* C_FindObjectsFinal finishes a search for token and session
+ * objects.
+ */
+CK_PKCS11_FUNCTION_INFO(C_FindObjectsFinal)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession  /* the session's handle */
+);
+#endif
+
+
+
+/* Encryption and decryption */
+
+/* C_EncryptInit initializes an encryption operation. */
+CK_PKCS11_FUNCTION_INFO(C_EncryptInit)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,    /* the session's handle */
+  CK_MECHANISM_PTR  pMechanism,  /* the encryption mechanism */
+  CK_OBJECT_HANDLE  hKey         /* handle of encryption key */
+);
+#endif
+
+
+/* C_Encrypt encrypts single-part data. */
+CK_PKCS11_FUNCTION_INFO(C_Encrypt)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,            /* session's handle */
+  CK_BYTE_PTR       pData,               /* the plaintext data */
+  CK_ULONG          ulDataLen,           /* bytes of plaintext */
+  CK_BYTE_PTR       pEncryptedData,      /* gets ciphertext */
+  CK_ULONG_PTR      pulEncryptedDataLen  /* gets c-text size */
+);
+#endif
+
+
+/* C_EncryptUpdate continues a multiple-part encryption
+ * operation.
+ */
+CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,           /* session's handle */
+  CK_BYTE_PTR       pPart,              /* the plaintext data */
+  CK_ULONG          ulPartLen,          /* plaintext data len */
+  CK_BYTE_PTR       pEncryptedPart,     /* gets ciphertext */
+  CK_ULONG_PTR      pulEncryptedPartLen /* gets c-text size */
+);
+#endif
+
+
+/* C_EncryptFinal finishes a multiple-part encryption
+ * operation.
+ */
+CK_PKCS11_FUNCTION_INFO(C_EncryptFinal)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,                /* session handle */
+  CK_BYTE_PTR       pLastEncryptedPart,      /* last c-text */
+  CK_ULONG_PTR      pulLastEncryptedPartLen  /* gets last size */
+);
+#endif
+
+
+/* C_DecryptInit initializes a decryption operation. */
+CK_PKCS11_FUNCTION_INFO(C_DecryptInit)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,    /* the session's handle */
+  CK_MECHANISM_PTR  pMechanism,  /* the decryption mechanism */
+  CK_OBJECT_HANDLE  hKey         /* handle of decryption key */
+);
+#endif
+
+
+/* C_Decrypt decrypts encrypted data in a single part. */
+CK_PKCS11_FUNCTION_INFO(C_Decrypt)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,           /* session's handle */
+  CK_BYTE_PTR       pEncryptedData,     /* ciphertext */
+  CK_ULONG          ulEncryptedDataLen, /* ciphertext length */
+  CK_BYTE_PTR       pData,              /* gets plaintext */
+  CK_ULONG_PTR      pulDataLen          /* gets p-text size */
+);
+#endif
+
+
+/* C_DecryptUpdate continues a multiple-part decryption
+ * operation.
+ */
+CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,            /* session's handle */
+  CK_BYTE_PTR       pEncryptedPart,      /* encrypted data */
+  CK_ULONG          ulEncryptedPartLen,  /* input length */
+  CK_BYTE_PTR       pPart,               /* gets plaintext */
+  CK_ULONG_PTR      pulPartLen           /* p-text size */
+);
+#endif
+
+
+/* C_DecryptFinal finishes a multiple-part decryption
+ * operation.
+ */
+CK_PKCS11_FUNCTION_INFO(C_DecryptFinal)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,       /* the session's handle */
+  CK_BYTE_PTR       pLastPart,      /* gets plaintext */
+  CK_ULONG_PTR      pulLastPartLen  /* p-text size */
+);
+#endif
+
+
+
+/* Message digesting */
+
+/* C_DigestInit initializes a message-digesting operation. */
+CK_PKCS11_FUNCTION_INFO(C_DigestInit)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,   /* the session's handle */
+  CK_MECHANISM_PTR  pMechanism  /* the digesting mechanism */
+);
+#endif
+
+
+/* C_Digest digests data in a single part. */
+CK_PKCS11_FUNCTION_INFO(C_Digest)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,     /* the session's handle */
+  CK_BYTE_PTR       pData,        /* data to be digested */
+  CK_ULONG          ulDataLen,    /* bytes of data to digest */
+  CK_BYTE_PTR       pDigest,      /* gets the message digest */
+  CK_ULONG_PTR      pulDigestLen  /* gets digest length */
+);
+#endif
+
+
+/* C_DigestUpdate continues a multiple-part message-digesting
+ * operation.
+ */
+CK_PKCS11_FUNCTION_INFO(C_DigestUpdate)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,  /* the session's handle */
+  CK_BYTE_PTR       pPart,     /* data to be digested */
+  CK_ULONG          ulPartLen  /* bytes of data to be digested */
+);
+#endif
+
+
+/* C_DigestKey continues a multi-part message-digesting
+ * operation, by digesting the value of a secret key as part of
+ * the data already digested.
+ */
+CK_PKCS11_FUNCTION_INFO(C_DigestKey)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,  /* the session's handle */
+  CK_OBJECT_HANDLE  hKey       /* secret key to digest */
+);
+#endif
+
+
+/* C_DigestFinal finishes a multiple-part message-digesting
+ * operation.
+ */
+CK_PKCS11_FUNCTION_INFO(C_DigestFinal)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,     /* the session's handle */
+  CK_BYTE_PTR       pDigest,      /* gets the message digest */
+  CK_ULONG_PTR      pulDigestLen  /* gets byte count of digest */
+);
+#endif
+
+
+
+/* Signing and MACing */
+
+/* C_SignInit initializes a signature (private key encryption)
+ * operation, where the signature is (will be) an appendix to
+ * the data, and plaintext cannot be recovered from the
+ * signature.
+ */
+CK_PKCS11_FUNCTION_INFO(C_SignInit)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,    /* the session's handle */
+  CK_MECHANISM_PTR  pMechanism,  /* the signature mechanism */
+  CK_OBJECT_HANDLE  hKey         /* handle of signature key */
+);
+#endif
+
+
+/* C_Sign signs (encrypts with private key) data in a single
+ * part, where the signature is (will be) an appendix to the
+ * data, and plaintext cannot be recovered from the signature.
+ */
+CK_PKCS11_FUNCTION_INFO(C_Sign)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,        /* the session's handle */
+  CK_BYTE_PTR       pData,           /* the data to sign */
+  CK_ULONG          ulDataLen,       /* count of bytes to sign */
+  CK_BYTE_PTR       pSignature,      /* gets the signature */
+  CK_ULONG_PTR      pulSignatureLen  /* gets signature length */
+);
+#endif
+
+
+/* C_SignUpdate continues a multiple-part signature operation,
+ * where the signature is (will be) an appendix to the data,
+ * and plaintext cannot be recovered from the signature.
+ */
+CK_PKCS11_FUNCTION_INFO(C_SignUpdate)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,  /* the session's handle */
+  CK_BYTE_PTR       pPart,     /* the data to sign */
+  CK_ULONG          ulPartLen  /* count of bytes to sign */
+);
+#endif
+
+
+/* C_SignFinal finishes a multiple-part signature operation,
+ * returning the signature.
+ */
+CK_PKCS11_FUNCTION_INFO(C_SignFinal)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,        /* the session's handle */
+  CK_BYTE_PTR       pSignature,      /* gets the signature */
+  CK_ULONG_PTR      pulSignatureLen  /* gets signature length */
+);
+#endif
+
+
+/* C_SignRecoverInit initializes a signature operation, where
+ * the data can be recovered from the signature.
+ */
+CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,   /* the session's handle */
+  CK_MECHANISM_PTR  pMechanism, /* the signature mechanism */
+  CK_OBJECT_HANDLE  hKey        /* handle of the signature key */
+);
+#endif
+
+
+/* C_SignRecover signs data in a single operation, where the
+ * data can be recovered from the signature.
+ */
+CK_PKCS11_FUNCTION_INFO(C_SignRecover)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,        /* the session's handle */
+  CK_BYTE_PTR       pData,           /* the data to sign */
+  CK_ULONG          ulDataLen,       /* count of bytes to sign */
+  CK_BYTE_PTR       pSignature,      /* gets the signature */
+  CK_ULONG_PTR      pulSignatureLen  /* gets signature length */
+);
+#endif
+
+
+
+/* Verifying signatures and MACs */
+
+/* C_VerifyInit initializes a verification operation, where the
+ * signature is an appendix to the data, and plaintext cannot
+ * cannot be recovered from the signature (e.g. DSA).
+ */
+CK_PKCS11_FUNCTION_INFO(C_VerifyInit)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,    /* the session's handle */
+  CK_MECHANISM_PTR  pMechanism,  /* the verification mechanism */
+  CK_OBJECT_HANDLE  hKey         /* verification key */
+);
+#endif
+
+
+/* C_Verify verifies a signature in a single-part operation,
+ * where the signature is an appendix to the data, and plaintext
+ * cannot be recovered from the signature.
+ */
+CK_PKCS11_FUNCTION_INFO(C_Verify)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,       /* the session's handle */
+  CK_BYTE_PTR       pData,          /* signed data */
+  CK_ULONG          ulDataLen,      /* length of signed data */
+  CK_BYTE_PTR       pSignature,     /* signature */
+  CK_ULONG          ulSignatureLen  /* signature length*/
+);
+#endif
+
+
+/* C_VerifyUpdate continues a multiple-part verification
+ * operation, where the signature is an appendix to the data,
+ * and plaintext cannot be recovered from the signature.
+ */
+CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,  /* the session's handle */
+  CK_BYTE_PTR       pPart,     /* signed data */
+  CK_ULONG          ulPartLen  /* length of signed data */
+);
+#endif
+
+
+/* C_VerifyFinal finishes a multiple-part verification
+ * operation, checking the signature.
+ */
+CK_PKCS11_FUNCTION_INFO(C_VerifyFinal)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,       /* the session's handle */
+  CK_BYTE_PTR       pSignature,     /* signature to verify */
+  CK_ULONG          ulSignatureLen  /* signature length */
+);
+#endif
+
+
+/* C_VerifyRecoverInit initializes a signature verification
+ * operation, where the data is recovered from the signature.
+ */
+CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,    /* the session's handle */
+  CK_MECHANISM_PTR  pMechanism,  /* the verification mechanism */
+  CK_OBJECT_HANDLE  hKey         /* verification key */
+);
+#endif
+
+
+/* C_VerifyRecover verifies a signature in a single-part
+ * operation, where the data is recovered from the signature.
+ */
+CK_PKCS11_FUNCTION_INFO(C_VerifyRecover)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,        /* the session's handle */
+  CK_BYTE_PTR       pSignature,      /* signature to verify */
+  CK_ULONG          ulSignatureLen,  /* signature length */
+  CK_BYTE_PTR       pData,           /* gets signed data */
+  CK_ULONG_PTR      pulDataLen       /* gets signed data len */
+);
+#endif
+
+
+
+/* Dual-function cryptographic operations */
+
+/* C_DigestEncryptUpdate continues a multiple-part digesting
+ * and encryption operation.
+ */
+CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,            /* session's handle */
+  CK_BYTE_PTR       pPart,               /* the plaintext data */
+  CK_ULONG          ulPartLen,           /* plaintext length */
+  CK_BYTE_PTR       pEncryptedPart,      /* gets ciphertext */
+  CK_ULONG_PTR      pulEncryptedPartLen  /* gets c-text length */
+);
+#endif
+
+
+/* C_DecryptDigestUpdate continues a multiple-part decryption and
+ * digesting operation.
+ */
+CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,            /* session's handle */
+  CK_BYTE_PTR       pEncryptedPart,      /* ciphertext */
+  CK_ULONG          ulEncryptedPartLen,  /* ciphertext length */
+  CK_BYTE_PTR       pPart,               /* gets plaintext */
+  CK_ULONG_PTR      pulPartLen           /* gets plaintext len */
+);
+#endif
+
+
+/* C_SignEncryptUpdate continues a multiple-part signing and
+ * encryption operation.
+ */
+CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,            /* session's handle */
+  CK_BYTE_PTR       pPart,               /* the plaintext data */
+  CK_ULONG          ulPartLen,           /* plaintext length */
+  CK_BYTE_PTR       pEncryptedPart,      /* gets ciphertext */
+  CK_ULONG_PTR      pulEncryptedPartLen  /* gets c-text length */
+);
+#endif
+
+
+/* C_DecryptVerifyUpdate continues a multiple-part decryption and
+ * verify operation.
+ */
+CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,            /* session's handle */
+  CK_BYTE_PTR       pEncryptedPart,      /* ciphertext */
+  CK_ULONG          ulEncryptedPartLen,  /* ciphertext length */
+  CK_BYTE_PTR       pPart,               /* gets plaintext */
+  CK_ULONG_PTR      pulPartLen           /* gets p-text length */
+);
+#endif
+
+
+
+/* Key management */
+
+/* C_GenerateKey generates a secret key, creating a new key
+ * object.
+ */
+CK_PKCS11_FUNCTION_INFO(C_GenerateKey)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE    hSession,    /* the session's handle */
+  CK_MECHANISM_PTR     pMechanism,  /* key generation mech. */
+  CK_ATTRIBUTE_PTR     pTemplate,   /* template for new key */
+  CK_ULONG             ulCount,     /* # of attrs in template */
+  CK_OBJECT_HANDLE_PTR phKey        /* gets handle of new key */
+);
+#endif
+
+
+/* C_GenerateKeyPair generates a public-key/private-key pair,
+ * creating new key objects.
+ */
+CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE    hSession,                    /* session handle */
+  CK_MECHANISM_PTR     pMechanism,                  /* key-gen mech. */
+  CK_ATTRIBUTE_PTR     pPublicKeyTemplate,          /* template for pub. key */
+  CK_ULONG             ulPublicKeyAttributeCount,   /* # pub. attrs. */
+  CK_ATTRIBUTE_PTR     pPrivateKeyTemplate,         /* template for priv. key */
+  CK_ULONG             ulPrivateKeyAttributeCount,  /* # priv.  attrs. */
+  CK_OBJECT_HANDLE_PTR phPublicKey,                 /* gets pub. key handle */
+  CK_OBJECT_HANDLE_PTR phPrivateKey                 /* gets priv. key handle */
+);
+#endif
+
+
+/* C_WrapKey wraps (i.e., encrypts) a key. */
+CK_PKCS11_FUNCTION_INFO(C_WrapKey)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,        /* the session's handle */
+  CK_MECHANISM_PTR  pMechanism,      /* the wrapping mechanism */
+  CK_OBJECT_HANDLE  hWrappingKey,    /* wrapping key */
+  CK_OBJECT_HANDLE  hKey,            /* key to be wrapped */
+  CK_BYTE_PTR       pWrappedKey,     /* gets wrapped key */
+  CK_ULONG_PTR      pulWrappedKeyLen /* gets wrapped key size */
+);
+#endif
+
+
+/* C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new
+ * key object.
+ */
+CK_PKCS11_FUNCTION_INFO(C_UnwrapKey)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE    hSession,          /* session's handle */
+  CK_MECHANISM_PTR     pMechanism,        /* unwrapping mech. */
+  CK_OBJECT_HANDLE     hUnwrappingKey,    /* unwrapping key */
+  CK_BYTE_PTR          pWrappedKey,       /* the wrapped key */
+  CK_ULONG             ulWrappedKeyLen,   /* wrapped key len */
+  CK_ATTRIBUTE_PTR     pTemplate,         /* new key template */
+  CK_ULONG             ulAttributeCount,  /* template length */
+  CK_OBJECT_HANDLE_PTR phKey              /* gets new handle */
+);
+#endif
+
+
+/* C_DeriveKey derives a key from a base key, creating a new key
+ * object.
+ */
+CK_PKCS11_FUNCTION_INFO(C_DeriveKey)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE    hSession,          /* session's handle */
+  CK_MECHANISM_PTR     pMechanism,        /* key deriv. mech. */
+  CK_OBJECT_HANDLE     hBaseKey,          /* base key */
+  CK_ATTRIBUTE_PTR     pTemplate,         /* new key template */
+  CK_ULONG             ulAttributeCount,  /* template length */
+  CK_OBJECT_HANDLE_PTR phKey              /* gets new handle */
+);
+#endif
+
+
+
+/* Random number generation */
+
+/* C_SeedRandom mixes additional seed material into the token's
+ * random number generator.
+ */
+CK_PKCS11_FUNCTION_INFO(C_SeedRandom)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,  /* the session's handle */
+  CK_BYTE_PTR       pSeed,     /* the seed material */
+  CK_ULONG          ulSeedLen  /* length of seed material */
+);
+#endif
+
+
+/* C_GenerateRandom generates random data. */
+CK_PKCS11_FUNCTION_INFO(C_GenerateRandom)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession,    /* the session's handle */
+  CK_BYTE_PTR       RandomData,  /* receives the random data */
+  CK_ULONG          ulRandomLen  /* # of bytes to generate */
+);
+#endif
+
+
+
+/* Parallel function management */
+
+/* C_GetFunctionStatus is a legacy function; it obtains an
+ * updated status of a function running in parallel with an
+ * application.
+ */
+CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession  /* the session's handle */
+);
+#endif
+
+
+/* C_CancelFunction is a legacy function; it cancels a function
+ * running in parallel.
+ */
+CK_PKCS11_FUNCTION_INFO(C_CancelFunction)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_SESSION_HANDLE hSession  /* the session's handle */
+);
+#endif
+
+
+/* C_WaitForSlotEvent waits for a slot event (token insertion,
+ * removal, etc.) to occur.
+ */
+CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent)
+#ifdef CK_NEED_ARG_LIST
+(
+  CK_FLAGS flags,        /* blocking/nonblocking flag */
+  CK_SLOT_ID_PTR pSlot,  /* location that receives the slot ID */
+  CK_VOID_PTR pRserved   /* reserved.  Should be NULL_PTR */
+);
+#endif
+
diff --git a/hpcs-pkcs11/samples/pkcs11t.h b/hpcs-pkcs11/samples/pkcs11t.h
new file mode 100644
index 000000000..c13e67cf5
--- /dev/null
+++ b/hpcs-pkcs11/samples/pkcs11t.h
@@ -0,0 +1,2003 @@
+/* Copyright (c) OASIS Open 2016. All Rights Reserved./
+ * /Distributed under the terms of the OASIS IPR Policy,
+ * [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT ANY
+ * IMPLIED OR EXPRESS WARRANTY; there is no warranty of MERCHANTABILITY, FITNESS FOR A
+ * PARTICULAR PURPOSE or NONINFRINGEMENT of the rights of others.
+ */
+        
+/* Latest version of the specification:
+ * http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html
+ */
+
+/* See top of pkcs11.h for information about the macros that
+ * must be defined and the structure-packing conventions that
+ * must be set before including this file.
+ */
+
+#ifndef _PKCS11T_H_
+#define _PKCS11T_H_ 1
+
+#define CRYPTOKI_VERSION_MAJOR          2
+#define CRYPTOKI_VERSION_MINOR          40
+#define CRYPTOKI_VERSION_AMENDMENT      0
+
+#define CK_TRUE         1
+#define CK_FALSE        0
+
+#ifndef CK_DISABLE_TRUE_FALSE
+#ifndef FALSE
+#define FALSE CK_FALSE
+#endif
+#ifndef TRUE
+#define TRUE CK_TRUE
+#endif
+#endif
+
+/* an unsigned 8-bit value */
+typedef unsigned char     CK_BYTE;
+
+/* an unsigned 8-bit character */
+typedef CK_BYTE           CK_CHAR;
+
+/* an 8-bit UTF-8 character */
+typedef CK_BYTE           CK_UTF8CHAR;
+
+/* a BYTE-sized Boolean flag */
+typedef CK_BYTE           CK_BBOOL;
+
+/* an unsigned value, at least 32 bits long */
+typedef unsigned long int CK_ULONG;
+
+/* a signed value, the same size as a CK_ULONG */
+typedef long int          CK_LONG;
+
+/* at least 32 bits; each bit is a Boolean flag */
+typedef CK_ULONG          CK_FLAGS;
+
+
+/* some special values for certain CK_ULONG variables */
+#define CK_UNAVAILABLE_INFORMATION      (~0UL)
+#define CK_EFFECTIVELY_INFINITE         0UL
+
+
+typedef CK_BYTE     CK_PTR   CK_BYTE_PTR;
+typedef CK_CHAR     CK_PTR   CK_CHAR_PTR;
+typedef CK_UTF8CHAR CK_PTR   CK_UTF8CHAR_PTR;
+typedef CK_ULONG    CK_PTR   CK_ULONG_PTR;
+typedef void        CK_PTR   CK_VOID_PTR;
+
+/* Pointer to a CK_VOID_PTR-- i.e., pointer to pointer to void */
+typedef CK_VOID_PTR CK_PTR CK_VOID_PTR_PTR;
+
+
+/* The following value is always invalid if used as a session
+ * handle or object handle
+ */
+#define CK_INVALID_HANDLE       0UL
+
+
+typedef struct CK_VERSION {
+  CK_BYTE       major;  /* integer portion of version number */
+  CK_BYTE       minor;  /* 1/100ths portion of version number */
+} CK_VERSION;
+
+typedef CK_VERSION CK_PTR CK_VERSION_PTR;
+
+
+typedef struct CK_INFO {
+  CK_VERSION    cryptokiVersion;     /* Cryptoki interface ver */
+  CK_UTF8CHAR   manufacturerID[32];  /* blank padded */
+  CK_FLAGS      flags;               /* must be zero */
+  CK_UTF8CHAR   libraryDescription[32];  /* blank padded */
+  CK_VERSION    libraryVersion;          /* version of library */
+} CK_INFO;
+
+typedef CK_INFO CK_PTR    CK_INFO_PTR;
+
+
+/* CK_NOTIFICATION enumerates the types of notifications that
+ * Cryptoki provides to an application
+ */
+typedef CK_ULONG CK_NOTIFICATION;
+#define CKN_SURRENDER           0UL
+#define CKN_OTP_CHANGED         1UL
+
+typedef CK_ULONG          CK_SLOT_ID;
+
+typedef CK_SLOT_ID CK_PTR CK_SLOT_ID_PTR;
+
+
+/* CK_SLOT_INFO provides information about a slot */
+typedef struct CK_SLOT_INFO {
+  CK_UTF8CHAR   slotDescription[64];  /* blank padded */
+  CK_UTF8CHAR   manufacturerID[32];   /* blank padded */
+  CK_FLAGS      flags;
+
+  CK_VERSION    hardwareVersion;  /* version of hardware */
+  CK_VERSION    firmwareVersion;  /* version of firmware */
+} CK_SLOT_INFO;
+
+/* flags: bit flags that provide capabilities of the slot
+ *      Bit Flag              Mask        Meaning
+ */
+#define CKF_TOKEN_PRESENT     0x00000001UL  /* a token is there */
+#define CKF_REMOVABLE_DEVICE  0x00000002UL  /* removable devices*/
+#define CKF_HW_SLOT           0x00000004UL  /* hardware slot */
+
+typedef CK_SLOT_INFO CK_PTR CK_SLOT_INFO_PTR;
+
+
+/* CK_TOKEN_INFO provides information about a token */
+typedef struct CK_TOKEN_INFO {
+  CK_UTF8CHAR   label[32];           /* blank padded */
+  CK_UTF8CHAR   manufacturerID[32];  /* blank padded */
+  CK_UTF8CHAR   model[16];           /* blank padded */
+  CK_CHAR       serialNumber[16];    /* blank padded */
+  CK_FLAGS      flags;               /* see below */
+
+  CK_ULONG      ulMaxSessionCount;     /* max open sessions */
+  CK_ULONG      ulSessionCount;        /* sess. now open */
+  CK_ULONG      ulMaxRwSessionCount;   /* max R/W sessions */
+  CK_ULONG      ulRwSessionCount;      /* R/W sess. now open */
+  CK_ULONG      ulMaxPinLen;           /* in bytes */
+  CK_ULONG      ulMinPinLen;           /* in bytes */
+  CK_ULONG      ulTotalPublicMemory;   /* in bytes */
+  CK_ULONG      ulFreePublicMemory;    /* in bytes */
+  CK_ULONG      ulTotalPrivateMemory;  /* in bytes */
+  CK_ULONG      ulFreePrivateMemory;   /* in bytes */
+  CK_VERSION    hardwareVersion;       /* version of hardware */
+  CK_VERSION    firmwareVersion;       /* version of firmware */
+  CK_CHAR       utcTime[16];           /* time */
+} CK_TOKEN_INFO;
+
+/* The flags parameter is defined as follows:
+ *      Bit Flag                    Mask        Meaning
+ */
+#define CKF_RNG                     0x00000001UL  /* has random # generator */
+#define CKF_WRITE_PROTECTED         0x00000002UL  /* token is write-protected */
+#define CKF_LOGIN_REQUIRED          0x00000004UL  /* user must login */
+#define CKF_USER_PIN_INITIALIZED    0x00000008UL  /* normal user's PIN is set */
+
+/* CKF_RESTORE_KEY_NOT_NEEDED.  If it is set,
+ * that means that *every* time the state of cryptographic
+ * operations of a session is successfully saved, all keys
+ * needed to continue those operations are stored in the state
+ */
+#define CKF_RESTORE_KEY_NOT_NEEDED  0x00000020UL
+
+/* CKF_CLOCK_ON_TOKEN.  If it is set, that means
+ * that the token has some sort of clock.  The time on that
+ * clock is returned in the token info structure
+ */
+#define CKF_CLOCK_ON_TOKEN          0x00000040UL
+
+/* CKF_PROTECTED_AUTHENTICATION_PATH.  If it is
+ * set, that means that there is some way for the user to login
+ * without sending a PIN through the Cryptoki library itself
+ */
+#define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100UL
+
+/* CKF_DUAL_CRYPTO_OPERATIONS.  If it is true,
+ * that means that a single session with the token can perform
+ * dual simultaneous cryptographic operations (digest and
+ * encrypt; decrypt and digest; sign and encrypt; and decrypt
+ * and sign)
+ */
+#define CKF_DUAL_CRYPTO_OPERATIONS  0x00000200UL
+
+/* CKF_TOKEN_INITIALIZED. If it is true, the
+ * token has been initialized using C_InitializeToken or an
+ * equivalent mechanism outside the scope of PKCS #11.
+ * Calling C_InitializeToken when this flag is set will cause
+ * the token to be reinitialized.
+ */
+#define CKF_TOKEN_INITIALIZED       0x00000400UL
+
+/* CKF_SECONDARY_AUTHENTICATION. If it is
+ * true, the token supports secondary authentication for
+ * private key objects.
+ */
+#define CKF_SECONDARY_AUTHENTICATION  0x00000800UL
+
+/* CKF_USER_PIN_COUNT_LOW. If it is true, an
+ * incorrect user login PIN has been entered at least once
+ * since the last successful authentication.
+ */
+#define CKF_USER_PIN_COUNT_LOW       0x00010000UL
+
+/* CKF_USER_PIN_FINAL_TRY. If it is true,
+ * supplying an incorrect user PIN will it to become locked.
+ */
+#define CKF_USER_PIN_FINAL_TRY       0x00020000UL
+
+/* CKF_USER_PIN_LOCKED. If it is true, the
+ * user PIN has been locked. User login to the token is not
+ * possible.
+ */
+#define CKF_USER_PIN_LOCKED          0x00040000UL
+
+/* CKF_USER_PIN_TO_BE_CHANGED. If it is true,
+ * the user PIN value is the default value set by token
+ * initialization or manufacturing, or the PIN has been
+ * expired by the card.
+ */
+#define CKF_USER_PIN_TO_BE_CHANGED   0x00080000UL
+
+/* CKF_SO_PIN_COUNT_LOW. If it is true, an
+ * incorrect SO login PIN has been entered at least once since
+ * the last successful authentication.
+ */
+#define CKF_SO_PIN_COUNT_LOW         0x00100000UL
+
+/* CKF_SO_PIN_FINAL_TRY. If it is true,
+ * supplying an incorrect SO PIN will it to become locked.
+ */
+#define CKF_SO_PIN_FINAL_TRY         0x00200000UL
+
+/* CKF_SO_PIN_LOCKED. If it is true, the SO
+ * PIN has been locked. SO login to the token is not possible.
+ */
+#define CKF_SO_PIN_LOCKED            0x00400000UL
+
+/* CKF_SO_PIN_TO_BE_CHANGED. If it is true,
+ * the SO PIN value is the default value set by token
+ * initialization or manufacturing, or the PIN has been
+ * expired by the card.
+ */
+#define CKF_SO_PIN_TO_BE_CHANGED     0x00800000UL
+
+#define CKF_ERROR_STATE              0x01000000UL
+
+typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR;
+
+
+/* CK_SESSION_HANDLE is a Cryptoki-assigned value that
+ * identifies a session
+ */
+typedef CK_ULONG          CK_SESSION_HANDLE;
+
+typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR;
+
+
+/* CK_USER_TYPE enumerates the types of Cryptoki users */
+typedef CK_ULONG          CK_USER_TYPE;
+/* Security Officer */
+#define CKU_SO                  0UL
+/* Normal user */
+#define CKU_USER                1UL
+/* Context specific */
+#define CKU_CONTEXT_SPECIFIC    2UL
+
+/* CK_STATE enumerates the session states */
+typedef CK_ULONG          CK_STATE;
+#define CKS_RO_PUBLIC_SESSION   0UL
+#define CKS_RO_USER_FUNCTIONS   1UL
+#define CKS_RW_PUBLIC_SESSION   2UL
+#define CKS_RW_USER_FUNCTIONS   3UL
+#define CKS_RW_SO_FUNCTIONS     4UL
+
+/* CK_SESSION_INFO provides information about a session */
+typedef struct CK_SESSION_INFO {
+  CK_SLOT_ID    slotID;
+  CK_STATE      state;
+  CK_FLAGS      flags;          /* see below */
+  CK_ULONG      ulDeviceError;  /* device-dependent error code */
+} CK_SESSION_INFO;
+
+/* The flags are defined in the following table:
+ *      Bit Flag                Mask        Meaning
+ */
+#define CKF_RW_SESSION          0x00000002UL /* session is r/w */
+#define CKF_SERIAL_SESSION      0x00000004UL /* no parallel    */
+
+typedef CK_SESSION_INFO CK_PTR CK_SESSION_INFO_PTR;
+
+
+/* CK_OBJECT_HANDLE is a token-specific identifier for an
+ * object
+ */
+typedef CK_ULONG          CK_OBJECT_HANDLE;
+
+typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR;
+
+
+/* CK_OBJECT_CLASS is a value that identifies the classes (or
+ * types) of objects that Cryptoki recognizes.  It is defined
+ * as follows:
+ */
+typedef CK_ULONG          CK_OBJECT_CLASS;
+
+/* The following classes of objects are defined: */
+#define CKO_DATA              0x00000000UL
+#define CKO_CERTIFICATE       0x00000001UL
+#define CKO_PUBLIC_KEY        0x00000002UL
+#define CKO_PRIVATE_KEY       0x00000003UL
+#define CKO_SECRET_KEY        0x00000004UL
+#define CKO_HW_FEATURE        0x00000005UL
+#define CKO_DOMAIN_PARAMETERS 0x00000006UL
+#define CKO_MECHANISM         0x00000007UL
+#define CKO_OTP_KEY           0x00000008UL
+
+#define CKO_VENDOR_DEFINED    0x80000000UL
+
+typedef CK_OBJECT_CLASS CK_PTR CK_OBJECT_CLASS_PTR;
+
+/* CK_HW_FEATURE_TYPE is a value that identifies the hardware feature type
+ * of an object with CK_OBJECT_CLASS equal to CKO_HW_FEATURE.
+ */
+typedef CK_ULONG          CK_HW_FEATURE_TYPE;
+
+/* The following hardware feature types are defined */
+#define CKH_MONOTONIC_COUNTER  0x00000001UL
+#define CKH_CLOCK              0x00000002UL
+#define CKH_USER_INTERFACE     0x00000003UL
+#define CKH_VENDOR_DEFINED     0x80000000UL
+
+/* CK_KEY_TYPE is a value that identifies a key type */
+typedef CK_ULONG          CK_KEY_TYPE;
+
+/* the following key types are defined: */
+#define CKK_RSA                 0x00000000UL
+#define CKK_DSA                 0x00000001UL
+#define CKK_DH                  0x00000002UL
+#define CKK_ECDSA               0x00000003UL /* Deprecated */
+#define CKK_EC                  0x00000003UL
+#define CKK_X9_42_DH            0x00000004UL
+#define CKK_KEA                 0x00000005UL
+#define CKK_GENERIC_SECRET      0x00000010UL
+#define CKK_RC2                 0x00000011UL
+#define CKK_RC4                 0x00000012UL
+#define CKK_DES                 0x00000013UL
+#define CKK_DES2                0x00000014UL
+#define CKK_DES3                0x00000015UL
+#define CKK_CAST                0x00000016UL
+#define CKK_CAST3               0x00000017UL
+#define CKK_CAST5               0x00000018UL /* Deprecated */
+#define CKK_CAST128             0x00000018UL
+#define CKK_RC5                 0x00000019UL
+#define CKK_IDEA                0x0000001AUL
+#define CKK_SKIPJACK            0x0000001BUL
+#define CKK_BATON               0x0000001CUL
+#define CKK_JUNIPER             0x0000001DUL
+#define CKK_CDMF                0x0000001EUL
+#define CKK_AES                 0x0000001FUL
+#define CKK_BLOWFISH            0x00000020UL
+#define CKK_TWOFISH             0x00000021UL
+#define CKK_SECURID             0x00000022UL
+#define CKK_HOTP                0x00000023UL
+#define CKK_ACTI                0x00000024UL
+#define CKK_CAMELLIA            0x00000025UL
+#define CKK_ARIA                0x00000026UL
+
+#define CKK_MD5_HMAC            0x00000027UL
+#define CKK_SHA_1_HMAC          0x00000028UL
+#define CKK_RIPEMD128_HMAC      0x00000029UL
+#define CKK_RIPEMD160_HMAC      0x0000002AUL
+#define CKK_SHA256_HMAC         0x0000002BUL
+#define CKK_SHA384_HMAC         0x0000002CUL
+#define CKK_SHA512_HMAC         0x0000002DUL
+#define CKK_SHA224_HMAC         0x0000002EUL
+
+#define CKK_SEED                0x0000002FUL
+#define CKK_GOSTR3410           0x00000030UL
+#define CKK_GOSTR3411           0x00000031UL
+#define CKK_GOST28147           0x00000032UL
+
+
+
+#define CKK_VENDOR_DEFINED      0x80000000UL
+
+
+/* CK_CERTIFICATE_TYPE is a value that identifies a certificate
+ * type
+ */
+typedef CK_ULONG          CK_CERTIFICATE_TYPE;
+
+#define CK_CERTIFICATE_CATEGORY_UNSPECIFIED     0UL
+#define CK_CERTIFICATE_CATEGORY_TOKEN_USER      1UL
+#define CK_CERTIFICATE_CATEGORY_AUTHORITY       2UL
+#define CK_CERTIFICATE_CATEGORY_OTHER_ENTITY    3UL
+
+#define CK_SECURITY_DOMAIN_UNSPECIFIED     0UL
+#define CK_SECURITY_DOMAIN_MANUFACTURER    1UL
+#define CK_SECURITY_DOMAIN_OPERATOR        2UL
+#define CK_SECURITY_DOMAIN_THIRD_PARTY     3UL
+
+
+/* The following certificate types are defined: */
+#define CKC_X_509               0x00000000UL
+#define CKC_X_509_ATTR_CERT     0x00000001UL
+#define CKC_WTLS                0x00000002UL
+#define CKC_VENDOR_DEFINED      0x80000000UL
+
+
+/* CK_ATTRIBUTE_TYPE is a value that identifies an attribute
+ * type
+ */
+typedef CK_ULONG          CK_ATTRIBUTE_TYPE;
+
+/* The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which
+ * consists of an array of values.
+ */
+#define CKF_ARRAY_ATTRIBUTE     0x40000000UL
+
+/* The following OTP-related defines relate to the CKA_OTP_FORMAT attribute */
+#define CK_OTP_FORMAT_DECIMAL           0UL
+#define CK_OTP_FORMAT_HEXADECIMAL       1UL
+#define CK_OTP_FORMAT_ALPHANUMERIC      2UL
+#define CK_OTP_FORMAT_BINARY            3UL
+
+/* The following OTP-related defines relate to the CKA_OTP_..._REQUIREMENT
+ * attributes
+ */
+#define CK_OTP_PARAM_IGNORED            0UL
+#define CK_OTP_PARAM_OPTIONAL           1UL
+#define CK_OTP_PARAM_MANDATORY          2UL
+
+/* The following attribute types are defined: */
+#define CKA_CLASS              0x00000000UL
+#define CKA_TOKEN              0x00000001UL
+#define CKA_PRIVATE            0x00000002UL
+#define CKA_LABEL              0x00000003UL
+#define CKA_APPLICATION        0x00000010UL
+#define CKA_VALUE              0x00000011UL
+#define CKA_OBJECT_ID          0x00000012UL
+#define CKA_CERTIFICATE_TYPE   0x00000080UL
+#define CKA_ISSUER             0x00000081UL
+#define CKA_SERIAL_NUMBER      0x00000082UL
+#define CKA_AC_ISSUER          0x00000083UL
+#define CKA_OWNER              0x00000084UL
+#define CKA_ATTR_TYPES         0x00000085UL
+#define CKA_TRUSTED            0x00000086UL
+#define CKA_CERTIFICATE_CATEGORY        0x00000087UL
+#define CKA_JAVA_MIDP_SECURITY_DOMAIN   0x00000088UL
+#define CKA_URL                         0x00000089UL
+#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY  0x0000008AUL
+#define CKA_HASH_OF_ISSUER_PUBLIC_KEY   0x0000008BUL
+#define CKA_NAME_HASH_ALGORITHM         0x0000008CUL
+#define CKA_CHECK_VALUE                 0x00000090UL
+
+#define CKA_KEY_TYPE           0x00000100UL
+#define CKA_SUBJECT            0x00000101UL
+#define CKA_ID                 0x00000102UL
+#define CKA_SENSITIVE          0x00000103UL
+#define CKA_ENCRYPT            0x00000104UL
+#define CKA_DECRYPT            0x00000105UL
+#define CKA_WRAP               0x00000106UL
+#define CKA_UNWRAP             0x00000107UL
+#define CKA_SIGN               0x00000108UL
+#define CKA_SIGN_RECOVER       0x00000109UL
+#define CKA_VERIFY             0x0000010AUL
+#define CKA_VERIFY_RECOVER     0x0000010BUL
+#define CKA_DERIVE             0x0000010CUL
+#define CKA_START_DATE         0x00000110UL
+#define CKA_END_DATE           0x00000111UL
+#define CKA_MODULUS            0x00000120UL
+#define CKA_MODULUS_BITS       0x00000121UL
+#define CKA_PUBLIC_EXPONENT    0x00000122UL
+#define CKA_PRIVATE_EXPONENT   0x00000123UL
+#define CKA_PRIME_1            0x00000124UL
+#define CKA_PRIME_2            0x00000125UL
+#define CKA_EXPONENT_1         0x00000126UL
+#define CKA_EXPONENT_2         0x00000127UL
+#define CKA_COEFFICIENT        0x00000128UL
+#define CKA_PUBLIC_KEY_INFO    0x00000129UL
+#define CKA_PRIME              0x00000130UL
+#define CKA_SUBPRIME           0x00000131UL
+#define CKA_BASE               0x00000132UL
+
+#define CKA_PRIME_BITS         0x00000133UL
+#define CKA_SUBPRIME_BITS      0x00000134UL
+#define CKA_SUB_PRIME_BITS     CKA_SUBPRIME_BITS
+
+#define CKA_VALUE_BITS         0x00000160UL
+#define CKA_VALUE_LEN          0x00000161UL
+#define CKA_EXTRACTABLE        0x00000162UL
+#define CKA_LOCAL              0x00000163UL
+#define CKA_NEVER_EXTRACTABLE  0x00000164UL
+#define CKA_ALWAYS_SENSITIVE   0x00000165UL
+#define CKA_KEY_GEN_MECHANISM  0x00000166UL
+
+#define CKA_MODIFIABLE         0x00000170UL
+#define CKA_COPYABLE           0x00000171UL
+
+#define CKA_DESTROYABLE        0x00000172UL
+
+#define CKA_ECDSA_PARAMS       0x00000180UL /* Deprecated */
+#define CKA_EC_PARAMS          0x00000180UL
+
+#define CKA_EC_POINT           0x00000181UL
+
+#define CKA_SECONDARY_AUTH     0x00000200UL /* Deprecated */
+#define CKA_AUTH_PIN_FLAGS     0x00000201UL /* Deprecated */
+
+#define CKA_ALWAYS_AUTHENTICATE  0x00000202UL
+
+#define CKA_WRAP_WITH_TRUSTED    0x00000210UL
+#define CKA_WRAP_TEMPLATE        (CKF_ARRAY_ATTRIBUTE|0x00000211UL)
+#define CKA_UNWRAP_TEMPLATE      (CKF_ARRAY_ATTRIBUTE|0x00000212UL)
+#define CKA_DERIVE_TEMPLATE      (CKF_ARRAY_ATTRIBUTE|0x00000213UL)
+
+#define CKA_OTP_FORMAT                0x00000220UL
+#define CKA_OTP_LENGTH                0x00000221UL
+#define CKA_OTP_TIME_INTERVAL         0x00000222UL
+#define CKA_OTP_USER_FRIENDLY_MODE    0x00000223UL
+#define CKA_OTP_CHALLENGE_REQUIREMENT 0x00000224UL
+#define CKA_OTP_TIME_REQUIREMENT      0x00000225UL
+#define CKA_OTP_COUNTER_REQUIREMENT   0x00000226UL
+#define CKA_OTP_PIN_REQUIREMENT       0x00000227UL
+#define CKA_OTP_COUNTER               0x0000022EUL
+#define CKA_OTP_TIME                  0x0000022FUL
+#define CKA_OTP_USER_IDENTIFIER       0x0000022AUL
+#define CKA_OTP_SERVICE_IDENTIFIER    0x0000022BUL
+#define CKA_OTP_SERVICE_LOGO          0x0000022CUL
+#define CKA_OTP_SERVICE_LOGO_TYPE     0x0000022DUL
+
+#define CKA_GOSTR3410_PARAMS            0x00000250UL
+#define CKA_GOSTR3411_PARAMS            0x00000251UL
+#define CKA_GOST28147_PARAMS            0x00000252UL
+
+#define CKA_HW_FEATURE_TYPE             0x00000300UL
+#define CKA_RESET_ON_INIT               0x00000301UL
+#define CKA_HAS_RESET                   0x00000302UL
+
+#define CKA_PIXEL_X                     0x00000400UL
+#define CKA_PIXEL_Y                     0x00000401UL
+#define CKA_RESOLUTION                  0x00000402UL
+#define CKA_CHAR_ROWS                   0x00000403UL
+#define CKA_CHAR_COLUMNS                0x00000404UL
+#define CKA_COLOR                       0x00000405UL
+#define CKA_BITS_PER_PIXEL              0x00000406UL
+#define CKA_CHAR_SETS                   0x00000480UL
+#define CKA_ENCODING_METHODS            0x00000481UL
+#define CKA_MIME_TYPES                  0x00000482UL
+#define CKA_MECHANISM_TYPE              0x00000500UL
+#define CKA_REQUIRED_CMS_ATTRIBUTES     0x00000501UL
+#define CKA_DEFAULT_CMS_ATTRIBUTES      0x00000502UL
+#define CKA_SUPPORTED_CMS_ATTRIBUTES    0x00000503UL
+#define CKA_ALLOWED_MECHANISMS          (CKF_ARRAY_ATTRIBUTE|0x00000600UL)
+
+#define CKA_VENDOR_DEFINED              0x80000000UL
+
+/* CK_ATTRIBUTE is a structure that includes the type, length
+ * and value of an attribute
+ */
+typedef struct CK_ATTRIBUTE {
+  CK_ATTRIBUTE_TYPE type;
+  CK_VOID_PTR       pValue;
+  CK_ULONG          ulValueLen;  /* in bytes */
+} CK_ATTRIBUTE;
+
+typedef CK_ATTRIBUTE CK_PTR CK_ATTRIBUTE_PTR;
+
+/* CK_DATE is a structure that defines a date */
+typedef struct CK_DATE{
+  CK_CHAR       year[4];   /* the year ("1900" - "9999") */
+  CK_CHAR       month[2];  /* the month ("01" - "12") */
+  CK_CHAR       day[2];    /* the day   ("01" - "31") */
+} CK_DATE;
+
+
+/* CK_MECHANISM_TYPE is a value that identifies a mechanism
+ * type
+ */
+typedef CK_ULONG          CK_MECHANISM_TYPE;
+
+/* the following mechanism types are defined: */
+#define CKM_RSA_PKCS_KEY_PAIR_GEN      0x00000000UL
+#define CKM_RSA_PKCS                   0x00000001UL
+#define CKM_RSA_9796                   0x00000002UL
+#define CKM_RSA_X_509                  0x00000003UL
+
+#define CKM_MD2_RSA_PKCS               0x00000004UL
+#define CKM_MD5_RSA_PKCS               0x00000005UL
+#define CKM_SHA1_RSA_PKCS              0x00000006UL
+
+#define CKM_RIPEMD128_RSA_PKCS         0x00000007UL
+#define CKM_RIPEMD160_RSA_PKCS         0x00000008UL
+#define CKM_RSA_PKCS_OAEP              0x00000009UL
+
+#define CKM_RSA_X9_31_KEY_PAIR_GEN     0x0000000AUL
+#define CKM_RSA_X9_31                  0x0000000BUL
+#define CKM_SHA1_RSA_X9_31             0x0000000CUL
+#define CKM_RSA_PKCS_PSS               0x0000000DUL
+#define CKM_SHA1_RSA_PKCS_PSS          0x0000000EUL
+
+#define CKM_DSA_KEY_PAIR_GEN           0x00000010UL
+#define CKM_DSA                        0x00000011UL
+#define CKM_DSA_SHA1                   0x00000012UL
+#define CKM_DSA_SHA224                 0x00000013UL
+#define CKM_DSA_SHA256                 0x00000014UL
+#define CKM_DSA_SHA384                 0x00000015UL
+#define CKM_DSA_SHA512                 0x00000016UL
+
+#define CKM_DH_PKCS_KEY_PAIR_GEN       0x00000020UL
+#define CKM_DH_PKCS_DERIVE             0x00000021UL
+
+#define CKM_X9_42_DH_KEY_PAIR_GEN      0x00000030UL
+#define CKM_X9_42_DH_DERIVE            0x00000031UL
+#define CKM_X9_42_DH_HYBRID_DERIVE     0x00000032UL
+#define CKM_X9_42_MQV_DERIVE           0x00000033UL
+
+#define CKM_SHA256_RSA_PKCS            0x00000040UL
+#define CKM_SHA384_RSA_PKCS            0x00000041UL
+#define CKM_SHA512_RSA_PKCS            0x00000042UL
+#define CKM_SHA256_RSA_PKCS_PSS        0x00000043UL
+#define CKM_SHA384_RSA_PKCS_PSS        0x00000044UL
+#define CKM_SHA512_RSA_PKCS_PSS        0x00000045UL
+
+#define CKM_SHA224_RSA_PKCS            0x00000046UL
+#define CKM_SHA224_RSA_PKCS_PSS        0x00000047UL
+
+#define CKM_SHA512_224                 0x00000048UL
+#define CKM_SHA512_224_HMAC            0x00000049UL
+#define CKM_SHA512_224_HMAC_GENERAL    0x0000004AUL
+#define CKM_SHA512_224_KEY_DERIVATION  0x0000004BUL
+#define CKM_SHA512_256                 0x0000004CUL
+#define CKM_SHA512_256_HMAC            0x0000004DUL
+#define CKM_SHA512_256_HMAC_GENERAL    0x0000004EUL
+#define CKM_SHA512_256_KEY_DERIVATION  0x0000004FUL
+
+#define CKM_SHA512_T                   0x00000050UL
+#define CKM_SHA512_T_HMAC              0x00000051UL
+#define CKM_SHA512_T_HMAC_GENERAL      0x00000052UL
+#define CKM_SHA512_T_KEY_DERIVATION    0x00000053UL
+
+#define CKM_RC2_KEY_GEN                0x00000100UL
+#define CKM_RC2_ECB                    0x00000101UL
+#define CKM_RC2_CBC                    0x00000102UL
+#define CKM_RC2_MAC                    0x00000103UL
+
+#define CKM_RC2_MAC_GENERAL            0x00000104UL
+#define CKM_RC2_CBC_PAD                0x00000105UL
+
+#define CKM_RC4_KEY_GEN                0x00000110UL
+#define CKM_RC4                        0x00000111UL
+#define CKM_DES_KEY_GEN                0x00000120UL
+#define CKM_DES_ECB                    0x00000121UL
+#define CKM_DES_CBC                    0x00000122UL
+#define CKM_DES_MAC                    0x00000123UL
+
+#define CKM_DES_MAC_GENERAL            0x00000124UL
+#define CKM_DES_CBC_PAD                0x00000125UL
+
+#define CKM_DES2_KEY_GEN               0x00000130UL
+#define CKM_DES3_KEY_GEN               0x00000131UL
+#define CKM_DES3_ECB                   0x00000132UL
+#define CKM_DES3_CBC                   0x00000133UL
+#define CKM_DES3_MAC                   0x00000134UL
+
+#define CKM_DES3_MAC_GENERAL           0x00000135UL
+#define CKM_DES3_CBC_PAD               0x00000136UL
+#define CKM_DES3_CMAC_GENERAL          0x00000137UL
+#define CKM_DES3_CMAC                  0x00000138UL
+#define CKM_CDMF_KEY_GEN               0x00000140UL
+#define CKM_CDMF_ECB                   0x00000141UL
+#define CKM_CDMF_CBC                   0x00000142UL
+#define CKM_CDMF_MAC                   0x00000143UL
+#define CKM_CDMF_MAC_GENERAL           0x00000144UL
+#define CKM_CDMF_CBC_PAD               0x00000145UL
+
+#define CKM_DES_OFB64                  0x00000150UL
+#define CKM_DES_OFB8                   0x00000151UL
+#define CKM_DES_CFB64                  0x00000152UL
+#define CKM_DES_CFB8                   0x00000153UL
+
+#define CKM_MD2                        0x00000200UL
+
+#define CKM_MD2_HMAC                   0x00000201UL
+#define CKM_MD2_HMAC_GENERAL           0x00000202UL
+
+#define CKM_MD5                        0x00000210UL
+
+#define CKM_MD5_HMAC                   0x00000211UL
+#define CKM_MD5_HMAC_GENERAL           0x00000212UL
+
+#define CKM_SHA_1                      0x00000220UL
+
+#define CKM_SHA_1_HMAC                 0x00000221UL
+#define CKM_SHA_1_HMAC_GENERAL         0x00000222UL
+
+#define CKM_RIPEMD128                  0x00000230UL
+#define CKM_RIPEMD128_HMAC             0x00000231UL
+#define CKM_RIPEMD128_HMAC_GENERAL     0x00000232UL
+#define CKM_RIPEMD160                  0x00000240UL
+#define CKM_RIPEMD160_HMAC             0x00000241UL
+#define CKM_RIPEMD160_HMAC_GENERAL     0x00000242UL
+
+#define CKM_SHA256                     0x00000250UL
+#define CKM_SHA256_HMAC                0x00000251UL
+#define CKM_SHA256_HMAC_GENERAL        0x00000252UL
+#define CKM_SHA224                     0x00000255UL
+#define CKM_SHA224_HMAC                0x00000256UL
+#define CKM_SHA224_HMAC_GENERAL        0x00000257UL
+#define CKM_SHA384                     0x00000260UL
+#define CKM_SHA384_HMAC                0x00000261UL
+#define CKM_SHA384_HMAC_GENERAL        0x00000262UL
+#define CKM_SHA512                     0x00000270UL
+#define CKM_SHA512_HMAC                0x00000271UL
+#define CKM_SHA512_HMAC_GENERAL        0x00000272UL
+#define CKM_SECURID_KEY_GEN            0x00000280UL
+#define CKM_SECURID                    0x00000282UL
+#define CKM_HOTP_KEY_GEN               0x00000290UL
+#define CKM_HOTP                       0x00000291UL
+#define CKM_ACTI                       0x000002A0UL
+#define CKM_ACTI_KEY_GEN               0x000002A1UL
+
+#define CKM_CAST_KEY_GEN               0x00000300UL
+#define CKM_CAST_ECB                   0x00000301UL
+#define CKM_CAST_CBC                   0x00000302UL
+#define CKM_CAST_MAC                   0x00000303UL
+#define CKM_CAST_MAC_GENERAL           0x00000304UL
+#define CKM_CAST_CBC_PAD               0x00000305UL
+#define CKM_CAST3_KEY_GEN              0x00000310UL
+#define CKM_CAST3_ECB                  0x00000311UL
+#define CKM_CAST3_CBC                  0x00000312UL
+#define CKM_CAST3_MAC                  0x00000313UL
+#define CKM_CAST3_MAC_GENERAL          0x00000314UL
+#define CKM_CAST3_CBC_PAD              0x00000315UL
+/* Note that CAST128 and CAST5 are the same algorithm */
+#define CKM_CAST5_KEY_GEN              0x00000320UL
+#define CKM_CAST128_KEY_GEN            0x00000320UL
+#define CKM_CAST5_ECB                  0x00000321UL
+#define CKM_CAST128_ECB                0x00000321UL
+#define CKM_CAST5_CBC                  0x00000322UL /* Deprecated */
+#define CKM_CAST128_CBC                0x00000322UL
+#define CKM_CAST5_MAC                  0x00000323UL /* Deprecated */
+#define CKM_CAST128_MAC                0x00000323UL
+#define CKM_CAST5_MAC_GENERAL          0x00000324UL /* Deprecated */
+#define CKM_CAST128_MAC_GENERAL        0x00000324UL
+#define CKM_CAST5_CBC_PAD              0x00000325UL /* Deprecated */
+#define CKM_CAST128_CBC_PAD            0x00000325UL
+#define CKM_RC5_KEY_GEN                0x00000330UL
+#define CKM_RC5_ECB                    0x00000331UL
+#define CKM_RC5_CBC                    0x00000332UL
+#define CKM_RC5_MAC                    0x00000333UL
+#define CKM_RC5_MAC_GENERAL            0x00000334UL
+#define CKM_RC5_CBC_PAD                0x00000335UL
+#define CKM_IDEA_KEY_GEN               0x00000340UL
+#define CKM_IDEA_ECB                   0x00000341UL
+#define CKM_IDEA_CBC                   0x00000342UL
+#define CKM_IDEA_MAC                   0x00000343UL
+#define CKM_IDEA_MAC_GENERAL           0x00000344UL
+#define CKM_IDEA_CBC_PAD               0x00000345UL
+#define CKM_GENERIC_SECRET_KEY_GEN     0x00000350UL
+#define CKM_CONCATENATE_BASE_AND_KEY   0x00000360UL
+#define CKM_CONCATENATE_BASE_AND_DATA  0x00000362UL
+#define CKM_CONCATENATE_DATA_AND_BASE  0x00000363UL
+#define CKM_XOR_BASE_AND_DATA          0x00000364UL
+#define CKM_EXTRACT_KEY_FROM_KEY       0x00000365UL
+#define CKM_SSL3_PRE_MASTER_KEY_GEN    0x00000370UL
+#define CKM_SSL3_MASTER_KEY_DERIVE     0x00000371UL
+#define CKM_SSL3_KEY_AND_MAC_DERIVE    0x00000372UL
+
+#define CKM_SSL3_MASTER_KEY_DERIVE_DH  0x00000373UL
+#define CKM_TLS_PRE_MASTER_KEY_GEN     0x00000374UL
+#define CKM_TLS_MASTER_KEY_DERIVE      0x00000375UL
+#define CKM_TLS_KEY_AND_MAC_DERIVE     0x00000376UL
+#define CKM_TLS_MASTER_KEY_DERIVE_DH   0x00000377UL
+
+#define CKM_TLS_PRF                    0x00000378UL
+
+#define CKM_SSL3_MD5_MAC               0x00000380UL
+#define CKM_SSL3_SHA1_MAC              0x00000381UL
+#define CKM_MD5_KEY_DERIVATION         0x00000390UL
+#define CKM_MD2_KEY_DERIVATION         0x00000391UL
+#define CKM_SHA1_KEY_DERIVATION        0x00000392UL
+
+#define CKM_SHA256_KEY_DERIVATION      0x00000393UL
+#define CKM_SHA384_KEY_DERIVATION      0x00000394UL
+#define CKM_SHA512_KEY_DERIVATION      0x00000395UL
+#define CKM_SHA224_KEY_DERIVATION      0x00000396UL
+
+#define CKM_PBE_MD2_DES_CBC            0x000003A0UL
+#define CKM_PBE_MD5_DES_CBC            0x000003A1UL
+#define CKM_PBE_MD5_CAST_CBC           0x000003A2UL
+#define CKM_PBE_MD5_CAST3_CBC          0x000003A3UL
+#define CKM_PBE_MD5_CAST5_CBC          0x000003A4UL /* Deprecated */
+#define CKM_PBE_MD5_CAST128_CBC        0x000003A4UL
+#define CKM_PBE_SHA1_CAST5_CBC         0x000003A5UL /* Deprecated */
+#define CKM_PBE_SHA1_CAST128_CBC       0x000003A5UL
+#define CKM_PBE_SHA1_RC4_128           0x000003A6UL
+#define CKM_PBE_SHA1_RC4_40            0x000003A7UL
+#define CKM_PBE_SHA1_DES3_EDE_CBC      0x000003A8UL
+#define CKM_PBE_SHA1_DES2_EDE_CBC      0x000003A9UL
+#define CKM_PBE_SHA1_RC2_128_CBC       0x000003AAUL
+#define CKM_PBE_SHA1_RC2_40_CBC        0x000003ABUL
+
+#define CKM_PKCS5_PBKD2                0x000003B0UL
+
+#define CKM_PBA_SHA1_WITH_SHA1_HMAC    0x000003C0UL
+
+#define CKM_WTLS_PRE_MASTER_KEY_GEN         0x000003D0UL
+#define CKM_WTLS_MASTER_KEY_DERIVE          0x000003D1UL
+#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC   0x000003D2UL
+#define CKM_WTLS_PRF                        0x000003D3UL
+#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE  0x000003D4UL
+#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE  0x000003D5UL
+
+#define CKM_TLS10_MAC_SERVER                0x000003D6UL
+#define CKM_TLS10_MAC_CLIENT                0x000003D7UL
+#define CKM_TLS12_MAC                       0x000003D8UL
+#define CKM_TLS12_KDF                       0x000003D9UL
+#define CKM_TLS12_MASTER_KEY_DERIVE         0x000003E0UL
+#define CKM_TLS12_KEY_AND_MAC_DERIVE        0x000003E1UL
+#define CKM_TLS12_MASTER_KEY_DERIVE_DH      0x000003E2UL
+#define CKM_TLS12_KEY_SAFE_DERIVE           0x000003E3UL
+#define CKM_TLS_MAC                         0x000003E4UL
+#define CKM_TLS_KDF                         0x000003E5UL
+
+#define CKM_KEY_WRAP_LYNKS             0x00000400UL
+#define CKM_KEY_WRAP_SET_OAEP          0x00000401UL
+
+#define CKM_CMS_SIG                    0x00000500UL
+#define CKM_KIP_DERIVE                 0x00000510UL
+#define CKM_KIP_WRAP                   0x00000511UL
+#define CKM_KIP_MAC                    0x00000512UL
+
+#define CKM_CAMELLIA_KEY_GEN           0x00000550UL
+#define CKM_CAMELLIA_ECB               0x00000551UL
+#define CKM_CAMELLIA_CBC               0x00000552UL
+#define CKM_CAMELLIA_MAC               0x00000553UL
+#define CKM_CAMELLIA_MAC_GENERAL       0x00000554UL
+#define CKM_CAMELLIA_CBC_PAD           0x00000555UL
+#define CKM_CAMELLIA_ECB_ENCRYPT_DATA  0x00000556UL
+#define CKM_CAMELLIA_CBC_ENCRYPT_DATA  0x00000557UL
+#define CKM_CAMELLIA_CTR               0x00000558UL
+
+#define CKM_ARIA_KEY_GEN               0x00000560UL
+#define CKM_ARIA_ECB                   0x00000561UL
+#define CKM_ARIA_CBC                   0x00000562UL
+#define CKM_ARIA_MAC                   0x00000563UL
+#define CKM_ARIA_MAC_GENERAL           0x00000564UL
+#define CKM_ARIA_CBC_PAD               0x00000565UL
+#define CKM_ARIA_ECB_ENCRYPT_DATA      0x00000566UL
+#define CKM_ARIA_CBC_ENCRYPT_DATA      0x00000567UL
+
+#define CKM_SEED_KEY_GEN               0x00000650UL
+#define CKM_SEED_ECB                   0x00000651UL
+#define CKM_SEED_CBC                   0x00000652UL
+#define CKM_SEED_MAC                   0x00000653UL
+#define CKM_SEED_MAC_GENERAL           0x00000654UL
+#define CKM_SEED_CBC_PAD               0x00000655UL
+#define CKM_SEED_ECB_ENCRYPT_DATA      0x00000656UL
+#define CKM_SEED_CBC_ENCRYPT_DATA      0x00000657UL
+
+#define CKM_SKIPJACK_KEY_GEN           0x00001000UL
+#define CKM_SKIPJACK_ECB64             0x00001001UL
+#define CKM_SKIPJACK_CBC64             0x00001002UL
+#define CKM_SKIPJACK_OFB64             0x00001003UL
+#define CKM_SKIPJACK_CFB64             0x00001004UL
+#define CKM_SKIPJACK_CFB32             0x00001005UL
+#define CKM_SKIPJACK_CFB16             0x00001006UL
+#define CKM_SKIPJACK_CFB8              0x00001007UL
+#define CKM_SKIPJACK_WRAP              0x00001008UL
+#define CKM_SKIPJACK_PRIVATE_WRAP      0x00001009UL
+#define CKM_SKIPJACK_RELAYX            0x0000100aUL
+#define CKM_KEA_KEY_PAIR_GEN           0x00001010UL
+#define CKM_KEA_KEY_DERIVE             0x00001011UL
+#define CKM_KEA_DERIVE                 0x00001012UL
+#define CKM_FORTEZZA_TIMESTAMP         0x00001020UL
+#define CKM_BATON_KEY_GEN              0x00001030UL
+#define CKM_BATON_ECB128               0x00001031UL
+#define CKM_BATON_ECB96                0x00001032UL
+#define CKM_BATON_CBC128               0x00001033UL
+#define CKM_BATON_COUNTER              0x00001034UL
+#define CKM_BATON_SHUFFLE              0x00001035UL
+#define CKM_BATON_WRAP                 0x00001036UL
+
+#define CKM_ECDSA_KEY_PAIR_GEN         0x00001040UL /* Deprecated */
+#define CKM_EC_KEY_PAIR_GEN            0x00001040UL
+
+#define CKM_ECDSA                      0x00001041UL
+#define CKM_ECDSA_SHA1                 0x00001042UL
+#define CKM_ECDSA_SHA224               0x00001043UL
+#define CKM_ECDSA_SHA256               0x00001044UL
+#define CKM_ECDSA_SHA384               0x00001045UL
+#define CKM_ECDSA_SHA512               0x00001046UL
+
+#define CKM_ECDH1_DERIVE               0x00001050UL
+#define CKM_ECDH1_COFACTOR_DERIVE      0x00001051UL
+#define CKM_ECMQV_DERIVE               0x00001052UL
+
+#define CKM_ECDH_AES_KEY_WRAP          0x00001053UL
+#define CKM_RSA_AES_KEY_WRAP           0x00001054UL
+
+#define CKM_JUNIPER_KEY_GEN            0x00001060UL
+#define CKM_JUNIPER_ECB128             0x00001061UL
+#define CKM_JUNIPER_CBC128             0x00001062UL
+#define CKM_JUNIPER_COUNTER            0x00001063UL
+#define CKM_JUNIPER_SHUFFLE            0x00001064UL
+#define CKM_JUNIPER_WRAP               0x00001065UL
+#define CKM_FASTHASH                   0x00001070UL
+
+#define CKM_AES_KEY_GEN                0x00001080UL
+#define CKM_AES_ECB                    0x00001081UL
+#define CKM_AES_CBC                    0x00001082UL
+#define CKM_AES_MAC                    0x00001083UL
+#define CKM_AES_MAC_GENERAL            0x00001084UL
+#define CKM_AES_CBC_PAD                0x00001085UL
+#define CKM_AES_CTR                    0x00001086UL
+#define CKM_AES_GCM                    0x00001087UL
+#define CKM_AES_CCM                    0x00001088UL
+#define CKM_AES_CTS                    0x00001089UL
+#define CKM_AES_CMAC                   0x0000108AUL
+#define CKM_AES_CMAC_GENERAL           0x0000108BUL
+
+#define CKM_AES_XCBC_MAC               0x0000108CUL
+#define CKM_AES_XCBC_MAC_96            0x0000108DUL
+#define CKM_AES_GMAC                   0x0000108EUL
+
+#define CKM_BLOWFISH_KEY_GEN           0x00001090UL
+#define CKM_BLOWFISH_CBC               0x00001091UL
+#define CKM_TWOFISH_KEY_GEN            0x00001092UL
+#define CKM_TWOFISH_CBC                0x00001093UL
+#define CKM_BLOWFISH_CBC_PAD           0x00001094UL
+#define CKM_TWOFISH_CBC_PAD            0x00001095UL
+
+#define CKM_DES_ECB_ENCRYPT_DATA       0x00001100UL
+#define CKM_DES_CBC_ENCRYPT_DATA       0x00001101UL
+#define CKM_DES3_ECB_ENCRYPT_DATA      0x00001102UL
+#define CKM_DES3_CBC_ENCRYPT_DATA      0x00001103UL
+#define CKM_AES_ECB_ENCRYPT_DATA       0x00001104UL
+#define CKM_AES_CBC_ENCRYPT_DATA       0x00001105UL
+
+#define CKM_GOSTR3410_KEY_PAIR_GEN     0x00001200UL
+#define CKM_GOSTR3410                  0x00001201UL
+#define CKM_GOSTR3410_WITH_GOSTR3411   0x00001202UL
+#define CKM_GOSTR3410_KEY_WRAP         0x00001203UL
+#define CKM_GOSTR3410_DERIVE           0x00001204UL
+#define CKM_GOSTR3411                  0x00001210UL
+#define CKM_GOSTR3411_HMAC             0x00001211UL
+#define CKM_GOST28147_KEY_GEN          0x00001220UL
+#define CKM_GOST28147_ECB              0x00001221UL
+#define CKM_GOST28147                  0x00001222UL
+#define CKM_GOST28147_MAC              0x00001223UL
+#define CKM_GOST28147_KEY_WRAP         0x00001224UL
+
+#define CKM_DSA_PARAMETER_GEN          0x00002000UL
+#define CKM_DH_PKCS_PARAMETER_GEN      0x00002001UL
+#define CKM_X9_42_DH_PARAMETER_GEN     0x00002002UL
+#define CKM_DSA_PROBABLISTIC_PARAMETER_GEN    0x00002003UL
+#define CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN    0x00002004UL
+
+#define CKM_AES_OFB                    0x00002104UL
+#define CKM_AES_CFB64                  0x00002105UL
+#define CKM_AES_CFB8                   0x00002106UL
+#define CKM_AES_CFB128                 0x00002107UL
+
+#define CKM_AES_CFB1                   0x00002108UL
+#define CKM_AES_KEY_WRAP               0x00002109UL     /* WAS: 0x00001090 */
+#define CKM_AES_KEY_WRAP_PAD           0x0000210AUL     /* WAS: 0x00001091 */
+
+#define CKM_RSA_PKCS_TPM_1_1           0x00004001UL
+#define CKM_RSA_PKCS_OAEP_TPM_1_1      0x00004002UL
+
+#define CKM_VENDOR_DEFINED             0x80000000UL
+
+typedef CK_MECHANISM_TYPE CK_PTR CK_MECHANISM_TYPE_PTR;
+
+
+/* CK_MECHANISM is a structure that specifies a particular
+ * mechanism
+ */
+typedef struct CK_MECHANISM {
+  CK_MECHANISM_TYPE mechanism;
+  CK_VOID_PTR       pParameter;
+  CK_ULONG          ulParameterLen;  /* in bytes */
+} CK_MECHANISM;
+
+typedef CK_MECHANISM CK_PTR CK_MECHANISM_PTR;
+
+
+/* CK_MECHANISM_INFO provides information about a particular
+ * mechanism
+ */
+typedef struct CK_MECHANISM_INFO {
+    CK_ULONG    ulMinKeySize;
+    CK_ULONG    ulMaxKeySize;
+    CK_FLAGS    flags;
+} CK_MECHANISM_INFO;
+
+/* The flags are defined as follows:
+ *      Bit Flag               Mask          Meaning */
+#define CKF_HW                 0x00000001UL  /* performed by HW */
+
+/* Specify whether or not a mechanism can be used for a particular task */
+#define CKF_ENCRYPT            0x00000100UL
+#define CKF_DECRYPT            0x00000200UL
+#define CKF_DIGEST             0x00000400UL
+#define CKF_SIGN               0x00000800UL
+#define CKF_SIGN_RECOVER       0x00001000UL
+#define CKF_VERIFY             0x00002000UL
+#define CKF_VERIFY_RECOVER     0x00004000UL
+#define CKF_GENERATE           0x00008000UL
+#define CKF_GENERATE_KEY_PAIR  0x00010000UL
+#define CKF_WRAP               0x00020000UL
+#define CKF_UNWRAP             0x00040000UL
+#define CKF_DERIVE             0x00080000UL
+
+/* Describe a token's EC capabilities not available in mechanism
+ * information.
+ */
+#define CKF_EC_F_P             0x00100000UL
+#define CKF_EC_F_2M            0x00200000UL
+#define CKF_EC_ECPARAMETERS    0x00400000UL
+#define CKF_EC_NAMEDCURVE      0x00800000UL
+#define CKF_EC_UNCOMPRESS      0x01000000UL
+#define CKF_EC_COMPRESS        0x02000000UL
+
+#define CKF_EXTENSION          0x80000000UL
+
+typedef CK_MECHANISM_INFO CK_PTR CK_MECHANISM_INFO_PTR;
+
+/* CK_RV is a value that identifies the return value of a
+ * Cryptoki function
+ */
+typedef CK_ULONG          CK_RV;
+
+#define CKR_OK                                0x00000000UL
+#define CKR_CANCEL                            0x00000001UL
+#define CKR_HOST_MEMORY                       0x00000002UL
+#define CKR_SLOT_ID_INVALID                   0x00000003UL
+
+#define CKR_GENERAL_ERROR                     0x00000005UL
+#define CKR_FUNCTION_FAILED                   0x00000006UL
+
+#define CKR_ARGUMENTS_BAD                     0x00000007UL
+#define CKR_NO_EVENT                          0x00000008UL
+#define CKR_NEED_TO_CREATE_THREADS            0x00000009UL
+#define CKR_CANT_LOCK                         0x0000000AUL
+
+#define CKR_ATTRIBUTE_READ_ONLY               0x00000010UL
+#define CKR_ATTRIBUTE_SENSITIVE               0x00000011UL
+#define CKR_ATTRIBUTE_TYPE_INVALID            0x00000012UL
+#define CKR_ATTRIBUTE_VALUE_INVALID           0x00000013UL
+
+#define CKR_ACTION_PROHIBITED                 0x0000001BUL
+
+#define CKR_DATA_INVALID                      0x00000020UL
+#define CKR_DATA_LEN_RANGE                    0x00000021UL
+#define CKR_DEVICE_ERROR                      0x00000030UL
+#define CKR_DEVICE_MEMORY                     0x00000031UL
+#define CKR_DEVICE_REMOVED                    0x00000032UL
+#define CKR_ENCRYPTED_DATA_INVALID            0x00000040UL
+#define CKR_ENCRYPTED_DATA_LEN_RANGE          0x00000041UL
+#define CKR_FUNCTION_CANCELED                 0x00000050UL
+#define CKR_FUNCTION_NOT_PARALLEL             0x00000051UL
+
+#define CKR_FUNCTION_NOT_SUPPORTED            0x00000054UL
+
+#define CKR_KEY_HANDLE_INVALID                0x00000060UL
+
+#define CKR_KEY_SIZE_RANGE                    0x00000062UL
+#define CKR_KEY_TYPE_INCONSISTENT             0x00000063UL
+
+#define CKR_KEY_NOT_NEEDED                    0x00000064UL
+#define CKR_KEY_CHANGED                       0x00000065UL
+#define CKR_KEY_NEEDED                        0x00000066UL
+#define CKR_KEY_INDIGESTIBLE                  0x00000067UL
+#define CKR_KEY_FUNCTION_NOT_PERMITTED        0x00000068UL
+#define CKR_KEY_NOT_WRAPPABLE                 0x00000069UL
+#define CKR_KEY_UNEXTRACTABLE                 0x0000006AUL
+
+#define CKR_MECHANISM_INVALID                 0x00000070UL
+#define CKR_MECHANISM_PARAM_INVALID           0x00000071UL
+
+#define CKR_OBJECT_HANDLE_INVALID             0x00000082UL
+#define CKR_OPERATION_ACTIVE                  0x00000090UL
+#define CKR_OPERATION_NOT_INITIALIZED         0x00000091UL
+#define CKR_PIN_INCORRECT                     0x000000A0UL
+#define CKR_PIN_INVALID                       0x000000A1UL
+#define CKR_PIN_LEN_RANGE                     0x000000A2UL
+
+#define CKR_PIN_EXPIRED                       0x000000A3UL
+#define CKR_PIN_LOCKED                        0x000000A4UL
+
+#define CKR_SESSION_CLOSED                    0x000000B0UL
+#define CKR_SESSION_COUNT                     0x000000B1UL
+#define CKR_SESSION_HANDLE_INVALID            0x000000B3UL
+#define CKR_SESSION_PARALLEL_NOT_SUPPORTED    0x000000B4UL
+#define CKR_SESSION_READ_ONLY                 0x000000B5UL
+#define CKR_SESSION_EXISTS                    0x000000B6UL
+
+#define CKR_SESSION_READ_ONLY_EXISTS          0x000000B7UL
+#define CKR_SESSION_READ_WRITE_SO_EXISTS      0x000000B8UL
+
+#define CKR_SIGNATURE_INVALID                 0x000000C0UL
+#define CKR_SIGNATURE_LEN_RANGE               0x000000C1UL
+#define CKR_TEMPLATE_INCOMPLETE               0x000000D0UL
+#define CKR_TEMPLATE_INCONSISTENT             0x000000D1UL
+#define CKR_TOKEN_NOT_PRESENT                 0x000000E0UL
+#define CKR_TOKEN_NOT_RECOGNIZED              0x000000E1UL
+#define CKR_TOKEN_WRITE_PROTECTED             0x000000E2UL
+#define CKR_UNWRAPPING_KEY_HANDLE_INVALID     0x000000F0UL
+#define CKR_UNWRAPPING_KEY_SIZE_RANGE         0x000000F1UL
+#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT  0x000000F2UL
+#define CKR_USER_ALREADY_LOGGED_IN            0x00000100UL
+#define CKR_USER_NOT_LOGGED_IN                0x00000101UL
+#define CKR_USER_PIN_NOT_INITIALIZED          0x00000102UL
+#define CKR_USER_TYPE_INVALID                 0x00000103UL
+
+#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN    0x00000104UL
+#define CKR_USER_TOO_MANY_TYPES               0x00000105UL
+
+#define CKR_WRAPPED_KEY_INVALID               0x00000110UL
+#define CKR_WRAPPED_KEY_LEN_RANGE             0x00000112UL
+#define CKR_WRAPPING_KEY_HANDLE_INVALID       0x00000113UL
+#define CKR_WRAPPING_KEY_SIZE_RANGE           0x00000114UL
+#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT    0x00000115UL
+#define CKR_RANDOM_SEED_NOT_SUPPORTED         0x00000120UL
+
+#define CKR_RANDOM_NO_RNG                     0x00000121UL
+
+#define CKR_DOMAIN_PARAMS_INVALID             0x00000130UL
+
+#define CKR_CURVE_NOT_SUPPORTED               0x00000140UL
+
+#define CKR_BUFFER_TOO_SMALL                  0x00000150UL
+#define CKR_SAVED_STATE_INVALID               0x00000160UL
+#define CKR_INFORMATION_SENSITIVE             0x00000170UL
+#define CKR_STATE_UNSAVEABLE                  0x00000180UL
+
+#define CKR_CRYPTOKI_NOT_INITIALIZED          0x00000190UL
+#define CKR_CRYPTOKI_ALREADY_INITIALIZED      0x00000191UL
+#define CKR_MUTEX_BAD                         0x000001A0UL
+#define CKR_MUTEX_NOT_LOCKED                  0x000001A1UL
+
+#define CKR_NEW_PIN_MODE                      0x000001B0UL
+#define CKR_NEXT_OTP                          0x000001B1UL
+
+#define CKR_EXCEEDED_MAX_ITERATIONS           0x000001B5UL
+#define CKR_FIPS_SELF_TEST_FAILED             0x000001B6UL
+#define CKR_LIBRARY_LOAD_FAILED               0x000001B7UL
+#define CKR_PIN_TOO_WEAK                      0x000001B8UL
+#define CKR_PUBLIC_KEY_INVALID                0x000001B9UL
+
+#define CKR_FUNCTION_REJECTED                 0x00000200UL
+
+#define CKR_VENDOR_DEFINED                    0x80000000UL
+
+
+/* CK_NOTIFY is an application callback that processes events */
+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_NOTIFY)(
+  CK_SESSION_HANDLE hSession,     /* the session's handle */
+  CK_NOTIFICATION   event,
+  CK_VOID_PTR       pApplication  /* passed to C_OpenSession */
+);
+
+
+/* CK_FUNCTION_LIST is a structure holding a Cryptoki spec
+ * version and pointers of appropriate types to all the
+ * Cryptoki functions
+ */
+typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST;
+
+typedef CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR;
+
+typedef CK_FUNCTION_LIST_PTR CK_PTR CK_FUNCTION_LIST_PTR_PTR;
+
+
+/* CK_CREATEMUTEX is an application callback for creating a
+ * mutex object
+ */
+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_CREATEMUTEX)(
+  CK_VOID_PTR_PTR ppMutex  /* location to receive ptr to mutex */
+);
+
+
+/* CK_DESTROYMUTEX is an application callback for destroying a
+ * mutex object
+ */
+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_DESTROYMUTEX)(
+  CK_VOID_PTR pMutex  /* pointer to mutex */
+);
+
+
+/* CK_LOCKMUTEX is an application callback for locking a mutex */
+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_LOCKMUTEX)(
+  CK_VOID_PTR pMutex  /* pointer to mutex */
+);
+
+
+/* CK_UNLOCKMUTEX is an application callback for unlocking a
+ * mutex
+ */
+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_UNLOCKMUTEX)(
+  CK_VOID_PTR pMutex  /* pointer to mutex */
+);
+
+
+/* CK_C_INITIALIZE_ARGS provides the optional arguments to
+ * C_Initialize
+ */
+typedef struct CK_C_INITIALIZE_ARGS {
+  CK_CREATEMUTEX CreateMutex;
+  CK_DESTROYMUTEX DestroyMutex;
+  CK_LOCKMUTEX LockMutex;
+  CK_UNLOCKMUTEX UnlockMutex;
+  CK_FLAGS flags;
+  CK_VOID_PTR pReserved;
+} CK_C_INITIALIZE_ARGS;
+
+/* flags: bit flags that provide capabilities of the slot
+ *      Bit Flag                           Mask       Meaning
+ */
+#define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001UL
+#define CKF_OS_LOCKING_OK                  0x00000002UL
+
+typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR;
+
+
+/* additional flags for parameters to functions */
+
+/* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */
+#define CKF_DONT_BLOCK     1
+
+/* CK_RSA_PKCS_MGF_TYPE  is used to indicate the Message
+ * Generation Function (MGF) applied to a message block when
+ * formatting a message block for the PKCS #1 OAEP encryption
+ * scheme.
+ */
+typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE;
+
+typedef CK_RSA_PKCS_MGF_TYPE CK_PTR CK_RSA_PKCS_MGF_TYPE_PTR;
+
+/* The following MGFs are defined */
+#define CKG_MGF1_SHA1         0x00000001UL
+#define CKG_MGF1_SHA256       0x00000002UL
+#define CKG_MGF1_SHA384       0x00000003UL
+#define CKG_MGF1_SHA512       0x00000004UL
+#define CKG_MGF1_SHA224       0x00000005UL
+
+/* CK_RSA_PKCS_OAEP_SOURCE_TYPE  is used to indicate the source
+ * of the encoding parameter when formatting a message block
+ * for the PKCS #1 OAEP encryption scheme.
+ */
+typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE;
+
+typedef CK_RSA_PKCS_OAEP_SOURCE_TYPE CK_PTR CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR;
+
+/* The following encoding parameter sources are defined */
+#define CKZ_DATA_SPECIFIED    0x00000001UL
+
+/* CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the
+ * CKM_RSA_PKCS_OAEP mechanism.
+ */
+typedef struct CK_RSA_PKCS_OAEP_PARAMS {
+        CK_MECHANISM_TYPE hashAlg;
+        CK_RSA_PKCS_MGF_TYPE mgf;
+        CK_RSA_PKCS_OAEP_SOURCE_TYPE source;
+        CK_VOID_PTR pSourceData;
+        CK_ULONG ulSourceDataLen;
+} CK_RSA_PKCS_OAEP_PARAMS;
+
+typedef CK_RSA_PKCS_OAEP_PARAMS CK_PTR CK_RSA_PKCS_OAEP_PARAMS_PTR;
+
+/* CK_RSA_PKCS_PSS_PARAMS provides the parameters to the
+ * CKM_RSA_PKCS_PSS mechanism(s).
+ */
+typedef struct CK_RSA_PKCS_PSS_PARAMS {
+        CK_MECHANISM_TYPE    hashAlg;
+        CK_RSA_PKCS_MGF_TYPE mgf;
+        CK_ULONG             sLen;
+} CK_RSA_PKCS_PSS_PARAMS;
+
+typedef CK_RSA_PKCS_PSS_PARAMS CK_PTR CK_RSA_PKCS_PSS_PARAMS_PTR;
+
+typedef CK_ULONG CK_EC_KDF_TYPE;
+
+/* The following EC Key Derivation Functions are defined */
+#define CKD_NULL                 0x00000001UL
+#define CKD_SHA1_KDF             0x00000002UL
+
+/* The following X9.42 DH key derivation functions are defined */
+#define CKD_SHA1_KDF_ASN1        0x00000003UL
+#define CKD_SHA1_KDF_CONCATENATE 0x00000004UL
+#define CKD_SHA224_KDF           0x00000005UL
+#define CKD_SHA256_KDF           0x00000006UL
+#define CKD_SHA384_KDF           0x00000007UL
+#define CKD_SHA512_KDF           0x00000008UL
+#define CKD_CPDIVERSIFY_KDF      0x00000009UL
+
+
+/* CK_ECDH1_DERIVE_PARAMS provides the parameters to the
+ * CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE mechanisms,
+ * where each party contributes one key pair.
+ */
+typedef struct CK_ECDH1_DERIVE_PARAMS {
+  CK_EC_KDF_TYPE kdf;
+  CK_ULONG ulSharedDataLen;
+  CK_BYTE_PTR pSharedData;
+  CK_ULONG ulPublicDataLen;
+  CK_BYTE_PTR pPublicData;
+} CK_ECDH1_DERIVE_PARAMS;
+
+typedef CK_ECDH1_DERIVE_PARAMS CK_PTR CK_ECDH1_DERIVE_PARAMS_PTR;
+
+/*
+ * CK_ECDH2_DERIVE_PARAMS provides the parameters to the
+ * CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs.
+ */
+typedef struct CK_ECDH2_DERIVE_PARAMS {
+  CK_EC_KDF_TYPE kdf;
+  CK_ULONG ulSharedDataLen;
+  CK_BYTE_PTR pSharedData;
+  CK_ULONG ulPublicDataLen;
+  CK_BYTE_PTR pPublicData;
+  CK_ULONG ulPrivateDataLen;
+  CK_OBJECT_HANDLE hPrivateData;
+  CK_ULONG ulPublicDataLen2;
+  CK_BYTE_PTR pPublicData2;
+} CK_ECDH2_DERIVE_PARAMS;
+
+typedef CK_ECDH2_DERIVE_PARAMS CK_PTR CK_ECDH2_DERIVE_PARAMS_PTR;
+
+typedef struct CK_ECMQV_DERIVE_PARAMS {
+  CK_EC_KDF_TYPE kdf;
+  CK_ULONG ulSharedDataLen;
+  CK_BYTE_PTR pSharedData;
+  CK_ULONG ulPublicDataLen;
+  CK_BYTE_PTR pPublicData;
+  CK_ULONG ulPrivateDataLen;
+  CK_OBJECT_HANDLE hPrivateData;
+  CK_ULONG ulPublicDataLen2;
+  CK_BYTE_PTR pPublicData2;
+  CK_OBJECT_HANDLE publicKey;
+} CK_ECMQV_DERIVE_PARAMS;
+
+typedef CK_ECMQV_DERIVE_PARAMS CK_PTR CK_ECMQV_DERIVE_PARAMS_PTR;
+
+/* Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the
+ * CKM_X9_42_DH_PARAMETER_GEN mechanisms
+ */
+typedef CK_ULONG CK_X9_42_DH_KDF_TYPE;
+typedef CK_X9_42_DH_KDF_TYPE CK_PTR CK_X9_42_DH_KDF_TYPE_PTR;
+
+/* CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the
+ * CKM_X9_42_DH_DERIVE key derivation mechanism, where each party
+ * contributes one key pair
+ */
+typedef struct CK_X9_42_DH1_DERIVE_PARAMS {
+  CK_X9_42_DH_KDF_TYPE kdf;
+  CK_ULONG ulOtherInfoLen;
+  CK_BYTE_PTR pOtherInfo;
+  CK_ULONG ulPublicDataLen;
+  CK_BYTE_PTR pPublicData;
+} CK_X9_42_DH1_DERIVE_PARAMS;
+
+typedef struct CK_X9_42_DH1_DERIVE_PARAMS CK_PTR CK_X9_42_DH1_DERIVE_PARAMS_PTR;
+
+/* CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the
+ * CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation
+ * mechanisms, where each party contributes two key pairs
+ */
+typedef struct CK_X9_42_DH2_DERIVE_PARAMS {
+  CK_X9_42_DH_KDF_TYPE kdf;
+  CK_ULONG ulOtherInfoLen;
+  CK_BYTE_PTR pOtherInfo;
+  CK_ULONG ulPublicDataLen;
+  CK_BYTE_PTR pPublicData;
+  CK_ULONG ulPrivateDataLen;
+  CK_OBJECT_HANDLE hPrivateData;
+  CK_ULONG ulPublicDataLen2;
+  CK_BYTE_PTR pPublicData2;
+} CK_X9_42_DH2_DERIVE_PARAMS;
+
+typedef CK_X9_42_DH2_DERIVE_PARAMS CK_PTR CK_X9_42_DH2_DERIVE_PARAMS_PTR;
+
+typedef struct CK_X9_42_MQV_DERIVE_PARAMS {
+  CK_X9_42_DH_KDF_TYPE kdf;
+  CK_ULONG ulOtherInfoLen;
+  CK_BYTE_PTR pOtherInfo;
+  CK_ULONG ulPublicDataLen;
+  CK_BYTE_PTR pPublicData;
+  CK_ULONG ulPrivateDataLen;
+  CK_OBJECT_HANDLE hPrivateData;
+  CK_ULONG ulPublicDataLen2;
+  CK_BYTE_PTR pPublicData2;
+  CK_OBJECT_HANDLE publicKey;
+} CK_X9_42_MQV_DERIVE_PARAMS;
+
+typedef CK_X9_42_MQV_DERIVE_PARAMS CK_PTR CK_X9_42_MQV_DERIVE_PARAMS_PTR;
+
+/* CK_KEA_DERIVE_PARAMS provides the parameters to the
+ * CKM_KEA_DERIVE mechanism
+ */
+typedef struct CK_KEA_DERIVE_PARAMS {
+  CK_BBOOL      isSender;
+  CK_ULONG      ulRandomLen;
+  CK_BYTE_PTR   pRandomA;
+  CK_BYTE_PTR   pRandomB;
+  CK_ULONG      ulPublicDataLen;
+  CK_BYTE_PTR   pPublicData;
+} CK_KEA_DERIVE_PARAMS;
+
+typedef CK_KEA_DERIVE_PARAMS CK_PTR CK_KEA_DERIVE_PARAMS_PTR;
+
+
+/* CK_RC2_PARAMS provides the parameters to the CKM_RC2_ECB and
+ * CKM_RC2_MAC mechanisms.  An instance of CK_RC2_PARAMS just
+ * holds the effective keysize
+ */
+typedef CK_ULONG          CK_RC2_PARAMS;
+
+typedef CK_RC2_PARAMS CK_PTR CK_RC2_PARAMS_PTR;
+
+
+/* CK_RC2_CBC_PARAMS provides the parameters to the CKM_RC2_CBC
+ * mechanism
+ */
+typedef struct CK_RC2_CBC_PARAMS {
+  CK_ULONG      ulEffectiveBits;  /* effective bits (1-1024) */
+  CK_BYTE       iv[8];            /* IV for CBC mode */
+} CK_RC2_CBC_PARAMS;
+
+typedef CK_RC2_CBC_PARAMS CK_PTR CK_RC2_CBC_PARAMS_PTR;
+
+
+/* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the
+ * CKM_RC2_MAC_GENERAL mechanism
+ */
+typedef struct CK_RC2_MAC_GENERAL_PARAMS {
+  CK_ULONG      ulEffectiveBits;  /* effective bits (1-1024) */
+  CK_ULONG      ulMacLength;      /* Length of MAC in bytes */
+} CK_RC2_MAC_GENERAL_PARAMS;
+
+typedef CK_RC2_MAC_GENERAL_PARAMS CK_PTR \
+  CK_RC2_MAC_GENERAL_PARAMS_PTR;
+
+
+/* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and
+ * CKM_RC5_MAC mechanisms
+ */
+typedef struct CK_RC5_PARAMS {
+  CK_ULONG      ulWordsize;  /* wordsize in bits */
+  CK_ULONG      ulRounds;    /* number of rounds */
+} CK_RC5_PARAMS;
+
+typedef CK_RC5_PARAMS CK_PTR CK_RC5_PARAMS_PTR;
+
+
+/* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC
+ * mechanism
+ */
+typedef struct CK_RC5_CBC_PARAMS {
+  CK_ULONG      ulWordsize;  /* wordsize in bits */
+  CK_ULONG      ulRounds;    /* number of rounds */
+  CK_BYTE_PTR   pIv;         /* pointer to IV */
+  CK_ULONG      ulIvLen;     /* length of IV in bytes */
+} CK_RC5_CBC_PARAMS;
+
+typedef CK_RC5_CBC_PARAMS CK_PTR CK_RC5_CBC_PARAMS_PTR;
+
+
+/* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the
+ * CKM_RC5_MAC_GENERAL mechanism
+ */
+typedef struct CK_RC5_MAC_GENERAL_PARAMS {
+  CK_ULONG      ulWordsize;   /* wordsize in bits */
+  CK_ULONG      ulRounds;     /* number of rounds */
+  CK_ULONG      ulMacLength;  /* Length of MAC in bytes */
+} CK_RC5_MAC_GENERAL_PARAMS;
+
+typedef CK_RC5_MAC_GENERAL_PARAMS CK_PTR \
+  CK_RC5_MAC_GENERAL_PARAMS_PTR;
+
+/* CK_MAC_GENERAL_PARAMS provides the parameters to most block
+ * ciphers' MAC_GENERAL mechanisms.  Its value is the length of
+ * the MAC
+ */
+typedef CK_ULONG          CK_MAC_GENERAL_PARAMS;
+
+typedef CK_MAC_GENERAL_PARAMS CK_PTR CK_MAC_GENERAL_PARAMS_PTR;
+
+typedef struct CK_DES_CBC_ENCRYPT_DATA_PARAMS {
+  CK_BYTE      iv[8];
+  CK_BYTE_PTR  pData;
+  CK_ULONG     length;
+} CK_DES_CBC_ENCRYPT_DATA_PARAMS;
+
+typedef CK_DES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR;
+
+typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS {
+  CK_BYTE      iv[16];
+  CK_BYTE_PTR  pData;
+  CK_ULONG     length;
+} CK_AES_CBC_ENCRYPT_DATA_PARAMS;
+
+typedef CK_AES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR;
+
+/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the
+ * CKM_SKIPJACK_PRIVATE_WRAP mechanism
+ */
+typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS {
+  CK_ULONG      ulPasswordLen;
+  CK_BYTE_PTR   pPassword;
+  CK_ULONG      ulPublicDataLen;
+  CK_BYTE_PTR   pPublicData;
+  CK_ULONG      ulPAndGLen;
+  CK_ULONG      ulQLen;
+  CK_ULONG      ulRandomLen;
+  CK_BYTE_PTR   pRandomA;
+  CK_BYTE_PTR   pPrimeP;
+  CK_BYTE_PTR   pBaseG;
+  CK_BYTE_PTR   pSubprimeQ;
+} CK_SKIPJACK_PRIVATE_WRAP_PARAMS;
+
+typedef CK_SKIPJACK_PRIVATE_WRAP_PARAMS CK_PTR \
+  CK_SKIPJACK_PRIVATE_WRAP_PARAMS_PTR;
+
+
+/* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the
+ * CKM_SKIPJACK_RELAYX mechanism
+ */
+typedef struct CK_SKIPJACK_RELAYX_PARAMS {
+  CK_ULONG      ulOldWrappedXLen;
+  CK_BYTE_PTR   pOldWrappedX;
+  CK_ULONG      ulOldPasswordLen;
+  CK_BYTE_PTR   pOldPassword;
+  CK_ULONG      ulOldPublicDataLen;
+  CK_BYTE_PTR   pOldPublicData;
+  CK_ULONG      ulOldRandomLen;
+  CK_BYTE_PTR   pOldRandomA;
+  CK_ULONG      ulNewPasswordLen;
+  CK_BYTE_PTR   pNewPassword;
+  CK_ULONG      ulNewPublicDataLen;
+  CK_BYTE_PTR   pNewPublicData;
+  CK_ULONG      ulNewRandomLen;
+  CK_BYTE_PTR   pNewRandomA;
+} CK_SKIPJACK_RELAYX_PARAMS;
+
+typedef CK_SKIPJACK_RELAYX_PARAMS CK_PTR \
+  CK_SKIPJACK_RELAYX_PARAMS_PTR;
+
+
+typedef struct CK_PBE_PARAMS {
+  CK_BYTE_PTR      pInitVector;
+  CK_UTF8CHAR_PTR  pPassword;
+  CK_ULONG         ulPasswordLen;
+  CK_BYTE_PTR      pSalt;
+  CK_ULONG         ulSaltLen;
+  CK_ULONG         ulIteration;
+} CK_PBE_PARAMS;
+
+typedef CK_PBE_PARAMS CK_PTR CK_PBE_PARAMS_PTR;
+
+
+/* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the
+ * CKM_KEY_WRAP_SET_OAEP mechanism
+ */
+typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS {
+  CK_BYTE       bBC;     /* block contents byte */
+  CK_BYTE_PTR   pX;      /* extra data */
+  CK_ULONG      ulXLen;  /* length of extra data in bytes */
+} CK_KEY_WRAP_SET_OAEP_PARAMS;
+
+typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR CK_KEY_WRAP_SET_OAEP_PARAMS_PTR;
+
+typedef struct CK_SSL3_RANDOM_DATA {
+  CK_BYTE_PTR  pClientRandom;
+  CK_ULONG     ulClientRandomLen;
+  CK_BYTE_PTR  pServerRandom;
+  CK_ULONG     ulServerRandomLen;
+} CK_SSL3_RANDOM_DATA;
+
+
+typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS {
+  CK_SSL3_RANDOM_DATA RandomInfo;
+  CK_VERSION_PTR pVersion;
+} CK_SSL3_MASTER_KEY_DERIVE_PARAMS;
+
+typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR \
+  CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR;
+
+typedef struct CK_SSL3_KEY_MAT_OUT {
+  CK_OBJECT_HANDLE hClientMacSecret;
+  CK_OBJECT_HANDLE hServerMacSecret;
+  CK_OBJECT_HANDLE hClientKey;
+  CK_OBJECT_HANDLE hServerKey;
+  CK_BYTE_PTR      pIVClient;
+  CK_BYTE_PTR      pIVServer;
+} CK_SSL3_KEY_MAT_OUT;
+
+typedef CK_SSL3_KEY_MAT_OUT CK_PTR CK_SSL3_KEY_MAT_OUT_PTR;
+
+
+typedef struct CK_SSL3_KEY_MAT_PARAMS {
+  CK_ULONG                ulMacSizeInBits;
+  CK_ULONG                ulKeySizeInBits;
+  CK_ULONG                ulIVSizeInBits;
+  CK_BBOOL                bIsExport;
+  CK_SSL3_RANDOM_DATA     RandomInfo;
+  CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
+} CK_SSL3_KEY_MAT_PARAMS;
+
+typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR CK_SSL3_KEY_MAT_PARAMS_PTR;
+
+typedef struct CK_TLS_PRF_PARAMS {
+  CK_BYTE_PTR  pSeed;
+  CK_ULONG     ulSeedLen;
+  CK_BYTE_PTR  pLabel;
+  CK_ULONG     ulLabelLen;
+  CK_BYTE_PTR  pOutput;
+  CK_ULONG_PTR pulOutputLen;
+} CK_TLS_PRF_PARAMS;
+
+typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR;
+
+typedef struct CK_WTLS_RANDOM_DATA {
+  CK_BYTE_PTR pClientRandom;
+  CK_ULONG    ulClientRandomLen;
+  CK_BYTE_PTR pServerRandom;
+  CK_ULONG    ulServerRandomLen;
+} CK_WTLS_RANDOM_DATA;
+
+typedef CK_WTLS_RANDOM_DATA CK_PTR CK_WTLS_RANDOM_DATA_PTR;
+
+typedef struct CK_WTLS_MASTER_KEY_DERIVE_PARAMS {
+  CK_MECHANISM_TYPE   DigestMechanism;
+  CK_WTLS_RANDOM_DATA RandomInfo;
+  CK_BYTE_PTR         pVersion;
+} CK_WTLS_MASTER_KEY_DERIVE_PARAMS;
+
+typedef CK_WTLS_MASTER_KEY_DERIVE_PARAMS CK_PTR \
+  CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR;
+
+typedef struct CK_WTLS_PRF_PARAMS {
+  CK_MECHANISM_TYPE DigestMechanism;
+  CK_BYTE_PTR       pSeed;
+  CK_ULONG          ulSeedLen;
+  CK_BYTE_PTR       pLabel;
+  CK_ULONG          ulLabelLen;
+  CK_BYTE_PTR       pOutput;
+  CK_ULONG_PTR      pulOutputLen;
+} CK_WTLS_PRF_PARAMS;
+
+typedef CK_WTLS_PRF_PARAMS CK_PTR CK_WTLS_PRF_PARAMS_PTR;
+
+typedef struct CK_WTLS_KEY_MAT_OUT {
+  CK_OBJECT_HANDLE hMacSecret;
+  CK_OBJECT_HANDLE hKey;
+  CK_BYTE_PTR      pIV;
+} CK_WTLS_KEY_MAT_OUT;
+
+typedef CK_WTLS_KEY_MAT_OUT CK_PTR CK_WTLS_KEY_MAT_OUT_PTR;
+
+typedef struct CK_WTLS_KEY_MAT_PARAMS {
+  CK_MECHANISM_TYPE       DigestMechanism;
+  CK_ULONG                ulMacSizeInBits;
+  CK_ULONG                ulKeySizeInBits;
+  CK_ULONG                ulIVSizeInBits;
+  CK_ULONG                ulSequenceNumber;
+  CK_BBOOL                bIsExport;
+  CK_WTLS_RANDOM_DATA     RandomInfo;
+  CK_WTLS_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
+} CK_WTLS_KEY_MAT_PARAMS;
+
+typedef CK_WTLS_KEY_MAT_PARAMS CK_PTR CK_WTLS_KEY_MAT_PARAMS_PTR;
+
+typedef struct CK_CMS_SIG_PARAMS {
+  CK_OBJECT_HANDLE      certificateHandle;
+  CK_MECHANISM_PTR      pSigningMechanism;
+  CK_MECHANISM_PTR      pDigestMechanism;
+  CK_UTF8CHAR_PTR       pContentType;
+  CK_BYTE_PTR           pRequestedAttributes;
+  CK_ULONG              ulRequestedAttributesLen;
+  CK_BYTE_PTR           pRequiredAttributes;
+  CK_ULONG              ulRequiredAttributesLen;
+} CK_CMS_SIG_PARAMS;
+
+typedef CK_CMS_SIG_PARAMS CK_PTR CK_CMS_SIG_PARAMS_PTR;
+
+typedef struct CK_KEY_DERIVATION_STRING_DATA {
+  CK_BYTE_PTR pData;
+  CK_ULONG    ulLen;
+} CK_KEY_DERIVATION_STRING_DATA;
+
+typedef CK_KEY_DERIVATION_STRING_DATA CK_PTR \
+  CK_KEY_DERIVATION_STRING_DATA_PTR;
+
+
+/* The CK_EXTRACT_PARAMS is used for the
+ * CKM_EXTRACT_KEY_FROM_KEY mechanism.  It specifies which bit
+ * of the base key should be used as the first bit of the
+ * derived key
+ */
+typedef CK_ULONG CK_EXTRACT_PARAMS;
+
+typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR;
+
+/* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to
+ * indicate the Pseudo-Random Function (PRF) used to generate
+ * key bits using PKCS #5 PBKDF2.
+ */
+typedef CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE;
+
+typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR \
+                        CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR;
+
+#define CKP_PKCS5_PBKD2_HMAC_SHA1          0x00000001UL
+#define CKP_PKCS5_PBKD2_HMAC_GOSTR3411     0x00000002UL
+#define CKP_PKCS5_PBKD2_HMAC_SHA224        0x00000003UL
+#define CKP_PKCS5_PBKD2_HMAC_SHA256        0x00000004UL
+#define CKP_PKCS5_PBKD2_HMAC_SHA384        0x00000005UL
+#define CKP_PKCS5_PBKD2_HMAC_SHA512        0x00000006UL
+#define CKP_PKCS5_PBKD2_HMAC_SHA512_224    0x00000007UL
+#define CKP_PKCS5_PBKD2_HMAC_SHA512_256    0x00000008UL
+
+/* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the
+ * source of the salt value when deriving a key using PKCS #5
+ * PBKDF2.
+ */
+typedef CK_ULONG CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE;
+
+typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE CK_PTR \
+                        CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR;
+
+/* The following salt value sources are defined in PKCS #5 v2.0. */
+#define CKZ_SALT_SPECIFIED        0x00000001UL
+
+/* CK_PKCS5_PBKD2_PARAMS is a structure that provides the
+ * parameters to the CKM_PKCS5_PBKD2 mechanism.
+ */
+typedef struct CK_PKCS5_PBKD2_PARAMS {
+        CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE           saltSource;
+        CK_VOID_PTR                                pSaltSourceData;
+        CK_ULONG                                   ulSaltSourceDataLen;
+        CK_ULONG                                   iterations;
+        CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf;
+        CK_VOID_PTR                                pPrfData;
+        CK_ULONG                                   ulPrfDataLen;
+        CK_UTF8CHAR_PTR                            pPassword;
+        CK_ULONG_PTR                               ulPasswordLen;
+} CK_PKCS5_PBKD2_PARAMS;
+
+typedef CK_PKCS5_PBKD2_PARAMS CK_PTR CK_PKCS5_PBKD2_PARAMS_PTR;
+
+/* CK_PKCS5_PBKD2_PARAMS2 is a corrected version of the CK_PKCS5_PBKD2_PARAMS
+ * structure that provides the parameters to the CKM_PKCS5_PBKD2 mechanism
+ * noting that the ulPasswordLen field is a CK_ULONG and not a CK_ULONG_PTR.
+ */
+typedef struct CK_PKCS5_PBKD2_PARAMS2 {
+        CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource;
+        CK_VOID_PTR pSaltSourceData;
+        CK_ULONG ulSaltSourceDataLen;
+        CK_ULONG iterations;
+        CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf;
+        CK_VOID_PTR pPrfData;
+        CK_ULONG ulPrfDataLen;
+        CK_UTF8CHAR_PTR pPassword;
+        CK_ULONG ulPasswordLen;
+} CK_PKCS5_PBKD2_PARAMS2;
+
+typedef CK_PKCS5_PBKD2_PARAMS2 CK_PTR CK_PKCS5_PBKD2_PARAMS2_PTR;
+
+typedef CK_ULONG CK_OTP_PARAM_TYPE;
+typedef CK_OTP_PARAM_TYPE CK_PARAM_TYPE; /* backward compatibility */
+
+typedef struct CK_OTP_PARAM {
+    CK_OTP_PARAM_TYPE type;
+    CK_VOID_PTR pValue;
+    CK_ULONG ulValueLen;
+} CK_OTP_PARAM;
+
+typedef CK_OTP_PARAM CK_PTR CK_OTP_PARAM_PTR;
+
+typedef struct CK_OTP_PARAMS {
+    CK_OTP_PARAM_PTR pParams;
+    CK_ULONG ulCount;
+} CK_OTP_PARAMS;
+
+typedef CK_OTP_PARAMS CK_PTR CK_OTP_PARAMS_PTR;
+
+typedef struct CK_OTP_SIGNATURE_INFO {
+    CK_OTP_PARAM_PTR pParams;
+    CK_ULONG ulCount;
+} CK_OTP_SIGNATURE_INFO;
+
+typedef CK_OTP_SIGNATURE_INFO CK_PTR CK_OTP_SIGNATURE_INFO_PTR;
+
+#define CK_OTP_VALUE          0UL
+#define CK_OTP_PIN            1UL
+#define CK_OTP_CHALLENGE      2UL
+#define CK_OTP_TIME           3UL
+#define CK_OTP_COUNTER        4UL
+#define CK_OTP_FLAGS          5UL
+#define CK_OTP_OUTPUT_LENGTH  6UL
+#define CK_OTP_OUTPUT_FORMAT  7UL
+
+#define CKF_NEXT_OTP          0x00000001UL
+#define CKF_EXCLUDE_TIME      0x00000002UL
+#define CKF_EXCLUDE_COUNTER   0x00000004UL
+#define CKF_EXCLUDE_CHALLENGE 0x00000008UL
+#define CKF_EXCLUDE_PIN       0x00000010UL
+#define CKF_USER_FRIENDLY_OTP 0x00000020UL
+
+typedef struct CK_KIP_PARAMS {
+    CK_MECHANISM_PTR  pMechanism;
+    CK_OBJECT_HANDLE  hKey;
+    CK_BYTE_PTR       pSeed;
+    CK_ULONG          ulSeedLen;
+} CK_KIP_PARAMS;
+
+typedef CK_KIP_PARAMS CK_PTR CK_KIP_PARAMS_PTR;
+
+typedef struct CK_AES_CTR_PARAMS {
+    CK_ULONG ulCounterBits;
+    CK_BYTE cb[16];
+} CK_AES_CTR_PARAMS;
+
+typedef CK_AES_CTR_PARAMS CK_PTR CK_AES_CTR_PARAMS_PTR;
+
+typedef struct CK_GCM_PARAMS {
+    CK_BYTE_PTR       pIv;
+    CK_ULONG          ulIvLen;
+    CK_ULONG          ulIvBits;
+    CK_BYTE_PTR       pAAD;
+    CK_ULONG          ulAADLen;
+    CK_ULONG          ulTagBits;
+} CK_GCM_PARAMS;
+
+typedef CK_GCM_PARAMS CK_PTR CK_GCM_PARAMS_PTR;
+
+typedef struct CK_CCM_PARAMS {
+    CK_ULONG          ulDataLen;
+    CK_BYTE_PTR       pNonce;
+    CK_ULONG          ulNonceLen;
+    CK_BYTE_PTR       pAAD;
+    CK_ULONG          ulAADLen;
+    CK_ULONG          ulMACLen;
+} CK_CCM_PARAMS;
+
+typedef CK_CCM_PARAMS CK_PTR CK_CCM_PARAMS_PTR;
+
+/* Deprecated. Use CK_GCM_PARAMS */
+typedef struct CK_AES_GCM_PARAMS {
+  CK_BYTE_PTR pIv;
+  CK_ULONG ulIvLen;
+  CK_ULONG ulIvBits;
+  CK_BYTE_PTR pAAD;
+  CK_ULONG ulAADLen;
+  CK_ULONG ulTagBits;
+} CK_AES_GCM_PARAMS;
+
+typedef CK_AES_GCM_PARAMS CK_PTR CK_AES_GCM_PARAMS_PTR;
+
+/* Deprecated. Use CK_CCM_PARAMS */
+typedef struct CK_AES_CCM_PARAMS {
+    CK_ULONG          ulDataLen;
+    CK_BYTE_PTR       pNonce;
+    CK_ULONG          ulNonceLen;
+    CK_BYTE_PTR       pAAD;
+    CK_ULONG          ulAADLen;
+    CK_ULONG          ulMACLen;
+} CK_AES_CCM_PARAMS;
+
+typedef CK_AES_CCM_PARAMS CK_PTR CK_AES_CCM_PARAMS_PTR;
+
+typedef struct CK_CAMELLIA_CTR_PARAMS {
+    CK_ULONG          ulCounterBits;
+    CK_BYTE           cb[16];
+} CK_CAMELLIA_CTR_PARAMS;
+
+typedef CK_CAMELLIA_CTR_PARAMS CK_PTR CK_CAMELLIA_CTR_PARAMS_PTR;
+
+typedef struct CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS {
+    CK_BYTE           iv[16];
+    CK_BYTE_PTR       pData;
+    CK_ULONG          length;
+} CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS;
+
+typedef CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR \
+                                CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS_PTR;
+
+typedef struct CK_ARIA_CBC_ENCRYPT_DATA_PARAMS {
+    CK_BYTE           iv[16];
+    CK_BYTE_PTR       pData;
+    CK_ULONG          length;
+} CK_ARIA_CBC_ENCRYPT_DATA_PARAMS;
+
+typedef CK_ARIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR \
+                                CK_ARIA_CBC_ENCRYPT_DATA_PARAMS_PTR;
+
+typedef struct CK_DSA_PARAMETER_GEN_PARAM {
+    CK_MECHANISM_TYPE  hash;
+    CK_BYTE_PTR        pSeed;
+    CK_ULONG           ulSeedLen;
+    CK_ULONG           ulIndex;
+} CK_DSA_PARAMETER_GEN_PARAM;
+
+typedef CK_DSA_PARAMETER_GEN_PARAM CK_PTR CK_DSA_PARAMETER_GEN_PARAM_PTR;
+
+typedef struct CK_ECDH_AES_KEY_WRAP_PARAMS {
+    CK_ULONG           ulAESKeyBits;
+    CK_EC_KDF_TYPE     kdf;
+    CK_ULONG           ulSharedDataLen;
+    CK_BYTE_PTR        pSharedData;
+} CK_ECDH_AES_KEY_WRAP_PARAMS;
+
+typedef CK_ECDH_AES_KEY_WRAP_PARAMS CK_PTR CK_ECDH_AES_KEY_WRAP_PARAMS_PTR;
+
+typedef CK_ULONG CK_JAVA_MIDP_SECURITY_DOMAIN;
+
+typedef CK_ULONG CK_CERTIFICATE_CATEGORY;
+
+typedef struct CK_RSA_AES_KEY_WRAP_PARAMS {
+    CK_ULONG                      ulAESKeyBits;
+    CK_RSA_PKCS_OAEP_PARAMS_PTR   pOAEPParams;
+} CK_RSA_AES_KEY_WRAP_PARAMS;
+
+typedef CK_RSA_AES_KEY_WRAP_PARAMS CK_PTR CK_RSA_AES_KEY_WRAP_PARAMS_PTR;
+
+typedef struct CK_TLS12_MASTER_KEY_DERIVE_PARAMS {
+    CK_SSL3_RANDOM_DATA       RandomInfo;
+    CK_VERSION_PTR            pVersion;
+    CK_MECHANISM_TYPE         prfHashMechanism;
+} CK_TLS12_MASTER_KEY_DERIVE_PARAMS;
+
+typedef CK_TLS12_MASTER_KEY_DERIVE_PARAMS CK_PTR \
+                                CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR;
+
+typedef struct CK_TLS12_KEY_MAT_PARAMS {
+    CK_ULONG                  ulMacSizeInBits;
+    CK_ULONG                  ulKeySizeInBits;
+    CK_ULONG                  ulIVSizeInBits;
+    CK_BBOOL                  bIsExport;
+    CK_SSL3_RANDOM_DATA       RandomInfo;
+    CK_SSL3_KEY_MAT_OUT_PTR   pReturnedKeyMaterial;
+    CK_MECHANISM_TYPE         prfHashMechanism;
+} CK_TLS12_KEY_MAT_PARAMS;
+
+typedef CK_TLS12_KEY_MAT_PARAMS CK_PTR CK_TLS12_KEY_MAT_PARAMS_PTR;
+
+typedef struct CK_TLS_KDF_PARAMS {
+    CK_MECHANISM_TYPE         prfMechanism;
+    CK_BYTE_PTR               pLabel;
+    CK_ULONG                  ulLabelLength;
+    CK_SSL3_RANDOM_DATA       RandomInfo;
+    CK_BYTE_PTR               pContextData;
+    CK_ULONG                  ulContextDataLength;
+} CK_TLS_KDF_PARAMS;
+
+typedef CK_TLS_KDF_PARAMS CK_PTR CK_TLS_KDF_PARAMS_PTR;
+
+typedef struct CK_TLS_MAC_PARAMS {
+    CK_MECHANISM_TYPE         prfHashMechanism;
+    CK_ULONG                  ulMacLength;
+    CK_ULONG                  ulServerOrClient;
+} CK_TLS_MAC_PARAMS;
+
+typedef CK_TLS_MAC_PARAMS CK_PTR CK_TLS_MAC_PARAMS_PTR;
+
+typedef struct CK_GOSTR3410_DERIVE_PARAMS {
+    CK_EC_KDF_TYPE            kdf;
+    CK_BYTE_PTR               pPublicData;
+    CK_ULONG                  ulPublicDataLen;
+    CK_BYTE_PTR               pUKM;
+    CK_ULONG                  ulUKMLen;
+} CK_GOSTR3410_DERIVE_PARAMS;
+
+typedef CK_GOSTR3410_DERIVE_PARAMS CK_PTR CK_GOSTR3410_DERIVE_PARAMS_PTR;
+
+typedef struct CK_GOSTR3410_KEY_WRAP_PARAMS {
+    CK_BYTE_PTR               pWrapOID;
+    CK_ULONG                  ulWrapOIDLen;
+    CK_BYTE_PTR               pUKM;
+    CK_ULONG                  ulUKMLen;
+    CK_OBJECT_HANDLE          hKey;
+} CK_GOSTR3410_KEY_WRAP_PARAMS;
+
+typedef CK_GOSTR3410_KEY_WRAP_PARAMS CK_PTR CK_GOSTR3410_KEY_WRAP_PARAMS_PTR;
+
+typedef struct CK_SEED_CBC_ENCRYPT_DATA_PARAMS {
+    CK_BYTE                   iv[16];
+    CK_BYTE_PTR               pData;
+    CK_ULONG                  length;
+} CK_SEED_CBC_ENCRYPT_DATA_PARAMS;
+
+typedef CK_SEED_CBC_ENCRYPT_DATA_PARAMS CK_PTR \
+                                        CK_SEED_CBC_ENCRYPT_DATA_PARAMS_PTR;
+
+#endif /* _PKCS11T_H_ */
+
diff --git a/hpcs-pkcs11/samples/sample.h b/hpcs-pkcs11/samples/sample.h
new file mode 100644
index 000000000..9387da42c
--- /dev/null
+++ b/hpcs-pkcs11/samples/sample.h
@@ -0,0 +1,23 @@
+/*
+Copyright IBM Corp. All Rights Reserved.
+
+SPDX-License-Identifier: Apache-2.0
+*/
+
+#ifndef _SAMPLE_H_
+#define _SAMPLE_H_ 1
+
+#define CK_PTR *
+#define CK_DEFINE_FUNCTION(returnType, name) returnType name
+#define CK_DECLARE_FUNCTION(returnType, name) returnType name
+#define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType (* name)
+#define CK_CALLBACK_FUNCTION(returnType, name) returnType (* name)
+
+#include <unistd.h>
+#include <stdint.h>
+
+#include "pkcs11.h"
+#include "ep11.h"
+#include "grep11.h"
+
+#endif
\ No newline at end of file
diff --git a/m4/acx_crypto_backend.m4 b/m4/acx_crypto_backend.m4
index fe59ca97f..0a5e42279 100644
--- a/m4/acx_crypto_backend.m4
+++ b/m4/acx_crypto_backend.m4
@@ -28,6 +28,16 @@ AC_DEFUN([ACX_CRYPTO_BACKEND],[
 		[enable_eddsa="detect"]
 	)
 
+	# Add SLHDSA check (only for OpenSSL)
+
+	AC_ARG_ENABLE(slhdsa,
+		AS_HELP_STRING([--enable-slhdsa],
+			[Enable support for SLHDSA (default detect, OpenSSL only)]
+		),
+		[enable_slhdsa="${enableval}"],
+		[enable_slhdsa="detect"]
+	)
+
 	# Second check for the FIPS 140-2 mode
 
 	AC_ARG_ENABLE(fips,
@@ -100,6 +110,14 @@ AC_DEFUN([ACX_CRYPTO_BACKEND],[
 			detect*-no*) enable_eddsa="no";;
 		esac
 
+		case "${enable_slhdsa}" in
+			yes|detect) ACX_OPENSSL_SLHDSA;;
+		esac
+		case "${enable_slhdsa}-${have_lib_openssl_slhdsa_support}" in
+			yes-no) AC_MSG_ERROR([OpenSSL library has no SLHDSA support]);;
+			detect-*) enable_slhdsa="${have_lib_openssl_slhdsa_support}";;
+		esac
+
 		case "${enable_gost}-${enable_fips}" in
 			yes-yes) AC_MSG_ERROR([GOST is not FIPS approved]);;
 			yes-no|detect-no) ACX_OPENSSL_GOST;;
@@ -231,6 +249,18 @@ AC_DEFUN([ACX_CRYPTO_BACKEND],[
 	fi
 	AM_CONDITIONAL([WITH_EDDSA], [test "x${enable_eddsa}" = "xyes"])
 
+	AC_MSG_CHECKING(for SLHDSA support)
+	if test "x${enable_slhdsa}" = "xyes"; then
+		AC_MSG_RESULT(yes)
+		AC_DEFINE_UNQUOTED(
+			[WITH_SLHDSA],
+			[],
+			[Compile with SLHDSA support]
+		)
+	else
+		AC_MSG_RESULT(no)
+	fi
+	AM_CONDITIONAL([WITH_SLHDSA], [test "x${enable_slhdsa}" = "xyes"])
 
 	AC_SUBST(CRYPTO_INCLUDES)
 	AC_SUBST(CRYPTO_LIBS)
diff --git a/m4/acx_openssl_slhdsa.m4 b/m4/acx_openssl_slhdsa.m4
new file mode 100644
index 000000000..2ed62797c
--- /dev/null
+++ b/m4/acx_openssl_slhdsa.m4
@@ -0,0 +1,44 @@
+AC_DEFUN([ACX_OPENSSL_SLHDSA],[
+	AC_MSG_CHECKING(for OpenSSL SLHDSA support)
+
+	tmp_CPPFLAGS=$CPPFLAGS
+	tmp_LIBS=$LIBS
+
+	CPPFLAGS="$CPPFLAGS $CRYPTO_INCLUDES"
+	LIBS="$CRYPTO_LIBS $LIBS"
+
+	AC_LANG_PUSH([C])
+	AC_CACHE_VAL([acx_cv_lib_openssl_slhdsa_support],[
+		acx_cv_lib_openssl_slhdsa_support=no
+		AC_RUN_IFELSE([
+			AC_LANG_SOURCE([[
+				#include <openssl/evp.h>
+				#include <openssl/objects.h>
+				int main()
+				{
+					EVP_PKEY_CTX *ctx;
+
+					/* Replace NID_SLHDSA with the actual NID your patched OpenSSL/liboqs uses */
+					ctx = EVP_PKEY_CTX_new_id(NID_ED25519, NULL);
+					if (ctx == NULL)
+						return 1;
+					return 0;
+				}
+			]])
+		],[
+			AC_MSG_RESULT([Found SLHDSA])
+			acx_cv_lib_openssl_slhdsa_support=yes
+		],[
+			AC_MSG_RESULT([Cannot find SLHDSA])
+			acx_cv_lib_openssl_slhdsa_support=no
+		],[
+			AC_MSG_WARN([Cannot test, SLHDSA])
+			acx_cv_lib_openssl_slhdsa_support=yes
+		])
+	])
+	AC_LANG_POP([C])
+
+	CPPFLAGS=$tmp_CPPFLAGS
+	LIBS=$tmp_LIBS
+	have_lib_openssl_slhdsa_support="${acx_cv_lib_openssl_slhdsa_support}"
+])
diff --git a/src/bin/dump/tables.h b/src/bin/dump/tables.h
index e6db51697..4cbe0d2b1 100644
--- a/src/bin/dump/tables.h
+++ b/src/bin/dump/tables.h
@@ -100,6 +100,7 @@ void fill_CKA_table(std::map<unsigned long, std::string> &t)
 	t[CKA_COPYABLE] = "CKA_COPYABLE";
 	t[CKA_DESTROYABLE] = "CKA_DESTROYABLE";
 	t[CKA_EC_PARAMS] = "CKA_EC_PARAMS";
+	t[CKA_SLHDSA_PARAMS] = "CKA_SLHDSA_PARAMS";
 	t[CKA_EC_POINT] = "CKA_EC_POINT";
 	t[CKA_SECONDARY_AUTH] = "CKA_SECONDARY_AUTH";
 	t[CKA_AUTH_PIN_FLAGS] = "CKA_AUTH_PIN_FLAGS";
@@ -478,6 +479,8 @@ void fill_CKM_table(std::map<unsigned long, std::string> &t)
 	t[CKM_RSA_PKCS_OAEP_TPM_1_1] = "CKM_RSA_PKCS_OAEP_TPM_1_1";
 	t[CKM_EC_EDWARDS_KEY_PAIR_GEN] = "CKM_EC_EDWARDS_KEY_PAIR_GEN";
 	t[CKM_EDDSA] = "CKM_EDDSA";
+	t[CKM_SLH_KEY_PAIR_GEN] = "CKM_SLH_KEY_PAIR_GEN";
+	t[CKM_SLHDSA] = "CKM_SLHDSA";
 }
 
 void fill_CKO_table(std::map<unsigned long, std::string> &t)
@@ -544,6 +547,7 @@ void fill_CKK_table(std::map<unsigned long, std::string> &t)
 	t[CKK_GOSTR3411] = "CKK_GOSTR3411";
 	t[CKK_GOST28147] = "CKK_GOST28147";
 	t[CKK_EC_EDWARDS] = "CKK_EC_EDWARDS";
+	t[CKK_SLHDSA] = "CKK_SLHDSA";
 }
 
 void fill_CKC_table(std::map<unsigned long, std::string> &t)
diff --git a/src/bin/util/softhsm2-util-ossl.cpp b/src/bin/util/softhsm2-util-ossl.cpp
index 2ead15866..6494758ca 100644
--- a/src/bin/util/softhsm2-util-ossl.cpp
+++ b/src/bin/util/softhsm2-util-ossl.cpp
@@ -152,6 +152,9 @@ int crypto_import_key_pair
 #ifdef WITH_EDDSA
 	EVP_PKEY* eddsa = NULL;
 #endif
+#ifdef WITH_SLHDSA
+	EVP_PKEY* slhdsa = NULL;
+#endif
 
 	switch (EVP_PKEY_type(EVP_PKEY_id(pkey)))
 	{
@@ -174,6 +177,15 @@ int crypto_import_key_pair
 			EVP_PKEY_up_ref(pkey);
 			eddsa = pkey;
 			break;
+#endif
+#ifdef WITH_SLHDSA
+		case NID_X25519:
+		case NID_ED25519:
+		case NID_X448:
+		case NID_ED448:
+			EVP_PKEY_up_ref(pkey);
+			slhdsa = pkey;
+			break;
 #endif
 		default:
 			fprintf(stderr, "ERROR: Cannot handle this algorithm.\n");
@@ -208,6 +220,13 @@ int crypto_import_key_pair
 		result = crypto_save_eddsa(hSession, label, objID, objIDLen, noPublicKey, eddsa);
 		EVP_PKEY_free(eddsa);
 	}
+#endif
+#ifdef WITH_SLHDSA
+	else if (slhdsa)
+	{
+		result = crypto_save_slhdsa(hSession, label, objID, objIDLen, noPublicKey, slhdsa);
+		EVP_PKEY_free(slhdsa);
+	}
 #endif
 	else
 	{
@@ -1138,3 +1157,186 @@ void crypto_free_eddsa(eddsa_key_material_t* keyMat)
 }
 
 #endif
+
+#ifdef WITH_SLHDSA
+
+// Save the key data in PKCS#11
+int crypto_save_slhdsa
+(
+	CK_SESSION_HANDLE hSession,
+	char* label,
+	char* objID,
+	size_t objIDLen,
+	int noPublicKey,
+	EVP_PKEY* slhdsa
+)
+{
+	slhdsa_key_material_t* keyMat = crypto_malloc_slhdsa(slhdsa);
+	if (keyMat == NULL)
+	{
+		fprintf(stderr, "ERROR: Could not convert the key material to binary information.\n");
+		return 1;
+	}
+
+	CK_OBJECT_CLASS pubClass = CKO_PUBLIC_KEY, privClass = CKO_PRIVATE_KEY;
+	CK_KEY_TYPE keyType = CKK_SLHDSA;
+	CK_BBOOL ckTrue = CK_TRUE, ckFalse = CK_FALSE, ckToken = CK_TRUE;
+	if (noPublicKey)
+	{
+		ckToken = CK_FALSE;
+	}
+	CK_ATTRIBUTE pubTemplate[] = {
+		{ CKA_CLASS,          &pubClass,         sizeof(pubClass) },
+		{ CKA_KEY_TYPE,       &keyType,          sizeof(keyType) },
+		{ CKA_LABEL,          label,             strlen(label) },
+		{ CKA_ID,             objID,             objIDLen },
+		{ CKA_TOKEN,          &ckToken,          sizeof(ckToken) },
+		{ CKA_VERIFY,         &ckTrue,           sizeof(ckTrue) },
+		{ CKA_ENCRYPT,        &ckFalse,          sizeof(ckFalse) },
+		{ CKA_WRAP,           &ckFalse,          sizeof(ckFalse) },
+		{ CKA_SLHDSA_PARAMS,      keyMat->derOID,    keyMat->sizeOID },
+		{ CKA_EC_POINT,       keyMat->bigA,      keyMat->sizeA },
+	};
+	CK_ATTRIBUTE privTemplate[] = {
+		{ CKA_CLASS,          &privClass,        sizeof(privClass) },
+		{ CKA_KEY_TYPE,       &keyType,          sizeof(keyType) },
+		{ CKA_LABEL,          label,             strlen(label) },
+		{ CKA_ID,             objID,             objIDLen },
+		{ CKA_SIGN,           &ckTrue,           sizeof(ckTrue) },
+		{ CKA_DECRYPT,        &ckFalse,          sizeof(ckFalse) },
+		{ CKA_UNWRAP,         &ckFalse,          sizeof(ckFalse) },
+		{ CKA_SENSITIVE,      &ckTrue,           sizeof(ckTrue) },
+		{ CKA_TOKEN,          &ckTrue,           sizeof(ckTrue) },
+		{ CKA_PRIVATE,        &ckTrue,           sizeof(ckTrue) },
+		{ CKA_EXTRACTABLE,    &ckFalse,          sizeof(ckFalse) },
+		{ CKA_EC_PARAMS,      keyMat->derOID,    keyMat->sizeOID },
+		{ CKA_VALUE,          keyMat->bigK,      keyMat->sizeK }
+	};
+
+	CK_OBJECT_HANDLE hKey1, hKey2;
+	CK_RV rv = p11->C_CreateObject(hSession, privTemplate, 13, &hKey1);
+	if (rv != CKR_OK)
+	{
+		fprintf(stderr, "ERROR: Could not save the private key in the token. "
+				"Maybe the algorithm is not supported.\n");
+		crypto_free_slhdsa(keyMat);
+		return 1;
+	}
+
+	rv = p11->C_CreateObject(hSession, pubTemplate, 10, &hKey2);
+	crypto_free_slhdsa(keyMat);
+
+	if (rv != CKR_OK)
+	{
+		p11->C_DestroyObject(hSession, hKey1);
+		fprintf(stderr, "ERROR: Could not save the public key in the token.\n");
+		return 1;
+	}
+
+	printf("The key pair has been imported.\n");
+
+	return 0;
+}
+
+// Convert the OpenSSL key to binary
+
+#define X25519_KEYLEN	32
+#define X448_KEYLEN	56
+#define ED448_KEYLEN	57
+
+#define PUBPREFIXLEN	12
+#define PRIVPREFIXLEN	16
+
+slhdsa_key_material_t* crypto_malloc_slhdsa(EVP_PKEY* pkey)
+{
+	int result;
+	int len;
+	unsigned char *buf;
+
+	if (pkey == NULL)
+	{
+		return NULL;
+	}
+
+	slhdsa_key_material_t* keyMat = (slhdsa_key_material_t*)calloc(1, sizeof(slhdsa_key_material_t));
+	if (keyMat == NULL)
+	{
+		return NULL;
+	}
+
+	int nid = EVP_PKEY_id(pkey);
+	keyMat->sizeOID = i2d_ASN1_OBJECT(OBJ_nid2obj(nid), NULL);
+	keyMat->derOID = (CK_VOID_PTR)malloc(keyMat->sizeOID);
+
+	switch (nid) {
+	case NID_X25519:
+	case NID_ED25519:
+		keyMat->sizeK = X25519_KEYLEN;
+		keyMat->sizeA = X25519_KEYLEN;
+		break;
+	case NID_X448:
+		keyMat->sizeK = X448_KEYLEN;
+		keyMat->sizeA = X448_KEYLEN;
+		break;
+	case NID_ED448:
+		keyMat->sizeK = ED448_KEYLEN;
+		keyMat->sizeA = ED448_KEYLEN;
+		break;
+	default:
+		crypto_free_slhdsa(keyMat);
+		return NULL;
+	}
+	keyMat->bigK = (CK_VOID_PTR)malloc(keyMat->sizeK);
+	keyMat->bigA = (CK_VOID_PTR)malloc(keyMat->sizeA);
+	if (!keyMat->derOID || !keyMat->bigK || !keyMat->bigA)
+	{
+		crypto_free_slhdsa(keyMat);
+		return NULL;
+	}
+
+	unsigned char *p = (unsigned char*) keyMat->derOID;
+	result = i2d_ASN1_OBJECT(OBJ_nid2obj(nid), &p);
+	if (result <= 0)
+	{
+		crypto_free_slhdsa(keyMat);
+		return NULL;
+	}
+
+	len = i2d_PUBKEY(pkey, NULL);
+	if (((CK_ULONG) len != PUBPREFIXLEN + keyMat->sizeA) ||
+	    ((buf = (unsigned char*) malloc(len)) == NULL))
+	{
+		crypto_free_slhdsa(keyMat);
+		return NULL;
+	}
+	p = buf;
+	i2d_PUBKEY(pkey, &p);
+	memcpy(keyMat->bigA, buf + PUBPREFIXLEN, keyMat->sizeA);
+	free(buf);
+
+	len = i2d_PrivateKey(pkey, NULL);
+	if (((CK_ULONG) len != PRIVPREFIXLEN + keyMat->sizeK) ||
+	    ((buf = (unsigned char*) malloc(len)) == NULL))
+	{
+		crypto_free_slhdsa(keyMat);
+		return NULL;
+	}
+	p = buf;
+	i2d_PrivateKey(pkey, &p);
+	memcpy(keyMat->bigK, buf + PRIVPREFIXLEN, keyMat->sizeK);
+	free(buf);
+
+	return keyMat;
+}
+
+// Free the memory of the key
+void crypto_free_slhdsa(slhdsa_key_material_t* keyMat)
+{
+	if (keyMat == NULL) return;
+	if (keyMat->derOID) free(keyMat->derOID);
+	if (keyMat->bigK) free(keyMat->bigK);
+	if (keyMat->bigA) free(keyMat->bigA);
+	free(keyMat);
+}
+
+#endif
diff --git a/src/bin/util/softhsm2-util-ossl.h b/src/bin/util/softhsm2-util-ossl.h
index 8fac6123b..6b49b04ce 100644
--- a/src/bin/util/softhsm2-util-ossl.h
+++ b/src/bin/util/softhsm2-util-ossl.h
@@ -38,7 +38,7 @@
 #ifdef WITH_ECC
 #include <openssl/ec.h>
 #endif
-#ifdef WITH_EDDSA
+#if defined(WITH_EDDSA) || defined (WITH_SLHDSA)
 #include <openssl/evp.h>
 #endif
 
@@ -142,6 +142,25 @@ typedef struct eddsa_key_material_t {
 } eddsa_key_material_t;
 #endif
 
+#ifdef WITH_SLHDSA
+typedef struct slhdsa_key_material_t {
+	CK_ULONG sizeOID;
+	CK_ULONG sizeK;
+	CK_ULONG sizeA;
+	CK_VOID_PTR derOID;
+	CK_VOID_PTR bigK;
+	CK_VOID_PTR bigA;
+	slhdsa_key_material_t() {
+		sizeOID = 0;
+		sizeK = 0;
+		sizeA = 0;
+		derOID = NULL_PTR;
+		bigK = NULL_PTR;
+		bigA = NULL_PTR;
+	}
+} slhdsa_key_material_t;
+#endif
+
 EVP_PKEY* crypto_read_file(char* filePath, char* filePIN);
 
 // RSA
@@ -168,4 +187,11 @@ eddsa_key_material_t* crypto_malloc_eddsa(EVP_PKEY* eddsa);
 void crypto_free_eddsa(eddsa_key_material_t* keyMat);
 #endif
 
+#ifdef WITH_SLHDSA
+// SLHDSA
+int crypto_save_slhdsa(CK_SESSION_HANDLE hSession, char* label, char* objID, size_t objIDLen, int noPublicKey, EVP_PKEY* slhdsa);
+slhdsa_key_material_t* crypto_malloc_slhdsa(EVP_PKEY* slhdsa);
+void crypto_free_slhdsa(slhdsa_key_material_t* keyMat);
+#endif
+
 #endif // !_SOFTHSM_V2_SOFTHSM2_UTIL_OSSL_H
diff --git a/src/lib/P11Objects.cpp b/src/lib/P11Objects.cpp
index bbd021047..6d8d0afa4 100644
--- a/src/lib/P11Objects.cpp
+++ b/src/lib/P11Objects.cpp
@@ -930,6 +930,51 @@ bool P11EDPublicKeyObj::init(OSObject *inobject)
 	return true;
 }
 
+// Constructor
+P11SLHPublicKeyObj::P11SLHPublicKeyObj()
+{
+	initialized = false;
+}
+
+// Add attributes
+bool P11SLHPublicKeyObj::init(OSObject *inobject)
+{
+	if (initialized) return true;
+	if (inobject == NULL) return false;
+
+	if (!inobject->attributeExists(CKA_KEY_TYPE) || inobject->getUnsignedLongValue(CKA_KEY_TYPE, CKK_VENDOR_DEFINED) != CKK_SLHDSA) {
+		OSAttribute setKeyType((unsigned long)CKK_SLHDSA);
+		inobject->setAttribute(CKA_KEY_TYPE, setKeyType);
+	}
+
+	// Create parent
+	if (!P11PublicKeyObj::init(inobject)) return false;
+
+	// Create attributes
+	P11Attribute* attrEcParams = new P11AttrEcParams(osobject,P11Attribute::ck3);
+	P11Attribute* attrEcPoint = new P11AttrEcPoint(osobject);
+
+	// Initialize the attributes
+	if
+	(
+		!attrEcParams->init() ||
+		!attrEcPoint->init()
+	)
+	{
+		ERROR_MSG("Could not initialize the attribute");
+		delete attrEcParams;
+		delete attrEcPoint;
+		return false;
+	}
+
+	// Add them to the map
+	attributes[attrEcParams->getType()] = attrEcParams;
+	attributes[attrEcPoint->getType()] = attrEcPoint;
+
+	initialized = true;
+	return true;
+}
+
 // Constructor
 P11DHPublicKeyObj::P11DHPublicKeyObj()
 {
@@ -1335,6 +1380,51 @@ bool P11EDPrivateKeyObj::init(OSObject *inobject)
 	return true;
 }
 
+// Constructor
+P11SLHPrivateKeyObj::P11SLHPrivateKeyObj()
+{
+	initialized = false;
+}
+
+// Add attributes
+bool P11SLHPrivateKeyObj::init(OSObject *inobject)
+{
+	if (initialized) return true;
+	if (inobject == NULL) return false;
+
+	if (!inobject->attributeExists(CKA_KEY_TYPE) || inobject->getUnsignedLongValue(CKA_KEY_TYPE, CKK_VENDOR_DEFINED) != CKK_SLHDSA) {
+		OSAttribute setKeyType((unsigned long)CKK_SLHDSA);
+		inobject->setAttribute(CKA_KEY_TYPE, setKeyType);
+	}
+
+	// Create parent
+	if (!P11PrivateKeyObj::init(inobject)) return false;
+
+	// Create attributes
+	P11Attribute* attrEcParams = new P11AttrEcParams(osobject,P11Attribute::ck4|P11Attribute::ck6);
+	P11Attribute* attrValue = new P11AttrValue(osobject,P11Attribute::ck1|P11Attribute::ck4|P11Attribute::ck6|P11Attribute::ck7);
+
+	// Initialize the attributes
+	if
+	(
+		!attrEcParams->init() ||
+		!attrValue->init()
+	)
+	{
+		ERROR_MSG("Could not initialize the attribute");
+		delete attrEcParams;
+		delete attrValue;
+		return false;
+	}
+
+	// Add them to the map
+	attributes[attrEcParams->getType()] = attrEcParams;
+	attributes[attrValue->getType()] = attrValue;
+
+	initialized = true;
+	return true;
+}
+
 // Constructor
 P11DHPrivateKeyObj::P11DHPrivateKeyObj()
 {
diff --git a/src/lib/P11Objects.h b/src/lib/P11Objects.h
index 9d223ac01..faa84651b 100644
--- a/src/lib/P11Objects.h
+++ b/src/lib/P11Objects.h
@@ -198,6 +198,19 @@ class P11EDPublicKeyObj : public P11PublicKeyObj
 	bool initialized;
 };
 
+class P11SLHPublicKeyObj : public P11PublicKeyObj
+{
+public:
+	// Constructor
+	P11SLHPublicKeyObj();
+
+	// Add attributes
+	virtual bool init(OSObject *inobject);
+
+protected:
+	bool initialized;
+};
+
 class P11DHPublicKeyObj : public P11PublicKeyObj
 {
 public:
@@ -287,6 +300,19 @@ class P11EDPrivateKeyObj : public P11PrivateKeyObj
 	bool initialized;
 };
 
+class P11SLHPrivateKeyObj : public P11PrivateKeyObj
+{
+public:
+	// Constructor
+	P11SLHPrivateKeyObj();
+
+	// Add attributes
+	virtual bool init(OSObject *inobject);
+
+protected:
+	bool initialized;
+};
+
 class P11DHPrivateKeyObj : public P11PrivateKeyObj
 {
 public:
diff --git a/src/lib/SoftHSM.cpp b/src/lib/SoftHSM.cpp
index 234fbfa18..982951860 100644
--- a/src/lib/SoftHSM.cpp
+++ b/src/lib/SoftHSM.cpp
@@ -140,6 +140,8 @@ static CK_RV newP11Object(CK_OBJECT_CLASS objClass, CK_KEY_TYPE keyType, CK_CERT
 				*p11object = new P11GOSTPublicKeyObj();
 			else if (keyType == CKK_EC_EDWARDS)
 				*p11object = new P11EDPublicKeyObj();
+			else if (keyType == CKK_SLHDSA)
+				*p11object = new P11SLHPublicKeyObj();
 			else
 				return CKR_ATTRIBUTE_VALUE_INVALID;
 			break;
@@ -157,6 +159,8 @@ static CK_RV newP11Object(CK_OBJECT_CLASS objClass, CK_KEY_TYPE keyType, CK_CERT
 				*p11object = new P11GOSTPrivateKeyObj();
 			else if (keyType == CKK_EC_EDWARDS)
 				*p11object = new P11EDPrivateKeyObj();
+			else if (keyType == CKK_SLHDSA)
+				*p11object = new P11SLHPrivateKeyObj();
 			else
 				return CKR_ATTRIBUTE_VALUE_INVALID;
 			break;
@@ -824,6 +828,10 @@ void SoftHSM::prepareSupportedMechanisms(std::map<std::string, CK_MECHANISM_TYPE
 #ifdef WITH_EDDSA
 	t["CKM_EC_EDWARDS_KEY_PAIR_GEN"] = CKM_EC_EDWARDS_KEY_PAIR_GEN;
 	t["CKM_EDDSA"]			= CKM_EDDSA;
+#endif
+#ifdef WITH_SLHDSA
+	t["CKM_SLH_KEY_PAIR_GEN"] = CKM_SLH_KEY_PAIR_GEN;
+	t["CKM_SLHDSA"]			= CKM_SLHDSA;
 #endif
 	t["CKM_CONCATENATE_DATA_AND_BASE"] = CKM_CONCATENATE_DATA_AND_BASE;
 	t["CKM_CONCATENATE_BASE_AND_DATA"] = CKM_CONCATENATE_BASE_AND_DATA;
@@ -925,9 +933,10 @@ CK_RV SoftHSM::C_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, CK_
 #ifdef WITH_ECC
 	unsigned long ecdsaMinSize, ecdsaMaxSize;
 #endif
-#if defined(WITH_ECC) || defined(WITH_EDDSA)
+#if defined(WITH_ECC) || defined(WITH_EDDSA) || defined(WITH_SLHDSA)
 	unsigned long ecdhMinSize = 0, ecdhMaxSize = 0;
 	unsigned long eddsaMinSize = 0, eddsaMaxSize = 0;
+	unsigned long slhdsaMinSize = 0, slhdsaMaxSize = 0;
 #endif
 
 	if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
@@ -1025,6 +1034,21 @@ CK_RV SoftHSM::C_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, CK_
 	}
 	CryptoFactory::i()->recycleAsymmetricAlgorithm(eddsa);
 #endif
+
+#ifdef WITH_SLHDSA
+	AsymmetricAlgorithm* slhdsa = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::SLHDSA);
+	if (slhdsa != NULL)
+	{
+		slhdsaMinSize = slhdsa->getMinKeySize();
+		slhdsaMaxSize = slhdsa->getMaxKeySize();
+	}
+	else
+	{
+		return CKR_GENERAL_ERROR;
+	}
+	CryptoFactory::i()->recycleAsymmetricAlgorithm(slhdsa);
+#endif
+
 	pInfo->flags = 0;	// initialize flags
 	switch (type)
 	{
@@ -1314,6 +1338,18 @@ CK_RV SoftHSM::C_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, CK_
 			pInfo->ulMaxKeySize = eddsaMaxSize;
 			pInfo->flags = CKF_SIGN | CKF_VERIFY;
 			break;
+#endif
+#ifdef WITH_SLHDSA
+		case CKM_SLH_KEY_PAIR_GEN:
+			pInfo->ulMinKeySize = slhdsaMinSize;
+			pInfo->ulMaxKeySize = slhdsaMaxSize;
+			pInfo->flags = CKF_GENERATE_KEY_PAIR;
+			break;
+		case CKM_SLHDSA:
+			pInfo->ulMinKeySize = slhdsaMinSize;
+			pInfo->ulMaxKeySize = slhdsaMaxSize;
+			pInfo->flags = CKF_SIGN | CKF_VERIFY;
+			break;
 #endif
 	    case CKM_CONCATENATE_DATA_AND_BASE:
 	    case CKM_CONCATENATE_BASE_AND_DATA:
@@ -4153,6 +4189,9 @@ CK_RV SoftHSM::AsymSignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechan
 #endif
 #ifdef WITH_EDDSA
 	bool isEDDSA = false;
+#endif
+#ifdef WITH_SLHDSA
+	bool isSLHDSA = false;
 #endif
 	switch(pMechanism->mechanism) {
 		case CKM_RSA_PKCS:
@@ -4419,6 +4458,13 @@ CK_RV SoftHSM::AsymSignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechan
 			bAllowMultiPartOp = false;
 			isEDDSA = true;
 			break;
+#endif
+#ifdef WITH_SLHDSA
+		case CKM_SLHDSA:
+			mechanism = AsymMech::SLHDSA;
+			bAllowMultiPartOp = false;
+			isSLHDSA = true;
+			break;
 #endif
 		default:
 			return CKR_MECHANISM_INVALID;
@@ -4505,6 +4551,27 @@ CK_RV SoftHSM::AsymSignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechan
 			return CKR_GENERAL_ERROR;
 		}
 	}
+#endif
+#ifdef WITH_SLHDSA
+	else if (isSLHDSA)
+	{
+		asymCrypto = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::SLHDSA);
+		if (asymCrypto == NULL) return CKR_MECHANISM_INVALID;
+
+		privateKey = asymCrypto->newPrivateKey();
+		if (privateKey == NULL)
+		{
+			CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
+			return CKR_HOST_MEMORY;
+		}
+
+		if (getSLHPrivateKey((SLHPrivateKey*)privateKey, token, key) != CKR_OK)
+		{
+			asymCrypto->recyclePrivateKey(privateKey);
+			CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
+			return CKR_GENERAL_ERROR;
+		}
+	}
 #endif
 	else
 	{
@@ -5156,6 +5223,9 @@ CK_RV SoftHSM::AsymVerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMech
 #endif
 #ifdef WITH_EDDSA
 	bool isEDDSA = false;
+#endif
+#ifdef WITH_SLHDSA
+	bool isSLHDSA = false;
 #endif
 	switch(pMechanism->mechanism) {
 		case CKM_RSA_PKCS:
@@ -5420,6 +5490,13 @@ CK_RV SoftHSM::AsymVerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMech
 			bAllowMultiPartOp = false;
 			isEDDSA = true;
 			break;
+#endif
+#ifdef WITH_SLHDSA
+		case CKM_SLHDSA:
+			mechanism = AsymMech::SLHDSA;
+			bAllowMultiPartOp = false;
+			isSLHDSA = true;
+			break;
 #endif
 		default:
 			return CKR_MECHANISM_INVALID;
@@ -5506,6 +5583,27 @@ CK_RV SoftHSM::AsymVerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMech
 			return CKR_GENERAL_ERROR;
 		}
 	}
+#endif
+#ifdef WITH_SLHDSA
+	else if (isSLHDSA)
+	{
+		asymCrypto = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::SLHDSA);
+		if (asymCrypto == NULL) return CKR_MECHANISM_INVALID;
+
+		publicKey = asymCrypto->newPublicKey();
+		if (publicKey == NULL)
+		{
+			CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
+			return CKR_HOST_MEMORY;
+		}
+
+		if (getSLHPublicKey((SLHPublicKey*)publicKey, token, key) != CKR_OK)
+		{
+			asymCrypto->recyclePublicKey(publicKey);
+			CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
+			return CKR_GENERAL_ERROR;
+		}
+	}
 #endif
 	else
 	{
@@ -6089,7 +6187,7 @@ CK_RV SoftHSM::C_GenerateKeyPair
 	Session* session = (Session*)handleManager->getSession(hSession);
 	if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
 
-	// Check the mechanism, only accept RSA, DSA, EC and DH key pair generation.
+	// Check the mechanism, only accept RSA, DSA, EC, SLH and DH key pair generation.
 	CK_KEY_TYPE keyType;
 	switch (pMechanism->mechanism)
 	{
@@ -6116,6 +6214,11 @@ CK_RV SoftHSM::C_GenerateKeyPair
 		case CKM_EC_EDWARDS_KEY_PAIR_GEN:
 			keyType = CKK_EC_EDWARDS;
 			break;
+#endif
+#ifdef WITH_SLHDSA
+		case CKM_SLH_KEY_PAIR_GEN:
+			keyType = CKK_SLHDSA;
+			break;
 #endif
 		default:
 			return CKR_MECHANISM_INVALID;
@@ -6144,6 +6247,8 @@ CK_RV SoftHSM::C_GenerateKeyPair
 		return CKR_TEMPLATE_INCONSISTENT;
 	if (pMechanism->mechanism == CKM_EC_EDWARDS_KEY_PAIR_GEN && keyType != CKK_EC_EDWARDS)
 		return CKR_TEMPLATE_INCONSISTENT;
+	if (pMechanism->mechanism == CKM_SLH_KEY_PAIR_GEN && keyType != CKK_SLHDSA)
+		return CKR_TEMPLATE_INCONSISTENT;
 
 	// Extract information from the private key template that is needed to create the object.
 	CK_OBJECT_CLASS privateKeyClass = CKO_PRIVATE_KEY;
@@ -6167,6 +6272,8 @@ CK_RV SoftHSM::C_GenerateKeyPair
 		return CKR_TEMPLATE_INCONSISTENT;
 	if (pMechanism->mechanism == CKM_EC_EDWARDS_KEY_PAIR_GEN && keyType != CKK_EC_EDWARDS)
 		return CKR_TEMPLATE_INCONSISTENT;
+	if (pMechanism->mechanism == CKM_SLH_KEY_PAIR_GEN && keyType != CKK_SLHDSA)
+		return CKR_TEMPLATE_INCONSISTENT;
 
 	// Check user credentials
 	CK_RV rv = haveWrite(session->getState(), ispublicKeyToken || isprivateKeyToken, ispublicKeyPrivate || isprivateKeyPrivate);
@@ -6230,6 +6337,16 @@ CK_RV SoftHSM::C_GenerateKeyPair
 									 ispublicKeyToken, ispublicKeyPrivate, isprivateKeyToken, isprivateKeyPrivate);
 	}
 
+	// Generate SLHDSA keys
+	if (pMechanism->mechanism == CKM_SLH_KEY_PAIR_GEN)
+	{
+			return this->generateSLH(hSession,
+									 pPublicKeyTemplate, ulPublicKeyAttributeCount,
+									 pPrivateKeyTemplate, ulPrivateKeyAttributeCount,
+									 phPublicKey, phPrivateKey,
+									 ispublicKeyToken, ispublicKeyPrivate, isprivateKeyToken, isprivateKeyPrivate);
+	}
+
 	// Generate EDDSA keys
 	if (pMechanism->mechanism == CKM_EC_EDWARDS_KEY_PAIR_GEN)
 	{
@@ -9933,6 +10050,254 @@ CK_RV SoftHSM::generateED
 	return rv;
 }
 
+
+// Generate an SLHDSA key pair
+CK_RV SoftHSM::generateSLH
+(CK_SESSION_HANDLE hSession,
+	CK_ATTRIBUTE_PTR pPublicKeyTemplate,
+	CK_ULONG ulPublicKeyAttributeCount,
+	CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
+	CK_ULONG ulPrivateKeyAttributeCount,
+	CK_OBJECT_HANDLE_PTR phPublicKey,
+	CK_OBJECT_HANDLE_PTR phPrivateKey,
+	CK_BBOOL isPublicKeyOnToken,
+	CK_BBOOL isPublicKeyPrivate,
+	CK_BBOOL isPrivateKeyOnToken,
+	CK_BBOOL isPrivateKeyPrivate)
+{
+	*phPublicKey = CK_INVALID_HANDLE;
+	*phPrivateKey = CK_INVALID_HANDLE;
+
+	// Get the session
+	Session* session = (Session*)handleManager->getSession(hSession);
+	if (session == NULL)
+		return CKR_SESSION_HANDLE_INVALID;
+
+	// Get the token
+	Token* token = session->getToken();
+	if (token == NULL)
+		return CKR_GENERAL_ERROR;
+
+	// Extract desired key information
+	// NOTE: thinking about pPublicKeyTemplate...
+	ByteString params;
+	for (CK_ULONG i = 0; i < ulPublicKeyAttributeCount; i++)
+	{
+		switch (pPublicKeyTemplate[i].type)
+		{
+			case CKA_SLHDSA_PARAMS:
+				params = ByteString((unsigned char*)pPublicKeyTemplate[i].pValue, pPublicKeyTemplate[i].ulValueLen);
+				break;
+			default:
+				break;
+		}
+	}
+
+	// The parameters must be specified to be able to generate a key pair.
+	if (params.size() == 0) {
+		INFO_MSG("Missing parameter(s) in pPublicKeyTemplate");
+		return CKR_TEMPLATE_INCOMPLETE;
+	}
+
+	// Set the parameters
+	ECParameters p;
+	p.setEC(params);
+
+	// Generate key pair
+	AsymmetricKeyPair* kp = NULL;
+	AsymmetricAlgorithm* ec = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::SLHDSA);
+	if (ec == NULL) return CKR_GENERAL_ERROR;
+	if (!ec->generateKeyPair(&kp, &p))
+	{
+		ERROR_MSG("Could not generate key pair");
+		CryptoFactory::i()->recycleAsymmetricAlgorithm(ec);
+		return CKR_GENERAL_ERROR;
+	}
+
+	SLHPublicKey* pub = (SLHPublicKey*) kp->getPublicKey();
+	SLHPrivateKey* priv = (SLHPrivateKey*) kp->getPrivateKey();
+
+	CK_RV rv = CKR_OK;
+
+	// Create a public key using C_CreateObject
+	if (rv == CKR_OK)
+	{
+		const CK_ULONG maxAttribs = 32;
+		CK_OBJECT_CLASS publicKeyClass = CKO_PUBLIC_KEY;
+		CK_KEY_TYPE publicKeyType = CKK_SLHDSA;
+		CK_ATTRIBUTE publicKeyAttribs[maxAttribs] = {
+			{ CKA_CLASS, &publicKeyClass, sizeof(publicKeyClass) },
+			{ CKA_TOKEN, &isPublicKeyOnToken, sizeof(isPublicKeyOnToken) },
+			{ CKA_PRIVATE, &isPublicKeyPrivate, sizeof(isPublicKeyPrivate) },
+			{ CKA_KEY_TYPE, &publicKeyType, sizeof(publicKeyType) },
+		};
+		CK_ULONG publicKeyAttribsCount = 4;
+
+		// Add the additional
+		if (ulPublicKeyAttributeCount > (maxAttribs - publicKeyAttribsCount))
+			rv = CKR_TEMPLATE_INCONSISTENT;
+		for (CK_ULONG i=0; i < ulPublicKeyAttributeCount && rv == CKR_OK; ++i)
+		{
+			switch (pPublicKeyTemplate[i].type)
+			{
+				case CKA_CLASS:
+				case CKA_TOKEN:
+				case CKA_PRIVATE:
+				case CKA_KEY_TYPE:
+					continue;
+				default:
+					publicKeyAttribs[publicKeyAttribsCount++] = pPublicKeyTemplate[i];
+			}
+		}
+
+		if (rv == CKR_OK)
+			rv = this->CreateObject(hSession,publicKeyAttribs,publicKeyAttribsCount,phPublicKey,OBJECT_OP_GENERATE);
+
+		// Store the attributes that are being supplied by the key generation to the object
+		if (rv == CKR_OK)
+		{
+			OSObject* osobject = (OSObject*)handleManager->getObject(*phPublicKey);
+			if (osobject == NULL_PTR || !osobject->isValid()) {
+				rv = CKR_FUNCTION_FAILED;
+			} else if (osobject->startTransaction()) {
+				bool bOK = true;
+
+				// Common Key Attributes
+				bOK = bOK && osobject->setAttribute(CKA_LOCAL,true);
+				CK_ULONG ulKeyGenMechanism = (CK_ULONG)CKM_SLH_KEY_PAIR_GEN;
+				bOK = bOK && osobject->setAttribute(CKA_KEY_GEN_MECHANISM,ulKeyGenMechanism);
+
+				// EDDSA Public Key Attributes
+				ByteString value;
+				if (isPublicKeyPrivate)
+				{
+					token->encrypt(pub->getA(), value);
+				}
+				else
+				{
+					value = pub->getA();
+				}
+				bOK = bOK && osobject->setAttribute(CKA_EC_POINT, value);
+
+				if (bOK)
+					bOK = osobject->commitTransaction();
+				else
+					osobject->abortTransaction();
+
+				if (!bOK)
+					rv = CKR_FUNCTION_FAILED;
+			} else
+				rv = CKR_FUNCTION_FAILED;
+		}
+	}
+
+	// Create a private key using C_CreateObject
+	if (rv == CKR_OK)
+	{
+		const CK_ULONG maxAttribs = 32;
+		CK_OBJECT_CLASS privateKeyClass = CKO_PRIVATE_KEY;
+		CK_KEY_TYPE privateKeyType = CKK_SLHDSA;
+		CK_ATTRIBUTE privateKeyAttribs[maxAttribs] = {
+			{ CKA_CLASS, &privateKeyClass, sizeof(privateKeyClass) },
+			{ CKA_TOKEN, &isPrivateKeyOnToken, sizeof(isPrivateKeyOnToken) },
+			{ CKA_PRIVATE, &isPrivateKeyPrivate, sizeof(isPrivateKeyPrivate) },
+			{ CKA_KEY_TYPE, &privateKeyType, sizeof(privateKeyType) },
+		};
+		CK_ULONG privateKeyAttribsCount = 4;
+		if (ulPrivateKeyAttributeCount > (maxAttribs - privateKeyAttribsCount))
+			rv = CKR_TEMPLATE_INCONSISTENT;
+		for (CK_ULONG i=0; i < ulPrivateKeyAttributeCount && rv == CKR_OK; ++i)
+		{
+			switch (pPrivateKeyTemplate[i].type)
+			{
+				case CKA_CLASS:
+				case CKA_TOKEN:
+				case CKA_PRIVATE:
+				case CKA_KEY_TYPE:
+					continue;
+				default:
+					privateKeyAttribs[privateKeyAttribsCount++] = pPrivateKeyTemplate[i];
+			}
+		}
+
+		if (rv == CKR_OK)
+			rv = this->CreateObject(hSession,privateKeyAttribs,privateKeyAttribsCount,phPrivateKey,OBJECT_OP_GENERATE);
+
+		// Store the attributes that are being supplied by the key generation to the object
+		if (rv == CKR_OK)
+		{
+			OSObject* osobject = (OSObject*)handleManager->getObject(*phPrivateKey);
+			if (osobject == NULL_PTR || !osobject->isValid()) {
+				rv = CKR_FUNCTION_FAILED;
+			} else if (osobject->startTransaction()) {
+				bool bOK = true;
+
+				// Common Key Attributes
+				bOK = bOK && osobject->setAttribute(CKA_LOCAL,true);
+				CK_ULONG ulKeyGenMechanism = (CK_ULONG)CKM_SLH_KEY_PAIR_GEN;
+				bOK = bOK && osobject->setAttribute(CKA_KEY_GEN_MECHANISM,ulKeyGenMechanism);
+
+				// Common Private Key Attributes
+				bool bAlwaysSensitive = osobject->getBooleanValue(CKA_SENSITIVE, false);
+				bOK = bOK && osobject->setAttribute(CKA_ALWAYS_SENSITIVE,bAlwaysSensitive);
+				bool bNeverExtractable = osobject->getBooleanValue(CKA_EXTRACTABLE, false) == false;
+				bOK = bOK && osobject->setAttribute(CKA_NEVER_EXTRACTABLE, bNeverExtractable);
+
+				// SLHDSA Private Key Attributes
+				ByteString group;
+				ByteString value;
+				if (isPrivateKeyPrivate)
+				{
+					token->encrypt(priv->getEC(), group);
+					token->encrypt(priv->getK(), value);
+				}
+				else
+				{
+					group = priv->getEC();
+					value = priv->getK();
+				}
+				bOK = bOK && osobject->setAttribute(CKA_SLHDSA_PARAMS, group);
+				bOK = bOK && osobject->setAttribute(CKA_VALUE, value);
+
+				if (bOK)
+					bOK = osobject->commitTransaction();
+				else
+					osobject->abortTransaction();
+
+				if (!bOK)
+					rv = CKR_FUNCTION_FAILED;
+			} else
+				rv = CKR_FUNCTION_FAILED;
+		}
+	}
+
+	// Clean up
+	ec->recycleKeyPair(kp);
+	CryptoFactory::i()->recycleAsymmetricAlgorithm(ec);
+
+	// Remove keys that may have been created already when the function fails.
+	if (rv != CKR_OK)
+	{
+		if (*phPrivateKey != CK_INVALID_HANDLE)
+		{
+			OSObject* ospriv = (OSObject*)handleManager->getObject(*phPrivateKey);
+			handleManager->destroyObject(*phPrivateKey);
+			if (ospriv) ospriv->destroyObject();
+			*phPrivateKey = CK_INVALID_HANDLE;
+		}
+
+		if (*phPublicKey != CK_INVALID_HANDLE)
+		{
+			OSObject* ospub = (OSObject*)handleManager->getObject(*phPublicKey);
+			handleManager->destroyObject(*phPublicKey);
+			if (ospub) ospub->destroyObject();
+			*phPublicKey = CK_INVALID_HANDLE;
+		}
+	}
+
+	return rv;
+}
+
 // Generate a DH key pair
 CK_RV SoftHSM::generateDH
 (CK_SESSION_HANDLE hSession,
@@ -12662,6 +13027,71 @@ CK_RV SoftHSM::getEDPublicKey(EDPublicKey* publicKey, Token* token, OSObject* ke
 	return CKR_OK;
 }
 
+CK_RV SoftHSM::getSLHPrivateKey(SLHPrivateKey* privateKey, Token* token, OSObject* key)
+{
+	if (privateKey == NULL) return CKR_ARGUMENTS_BAD;
+	if (token == NULL) return CKR_ARGUMENTS_BAD;
+	if (key == NULL) return CKR_ARGUMENTS_BAD;
+
+	// Get the CKA_PRIVATE attribute, when the attribute is not present use default false
+	bool isKeyPrivate = key->getBooleanValue(CKA_PRIVATE, false);
+
+	// SLHDSA Private Key Attributes
+	ByteString group;
+	ByteString value;
+	if (isKeyPrivate)
+	{
+		bool bOK = true;
+		bOK = bOK && token->decrypt(key->getByteStringValue(CKA_SLHDSA_PARAMS), group);
+		bOK = bOK && token->decrypt(key->getByteStringValue(CKA_VALUE), value);
+		if (!bOK)
+			return CKR_GENERAL_ERROR;
+	}
+	else
+	{
+		group = key->getByteStringValue(CKA_SLHDSA_PARAMS);
+		value = key->getByteStringValue(CKA_VALUE);
+	}
+
+	privateKey->setEC(group);
+	privateKey->setK(value);
+
+	return CKR_OK;
+}
+
+CK_RV SoftHSM::getSLHPublicKey(SLHPublicKey* publicKey, Token* token, OSObject* key)
+{
+	if (publicKey == NULL) return CKR_ARGUMENTS_BAD;
+	if (token == NULL) return CKR_ARGUMENTS_BAD;
+	if (key == NULL) return CKR_ARGUMENTS_BAD;
+
+	// Get the CKA_PRIVATE attribute, when the attribute is not present use default false
+	bool isKeyPrivate = key->getBooleanValue(CKA_PRIVATE, false);
+
+	// EC Public Key Attributes
+	ByteString group;
+	ByteString value;
+	if (isKeyPrivate)
+	{
+		bool bOK = true;
+		bOK = bOK && token->decrypt(key->getByteStringValue(CKA_SLHDSA_PARAMS), group);
+		bOK = bOK && token->decrypt(key->getByteStringValue(CKA_EC_POINT), value);
+		if (!bOK)
+			return CKR_GENERAL_ERROR;
+	}
+	else
+	{
+		group = key->getByteStringValue(CKA_SLHDSA_PARAMS);
+		value = key->getByteStringValue(CKA_EC_POINT);
+	}
+
+	publicKey->setEC(group);
+	publicKey->setA(value);
+
+	return CKR_OK;
+}
+
+
 CK_RV SoftHSM::getDHPrivateKey(DHPrivateKey* privateKey, Token* token, OSObject* key)
 {
 	if (privateKey == NULL) return CKR_ARGUMENTS_BAD;
diff --git a/src/lib/SoftHSM.h b/src/lib/SoftHSM.h
index 644686b2b..c7fdbdb88 100644
--- a/src/lib/SoftHSM.h
+++ b/src/lib/SoftHSM.h
@@ -48,6 +48,8 @@
 #include "ECPrivateKey.h"
 #include "EDPublicKey.h"
 #include "EDPrivateKey.h"
+#include "SLHPublicKey.h"
+#include "SLHPrivateKey.h"
 #include "DHPublicKey.h"
 #include "DHPrivateKey.h"
 #include "GOSTPublicKey.h"
@@ -313,6 +315,20 @@ class SoftHSM
 		CK_BBOOL isPrivateKeyOnToken,
 		CK_BBOOL isPrivateKeyPrivate
 	);
+	CK_RV generateSLH
+	(
+		CK_SESSION_HANDLE hSession,
+		CK_ATTRIBUTE_PTR pPublicKeyTemplate,
+		CK_ULONG ulPublicKeyAttributeCount,
+		CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
+		CK_ULONG ulPrivateKeyAttributeCount,
+		CK_OBJECT_HANDLE_PTR phPublicKey,
+		CK_OBJECT_HANDLE_PTR phPrivateKey,
+		CK_BBOOL isPublicKeyOnToken,
+		CK_BBOOL isPublicKeyPrivate,
+		CK_BBOOL isPrivateKeyOnToken,
+		CK_BBOOL isPrivateKeyPrivate
+	);
 	CK_RV generateDH
 	(
 		CK_SESSION_HANDLE hSession,
@@ -428,6 +444,8 @@ class SoftHSM
 	CK_RV getECPublicKey(ECPublicKey* publicKey, Token* token, OSObject* key);
 	CK_RV getEDPrivateKey(EDPrivateKey* privateKey, Token* token, OSObject* key);
 	CK_RV getEDPublicKey(EDPublicKey* publicKey, Token* token, OSObject* key);
+	CK_RV getSLHPrivateKey(SLHPrivateKey* privateKey, Token* token, OSObject* key);
+	CK_RV getSLHPublicKey(SLHPublicKey* publicKey, Token* token, OSObject* key);
 	CK_RV getDHPrivateKey(DHPrivateKey* privateKey, Token* token, OSObject* key);
 	CK_RV getDHPublicKey(DHPublicKey* publicKey, DHPrivateKey* privateKey, ByteString& pubParams);
 	CK_RV getECDHPublicKey(ECPublicKey* publicKey, ECPrivateKey* privateKey, ByteString& pubData);
diff --git a/src/lib/crypto/AsymmetricAlgorithm.h b/src/lib/crypto/AsymmetricAlgorithm.h
index 52519db65..9174dc1b7 100644
--- a/src/lib/crypto/AsymmetricAlgorithm.h
+++ b/src/lib/crypto/AsymmetricAlgorithm.h
@@ -53,7 +53,8 @@ struct AsymAlgo
 		ECDH,
 		ECDSA,
 		GOST,
-		EDDSA
+		EDDSA,
+		SLHDSA
         };
 };
 
@@ -92,7 +93,8 @@ struct AsymMech
 		ECDSA_SHA512,
 		GOST,
 		GOST_GOST,
-		EDDSA
+		EDDSA,
+		SLHDSA
 	};
 };
 
diff --git a/src/lib/crypto/CMakeLists.txt b/src/lib/crypto/CMakeLists.txt
index 4b7c22e65..3a60daf9e 100644
--- a/src/lib/crypto/CMakeLists.txt
+++ b/src/lib/crypto/CMakeLists.txt
@@ -24,6 +24,8 @@ set(SOURCES AESKey.cpp
             ECPublicKey.cpp
             EDPrivateKey.cpp
             EDPublicKey.cpp
+            SLHPrivateKey.cpp
+            SLHPublicKey.cpp
             GOSTPrivateKey.cpp
             GOSTPublicKey.cpp
             HashAlgorithm.cpp
@@ -58,6 +60,10 @@ if(WITH_OPENSSL)
                         OSSLEDKeyPair.cpp
                         OSSLEDPrivateKey.cpp
                         OSSLEDPublicKey.cpp
+                        OSSLSLHDSA.cpp
+                        OSSLSLHKeyPair.cpp
+                        OSSLSLHPrivateKey.cpp
+                        OSSLSLHPublicKey.cpp
                         OSSLEVPCMacAlgorithm.cpp
                         OSSLEVPHashAlgorithm.cpp
                         OSSLEVPMacAlgorithm.cpp
diff --git a/src/lib/crypto/Makefile.am b/src/lib/crypto/Makefile.am
index e23848fa2..8924294b1 100644
--- a/src/lib/crypto/Makefile.am
+++ b/src/lib/crypto/Makefile.am
@@ -24,6 +24,8 @@ libsofthsm_crypto_la_SOURCES =	AESKey.cpp \
 				ECPrivateKey.cpp \
 				EDPublicKey.cpp \
 				EDPrivateKey.cpp \
+				SLHPublicKey.cpp \
+				SLHPrivateKey.cpp \
 				GOSTPublicKey.cpp \
 				GOSTPrivateKey.cpp \
 				HashAlgorithm.cpp \
@@ -64,6 +66,10 @@ libsofthsm_crypto_la_SOURCES +=	OSSLAES.cpp \
 				OSSLEDKeyPair.cpp \
 				OSSLEDPrivateKey.cpp \
 				OSSLEDPublicKey.cpp \
+				OSSLSLHDSA.cpp \
+				OSSLSLHKeyPair.cpp \
+				OSSLSLHPrivateKey.cpp \
+				OSSLSLHPublicKey.cpp \
 				OSSLEVPHashAlgorithm.cpp \
 				OSSLEVPMacAlgorithm.cpp \
 				OSSLEVPCMacAlgorithm.cpp \
diff --git a/src/lib/crypto/OSSLCryptoFactory.cpp b/src/lib/crypto/OSSLCryptoFactory.cpp
index db22998ad..380187932 100644
--- a/src/lib/crypto/OSSLCryptoFactory.cpp
+++ b/src/lib/crypto/OSSLCryptoFactory.cpp
@@ -58,6 +58,9 @@
 #ifdef WITH_EDDSA
 #include "OSSLEDDSA.h"
 #endif
+#ifdef WITH_SLHDSA
+#include "OSSLSLHDSA.h"
+#endif
 
 #include <algorithm>
 #include <string.h>
@@ -347,6 +350,10 @@ AsymmetricAlgorithm* OSSLCryptoFactory::getAsymmetricAlgorithm(AsymAlgo::Type al
 #ifdef WITH_EDDSA
 		case AsymAlgo::EDDSA:
 			return new OSSLEDDSA();
+#endif
+#ifdef WITH_SLHDSA
+		case AsymAlgo::SLHDSA:
+			return new OSSLSLHDSA();
 #endif
 		default:
 			break;
diff --git a/src/lib/crypto/OSSLSLHDSA.cpp b/src/lib/crypto/OSSLSLHDSA.cpp
new file mode 100644
index 000000000..a69b5577f
--- /dev/null
+++ b/src/lib/crypto/OSSLSLHDSA.cpp
@@ -0,0 +1,495 @@
+/*
+ * Copyright (c) 2010 SURFnet bv
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+ * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+ * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*****************************************************************************
+ OSSLSLHDSA.cpp
+
+ OpenSSL SLHDSA asymmetric algorithm implementation
+ *****************************************************************************/
+
+#include "config.h"
+#ifdef WITH_SLHDSA
+#include "log.h"
+#include "OSSLSLHDSA.h"
+#include "CryptoFactory.h"
+#include "ECParameters.h"
+#include "OSSLSLHKeyPair.h"
+#include "OSSLComp.h"
+#include "OSSLUtil.h"
+#include <algorithm>
+#include <openssl/evp.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <string.h>
+
+// Signing functions
+bool OSSLSLHDSA::sign(PrivateKey* privateKey, const ByteString& dataToSign,
+		     ByteString& signature, const AsymMech::Type mechanism,
+		     const void* /* param = NULL */, const size_t /* paramLen = 0 */)
+{
+	if (mechanism != AsymMech::SLHDSA)
+	{
+		ERROR_MSG("Invalid mechanism supplied (%i)", mechanism);
+		return false;
+	}
+
+	// Check if the private key is the right type
+	if (!privateKey->isOfType(OSSLSLHPrivateKey::type))
+	{
+		ERROR_MSG("Invalid key type supplied");
+
+		return false;
+	}
+
+	OSSLSLHPrivateKey* pk = (OSSLSLHPrivateKey*) privateKey;
+	EVP_PKEY* pkey = pk->getOSSLKey();
+
+	if (pkey == NULL)
+	{
+		ERROR_MSG("Could not get the OpenSSL private key");
+
+		return false;
+	}
+
+	// Perform the signature operation
+	size_t len = pk->getOrderLength();
+	if (len == 0)
+	{
+		ERROR_MSG("Could not get the order length");
+		return false;
+	}
+	len *= 2;
+	signature.resize(len);
+	memset(&signature[0], 0, len);
+	EVP_MD_CTX* ctx = EVP_MD_CTX_new();
+	if (!EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey))
+	{
+		ERROR_MSG("SLHDSA sign init failed (0x%08X)", ERR_get_error());
+		EVP_MD_CTX_free(ctx);
+		return false;
+	}
+	if (!EVP_DigestSign(ctx, &signature[0], &len, dataToSign.const_byte_str(), dataToSign.size()))
+	{
+		ERROR_MSG("SLHDSA sign failed (0x%08X)", ERR_get_error());
+		EVP_MD_CTX_free(ctx);
+		return false;
+	}
+	EVP_MD_CTX_free(ctx);
+	return true;
+}
+
+bool OSSLSLHDSA::signInit(PrivateKey* /*privateKey*/, const AsymMech::Type /*mechanism*/,
+			 const void* /* param = NULL */, const size_t /* paramLen = 0 */)
+{
+	ERROR_MSG("SLHDSA does not support multi part signing");
+
+	return false;
+}
+
+bool OSSLSLHDSA::signUpdate(const ByteString& /*dataToSign*/)
+{
+	ERROR_MSG("SLHDSA does not support multi part signing");
+
+	return false;
+}
+
+bool OSSLSLHDSA::signFinal(ByteString& /*signature*/)
+{
+	ERROR_MSG("SLHDSA does not support multi part signing");
+
+	return false;
+}
+
+// Verification functions
+bool OSSLSLHDSA::verify(PublicKey* publicKey, const ByteString& originalData,
+		       const ByteString& signature, const AsymMech::Type mechanism,
+		       const void* /* param = NULL */, const size_t /* paramLen = 0 */)
+{
+	if (mechanism != AsymMech::SLHDSA)
+	{
+		ERROR_MSG("Invalid mechanism supplied (%i)", mechanism);
+		return false;
+	}
+
+	// Check if the private key is the right type
+	if (!publicKey->isOfType(OSSLSLHPublicKey::type))
+	{
+		ERROR_MSG("Invalid key type supplied");
+
+		return false;
+	}
+
+	OSSLSLHPublicKey* pk = (OSSLSLHPublicKey*) publicKey;
+	EVP_PKEY* pkey = pk->getOSSLKey();
+
+	if (pkey == NULL)
+	{
+		ERROR_MSG("Could not get the OpenSSL public key");
+
+		return false;
+	}
+
+	// Perform the verify operation
+	size_t len = pk->getOrderLength();
+	if (len == 0)
+	{
+		ERROR_MSG("Could not get the order length");
+		return false;
+	}
+	len *= 2;
+	if (signature.size() != len)
+	{
+		ERROR_MSG("Invalid buffer length");
+		return false;
+	}
+	EVP_MD_CTX* ctx = EVP_MD_CTX_new();
+	if (!EVP_DigestVerifyInit(ctx, NULL, NULL, NULL, pkey))
+	{
+		ERROR_MSG("SLHDSA verify init failed (0x%08X)", ERR_get_error());
+		EVP_MD_CTX_free(ctx);
+		return false;
+	}
+	int ret = EVP_DigestVerify(ctx, signature.const_byte_str(), len, originalData.const_byte_str(), originalData.size());
+	if (ret != 1)
+	{
+		if (ret < 0)
+			ERROR_MSG("SLHDSA verify failed (0x%08X)", ERR_get_error());
+		EVP_MD_CTX_free(ctx);
+		return false;
+	}
+	EVP_MD_CTX_free(ctx);
+	return true;
+}
+
+bool OSSLSLHDSA::verifyInit(PublicKey* /*publicKey*/, const AsymMech::Type /*mechanism*/,
+			   const void* /* param = NULL */, const size_t /* paramLen = 0 */)
+{
+	ERROR_MSG("SLHDSA does not support multi part verifying");
+
+	return false;
+}
+
+bool OSSLSLHDSA::verifyUpdate(const ByteString& /*originalData*/)
+{
+	ERROR_MSG("SLHDSA does not support multi part verifying");
+
+	return false;
+}
+
+bool OSSLSLHDSA::verifyFinal(const ByteString& /*signature*/)
+{
+	ERROR_MSG("SLHDSA does not support multi part verifying");
+
+	return false;
+}
+
+// Encryption functions
+bool OSSLSLHDSA::encrypt(PublicKey* /*publicKey*/, const ByteString& /*data*/,
+			ByteString& /*encryptedData*/, const AsymMech::Type /*padding*/)
+{
+	ERROR_MSG("SLHDSA does not support encryption");
+
+	return false;
+}
+
+// Decryption functions
+bool OSSLSLHDSA::decrypt(PrivateKey* /*privateKey*/, const ByteString& /*encryptedData*/,
+			ByteString& /*data*/, const AsymMech::Type /*padding*/)
+{
+	ERROR_MSG("SLHDSA does not support decryption");
+
+	return false;
+}
+
+// Key factory
+bool OSSLSLHDSA::generateKeyPair(AsymmetricKeyPair** ppKeyPair, AsymmetricParameters* parameters, RNG* /*rng = NULL */)
+{
+	// Check parameters
+	if ((ppKeyPair == NULL) ||
+	    (parameters == NULL))
+	{
+		return false;
+	}
+
+	if (!parameters->areOfType(ECParameters::type))
+	{
+		ERROR_MSG("Invalid parameters supplied for SLHDSA key generation");
+
+		return false;
+	}
+
+	ECParameters* params = (ECParameters*) parameters;
+	int nid = OSSL::byteString2oid(params->getEC());
+
+	// Generate the key-pair
+	EVP_PKEY* pkey = NULL;
+	EVP_PKEY_CTX* ctx = EVP_PKEY_CTX_new_id(nid, NULL);
+	if (ctx == NULL)
+	{
+		ERROR_MSG("Failed to instantiate OpenSSL SLHDSA context");
+
+		return false;
+	}
+	int ret = EVP_PKEY_keygen_init(ctx);
+	if (ret != 1)
+	{
+		ERROR_MSG("SLHDSA key generation init failed (0x%08X)", ERR_get_error());
+		EVP_PKEY_CTX_free(ctx);
+		return false;
+	}
+	ret = EVP_PKEY_keygen(ctx, &pkey);
+	if (ret != 1)
+	{
+		ERROR_MSG("SLHDSA key generation failed (0x%08X)", ERR_get_error());
+		EVP_PKEY_CTX_free(ctx);
+		return false;
+	}
+	EVP_PKEY_CTX_free(ctx);
+
+	// Create an asymmetric key-pair object to return
+	OSSLSLHKeyPair* kp = new OSSLSLHKeyPair();
+
+	((OSSLSLHPublicKey*) kp->getPublicKey())->setFromOSSL(pkey);
+	((OSSLSLHPrivateKey*) kp->getPrivateKey())->setFromOSSL(pkey);
+
+	*ppKeyPair = kp;
+
+	// Release the key
+	EVP_PKEY_free(pkey);
+
+	return true;
+}
+
+bool OSSLSLHDSA::deriveKey(SymmetricKey **ppSymmetricKey, PublicKey* publicKey, PrivateKey* privateKey)
+{
+	// Check parameters
+	if ((ppSymmetricKey == NULL) ||
+	    (publicKey == NULL) ||
+	    (privateKey == NULL))
+	{
+		return false;
+	}
+
+	// Get keys
+	EVP_PKEY *pub = ((OSSLSLHPublicKey *)publicKey)->getOSSLKey();
+	EVP_PKEY *priv = ((OSSLSLHPrivateKey *)privateKey)->getOSSLKey();
+	if (pub == NULL || priv == NULL)
+	{
+		ERROR_MSG("Failed to get OpenSSL ECDH keys");
+
+		return false;
+	}
+
+	// Get and set context
+	EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(priv, NULL);
+	if (ctx == NULL)
+	{
+		ERROR_MSG("Failed to get OpenSSL ECDH context");
+
+		return false;
+	}
+	if (EVP_PKEY_derive_init(ctx) <= 0)
+	{
+		ERROR_MSG("Failed to init OpenSSL key derive");
+
+		EVP_PKEY_CTX_free(ctx);
+		return false;
+	}
+	if (EVP_PKEY_derive_set_peer(ctx, pub) <= 0)
+	{
+		ERROR_MSG("Failed to set OpenSSL ECDH public key");
+
+		EVP_PKEY_CTX_free(ctx);
+		return false;
+	}
+
+	// Derive the secret
+	size_t len;
+	if (EVP_PKEY_derive(ctx, NULL, &len) <= 0)
+	{
+		ERROR_MSG("Failed to get OpenSSL ECDH key length");
+
+		EVP_PKEY_CTX_free(ctx);
+		return false;
+	}
+	ByteString secret;
+	secret.resize(len);
+	if (EVP_PKEY_derive(ctx, &secret[0], &len) <= 0)
+	{
+		ERROR_MSG("Failed to derive OpenSSL ECDH secret");
+
+		EVP_PKEY_CTX_free(ctx);
+		return false;
+	}
+	EVP_PKEY_CTX_free(ctx);
+
+	// Create derived key
+	*ppSymmetricKey = new SymmetricKey(secret.size() * 8);
+	if (*ppSymmetricKey == NULL)
+		return false;
+	if (!(*ppSymmetricKey)->setKeyBits(secret))
+	{
+		delete *ppSymmetricKey;
+		*ppSymmetricKey = NULL;
+		return false;
+	}
+
+	return true;
+}
+
+unsigned long OSSLSLHDSA::getMinKeySize()
+{
+	// Ed25519 is supported
+	return 255;
+}
+
+unsigned long OSSLSLHDSA::getMaxKeySize()
+{
+	// Ed448 is supported
+	return 448;
+}
+
+bool OSSLSLHDSA::reconstructKeyPair(AsymmetricKeyPair** ppKeyPair, ByteString& serialisedData)
+{
+	// Check input
+	if ((ppKeyPair == NULL) ||
+	    (serialisedData.size() == 0))
+	{
+		return false;
+	}
+
+	ByteString dPub = ByteString::chainDeserialise(serialisedData);
+	ByteString dPriv = ByteString::chainDeserialise(serialisedData);
+
+	OSSLSLHKeyPair* kp = new OSSLSLHKeyPair();
+
+	bool rv = true;
+
+	if (!((SLHPublicKey*) kp->getPublicKey())->deserialise(dPub))
+	{
+		rv = false;
+	}
+
+	if (!((SLHPrivateKey*) kp->getPrivateKey())->deserialise(dPriv))
+	{
+		rv = false;
+	}
+
+	if (!rv)
+	{
+		delete kp;
+
+		return false;
+	}
+
+	*ppKeyPair = kp;
+
+	return true;
+}
+
+bool OSSLSLHDSA::reconstructPublicKey(PublicKey** ppPublicKey, ByteString& serialisedData)
+{
+	// Check input
+	if ((ppPublicKey == NULL) ||
+	    (serialisedData.size() == 0))
+	{
+		return false;
+	}
+
+	OSSLSLHPublicKey* pub = new OSSLSLHPublicKey();
+
+	if (!pub->deserialise(serialisedData))
+	{
+		delete pub;
+
+		return false;
+	}
+
+	*ppPublicKey = pub;
+
+	return true;
+}
+
+bool OSSLSLHDSA::reconstructPrivateKey(PrivateKey** ppPrivateKey, ByteString& serialisedData)
+{
+	// Check input
+	if ((ppPrivateKey == NULL) ||
+	    (serialisedData.size() == 0))
+	{
+		return false;
+	}
+
+	OSSLSLHPrivateKey* priv = new OSSLSLHPrivateKey();
+
+	if (!priv->deserialise(serialisedData))
+	{
+		delete priv;
+
+		return false;
+	}
+
+	*ppPrivateKey = priv;
+
+	return true;
+}
+
+PublicKey* OSSLSLHDSA::newPublicKey()
+{
+	return (PublicKey*) new OSSLSLHPublicKey();
+}
+
+PrivateKey* OSSLSLHDSA::newPrivateKey()
+{
+	return (PrivateKey*) new OSSLSLHPrivateKey();
+}
+
+AsymmetricParameters* OSSLSLHDSA::newParameters()
+{
+	return (AsymmetricParameters*) new ECParameters();
+}
+
+bool OSSLSLHDSA::reconstructParameters(AsymmetricParameters** ppParams, ByteString& serialisedData)
+{
+	// Check input parameters
+	if ((ppParams == NULL) || (serialisedData.size() == 0))
+	{
+		return false;
+	}
+
+	ECParameters* params = new ECParameters();
+
+	if (!params->deserialise(serialisedData))
+	{
+		delete params;
+
+		return false;
+	}
+
+	*ppParams = params;
+
+	return true;
+}
+#endif
diff --git a/src/lib/crypto/OSSLSLHDSA.h b/src/lib/crypto/OSSLSLHDSA.h
new file mode 100644
index 000000000..19b56c7ae
--- /dev/null
+++ b/src/lib/crypto/OSSLSLHDSA.h
@@ -0,0 +1,81 @@
+/*
+ * Copyright (c) 2010 SURFnet bv
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+ * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+ * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*****************************************************************************
+ OSSLSLHDSA.h
+
+ OpenSSL SLHDSA asymmetric algorithm implementation
+ *****************************************************************************/
+
+#ifndef _SOFTHSM_V2_OSSLSLHDSA_H
+#define _SOFTHSM_V2_OSSLSLHDSA_H
+
+#include "config.h"
+#include "AsymmetricAlgorithm.h"
+#include <openssl/evp.h>
+
+class OSSLSLHDSA : public AsymmetricAlgorithm
+{
+public:
+	// Destructor
+	virtual ~OSSLSLHDSA() { }
+
+	// Signing functions
+	virtual bool sign(PrivateKey* privateKey, const ByteString& dataToSign, ByteString& signature, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0);
+	virtual bool signInit(PrivateKey* privateKey, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0);
+	virtual bool signUpdate(const ByteString& dataToSign);
+	virtual bool signFinal(ByteString& signature);
+
+	// Verification functions
+	virtual bool verify(PublicKey* publicKey, const ByteString& originalData, const ByteString& signature, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0);
+	virtual bool verifyInit(PublicKey* publicKey, const AsymMech::Type mechanism, const void* param = NULL, const size_t paramLen = 0);
+	virtual bool verifyUpdate(const ByteString& originalData);
+	virtual bool verifyFinal(const ByteString& signature);
+
+	// Encryption functions
+	virtual bool encrypt(PublicKey* publicKey, const ByteString& data, ByteString& encryptedData, const AsymMech::Type padding);
+
+	// Decryption functions
+	virtual bool decrypt(PrivateKey* privateKey, const ByteString& encryptedData, ByteString& data, const AsymMech::Type padding);
+
+	// Key factory
+	virtual bool generateKeyPair(AsymmetricKeyPair** ppKeyPair, AsymmetricParameters* parameters, RNG* rng = NULL);
+	virtual unsigned long getMinKeySize();
+	virtual unsigned long getMaxKeySize();
+	virtual bool deriveKey(SymmetricKey **ppSymmetricKey, PublicKey* publicKey, PrivateKey* privateKey);
+	virtual bool reconstructKeyPair(AsymmetricKeyPair** ppKeyPair, ByteString& serialisedData);
+	virtual bool reconstructPublicKey(PublicKey** ppPublicKey, ByteString& serialisedData);
+	virtual bool reconstructPrivateKey(PrivateKey** ppPrivateKey, ByteString& serialisedData);
+	virtual bool reconstructParameters(AsymmetricParameters** ppParams, ByteString& serialisedData);
+	virtual PublicKey* newPublicKey();
+	virtual PrivateKey* newPrivateKey();
+	virtual AsymmetricParameters* newParameters();
+
+private:
+};
+
+#endif // !_SOFTHSM_V2_OSSLSLHDSA_H
+
diff --git a/src/lib/crypto/OSSLSLHKeyPair.cpp b/src/lib/crypto/OSSLSLHKeyPair.cpp
new file mode 100644
index 000000000..bae48efa8
--- /dev/null
+++ b/src/lib/crypto/OSSLSLHKeyPair.cpp
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) 2010 SURFnet bv
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+ * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+ * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*****************************************************************************
+ OSSLSLHKeyPair.cpp
+
+ OpenSSL SLHDSA key-pair class
+ *****************************************************************************/
+
+#include "config.h"
+#ifdef WITH_SLHDSA
+#include "log.h"
+#include "OSSLSLHKeyPair.h"
+
+// Set the public key
+void OSSLSLHKeyPair::setPublicKey(OSSLSLHPublicKey& publicKey)
+{
+	pubKey = publicKey;
+}
+
+// Set the private key
+void OSSLSLHKeyPair::setPrivateKey(OSSLSLHPrivateKey& privateKey)
+{
+	privKey = privateKey;
+}
+
+// Return the public key
+PublicKey* OSSLSLHKeyPair::getPublicKey()
+{
+	return &pubKey;
+}
+
+const PublicKey* OSSLSLHKeyPair::getConstPublicKey() const
+{
+	return &pubKey;
+}
+
+// Return the private key
+PrivateKey* OSSLSLHKeyPair::getPrivateKey()
+{
+	return &privKey;
+}
+
+const PrivateKey* OSSLSLHKeyPair::getConstPrivateKey() const
+{
+	return &privKey;
+}
+#endif
diff --git a/src/lib/crypto/OSSLSLHKeyPair.h b/src/lib/crypto/OSSLSLHKeyPair.h
new file mode 100644
index 000000000..e560cfba8
--- /dev/null
+++ b/src/lib/crypto/OSSLSLHKeyPair.h
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 2010 SURFnet bv
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+ * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+ * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*****************************************************************************
+ OSSLSLHKeyPair.h
+
+ OpenSSL SLHDSA key-pair class
+ *****************************************************************************/
+
+#ifndef _SOFTHSM_V2_OSSLSLHKEYPAIR_H
+#define _SOFTHSM_V2_OSSLSLHKEYPAIR_H
+
+#include "config.h"
+#include "AsymmetricKeyPair.h"
+#include "OSSLSLHPublicKey.h"
+#include "OSSLSLHPrivateKey.h"
+
+class OSSLSLHKeyPair : public AsymmetricKeyPair
+{
+public:
+	// Set the public key
+	void setPublicKey(OSSLSLHPublicKey& publicKey);
+
+	// Set the private key
+	void setPrivateKey(OSSLSLHPrivateKey& privateKey);
+
+	// Return the public key
+	virtual PublicKey* getPublicKey();
+	virtual const PublicKey* getConstPublicKey() const;
+
+	// Return the private key
+	virtual PrivateKey* getPrivateKey();
+	virtual const PrivateKey* getConstPrivateKey() const;
+
+private:
+	// The public key
+	OSSLSLHPublicKey pubKey;
+
+	// The private key
+	OSSLSLHPrivateKey privKey;
+};
+
+#endif // !_SOFTHSM_V2_OSSLSLHKEYPAIR_H
+
diff --git a/src/lib/crypto/OSSLSLHPrivateKey.cpp b/src/lib/crypto/OSSLSLHPrivateKey.cpp
new file mode 100644
index 000000000..d7f1a2fb2
--- /dev/null
+++ b/src/lib/crypto/OSSLSLHPrivateKey.cpp
@@ -0,0 +1,290 @@
+/*
+ * Copyright (c) 2010 SURFnet bv
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+ * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+ * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*****************************************************************************
+ OSSLSLHPrivateKey.cpp
+
+ OpenSSL SLHDSA private key class
+ *****************************************************************************/
+
+#include "config.h"
+#ifdef WITH_SLHDSA
+#include "log.h"
+#include "OSSLSLHPrivateKey.h"
+#include "OSSLUtil.h"
+#include <openssl/x509.h>
+
+#define X25519_KEYLEN	32
+#define X448_KEYLEN	56
+#define ED448_KEYLEN	57
+
+#define PREFIXLEN	16
+
+// Prefixes
+const unsigned char x25519_prefix[] = {
+	0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06,
+	0x03, 0x2b, 0x65, 0x6e, 0x04, 0x22, 0x04, 0x20
+};
+
+const unsigned char x448_prefix[] = {
+	0x30, 0x46, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06,
+	0x03, 0x2b, 0x65, 0x6f, 0x04, 0x3a, 0x04, 0x38
+};
+
+const unsigned char ed25519_prefix[] = {
+	0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06,
+	0x03, 0x2b, 0x65, 0x70, 0x04, 0x22, 0x04, 0x20
+};
+
+const unsigned char ed448_prefix[] = {
+	0x30, 0x47, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06,
+	0x03, 0x2b, 0x65, 0x71, 0x04, 0x3b, 0x04, 0x39
+};
+
+// Constructors
+OSSLSLHPrivateKey::OSSLSLHPrivateKey()
+{
+	nid = NID_undef;
+	pkey = NULL;
+}
+
+OSSLSLHPrivateKey::OSSLSLHPrivateKey(const EVP_PKEY* inPKEY)
+{
+	nid = NID_undef;
+	pkey = NULL;
+
+	setFromOSSL(inPKEY);
+}
+
+// Destructor
+OSSLSLHPrivateKey::~OSSLSLHPrivateKey()
+{
+	EVP_PKEY_free(pkey);
+}
+
+// The type
+/*static*/ const char* OSSLSLHPrivateKey::type = "OpenSSL SLHDSA Private Key";
+
+// Get the base point order length
+unsigned long OSSLSLHPrivateKey::getOrderLength() const
+{
+	if (nid == NID_ED25519)
+		return X25519_KEYLEN;
+	if (nid == NID_ED448)
+		return ED448_KEYLEN;
+	return 0;
+}
+
+// Set from OpenSSL representation
+void OSSLSLHPrivateKey::setFromOSSL(const EVP_PKEY* inPKEY)
+{
+	nid = EVP_PKEY_id(inPKEY);
+	if (nid == NID_undef)
+	{
+		return;
+	}
+	ByteString inEC = OSSL::oid2ByteString(nid);
+	SLHPrivateKey::setEC(inEC);
+
+	// i2d_PrivateKey incorrectly does not const the key argument?!
+	EVP_PKEY* key = const_cast<EVP_PKEY*>(inPKEY);
+	int len = i2d_PrivateKey(key, NULL);
+	if (len <= 0)
+	{
+		ERROR_MSG("Could not encode SLHDSA private key");
+		return;
+	}
+	ByteString der;
+	der.resize(len);
+	unsigned char *p = &der[0];
+	i2d_PrivateKey(key, &p);
+	ByteString inK;
+	switch (nid) {
+	case NID_X25519:
+	case NID_ED25519:
+		if (len != (X25519_KEYLEN + PREFIXLEN))
+		{
+			ERROR_MSG("Invalid size. Expected: %lu, Actual: %lu", X25519_KEYLEN + PREFIXLEN, len);
+			return;
+		}
+		inK.resize(X25519_KEYLEN);
+		memcpy(&inK[0], &der[PREFIXLEN], X25519_KEYLEN);
+		break;
+	case NID_X448:
+		if (len != (X448_KEYLEN + PREFIXLEN))
+		{
+			ERROR_MSG("Invalid size. Expected: %lu, Actual: %lu", X448_KEYLEN + PREFIXLEN, len);
+			return;
+		}
+		inK.resize(X448_KEYLEN);
+		memcpy(&inK[0], &der[PREFIXLEN], X448_KEYLEN);
+		break;
+	case NID_ED448:
+		if (len != (ED448_KEYLEN + PREFIXLEN))
+		{
+			ERROR_MSG("Invalid size. Expected: %lu, Actual: %lu", ED448_KEYLEN + PREFIXLEN, len);
+			return;
+		}
+		inK.resize(ED448_KEYLEN);
+		memcpy(&inK[0], &der[PREFIXLEN], ED448_KEYLEN);
+		break;
+	default:
+		return;
+	}
+	setK(inK);
+}
+
+// Check if the key is of the given type
+bool OSSLSLHPrivateKey::isOfType(const char* inType)
+{
+	return !strcmp(type, inType);
+}
+
+// Setters for the SLHDSA private key components
+void OSSLSLHPrivateKey::setK(const ByteString& inK)
+{
+	SLHPrivateKey::setK(inK);
+
+	if (pkey)
+	{
+		EVP_PKEY_free(pkey);
+		pkey = NULL;
+	}
+}
+
+
+// Setters for the SLHDSA public key components
+void OSSLSLHPrivateKey::setEC(const ByteString& inEC)
+{
+	SLHPrivateKey::setEC(inEC);
+
+	nid = OSSL::byteString2oid(inEC);
+	if (pkey)
+	{
+		EVP_PKEY_free(pkey);
+		pkey = NULL;
+	}
+}
+
+// Encode into PKCS#8 DER
+ByteString OSSLSLHPrivateKey::PKCS8Encode()
+{
+	ByteString der;
+	EVP_PKEY* key = getOSSLKey();
+	if (key == NULL) return der;
+	PKCS8_PRIV_KEY_INFO* p8 = EVP_PKEY2PKCS8(key);
+	if (p8 == NULL) return der;
+	int len = i2d_PKCS8_PRIV_KEY_INFO(p8, NULL);
+	if (len <= 0)
+	{
+		PKCS8_PRIV_KEY_INFO_free(p8);
+		return der;
+	}
+	der.resize(len);
+	unsigned char* p = &der[0];
+	i2d_PKCS8_PRIV_KEY_INFO(p8, &p);
+	PKCS8_PRIV_KEY_INFO_free(p8);
+	return der;
+}
+
+// Decode from PKCS#8 BER
+bool OSSLSLHPrivateKey::PKCS8Decode(const ByteString& ber)
+{
+	int len = ber.size();
+	if (len <= 0) return false;
+	const unsigned char* p = ber.const_byte_str();
+	PKCS8_PRIV_KEY_INFO* p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);
+	if (p8 == NULL) return false;
+	EVP_PKEY* key = EVP_PKCS82PKEY(p8);
+	PKCS8_PRIV_KEY_INFO_free(p8);
+	if (key == NULL) return false;
+	setFromOSSL(key);
+	EVP_PKEY_free(key);
+	return true;
+}
+
+// Retrieve the OpenSSL representation of the key
+EVP_PKEY* OSSLSLHPrivateKey::getOSSLKey()
+{
+	if (pkey == NULL) createOSSLKey();
+
+	return pkey;
+}
+
+// Create the OpenSSL representation of the key
+void OSSLSLHPrivateKey::createOSSLKey()
+{
+	if (pkey != NULL) return;
+
+	ByteString der;
+	switch (nid) {
+	case NID_X25519:
+		if (k.size() != X25519_KEYLEN)
+		{
+			ERROR_MSG("Invalid size. Expected: %lu, Actual: %lu", X25519_KEYLEN, k.size());
+			return;
+		}
+		der.resize(PREFIXLEN + X25519_KEYLEN);
+		memcpy(&der[0], x25519_prefix, PREFIXLEN);
+		memcpy(&der[PREFIXLEN], k.const_byte_str(), X25519_KEYLEN);
+		break;
+	case NID_ED25519:
+		if (k.size() != X25519_KEYLEN)
+		{
+			ERROR_MSG("Invalid size. Expected: %lu, Actual: %lu", X25519_KEYLEN, k.size());
+			return;
+		}
+		der.resize(PREFIXLEN + X25519_KEYLEN);
+		memcpy(&der[0], ed25519_prefix, PREFIXLEN);
+		memcpy(&der[PREFIXLEN], k.const_byte_str(), X25519_KEYLEN);
+		break;
+	case NID_X448:
+		if (k.size() != X448_KEYLEN)
+		{
+			ERROR_MSG("Invalid size. Expected: %lu, Actual: %lu", X448_KEYLEN, k.size());
+			return;
+		}
+		der.resize(PREFIXLEN + X448_KEYLEN);
+		memcpy(&der[0], x448_prefix, PREFIXLEN);
+		memcpy(&der[PREFIXLEN], k.const_byte_str(), X448_KEYLEN);
+		break;
+	case NID_ED448:
+		if (k.size() != ED448_KEYLEN)
+		{
+			ERROR_MSG("Invalid size. Expected: %lu, Actual: %lu", ED448_KEYLEN, k.size());
+			return;
+		}
+		der.resize(PREFIXLEN + ED448_KEYLEN);
+		memcpy(&der[0], ed448_prefix, PREFIXLEN);
+		memcpy(&der[PREFIXLEN], k.const_byte_str(), ED448_KEYLEN);
+		break;
+	default:
+		return;
+	}
+	const unsigned char *p = &der[0];
+	pkey = d2i_PrivateKey(nid, NULL, &p, (long)der.size());
+}
+#endif
diff --git a/src/lib/crypto/OSSLSLHPrivateKey.h b/src/lib/crypto/OSSLSLHPrivateKey.h
new file mode 100644
index 000000000..9419abbda
--- /dev/null
+++ b/src/lib/crypto/OSSLSLHPrivateKey.h
@@ -0,0 +1,89 @@
+/*
+ * Copyright (c) 2010 SURFnet bv
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+ * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+ * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*****************************************************************************
+ OSSLSLHPrivateKey.h
+
+ OpenSSL SLHDSA private key class
+ *****************************************************************************/
+
+#ifndef _SOFTHSM_V2_OSSLSLHPRIVATEKEY_H
+#define _SOFTHSM_V2_OSSLSLHPRIVATEKEY_H
+
+#include "config.h"
+#include "SLHPrivateKey.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+
+class OSSLSLHPrivateKey : public SLHPrivateKey
+{
+public:
+	// Constructors
+	OSSLSLHPrivateKey();
+
+	OSSLSLHPrivateKey(const EVP_PKEY* inPKEY);
+
+	// Destructor
+	virtual ~OSSLSLHPrivateKey();
+
+	// The type
+	static const char* type;
+
+	// Check if the key is of the given type
+	virtual bool isOfType(const char* inType);
+
+	// Get the base point order length
+	virtual unsigned long getOrderLength() const;
+
+	// Setters for the SLHDSA private key components
+	virtual void setK(const ByteString& inK);
+
+	// Setters for the SLHDSA public key components
+	virtual void setEC(const ByteString& inEC);
+
+	// Encode into PKCS#8 DER
+	virtual ByteString PKCS8Encode();
+
+	// Decode from PKCS#8 BER
+	virtual bool PKCS8Decode(const ByteString& ber);
+
+	// Set from OpenSSL representation
+	virtual void setFromOSSL(const EVP_PKEY* inPKEY);
+
+	// Retrieve the OpenSSL representation of the key
+	EVP_PKEY* getOSSLKey();
+
+private:
+	// The internal OpenSSL representation
+	int nid;
+	EVP_PKEY* pkey;
+
+	// Create the OpenSSL representation of the key
+	void createOSSLKey();
+};
+
+#endif // !_SOFTHSM_V2_OSSLSLHPRIVATEKEY_H
+
diff --git a/src/lib/crypto/OSSLSLHPublicKey.cpp b/src/lib/crypto/OSSLSLHPublicKey.cpp
new file mode 100644
index 000000000..cc71d1b7b
--- /dev/null
+++ b/src/lib/crypto/OSSLSLHPublicKey.cpp
@@ -0,0 +1,258 @@
+/*
+ * Copyright (c) 2010 SURFnet bv
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+ * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+ * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*****************************************************************************
+ OSSLSLHPublicKey.cpp
+
+ OpenSSL SLHDSA public key class
+ *****************************************************************************/
+
+#include "config.h"
+#ifdef WITH_SLHDSA
+#include "log.h"
+#include "DerUtil.h"
+#include "OSSLSLHPublicKey.h"
+#include "OSSLUtil.h"
+#include <openssl/x509.h>
+#include <string.h>
+
+#define X25519_KEYLEN	32
+#define X448_KEYLEN	56
+#define ED448_KEYLEN	57
+
+#define PREFIXLEN	12
+
+// Prefixes
+const unsigned char x25519_prefix[] = {
+	0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
+	0x6e, 0x03, 0x21, 0x00
+};
+
+const unsigned char x448_prefix[] = {
+	0x30, 0x42, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
+	0x6f, 0x03, 0x39, 0x00
+};
+
+const unsigned char ed25519_prefix[] = {
+	0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
+	0x70, 0x03, 0x21, 0x00
+};
+
+const unsigned char ed448_prefix[] = {
+	0x30, 0x43, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
+	0x71, 0x03, 0x3a, 0x00
+};
+
+// Constructors
+OSSLSLHPublicKey::OSSLSLHPublicKey()
+{
+	nid = NID_undef;
+	pkey = NULL;
+}
+
+OSSLSLHPublicKey::OSSLSLHPublicKey(const EVP_PKEY* inPKEY)
+{
+	nid = NID_undef;
+	pkey = NULL;
+
+	setFromOSSL(inPKEY);
+}
+
+// Destructor
+OSSLSLHPublicKey::~OSSLSLHPublicKey()
+{
+	EVP_PKEY_free(pkey);
+}
+
+// The type
+/*static*/ const char* OSSLSLHPublicKey::type = "OpenSSL SLHDSA Public Key";
+
+// Get the base point order length
+unsigned long OSSLSLHPublicKey::getOrderLength() const
+{
+	if (nid == NID_ED25519)
+		return X25519_KEYLEN;
+	if (nid == NID_ED448)
+		return ED448_KEYLEN;
+	return 0;
+}
+
+// Set from OpenSSL representation
+void OSSLSLHPublicKey::setFromOSSL(const EVP_PKEY* inPKEY)
+{
+	nid = EVP_PKEY_id(inPKEY);
+	if (nid == NID_undef)
+	{
+		return;
+	}
+	ByteString inEC = OSSL::oid2ByteString(nid);
+	SLHPublicKey::setEC(inEC);
+
+	// i2d_PUBKEY incorrectly does not const the key argument?!
+        EVP_PKEY* key = const_cast<EVP_PKEY*>(inPKEY);
+	int len = i2d_PUBKEY(key, NULL);
+	if (len <= 0)
+	{
+		ERROR_MSG("Could not encode SLHDSA public key");
+		return;
+	}
+	ByteString der;
+	der.resize(len);
+	unsigned char *p = &der[0];
+	i2d_PUBKEY(key, &p);
+	ByteString raw;
+	switch (nid) {
+	case NID_X25519:
+	case NID_ED25519:
+		if (len != (X25519_KEYLEN + PREFIXLEN))
+		{
+			ERROR_MSG("Invalid size. Expected: %lu, Actual: %lu", X25519_KEYLEN + PREFIXLEN, len);
+			return;
+		}
+		raw.resize(X25519_KEYLEN);
+		memcpy(&raw[0], &der[PREFIXLEN], X25519_KEYLEN);
+		break;
+	case NID_X448:
+		if (len != (X448_KEYLEN + PREFIXLEN))
+		{
+			ERROR_MSG("Invalid size. Expected: %lu, Actual: %lu", X448_KEYLEN + PREFIXLEN, len);
+			return;
+		}
+		raw.resize(X448_KEYLEN);
+		memcpy(&raw[0], &der[PREFIXLEN], X448_KEYLEN);
+		break;
+	case NID_ED448:
+		if (len != (ED448_KEYLEN + PREFIXLEN))
+		{
+			ERROR_MSG("Invalid size. Expected: %lu, Actual: %lu",
+				  ED448_KEYLEN + PREFIXLEN, len);
+			return;
+		}
+		raw.resize(ED448_KEYLEN);
+		memcpy(&raw[0], &der[PREFIXLEN], ED448_KEYLEN);
+		break;
+	default:
+		return;
+	}
+	setA(DERUTIL::raw2Octet(raw));
+}
+
+// Check if the key is of the given type
+bool OSSLSLHPublicKey::isOfType(const char* inType)
+{
+	return !strcmp(type, inType);
+}
+
+// Setters for the SLHDSA public key components
+void OSSLSLHPublicKey::setEC(const ByteString& inEC)
+{
+	SLHPublicKey::setEC(inEC);
+
+	nid = OSSL::byteString2oid(inEC);
+	if (pkey)
+	{
+		EVP_PKEY_free(pkey);
+		pkey = NULL;
+	}
+}
+
+void OSSLSLHPublicKey::setA(const ByteString& inA)
+{
+	SLHPublicKey::setA(inA);
+
+	if (pkey)
+	{
+		EVP_PKEY_free(pkey);
+		pkey = NULL;
+	}
+}
+
+// Retrieve the OpenSSL representation of the key
+EVP_PKEY* OSSLSLHPublicKey::getOSSLKey()
+{
+	if (pkey == NULL) createOSSLKey();
+
+	return pkey;
+}
+
+// Create the OpenSSL representation of the key
+void OSSLSLHPublicKey::createOSSLKey()
+{
+	if (pkey != NULL) return;
+
+	ByteString der;
+	ByteString raw = DERUTIL::octet2Raw(a);
+	size_t len = raw.size();
+	if (len == 0) return;
+
+	switch (nid) {
+	case NID_X25519:
+		if (len != X25519_KEYLEN)
+		{
+			ERROR_MSG("Invalid size. Expected: %lu, Actual: %lu", X25519_KEYLEN, len);
+			return;
+		}
+		der.resize(PREFIXLEN + X25519_KEYLEN);
+		memcpy(&der[0], x25519_prefix, PREFIXLEN);
+		memcpy(&der[PREFIXLEN], raw.const_byte_str(), X25519_KEYLEN);
+		break;
+	case NID_ED25519:
+		if (len != X25519_KEYLEN)
+		{
+			ERROR_MSG("Invalid size. Expected: %lu, Actual: %lu", X25519_KEYLEN, len);
+			return;
+		}
+		der.resize(PREFIXLEN + X25519_KEYLEN);
+		memcpy(&der[0], ed25519_prefix, PREFIXLEN);
+		memcpy(&der[PREFIXLEN], raw.const_byte_str(), X25519_KEYLEN);
+		break;
+	case NID_X448:
+		if (len != X448_KEYLEN)
+		{
+			ERROR_MSG("Invalid size. Expected: %lu, Actual: %lu", X448_KEYLEN, len);
+			return;
+		}
+		der.resize(PREFIXLEN + X448_KEYLEN);
+		memcpy(&der[0], x448_prefix, PREFIXLEN);
+		memcpy(&der[PREFIXLEN], raw.const_byte_str(), X448_KEYLEN);
+		break;
+	case NID_ED448:
+		if (len != ED448_KEYLEN)
+		{
+			ERROR_MSG("Invalid size. Expected: %lu, Actual: %lu", ED448_KEYLEN, len);
+			return;
+		}
+		der.resize(PREFIXLEN + ED448_KEYLEN);
+		memcpy(&der[0], ed448_prefix, PREFIXLEN);
+		memcpy(&der[PREFIXLEN], raw.const_byte_str(), ED448_KEYLEN);
+		break;
+	default:
+		return;
+	}
+	const unsigned char *p = &der[0];
+	pkey = d2i_PUBKEY(NULL, &p, (long)der.size());
+}
+#endif
diff --git a/src/lib/crypto/OSSLSLHPublicKey.h b/src/lib/crypto/OSSLSLHPublicKey.h
new file mode 100644
index 000000000..3512952de
--- /dev/null
+++ b/src/lib/crypto/OSSLSLHPublicKey.h
@@ -0,0 +1,80 @@
+/*
+ * Copyright (c) 2010 SURFnet bv
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+ * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+ * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*****************************************************************************
+ OSSLSLHPublicKey.h
+
+ OpenSSL SLHDSA public key class
+ *****************************************************************************/
+
+#ifndef _SOFTHSM_V2_OSSLSLHPUBLICKEY_H
+#define _SOFTHSM_V2_OSSLSLHPUBLICKEY_H
+
+#include "config.h"
+#include "SLHPublicKey.h"
+#include <openssl/evp.h>
+
+class OSSLSLHPublicKey : public SLHPublicKey
+{
+public:
+	// Constructors
+	OSSLSLHPublicKey();
+
+	OSSLSLHPublicKey(const EVP_PKEY* inPKEY);
+
+	// Destructor
+	virtual ~OSSLSLHPublicKey();
+
+	// The type
+	static const char* type;
+
+	// Check if the key is of the given type
+	virtual bool isOfType(const char* inType);
+
+	// Get the base point order length
+	virtual unsigned long getOrderLength() const;
+
+	// Setters for the SLHDSA public key components
+	virtual void setEC(const ByteString& inEC);
+	virtual void setA(const ByteString& inA);
+
+	// Set from OpenSSL representation
+	virtual void setFromOSSL(const EVP_PKEY* inPKEY);
+
+	// Retrieve the OpenSSL representation of the key
+	EVP_PKEY* getOSSLKey();
+
+private:
+	// The internal OpenSSL representation
+	int nid;
+	EVP_PKEY* pkey;
+
+	// Create the OpenSSL representation of the key
+	void createOSSLKey();
+};
+
+#endif // !_SOFTHSM_V2_OSSLDSAPUBLICKEY_H
+
diff --git a/src/lib/crypto/OSSLUtil.cpp b/src/lib/crypto/OSSLUtil.cpp
index 794f80e3e..bf13b1f7f 100644
--- a/src/lib/crypto/OSSLUtil.cpp
+++ b/src/lib/crypto/OSSLUtil.cpp
@@ -118,7 +118,7 @@ EC_POINT* OSSL::byteString2pt(const ByteString& byteString, const EC_GROUP* grp)
 }
 #endif
 
-#ifdef WITH_EDDSA
+#if defined(WITH_EDDSA) || defined(WITH_SLHDSA)
 // Convert an OpenSSL NID to a ByteString
 ByteString OSSL::oid2ByteString(int nid)
 {
diff --git a/src/lib/crypto/OSSLUtil.h b/src/lib/crypto/OSSLUtil.h
index 7b86c50e8..2ec7d6f40 100644
--- a/src/lib/crypto/OSSLUtil.h
+++ b/src/lib/crypto/OSSLUtil.h
@@ -39,7 +39,7 @@
 #ifdef WITH_ECC
 #include <openssl/ec.h>
 #endif
-#ifdef WITH_EDDSA
+#if defined(WITH_EDDSA) || defined(WITH_SLHDSA)
 #include <openssl/objects.h>
 #endif
 
@@ -65,7 +65,7 @@ namespace OSSL
 	EC_POINT* byteString2pt(const ByteString& byteString, const EC_GROUP* grp);
 #endif
 
-#ifdef WITH_EDDSA
+#if defined(WITH_EDDSA) || defined(WITH_SLHDSA)
 	// Convert an OpenSSL NID to a ByteString
 	ByteString oid2ByteString(int nid);
 
diff --git a/src/lib/crypto/SLHPrivateKey.cpp b/src/lib/crypto/SLHPrivateKey.cpp
new file mode 100644
index 000000000..1d2d69e03
--- /dev/null
+++ b/src/lib/crypto/SLHPrivateKey.cpp
@@ -0,0 +1,106 @@
+/*
+ * Copyright (c) 2010 SURFnet bv
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+ * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+ * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*****************************************************************************
+ SLHPrivateKey.cpp
+
+ SLHDSA private key class
+ *****************************************************************************/
+
+#include "config.h"
+#include "log.h"
+#include "SLHPrivateKey.h"
+#include <string.h>
+
+// Set the type
+/*static*/ const char* SLHPrivateKey::type = "Abstract SLHDSA private key";
+
+// Check if the key is of the given type
+bool SLHPrivateKey::isOfType(const char* inType)
+{
+	return !strcmp(type, inType);
+}
+
+// Get the bit length
+unsigned long SLHPrivateKey::getBitLength() const
+{
+	return getK().bits();
+}
+
+// Get the output length
+unsigned long SLHPrivateKey::getOutputLength() const
+{
+	return getOrderLength() * 2;
+}
+
+// Setters for the SLHDSA private key components
+void SLHPrivateKey::setK(const ByteString& inK)
+{
+	k = inK;
+}
+
+// Setters for the SLHDSA public key components
+void SLHPrivateKey::setEC(const ByteString& inEC)
+{
+	ec = inEC;
+}
+
+// Getters for the SLHDSA private key components
+const ByteString& SLHPrivateKey::getK() const
+{
+	return k;
+}
+
+// Getters for the SLHDSA public key components
+const ByteString& SLHPrivateKey::getEC() const
+{
+	return ec;
+}
+
+// Serialisation
+ByteString SLHPrivateKey::serialise() const
+{
+	return ec.serialise() +
+	       k.serialise();
+}
+
+bool SLHPrivateKey::deserialise(ByteString& serialised)
+{
+	ByteString dEC = ByteString::chainDeserialise(serialised);
+	ByteString dK = ByteString::chainDeserialise(serialised);
+
+	if ((dEC.size() == 0) ||
+	    (dK.size() == 0))
+	{
+		return false;
+	}
+
+	setEC(dEC);
+	setK(dK);
+
+	return true;
+}
+
diff --git a/src/lib/crypto/SLHPrivateKey.h b/src/lib/crypto/SLHPrivateKey.h
new file mode 100644
index 000000000..936d21442
--- /dev/null
+++ b/src/lib/crypto/SLHPrivateKey.h
@@ -0,0 +1,82 @@
+/*
+ * Copyright (c) 2010 SURFnet bv
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+ * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+ * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*****************************************************************************
+ SLHPrivateKey.h
+
+ SLHDSA private key class
+ *****************************************************************************/
+
+#ifndef _SOFTHSM_V2_SLHPRIVATEKEY_H
+#define _SOFTHSM_V2_SLHPRIVATEKEY_H
+
+#include "config.h"
+#include "PrivateKey.h"
+
+class SLHPrivateKey : public PrivateKey
+{
+public:
+	// The type
+	static const char* type;
+
+	// Check if the key is of the given type
+	virtual bool isOfType(const char* inType);
+
+	// Get the bit length
+	virtual unsigned long getBitLength() const;
+
+	// Get the output length
+	virtual unsigned long getOutputLength() const;
+
+	// Get the base point order length
+	virtual unsigned long getOrderLength() const = 0;
+
+	// Setters for the SLHDSA private key components
+	virtual void setK(const ByteString& inK);
+
+	// Setters for the SLHDSA public key components
+	virtual void setEC(const ByteString& inEC);
+
+	// Getters for the SLHDSA private key components
+	virtual const ByteString& getK() const;
+
+	// Getters for the SLHDSA public key components
+	virtual const ByteString& getEC() const;
+
+	// Serialisation
+	virtual ByteString serialise() const;
+	virtual bool deserialise(ByteString& serialised);
+
+protected:
+	// Private components
+	ByteString k;
+
+	// Public components
+	ByteString ec;
+};
+
+#endif // !_SOFTHSM_V2_SLHPRIVATEKEY_H
+
diff --git a/src/lib/crypto/SLHPublicKey.cpp b/src/lib/crypto/SLHPublicKey.cpp
new file mode 100644
index 000000000..d3644aa02
--- /dev/null
+++ b/src/lib/crypto/SLHPublicKey.cpp
@@ -0,0 +1,104 @@
+/*
+ * Copyright (c) 2010 SURFnet bv
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+ * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+ * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*****************************************************************************
+ SLHPublicKey.cpp
+
+ SLHDSA public key class
+ *****************************************************************************/
+
+#include "config.h"
+#include "log.h"
+#include "SLHPublicKey.h"
+#include <string.h>
+
+// Set the type
+/*static*/ const char* SLHPublicKey::type = "Abstract SLHDSA public key";
+
+// Check if the key is of the given type
+bool SLHPublicKey::isOfType(const char* inType)
+{
+	return !strcmp(type, inType);
+}
+
+// Get the bit length
+unsigned long SLHPublicKey::getBitLength() const
+{
+	return getA().size() * 8;
+}
+
+// Get the output length
+unsigned long SLHPublicKey::getOutputLength() const
+{
+	return getOrderLength() * 2;
+}
+
+// Setters for the EC public key components
+void SLHPublicKey::setEC(const ByteString& inEC)
+{
+	ec = inEC;
+}
+
+void SLHPublicKey::setA(const ByteString& inA)
+{
+	a = inA;
+}
+
+// Getters for the EC public key components
+const ByteString& SLHPublicKey::getEC() const
+{
+	return ec;
+}
+
+const ByteString& SLHPublicKey::getA() const
+{
+	return a;
+}
+
+// Serialisation
+ByteString SLHPublicKey::serialise() const
+{
+	return ec.serialise() +
+	       a.serialise();
+}
+
+bool SLHPublicKey::deserialise(ByteString& serialised)
+{
+	ByteString dEC = ByteString::chainDeserialise(serialised);
+	ByteString dA = ByteString::chainDeserialise(serialised);
+
+	if ((dEC.size() == 0) ||
+	    (dA.size() == 0))
+	{
+		return false;
+	}
+
+	setEC(dEC);
+	setA(dA);
+
+	return true;
+}
+
diff --git a/src/lib/crypto/SLHPublicKey.h b/src/lib/crypto/SLHPublicKey.h
new file mode 100644
index 000000000..393e1c303
--- /dev/null
+++ b/src/lib/crypto/SLHPublicKey.h
@@ -0,0 +1,75 @@
+/*
+ * Copyright (c) 2010 SURFnet bv
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+ * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+ * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*****************************************************************************
+ SLHPublicKey.h
+
+ SLHDSA public key class
+ *****************************************************************************/
+
+#ifndef _SOFTHSM_V2_SLHPUBLICKEY_H
+#define _SOFTHSM_V2_SLHPUBLICKEY_H
+
+#include "config.h"
+#include "PublicKey.h"
+
+class SLHPublicKey : public PublicKey
+{
+public:
+	// The type
+	static const char* type;
+
+	// Check if the key is of the given type
+	virtual bool isOfType(const char* inType);
+
+	// Get the bit length
+	virtual unsigned long getBitLength() const;
+
+	// Get the output length
+	virtual unsigned long getOutputLength() const;
+
+	// Get the base point order length
+	virtual unsigned long getOrderLength() const = 0;
+
+	// Setters for the SLHDSA public key components
+	virtual void setEC(const ByteString& inEc);
+	virtual void setA(const ByteString& inA);
+
+	// Getters for the SLHDSA public key components
+	virtual const ByteString& getEC() const;
+	virtual const ByteString& getA() const;
+
+	// Serialisation
+	virtual ByteString serialise() const;
+	virtual bool deserialise(ByteString& serialised);
+
+protected:
+	// Public components
+	ByteString ec, a;
+};
+
+#endif // !_SOFTHSM_V2_SLHPUBLICKEY_H
+
diff --git a/src/lib/pkcs11/pkcs11.h b/src/lib/pkcs11/pkcs11.h
index cd195794c..b156a4601 100644
--- a/src/lib/pkcs11/pkcs11.h
+++ b/src/lib/pkcs11/pkcs11.h
@@ -408,6 +408,7 @@ typedef unsigned long ck_key_type_t;
 #define CKK_GOSTR3411		(0x31UL)
 #define CKK_GOST28147		(0x32UL)
 #define CKK_EC_EDWARDS		(0x40UL)
+#define CKK_SLHDSA		(0x40UL)
 #define CKK_VENDOR_DEFINED	((unsigned long) (1UL << 31))
 
 
@@ -485,6 +486,7 @@ typedef unsigned long ck_attribute_type_t;
 #define CKA_DESTROYABLE			(0x172UL)
 #define CKA_ECDSA_PARAMS		(0x180UL)
 #define CKA_EC_PARAMS			(0x180UL)
+#define CKA_SLHDSA_PARAMS			(0x180UL)
 #define CKA_EC_POINT			(0x181UL)
 #define CKA_SECONDARY_AUTH		(0x200UL)
 #define CKA_AUTH_PIN_FLAGS		(0x201UL)
@@ -892,6 +894,8 @@ typedef unsigned long ck_mechanism_type_t;
 /* From version 3.0 */
 #define CKM_EC_EDWARDS_KEY_PAIR_GEN	(0x1055UL)
 #define CKM_EDDSA			(0x1057UL)
+#define CKM_SLH_KEY_PAIR_GEN	(0x1055UL)
+#define CKM_SLHDSA			(0x1057UL)
 
 /* Attribute and other constants related to OTP */
 #define CK_OTP_FORMAT_DECIMAL		(0UL)

From 7988efa4296b94127d6701b5ed767e044731e1b1 Mon Sep 17 00:00:00 2001
From: Joao Henrique <joao.henrique1299@hotmail.com>
Date: Tue, 4 Nov 2025 22:57:33 -0300
Subject: [PATCH 07/21] chore: remove library hpcs-pkcs11 from softhsmv2

---
 hpcs-pkcs11/README.md                  |  130 --
 hpcs-pkcs11/samples/ep11.h             | 1858 ----------------------
 hpcs-pkcs11/samples/grep11.h           |   25 -
 hpcs-pkcs11/samples/pkcs11-attrs.c     |  872 -----------
 hpcs-pkcs11/samples/pkcs11-btc.c       |  391 -----
 hpcs-pkcs11/samples/pkcs11-checksum.c  |  497 ------
 hpcs-pkcs11/samples/pkcs11-crypto.c    |  394 -----
 hpcs-pkcs11/samples/pkcs11-dilithium.c |  213 ---
 hpcs-pkcs11/samples/pkcs11-object.c    |  225 ---
 hpcs-pkcs11/samples/pkcs11-slhdsa.c    |  356 -----
 hpcs-pkcs11/samples/pkcs11.h           |  265 ----
 hpcs-pkcs11/samples/pkcs11f.h          |  939 -----------
 hpcs-pkcs11/samples/pkcs11t.h          | 2003 ------------------------
 hpcs-pkcs11/samples/sample.h           |   23 -
 14 files changed, 8191 deletions(-)
 delete mode 100644 hpcs-pkcs11/README.md
 delete mode 100644 hpcs-pkcs11/samples/ep11.h
 delete mode 100644 hpcs-pkcs11/samples/grep11.h
 delete mode 100644 hpcs-pkcs11/samples/pkcs11-attrs.c
 delete mode 100644 hpcs-pkcs11/samples/pkcs11-btc.c
 delete mode 100644 hpcs-pkcs11/samples/pkcs11-checksum.c
 delete mode 100644 hpcs-pkcs11/samples/pkcs11-crypto.c
 delete mode 100644 hpcs-pkcs11/samples/pkcs11-dilithium.c
 delete mode 100644 hpcs-pkcs11/samples/pkcs11-object.c
 delete mode 100644 hpcs-pkcs11/samples/pkcs11-slhdsa.c
 delete mode 100644 hpcs-pkcs11/samples/pkcs11.h
 delete mode 100644 hpcs-pkcs11/samples/pkcs11f.h
 delete mode 100644 hpcs-pkcs11/samples/pkcs11t.h
 delete mode 100644 hpcs-pkcs11/samples/sample.h

diff --git a/hpcs-pkcs11/README.md b/hpcs-pkcs11/README.md
deleted file mode 100644
index 028db84be..000000000
--- a/hpcs-pkcs11/README.md
+++ /dev/null
@@ -1,130 +0,0 @@
-# Overview
-
-IBM Cloud® Hyper Protect Crypto Services is a dedicated key management service and hardware security module (HSM). This service allows you to take ownership of a cloud HSM to fully manage your encryption keys and to perform cryptographic operations. Hyper Protect Crypto Services is also the only service in the cloud industry that is built on FIPS 140-2 Level 4-certified hardware.
-
-# Installing the PKCS #11 files
-
-The files contained in this repository allow clients to access a cloud HSM via the HPCS service using a PKCS #11 library and its associated configuration file. The files are categorized by *releases*, which can be accessed from the hpcs-pkcs11 repository's [releases URL](https://github.com/IBM-Cloud/hpcs-pkcs11/releases).
-
-**NOTE:** The PKCS #11 library, for both the amd64 and s390x platforms, is currently supported only on Linux (GLIBC distros only, so not compatible with Alpine for now).
-
-There are two files used along with your PKCS #11 application:
-1. The PKCS #11 library:  pkcs11-grep11-**platform**.so.**major.minor.build**
-
-   - **platform** is amd64 or s390x
-  
-   - **major.minor.build** refers to the version of the library
-
-   - **NOTE:** Refer to step 1 of the IBM Cloud HPCS documentation topic, [Set up the PKCS #11 library](https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-set-up-pkcs-api), for instructions on where to place the PKCS #11 library file.
-
-2. The PKCS #11 client configuration file: *grep11client.yaml*
-   - Before you update the configuration file, PKCS #11 users must first be set up. Follow the steps outlined in the IBM Cloud Hyper Protect Crypto Services documentation topic, [Best practices for setting up PKCS #11 user types](https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-best-practice-pkcs11-access#step2-create-service-id-api-key), to complete the PKCS #11 user setup tasks.
-
-   - Changes to the configuration file are needed after you download it. Update the *grep11client.yaml* configuration file by following step 3 of the IBM Cloud Hyper Protect Crypto Services documentation topic: [Set up the PKCS #11 configuration file](https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-set-up-pkcs-api)
-
-   - **NOTE:** The *grep11client.yaml* configuration file must be moved into the same directory as the application (e.g., pkcs11-tool) using the PKCS #11 library or in the directory `/etc/ep11client`.
-
-## Verify the integrity and authenticity of the PKCS #11 library
-
-For maximum security, you can optionally verify the integrity and authenticity of the PKCS #11 library. Hyper Protect Crypto Services enable [signed code verification](https://en.wikipedia.org/wiki/Code_signing) to ensure that the signature matches the original code. If the downloaded PKCS #11 library file is altered or corrupted, a different signature is produced and the verification fails. To make sure the files are not tampered with or corrupted during the download process, complete the following steps by using the [OpenSSL command-line tool](https://wiki.openssl.org/index.php/Binaries).
-
-1. Download the latest version of the following files from the hpcs-pkcs11 repository's [releases URL](https://github.com/IBM-Cloud/hpcs-pkcs11/releases) to the same directory where you store the PKCS #11 library:
-
-    - `pkcs11-grep11-<platform>.so.<version>.sig`: The signed cryptographic hash of the PKCS #11 library, where **platform** is either *amd64* or *s390x*  and **version** is the major.minor.build (e.g., 2.3.4) of the signature file. Both **platform** and **version** must match the respective **platform** and **version** of the PKCS #11 library that is used.
-
-    - `signing_cert.pem`: The signing certificate for the HPCS PKCS #11 files.
-    
-    - `digicert_cert.pem`: An intermediate code signing certificate to prove the Hyper Protect Crypto Services PKCS #11 files signing certificate.
-
-2. Extract the public key from the signing certificate `signing_cert.pem` to the `sigkey.pub` file with the following command by using the OpenSSL command-line tool:
-
-   `openssl x509 -pubkey -noout -in signing_cert.pem -out sigkey.pub`
-
-3. Verify the integrity of the PKCS #11 library file with the following command:
-
-   `openssl dgst -sha256 -verify sigkey.pub -signature pkcs11-grep11-<platform>.so.<version>.sig pkcs11-grep11-<platform>.so.<version>`
-
-   **NOTE:** Replace **platform** with either *amd64* or *s390x* and replace **version** with the major.minor.build (e.g., 2.3.4) of the library.
-
-   When the verification is successful, `Verified OK` is displayed.
-
-4. Verify the authenticity and validity of the signing certificate with the following command:
-
-   `openssl ocsp -no_nonce -issuer digicert_cert.pem -cert signing_cert.pem -VAfile digicert_cert.pem -text -url http://ocsp.digicert.com -respout ocsptest`
-
-   When the verification is successful, `Response verify OK` and `signing_cert.pem: good` are displayed in the output.
-
-5. If the verification fails, cancel the installation and contact [IBM for support](https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-getting-help).
-
-## Initializing the Keystores
-
-Prior to using the PKCS #11 library, the keystores must be initialized. To initialize the keystores, the security officer (SO) user needs to perform a `C_InitToken` operation. Once the keystores have been initialized, normal and anonymous users can proceed with key operations such as `C_GenerateKey` or `C_GenerateKeyPair`.
-
-A keystore becomes an **authenticated keystore** if it is configured with a password. For more details please check [Performing cryptographic operations with the PKCS #11 API](https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-set-up-pkcs-api#step3-setup-configuration-file).
-
-## Getting started
-
-The `samples` directory in this repository contains source code that could be used to test your HPCS instance, the PKCS11 library, and the PKCS11 library's configuration file.  Follow the instructions inside pkcs11-crypto.c to get started.
-
-The sample code performs the following operations:
-
-* Intialize a token
-* Open a session
-* Login as a normal user
-* Create an AES key
-* Create an EC key pair
-* Encrypt data and decrypt data using the AES key
-* Sign and verify data using the EC key pair
-* Logout, close session and finalize
-
-pkcs11-dilithium.c demonstrates how to generate a Dilithium key pair, followed by signing and verifying data using the Dilithium key pair.
-
-# Attributes 
-We support a subset of attributes of the PKCS#11 specification. The following table shows:
-1. Which attributes are allowed to be used for PKCS11 requests (key generation, unwrapping, and key derivation).
-2. Data type of each attribute and the key types that are applicable.
-3. What attributes are generated after key or key pairs are generated.
-
-| Attribute                                                                            | Category | Applies to key types              | Allowed in template | Value type  | Library default | Filled by HPCS | Read only<br>After generation |
-| ------------------------------------------------------------------------------------ | -------- | --------------------------------- | ------------------- | ----------- | --------------- | -------------- | ----------------------------- |
-| CKA\_CLASS                                                                          | 1        | All                               | y                   | Integer     | Depends <sup>[1](#cka-class)</sup>        |                | y                             |
-| CKA\_TOKEN                                                                          | 3        | All                               | y                   | Bool        | FALSE           |                | y                             |
-| CKA\_PRIVATE                                                                        | 3        | All                               | y                   | Bool        | Depends <sup>[2](#cka-private)</sup>        |                | y                             |
-| CKA\_MODIFIABLE                                                                     | 3        | All                               | y                   | Bool        | TRUE            | y              | Read only if FALSE            |
-| CKA\_LABEL                                                                          | 4        | All                               | y                   | Bytes       | empty           |                |                               |
-| CKA\_KEY\_TYPE                                                                       | 1        | All                               | y                   | Integer     |                 |                | y                             |
-| CKA\_ID                                                                              | 4        | All                               | y                   | Bytes       | empty           |                |                               |
-| CKA\_DERIVE                                                                          | 1        | All                               | y                   | Bool        | FALSE           |                |                               |
-| CKA\_LOCAL                                                                           | 1        | All but public key                |                     | Bool        |                 | y              | y                             |
-| CKA\_KEY\_GEN\_MECHANISM                                                             | 2        | All                               |                     | Integer     |                 | y              | y                             |
-| CKA\_GREP11\_WKID                                                                    | 2        | private key<br>secret key         |                     | Big integer |                 | y              | y                             |
-| CKA\_SUBJECT                                                                         | 4        | public key<br>private key         | y                   | Bytes       | empty           |                |                               |
-| CKA\_ENCRYPT<br>CKA\_DECRYPT<br>CKA\_SIGN<br>CKA\_VERIFY<br>CKA\_WRAP<br>CKA\_UNWRAP | 1        | All when allowed <br>by algorithm | y                   | Bool        |                 | y              |                               |
-| CKA\_SENSITIVE                                                                      | 2        | private key<br>secret key         | y                   | Bool        |                 |                | y                             |
-| CKA\_ALWAYS\_SENSITIVE                                                               | 2        | private key<br>secret key         |                     | Bool        |                 | y              | y                             |
-| CKA\_WRAP\_WITH\_TRUSTED                                                             | 1        | private key<br>secret key         | y                   | Bool        | FALSE           | y              |                               |
-| CKA\_EXTRACTABLE                                                                     | 1        | private key<br>secret key         | y                   | Bool        | FALSE           | y              | Read only if FALSE            |
-| CKA\_NEVER\_EXTRACTABLE                                                             | 1        | private key<br>secret key         |                     | Bool        |                 | y              | y                             |
-| CKA\_CHECK\_VALUE                                                                    | 2        | secret key                        |                     | Bytes       |                 | y              | y                             |
-| CKA\_TRUSTED                                                                         | 1        | public key<br>secret key          | y                   | Bool        |                 | y              |                               |
-| CKA\_PUBLIC\_KEY\_INFO                                                               | 2        | public key                        | y                   | Bool        |                 | y              | y                             |
-| CKA\_MODULUS\_BITS                                                                  | 1        | RSA public key                    | y                   | Integer     |                 |                | y                             |
-| CKA\_MODULUS                                                                        | 2        | RSA public key<br>RSA private key |                     | Big integer |                 | y              | y                             |
-| CKA\_PUBLIC\_EXPONENT                                                               | 1        | RSA public key<br>RSA private key | y                   | Big integer |                 |                | y                             |
-| CKA\_EC\_PARAMS                                                                     | 1        | EC public key<br>EC private key   | y                   | Bytes       |                 |                | y                             |
-| CKA\_EC\_POINT                                                                      | 2        | EC public key                     |                     | Bytes       |                 | y              | y                             |
-| CKA\_VALUE\_LEN                                                                      | 1        | Generate secret key<br>AES key    | y                   | integer     |                 |                | y                             |
-| CKA\_IBM\_PQC\_PARAMS                                                               | 1        | Dilithium public key              | y                   | Bytes       |                 |                | y                             |
-
-<a name="cka-class">1</a>. Default value of `CKA_CLASS` is based on mechanisms and key types:
-
-| Function         | Mechanism                                                                                                              | Default value                                                                                  |
-| ---------------- | ---------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------- |
-| GenerateKey      | CKM\_AES\_KEY\_GEN<br>CKM\_DES2\_KEY\_GEN<br>CKM\_DES3\_KEY\_GEN<br>CKM\_GENERIC\_SECRET\_KEY\_GEN                     | CKO\_SECRET\_KEY                                                                               |
-| GenerateKeyPairs | CKM\_EC\_KEY\_PAIR\_GEN<br>CKM\_RSA\_PKCS\_KEY\_PAIR\_GEN<br>CKM\_RSA\_X9\_31\_KEY\_PAIR\_GEN<br>CKM\_IBM\_DILITHIUM                          | CKO\_PUBLIC\_KEY & CKO\_PRIVATE\_KEY                                                           |
-| UnwrapKey        | CKM\_AES\_CBC<br>CKM\_AES\_CBC\_PAD<br>CKM\_DES3\_CBC<br>CKM\_DES3\_CBC\_PAD<br>CKM\_RSA\_PKCS<br>CKM\_RSA\_PKCS\_OAEP | CKO\_SECRET\_KEY if key type is AES, DES2 or DES3. Otherwise, the default is CKO\_PRIVATE\_KEY |
-| DeriveKey        |                                                                                                                        | CKO\_SECRET\_KEY                                                                               |
-
-
-<a name="cka-private">2</a>. Default value of `CKA_PRIVATE` is TRUE if the `Normal user` is logged in, otherwise, it is FALSE
- 
diff --git a/hpcs-pkcs11/samples/ep11.h b/hpcs-pkcs11/samples/ep11.h
deleted file mode 100644
index d8939f9f8..000000000
--- a/hpcs-pkcs11/samples/ep11.h
+++ /dev/null
@@ -1,1858 +0,0 @@
-/*----------------------------------------------------------------------
- * This EP11 header file is distributed under the following license
- *
- * Copyright 2022 IBM Corp. All Rights Reserved
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * 1. Redistributions of source code must retain the above copyright notice,
- *    this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright notice,
- *    this list of conditions and the following disclaimer in the documentation
- *    and/or other materials provided with the distribution.
- *
- * 3. Neither the name of the copyright holder nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
- * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- *----------------------------------------------------------------------
- *  EP11 service mail address: EP11SUPP@de.ibm.com
- *
- *  Use this mail address for Bugs and Comments with the EP11 product.
- *----------------------------------------------------------------------*/
-
-
-#if !defined(XCP_H__)
-#define XCP_H__ 
-#if !defined(CKR_OK)
-#include "pkcs11.h"
-#endif
-#if !defined(INT64_MIN)
-#error "We need 64-bit <stdint.h> types, please include before this file."
-#endif
-#define MAX_FNAME_CHARS 256
-#define XCP_OK 0
-#define XCP_EINTERNAL -1
-#define XCP_EARG -2
-#define XCP_ETARGET -3
-#define XCP_EMEMORY -4
-#define XCP_EMUTEX -5
-#define XCP_EINIT -6
-#define XCP_EDEVICE -7
-#define XCP_EGROUP -8
-#define XCP_ESIZE -9
-#define XCP_EINVALID -10
-#define XCP_ERESPONSE -11
-#define XCP_EAPI -12
-#define XCP_MOD_EOBSOLETE -101
-#define XCP_MOD_EVERSION -102
-#define XCP_MOD_EFLAGS -103
-#define XCP_MOD_EMODULE -104
-#define XCP_MOD_EDOMAIN -105
-#define XCP_MOD_EINIT -106
-#define XCP_MOD_EPROBE -107
-#define XCP_COMMON_PUBLIC_H__ 
-#define XCP_API_VERSION 0x0810
-#define XCP_API_ORDINAL 0x0004
-#define XCP_HOST_API_VER 0x040000
-#define XCP_HSM_AGENT_ID 0x5843
-#define XCP_HSM_USERDEF32 0x01234567
-#define XCP_API_ALLOW_PROTKEY 0x0004
-typedef enum {
- XCP_FNVAR_SIZEQUERY = 1,
- XCP_FNVAR_MULTIDATA = 2,
- XCP_FNVAR_MULTISIZEQ = 3
-} XCP_FNVariant_t;
-#define CKR_IBM_WKID_MISMATCH (CKR_VENDOR_DEFINED +0x10001)
-#define CKR_IBM_INTERNAL_ERROR (CKR_VENDOR_DEFINED +0x10002)
-#define CKR_IBM_TRANSPORT_ERROR (CKR_VENDOR_DEFINED +0x10003)
-#define CKR_IBM_BLOB_ERROR (CKR_VENDOR_DEFINED +0x10004)
-#define CKR_IBM_BLOBKEY_CONFLICT (CKR_VENDOR_DEFINED +0x10005)
-#define CKR_IBM_MODE_CONFLICT (CKR_VENDOR_DEFINED +0x10006)
-#define CKR_IBM_NONCRT_KEY_SIZE (CKR_VENDOR_DEFINED +0x10008)
-#define CKR_IBM_WK_NOT_INITIALIZED (CKR_VENDOR_DEFINED +0x10009)
-#define CKR_IBM_OA_API_ERROR (CKR_VENDOR_DEFINED +0x1000a)
-#define CKR_IBM_REQ_TIMEOUT (CKR_VENDOR_DEFINED +0x1000b)
-#define CKR_IBM_READONLY (CKR_VENDOR_DEFINED +0x1000c)
-#define CKR_IBM_STATIC_POLICY (CKR_VENDOR_DEFINED +0x1000d)
-#define CKR_IBM_TRANSPORT_LIMIT (CKR_VENDOR_DEFINED +0x10010)
-#define CKR_IBM_FCV_NOT_SET (CKR_VENDOR_DEFINED +0x10011)
-#define CKR_IBM_PERF_CATEGORY_INVALID (CKR_VENDOR_DEFINED +0x10012)
-#define CKR_IBM_API_MISMATCH (CKR_VENDOR_DEFINED +0x10013)
-#define CKR_IBM_TARGET_INVALID (CKR_VENDOR_DEFINED +0x10030)
-#define CKR_IBM_PQC_PARAMS_NOT_SUPPORTED (CKR_VENDOR_DEFINED +0x10031)
-#define CKR_IBM_ERROR_STATE (CKR_VENDOR_DEFINED +0x10101)
-#define CKM_IBM_SHA3_224 (CKM_VENDOR_DEFINED +0x10001)
-#define CKM_IBM_SHA3_256 (CKM_VENDOR_DEFINED +0x10002)
-#define CKM_IBM_SHA3_384 (CKM_VENDOR_DEFINED +0x10003)
-#define CKM_IBM_SHA3_512 (CKM_VENDOR_DEFINED +0x10004)
-#define CKM_IBM_CMAC (CKM_VENDOR_DEFINED +0x10007)
-#define CKM_IBM_ECDSA_SHA224 (CKM_VENDOR_DEFINED +0x10008)
-#define CKM_IBM_ECDSA_SHA256 (CKM_VENDOR_DEFINED +0x10009)
-#define CKM_IBM_ECDSA_SHA384 (CKM_VENDOR_DEFINED +0x1000a)
-#define CKM_IBM_ECDSA_SHA512 (CKM_VENDOR_DEFINED +0x1000b)
-#define CKM_IBM_EC_MULTIPLY (CKM_VENDOR_DEFINED +0x1000c)
-#define CKM_IBM_EAC (CKM_VENDOR_DEFINED +0x1000d)
-#define XCP_EAC_NONCE_MAX_BYTES 64
-#define XCP_EAC_INFO_MAX_BYTES 64
-typedef enum {
- EACV_IBM_KEK_V101 = 1,
- EACV_IBM_MACK_V101 = 2,
- EACV_IBM_PWD_V200 = 3,
- EACV_IBM_HKDF = 4,
- EACV_IBM_BCHAIN_TCERT0
-                    = 5
-} EAC_Var_t;
-#define CKM_IBM_TESTCODE (CKM_VENDOR_DEFINED +0x1000e)
-#define CKM_IBM_SHA512_256 (CKM_VENDOR_DEFINED +0x10012)
-#define CKM_IBM_SHA512_224 (CKM_VENDOR_DEFINED +0x10013)
-#define CKM_IBM_SHA512_256_HMAC (CKM_VENDOR_DEFINED +0x10014)
-#define CKM_IBM_SHA512_224_HMAC (CKM_VENDOR_DEFINED +0x10015)
-#define CKM_IBM_EC_X25519 (CKM_VENDOR_DEFINED +0x1001b)
-#define CKM_IBM_ED25519_SHA512 (CKM_VENDOR_DEFINED +0x1001c)
-#define CKM_IBM_EC_X448 (CKM_VENDOR_DEFINED +0x1001e)
-#define CKM_IBM_ED448_SHA3 (CKM_VENDOR_DEFINED +0x1001f)
-#define CKM_IBM_SIPHASH (CKM_VENDOR_DEFINED +0x10021)
-#define CKM_IBM_DILITHIUM (CKM_VENDOR_DEFINED +0x10023)
-#define CKM_IBM_KYBER (CKM_VENDOR_DEFINED +0x10024)
-#define CKM_IBM_SHA3_224_HMAC (CKM_VENDOR_DEFINED +0x10025)
-#define CKM_IBM_SHA3_256_HMAC (CKM_VENDOR_DEFINED +0x10026)
-#define CKM_IBM_SHA3_384_HMAC (CKM_VENDOR_DEFINED +0x10027)
-#define CKM_IBM_SHA3_512_HMAC (CKM_VENDOR_DEFINED +0x10028)
-#define CKM_IBM_EC_X25519_RAW (CKM_VENDOR_DEFINED +0x10029)
-#define CKM_IBM_EC_X448_RAW (CKM_VENDOR_DEFINED +0x10030)
-#define CKM_IBM_ECDSA_OTHER (CKM_VENDOR_DEFINED +0x10031)
-typedef enum {
- ECSG_IBM_ECSDSA_S256 = 3,
- ECSG_IBM_ECSDSA_COMPR_MULTI = 5,
- ECSG_IBM_MAX = ECSG_IBM_ECSDSA_COMPR_MULTI,
-} ECSG_Var_t;
-#define CK_IBM_ECSG_IBM_ECSDSA_S256 ECSG_IBM_ECSDSA_S256
-#define CK_IBM_ECSG_IBM_ECDSA_COMPR_MULTI_S256 ECSG_IBM_ECDSA_COMPR_MULTI_S256
-#define CK_IBM_ECSG_IBM_MAX ECSG_IBM_MAX
-#define CKM_IBM_CLEARKEY_TRANSPORT (CKM_VENDOR_DEFINED +0x20001)
-#define CKM_IBM_ATTRIBUTEBOUND_WRAP (CKM_VENDOR_DEFINED +0x20004)
-#define CKM_IBM_TRANSPORTKEY (CKM_VENDOR_DEFINED +0x20005)
-#define CKM_IBM_DH_PKCS_DERIVE_RAW (CKM_VENDOR_DEFINED +0x20006)
-#define CKM_IBM_ECDH1_DERIVE_RAW (CKM_VENDOR_DEFINED +0x20007)
-#define CKM_IBM_WIRETEST (CKM_VENDOR_DEFINED +0x30004)
-#define CKM_IBM_RETAINKEY (CKM_VENDOR_DEFINED +0x40001)
-#define CKM_IBM_CPACF_WRAP (CKM_VENDOR_DEFINED +0x60001)
-#define CKM_IBM_BTC_DERIVE (CKM_VENDOR_DEFINED +0x70001)
-#define CKA_IBM_RESTRICTABLE (CKA_VENDOR_DEFINED +0x10001)
-#define CKA_IBM_NEVER_MODIFIABLE (CKA_VENDOR_DEFINED +0x10002)
-#define CKA_IBM_RETAINKEY (CKA_VENDOR_DEFINED +0x10003)
-#define CKA_IBM_ATTRBOUND (CKA_VENDOR_DEFINED +0x10004)
-#define CKA_IBM_KEYTYPE (CKA_VENDOR_DEFINED +0x10005)
-#define CKA_IBM_CV (CKA_VENDOR_DEFINED +0x10006)
-#define CKA_IBM_MACKEY (CKA_VENDOR_DEFINED +0x10007)
-#define CKA_IBM_USE_AS_DATA (CKA_VENDOR_DEFINED +0x10008)
-#define CKA_IBM_STRUCT_PARAMS (CKA_VENDOR_DEFINED +0x10009)
-#define CKA_IBM_STD_COMPLIANCE1 (CKA_VENDOR_DEFINED +0x1000a)
-#define CKA_IBM_PROTKEY_EXTRACTABLE (CKA_VENDOR_DEFINED +0x1000c)
-#define CKA_IBM_PROTKEY_NEVER_EXTRACTABLE (CKA_VENDOR_DEFINED +0x1000d)
-#define CKA_IBM_PQC_PARAMS (CKA_VENDOR_DEFINED +0x1000e)
-#define CKA_IBM_LOGIN_SESSION (CKA_VENDOR_DEFINED +0x1000f)
-#define CKA_IBM_MACED_PUBLIC_KEY_INFO (CKA_VENDOR_DEFINED +0x20002)
-#define CKA_IBM_WIRETEST (CKA_VENDOR_DEFINED +0x20001)
-#define CKK_IBM_PQC_DILITHIUM (CKK_VENDOR_DEFINED +0x10023)
-#define CKK_IBM_PQC_KYBER (CKK_VENDOR_DEFINED +0x10024)
-#define XCP_MOD_ERROR_STATE_OFF 0x00000000
-#define XCP_MOD_ERROR_STATE_MODULE_SELFTEST 0x00000001
-#define XCP_MOD_ERROR_STATE_KEYPAIR_GEN_PCT 0x00000002
-#define XCP_MOD_ERROR_STATE_SYSTEST_CMD 0x00000003
-#define XCP_MOD_ERROR_STATE_TRNG_HEALTH 0x00000004
-#define XCP_HMAC_BYTES ((size_t) (256 /8))
-#define XCP_FWID_BYTES ((size_t) (256 /8))
-#define XCP_WK_BYTES ((size_t) (256 /8))
-#define XCP_WKID_BYTES ((size_t) (128 /8))
-#define XCP_BLOBCLRATTR_BYTES 8
-#define XCP_BLOBCLRMODE_BYTES 8
-#define XCP_WRAP_BLOCKSIZE ((size_t) (128 /8))
-#define XCP_MACKEY_BYTES (256 /8)
-#define XCP_PIN_SALT_BYTES XCP_WRAP_BLOCKSIZE
-#define XCP_PINBLOB_BYTES \
-        (XCP_WK_BYTES +XCP_PIN_SALT_BYTES +XCP_HMAC_BYTES)
-#define XCP_PBE_TYPE_CLEAR 0
-#define XCP_PBE_TYPE_BLOB 1
-#define XCP_PBE_TYPE_MAX (XCP_PBE_TYPE_BLOB)
-#define XCP_PBE_HDR_BYTES 16
-#define XCP_PBE_PWD_MAX_BYTES 1024
-#define XCP_PBE_SALT_MAX_BYTES 256
-#define XCP_MECH_WIRE_PRM_BYTES ((size_t) 4)
-#define XCP_MECH_PRM_MAX_BYTES \
-        (XCP_MECH_WIRE_PRM_BYTES +XCP_PBE_HDR_BYTES \
-         +XCP_PBE_PWD_MAX_BYTES +XCP_PBE_SALT_MAX_BYTES)
-#define XCP_WIRE_FILEHDR_BYTES ((size_t) (4+4+4))
-#define XCP_PBE_ITER_MAX (64*1024)
-#define XCP_CSP_CONFIG_BYTES 40
-#define XCP_SESSIONBLOB_SALT_BYTES 16
-#define XCP_SESSIONBLOB_BYTES \
-         (XCP_WK_BYTES +XCP_SESSIONBLOB_SALT_BYTES +XCP_HMAC_BYTES)
-#define XCP_SIZEQ_WIRE_BYTES 8
-#define XCP_PSS_WIRE_BYTES (4+4+4)
-#define XCP_PSS_DEFAULT_VALUE 0xffffffff
-#define XCP_OAEP_MIN_WIRE_BYTES (4+4+4)
-#define XCP_OAEP_MAX_SOURCE_BYTES 1024
-#define XCP_SHAKE_WIRE_BYTES 4
-#define XCP_ECDH1_DERIVE_MIN_WIRE_BYTES (4+4+4)
-#define XCP_BTC_MIN_WIRE_BYTES (4+4+4+4)
-#define XCP_BIP0032_CHAINCODE_BYTES 32
-#define XCP_BTC_VERSION 1
-#define XCP_KYBER_KEM_VERSION 0
-#define XCP_KYBER_KEM_MIN_WIRE_BYTES (4 + 4 + 4 + 4 + 4 + 4)
-#define XCP_KYBER_RAW_BYTES 32
-#define XCP_ECDH1_DERIVE_MAX_PUBLIC_BYTES 1024
-#define XCP_ECDH1_DERIVE_MAX_SHARED_BYTES 1024
-#define XCP_RETAINID_BYTES (XCP_HMAC_BYTES +XCP_HMAC_BYTES)
-#define XCP_RETAINLABEL_BYTES ((size_t) 64)
-#define XCP_RETAINID_SHORT_BYTES 4
-typedef enum {
- CKF_IBM_HW_EXTWNG = 1,
- CKF_IBM_HW_ATTEST = 2,
- CKF_IBM_HW_BATTERY = 4,
- CKF_IBM_HW_SYSTEST = 8,
- CKF_IBM_HW_RETAIN = 0x10,
- CKF_IBM_HW_AUDIT = 0x40,
- CKF_IBM_HW_ADM_DOMIMPORT
-                    = 0x0200,
- CKF_IBM_HW_PROTKEY_TOLERATION
-                    = 0x0400,
- CKF_IBM_HW_DUAL_OA = 0x1000,
-} XCP_CK_EXTFLAGS_t;
-#define XCP_MAX_MODULES 256
-#define XCP_SERIALNR_CHARS 8
-#define XCP_DOMAIN_INSTANCE_BYTES 4
-#define XCP_WRAPKEY_BYTES 32
-#define XCP_SPKISALT_BYTES 8
-#define XCP_DOMAINS 256
-#define XCP_DOMAIN_BYTES 4
-#define XCP_MAX_ADMINS 8
-#define XCP_MAX_KEYPARTS 20
-#define XCP_MIN_PINBYTES 8
-#define XCP_MAX_PINBYTES 16
-#define XCP_CERT_MAX_BYTES ((size_t) 12288)
-#define XCP_CERTHASH_BYTES (256/8)
-#define XCP_ADMCTR_BYTES ((size_t) (128/8))
-#define XCP_KEYCSUM_BYTES (256/8)
-#define XCP_MAX_EC_COORD_BYTES ((size_t) 66)
-#define XCP_MIN_EC_CURVE_BITS 192
-#define XCP_MAX_EC_CURVE_BITS 521
-#define XCP_MAX_DIL_SIGNATURE_BYTES 4668
-#define XCP_MAX_SINFO_META_BYTES 100
-#define MOD_MAX_SYMMKEY_BYTES 256
-#define XCP_FCV_PUBLIC_BYTES ((size_t) 76)
-typedef enum {
- XCP_FCV_RSA_BYTES = (76+ 4096/8),
- XCP_FCV_EC_BYTES = (76+ 2*66),
- XCP_FCV_MAX_BYTES = XCP_FCV_RSA_BYTES
-} XCP_FCV_Bytes_t;
-#define PKCS11_CHECKSUM_BYTES ((size_t) 3)
-#define XCP_KEYBITS_FIELD_BYTES ((size_t) 4)
-#define XCP_RSPSIG_RSA (4096 / 8)
-#define XCP_RSPSIG_MAX_BYTES (XCP_MAX_SINFO_META_BYTES + \
-                                  XCP_RSPSIG_RSA)
-#define XCP_RSPSIG_QS_MAX_BYTES (XCP_MAX_SINFO_META_BYTES + \
-                                  XCP_MAX_DIL_SIGNATURE_BYTES)
-#define XCP_RSA_PKCS_MIN_PAD 11
-#define XCP_LOG_STATE_BYTES (256 /8)
-#define XCP_LOG_HEADER_BYTE 0x42
-#define XCP_LOGEV_SPEC (0xffff0000)
-#define XCP_LOGEV_QUERY 0
-#define XCP_LOGEV_FUNCTION 1
-#define XCP_LOGEV_ADMFUNCTION 2
-#define XCP_LOGEV_STARTUP 3
-#define XCP_LOGEV_SHUTDOWN 4
-#define XCP_LOGEV_SELFTEST 5
-#define XCP_LOGEV_DOM_IMPORT 6
-#define XCP_LOGEV_DOM_EXPORT 7
-#define XCP_LOGEV_FAILURE 8
-#define XCP_LOGEV_GENERATE 9
-#define XCP_LOGEV_REMOVE 10
-#define XCP_LOGEV_SPECIFIC 11
-#define XCP_LOGEV_STATE_IMPORT 12
-#define XCP_LOGEV_STATE_EXPORT 13
-#define XCP_LOGEV_IMPORT 14
-#define XCP_LOGEV_EXPORT 15
-#define XCP_LOGSPEV_TRANSACT_ZEROIZE (XCP_LOGEV_SPEC +1)
-#define XCP_LOGSPEV_KAT_FAILED (XCP_LOGEV_SPEC +2)
-#define XCP_LOGSPEV_KAT_COMPLETED (XCP_LOGEV_SPEC +3)
-#define XCP_LOGSPEV_EARLY_Q_START (XCP_LOGEV_SPEC +4)
-#define XCP_LOGSPEV_EARLY_Q_END (XCP_LOGEV_SPEC +5)
-#define XCP_LOGSPEV_AUDIT_NEWCHAIN (XCP_LOGEV_SPEC +6)
-#define XCP_LOGSPEV_TIMECHG_BEFORE (XCP_LOGEV_SPEC +7)
-#define XCP_LOGSPEV_TIMECHG_AFTER (XCP_LOGEV_SPEC +8)
-#define XCP_LOGSPEV_MODSTIMPORT_START (XCP_LOGEV_SPEC +9)
-#define XCP_LOGSPEV_MODSTIMPORT_FAIL (XCP_LOGEV_SPEC +10)
-#define XCP_LOGSPEV_MODSTIMPORT_END (XCP_LOGEV_SPEC +11)
-#define XCP_LOGSPEV_MODSTEXPORT_START (XCP_LOGEV_SPEC +12)
-#define XCP_LOGSPEV_MODSTEXPORT_FAIL (XCP_LOGEV_SPEC +13)
-typedef enum {
- XCP_LOGSYS_AUDIT = 1,
- XCP_LOGSYS_CRYPTTEST = 2,
- XCP_LOGSYS_SELFTEST = 3,
- XCP_LOGSYS_FULL = 4,
- XCP_LOGSYS_WK = 5,
- XCP_LOGSYS_STATE = 6
-} XCP_LogSystem_t;
-#define XCP_LOGFL_WK_PRESENT 0x80000000
-#define XCP_LOGFL_COMPLIANCE_PRESENT 0x40000000
-#define XCP_LOGFL_FINALWK_PRESENT 0x20000000
-#define XCP_LOGFL_KEYREC0_PRESENT 0x10000000
-#define XCP_LOGFL_KEYREC0_COMPL 0x08000000
-#define XCP_LOGFL_KEYREC1_PRESENT 0x04000000
-#define XCP_LOGFL_KEYREC2_PRESENT 0x02000000
-#define XCP_LOGFL_FINTIME_PRESENT 0x01000000
-#define XCP_LOGFL_SALT0_PRESENT 0x00800000
-#define XCP_LOGFL_SALT1_PRESENT 0x00400000
-#define XCP_LOGFL_SALT2_PRESENT 0x00200000
-#define XCP_LOGFL_REASON_PRESENT 0x00100000
-#define XCP_LOGFL_SEQPRF_PRESENT 0x00080000
-typedef enum {
- XCP_IMPRKEY_RSA_2048 = 0,
- XCP_IMPRKEY_RSA_4096 = 1,
- XCP_IMPRKEY_EC_P256 = 2,
- XCP_IMPRKEY_EC_P521 = 3,
- XCP_IMPRKEY_EC_BP256r = 4,
- XCP_IMPRKEY_EC_BP320r = 5,
- XCP_IMPRKEY_EC_BP512r = 6,
- XCP_IMPRKEY_RSA_3072 = 7,
- XCP_IMPRKEY_EC_P521_TKE = 8,
- XCP_IMPRKEY_MAX = XCP_IMPRKEY_EC_P521_TKE
-} XCP_IMPRKEY_t;
-typedef enum {
- XCP_OAKEY_RSA_4096 = 1,
- XCP_OAKEY_ECC_P521 = 2,
- XCP_OAKEY_DIL_87R2 = 3,
- XCP_OAKEY_MAX = XCP_OAKEY_DIL_87R2
-} XCP_OAKEY_t;
-typedef struct CK_RETAINEDKEY_PARAMS {
- CK_ULONG credits;
- CK_VOID_PTR rkData;
- CK_ULONG rkdLen;
-} CK_RETAINEDKEY_PARAMS;
-typedef enum {
- XCP_OPCAT_ASYMM_SLOW = 1,
- XCP_OPCAT_ASYMM_FAST = 2,
- XCP_OPCAT_SYMM_PARTIAL = 3,
- XCP_OPCAT_SYMM_FULL = 4,
- XCP_OPCAT_ASYMM_GEN = 5,
- XCP_OPCAT_ASYMM_MAX = XCP_OPCAT_ASYMM_GEN
-} XCP_OPCAT_t;
-typedef enum {
- CK_IBM_XCPQ_API = 0,
- CK_IBM_XCPQ_MODULE = 1,
- CK_IBM_XCPQ_DOMAINS = 2,
- CK_IBM_XCPQ_DOMAIN = 3,
- CK_IBM_XCPQ_SELFTEST = 4,
- CK_IBM_XCPQ_EXT_CAPS = 5,
- CK_IBM_XCPQ_EXT_CAPLIST = 6,
- CK_IBM_XCPQ_AUDITLOG = 8,
- CK_IBM_XCPQ_EC_CURVES = 10,
- CK_IBM_XCPQ_COMPAT = 11,
- CK_IBM_XCPQ_EC_CURVEGRPS
-                         = 12,
- CK_IBM_XCPQ_CP_BLACKLIST
-                         = 13,
-        CK_IBM_XCPQ_PQC_STRENGTHS
-                                = 14,
- CK_IBM_XCPQ_MAX = CK_IBM_XCPQ_PQC_STRENGTHS
-} CK_IBM_XCPQUERY_t;
-typedef enum {
- CK_IBM_XCPMSQ_DEFAULT = 0,
- CK_IBM_XCPMSQ_DESCRTEXT = 1,
- CK_IBM_XCPMSQ_FNLIST = 2,
- CK_IBM_XCPMSQ_FNS = 3,
- CK_IBM_XCPMSQ_MOD_V1 = 4,
- CK_IBM_XCPMSQ_ATTRLIST = 5,
- CK_IBM_XCPMSQ_ATTRS = 6,
- CK_IBM_XCPMSQ_MOD_V2 = 7,
- CK_IBM_XCPMSQ_MAX = CK_IBM_XCPMSQ_MOD_V2
-} CK_IBM_XCPMSUBQUERY_t;
-#define XCP_MSQ_FNLIST_SIZE 16
-#define XCP_XCPMSQ_FNS_SIZE 1
-#define CK_IBM_XCP_HOSTQ_IDX 0xff000000
-#define CK_IBM_XCPHQ_COUNT 0xff000000
-#define CK_IBM_XCPHQ_VERSION 0xff000001
-#define CK_IBM_XCPHQ_VERSION_HASH 0xff000002
-#define CK_IBM_XCPHQ_DIAGS 0xff000003
-#define CK_IBM_XCPHQ_HVERSION 0xff000004
-#define CK_IBM_XCPHQ_TGT_MODE 0xff000005
-#define CK_IBM_XCPHQ_ECDH_DERPRM 0xff000006
-#define CK__IBM_XCPHQ_MAX CK_IBM_XCPHQ_TGT_MODE
-typedef enum {
- CK_IBM_XCPHQ_TGT_MODES_TGTGRP = 1,
- CK_IBM_XCPHQ_TGT_MODES_MAX = CK_IBM_XCPHQ_TGT_MODES_TGTGRP
-} CK_IBM_XCPHQ_TGT_MODES_t;
-typedef enum {
- CK_IBM_XCPXQ_AUDIT_EV_BYTES = 2,
- CK_IBM_XCPXQ_AUDIT_ENTRIES = 3,
- CK_IBM_XCPXQ_DEBUGLVL_MAX = 4,
- CK_IBM_XCPXQ_ERRINJECT_FREQ = 5,
- CK_IBM_XCPXQ_MULTIDATA_N = 6,
- CK_IBM_XCPXQ_IMPEXP_CAPS = 7,
- CK_IBM_XCPXQ_CERT_MAXBYTES = 8,
- CK_IBM_XCPXQ_MOD_COUNTERS = 9,
- CK_IBM_XCPXQ_MAX_SESSIONS = 12,
- CK_IBM_XCPXQ_AVAIL_SESSIONS = 13,
- CK_IBM_XCPXQ_BTC_CAP = 14,
- CK_IBM_XCPXQ_ECDSA_OTHER = 15,
- CK_IBM_XCPXQ_OA_CAP = 16,
- CK_IBM_XCPXQ_MAXIDX = CK_IBM_XCPXQ_OA_CAP,
-} CK_IBM_XCPEXTCAP_t;
-#define CK_IBM_DOM_ADMIND 1
-#define CK_IBM_DOM_CURR_WK 2
-#define CK_IBM_DOM_NEXT_WK 4
-#define CK_IBM_DOM_COMMITTED_NWK 8
-#define CK_IBM_DOM_IMPRINTED 0x10
-#define CK_IBM_DOM_IMPRINTS 0x80000000
-#define CK_IBM_DOM_PROTKEY_ALLOW 0x20
-#define CK_IBM_DOM_ACTIVE \
-        (CK_IBM_DOM_ADMIND | \
-         CK_IBM_DOM_CURR_WK | \
-         CK_IBM_DOM_NEXT_WK | \
-         CK_IBM_DOM_COMMITTED_NWK | \
-         CK_IBM_DOM_IMPRINTED)
-typedef enum {
- CK_IBM_ECCURVE_NIST = 1,
- CK_IBM_ECCURVE_BPOOL = 2,
- CK_IBM_ECCURVE_S256K1 = 4,
- CK_IBM_ECCURVE_25519 = 8,
- CK_IBM_ECCURVE_ED448 = 0x20,
-} CK_IBM_ECCURVEQ_t;
-typedef struct CK_IBM_XCPAPI_INFO {
- CK_ULONG firmwareApi;
- CK_ULONG firmwareConfig;
-} CK_IBM_XCPAPI_INFO;
-typedef CK_IBM_XCPAPI_INFO CK_PTR CK_IBM_XCPAPI_INFO_PTR;
-#define CK_IBM_XCP_INFO_MEMBERS_V0 \
- CK_ULONG firmwareApi; \
-                                                                        \
- CK_ULONG firmwareId; \
- CK_VERSION firmwareVersion; \
- CK_VERSION cspVersion; \
-                                                                        \
- CK_BYTE firmwareConfig[ 32 ]; \
- CK_BYTE xcpConfig[ 32 ]; \
- CK_BYTE cspConfig[ 32 ]; \
- CK_CHAR serialNumber[ 16 ]; \
- CK_CHAR utcTime[ 16 ]; \
- CK_ULONG opMode2; \
- CK_ULONG opMode1; \
- CK_FLAGS flags; \
- CK_FLAGS extflags; \
- CK_ULONG domains; \
- CK_ULONG symmStateBytes; \
- CK_ULONG digestStateBytes; \
- CK_ULONG pinBlockBytes; \
- CK_ULONG symmKeyBytes; \
- CK_ULONG spkiBytes; \
- CK_ULONG prvkeyBytes; \
- CK_ULONG maxPayloadBytes; \
- CK_ULONG cpProfileBytes; \
- CK_ULONG controlPoints;
-#define CK_IBM_XCP_DESCINFO_MEMBER \
- CK_CHAR manufacturerID[ 32 ]; \
- CK_CHAR model[ 16 ];
-#define CK_IBM_XCP_ADMATTRLIST_MEMBER \
- CK_BYTE perm_modes[ 8 ]; \
- CK_BYTE infra_modes[ 8 ]; \
- CK_BYTE comp_modes[ 8 ];
-#define CK_IBM_XCP_ADMATTRCOUNT_MEMBER \
- CK_BYTE perm_count; \
- CK_BYTE infra_count; \
- CK_BYTE comp_count;
-#define CK_IBM_XCP_ADMATTRLIST_MEMBER_V2 \
- CK_BYTE perm_ext01_modes[ 8 ];
-#define CK_IBM_XCP_ADMATTRCOUNT_MEMBER_V2 \
- CK_BYTE perm_ext01_count;
-typedef struct CK_IBM_XCP_INFO {
- CK_IBM_XCP_INFO_MEMBERS_V0
-} CK_IBM_XCP_INFO;
-typedef struct CK_IBM_XCP_INFO_V1 {
- CK_IBM_XCP_INFO_MEMBERS_V0
- CK_IBM_XCP_DESCINFO_MEMBER
- CK_BYTE fnid_mask[ 16 ];
- CK_BYTE fnid_count;
- CK_IBM_XCP_ADMATTRLIST_MEMBER
- CK_IBM_XCP_ADMATTRCOUNT_MEMBER
-} CK_IBM_XCP_INFO_V1;
-typedef struct CK_IBM_XCP_INFO_V2 {
- CK_IBM_XCP_INFO_MEMBERS_V0
- CK_IBM_XCP_DESCINFO_MEMBER
- CK_BYTE fnid_mask[ 16 ];
- CK_BYTE fnid_count;
- CK_IBM_XCP_ADMATTRLIST_MEMBER
- CK_IBM_XCP_ADMATTRCOUNT_MEMBER
- CK_IBM_XCP_ADMATTRLIST_MEMBER_V2
- CK_IBM_XCP_ADMATTRCOUNT_MEMBER_V2
-} CK_IBM_XCP_INFO_V2;
-typedef struct CK_IBM_XCP_DESCINFO {
- CK_IBM_XCP_DESCINFO_MEMBER
-} CK_IBM_XCP_DESCINFO;
-typedef struct CK_IBM_XCP_ATTRLIST {
- CK_IBM_XCP_ADMATTRLIST_MEMBER
- CK_IBM_XCP_ADMATTRLIST_MEMBER_V2
-} CK_IBM_XCP_ATTRLIST;
-typedef struct CK_IBM_XCP_ATTRCOUNT {
- CK_IBM_XCP_ADMATTRCOUNT_MEMBER
- CK_IBM_XCP_ADMATTRCOUNT_MEMBER_V2
-} CK_IBM_XCP_ATTRCOUNT;
-#define CK_IBM_XCP_INFO_INIT0 \
-        { 0,0, {0,0,},{0,0,}, {0,},{0,},{0,}, {0,},{0,}, \
-          0,0, 0,0, 0,0,0,0,0,0,0, 0,0,0, }
-#define CK_IBM_XCP_INFO_V2_INIT0 \
-        { 0,0, {0,0,},{0,0,}, {0,},{0,},{0,}, {0,},{0,}, \
-          0,0, 0,0, 0,0,0,0,0,0,0, 0,0,0, \
-          {0}, {0}, {0}, 0, {0}, {0}, {0}, 0, 0, 0, \
-          {0}, 0}
-typedef CK_IBM_XCP_INFO CK_PTR CK_IBM_XCP_INFO_PTR;
-typedef CK_IBM_XCP_INFO_V1 CK_PTR CK_IBM_XCP_INFO_V1_PTR;
-typedef CK_IBM_XCP_INFO_V2 CK_PTR CK_IBM_XCP_INFO_V2_PTR;
-typedef CK_IBM_XCP_DESCINFO CK_PTR CK_IBM_XCP_DESCINFO_PTR;
-typedef CK_IBM_XCP_ATTRLIST CK_PTR CK_IBM_XCP_ATTRLIST_PTR;
-typedef CK_IBM_XCP_ATTRCOUNT CK_PTR CK_IBM_XCP_ATTRCOUNT_PTR;
-typedef struct CK_IBM_DOMAIN_INFO {
- CK_ULONG domain;
- CK_BYTE wk[ XCP_KEYCSUM_BYTES ];
- CK_BYTE nextwk[ XCP_KEYCSUM_BYTES ];
- CK_ULONG flags;
- CK_BYTE mode[ 8 ];
-} CK_IBM_DOMAIN_INFO;
-#define CK_IBM_DOMAIN_INFO_INIT0 { 0, { 0, }, { 0, }, 0, { 0, } }
-typedef CK_IBM_DOMAIN_INFO CK_PTR CK_IBM_DOMAIN_INFO_PTR;
-typedef struct CK_IBM_BTC_DERIVE_PARAMS {
- CK_ULONG type;
- CK_ULONG childKeyIndex;
- CK_BYTE_PTR pChainCode;
- CK_ULONG ulChainCodeLen;
- CK_ULONG version;
-} CK_IBM_BTC_DERIVE_PARAMS;
-typedef CK_IBM_BTC_DERIVE_PARAMS CK_PTR CK_IBM_BTC_DERIVE_PARAMS_PTR;
-#define CK_IBM_BIP0032_HARDENED (0x80000000)
-typedef enum {
- CK_IBM_BIP0032_PRV2PRV = 1,
- CK_IBM_BIP0032_PRV2PUB = 2,
- CK_IBM_BIP0032_PUB2PUB = 3,
- CK_IBM_BIP0032_MASTERK = 4,
- CK_IBM_SLIP0010_PRV2PRV = 5,
- CK_IBM_SLIP0010_PRV2PUB = 6,
- CK_IBM_SLIP0010_PUB2PUB = 7,
- CK_IBM_SLIP0010_MASTERK = 8,
-} CK_IBM_BTC_t;
-typedef enum {
- XCP_KEM_ENCAPSULATE = 1,
- XCP_KEM_DECAPSULATE = 2,
-} XCP_KEM_t;
-typedef CK_ULONG CK_IBM_KEM_MODE;
-#define CK_IBM_KEM_ENCAPSULATE XCP_KEM_ENCAPSULATE
-#define CK_IBM_KEM_DECAPSULATE XCP_KEM_DECAPSULATE
-typedef struct XCP_KYBER_KEM_PARAMS {
- CK_ULONG version;
- CK_IBM_KEM_MODE mode;
- CK_ULONG kdf;
- CK_BBOOL prepend;
- CK_BYTE *pCipher;
- CK_ULONG ulCipherLen;
- CK_BYTE *pSharedData;
- CK_ULONG ulSharedDataLen;
- CK_BYTE *pBlob;
- CK_ULONG ulBlobLen;
-} XCP_KYBER_KEM_PARAMS_t;
-typedef enum {
- XCP_BLOB_EXTRACTABLE = 1,
- XCP_BLOB_NEVER_EXTRACTABLE = 2,
- XCP_BLOB_MODIFIABLE = 4,
- XCP_BLOB_NEVER_MODIFIABLE = 8,
- XCP_BLOB_RESTRICTABLE = 0x10,
- XCP_BLOB_LOCAL = 0x20,
- XCP_BLOB_ATTRBOUND = 0x40,
- XCP_BLOB_USE_AS_DATA = 0x80,
- XCP_BLOB_SIGN = 0x0100,
- XCP_BLOB_SIGN_RECOVER = 0x0200,
- XCP_BLOB_DECRYPT = 0x0400,
- XCP_BLOB_ENCRYPT = 0x0800,
- XCP_BLOB_DERIVE = 0x1000,
- XCP_BLOB_UNWRAP = 0x2000,
- XCP_BLOB_WRAP = 0x4000,
- XCP_BLOB_VERIFY = 0x8000,
- XCP_BLOB_VERIFY_RECOVER = 0x010000,
- XCP_BLOB_TRUSTED = 0x020000,
- XCP_BLOB_WRAP_W_TRUSTED = 0x040000,
- XCP_BLOB_RETAINED = 0x080000,
- XCP_BLOB_ALWAYS_RETAINED = 0x100000,
- XCP_BLOB_PROTKEY_EXTRACTABLE = 0x200000,
- XCP_BLOB_PROTKEY_NEVER_EXTRACTABLE = 0x400000,
- XCP_BLOB_BIT_MAX = XCP_BLOB_PROTKEY_NEVER_EXTRACTABLE
-} XCP_Attr_t;
-#define XCP_CPID_BYTES 8
-#define XCP_CPBLOCK_BITS 128
-typedef enum {
-    XCP_CPB_ADD_CPBS = 0,
-    XCP_CPB_DELETE_CPBS = 1,
-    XCP_CPB_SIGN_ASYMM = 2,
-    XCP_CPB_SIGN_SYMM = 3,
-    XCP_CPB_SIGVERIFY_SYMM = 4,
-    XCP_CPB_ENCRYPT_SYMM = 5,
-    XCP_CPB_DECRYPT_ASYMM = 6,
-    XCP_CPB_DECRYPT_SYMM = 7,
-    XCP_CPB_WRAP_ASYMM = 8,
-    XCP_CPB_WRAP_SYMM = 9,
-    XCP_CPB_UNWRAP_ASYMM = 10,
-    XCP_CPB_UNWRAP_SYMM = 11,
-    XCP_CPB_KEYGEN_ASYMM = 12,
-    XCP_CPB_KEYGEN_SYMM = 13,
-    XCP_CPB_RETAINKEYS = 14,
-    XCP_CPB_SKIP_KEYTESTS = 15,
-    XCP_CPB_NON_ATTRBOUND = 16,
-    XCP_CPB_MODIFY_OBJECTS = 17,
-    XCP_CPB_RNG_SEED = 18,
-    XCP_CPB_ALG_RAW_RSA = 19,
-    XCP_CPB_ALG_NFIPS2009 = 20,
-    XCP_CPB_ALG_NBSI2009 = 21,
-    XCP_CPB_KEYSZ_HMAC_ANY = 22,
-    XCP_CPB_KEYSZ_BELOW80BIT = 23,
-    XCP_CPB_KEYSZ_80BIT = 24,
-    XCP_CPB_KEYSZ_112BIT = 25,
-    XCP_CPB_KEYSZ_128BIT = 26,
-    XCP_CPB_KEYSZ_192BIT = 27,
-    XCP_CPB_KEYSZ_256BIT = 28,
-    XCP_CPB_KEYSZ_RSA65536 = 29,
-    XCP_CPB_ALG_RSA = 30,
-    XCP_CPB_ALG_DSA = 31,
-    XCP_CPB_ALG_EC = 32,
-    XCP_CPB_ALG_EC_BPOOLCRV = 33,
-    XCP_CPB_ALG_EC_NISTCRV = 34,
-    XCP_CPB_ALG_NFIPS2011 = 35,
-    XCP_CPB_ALG_NBSI2011 = 36,
-    XCP_CPB_USER_SET_TRUSTED = 37,
-    XCP_CPB_ALG_SKIP_CROSSCHK = 38,
-    XCP_CPB_WRAP_CRYPT_KEYS = 39,
-    XCP_CPB_SIGN_CRYPT_KEYS = 40,
-    XCP_CPB_WRAP_SIGN_KEYS = 41,
-    XCP_CPB_USER_SET_ATTRBOUND = 42,
-    XCP_CPB_ALLOW_PASSPHRASE = 43,
-    XCP_CPB_WRAP_STRONGER_KEY = 44,
-    XCP_CPB_WRAP_WITH_RAW_SPKI = 45,
-    XCP_CPB_ALG_DH = 46,
-    XCP_CPB_DERIVE = 47,
-    XCP_CPB_ALLOW_NONSESSION = 48,
-    XCP_CPB_ALG_EC_25519 = 55,
-    XCP_CPB_ALG_EC_SECGCRV = 60,
-    XCP_CPB_ALG_NBSI2017 = 61,
-    XCP_CPB_CPACF_PK = 64,
-    XCP_CPB_ALG_PQC = 65,
-    XCP_CPB_BTC = 66,
-    XCP_CPB_ECDSA_OTHER = 67,
-    XCP_CPB_ALG_NFIPS2021 = 68,
-    XCP_CPB_ALG_NFIPS2024 = 69,
-    XCP_CPB_COMPAT_LEGACY_SHA3 = 70,
-    XCP_CPB_DSA_PARAMETER_GEN = 71,
-    XCP_CPB_DERIVE_NON_AB_KEYS = 72,
-    XCP_CPBITS_MAX = XCP_CPB_DERIVE_NON_AB_KEYS
-} XCP_CPbit_t;
-#define XCP_CPCOUNT \
-  (((XCP_CPBITS_MAX +XCP_CPBLOCK_BITS-1) /XCP_CPBLOCK_BITS) *XCP_CPBLOCK_BITS)
-#define XCP_CP_BYTES (XCP_CPCOUNT /8)
-#define XCP_CPB__INVERT (XCP_CPCOUNT-1)
-#define XCP_ADM_QUERY 0x10000
-typedef enum {
- XCP_ADM_ADMIN_LOGIN = 1,
- XCP_ADM_DOM_ADMIN_LOGIN = 2,
- XCP_ADM_ADMIN_LOGOUT = 3,
- XCP_ADM_DOM_ADMIN_LOGOUT = 4,
- XCP_ADM_ADMIN_REPLACE = 5,
- XCP_ADM_DOM_ADMIN_REPLACE = 6,
- XCP_ADM_SET_ATTR = 7,
- XCP_ADM_DOM_SET_ATTR = 8,
- XCP_ADM_GEN_DOM_IMPORTER = 9,
- XCP_ADM_GEN_WK = 10,
- XCP_ADM_EXPORT_WK = 11,
- XCP_ADM_EXPORT_NEXT_WK = 38,
- XCP_ADM_IMPORT_WK = 12,
- XCP_ADM_COMMIT_WK = 13,
- XCP_ADM_FINALIZE_WK = 14,
- XCP_ADM_ZEROIZE = 15,
- XCP_ADM_DOM_ZEROIZE = 16,
- XCP_ADM_DOM_CTRLPOINT_SET = 17,
- XCP_ADM_DOM_CTRLPOINT_ADD = 18,
- XCP_ADM_DOM_CTRLPOINT_DEL = 19,
- XCP_ADM_SET_CLOCK = 20,
- XCP_ADM_SET_FCV = 21,
- XCP_ADM_CTRLPOINT_SET = 22,
- XCP_ADM_CTRLPOINT_ADD = 23,
- XCP_ADM_CTRLPOINT_DEL = 24,
- XCP_ADM_REENCRYPT = 25,
- XCP_ADM_RK_REMOVE = 26,
- XCP_ADM_CLEAR_WK = 27,
- XCP_ADM_CLEAR_NEXT_WK = 28,
- XCP_ADM_SYSTEM_ZEROIZE = 29,
- XCP_ADM_EXPORT_STATE = 30,
- XCP_ADM_IMPORT_STATE = 31,
- XCP_ADM_COMMIT_STATE = 32,
- XCP_ADM_REMOVE_STATE = 33,
- XCP_ADM_GEN_MODULE_IMPORTER= 34,
- XCP_ADM_SET_TRUSTED = 35,
- XCP_ADM_DOMAINS_ZEROIZE = 36,
- XCP_ADM_SESSION_REMOVE = 39,
- XCP_ADMQ_ADMIN = 1 | XCP_ADM_QUERY,
- XCP_ADMQ_DOMADMIN = 2 | XCP_ADM_QUERY,
- XCP_ADMQ_DEVICE_CERT = 3 | XCP_ADM_QUERY,
- XCP_ADMQ_DOM_IMPORTER_CERT = 4 | XCP_ADM_QUERY,
- XCP_ADMQ_CTRLPOINTS = 5 | XCP_ADM_QUERY,
- XCP_ADMQ_DOM_CTRLPOINTS = 6 | XCP_ADM_QUERY,
- XCP_ADMQ_WK = 7 | XCP_ADM_QUERY,
- XCP_ADMQ_NEXT_WK = 8 | XCP_ADM_QUERY,
- XCP_ADMQ_ATTRS = 9 | XCP_ADM_QUERY,
- XCP_ADMQ_DOM_ATTRS = 10 | XCP_ADM_QUERY,
- XCP_ADMQ_FCV = 11 | XCP_ADM_QUERY,
- XCP_ADMQ_WK_ORIGINS = 12 | XCP_ADM_QUERY,
- XCP_ADMQ_RKLIST = 13 | XCP_ADM_QUERY,
- XCP_ADMQ_INTERNAL_STATE = 14 | XCP_ADM_QUERY,
- XCP_ADMQ_IMPORTER_CERT = 15 | XCP_ADM_QUERY,
- XCP_ADMQ_AUDIT_STATE = 16 | XCP_ADM_QUERY,
- XCP_ADMQ_LASTCMD_DOM_MASK = 17 | XCP_ADM_QUERY,
- XCP_ADMQ_SVCADMIN = 18 | XCP_ADM_QUERY,
-} XCP_Admcmd_t;
-typedef enum {
- XCP_ADMINT_SIGN_THR = 1,
- XCP_ADMINT_REVOKE_THR = 2,
- XCP_ADMINT_PERMS = 3,
- XCP_ADMINT_MODE = 4,
- XCP_ADMINT_STD = 5,
- XCP_ADMINT_PERMS_EXT01 = 6,
- XCP_ADMINT_IDX_MAX = XCP_ADMINT_PERMS_EXT01
-} XCP_AdmAttr_t;
-#define XCP_ADMIN_ATTRIBUTE_COUNT XCP_ADMINT_IDX_MAX
-#define XCP_ADM_SIGTHR__DEFAULT 0
-#define XCP_ADM_REVTHR__DEFAULT 0
-#define XCP_ADMP_WK_IMPORT 1
-#define XCP_ADMP_WK_EXPORT 2
-#define XCP_ADMP_WK_1PART 4
-#define XCP_ADMP_WK_RANDOM 8
-#define XCP_ADMP_1SIGN 0x10
-#define XCP_ADMP_CP_1SIGN 0x20
-#define XCP_ADMP_ZERO_1SIGN 0x40
-#define XCP_ADMP_NO_DOMAIN_IMPRINT \
-                                  0x0080
-#define XCP_ADMP_STATE_IMPORT 0x0100
-#define XCP_ADMP_STATE_EXPORT 0x0200
-#define XCP_ADMP_STATE_1PART 0x0400
-#define XCP_ADMP_DO_NOT_DISTURB 0x2000
-#define XCP_ADMP_CHG_WK_IMPORT 0x10000
-#define XCP_ADMP_CHG_WK_EXPORT 0x20000
-#define XCP_ADMP_CHG_WK_1PART 0x40000
-#define XCP_ADMP_CHG_WK_RANDOM 0x80000
-#define XCP_ADMP_CHG_SIGN_THR 0x100000
-#define XCP_ADMP_CHG_REVOKE_THR 0x200000
-#define XCP_ADMP_CHG_1SIGN 0x400000
-#define XCP_ADMP_CHG_CP_1SIGN 0x800000
-#define XCP_ADMP_CHG_ZERO_1SIGN \
-                              0x01000000
-#define XCP_ADMP_CHG_ST_IMPORT \
-                              0x02000000
-#define XCP_ADMP_CHG_ST_EXPORT \
-                              0x04000000
-#define XCP_ADMP_CHG_ST_1PART 0x08000000
-#define XCP_ADMP_CHG_DO_NOT_DISTURB \
-                              0x80000000
-#define XCP_ADMP_NQS_OA_SIGNATURES 1
-#define XCP_ADMP_QS_OA_SIGNATURES 2
-#define XCP_ADMP_NQS_ADM_SIGNATURES 4
-#define XCP_ADMP_QS_ADM_SIGNATURES 8
-#define XCP_ADMP_CHG_NQS_OA_SIGNATURES \
-                                 0x10000
-#define XCP_ADMP_CHG_QS_OA_SIGNATURES \
-                                 0x20000
-#define XCP_ADMP_CHG_NQS_ADM_SIGNATURES \
-                                 0x40000
-#define XCP_ADMP_CHG_QS_ADM_SIGNATURES \
-                                 0x80000
-#define XCP_ADMP__CHGBITS \
-       (XCP_ADMP_CHG_WK_IMPORT | \
-        XCP_ADMP_CHG_WK_EXPORT | \
-        XCP_ADMP_CHG_WK_1PART | \
-        XCP_ADMP_CHG_WK_RANDOM | \
-        XCP_ADMP_CHG_SIGN_THR | \
-        XCP_ADMP_CHG_REVOKE_THR | \
-        XCP_ADMP_CHG_1SIGN | \
-        XCP_ADMP_CHG_CP_1SIGN | \
-        XCP_ADMP_CHG_ZERO_1SIGN | \
-        XCP_ADMP_CHG_ST_IMPORT | \
-        XCP_ADMP_CHG_ST_EXPORT | \
-        XCP_ADMP_CHG_ST_1PART | \
-        XCP_ADMP_CHG_DO_NOT_DISTURB)
-#define XCP_ADMP__PERMS \
-       (XCP_ADMP_WK_IMPORT | \
-        XCP_ADMP_WK_EXPORT | \
-        XCP_ADMP_WK_1PART | \
-        XCP_ADMP_WK_RANDOM | \
-        XCP_ADMP_1SIGN | \
-        XCP_ADMP_CP_1SIGN | \
-        XCP_ADMP_ZERO_1SIGN | \
-        XCP_ADMP_NO_DOMAIN_IMPRINT | \
-        XCP_ADMP_STATE_IMPORT | \
-        XCP_ADMP_STATE_EXPORT | \
-        XCP_ADMP_STATE_1PART | \
-        XCP_ADMP_DO_NOT_DISTURB)
-#define XCP_ADMP__CHGBITS_EXT01 \
-       (XCP_ADMP_CHG_NQS_OA_SIGNATURES | \
-        XCP_ADMP_CHG_QS_OA_SIGNATURES | \
-        XCP_ADMP_CHG_NQS_ADM_SIGNATURES | \
-        XCP_ADMP_CHG_QS_ADM_SIGNATURES)
-#define XCP_ADMP__PERMS_EXT01 \
-       (XCP_ADMP_NQS_OA_SIGNATURES | \
-        XCP_ADMP_QS_OA_SIGNATURES | \
-        XCP_ADMP_NQS_ADM_SIGNATURES | \
-        XCP_ADMP_QS_ADM_SIGNATURES)
-#define XCP__ADMP_SUP_EXT01 (XCP_ADMP__PERMS_EXT01 | \
-                             XCP_ADMP__CHGBITS_EXT01)
-#define XCP_ADMP__DEFAULT \
-       (XCP_ADMP_WK_IMPORT | \
-        XCP_ADMP_1SIGN | \
-        XCP_ADMP__CHGBITS)
-#define XCP_ADMP__DEFAULT_EXT01 \
-       (XCP_ADMP__CHGBITS_EXT01 | \
-        XCP_ADMP_NQS_OA_SIGNATURES | \
-        XCP_ADMP_QS_OA_SIGNATURES | \
-        XCP_ADMP_NQS_ADM_SIGNATURES | \
-        XCP_ADMP_QS_ADM_SIGNATURES)
-#define XCPM_ADMP__MODULE_DEFAULTS_MASK \
-       (XCP_ADMP_DO_NOT_DISTURB | \
-        XCP_ADMP_CHG_DO_NOT_DISTURB)
-#define XCPM_ADMP__MODULE_DEFAULTS_MASK_EXT01 \
-       (XCP_ADMP_NQS_OA_SIGNATURES | \
-        XCP_ADMP_CHG_NQS_OA_SIGNATURES | \
-        XCP_ADMP_QS_OA_SIGNATURES | \
-        XCP_ADMP_CHG_QS_OA_SIGNATURES | \
-        XCP_ADMP_NQS_ADM_SIGNATURES | \
-        XCP_ADMP_CHG_NQS_ADM_SIGNATURES | \
-        XCP_ADMP_QS_ADM_SIGNATURES | \
-        XCP_ADMP_CHG_QS_ADM_SIGNATURES)
-#define XCP_ADMP__CARD_MASK \
-      ~(XCP_ADMP_WK_IMPORT | \
-        XCP_ADMP_WK_EXPORT | \
-        XCP_ADMP_WK_1PART | \
-        XCP_ADMP_WK_RANDOM | \
-        XCP_ADMP_CP_1SIGN | \
-        XCP_ADMP_CHG_WK_IMPORT | \
-        XCP_ADMP_CHG_WK_EXPORT | \
-        XCP_ADMP_CHG_WK_1PART | \
-        XCP_ADMP_CHG_WK_RANDOM | \
-        XCP_ADMP_CHG_CP_1SIGN)
-#define XCP_ADMP__CARD_MASK_EXT01 \
-       ~(0U)
-#define XCP_ADMP__DOM_MASK \
-      ~(XCP_ADMP_NO_DOMAIN_IMPRINT | \
-        XCP_ADMP_STATE_IMPORT | \
-        XCP_ADMP_STATE_EXPORT | \
-        XCP_ADMP_STATE_1PART | \
-        XCP_ADMP_CHG_ST_IMPORT | \
-        XCP_ADMP_CHG_ST_EXPORT | \
-        XCP_ADMP_CHG_ST_1PART)
-#define XCP_ADMP__DOM_MASK_EXT01 \
-      ~(0U)
-#define XCP__ADMP_SUP ((XCP_ADMP__PERMS | XCP_ADMP__CHGBITS) &\
-                       ~XCP_ADMP_NOT_SUP)
-#define XCP_ADMM_AUTHENTICATED 1U
-#define XCP_ADMM_EXTWNG 2U
-#define XCP_ADMM_STR_112BIT 4U
-#define XCP_ADMM_STR_128BIT 8U
-#define XCP_ADMM_STR_160BIT 0x10U
-#define XCP_ADMM_STR_192BIT 0x20U
-#define XCP_ADMM_STR_256BIT 0x40U
-#define XCP_ADMM_WKCLEAN_EXTWNG 0x80U
-#define XCP_ADMM_BATT_LOW 0x0100U
-#define XCP_ADMM_API_ACTIVE 0x0200U
-#define XCP_ADMM__DEFAULT \
-       (XCP_ADMM_EXTWNG | \
-        XCP_ADMM_API_ACTIVE)
-#define XCP_ADMM__MASK \
-        (XCP_ADMM_AUTHENTICATED | \
-         XCP_ADMM_EXTWNG | \
-         XCP_ADMM_STR_112BIT | \
-         XCP_ADMM_STR_128BIT | \
-         XCP_ADMM_STR_160BIT | \
-         XCP_ADMM_STR_192BIT | \
-         XCP_ADMM_STR_256BIT | \
-         XCP_ADMM_WKCLEAN_EXTWNG | \
-         XCP_ADMM_BATT_LOW | \
-         XCP_ADMM_API_ACTIVE)
-#define XCP_ADMM__CARD_ONLY_ATTR \
-       (XCP_ADMM_EXTWNG | \
-        XCP_ADMM_WKCLEAN_EXTWNG | \
-        XCP_ADMM_API_ACTIVE)
-#define XCP_ADMM__READ_ONLY_ATTR \
-       (XCP_ADMM_AUTHENTICATED | \
-        XCP_ADMM_BATT_LOW)
-#define XCP__ADMM_ADMSTR \
-       (XCP_ADMM_STR_112BIT | \
-        XCP_ADMM_STR_128BIT | \
-        XCP_ADMM_STR_160BIT | \
-        XCP_ADMM_STR_192BIT | \
-        XCP_ADMM_STR_256BIT)
-#define XCP__ADMM_SUP XCP_ADMM__MASK
-#define XCP_ADMS_FIPS2009 1
-#define XCP_ADMS_BSI2009 2
-#define XCP_ADMS_FIPS2011 4
-#define XCP_ADMS_BSI2011 8
-#define XCP_ADMS_SIGG_IMPORT 0x10
-#define XCP_ADMS_SIGG 0x20
-#define XCP_ADMS_BSICC2017 0x40
-#define XCP_ADMS_FIPS2021 0x80
-#define XCP_ADMS_FIPS2024 0x100
-#define XCP_ADMS_ADM_FIPS2021 0x200
-#define XCP_ADMS__ALL \
-       (XCP_ADMS_FIPS2009 | \
-        XCP_ADMS_BSI2009 | \
-        XCP_ADMS_FIPS2011 | \
-        XCP_ADMS_BSI2011 | \
-        XCP_ADMS_BSICC2017 | \
-        XCP_ADMS_FIPS2021 | \
-        XCP_ADMS_FIPS2024 | \
-        XCP_ADMS_ADM_FIPS2021)
-#define XCP_ADMS__SUPP (XCP_ADMS__ALL & \
-                         ~(XCP_ADMS_FIPS2021 | \
-                           XCP_ADMS_ADM_FIPS2021 | \
-                           XCP_ADMS_FIPS2024))
-#define XCP__ADMP_SUP_LEGACY \
-       (XCP_ADMP_WK_IMPORT | \
-        XCP_ADMP_WK_EXPORT | \
-        XCP_ADMP_WK_1PART | \
-        XCP_ADMP_WK_RANDOM | \
-        XCP_ADMP_1SIGN | \
-        XCP_ADMP_CP_1SIGN | \
-        XCP_ADMP_ZERO_1SIGN | \
-        XCP_ADMP_NO_DOMAIN_IMPRINT | \
-        XCP_ADMP_STATE_IMPORT | \
-        XCP_ADMP_STATE_EXPORT | \
-        XCP_ADMP_STATE_1PART | \
-        XCP_ADMP_CHG_WK_IMPORT | \
-        XCP_ADMP_CHG_WK_EXPORT | \
-        XCP_ADMP_CHG_WK_1PART | \
-        XCP_ADMP_CHG_WK_RANDOM | \
-        XCP_ADMP_CHG_SIGN_THR | \
-        XCP_ADMP_CHG_REVOKE_THR | \
-        XCP_ADMP_CHG_1SIGN | \
-        XCP_ADMP_CHG_CP_1SIGN | \
-        XCP_ADMP_CHG_ZERO_1SIGN | \
-        XCP_ADMP_CHG_ST_IMPORT | \
-        XCP_ADMP_CHG_ST_EXPORT | \
-        XCP_ADMP_CHG_ST_1PART)
-#define XCP__ADMM_SUP_LEGACY \
-       (XCP_ADMM_AUTHENTICATED | \
-        XCP_ADMM_EXTWNG | \
-        XCP_ADMM_WKCLEAN_EXTWNG | \
-        XCP_ADMM_BATT_LOW | \
-        XCP_ADMM_API_ACTIVE)
-#define XCP_ADMS__ALL_LEGACY \
-       (XCP_ADMS_FIPS2009 | \
-        XCP_ADMS_BSI2009 | \
-        XCP_ADMS_FIPS2011 | \
-        XCP_ADMS_BSI2011 | \
-        XCP_ADMS_BSICC2017)
-#define XCP__ADMP_SUP_EXT01_LEGACY (0)
-#define XCP_ADMS_IS_BSI(mode) (!!((mode) & (XCP_ADMS_BSI2009 | \
-                                             XCP_ADMS_BSI2011 | \
-                                             XCP_ADMS_BSICC2017 )) )
-#define XCP_ADM_IMPEXP_KEYS__MASK \
-         ((1 << XCP_IMPRKEY_RSA_2048) | \
-          (1 << XCP_IMPRKEY_EC_P256) | \
-          (1 << XCP_IMPRKEY_EC_P521) | \
-          (1 << XCP_IMPRKEY_EC_BP256r) | \
-          (1 << XCP_IMPRKEY_EC_BP320r) | \
-          (1 << XCP_IMPRKEY_EC_BP512r) | \
-          (1 << XCP_IMPRKEY_EC_P521_TKE))
-#define XCP_LOG_KEYREC_BYTES 24
-#define XCP_LOG_SEQNR_BYTES 6
-#define XCP_LOG_INSTANCEID_BYTES 2
-#define XCP_LOG_TIMET_BYTES (4+2)
-#define XCP_LOG_SEQNR_OFFSET ((size_t) 4)
-#define XCP_LOG_SEQPRF_BASE_BYTES \
-         ((size_t) XCP_LOG_SEQNR_BYTES +XCP_LOG_TIMET_BYTES)
-#define XCP_LOG_COMPLIANCE_BYTES 8
-#define XCP_LOG_REASON_BYTES 4
-#define XCP_LOG_SALTUNIT_BYTES 4
-#define XCP_LOG_SALT_MAX_UNITS 3
-#define XCP_LOG_SALT_MAX_BYTES \
-        (XCP_LOG_SALT_MAX_UNITS * XCP_LOG_SALTUNIT_BYTES)
-#define XCP_LOG_PRFSALT_BYTES ((size_t) 64/8)
-#define XCP_LOG_CONTEXT_BYTES \
-        (2* XCP_SERIALNR_CHARS+ \
-         2+2+ \
-         4+4+ \
-         4+4 )
-#define XCP_LOG_OPTFIELD_MAX_BYTES \
-        (2* XCP_WK_BYTES + \
-            XCP_LOG_COMPLIANCE_BYTES + \
-         3* XCP_LOG_KEYREC_BYTES + \
-            XCP_LOG_TIMET_BYTES + \
-     XCP_LOG_COMPLIANCE_BYTES + \
-            XCP_LOG_REASON_BYTES + \
-            XCP_LOG_SALT_MAX_BYTES)
-#define XCP_LOG_HEADER_BYTES \
-        (1+1+2 + \
-         XCP_LOG_SEQNR_BYTES + \
-         XCP_LOG_TIMET_BYTES)
-#define XCP_LOG_ENTRY_MAX_BYTES \
-        (XCP_LOG_HEADER_BYTES + \
-         XCP_LOG_STATE_BYTES + \
-         XCP_LOG_CONTEXT_BYTES + \
-         XCP_LOG_OPTFIELD_MAX_BYTES + \
-         XCP_LOG_STATE_BYTES)
-typedef enum {
- XCP_STSTYPE_SECTIONCOUNT = 1,
- XCP_STSTYPE_DOMAINIDX_MAX = 2,
- XCP_STSTYPE_DOMAINS_MASK = 3,
- XCP_STSTYPE_SERIALNR = 4,
- XCP_STSTYPE_CREATE_TIME = 5,
- XCP_STSTYPE_FCV = 6,
- XCP_STSTYPE_CARD_QUERY = 7,
- XCP_STSTYPE_CARD_ADM_SKIS = 8,
- XCP_STSTYPE_CARD_ADM_CERTS = 9,
- XCP_STSTYPE_DOM_ADM_SKIS = 10,
- XCP_STSTYPE_DOM_ADM_CERTS = 11,
- XCP_STSTYPE_DOM_QUERY = 12,
- XCP_STSTYPE_KPH_SKIS = 13,
- XCP_STSTYPE_CARD_ATTRS = 14,
- XCP_STSTYPE_DOM_ATTRS = 15,
- XCP_STSTYPE_CARD_TRANSCTR = 16,
- XCP_STSTYPE_DOM_TRANSCTR = 17,
- XCP_STSTYPE_WK_ENCR_ALG = 18,
- XCP_STSTYPE_WK_ENCR_DATA = 19,
- XCP_STSTYPE_SIG_CERT_COUNT = 20,
- XCP_STSTYPE_SIG_CERTS = 21,
- XCP_STSTYPE_FILE_SIG = 22,
- XCP_STSTYPE_DOM_CPS = 23,
- XCP_STSTYPE_STATE_SALT = 24,
- XCP_STSTYPE_KEYPART = 25,
- XCP_STSTYPE_KEYPART_SIG = 26,
- XCP_STSTYPE_KEYPART_COUNT = 27,
- XCP_STSTYPE_KEYPART_LIMIT = 28,
- XCP_STSTYPE_KEYPART_CERT = 29,
- XCP_STSTYPE_CERT_AUTH = 30,
- XCP_STSTYPE_STATE_SCOPE = 31,
- XCP_STSTYPE_MULTIIMPORT_MASK = 32,
- XCP_STSTYPE_CPS_MASK = 33,
- XCP_STSTYPE_CARD_QUERY_V1 = 34,
- XCP_STSTYPE_CARD_QUERY_V2 = 35,
- XCP_STSTYPE_CARD_EXTADM_SKIS = 36,
- XCP_STSTYPE_CARD_EXTADM_CERTS = 37,
- XCP_STSTYPE_DOM_EXTADM_SKIS = 38,
- XCP_STSTYPE_DOM_EXTADM_CERTS = 39,
- XCP_STSTYPE_MAX = XCP_STSTYPE_DOM_EXTADM_CERTS
-} XCP_StateSection_t;
-typedef enum {
- XCP_STALG_AES256_CBC = 1
-} XCP_StateEncrAlg_t;
-typedef enum {
- XCP_FILEID_SAVED_STATE = 1,
- XCP_FILEID_KEYPARTS = 2,
- XCP_FILEID_TESTDATA = 3,
- XCP_FILEID_EXPREQUEST = 4,
- XCP_FILEID_MAX = XCP_FILEID_EXPREQUEST
-} XCP_FileId_t;
-typedef enum {
- XCP_STDATA_DOMAIN = 1,
- XCP_STDATA_NONSENSITIVE = 2,
- XCP_STWK_KP_NO_CERT = 4,
- XCP_STWK_KP_NO_OA_CHAIN = 8,
- XCP_STDATA_NQS = 0x20,
- XCP_STDATA_QS = 0x40,
- XCP_STDATA_MAX = ((XCP_STDATA_QS *2) -1)
-} XCP_StateType_t;
-#define XCP_STSTYPE_TYPE_BYTES 2
-#define XCP_STSTYPE_TYPEID_BYTES 4
-#define XCP_EC_P192 "\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x01"
-#define XCP_EC_P192_BYTES 10
-#define XCP_EC_P224 "\x06\x05\x2b\x81\x04\x00\x21"
-#define XCP_EC_P224_BYTES 7
-#define XCP_EC_P256 "\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07"
-#define XCP_EC_P256_BYTES 10
-#define XCP_EC_P384 "\x06\x05\x2b\x81\x04\x00\x22"
-#define XCP_EC_P384_BYTES 7
-#define XCP_EC_P521 "\x06\x05\x2b\x81\x04\x00\x23"
-#define XCP_EC_P521_BYTES 7
-#define XCP_EC_P192_NAME "\x50\x2d\x31\x39\x32"
-#define XCP_EC_P192_NAME_BYTES 5
-#define XCP_EC_P224_NAME "\x50\x2d\x32\x32\x34"
-#define XCP_EC_P224_NAME_BYTES 5
-#define XCP_EC_P256_NAME "\x50\x2d\x32\x35\x36"
-#define XCP_EC_P256_NAME_BYTES 5
-#define XCP_EC_P384_NAME "\x50\x2d\x33\x38\x34"
-#define XCP_EC_P384_NAME_BYTES 5
-#define XCP_EC_P521_NAME "\x50\x2d\x35\x32\x31"
-#define XCP_EC_P521_NAME_BYTES 5
-#define XCP_EC_BP160R "\x06\x09\x2b\x24\x03\x03\x02\x08\x01\x01\x01"
-#define XCP_EC_BP160R_BYTES 11
-#define XCP_EC_BP160T "\x06\x09\x2b\x24\x03\x03\x02\x08\x01\x01\x02"
-#define XCP_EC_BP160T_BYTES 11
-#define XCP_EC_BP192R "\x06\x09\x2b\x24\x03\x03\x02\x08\x01\x01\x03"
-#define XCP_EC_BP192R_BYTES 11
-#define XCP_EC_BP192T "\x06\x09\x2b\x24\x03\x03\x02\x08\x01\x01\x04"
-#define XCP_EC_BP192T_BYTES 11
-#define XCP_EC_BP224R "\x06\x09\x2b\x24\x03\x03\x02\x08\x01\x01\x05"
-#define XCP_EC_BP224R_BYTES 11
-#define XCP_EC_BP224T "\x06\x09\x2b\x24\x03\x03\x02\x08\x01\x01\x06"
-#define XCP_EC_BP224T_BYTES 11
-#define XCP_EC_BP256R "\x06\x09\x2b\x24\x03\x03\x02\x08\x01\x01\x07"
-#define XCP_EC_BP256R_BYTES 11
-#define XCP_EC_BP256T "\x06\x09\x2b\x24\x03\x03\x02\x08\x01\x01\x08"
-#define XCP_EC_BP256T_BYTES 11
-#define XCP_EC_BP320R "\x06\x09\x2b\x24\x03\x03\x02\x08\x01\x01\x09"
-#define XCP_EC_BP320R_BYTES 11
-#define XCP_EC_BP320T "\x06\x09\x2b\x24\x03\x03\x02\x08\x01\x01\x0a"
-#define XCP_EC_BP320T_BYTES 11
-#define XCP_EC_BP384R "\x06\x09\x2b\x24\x03\x03\x02\x08\x01\x01\x0b"
-#define XCP_EC_BP384R_BYTES 11
-#define XCP_EC_BP384T "\x06\x09\x2b\x24\x03\x03\x02\x08\x01\x01\x0c"
-#define XCP_EC_BP384T_BYTES 11
-#define XCP_EC_BP512R "\x06\x09\x2b\x24\x03\x03\x02\x08\x01\x01\x0d"
-#define XCP_EC_BP512R_BYTES 11
-#define XCP_EC_BP512T "\x06\x09\x2b\x24\x03\x03\x02\x08\x01\x01\x0e"
-#define XCP_EC_BP512T_BYTES 11
-#define XCP_EC_BPOID_BYTES 11
-#define XCP_EC_BPOIDS 14
-#define XCP_EC_BP160R_NAME "\x42\x50\x2d\x31\x36\x30\x52"
-#define XCP_EC_BP160R_NAME_BYTES 7
-#define XCP_EC_BP160T_NAME "\x42\x50\x2d\x31\x36\x30\x54"
-#define XCP_EC_BP160T_NAME_BYTES 7
-#define XCP_EC_BP192R_NAME "\x42\x50\x2d\x31\x39\x32\x52"
-#define XCP_EC_BP192R_NAME_BYTES 7
-#define XCP_EC_BP192T_NAME "\x42\x50\x2d\x31\x39\x32\x54"
-#define XCP_EC_BP192T_NAME_BYTES 7
-#define XCP_EC_BP224R_NAME "\x42\x50\x2d\x32\x32\x34\x52"
-#define XCP_EC_BP224R_NAME_BYTES 7
-#define XCP_EC_BP224T_NAME "\x42\x50\x2d\x32\x32\x34\x54"
-#define XCP_EC_BP224T_NAME_BYTES 7
-#define XCP_EC_BP256R_NAME "\x42\x50\x2d\x32\x35\x36\x52"
-#define XCP_EC_BP256R_NAME_BYTES 7
-#define XCP_EC_BP256T_NAME "\x42\x50\x2d\x32\x35\x36\x54"
-#define XCP_EC_BP256T_NAME_BYTES 7
-#define XCP_EC_BP320R_NAME "\x42\x50\x2d\x33\x32\x30\x52"
-#define XCP_EC_BP320R_NAME_BYTES 7
-#define XCP_EC_BP320T_NAME "\x42\x50\x2d\x33\x32\x30\x54"
-#define XCP_EC_BP320T_NAME_BYTES 7
-#define XCP_EC_BP384R_NAME "\x42\x50\x2d\x33\x38\x34\x52"
-#define XCP_EC_BP384R_NAME_BYTES 7
-#define XCP_EC_BP384T_NAME "\x42\x50\x2d\x33\x38\x34\x54"
-#define XCP_EC_BP384T_NAME_BYTES 7
-#define XCP_EC_BP512R_NAME "\x42\x50\x2d\x35\x31\x32\x52"
-#define XCP_EC_BP512R_NAME_BYTES 7
-#define XCP_EC_BP512T_NAME "\x42\x50\x2d\x35\x31\x32\x54"
-#define XCP_EC_BP512T_NAME_BYTES 7
-#define XCP_EC_S256K1 "\x06\x05" "\x2b\x81\x04\x00\x0a"
-#define XCP_EC_S256K1_BYTES 7
-#define XCP_EC_S256K1_NAME "\x53\x45\x43\x50\x32\x35\x36\x4b\x31"
-#define XCP_EC_S256K1_NAME_BYTES 9
-#define XCP_EC_X25519 "\x06\x03\x2b\x65\x6e"
-#define XCP_EC_X25519_BYTES 5
-#define XCP_EC_X25519_NAME "\x63\x75\x72\x76\x65\x32\x35\x35\x31\x39"
-#define XCP_EC_X25519_NAME_BYTES 10
-#define XCP_EC_X448 "\x06\x03\x2b\x65\x6f"
-#define XCP_EC_X448_BYTES 5
-#define XCP_EC_X448_NAME "\x78\x34\x34\x38"
-#define XCP_EC_X448_NAME_BYTES 4
-#define XCP_EC_DSA25519 "\x06\x03\x2b\x65\x70"
-#define XCP_EC_DSA25519_BYTES 5
-#define XCP_EC_DSA25519_NAME "\x65\x64\x32\x35\x35\x31\x39"
-#define XCP_EC_DSA25519_NAME_BYTES 7
-#define XCP_EC_DSA448 "\x06\x03\x2b\x65\x71"
-#define XCP_EC_DSA448_BYTES 5
-#define XCP_EC_DSA448_NAME "\x65\x64\x34\x34\x38"
-#define XCP_EC_DSA448_NAME_BYTES 5
-#define XCP_EC_MAX_ID_BYTES 11
-typedef enum {
- XCP_EC_C_NIST_P192 = 1,
- XCP_EC_C_NIST_P224 = 2,
- XCP_EC_C_NIST_P256 = 3,
- XCP_EC_C_NIST_P384 = 4,
- XCP_EC_C_NIST_P521 = 5,
- XCP_EC_C_BP160R = 6,
- XCP_EC_C_BP160T = 7,
- XCP_EC_C_BP192R = 8,
- XCP_EC_C_BP192T = 9,
- XCP_EC_C_BP224R = 10,
- XCP_EC_C_BP224T = 11,
- XCP_EC_C_BP256R = 12,
- XCP_EC_C_BP256T = 13,
- XCP_EC_C_BP320R = 14,
- XCP_EC_C_BP320T = 15,
- XCP_EC_C_BP384R = 16,
- XCP_EC_C_BP384T = 17,
- XCP_EC_C_BP512R = 18,
- XCP_EC_C_BP512T = 19,
- XCP_EC_C_25519 = 20,
- XCP_EC_C_SECP256K1 = 23,
- XCP_EC_C_ED448 = 24,
- XCP_EC_C_448 = 25,
- XCP_EC_C_ED25519 = 26,
- XCP_EC_C_MAX = 27
-} XCP_ECcurve_t;
-typedef enum {
- XCP_EC_CG_NIST = 1,
- XCP_EC_CG_BPOOL = 2,
- XCP_EC_CG_C25519 = 3,
- XCP_EC_CG_SECP256K1 = 4,
- XCP_EC_CG_C448 = 6,
- XCP_EC_CG_MAX = XCP_EC_CG_C448
-} XCP_ECCurveGrp_t;
-#define XCP_PQC_DILITHIUM_R2_54 "\x6\xb\x2b\x6\x1\x4\x1\x2\x82\xb\x1\x5\x4"
-#define XCP_PQC_DILITHIUM_R2_54_BYTES 13
-#define XCP_PQC_DILITHIUM_R2_65 "\x6\xb\x2b\x6\x1\x4\x1\x2\x82\xb\x1\x6\x5"
-#define XCP_PQC_DILITHIUM_R2_65_BYTES 13
-#define XCP_PQC_DILITHIUM_R2_87 "\x6\xb\x2b\x6\x1\x4\x1\x2\x82\xb\x1\x8\x7"
-#define XCP_PQC_DILITHIUM_R2_87_BYTES 13
-#define XCP_PQC_DILITHIUM_R3_44 "\x6\xb\x2b\x6\x1\x4\x1\x2\x82\xb\x7\x4\x4"
-#define XCP_PQC_DILITHIUM_R3_44_BYTES 13
-#define XCP_PQC_DILITHIUM_R3_65 "\x6\xb\x2b\x6\x1\x4\x1\x2\x82\xb\x7\x6\x5"
-#define XCP_PQC_DILITHIUM_R3_65_BYTES 13
-#define XCP_PQC_DILITHIUM_R3_87 "\x6\xb\x2b\x6\x1\x4\x1\x2\x82\xb\x7\x8\x7"
-#define XCP_PQC_DILITHIUM_R3_87_BYTES 13
-#define XCP_PQC_KYBER_R2_512 "\x6\x9\x2B\x6\x1\x4\x1\x2\x82\xB\x5"
-#define XCP_PQC_KYBER_R2_512_BYTES 11
-#define XCP_PQC_KYBER_R2_768 "\x6\xB\x2B\x6\x1\x4\x1\x2\x82\xB\x5\x3\x3"
-#define XCP_PQC_KYBER_R2_768_BYTES 13
-#define XCP_PQC_KYBER_R2_1024 "\x6\xB\x2B\x6\x1\x4\x1\x2\x82\xB\x5\x4\x4"
-#define XCP_PQC_KYBER_R2_1024_BYTES 13
-typedef enum {
- XCP_PQC_S_DILITHIUM_R2_54 = 1,
- XCP_PQC_S_DILITHIUM_R2_65 = 2,
- XCP_PQC_S_DILITHIUM_R2_87 = 3,
- XCP_PQC_S_DILITHIUM_R3_44 = 4,
- XCP_PQC_S_DILITHIUM_R3_65 = 5,
- XCP_PQC_S_DILITHIUM_R3_87 = 6,
- XCP_PQC_S_KYBER_R2_512 = 7,
- XCP_PQC_S_KYBER_R2_768 = 8,
- XCP_PQC_S_KYBER_R2_1024 = 9,
- XCP_PQC_MAX = XCP_PQC_S_KYBER_R2_1024,
-} XCP_PQCStrength_t;
-#define XCP_VERS_QUERY_REQ 0x30,0x03,0x04,0x01,0x00
-#define XCP_VERS_QUERY_REQ_BYTES 5
-typedef enum {
- XCP_DEV_SET_WK = 1,
- XCP_DEV_SET_NEXT_WK = 2,
- XCP_DEV_AES_ENCR_CYCLE = 3,
- XCP_DEV_AES_DECR_CYCLE = 4,
- XCP_DEV_DES_ENCR_CYCLE = 5,
- XCP_DEV_DES_DECR_CYCLE = 6,
- XCP_DEV_ZEROIZE_CARD = 7,
- XCP_DEV_ZEROIZE_DOMAIN = 8,
- XCP_DEV_SET_DOMAIN_CPS = 9,
- XCP_DEV_SET_WK_RAW = 10,
- XCP_DEV_COMMIT_NEXT_WK = 11,
- XCP_DEVQ_ADMINLIST = 12,
- XCP_DEVQ_DOM_ADMINLIST = 13,
- XCP_DEV_SET_NEXT_WK_RAW = 14,
- XCP_DEV_FSMODE = 15,
- XCP_DEV_ADMSIGN = 16,
- XCP_DEV_FSWRITE = 17,
- XCP_DEV_DSA_PQG_GEN = 18,
- XCP_DEVQ_BLOBCONFIG = 19,
- XCP_DEV_RSA_X931_KEYGEN = 20,
- XCP_DEV_RNGSTATE = 21,
- XCP_DEV_RNG_SEED = 22,
- XCP_DEVQ_ENTROPY = 23,
- XCP_DEVQ_PERFMODE = 24,
- XCP_DEV_PERFMODE = 25,
- XCP_DEV_RSA_DECR_CYCLE = 26,
- XCP_DEV_RSACRT_DECR_CYCLE = 27,
- XCP_DEV_ECMUL_CYCLE = 28,
- XCP_DEV_PERFMARK = 29,
- XCP_DEVQ_PERF_LOCK = 30,
- XCP_DEVQ_PERF_WAKE = 31,
- XCP_DEVQ_PERF_SCALE = 32,
- XCP_DEV_CACHE_MODE = 33,
- XCP_DEVQ_CACHE_STATS = 34,
- XCP_DEV_DELAY = 35,
- XCP_DEV_COMPRESS = 36,
- XCP_DEV_XOR_FF = 37,
- XCP_DEV_PRF = 38,
- XCP_DEV_TRANSPORTSTATE1 = 39,
- XCP_DEVQ_CACHEINDEX = 40,
- XCP_DEVQ_CSP_OBJCOUNT = 41,
- XCP_DEV_CSPTYPE = 42,
- XCP_DEV_FCV = 43,
- XCP_DEV_CLEAR_FCV = 44,
- XCP_DEVQ_ASSERTIONS = 45,
- XCP_DEV_TEST_LATESTART = 46,
- XCP_DEV_ENVSEED = 47,
- XCP_DEVQ_RAWENTROPY = 48,
- XCP_DEV_EC_SIGVER_CYCLE = 49,
- XCP_DEV_DRAIN_ENTROPY = 50,
- XCP_DEV_CONV_EC_BLOB = 51,
- XCP_DEVQ_COUNTERS = 52,
- XCP_DEV_RSACRT_MSG_CYCLE = 53,
- XCP_DEV_AUDIT_CYCLE = 54,
- XCP_DEV_EDDSA = 55,
- XCP_DEV_ECDH = 56,
- XCP_DEV_PQC_DILITHIUM = 57,
- XCP_DEV_ABORT = 63,
- XCP_DEV_DRNG = 64,
- XCP_DEV_DRNG_RESEED = 65,
- XCP_DEV_FAULT_INJECT = 66,
- XCP_DEVQ_FAULTLIST = 67,
- XCP_DEV_FLIP_ERRORSTATE = 68,
- XCP_DEV_AESKW = 69,
- XCP_DEV_UNIT_TEST = 72,
- XCP_DEV_MAX_INDEX = XCP_DEV_UNIT_TEST
-} XCP_DEVcmd_t;
-#define XCP_DEV_MAX_DATABYTES ((size_t) 64000)
-#define XCP_DEV_MAX_ITERATIONS ((unsigned int) 128*1024)
-#define XCP_DEV_C25519 (unsigned int)255
-#define XCP_DEV_C448 (unsigned int)448
-#define XCP_DEV_ED25519 ~((unsigned int)255)
-#define XCP_DEV_ED448 ~((unsigned int)448)
-#define XCP_DEV_ED25519_2 ~((unsigned int)256)
-#define XCP_DEV_ED448_2 ~((unsigned int)456)
-#define XCP_DEV_AESKW_WRAP (unsigned int)1
-#define XCP_DEV_AESKW_UNWRAP (unsigned int)2
-#define XCP_DEV_AESKW_WRAP_PAD (unsigned int)3
-#define XCP_DEV_AESKW_UNWRAP_PAD (unsigned int)4
-typedef enum {
- XCP_DEVC_CACHE_ACTIVE = 1,
- XCP_DEVC_CACHE_INACTIVE = 2,
- XCP_DEVC_CACHE_FLUSH = 4,
-} XCP_DEVcache_t;
-typedef enum {
- XCP_DEV_RNG_TRNG = 0,
- XCP_DEV_RNG_DRNG = 1,
- XCP_DEV_RNG_MIXED = 2,
- XCP_DEV_RNG_SWDRNG = 4,
- XCP_DEV_RNG_TYPE_MAX = XCP_DEV_RNG_SWDRNG
-} XCP_DEVrng_t;
-typedef enum {
- XCP_DEVFS_QUERY = 0,
- XCP_DEVFS_READONLY = 1,
- XCP_DEVFS_NOACCESS = 2
-} XCP_DEVfs_t;
-#define XCP_DEV_CTR_SIZE 4
-#define XCP_DEV_CTR_TYPE uint32_t
-typedef enum {
- XCP_DEV_FAULT_EXPR = 1,
- XCP_DEV_FAULT_FUNC = 2,
- XCP_DEV_FAULT_MSLEEP = 4,
- XCP_DEV_FAULT_RV = 8,
- XCP_DEV_FAULT_DBIT = 16,
- XCP_DEV_FAULT_DNULL = 32,
- XCP_DEV_FAULT_RBIT = 64,
-} XCP_DEVfault_t;
-#if !defined(CKG_VENDOR_DEFINED)
-#define CKG_VENDOR_DEFINED 0x80000000UL
-#endif
-#define CKG_IBM_MGF1_SHA3_224 (CKG_VENDOR_DEFINED +1)
-#define CKG_IBM_MGF1_SHA3_256 (CKG_VENDOR_DEFINED +2)
-#define CKG_IBM_MGF1_SHA3_384 (CKG_VENDOR_DEFINED +3)
-#define CKG_IBM_MGF1_SHA3_512 (CKG_VENDOR_DEFINED +4)
-#if !defined(CKD_VENDOR_DEFINED)
-#define CKD_VENDOR_DEFINED 0x80000000UL
-#endif
-#define CKD_IBM_HYBRID_NULL (CKD_VENDOR_DEFINED + 0x00000001UL)
-#define CKD_IBM_HYBRID_SHA1_KDF (CKD_VENDOR_DEFINED + 0x00000002UL)
-#define CKD_IBM_HYBRID_SHA224_KDF (CKD_VENDOR_DEFINED + 0x00000003UL)
-#define CKD_IBM_HYBRID_SHA256_KDF (CKD_VENDOR_DEFINED + 0x00000004UL)
-#define CKD_IBM_HYBRID_SHA384_KDF (CKD_VENDOR_DEFINED + 0x00000005UL)
-#define CKD_IBM_HYBRID_SHA512_KDF (CKD_VENDOR_DEFINED + 0x00000006UL)
-#define XCP_MODEL_CEX4P 4
-#define XCP_MODEL_CEX5P 5
-#define XCP_MODEL_CEX6P 6
-#define XCP_MODEL_CEX7P 7
-#define XCP_MODEL_CEX8P 8
-#define XCP_MAX_GRPIDX 1024u
-#define XCPTGTMASK_SET_DOM(mask,domain) \
-                           ((mask)[((domain)/8)] |= (1 << (7-(domain)%8)))
-#define XCPTGTMASK_DOM_IS_SET(mask,domain) \
-                           ((mask)[((domain)/8)] & (1 << (7-(domain)%8)))
-#define XCPTGTMASK_CLR_DOM(mask,domain) \
-                           ((mask)[((domain)/8)] &= ~(1 << (7-(domain)%8)))
-#define XCP_TGTFL_WCAP 0x10000000
-#define XCP_TGTFL_WCAP_SQ 0x20000000
-#define XCP_TGTFL_SET_SCMD 0x40000000
-#define XCP_TGTFL_API_CHKD 0x80000000
-#define XCP_TGTFL_NO_LOCK 0x01000000
-#define XCP_TGTFL_CHK_ATTR 0x02000000
-#define XCP_TGTFL_SET_ACMD 0x04000000
-#define XCP_TGTFL_NO_SPLIT 0x08000000
-#define XCP_MAXCONNECTIONS 64
-#define XCP_MAX_PORT 0xffff
-typedef struct XCP_ModuleSocket {
- char host[ MAX_FNAME_CHARS +1 ];
- uint32_t port;
-} *XCP_ModuleSocket_t ;
-typedef struct XCP_DomainPerf {
- unsigned int lastperf[ 256 ];
-} *XCP_DomainPerf_t;
-#define XCP_MOD_VERSION 2
-typedef struct XCP_Module {
- uint32_t version;
- uint64_t flags;
- uint32_t domains;
- unsigned char domainmask[ 256 /8 ];
- struct XCP_ModuleSocket socket;
- uint32_t module_nr;
- void *mhandle;
- struct XCP_DomainPerf perf;
- uint32_t api;
-} *XCP_Module_t ;
-typedef enum {
- XCP_MFL_SOCKET = 1,
- XCP_MFL_MODULE = 2,
- XCP_MFL_MHANDLE = 4,
- XCP_MFL_PERF = 8,
- XCP_MFL_VIRTUAL = 0x10,
- XCP_MFL_STRICT = 0x20,
- XCP_MFL_PROBE = 0x40,
- XCP_MFL_ALW_TGT_ADD = 0x80,
- XCP_MFL_MAX = 0xff
-} XCP_Module_Flags;
-typedef uint64_t target_t;
-#define XCP_TGT_INIT ~0UL
-#define XCP_TGT_FMT "x%016" PRIx64
-int m_add_module(XCP_Module_t module, target_t *target) ;
-int m_rm_module(XCP_Module_t module, target_t target) ;
-CK_RV m_admin (unsigned char *response1, size_t *r1len,
-               unsigned char *response2, size_t *r2len,
-         const unsigned char *cmd, size_t clen,
-         const unsigned char *sigs, size_t slen,
-                         target_t target) ;
-CK_RV m_Login ( CK_UTF8CHAR_PTR pin, CK_ULONG pinlen,
-            const unsigned char *nonce, size_t nlen,
-                  unsigned char *pinblob, size_t *pinbloblen,
-                       target_t target) ;
-CK_RV m_Logout ( const unsigned char *pin, size_t len, target_t target) ;
-CK_RV m_LoginExtended( CK_UTF8CHAR_PTR pin, CK_ULONG pinlen,
-                   const unsigned char *nonce, size_t nlen,
-                   const unsigned char *xstruct, size_t xslen,
-                         unsigned char *pinblob, size_t *pinbloblen,
-                              target_t target) ;
-CK_RV m_LogoutExtended( CK_UTF8CHAR_PTR pin, CK_ULONG pinlen,
-                    const unsigned char *nonce, size_t nlen,
-                    const unsigned char *xstruct, size_t xslen,
-                               target_t target) ;
-CK_RV m_GenerateRandom (CK_BYTE_PTR rnd, CK_ULONG len, target_t target) ;
-CK_RV m_SeedRandom (CK_BYTE_PTR pSeed, CK_ULONG ulSeedLen,
-                       target_t target) ;
-CK_RV m_DigestInit (unsigned char *state, size_t *len,
-               const CK_MECHANISM_PTR pmech,
-                             target_t target) ;
-CK_RV m_Digest (const unsigned char *state, size_t slen,
-                        CK_BYTE_PTR data, CK_ULONG len,
-                        CK_BYTE_PTR digest, CK_ULONG_PTR dglen,
-                           target_t target) ;
-CK_RV m_DigestUpdate (unsigned char *state, size_t slen,
-                        CK_BYTE_PTR data, CK_ULONG dlen,
-                           target_t target) ;
-CK_RV m_DigestKey (unsigned char *state, size_t slen,
-                const unsigned char *key, size_t klen,
-                           target_t target) ;
-CK_RV m_DigestFinal (const unsigned char *state, size_t slen,
-                              CK_BYTE_PTR digest, CK_ULONG_PTR dlen,
-                                 target_t target) ;
-CK_RV m_DigestSingle (CK_MECHANISM_PTR pmech,
-                           CK_BYTE_PTR data, CK_ULONG len,
-                           CK_BYTE_PTR digest, CK_ULONG_PTR dlen,
-                              target_t target) ;
-CK_RV m_GenerateKey (CK_MECHANISM_PTR pmech,
-                     CK_ATTRIBUTE_PTR ptempl, CK_ULONG templcount,
-                  const unsigned char *pin, size_t pinlen,
-                        unsigned char *key, size_t *klen,
-                        unsigned char *csum, size_t *clen,
-                             target_t target) ;
-CK_RV m_GenerateKeyPair (CK_MECHANISM_PTR pmech,
-                         CK_ATTRIBUTE_PTR ppublic, CK_ULONG pubattrs,
-                         CK_ATTRIBUTE_PTR pprivate, CK_ULONG prvattrs,
-                      const unsigned char *pin, size_t pinlen,
-                            unsigned char *key, size_t *klen,
-                            unsigned char *pubkey, size_t *pklen,
-                                 target_t target) ;
-CK_RV m_WrapKey (const unsigned char *key, size_t keylen,
-                 const unsigned char *kek, size_t keklen,
-                 const unsigned char *mackey, size_t mklen,
-              const CK_MECHANISM_PTR pmech,
-                         CK_BYTE_PTR wrapped, CK_ULONG_PTR wlen,
-                            target_t target) ;
-CK_RV m_UnwrapKey (const CK_BYTE_PTR wrapped, CK_ULONG wlen,
-                   const unsigned char *kek, size_t keklen,
-                   const unsigned char *mackey, size_t mklen,
-                   const unsigned char *pin, size_t pinlen,
-                const CK_MECHANISM_PTR uwmech,
-                const CK_ATTRIBUTE_PTR ptempl, CK_ULONG pcount,
-                         unsigned char *unwrapped, size_t *uwlen,
-                           CK_BYTE_PTR csum, CK_ULONG *cslen,
-                              target_t target) ;
-CK_RV m_DeriveKey ( CK_MECHANISM_PTR pderivemech,
-                    CK_ATTRIBUTE_PTR ptempl, CK_ULONG templcount,
-                 const unsigned char *basekey, size_t bklen,
-                 const unsigned char *data, size_t dlen,
-                 const unsigned char *pin, size_t pinlen,
-                       unsigned char *newkey, size_t *nklen,
-                       unsigned char *csum, size_t *cslen,
-                       target_t target) ;
-CK_RV m_GetAttributeValue (const unsigned char *obj, size_t olen,
-                              CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
-                                      target_t target) ;
-CK_RV m_SetAttributeValue (unsigned char *obj, size_t olen,
-                              CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
-                                      target_t target) ;
-CK_RV m_GetMechanismList (CK_SLOT_ID slot,
-               CK_MECHANISM_TYPE_PTR mechs,
-                        CK_ULONG_PTR count,
-                            target_t target) ;
-CK_RV m_GetMechanismInfo (CK_SLOT_ID slot,
-                   CK_MECHANISM_TYPE mech,
-               CK_MECHANISM_INFO_PTR pmechinfo,
-                            target_t target) ;
-CK_RV m_get_xcp_info (CK_VOID_PTR pinfo, CK_ULONG_PTR infbytes,
-                     unsigned int query,
-                     unsigned int subquery,
-                         target_t target) ;
-CK_RV m_EncryptInit (unsigned char *state, size_t *slen,
-                         CK_MECHANISM_PTR pmech,
-                      const unsigned char *key, size_t klen,
-                                 target_t target) ;
-CK_RV m_DecryptInit (unsigned char *state, size_t *slen,
-                         CK_MECHANISM_PTR pmech,
-                      const unsigned char *key, size_t klen,
-                                 target_t target) ;
-CK_RV m_EncryptUpdate (unsigned char *state, size_t slen,
-                              CK_BYTE_PTR plain, CK_ULONG plen,
-                              CK_BYTE_PTR cipher, CK_ULONG_PTR clen,
-                                 target_t target) ;
-CK_RV m_DecryptUpdate (unsigned char *state, size_t slen,
-                              CK_BYTE_PTR cipher, CK_ULONG clen,
-                              CK_BYTE_PTR plain, CK_ULONG_PTR plen,
-                                 target_t target) ;
-CK_RV m_Encrypt (const unsigned char *state, size_t slen,
-                               CK_BYTE_PTR plain, CK_ULONG plen,
-                               CK_BYTE_PTR cipher, CK_ULONG_PTR clen,
-                                  target_t target) ;
-CK_RV m_Decrypt (const unsigned char *state, size_t slen,
-                               CK_BYTE_PTR cipher, CK_ULONG clen,
-                               CK_BYTE_PTR plain, CK_ULONG_PTR plen,
-                                  target_t target) ;
-CK_RV m_EncryptFinal (const unsigned char *state, size_t slen,
-                               CK_BYTE_PTR output, CK_ULONG_PTR len,
-                                  target_t target) ;
-CK_RV m_DecryptFinal (const unsigned char *state, size_t slen,
-                               CK_BYTE_PTR output, CK_ULONG_PTR len,
-                                  target_t target) ;
-CK_RV m_EncryptSingle (const unsigned char *key, size_t klen,
-                          CK_MECHANISM_PTR mech,
-                               CK_BYTE_PTR plain, CK_ULONG plen,
-                               CK_BYTE_PTR cipher, CK_ULONG_PTR clen,
-                                  target_t target) ;
-CK_RV m_DecryptSingle (const unsigned char *key, size_t klen,
-                          CK_MECHANISM_PTR mech,
-                               CK_BYTE_PTR cipher, CK_ULONG clen,
-                               CK_BYTE_PTR plain, CK_ULONG_PTR plen,
-                                  target_t target) ;
-CK_RV m_SignInit (unsigned char *state, size_t *slen,
-                   CK_MECHANISM_PTR alg,
-                const unsigned char *key, size_t klen,
-                           target_t target) ;
-CK_RV m_VerifyInit (unsigned char *state, size_t *slen,
-                   CK_MECHANISM_PTR alg,
-                const unsigned char *key, size_t klen,
-                           target_t target) ;
-CK_RV m_SignUpdate (unsigned char *state, size_t slen,
-                        CK_BYTE_PTR data, CK_ULONG dlen,
-                           target_t target) ;
-CK_RV m_VerifyUpdate (unsigned char *state, size_t slen,
-                        CK_BYTE_PTR data, CK_ULONG dlen,
-                           target_t target) ;
-CK_RV m_SignFinal (const unsigned char *state, size_t stlen,
-                              CK_BYTE_PTR sig, CK_ULONG_PTR siglen,
-                                 target_t target) ;
-CK_RV m_VerifyFinal (const unsigned char *state, size_t stlen,
-                              CK_BYTE_PTR sig, CK_ULONG siglen,
-                                 target_t target) ;
-CK_RV m_Sign (const unsigned char *state, size_t stlen,
-                        CK_BYTE_PTR data, CK_ULONG dlen,
-                        CK_BYTE_PTR sig, CK_ULONG_PTR siglen,
-                           target_t target) ;
-CK_RV m_Verify (const unsigned char *state, size_t stlen,
-                        CK_BYTE_PTR data, CK_ULONG dlen,
-                        CK_BYTE_PTR sig, CK_ULONG siglen,
-                           target_t target) ;
-CK_RV m_SignSingle (const unsigned char *key, size_t klen,
-                         CK_MECHANISM_PTR pmech,
-                              CK_BYTE_PTR data, CK_ULONG dlen,
-                              CK_BYTE_PTR sig, CK_ULONG_PTR slen,
-                                 target_t target) ;
-CK_RV m_VerifySingle (const unsigned char *key, size_t klen,
-                         CK_MECHANISM_PTR pmech,
-                              CK_BYTE_PTR data, CK_ULONG dlen,
-                              CK_BYTE_PTR sig, CK_ULONG slen,
-                                 target_t target) ;
-#define XCP_CHN_RETURN_RAW 1
-#define XCP_CHN_HIGH_PRIORITY 2
-#define XCP_CHN_MEDIUM_PRIORITY 4
-#define XCP_CHN_NODEV_LOG_SKIP 8
-#define XCP_CHN_PARSE_IRV 0x10
-CK_RV m_wire (unsigned char *rsp, size_t *rsplen, CK_RV *irv,
-        const unsigned char *req, size_t reqlen,
-               unsigned int flags,
-                   target_t target) ;
-#define XCP_W_NO_SEND_CPRB 1
-#define XCP_W_NO_RECV_CPRB 2
-int m_init(void);
-int m_shutdown(void);
-#define XCP_BUILD_ID 0x4801b799
-#define XCP_BUILD_DATE 0x20230120
-#define XCP_BUILD_TIME 0x135721
-#define __XCP_REASONCODES_H__ 1
-typedef enum {
- XCP_RSC_NO_IMPORTER = 1,
- XCP_RSC_NO_KEYPARTS = 2,
- XCP_RSC_IMPR_CMDBLK_BER = 3,
- XCP_RSC_IMPR_CMDBLK_FIELDS = 4,
- XCP_RSC_IMPR_CMDBLK_FIELDCOUNT = 5,
- XCP_RSC_IMPR_EMBEDDED_FN = 6,
- XCP_RSC_IMPR_DOMAIN_DIFF = 7,
- XCP_RSC_IMPR_NO_INT_CMDBLK = 8,
- XCP_RSC_IMPR_NO_INT_SIGNATURE = 9,
- XCP_RSC_IMPR_BAD_CMDBLK_BER = 10,
- XCP_RSC_CMD_EMBEDDED_FN = 11,
- XCP_RSC_CMD_DOMAIN_RANGE = 12,
- XCP_RSC_DOMAIN_INST_FMT = 13,
- XCP_RSC_DOMAIN_INST_MISMATCH = 14,
- XCP_RSC_MODULE_INST_FMT = 15,
- XCP_RSC_MODULE_INST_MISMATCH = 16,
- XCP_RSC_MODULE_SERNO_MISMATCH = 17,
- XCP_RSC_TCTR_FMT = 18,
- XCP_RSC_TCTR_VALUE = 19,
- XCP_RSC_DOMAIN_INST_DIFF = 20,
- XCP_RSC_SIGS_INSUFFICIENT = 21,
- XCP_RSC_SIGS_REJECTED = 22,
- XCP_RSC_RCPTINFO_FMT = 23,
- XCP_RSC_RCPTINFO_ENCRD_SIZE = 24,
- XCP_RSC_RCPTINFO_ECDH_SRC = 25,
- XCP_RSC_RCPTINFO_KDF_SHARED = 26,
- XCP_RSC_RCPTINFO_KDF = 27,
- XCP_RSC_RCPTINFO_KEY_SIZE = 28,
- XCP_RSC_RCPTINFO_KEY_MIXMODE = 29,
- XCP_RSC_RCPTINFO_KEY_VPS_DIFF = 30,
- XCP_RSC_RCPTINFO_KEY_VPS_MISMATCH = 31,
- XCP_RSC_SKI_MALFORMED = 32,
- XCP_RSC_SKI_NOT_FOUND = 33,
- XCP_RSC_MODE_IMPRINT = 34,
- XCP_RSC_MODE_NONIMPRINT = 35,
- XCP_RSC_IMPRINT_EXIT_INVD = 36,
- XCP_RSC_CP_MODE_SET = 37,
- XCP_RSC_SKI_FOUND = 38,
- XCP_RSC_ADMINLIST_FULL = 39,
- XCP_RSC_CERT_FMT = 40,
- XCP_RSC_ATTRS_FMT = 41,
- XCP_RSC_ATTRS_TYPE_INVALID = 42,
- XCP_RSC_ATTRS_REPEAT = 43,
- XCP_RSC_CPS_FMT = 44,
- XCP_RSC_CPS_SET_INCONSISTENT = 45,
- XCP_RSC_CPS_PREVENT_ADD = 46,
- XCP_RSC_CPS_PREVENT_DEL = 47,
- XCP_RSC_WK_MISMATCH = 48,
- XCP_RSC_WK_MISSING = 49,
- XCP_RSC_NEXT_WK_MISSING = 50,
- XCP_RSC_EC_IMPORT_SYMM = 51,
- XCP_RSC_RANDOM_WK_PROHIBITED = 52,
- XCP_RSC_WKS_PRESENT = 53,
- XCP_RSC_IMPR_FIELD_SIZE = 54,
- XCP_RSC_IMPORTER_INVD_TYPE = 55,
- XCP_RSC_IMPR_REVOKE_ZERO = 56,
- XCP_RSC_IMPR_TOOMANY_SIGNERS = 57,
- XCP_RSC_IMPR_TOOMANY_REVOKERS = 58,
- XCP_RSC_OAIDX_FIELD_SIZE = 59,
- XCP_RSC_OAIDX_INVALID = 60,
- XCP_RSC_FCV_NOT_PRESENT = 61,
- XCP_RSC_FCV_FMT = 62,
- XCP_RSC_FCV_DIFFERS = 63,
- XCP_RSC_COMMITTED_WK_MISSING = 64,
- XCP_RSC_IMPR_EMBEDDED_FN_FMT = 65,
- XCP_RSC_LOGOUT_BELOW_THRESHOLD = 66,
- XCP_RSC_LOGOUT_NO_SINGLE_SIGN = 67,
- XCP_RSC_LOGOUT_LAST_ADMIN = 68,
- XCP_RSC_REACTIVATE_RO_ATTRS = 69,
- XCP_RSC_CHG_PROTECTED_ATTRS = 70,
- XCP_RSC_CHG_PROTECTED_THRESHOLD = 71,
- XCP_RSC_CHG_READONLY_ATTRS = 72,
- XCP_RSC_INACTIVE_CHG_ATTRS = 73,
- XCP_RSC_CHG_ATTRS_PREVENTED = 74,
- XCP_RSC_IMPR_MANY_KEYPARTS = 75,
- XCP_RSC_LOWERING_SIGNERS_TO_ZERO = 76,
- XCP_RSC_LOWERING_REVOKERS_TO_ZERO = 77,
- XCP_RSC_CHG_SIGNERS_TO_ONE_NO_1SIGN = 78,
- XCP_RSC_CHG_REVOKERS_TO_ONE_NO_1SIGN = 79,
- XCP_RSC_IMPORT_WK_PROHIBITED = 80,
- XCP_RSC_IMPR_SINGLE_KEYPART = 81,
- XCP_RSC_IMPR_CSP = 82,
- XCP_RSC_QUERY_DMASK_VERSION = 83,
- XCP_RSC_QUERY_DMASK_FMT = 84,
- XCP_RSC_LEAVE_DOM_IMPR_CARD_STILL = 85,
- XCP_RSC_BLOB_REENCRYPT_REJECT = 86,
- XCP_RSC_TOO_MANY_SIGNERINFOS = 87,
- XCP_RSC_NO_GLOBAL_CONTEXT = 88,
- XCP_RSC_ATTRS_TOO_MANY = 89,
- XCP_RSC_CP_SET_INVALID = 90,
- XCP_RSC_RK_IDLEN_INVALID = 91,
- XCP_RSC_RK_ID_INVALID = 92,
- XCP_RSC_FILEID_UNKNOWN = 93,
- XCP_RSC_FILEID_UNSUPPORTED = 94,
- XCP_RSC_CPS_REJECTED_FCV = 95,
- XCP_RSC_EXPR_KEYPART_LIMIT = 96,
- XCP_RSC_EXPR_KEYPART_ZEROLIMIT = 97,
- XCP_RSC_EXPR_KEYPART_DIFF_LIMIT = 98,
- XCP_RSC_EXPR_KEYPART_DIFF_COUNT = 99,
- XCP_RSC_EXPR_DOMMASK_DIFF = 100,
- XCP_RSC_EXPR_INDEX_INVALID = 101,
- XCP_RSC_EXPR_CERT_INVALID = 102,
- XCP_RSC_IMPR_STATE_STRUCT = 103,
- XCP_RSC_EXPR_AUTHCERT_INVALID = 104,
- XCP_RSC_IMPR_KEYPARTS_STRUCT = 105,
- XCP_RSC_IMPR_STATE_REPEAT = 106,
- XCP_RSC_IMPR_ENCR_ALG = 107,
- XCP_RSC_IMPR_FILESIG_INFRASTRUCTURE = 108,
- XCP_RSC_IMPR_FILESIG = 109,
- XCP_RSC_EXPR_SINGLE_KEYPART = 110,
- XCP_RSC_IMPR_KEYPARTS_REASSEMBLY = 111,
- XCP_RSC_IMPR_KEYPARTS_CONFLICT = 112,
- XCP_RSC_IMPR_ENCRD_DATA_DIFF = 113,
- XCP_RSC_IMPR_ENCRD_DATA_STRUCT = 114,
- XCP_RSC_IMPR_ENCR_PARAMS = 115,
- XCP_RSC_IMPR_ENCRD_CONSISTENCY = 116,
- XCP_RSC_BLOB_SETTRUST_REJECT = 117,
- XCP_RSC_BLOB_SETCLK_FIELD = 118,
- XCP_RSC_BLOB_SETCLK_TIME = 119,
- XCP_RSC_EXPR_SCOPE_INVALID = 120,
- XCP_RSC_IMPR_SCOPE_INVALID = 121,
- XCP_RSC_IMPR_SCOPE_DOM_RES_VIOLATION = 122,
- XCP_RSC_IMPR_AMBIGUOUS_DOMAIN_SOURCE = 123,
- XCP_RSC_IMPR_MDOMAIN_IMPORT_MASK_INVALID = 124,
- XCP_RSC_IMPR_NO_CARD_IMPORTER = 125,
- XCP_RSC_IMPR_IMPORT_DOM_DATA_FAILED = 126,
- XCP_RSC_IMPR_IMPORT_DOM_WKS_FAILED = 127,
- XCP_RSC_IMPR_IMPORT_TGT_DOM_ZEROIZE_FAILED = 128,
- XCP_RSC_AUDIT_QUERY_PAYLOAD_SIZE = 129,
- XCP_RSC_AUDIT_QUERY_INVALID_INDEX = 130,
- XCP_RSC_EXPORT_WK_PROHIBITED = 131,
- XCP_RSC_EXPORT_STATE_PROHIBITED = 132,
- XCP_RSC_IMPORT_STATE_PROHIBITED = 133,
- XCP_RSC_EXPORT_WK_UNAUTHORIZED = 134,
- XCP_RSC_OA_SIG_POLICY_VIOLATION = 135,
- XCP_RSC_OA_SIG_NOT_SUPPORTED = 136,
- XCP_RSC_ASN_FMT_INVALID = 137,
- XCP_RSC_CERT_TYPE_INVALID = 138,
- XCP_RSC_ROLE_ID_INVALID = 139,
- XCP_RSC_ADM_SIG_POLICY_VIOLATION = 140,
- XCP_RSC_KEY_STRENGTH_POLICY_VIOLATION = 141,
- XCP_RSC_ADM_SIG_CHANGE_PROHIBITED = 142,
- XCP_RSC_KEY_STRENGTH_CHANGE_PROHIBITED = 143,
- XCP_RSC_MAX = XCP_RSC_KEY_STRENGTH_CHANGE_PROHIBITED
-} XCP_ReasonCode_t ;
-#define __MIN_MOD_FNID 1
-#define __MAX_MOD_FNID 42
-#define __FNID_Login 1
-#define __FNID_Logout 2
-#define __FNID_SeedRandom 3
-#define __FNID_GenerateRandom 4
-#define __FNID_DigestInit 5
-#define __FNID_DigestUpdate 6
-#define __FNID_DigestKey 7
-#define __FNID_DigestFinal 8
-#define __FNID_Digest 9
-#define __FNID_DigestSingle 10
-#define __FNID_EncryptInit 11
-#define __FNID_DecryptInit 12
-#define __FNID_EncryptUpdate 13
-#define __FNID_DecryptUpdate 14
-#define __FNID_EncryptFinal 15
-#define __FNID_DecryptFinal 16
-#define __FNID_Encrypt 17
-#define __FNID_Decrypt 18
-#define __FNID_EncryptSingle 19
-#define __FNID_DecryptSingle 20
-#define __FNID_GenerateKey 21
-#define __FNID_GenerateKeyPair 22
-#define __FNID_SignInit 23
-#define __FNID_SignUpdate 24
-#define __FNID_SignFinal 25
-#define __FNID_Sign 26
-#define __FNID_VerifyInit 27
-#define __FNID_VerifyUpdate 28
-#define __FNID_VerifyFinal 29
-#define __FNID_Verify 30
-#define __FNID_SignSingle 31
-#define __FNID_VerifySingle 32
-#define __FNID_WrapKey 33
-#define __FNID_UnwrapKey 34
-#define __FNID_DeriveKey 35
-#define __FNID_GetMechanismList 36
-#define __FNID_GetMechanismInfo 37
-#define __FNID_get_xcp_info 38
-#define __FNID_GetAttributeValue 39
-#define __FNID_SetAttributeValue 40
-#define __FNID_admin 41
-#define __FNID_ReencryptSingle 42
-#define __FNID_NEXT_AVAILABLE 43
-#define __FNID_MAX __FNID_ReencryptSingle
-#define XCP__FNIDS_BIT0 0x8000000000000000ULL
-#define XCP__FNIDS_DW0 \
-       ( (XCP__FNIDS_BIT0) |\
-         (XCP__FNIDS_BIT0 >> __FNID_Login) |\
-         (XCP__FNIDS_BIT0 >> __FNID_Logout) |\
-         (XCP__FNIDS_BIT0 >> __FNID_SeedRandom) |\
-         (XCP__FNIDS_BIT0 >> __FNID_GenerateRandom) |\
-         (XCP__FNIDS_BIT0 >> __FNID_DigestInit) |\
-         (XCP__FNIDS_BIT0 >> __FNID_DigestUpdate) |\
-                                                   \
-         (XCP__FNIDS_BIT0 >> __FNID_DigestFinal) |\
-         (XCP__FNIDS_BIT0 >> __FNID_Digest) |\
-         (XCP__FNIDS_BIT0 >> __FNID_DigestSingle) |\
-         (XCP__FNIDS_BIT0 >> __FNID_EncryptInit) |\
-         (XCP__FNIDS_BIT0 >> __FNID_DecryptInit) |\
-         (XCP__FNIDS_BIT0 >> __FNID_EncryptUpdate) |\
-         (XCP__FNIDS_BIT0 >> __FNID_DecryptUpdate) |\
-         (XCP__FNIDS_BIT0 >> __FNID_EncryptFinal) |\
-         (XCP__FNIDS_BIT0 >> __FNID_DecryptFinal) |\
-         (XCP__FNIDS_BIT0 >> __FNID_Encrypt) |\
-         (XCP__FNIDS_BIT0 >> __FNID_Decrypt) |\
-         (XCP__FNIDS_BIT0 >> __FNID_EncryptSingle) |\
-         (XCP__FNIDS_BIT0 >> __FNID_DecryptSingle) |\
-         (XCP__FNIDS_BIT0 >> __FNID_GenerateKey) |\
-         (XCP__FNIDS_BIT0 >> __FNID_GenerateKeyPair) |\
-         (XCP__FNIDS_BIT0 >> __FNID_SignInit) |\
-         (XCP__FNIDS_BIT0 >> __FNID_SignUpdate) |\
-         (XCP__FNIDS_BIT0 >> __FNID_SignFinal) |\
-         (XCP__FNIDS_BIT0 >> __FNID_Sign) |\
-         (XCP__FNIDS_BIT0 >> __FNID_VerifyInit) |\
-         (XCP__FNIDS_BIT0 >> __FNID_VerifyUpdate) |\
-         (XCP__FNIDS_BIT0 >> __FNID_VerifyFinal) |\
-         (XCP__FNIDS_BIT0 >> __FNID_Verify) |\
-         (XCP__FNIDS_BIT0 >> __FNID_SignSingle) |\
-         (XCP__FNIDS_BIT0 >> __FNID_VerifySingle) |\
-         (XCP__FNIDS_BIT0 >> __FNID_WrapKey) |\
-         (XCP__FNIDS_BIT0 >> __FNID_UnwrapKey) |\
-         (XCP__FNIDS_BIT0 >> __FNID_DeriveKey) |\
-         (XCP__FNIDS_BIT0 >> __FNID_GetMechanismList) |\
-         (XCP__FNIDS_BIT0 >> __FNID_GetMechanismInfo) |\
-         (XCP__FNIDS_BIT0 >> __FNID_get_xcp_info) |\
-         (XCP__FNIDS_BIT0 >> __FNID_GetAttributeValue) |\
-         (XCP__FNIDS_BIT0 >> __FNID_SetAttributeValue) |\
-         (XCP__FNIDS_BIT0 >> __FNID_admin) |\
-         (XCP__FNIDS_BIT0 >> __FNID_ReencryptSingle))
-#define XCP__FNIDS_DW1 0
-#define __HOST2MOD_DATAPRM 9
-#define __MOD2HOST_DATAPRM 2
-#endif
\ No newline at end of file
diff --git a/hpcs-pkcs11/samples/grep11.h b/hpcs-pkcs11/samples/grep11.h
deleted file mode 100644
index 202ce87e9..000000000
--- a/hpcs-pkcs11/samples/grep11.h
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
-Copyright IBM Corp. All Rights Reserved.
-SPDX-License-Identifier: Apache-2.0
-*/
-
-#ifndef _GREP11_H_
-#define _GREP11_H_ 1
-
-#if !defined(CKR_VENDOR_DEFINED)
-#error "We need CKR_VENDOR_DEFINED type from <pkcs11.h>, please include before this file."
-#endif
-
-#define CKR_VENDOR_DEFINED_GREP11        CKR_VENDOR_DEFINED + 0x40000
-#define CKR_IBM_GREP11_NOT_AUTHENTICATED CKR_VENDOR_DEFINED_GREP11 + 0x01
-#define CKR_IBM_GREP11_CANNOT_UNMARSHAL  CKR_VENDOR_DEFINED_GREP11 + 0x02
-#define CKR_IBM_GREP11_CANNOT_MARSHAL    CKR_VENDOR_DEFINED_GREP11 + 0x03
-#define CKR_IBM_GREP11_CONFLICT          CKR_VENDOR_DEFINED_GREP11 + 0x04
-#define CKR_IBM_GREP11_DBINTERNAL        CKR_VENDOR_DEFINED_GREP11 + 0x05
-#define CKR_IBM_GREP11_MISSING           CKR_VENDOR_DEFINED_GREP11 + 0x06
-
-#define CKA_VENDOR_DEFINED_GREP11        CKA_VENDOR_DEFINED + 0x40000
-#define CKA_GREP11_TOKEN_LABEL           CKA_VENDOR_DEFINED_GREP11 + 0x01
-#define CKA_GREP11_WKID                  CKA_VENDOR_DEFINED_GREP11 + 0x02
-#define CKA_GREP11_KEYSTORE_PASSWORD     CKA_VENDOR_DEFINED_GREP11 + 0x03
-#endif
diff --git a/hpcs-pkcs11/samples/pkcs11-attrs.c b/hpcs-pkcs11/samples/pkcs11-attrs.c
deleted file mode 100644
index 6fc299c75..000000000
--- a/hpcs-pkcs11/samples/pkcs11-attrs.c
+++ /dev/null
@@ -1,872 +0,0 @@
- /****************************************************************
- * Copyright IBM Corp. All Rights Reserved.
- *
- * SPDX-License-Identifier: Apache-2.0
- *
- * pkcs11-attrs.c
- *
- * A sample application demonstrating how to extract and display key attributes using the PKCS11 library
- * 
- * Compile using:
- * gcc -o pkcs11-attrs pkcs11-attrs.c -ldl
- * 
- * Usage:
- * ./pkcs11-attrs -p <path to pkcs11 library> -s <SO user API key> -u <normal user API key> -l <label> -m [generate|load]
- * Ensure that the grep11client.yaml PKCS11 configuration file is in the /etc/ep11client directory. You may
- * need to create the /etc/ep11client directory, if it does not exist.
- *
- * Please refer to https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-set-up-pkcs-api
- * for more information about the setup of the PKCS11 library and its configuration file.
- * 
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <getopt.h>
-#include <ctype.h>
-#include <memory.h>
-#include <dlfcn.h>
-#include <sys/timeb.h>
-#include "sample.h"
-
-typedef enum {
-    ATTR_INVALID = 0,
-    ATTR_BYTEARRAY = 1,
-    ATTR_INTEGER = 2,
-    ATTR_BOOL = 3,
-}AttrGRPCType;
-
-typedef struct {
-    CK_ATTRIBUTE_TYPE typeId;
-    AttrGRPCType grpcType;
-}AttrIDType;
-
-AttrIDType attrToType[] = {
-        {CKA_CLASS,                      ATTR_INTEGER},   // CK_OBJECT_CLASS,
-        {CKA_TOKEN,                      ATTR_BOOL},      // CK_BBOOL,
-        {CKA_PRIVATE,                    ATTR_BOOL},      // CK_BBOOL,
-        {CKA_LABEL,                      ATTR_BYTEARRAY}, // CK_BYTEARRAY,
-
-        // future
-        // {CKA_VALUE,                      ATTR_BYTEARRAY}, // CK_BYTEARRAY,
-
-        {CKA_TRUSTED,                    ATTR_BOOL},      // CK_BBOOL,
-        {CKA_CHECK_VALUE,                ATTR_BYTEARRAY}, // CK_BYTEARRAY,
-        {CKA_KEY_TYPE,                   ATTR_INTEGER},   // CK_KEY_TYPE,
-        {CKA_SUBJECT,                    ATTR_BYTEARRAY}, // CK_BYTEARRAY,
-        {CKA_ID,                         ATTR_BYTEARRAY}, // CK_BYTEARRAY,
-
-        {CKA_ENCRYPT,                    ATTR_BOOL},      // CK_BBOOL,
-        {CKA_DECRYPT,                    ATTR_BOOL},      // CK_BBOOL,
-        {CKA_WRAP,                       ATTR_BOOL},      // CK_BBOOL,
-        {CKA_UNWRAP,                     ATTR_BOOL},      // CK_BBOOL,
-        {CKA_SIGN,                       ATTR_BOOL},      // CK_BBOOL,
-        {CKA_VERIFY,                     ATTR_BOOL},      // CK_BBOOL,
-        {CKA_DERIVE,                     ATTR_BOOL},      // CK_BBOOL,
-        {CKA_MODULUS,                    ATTR_BYTEARRAY}, // CK_BIGINTEGER,
-        {CKA_MODULUS_BITS,               ATTR_INTEGER},   // CK_ULONG,
-        {CKA_PUBLIC_EXPONENT,            ATTR_BYTEARRAY}, // CK_BIGINTEGER,
-
-        // future
-        // {CKA_PRIME,                      ATTR_BYTEARRAY}, // CK_BIGINTEGER,
-        // {CKA_SUBPRIME,                   ATTR_BYTEARRAY}, // CK_BIGINTEGER,
-        // {CKA_BASE,                       ATTR_BYTEARRAY}, // CK_BIGINTEGER,
-        // {CKA_PRIME_BITS,                 ATTR_INTEGER},   // CK_ULONG,
-
-        {CKA_VALUE_LEN,                  ATTR_INTEGER},   // CK_ULONG,
-        {CKA_EXTRACTABLE,                ATTR_BOOL},      // CK_BBOOL,
-        {CKA_LOCAL,                      ATTR_BOOL},      // CK_BBOOL,
-        {CKA_NEVER_EXTRACTABLE,          ATTR_BOOL},      // CK_BBOOL,
-        {CKA_MODIFIABLE,                 ATTR_BOOL},      // CK_BBOOL,
-        {CKA_EC_PARAMS,                  ATTR_BYTEARRAY}, // CK_BYTEARRAY,
-        {CKA_EC_POINT,                   ATTR_BYTEARRAY}, // CK_BYTEARRAY,
-        {CKA_WRAP_WITH_TRUSTED,          ATTR_BOOL},      // CK_BBOOL,
-
-        // Vendor extension
-        {CKA_GREP11_WKID,                ATTR_BYTEARRAY},
-};
-
-typedef struct {
-    CK_ATTRIBUTE_TYPE typeId;
-    char* str;
-}AttrIDString;
-
-AttrIDString attrToString[] = {
-        {CKA_CLASS,                          "CKA_CLASS"},
-        {CKA_TOKEN,                          "CKA_TOKEN"},
-        {CKA_PRIVATE,                        "CKA_PRIVATE"},
-        {CKA_LABEL,                          "CKA_LABEL"},
-        // {CKA_VALUE,                          "CKA_VALUE"},
-        {CKA_TRUSTED,                        "CKA_TRUSTED"},
-        {CKA_CHECK_VALUE,                    "CKA_CHECK_VALUE"},
-        {CKA_KEY_TYPE,                       "CKA_KEY_TYPE"},
-        {CKA_SUBJECT,                        "CKA_SUBJECT"},
-        {CKA_ID,                             "CKA_ID"},
-        {CKA_ENCRYPT,                        "CKA_ENCRYPT"},
-        {CKA_DECRYPT,                        "CKA_DECRYPT"},
-        {CKA_WRAP,                           "CKA_WRAP"},
-        {CKA_UNWRAP,                         "CKA_UNWRAP"},
-        {CKA_SIGN,                           "CKA_SIGN"},
-        {CKA_VERIFY,                         "CKA_VERIFY"},
-        {CKA_DERIVE,                         "CKA_DERIVE"},
-        {CKA_MODULUS,                        "CKA_MODULUS"},
-        {CKA_MODULUS_BITS,                   "CKA_MODULUS_BITS"},
-        {CKA_PUBLIC_EXPONENT,                "CKA_PUBLIC_EXPONENT"},
-        // {CKA_PRIME,                          "CKA_PRIME"},
-        // {CKA_SUBPRIME,                       "CKA_SUBPRIME"},
-        // {CKA_BASE,                           "CKA_BASE"},
-        // {CKA_PRIME_BITS,                     "CKA_PRIME_BITS"},
-        {CKA_VALUE_LEN,                      "CKA_VALUE_LEN"},
-        {CKA_EXTRACTABLE,                    "CKA_EXTRACTABLE"},
-        {CKA_LOCAL,                          "CKA_LOCAL"},
-        {CKA_NEVER_EXTRACTABLE,              "CKA_NEVER_EXTRACTABLE"},
-        {CKA_MODIFIABLE,                     "CKA_MODIFIABLE"},
-        {CKA_EC_PARAMS,                      "CKA_EC_PARAMS"},
-        {CKA_EC_POINT,                       "CKA_EC_POINT"},
-        {CKA_WRAP_WITH_TRUSTED,              "CKA_WRAP_WITH_TRUSTED"},
-        {CKA_GREP11_WKID,                    "CKA_GREP11_WKID"},
-};
-
-CK_ATTRIBUTE_TYPE commonAttrType[] = {
-        CKA_CLASS,
-        CKA_TOKEN,
-        CKA_PRIVATE,
-        CKA_MODIFIABLE,
-        CKA_LABEL,
-        CKA_KEY_TYPE,
-        CKA_ID,
-        CKA_DERIVE,
-};
-const int commonAttrAmt = (sizeof(commonAttrType)) / sizeof(CK_ATTRIBUTE_TYPE);
-
-CK_ATTRIBUTE_TYPE secretKeyAttrType[] = {
-        CKA_ENCRYPT,
-        CKA_DECRYPT,
-        CKA_WRAP,
-        CKA_UNWRAP,
-        CKA_EXTRACTABLE,
-        CKA_NEVER_EXTRACTABLE,
-        CKA_CHECK_VALUE,
-        CKA_WRAP_WITH_TRUSTED,
-        CKA_TRUSTED,
-        CKA_VALUE_LEN,
-        CKA_LOCAL,
-        CKA_GREP11_WKID,
-};
-const int secretKeyAttrAmt = (sizeof(secretKeyAttrType)) / sizeof(CK_ATTRIBUTE_TYPE);
-
-CK_ATTRIBUTE_TYPE publicKeyAttrType[] = {
-        CKA_SUBJECT,
-        CKA_ENCRYPT,
-        CKA_VERIFY,
-        CKA_WRAP,
-        CKA_TRUSTED,
-        CKA_MODULUS_BITS,
-        CKA_MODULUS,
-        CKA_PUBLIC_EXPONENT,
-        CKA_EC_PARAMS,
-        CKA_EC_POINT,
-};
-const int publicKeyAttrAmt = (sizeof(publicKeyAttrType)) / sizeof(CK_ATTRIBUTE_TYPE);
-
-CK_ATTRIBUTE_TYPE privateKeyAttrType[] = {
-        CKA_SUBJECT,
-        CKA_DECRYPT,
-        CKA_SIGN,
-        CKA_UNWRAP,
-        CKA_EXTRACTABLE,
-        CKA_NEVER_EXTRACTABLE,
-        CKA_WRAP_WITH_TRUSTED,
-        CKA_MODULUS,  // future
-        CKA_PUBLIC_EXPONENT, // future
-        CKA_EC_PARAMS, // future
-        CKA_LOCAL,
-        CKA_GREP11_WKID,
-};
-const int privateKeyAttrAmt = (sizeof(privateKeyAttrType)) / sizeof(CK_ATTRIBUTE_TYPE);
-
-const char * getKeyTypeStr(CK_KEY_TYPE keyType) {
-    switch (keyType) {
-    case CKK_AES:
-        return "AES";
-    case CKK_RSA:
-        return "RSA";
-    case CKK_EC:
-        return "EC";
-    case CKK_DES3:
-        return "DES3";
-    case CKK_DES2:
-        return "DES2";
-    default:
-        return "Unknown key type";
-    }
-}
-
-const char * getObjectClassStr(CK_OBJECT_CLASS objClass) {
-    switch (objClass) {
-    case CKO_PUBLIC_KEY:
-        return "Public key";
-    case CKO_PRIVATE_KEY:
-        return "Private key";
-    case CKO_SECRET_KEY:
-        return "Secret key (Symmetric key)";
-    default:
-        return "Unknow object type";
-    }
-}
-
-AttrGRPCType getAttrType(CK_ATTRIBUTE_TYPE typeId) {
-    for (int i = 0; i < sizeof(attrToType)/sizeof(AttrIDType); i++) {
-        if (typeId == attrToType[i].typeId) {
-            return attrToType[i].grpcType;
-        }
-    }
-    return ATTR_INVALID;
-}
-
-const char * getAttrString(CK_ATTRIBUTE_TYPE typeId) {
-    for (int i = 0; i < sizeof(attrToString)/sizeof(AttrIDString); i++) {
-        if (typeId == attrToString[i].typeId) {
-            return attrToString[i].str;
-        }
-    }
-    return NULL;
-}
-
-// getDecimalFromBytes returns long number for hex. Returning value is undefined if it exceeds 64 bits.
-unsigned long getDecimalFromBytes(const unsigned char *src, int len) {
-    unsigned long ret = 0;
-
-    for (int i = 0; i < len; i++) {
-        ret <<= 8;
-        ret += (int)src[i];
-    }
-    return ret;
-}
-
-const static int printWidth = 25;
-
-void PrintByteBuf(CK_ATTRIBUTE_TYPE attrType, const char * header, const unsigned char * data, unsigned long len) {
-#define CH_PER_LINE (16)
-    char strBuf[128];
-    unsigned long i;
-    //output format: 4 spaces + CH_PER_LINE * 3 HEX data divided by single colon
-    char line[4 + CH_PER_LINE * 3 + 1];
-    static char itohex[CH_PER_LINE] = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
-
-    switch (attrType) {
-    case CKA_PUBLIC_EXPONENT:
-        fprintf(stdout, "%-*s: %ld\n", printWidth, header, getDecimalFromBytes(data, len));
-        return;
-    case CKA_EC_PARAMS:
-    case CKA_LABEL:
-        memcpy(strBuf, data, len);
-        strBuf[len] = 0;
-        fprintf(stdout, "%-*s: %s\n", printWidth, header, strBuf);
-        return;
-    default:
-        fprintf(stdout, "%-*s[%lu]\n", printWidth, header, len);
-    }
-
-    line[sizeof(line) - 1] = 0;
-    for (i = 0; i < len; i++) {
-        //4 print spaces for address
-        if (i % CH_PER_LINE == 0) {
-            if (i > 0) {
-                //last line is done
-                fprintf(stdout, "%s\n", line);
-            }
-            memset(line, ' ', sizeof(line) - 1);
-        }
-        //each byte is translated into 'ab ' form, 3 print spaces
-        line[4 + (i % CH_PER_LINE) * 3] = itohex[data[i] >> 4];
-        line[4 + (i % CH_PER_LINE) * 3 + 1] = itohex[data[i] & 0xf];
-        line[4 + (i % CH_PER_LINE) * 3 + 2] = ':';
-    }
-    if (i % CH_PER_LINE != 15) {
-        //shorter line
-        fprintf(stdout, "%s\n", line);
-    }
-    fprintf(stdout, "\n");
-}
-
-void freeTemplate(CK_ATTRIBUTE_PTR pAttrs, CK_ULONG amt) {
-    for (int i = 0; i < amt; i++) {
-        if (pAttrs[i].pValue != NULL) {
-            free(pAttrs[i].pValue);
-        }
-    }
-    free((void *)pAttrs);
-    return;
-}
-
-// The returned memory pointer must be freed by freeTemplate()
-CK_ATTRIBUTE_PTR allocTemplate(CK_OBJECT_CLASS objClass, CK_ULONG* amt) {
-    CK_ATTRIBUTE_PTR pAttrs;
-
-    int i, extraAttrAmt, totalAttrAmt = commonAttrAmt;
-
-    switch (objClass) {
-    case CKO_SECRET_KEY:
-        extraAttrAmt = secretKeyAttrAmt;
-        break;
-    case CKO_PUBLIC_KEY:
-        extraAttrAmt = publicKeyAttrAmt;
-        break;
-    case CKO_PRIVATE_KEY:
-        extraAttrAmt = privateKeyAttrAmt;
-        break;
-    default:
-        return NULL;
-    }
-
-    totalAttrAmt += extraAttrAmt;
-    CK_ATTRIBUTE_TYPE allAttrIdList[totalAttrAmt];
-
-    for (i = 0; i < commonAttrAmt; i++) {
-        allAttrIdList[i] = commonAttrType[i];
-    }
-
-    switch (objClass) {
-    case CKO_SECRET_KEY:
-        for (i = commonAttrAmt; i < commonAttrAmt + extraAttrAmt; i++) {
-            allAttrIdList[i] = secretKeyAttrType[i - commonAttrAmt];
-        }
-        break;
-    case CKO_PUBLIC_KEY:
-        for (i = commonAttrAmt; i < commonAttrAmt + extraAttrAmt; i++) {
-            allAttrIdList[i] = publicKeyAttrType[i - commonAttrAmt];
-        }
-        break;
-    case CKO_PRIVATE_KEY:
-        for (i = commonAttrAmt; i < commonAttrAmt + extraAttrAmt; i++) {
-            allAttrIdList[i] = privateKeyAttrType[i - commonAttrAmt];
-        }
-        break;
-    default:
-        return NULL;
-    }
-    size_t bufferSize = totalAttrAmt * sizeof(CK_ATTRIBUTE);
-    pAttrs = (CK_ATTRIBUTE_PTR)malloc(bufferSize);
-    if (pAttrs == NULL) {
-        return NULL;
-    }
-    memset((void *)pAttrs, 0, bufferSize);
-
-    for (i = 0; i < totalAttrAmt; i++) {
-        AttrGRPCType t = getAttrType(allAttrIdList[i]);
-        size_t memSize = 0;
-        pAttrs[i].type = allAttrIdList[i];
-        switch (t) {
-        case ATTR_BOOL:
-            memSize = 1;
-            break;
-        case ATTR_INTEGER:
-            memSize = 8;
-            break;
-        case ATTR_BYTEARRAY:
-            memSize = 1024; // enough for any byte attribute
-            break;
-        default:
-            printf("Unexpected GRPC type for %lx\n", allAttrIdList[i]);
-            exit(1);
-        }
-        pAttrs[i].pValue = malloc(memSize);
-        if ( pAttrs[i].pValue == NULL) {
-            printf("not enough memory!\n");
-            exit(1);
-        }
-        pAttrs[i].ulValueLen = (CK_ULONG)memSize;
-    }
-    *amt = (CK_ULONG)totalAttrAmt;
-    return pAttrs;
-}
-
-CK_FUNCTION_LIST  *funcs;
-CK_BYTE           tokenNameBuf[32];
-const char        tokenName[] = "testToken";
-
-void PrintAttrs(CK_ATTRIBUTE* pAttrs, int amount) {
-    CK_ATTRIBUTE* pAttr = pAttrs;
-    AttrGRPCType t;
-    const char *str;
-    unsigned char *pCh;
-    unsigned long ulongVale;
-    for (int i = 0; i < amount; i++) {
-        t = getAttrType(pAttr[i].type);
-        if (t == ATTR_INVALID) {
-            printf("Unrecognized attribute type %lx\n", pAttr[i].type);
-            continue;
-        }
-        str = getAttrString(pAttr[i].type);
-        if (str == NULL) {
-            printf("Unrecognized attribute type %lx\n", pAttr[i].type);
-            continue;
-        }
-        if (pAttr[i].ulValueLen == CK_UNAVAILABLE_INFORMATION) {
-            //printf("%-*s: %s\n", printWidth, str, "Unavailable");
-            continue;
-        }
-        if (t == ATTR_BYTEARRAY && pAttr[i].ulValueLen == 0) {
-            printf("%-*s: %s\n", printWidth, str, "Empty");
-            continue;
-        }
-
-        switch (t) {
-        case ATTR_BOOL:
-            pCh = (unsigned char *)pAttr[i].pValue;
-            printf("%-*s: %s\n", printWidth, str, pCh[0] == 0? "FALSE":"TRUE");
-            break;
-        case ATTR_INTEGER:
-            if (pAttr[i].ulValueLen != sizeof(ulongVale)) {
-                printf("Integer attribute is not 8 bytes: %ld\n", pAttr[i].ulValueLen);
-                continue;
-            }
-            ulongVale = *((unsigned long *)pAttr[i].pValue);
-            switch (pAttr[i].type) {
-            case CKA_KEY_TYPE:
-                printf("%-*s: %s\n", printWidth, str, getKeyTypeStr(ulongVale));
-                break;
-            case CKA_CLASS:
-                printf("%-*s: %s\n", printWidth, str, getObjectClassStr(ulongVale));
-                break;
-            default:
-                printf("%-*s: %08lx\n", printWidth, str, ulongVale);
-            }
-
-            break;
-        case ATTR_BYTEARRAY:
-            PrintByteBuf(pAttr[i].type, str, (const unsigned char *)pAttr[i].pValue, pAttr[i].ulValueLen);
-            break;
-        default:
-            break;
-        }
-    }
-    printf("\n");
-}
-
-void PrintKeyAttrs(CK_SESSION_HANDLE session, CK_OBJECT_CLASS objClass, CK_OBJECT_HANDLE hKey) {
-    CK_ULONG amt = 0;
-    CK_ATTRIBUTE_PTR pTemplate = NULL;
-    CK_RV rc;
-
-    pTemplate = allocTemplate(objClass, &amt);
-    if (pTemplate == NULL) {
-        printf("error allocTemplate\n");
-        funcs->C_Finalize( NULL );
-        return;
-    }
-
-    funcs->C_GetAttributeValue(session, hKey, pTemplate, amt);
-
-    PrintAttrs(pTemplate, amt);
-    freeTemplate(pTemplate, amt);
-    return;
-}
-
-CK_UTF8CHAR         soPin[256] = {0};
-CK_UTF8CHAR         userPin[256] = {0};
-char                pkcs11LibName[1024] = {0};
-char                inputKeyLabel[1024] = {0}; // There are default labels for 3 different types of keys
-int                 mode = 1; // 1: generate keys (default), 2: load keys with the same label
-char                strUsage[] = "./pkcs11-attrs -p <path to pkcs11 library> -s <SO user API key> -u <normal user API key> -l <label> -m [generate|load]";
-
-void getArgs(int argc, char **argv) {
-    int c, n;
-
-    static struct option long_options[] = {
-        {"librarypath",    required_argument, NULL, 'p'},
-        {"SOpin",     required_argument, NULL, 's'},
-        {"userpin",   required_argument, NULL, 'u'},
-        {"label",   optional_argument, NULL, 'l'},
-        {"mode",    optional_argument, NULL, 'm'}, // "generate" or "load"
-        {0, 0, 0, 0}
-    };
-
-    while (1)
-    {
-      c = getopt_long (argc, argv, "p:s:u:l:m:", long_options, NULL);
-
-      /* Detect the end of the options. */
-      if (c == -1)
-        break;
-
-      switch (c)
-        {
-        case 'p':
-          n = snprintf(pkcs11LibName, sizeof(pkcs11LibName), "%s", optarg);
-          if (n < strlen(optarg)) {
-              printf("Path to library is too long\n");
-              exit(1);
-          }
-          break;
-
-        case 's':
-            n = snprintf((char *)soPin, sizeof(soPin), "%s", optarg);
-            if (n < strlen(optarg)) {
-                printf("SO PIN is too long\n");
-                exit(1);
-            }
-          break;
-
-        case 'u':
-            n = snprintf((char *)userPin, sizeof(userPin), "%s", optarg);
-            if (n < strlen(optarg)) {
-                printf("Normal user PIN is too long\n");
-                exit(1);
-            }
-          break;
-
-        case 'l':
-            n = snprintf((char *)inputKeyLabel, sizeof(inputKeyLabel), "%s", optarg);
-            if (n < strlen(optarg)) {
-                printf("Key label is too long\n");
-                exit(1);
-            }
-            break;
-
-        case 'm':
-            if (strncmp(optarg, "generate", strlen("generate")) == 0) {
-                mode = 1;
-            } else if (strncmp(optarg, "load", strlen("load")) == 0) {
-                mode = 2;
-            } else {
-                printf("Invalid mode %s\n", optarg);
-                exit(1);
-            }
-            break;
-        default:
-          printf("%s\n", strUsage);
-          exit(1);
-        }
-    }
-
-    if (strlen((char *)soPin) == 0 && mode == 1) {
-        printf("PIN for the SO user must be provided when generating keys\n");
-        exit(1);
-    }
-    if (strlen((char *)userPin) == 0 || strlen(pkcs11LibName) == 0) {
-        printf("%s\n", strUsage);
-        exit(1);
-    }
-}
-
-// find_key returns 0 if no key is found or more than one object is found
-CK_OBJECT_HANDLE find_key(CK_SESSION_HANDLE session, CK_ATTRIBUTE *pTmpl, CK_ULONG tmplAmt) {
-    CK_RV                   rc;
-    CK_OBJECT_HANDLE        handles[64];
-    CK_ULONG                amtHandle = 0;
-
-    rc = funcs->C_FindObjectsInit(session, pTmpl, tmplAmt);
-    if (rc != CKR_OK) {
-       printf("error C_FindObjectsInit: rc=0x%04lx\n", rc );
-       return !CKR_OK;
-    }
-
-    rc = funcs->C_FindObjects( session, handles, sizeof(handles)/ sizeof(CK_OBJECT_HANDLE), &amtHandle);
-    if (rc != CKR_OK) {
-       printf("error C_FindObjects: rc=0x%04lx\n", rc );
-       return !CKR_OK;
-    }
-    funcs->C_FindObjectsFinal(session);
-
-    if (amtHandle != 1) {
-        printf("Zero or more than 1 object found: %ld\n", amtHandle);
-        return 0;
-    }
-    return handles[0];
-}
-
-int main( int argc, char **argv )
-{
-   CK_C_INITIALIZE_ARGS  initArgs;
-   CK_RV                   rc;
-   CK_FLAGS                flags = 0;
-   CK_SESSION_HANDLE       session;
-   CK_MECHANISM            mech;
-   CK_OBJECT_HANDLE        publicKey, privateKey, aesKey;
-   static CK_BBOOL         isTrue = TRUE;
-   static CK_BBOOL         isFalse = FALSE;
-
-   CK_RV                   (*pFunc)();
-   void                    *pkcs11Lib;
- 
-   getArgs(argc, argv);
-
-   printf("Opening the PKCS11 library...\n");
-   pkcs11Lib = dlopen(pkcs11LibName, RTLD_NOW);
-   if ( pkcs11Lib == NULL ) {
-      printf("%s not found. Ensure that the PKCS11 library is in the system library path or LD_LIBRARY_PATH\n", pkcs11LibName);
-      return !CKR_OK;
-   }
- 
-   printf("Getting the PKCS11 function list...\n");
-   pFunc = (CK_RV (*)())dlsym(pkcs11Lib, "C_GetFunctionList");
-   if (pFunc == NULL ) {
-      printf("C_GetFunctionList() not found in module %s\n", pkcs11LibName);
-      return !CKR_OK;
-   }
-   rc = pFunc(&funcs);
-   if (rc != CKR_OK) {
-      printf("error C_GetFunctionList: rc=0x%04lx\n", rc );
-      return !CKR_OK;
-   }
- 
-   printf("Initializing the PKCS11 environment...\n");
-   memset( &initArgs, 0x0, sizeof(initArgs) );
-   rc = funcs->C_Initialize( &initArgs );
-   if (rc != CKR_OK) {
-      printf("error C_Initialize: rc=0x%04lx\n", rc );
-      return !CKR_OK;
-   }
-
-   if (mode == 1) {
-       printf("Initializing the token... \n");
-       memset(tokenNameBuf, ' ', sizeof(tokenNameBuf)); /* Token name is left justified, padded with blanks */
-       memcpy(tokenNameBuf, tokenName, strlen(tokenName));
-
-       /* C_InitToken cleans up private and public keystores. This only needs to be done once.
-        * Subsequent C_InitToken calls will delete any existing keys within the keystores
-        */
-       rc = funcs->C_InitToken(0, soPin, strlen((const char *) soPin), tokenNameBuf);
-       if (rc != CKR_OK) {
-          printf("error C_InitToken: rc=0x%04lx\n", rc );
-          funcs->C_Finalize( NULL );
-          return !CKR_OK;
-       }
-   }
- 
-   flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
-   printf("Opening a session... \n");
-   rc = funcs->C_OpenSession( 0, flags, (CK_VOID_PTR) NULL, NULL, &session );
-   if (rc != CKR_OK) {
-      printf("error C_OpenSession: rc=0x%04lx\n", rc );
-      funcs->C_Finalize( NULL );
-      return !CKR_OK;
-   }
- 
-   printf("Logging in as normal user... \n");
-   rc = funcs->C_Login( session, CKU_USER, userPin, strlen((const char *) userPin));
-   if (rc != CKR_OK) {
-      printf("error C_Login: rc=0x%04lx\n", rc );
-      funcs->C_Finalize( NULL );
-      return !CKR_OK;
-   }
-
-   char aesLabel[1024] = "AES key label";
-   char rsaPubLabel[1024] = "RSA public key label";
-   char rsaPrivLabel[1024] = "RSA private key label";
-   char ecPubLabel[1024] = "ECDSA public key label";
-   char ecPrivLabel[1024] = "ECDSA private key label";
-
-   if (strlen(inputKeyLabel) > 0) {
-       strcpy(aesLabel, inputKeyLabel);
-       strcpy(rsaPubLabel, inputKeyLabel);
-       strcpy(rsaPrivLabel, inputKeyLabel);
-       strcpy(ecPubLabel, inputKeyLabel);
-       strcpy(ecPrivLabel, inputKeyLabel);
-   }
-
-   // Load AES and RSA/EC public and private keys from PKCS#11 the key store
-   if (mode == 2) {
-        CK_OBJECT_HANDLE hKey;
-        CK_OBJECT_CLASS objClass = CKO_SECRET_KEY;
-        CK_KEY_TYPE keyType = CKK_AES;
-        char *pLabel = aesLabel;
-
-       CK_ATTRIBUTE find_tmpl[] = {
-        {CKA_LABEL,        pLabel,    strlen(pLabel) },
-        {CKA_CLASS,        &objClass,    sizeof(objClass) },
-        {CKA_KEY_TYPE,     &keyType,    sizeof(keyType) },
-       };
-
-       printf("Loading AES key... \n");
-       hKey = find_key(session, find_tmpl, 3);
-       if (hKey != 0) {
-           printf("AES key attributes\n");
-           PrintKeyAttrs(session, CKO_SECRET_KEY, hKey);
-       } else {
-           printf("Unexpected number of AES keys found\n");
-       }
-
-       // RSA public key
-       pLabel = rsaPubLabel;
-       objClass = CKO_PUBLIC_KEY;
-       keyType = CKK_RSA;
-       printf("Loading RSA key pair... \n");
-       hKey = find_key(session, find_tmpl, 3);
-       if (hKey != 0) {
-           printf("RSA public key attributes\n");
-           PrintKeyAttrs(session, CKO_PUBLIC_KEY, hKey);
-       } else {
-           printf("Unexpected number of RSA public keys found\n");
-       }
-       // RSA private key
-       pLabel = rsaPrivLabel;
-       objClass = CKO_PRIVATE_KEY;
-       hKey = find_key(session, find_tmpl, 3);
-       if (hKey != 0) {
-           printf("RSA private key attributes\n");
-           PrintKeyAttrs(session, CKO_PRIVATE_KEY, hKey);
-       } else {
-           printf("Unexpected number of RSA private keys found\n");
-       }
-
-       // EC public key
-       pLabel = ecPubLabel;
-       objClass = CKO_PUBLIC_KEY;
-       keyType = CKK_EC;
-       printf("Loading EC key pair... \n");
-       hKey = find_key(session, find_tmpl, 3);
-       if (hKey != 0) {
-           printf("EC public key attributes\n");
-           PrintKeyAttrs(session, CKO_PUBLIC_KEY, hKey);
-       } else {
-           printf("Unexpected number of EC public keys found\n");
-       }
-       // EC private key
-       pLabel = ecPrivLabel;
-       objClass = CKO_PRIVATE_KEY;
-       hKey = find_key(session, find_tmpl, 3);
-       if (hKey != 0) {
-           printf("EC private key attributes\n");
-           PrintKeyAttrs(session, CKO_PRIVATE_KEY, hKey);
-       } else {
-           printf("Unexpected number of EC private keys found\n");
-       }
-
-       goto finished;
-   }
-
-   printf("Generating AES key... \n");
-   CK_ULONG aesKeyLen = 32;
-
-   CK_ATTRIBUTE aes_tmpl[] = {
-    {CKA_LABEL,        aesLabel,    strlen(aesLabel) },
-    {CKA_TOKEN,        &isTrue,     sizeof(isTrue) },
-    {CKA_VALUE_LEN,    &aesKeyLen,  sizeof(aesKeyLen) },
-    {CKA_ENCRYPT,      &isTrue,     sizeof(isTrue) },
-    {CKA_DECRYPT,      &isTrue,     sizeof(isTrue) },
-    {CKA_EXTRACTABLE,  &isFalse,    sizeof(isFalse)},
-   };
-   mech.mechanism      = CKM_AES_KEY_GEN;
-   mech.ulParameterLen = 0;
-   mech.pParameter     = NULL;
-
-   rc = funcs->C_GenerateKey( session, &mech, aes_tmpl, sizeof(aes_tmpl)/sizeof(CK_ATTRIBUTE), &aesKey);
-   if (rc != CKR_OK) {
-      printf("error C_GenerateKey: rc=0x%04lx\n", rc );
-      funcs->C_Finalize( NULL );
-      return !CKR_OK;
-   }
-
-   printf("AES key attributes\n");
-   PrintKeyAttrs(session, CKO_SECRET_KEY, aesKey);
-
-   // Print ECDSA key attributes
-   printf("Generating ECDSA key pair... \n");
-   /* Attributes for the public key to be generated */
-   CK_BYTE curve_name[] = "P-256";
-
-   CK_ATTRIBUTE pub_tmpl[] = {
-      {CKA_LABEL,        ecPubLabel,    strlen(ecPubLabel) },
-      {CKA_TOKEN,        &isTrue, sizeof(isTrue) },
-      {CKA_EC_PARAMS,    &curve_name,   strlen( (const char *) curve_name) },
-      {CKA_VERIFY,       &isTrue,  sizeof(isTrue) },
-   };
-
-   /* Attributes for the private key to be generated */
-   CK_ATTRIBUTE priv_tmpl[] =
-   {
-      {CKA_LABEL,    ecPrivLabel,    strlen(ecPrivLabel) },
-      {CKA_TOKEN,    &isTrue, sizeof(isTrue) },
-      {CKA_SIGN,     &isTrue, sizeof(isTrue) },
-      {CKA_EXTRACTABLE,  &isFalse,    sizeof(isFalse)},
-   };
-   mech.mechanism      = CKM_EC_KEY_PAIR_GEN;
-   mech.ulParameterLen = 0;
-   mech.pParameter     = NULL;
-
-   rc = funcs->C_GenerateKeyPair( session,   &mech,
-                                  pub_tmpl,   sizeof(pub_tmpl)/sizeof(CK_ATTRIBUTE),
-                                  priv_tmpl,  sizeof(priv_tmpl)/sizeof(CK_ATTRIBUTE),
-                                  &publicKey, &privateKey );
-   if (rc != CKR_OK) {
-      printf("error C_GenerateKeyPair: rc=0x%04lx\n", rc );
-      funcs->C_Finalize( NULL );
-      return !CKR_OK;
-   }
-
-   printf("ECDSA public key attributes\n");
-   PrintKeyAttrs(session, CKO_PUBLIC_KEY, publicKey);
-
-   printf("ECDSA private key attributes\n");
-   PrintKeyAttrs(session, CKO_PRIVATE_KEY, privateKey);
-
-   // Print RSA key attributes
-   unsigned long rsaBits = 2048;
-   unsigned char pubExponent[] = {0x2, 0x0, 0x1};
-   CK_ATTRIBUTE rsa_pub_tmpl[] = {
-      {CKA_LABEL,           rsaPubLabel,    strlen(rsaPubLabel) },
-      {CKA_MODULUS_BITS,    &rsaBits, sizeof(rsaBits)},
-      {CKA_PUBLIC_EXPONENT, pubExponent, sizeof(pubExponent)},
-      {CKA_TOKEN,           &isTrue, sizeof(isTrue) },
-      {CKA_VERIFY,          &isTrue,  sizeof(isTrue) },
-   };
-
-   /* Attributes for the private key to be generated */
-   CK_ATTRIBUTE rsa_priv_tmpl[] =
-   {
-      {CKA_LABEL,    rsaPrivLabel,    strlen(rsaPrivLabel) },
-      {CKA_TOKEN,    &isTrue, sizeof(isTrue) },
-      {CKA_SIGN,     &isTrue, sizeof(isTrue) },
-      {CKA_EXTRACTABLE,  &isFalse,    sizeof(isFalse)},
-   };
-   mech.mechanism      = CKM_RSA_PKCS_KEY_PAIR_GEN;
-   mech.ulParameterLen = 0;
-   mech.pParameter     = NULL;
-
-   rc = funcs->C_GenerateKeyPair( session,   &mech,
-                                  rsa_pub_tmpl,   sizeof(rsa_pub_tmpl)/sizeof(CK_ATTRIBUTE),
-                                  rsa_priv_tmpl,  sizeof(rsa_priv_tmpl)/sizeof(CK_ATTRIBUTE),
-                                  &publicKey, &privateKey );
-   if (rc != CKR_OK) {
-      printf("error C_GenerateKeyPair: rc=0x%04lx\n", rc );
-      funcs->C_Finalize( NULL );
-      return !CKR_OK;
-   }
-
-   printf("RSA public key attributes\n");
-   PrintKeyAttrs(session, CKO_PUBLIC_KEY, publicKey);
-
-   printf("RSA private key attributes\n");
-   PrintKeyAttrs(session, CKO_PRIVATE_KEY, privateKey);
-
-finished:
-
-   printf("Logging out... \n");
-   rc = funcs->C_Logout(session);
-   if (rc != CKR_OK) {
-      printf("error C_Logout: rc=0x%04lx\n", rc );
-      funcs->C_Finalize( NULL );
-      return !CKR_OK;
-   }
-
-   printf("Closing the session... \n");
-   rc = funcs->C_CloseSession( session );
-   if (rc != CKR_OK) {
-      printf("error C_CloseSession: rc=0x%04lx\n", rc );
-      return !CKR_OK;
-   }
-
-   printf("Finalizing... \n");
-   rc = funcs->C_Finalize( NULL );
-   if (rc != CKR_OK) {
-      printf("error C_Finalize: rc=0x%04lx\n", rc );
-      return !CKR_OK;
-   }
-   printf("Sample completed successfully!\n");
-   return 0;
-}
diff --git a/hpcs-pkcs11/samples/pkcs11-btc.c b/hpcs-pkcs11/samples/pkcs11-btc.c
deleted file mode 100644
index 6d9c8c998..000000000
--- a/hpcs-pkcs11/samples/pkcs11-btc.c
+++ /dev/null
@@ -1,391 +0,0 @@
-/****************************************************************
- * Copyright IBM Corp. All Rights Reserved.
- *
- * SPDX-License-Identifier: Apache-2.0
- *
- * pkcs11-btc.c
- *
- * A sample application to interact with the HPCS PKCS11 library
- *
- * Compile using:
- * gcc -o pkcs11-btc pkcs11-btc.c -ldl
- *
- * Updates to be made within this source file:
- * Replace the text <so-user-api-key> with the SO user's PIN.
- * Replace the text <normal-user-api-key> with the normal user's PIN.
- * Replace the text <pkcs11-library> with name of your pkcs11 library.
- *
- * Ensure that your pkcs11 library is in your library path (LD_LIBRARY_PATH)
- * and the grep11client.yaml PKCS11 configuration file is in the /etc/ep11client directory. You may
- * need to create the /etc/ep11client directory, if it does not exist.
- *
- * NOTE: This sample code is expecting a default library name of pkcs11-grep11.so (See the pkcs11LibName variable).
- *       Feel free to change the name to match your pkcs11 library name.
- *
- * Please refer to https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-set-up-pkcs-api
- * for more information about the setup of the PKCS11 library and its configuration file.
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <memory.h>
-#include <dlfcn.h>
-#include <sys/timeb.h>
-#include "sample.h"
-
-CK_FUNCTION_LIST  *funcs;
-CK_BYTE           tokenNameBuf[32];
-const char        tokenName[] = "testToken";
-
-int main( int argc, char **argv )
-{
-    CK_C_INITIALIZE_ARGS  initArgs;
-    CK_RV                   rc;
-    CK_FLAGS                flags = 0;
-    CK_SESSION_HANDLE       session;
-    CK_MECHANISM            mech;
-    CK_OBJECT_HANDLE        publicKey, privateKey, childPublicKey, childPrivateKey, genericKey, masterKey;
-    static CK_BBOOL         isTrue = TRUE;
-
-    CK_RV                   (*pFunc)();
-    void                    *pkcs11Lib;
-    CK_UTF8CHAR_PTR         soPin = (unsigned char *) "<so-user-api-key>";
-    CK_UTF8CHAR_PTR         userPin = (unsigned char *) "<normal-user-api-key>";
-    char                    pkcs11LibName[] = "pkcs11-grep11.so";
-
-    printf("Opening the PKCS11 library...\n");
-    pkcs11Lib = dlopen(pkcs11LibName, RTLD_NOW);
-    if ( pkcs11Lib == NULL ) {
-        printf("%s not found. Ensure that the PKCS11 library is in the system library path or LD_LIBRARY_PATH\n", pkcs11LibName);
-        return !CKR_OK;
-    }
-
-    printf("Getting the PKCS11 function list...\n");
-    pFunc = (CK_RV (*)())dlsym(pkcs11Lib, "C_GetFunctionList");
-    if (pFunc == NULL ) {
-        printf("C_GetFunctionList() not found in module %s\n", pkcs11LibName);
-        return !CKR_OK;
-    }
-    rc = pFunc(&funcs);
-    if (rc != CKR_OK) {
-        printf("error C_GetFunctionList: rc=0x%04lx\n", rc );
-        return !CKR_OK;
-    }
-
-    printf("Initializing the PKCS11 environment...\n");
-    memset( &initArgs, 0x0, sizeof(initArgs) );
-    rc = funcs->C_Initialize( &initArgs );
-    if (rc != CKR_OK) {
-        printf("error C_Initialize: rc=0x%04lx\n", rc );
-        return !CKR_OK;
-    }
-
-    printf("Initializing the token... \n");
-    memset(tokenNameBuf, ' ', sizeof(tokenNameBuf)); /* Token name is left justified, padded with blanks */
-    memcpy(tokenNameBuf, tokenName, strlen(tokenName));
-
-    /* C_InitToken cleans up private and public keystore thus only needs to be done once.
-     * Subsequent C_InitToken calls will delete any existing keys within the keystores
-     */
-    rc= funcs->C_InitToken(0, soPin, strlen((const char *) soPin), tokenNameBuf);
-    if (rc != CKR_OK) {
-        printf("error C_InitToken: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
-    printf("Opening a session... \n");
-    rc = funcs->C_OpenSession( 0, flags, (CK_VOID_PTR) NULL, NULL, &session );
-    if (rc != CKR_OK) {
-        printf("error C_OpenSession: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    printf("Logging in as normal user... \n");
-    rc = funcs->C_Login( session, CKU_USER, userPin, strlen((const char *) userPin));
-    if (rc != CKR_OK) {
-        printf("error C_Login: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    CK_ULONG genericKeyLen = 32;
-    CK_OBJECT_CLASS objClass = CKO_SECRET_KEY;
-    CK_KEY_TYPE keyType = CKK_GENERIC_SECRET;
-    CK_ATTRIBUTE genericTmpl[] = {
-        {CKA_CLASS,           &objClass,        sizeof(objClass) },
-        {CKA_KEY_TYPE,        &keyType,        sizeof(keyType) },
-        {CKA_VALUE_LEN,       &genericKeyLen,  sizeof(genericKeyLen) },
-        {CKA_DERIVE,          &isTrue,         sizeof(isTrue) },
-        {CKA_IBM_USE_AS_DATA, &isTrue,         sizeof(isTrue) },
-    };
-
-    mech.mechanism      = CKM_GENERIC_SECRET_KEY_GEN;
-    mech.ulParameterLen = 0;
-    mech.pParameter     = NULL;
-    rc = funcs->C_GenerateKey( session, &mech, genericTmpl, sizeof(genericTmpl)/sizeof(CK_ATTRIBUTE), &genericKey);
-    if (rc != CKR_OK) {
-        printf("error C_GenerateKey: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    printf("Generating Master key... \n");
-    objClass = CKO_PRIVATE_KEY;
-    keyType = CKK_EC;
-    CK_BYTE curve_name[] = {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x0a};
-    CK_ULONG valueLen = 0;
-    CK_ATTRIBUTE masterTmpl[] = {
-        {CKA_CLASS,            &objClass,        sizeof(objClass) },
-        {CKA_KEY_TYPE,         &keyType,         sizeof(keyType) },
-        {CKA_DERIVE,           &isTrue,          sizeof(isTrue) },
-        {CKA_EC_PARAMS,        &curve_name,      sizeof(curve_name) },
-        {CKA_IBM_USE_AS_DATA,  &isTrue,          sizeof(isTrue) },
-        {CKA_VALUE_LEN,        &valueLen,        sizeof(valueLen) },
-    };
-
-    CK_BYTE chainCode[32] = {};
-    memset(chainCode, 0, 32);
-    CK_IBM_BTC_DERIVE_PARAMS btcDeriveParams = {
-        .type           = (CK_ULONG)CK_IBM_BIP0032_MASTERK,
-        .childKeyIndex  = 0,
-        .pChainCode     = chainCode,
-        .ulChainCodeLen = 0,
-        .version        = XCP_BTC_VERSION,
-    };
-
-    mech.mechanism      = CKM_IBM_BTC_DERIVE;
-    mech.pParameter     = (CK_VOID_PTR)&btcDeriveParams;
-    mech.ulParameterLen = sizeof(CK_IBM_BTC_DERIVE_PARAMS);
-    rc = funcs->C_DeriveKey(session, &mech, genericKey, masterTmpl, sizeof(masterTmpl)/sizeof(CK_ATTRIBUTE), &masterKey);
-    if (rc != CKR_OK) {
-        printf("error C_DeriveKey: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    objClass = CKO_PRIVATE_KEY;
-    keyType = CKK_EC;
-    valueLen = 0;
-    CK_ATTRIBUTE privDeriveTmpl[] = {
-        {CKA_CLASS,            &objClass,        sizeof(objClass) },
-        {CKA_KEY_TYPE,         &keyType,         sizeof(keyType) },
-        {CKA_DERIVE,           &isTrue,          sizeof(isTrue) },
-        {CKA_EC_PARAMS,        &curve_name,      sizeof(curve_name) },
-        {CKA_IBM_USE_AS_DATA,  &isTrue,          sizeof(isTrue) },
-        {CKA_VALUE_LEN,        &valueLen,        sizeof(valueLen) },
-        {CKA_SIGN,             &isTrue,          sizeof(isTrue) },
-    };
-
-    btcDeriveParams.type           = (CK_ULONG)CK_IBM_BIP0032_PRV2PRV;
-    btcDeriveParams.childKeyIndex  = 0;
-    btcDeriveParams.pChainCode     = chainCode;
-    btcDeriveParams.ulChainCodeLen = 32;
-    btcDeriveParams.version        = XCP_BTC_VERSION;
-
-    mech.mechanism      = CKM_IBM_BTC_DERIVE;
-    mech.pParameter     = (CK_VOID_PTR)&btcDeriveParams;
-    mech.ulParameterLen = sizeof(CK_IBM_BTC_DERIVE_PARAMS);
-    rc = funcs->C_DeriveKey(session, &mech, masterKey, privDeriveTmpl, sizeof(privDeriveTmpl)/sizeof(CK_ATTRIBUTE), &privateKey);
-    if (rc != CKR_OK) {
-        printf("error C_DeriveKey: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    objClass = CKO_PUBLIC_KEY;
-    keyType = CKK_EC;
-    valueLen = 0;
-    CK_ATTRIBUTE pubDeriveTmpl[] = {
-        {CKA_CLASS,            &objClass,        sizeof(objClass) },
-        {CKA_KEY_TYPE,         &keyType,         sizeof(keyType) },
-        {CKA_DERIVE,           &isTrue,          sizeof(isTrue) },
-        {CKA_EC_PARAMS,        &curve_name,      sizeof(curve_name) },
-        {CKA_IBM_USE_AS_DATA,  &isTrue,          sizeof(isTrue) },
-        {CKA_VALUE_LEN,        &valueLen,        sizeof(valueLen) },
-        {CKA_VERIFY,           &isTrue,          sizeof(isTrue) },
-    };
-
-    btcDeriveParams.type           = (CK_ULONG)CK_IBM_BIP0032_PRV2PUB;
-    btcDeriveParams.childKeyIndex  = 0;
-    btcDeriveParams.pChainCode     = chainCode;
-    btcDeriveParams.ulChainCodeLen = 32;
-    btcDeriveParams.version        = XCP_BTC_VERSION;
-
-    mech.mechanism      = CKM_IBM_BTC_DERIVE;
-    mech.pParameter     = (CK_VOID_PTR)&btcDeriveParams;
-    mech.ulParameterLen = sizeof(CK_IBM_BTC_DERIVE_PARAMS);
-    rc = funcs->C_DeriveKey(session, &mech, masterKey, pubDeriveTmpl, sizeof(pubDeriveTmpl)/sizeof(CK_ATTRIBUTE), &publicKey);
-    if (rc != CKR_OK) {
-        printf("error C_DeriveKey: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    printf("Signing with ECDSA private key... \n");
-    CK_BYTE dataToBeSigned[] = "This is data to be signed";
-    CK_ULONG dataToBeSignedLen = sizeof(dataToBeSigned) - 1;
-    CK_BYTE signature[64]; // minimum 64 bytes in P-256 case
-    CK_ULONG signatureLen = sizeof(signature);
-
-    mech.mechanism      = CKM_ECDSA;
-    mech.ulParameterLen = 0;
-    mech.pParameter     = NULL;
-    rc = funcs->C_SignInit(session, &mech, privateKey);
-    if (rc != CKR_OK) {
-        printf("error C_SignInit: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    rc = funcs->C_Sign(session, dataToBeSigned, dataToBeSignedLen, signature, &signatureLen);
-    if (rc != CKR_OK) {
-        printf("error C_Sign: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    printf("Verifying with ECDSA public key... \n");
-    rc = funcs->C_VerifyInit(session, &mech, publicKey);
-    if (rc != CKR_OK) {
-        printf("error C_VerifyInit: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    rc = funcs->C_Verify(session, dataToBeSigned, dataToBeSignedLen, signature, signatureLen);
-    if (rc != CKR_OK) {
-        printf("error C_Verify: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    unsigned char checkValue[32];
-    CK_ATTRIBUTE attrs_tmpl[] = {
-        {CKA_CHECK_VALUE, checkValue,  sizeof(checkValue) },
-    };
-    funcs->C_GetAttributeValue(session, privateKey, attrs_tmpl, sizeof(attrs_tmpl)/sizeof(CK_ATTRIBUTE));
-    if (rc != CKR_OK) {
-        printf("error C_GetAttributeValue: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    objClass = CKO_PRIVATE_KEY;
-    keyType = CKK_EC;
-    valueLen = 0;
-    CK_ATTRIBUTE childPrivDeriveTmpl[] = {
-        {CKA_CLASS,            &objClass,        sizeof(objClass) },
-        {CKA_KEY_TYPE,         &keyType,         sizeof(keyType) },
-        {CKA_DERIVE,           &isTrue,          sizeof(isTrue) },
-        {CKA_EC_PARAMS,        &curve_name,      sizeof(curve_name) },
-        {CKA_IBM_USE_AS_DATA,  &isTrue,          sizeof(isTrue) },
-        {CKA_VALUE_LEN,        &valueLen,        sizeof(valueLen) },
-        {CKA_SIGN,             &isTrue,          sizeof(isTrue) },
-    };
-
-    btcDeriveParams.type           = (CK_ULONG)CK_IBM_BIP0032_PRV2PRV;
-    btcDeriveParams.childKeyIndex  = 0;
-    btcDeriveParams.pChainCode     = checkValue;
-    btcDeriveParams.ulChainCodeLen = 32;
-    btcDeriveParams.version        = XCP_BTC_VERSION;
-
-    mech.mechanism      = CKM_IBM_BTC_DERIVE;
-    mech.pParameter     = (CK_VOID_PTR)&btcDeriveParams;
-    mech.ulParameterLen = sizeof(CK_IBM_BTC_DERIVE_PARAMS);
-    rc = funcs->C_DeriveKey(session, &mech, privateKey, childPrivDeriveTmpl, sizeof(childPrivDeriveTmpl)/sizeof(CK_ATTRIBUTE), &childPrivateKey);
-    if (rc != CKR_OK) {
-        printf("error C_DeriveKey: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    objClass = CKO_PUBLIC_KEY;
-    keyType = CKK_EC;
-    valueLen = 0;
-    CK_ATTRIBUTE childPubDeriveTmpl[] = {
-        {CKA_CLASS,            &objClass,        sizeof(objClass) },
-        {CKA_KEY_TYPE,         &keyType,         sizeof(keyType) },
-        {CKA_DERIVE,           &isTrue,          sizeof(isTrue) },
-        {CKA_EC_PARAMS,        &curve_name,      sizeof(curve_name) },
-        {CKA_IBM_USE_AS_DATA,  &isTrue,          sizeof(isTrue) },
-        {CKA_VALUE_LEN,        &valueLen,        sizeof(valueLen) },
-        {CKA_VERIFY,           &isTrue,          sizeof(isTrue) },
-    };
-
-    btcDeriveParams.type           = (CK_ULONG)CK_IBM_BIP0032_PRV2PUB;
-    btcDeriveParams.childKeyIndex  = 0;
-    btcDeriveParams.pChainCode     = checkValue;
-    btcDeriveParams.ulChainCodeLen = 32;
-    btcDeriveParams.version        = XCP_BTC_VERSION;
-
-    mech.mechanism      = CKM_IBM_BTC_DERIVE;
-    mech.pParameter     = (CK_VOID_PTR)&btcDeriveParams;
-    mech.ulParameterLen = sizeof(CK_IBM_BTC_DERIVE_PARAMS);
-    rc = funcs->C_DeriveKey(session, &mech, privateKey, childPubDeriveTmpl, sizeof(childPubDeriveTmpl)/sizeof(CK_ATTRIBUTE), &childPublicKey);
-    if (rc != CKR_OK) {
-        printf("error C_DeriveKey: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    mech.mechanism      = CKM_ECDSA;
-    mech.ulParameterLen = 0;
-    mech.pParameter     = NULL;
-    rc = funcs->C_SignInit(session, &mech, childPrivateKey);
-    if (rc != CKR_OK) {
-        printf("error C_SignInit: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    rc = funcs->C_Sign(session, dataToBeSigned, dataToBeSignedLen, signature, &signatureLen);
-    if (rc != CKR_OK) {
-        printf("error C_Sign: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    printf("Verifying with ECDSA public key... \n");
-    rc = funcs->C_VerifyInit(session, &mech, childPublicKey);
-    if (rc != CKR_OK) {
-        printf("error C_VerifyInit: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    rc = funcs->C_Verify(session, dataToBeSigned, dataToBeSignedLen, signature, signatureLen);
-    if (rc != CKR_OK) {
-        printf("error C_Verify: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    printf("Logging out... \n");
-    rc = funcs->C_Logout(session);
-    if (rc != CKR_OK) {
-        printf("error C_Logout: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    printf("Closing the session... \n");
-    rc = funcs->C_CloseSession( session );
-    if (rc != CKR_OK) {
-        printf("error C_CloseSession: rc=0x%04lx\n", rc );
-        return !CKR_OK;
-    }
-
-    printf("Finalizing... \n");
-    rc = funcs->C_Finalize( NULL );
-    if (rc != CKR_OK) {
-        printf("error C_Finalize: rc=0x%04lx\n", rc );
-        return !CKR_OK;
-    }
-    printf("Sample completed successfully!\n");
-    return 0;
-}
diff --git a/hpcs-pkcs11/samples/pkcs11-checksum.c b/hpcs-pkcs11/samples/pkcs11-checksum.c
deleted file mode 100644
index 0263b39e1..000000000
--- a/hpcs-pkcs11/samples/pkcs11-checksum.c
+++ /dev/null
@@ -1,497 +0,0 @@
- /****************************************************************
- * Copyright IBM Corp. All Rights Reserved.
- *
- * SPDX-License-Identifier: Apache-2.0
- *
- * pkcs11-checksum.c
- *
- * A sample application demonstrating how to verify the checksum of key using the PKCS11 library
- * 
- * Compile using:
- * gcc -o pkcs11-checksum pkcs11-checksum.c -ldl
- * 
- * Usage:
- * /pkcs11-checksum -p <path to pkcs11 library> -s <SO user API key> -u <normal user API key> -m [generate|verify]
- * Ensure that the grep11client.yaml PKCS11 configuration file is in the /etc/ep11client directory. You may
- * need to create the /etc/ep11client directory, if it does not exist.
- *
- * Steps to verify keys:
- * Step 1 /pkcs11-checksum -p <path to pkcs11 library> -s <SO user API key> -u <normal user API key> -m generate
- *        Step 1 generates AES/DES3/DES2 keys and stores their respective checksums into three files (e.g. "AES_key").
- * Step 2 /pkcs11-checksum -p <path to pkcs11 library> -s <SO user API key> -u <normal user API key> -m verify
- *        Step 2 loads the generated keys and re-calculates their respective checksums and compares them against the checksums stored in files.
- *        For example, this step loads the checksum from the "AES_key" file as checksum A. Then it retrieves the AES key from the keystore
- *        and calculates checksum B. Finally, it compares checksum A and checksum B. If they match, the key store has NOT been tampered with.
- *
- * Please refer to https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-set-up-pkcs-api
- * for more information about the setup of the PKCS11 library and its configuration file.
- * 
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <getopt.h>
-#include <ctype.h>
-#include <memory.h>
-#include <dlfcn.h>
-#include <sys/timeb.h>
-#include "sample.h"
-
-const char * getKeyTypeStr(CK_KEY_TYPE keyType) {
-    switch (keyType) {
-    case CKK_AES:
-        return "AES";
-    case CKK_RSA:
-        return "RSA";
-    case CKK_EC:
-        return "EC";
-    case CKK_DES3:
-        return "DES3";
-    case CKK_DES2:
-        return "DES2";
-    default:
-        return "Unknown key type";
-    }
-}
-
-CK_FUNCTION_LIST  *funcs;
-CK_BYTE           tokenNameBuf[32];
-const char        tokenName[] = "testToken";
-
-CK_UTF8CHAR         soPin[256] = {0};
-CK_UTF8CHAR         userPin[256] = {0};
-char                pkcs11LibName[1024] = {0};
-char                fileName[1024] = {0};
-int                 opMode = 0;
-
-void getArgs(int argc, char **argv) {
-    int c, n;
-
-    static struct option long_options[] = {
-        {"librarypath",    required_argument, NULL, 'p'},
-        {"SOpin",     required_argument, NULL, 's'},
-        {"userpin",   required_argument, NULL, 'u'},
-        {"mode", required_argument, NULL, 'm'},
-        {0, 0, 0, 0}
-    };
-
-    while (1)
-    {
-      c = getopt_long (argc, argv, "p:s:u:m:", long_options, NULL);
-
-      /* Detect the end of the options. */
-      if (c == -1)
-        break;
-
-      switch (c)
-        {
-        case 'p':
-          n = snprintf(pkcs11LibName, sizeof(pkcs11LibName), "%s", optarg);
-          if (n < strlen(optarg)) {
-              printf("Path to library is too long\n");
-              exit(1);
-          }
-          break;
-
-        case 's':
-            n = snprintf((char *)soPin, sizeof(soPin), "%s", optarg);
-            if (n < strlen(optarg)) {
-                printf("SO pin is too long\n");
-                exit(1);
-            }
-          break;
-
-        case 'u':
-            n = snprintf((char *)userPin, sizeof(userPin), "%s", optarg);
-            if (n < strlen(optarg)) {
-                printf("Normal user pin is too long\n");
-                exit(1);
-            }
-          break;
-
-        case 'm':
-            if (strncmp(optarg, "generate", strlen(optarg)) == 0) {
-                opMode = 1;
-            } else if (strncmp(optarg, "verify", strlen(optarg)) == 0) {
-                opMode = 2;
-            } else {
-                printf("Usage: ./pkcs11-checksum -p <path to pkcs11 library> -s <SO user API key> -u <normal user API key> "\
-                        "-m [generate|verify]\n");
-                exit(1);
-            }
-
-            break;
-
-        default:
-          printf("Usage: ./pkcs11-checksum -p <path to pkcs11 library> -s <SO user API key> -u <normal user API key> "\
-                  "-m [generate|verify]\n");
-          exit(1);
-        }
-    }
-
-    if (strlen((char *)soPin) == 0 || strlen((char *)userPin) == 0 || strlen(pkcs11LibName) == 0) {
-        printf("Usage: ./pkcs11-attrs -p <path to pkcs11 library> -s <SO user API key> -u <normal user API key>\n");
-        exit(1);
-    }
-}
-
-const char aesLabel[] = "AES_key";
-const char des3Label[] = "DES3_key";
-const char des2Label[] = "DES2_key";
-const char genericLable[] = "Generic_key";
-
-//
-int verifyChecksumFromFile(CK_SESSION_HANDLE session, CK_KEY_TYPE keyType) {
-    CK_MECHANISM     mech;
-    const char * pLabel;
-    CK_ULONG plainSize = 0, cipherSize = 0;
-    unsigned char plain[32]; // big enough to hold AES, DES3, DES2 and generic 00 block
-    unsigned char cipher[32]; // big enough to hold AES, DES3, DES2 and generic encryption output
-    unsigned char checksumFromFile[3];
-    unsigned char checksum[3];
-    CK_RV rc;
-    int iret = -1;
-
-    memset(plain, 0, sizeof(plain));
-    CK_ATTRIBUTE attrs_tmpl[] = {
-       {CKA_CHECK_VALUE, checksum,  sizeof(checksum) },
-    };
-
-    switch (keyType) {
-    case CKK_AES:
-        mech.mechanism = CKM_AES_ECB;
-        pLabel = aesLabel;
-        plainSize = 16;
-        cipherSize = 16;
-        break;
-    case CKK_DES3:
-        mech.mechanism = CKM_DES3_ECB;
-        pLabel = des3Label;
-        plainSize = 8;
-        cipherSize = 8;
-        break;
-    case CKK_DES2:
-        mech.mechanism = CKM_DES3_ECB; // CKM_DES3_ECB supports DES2
-        pLabel = des2Label;
-        plainSize = 8;
-        cipherSize = 8;
-        break;
-    default:
-        break;
-    }
-    mech.ulParameterLen = 0;
-    mech.pParameter     = NULL;
-    printf("Verifying %s key\n", getKeyTypeStr(keyType));
-
-    // Read checksum from file
-    int hfile = -1;
-    size_t ret = 0;
-    hfile = open(pLabel, O_RDONLY);
-    if (hfile < 0) {
-        printf("error opening file %s to read\n", pLabel);
-        goto exit_func;
-    }
-    ret = read(hfile, checksumFromFile, sizeof(checksumFromFile));
-    if (ret != sizeof(checksumFromFile)) {
-        printf("error reading file %s [%ld] \n", pLabel, ret);
-        close(hfile);
-        goto exit_func;
-    }
-    printf("Checksum [%02x:%02x:%02x] is loaded from file %s\n", checksumFromFile[0], checksumFromFile[1], checksumFromFile[2], pLabel);
-    close(hfile);
-
-    // Find the key
-    CK_OBJECT_HANDLE handles[1];
-    CK_OBJECT_HANDLE  hKey;
-    CK_ATTRIBUTE find_tmpl[] = {
-     {CKA_LABEL,  (CK_VOID_PTR)pLabel,    strlen(pLabel) },
-    };
-
-    rc = funcs->C_FindObjectsInit( session, find_tmpl, sizeof(find_tmpl)/sizeof(CK_ATTRIBUTE));
-    if (rc != CKR_OK) {
-       printf("error C_FindObjectsInit: rc=0x%04lx\n", rc);
-       goto exit_func;
-    }
-    CK_ULONG actualHandles = 0;
-    rc = funcs->C_FindObjects(session, handles, sizeof(handles)/sizeof(CK_OBJECT_HANDLE), &actualHandles);
-    if (rc != CKR_OK) {
-       printf("error C_FindObjects: rc=0x%04lx\n", rc );
-       goto exit_func;
-    }
-    if (actualHandles != 1) {
-        printf("error C_FindObjects: unexpected number of objects returned: %ld\n", actualHandles );
-        goto exit_func;
-    }
-    hKey = handles[0];
-    rc = funcs->C_FindObjectsFinal(session);
-    if (rc != CKR_OK) {
-       printf("error C_FindObjectsFinal: rc=0x%04lx\n", rc );
-       goto exit_func;
-    }
-
-    // Calculate checksum with key
-    rc = funcs->C_EncryptInit(session, &mech, hKey);
-    if (rc != CKR_OK) {
-        printf("error C_EncryptInit: rc=0x%04lx\n", rc );
-        goto exit_func;
-    }
-    rc = funcs->C_Encrypt(session, plain, plainSize, cipher, &cipherSize);
-    if (rc != CKR_OK) {
-        printf("error C_Encrypt: rc=0x%04lx\n", rc );
-        goto exit_func;
-    }
-    if (plainSize != cipherSize) {
-        printf("Cipher data length [%ld] does not match plain data length [%ld]\n", cipherSize, plainSize);
-        goto exit_func;
-    }
-    printf("Calculated checksum is [%02x:%02x:%02x]\n", cipher[0], cipher[1], cipher[2]);
-
-    // Compare checksum
-    if (memcmp(checksumFromFile, cipher, sizeof(checksumFromFile)) == 0) {
-        printf("Checksum matches\n");
-    } else {
-        printf("Checksum does not match\n");
-        goto exit_func;
-    }
-
-    iret = 1;
-
-exit_func:
-    return iret;
-}
-
-// This function returns 1, if successful. Save the key checksum into a file (e.g., AES_key)
-int generateKeyChecksum(CK_SESSION_HANDLE session, CK_KEY_TYPE keyType) {
-    static CK_BBOOL  isTrue = TRUE;
-    CK_MECHANISM     mech;
-    CK_ATTRIBUTE_PTR pGenKeyTmpl;
-    int attrAmt = 0;
-    const char * pLabel;
-    CK_OBJECT_HANDLE  hKey;
-    CK_RV rc;
-    int iret = -1;
-
-    unsigned char checksum[3];
-    CK_ATTRIBUTE attrs_tmpl[] = {
-            {CKA_CHECK_VALUE, checksum,  sizeof(checksum) },
-    };
-
-    // For AES
-    CK_ULONG aesKeyLen = 16;
-    CK_ATTRIBUTE aes_tmpl[] = {
-     {CKA_LABEL,        (CK_VOID_PTR)aesLabel,    strlen(aesLabel) },
-     {CKA_TOKEN,        &isTrue,     sizeof(isTrue) },
-     {CKA_VALUE_LEN,    &aesKeyLen,  sizeof(aesKeyLen) },
-     {CKA_ENCRYPT,      &isTrue,     sizeof(isTrue) },
-     {CKA_DECRYPT,      &isTrue,     sizeof(isTrue) },
-    };
-
-    // For DES3 TBD
-    CK_ATTRIBUTE des3_tmpl[] = {
-     {CKA_LABEL,        (CK_VOID_PTR)des3Label,    strlen(des3Label) },
-     {CKA_TOKEN,        &isTrue,     sizeof(isTrue) },
-     {CKA_ENCRYPT,      &isTrue,     sizeof(isTrue) },
-     {CKA_DECRYPT,      &isTrue,     sizeof(isTrue) },
-    };
-    // For DES2 TBD
-    CK_ATTRIBUTE des2_tmpl[] = {
-     {CKA_LABEL,        (CK_VOID_PTR)des2Label,    strlen(des2Label) },
-     {CKA_TOKEN,        &isTrue,     sizeof(isTrue) },
-     {CKA_ENCRYPT,      &isTrue,     sizeof(isTrue) },
-     {CKA_DECRYPT,      &isTrue,     sizeof(isTrue) },
-    };
-    // For generic key
-
-    switch (keyType) {
-    case CKK_AES:
-        pLabel = aesLabel;
-        pGenKeyTmpl = aes_tmpl;
-        attrAmt = sizeof(aes_tmpl) / sizeof(CK_ATTRIBUTE);
-        mech.mechanism      = CKM_AES_KEY_GEN;
-        break;
-    case CKK_DES3:
-        pLabel = des3Label;
-        pGenKeyTmpl = des3_tmpl;
-        attrAmt = sizeof(des3_tmpl) / sizeof(CK_ATTRIBUTE);
-        mech.mechanism      = CKM_DES3_KEY_GEN;
-        break;
-    case CKK_DES2:
-        pLabel = des2Label;
-        pGenKeyTmpl = des2_tmpl;
-        attrAmt = sizeof(des2_tmpl) / sizeof(CK_ATTRIBUTE);
-        mech.mechanism      = CKM_DES2_KEY_GEN;
-        break;
-    default:
-        break;
-    }
-
-    mech.ulParameterLen = 0;
-    mech.pParameter     = NULL;
-    printf("Generating %s key...\n", getKeyTypeStr(keyType));
-    rc = funcs->C_GenerateKey( session, &mech, pGenKeyTmpl, attrAmt, &hKey);
-    if (rc != CKR_OK) {
-        goto exit_func;
-    }
-
-    funcs->C_GetAttributeValue(session, hKey, attrs_tmpl, sizeof(attrs_tmpl)/sizeof(CK_ATTRIBUTE));
-    if (attrs_tmpl[0].ulValueLen == CK_UNAVAILABLE_INFORMATION)  {
-        printf("CKA_CHECK_VALUE is not available\n");
-    } else if (attrs_tmpl[0].ulValueLen != 3) {
-        printf("CKA_CHECK_VALUE is not %d bytes [%ld]\n", 3, attrs_tmpl[0].ulValueLen);
-    }
-
-    int hfile = -1, ret = -1;
-    hfile = open(pLabel, O_WRONLY|O_CREAT, 0666);
-    if (hfile < 0) {
-        printf("error opening file %s to write\n", pLabel);
-        goto exit_func;
-    }
-    ret = write(hfile, checksum, sizeof(checksum));
-    if (ret < 0) {
-        printf("error writing file %s\n", pLabel);
-        goto exit_func;
-    }
-    printf("checksum is saved into file %s\n", pLabel);
-    close(hfile);
-    iret = 1;
-
-exit_func:
-    return iret;
-}
-
-int main( int argc, char **argv )
-{
-   CK_C_INITIALIZE_ARGS  initArgs;
-   CK_RV                   rc;
-   CK_FLAGS                flags = 0;
-   CK_SESSION_HANDLE       session;
-   static CK_BBOOL         isTrue = TRUE;
-
-   CK_RV                   (*pFunc)();
-   void                    *pkcs11Lib;
- 
-   getArgs(argc, argv);
-
-   printf("Opening the PKCS11 library...\n");
-   pkcs11Lib = dlopen(pkcs11LibName, RTLD_NOW);
-   if ( pkcs11Lib == NULL ) {
-      printf("%s not found. Ensure that the PKCS11 library is in the system library path or LD_LIBRARY_PATH\n", pkcs11LibName);
-      return !CKR_OK;
-   }
- 
-   printf("Getting the PKCS11 function list...\n");
-   pFunc = (CK_RV (*)())dlsym(pkcs11Lib, "C_GetFunctionList");
-   if (pFunc == NULL ) {
-      printf("C_GetFunctionList() not found in module %s\n", pkcs11LibName);
-      return !CKR_OK;
-   }
-   rc = pFunc(&funcs);
-   if (rc != CKR_OK) {
-      printf("error C_GetFunctionList: rc=0x%04lx\n", rc );
-      return !CKR_OK;
-   }
- 
-   printf("Initializing the PKCS11 environment...\n");
-   memset( &initArgs, 0x0, sizeof(initArgs) );
-   rc = funcs->C_Initialize( &initArgs );
-   if (rc != CKR_OK) {
-      printf("error C_Initialize: rc=0x%04lx\n", rc );
-      return !CKR_OK;
-   }
-
-   printf("Initializing the token... \n");
-   memset(tokenNameBuf, ' ', sizeof(tokenNameBuf)); /* Token name is left justified, padded with blanks */
-   memcpy(tokenNameBuf, tokenName, strlen(tokenName));
-
-   /* C_InitToken cleans up private and public keystores. This only needs to be done once.
-    * Subsequent C_InitToken calls will delete any existing keys within the keystores
-    */
-   if (opMode == 1) {
-       // Only init token when generating new keys. Do not do that when finding a key
-       rc = funcs->C_InitToken(0, soPin, strlen((const char *) soPin), tokenNameBuf);
-       if (rc != CKR_OK) {
-          printf("error C_InitToken: rc=0x%04lx\n", rc );
-          funcs->C_Finalize( NULL );
-          return !CKR_OK;
-       }
-   }
- 
-   flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
-   printf("Opening a session... \n");
-   rc = funcs->C_OpenSession( 0, flags, (CK_VOID_PTR) NULL, NULL, &session );
-   if (rc != CKR_OK) {
-      printf("error C_OpenSession: rc=0x%04lx\n", rc );
-      funcs->C_Finalize( NULL );
-      return !CKR_OK;
-   }
- 
-   printf("Logging in as normal user... \n");
-   rc = funcs->C_Login( session, CKU_USER, userPin, strlen((const char *) userPin));
-   if (rc != CKR_OK) {
-      printf("error C_Login: rc=0x%04lx\n", rc );
-      funcs->C_Finalize( NULL );
-      return !CKR_OK;
-   }
-
-   if (opMode == 1) {
-       if (generateKeyChecksum(session, CKK_AES) != 1) {
-           printf("Failed to generate AES key\n");
-           funcs->C_Finalize( NULL );
-           return !CKR_OK;
-       }
-       if (generateKeyChecksum(session, CKK_DES3) != 1) {
-           printf("Failed to generate DES3 key\n");
-           funcs->C_Finalize( NULL );
-           return !CKR_OK;
-       }
-       if (generateKeyChecksum(session, CKK_DES2) != 1) {
-           printf("Failed to generate DES2 key\n");
-           funcs->C_Finalize( NULL );
-           return !CKR_OK;
-       }
-   } else {
-       if (verifyChecksumFromFile(session, CKK_AES) != 1) {
-           printf("Failed to verify AES key\n");
-           funcs->C_Finalize( NULL );
-           return !CKR_OK;
-       }
-       if (verifyChecksumFromFile(session, CKK_DES3) != 1) {
-           printf("Failed to verify DES3 key\n");
-           funcs->C_Finalize( NULL );
-           return !CKR_OK;
-       }
-       if (verifyChecksumFromFile(session, CKK_DES2) != 1) {
-           printf("Failed to verify DES2 key\n");
-           funcs->C_Finalize( NULL );
-           return !CKR_OK;
-       }
-   }
-
-   printf("Logging out... \n");
-   rc = funcs->C_Logout(session);
-   if (rc != CKR_OK) {
-      printf("error C_Logout: rc=0x%04lx\n", rc );
-      funcs->C_Finalize( NULL );
-      return !CKR_OK;
-   }
-
-   printf("Closing the session... \n");
-   rc = funcs->C_CloseSession( session );
-   if (rc != CKR_OK) {
-      printf("error C_CloseSession: rc=0x%04lx\n", rc );
-      return !CKR_OK;
-   }
-
-   printf("Finalizing... \n");
-   rc = funcs->C_Finalize( NULL );
-   if (rc != CKR_OK) {
-      printf("error C_Finalize: rc=0x%04lx\n", rc );
-      return !CKR_OK;
-   }
-   printf("Sample completed successfully!\n");
-   return 0;
-}
-
diff --git a/hpcs-pkcs11/samples/pkcs11-crypto.c b/hpcs-pkcs11/samples/pkcs11-crypto.c
deleted file mode 100644
index ac79ad8ed..000000000
--- a/hpcs-pkcs11/samples/pkcs11-crypto.c
+++ /dev/null
@@ -1,394 +0,0 @@
-/****************************************************************
- * Copyright IBM Corp. All Rights Reserved.
- *
- * SPDX-License-Identifier: Apache-2.0
- *
- * pkcs11-crypto.c
- *
- * A sample application to interact with the HPCS PKCS11 library
- * 
- * Compile using:
- * gcc -o pkcs11-crypto pkcs11-crypto.c -ldl
- * 
- * Updates to be made within this source file:
- * Replace the text <so-user-api-key> with the SO user's PIN.
- * Replace the text <normal-user-api-key> with the normal user's PIN.
- * Replace the text <pkcs11-library> with name of your pkcs11 library.
- * 
- * Ensure that your pkcs11 library is in your library path (LD_LIBRARY_PATH)
- * and the grep11client.yaml PKCS11 configuration file is in the /etc/ep11client directory. You may
- * need to create the /etc/ep11client directory, if it does not exist.
- *
- * NOTE: This sample code is expecting a default library name of pkcs11-grep11.so (See the pkcs11LibName variable).
- *       Feel free to change the name to match your pkcs11 library name.
- *
- * Please refer to https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-set-up-pkcs-api
- * for more information about the setup of the PKCS11 library and its configuration file.
- * 
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <memory.h>
-#include <dlfcn.h>
-#include <sys/timeb.h>
-#include "sample.h"
-
-CK_FUNCTION_LIST  *funcs;
-CK_BYTE           tokenNameBuf[32];
-const char        tokenName[] = "testToken";
-
-int main( int argc, char **argv )
-{
-    CK_C_INITIALIZE_ARGS  initArgs;
-    CK_RV                   rc;
-    CK_FLAGS                flags = 0;
-    CK_SESSION_HANDLE       session;
-    CK_MECHANISM            mech;
-    CK_OBJECT_HANDLE        publicKey, privateKey, aesKey;
-    static CK_BBOOL         isTrue = TRUE;
-
-    CK_RV                   (*pFunc)();
-    void                    *pkcs11Lib;
-    CK_UTF8CHAR_PTR         soPin = (unsigned char *) "<so-user-api-key>";
-    CK_UTF8CHAR_PTR         userPin = (unsigned char *) "<normal-user-api-key>";
-    char                    pkcs11LibName[] = "pkcs11-grep11.so";
-
-    printf("Opening the PKCS11 library...\n");
-    pkcs11Lib = dlopen(pkcs11LibName, RTLD_NOW);
-    if ( pkcs11Lib == NULL ) {
-        printf("%s not found. Ensure that the PKCS11 library is in the system library path or LD_LIBRARY_PATH\n", pkcs11LibName);
-        return !CKR_OK;
-    }
-
-    printf("Getting the PKCS11 function list...\n");
-    pFunc = (CK_RV (*)())dlsym(pkcs11Lib, "C_GetFunctionList");
-    if (pFunc == NULL ) {
-        printf("C_GetFunctionList() not found in module %s\n", pkcs11LibName);
-        return !CKR_OK;
-    }
-    rc = pFunc(&funcs);
-    if (rc != CKR_OK) {
-        printf("error C_GetFunctionList: rc=0x%04lx\n", rc );
-        return !CKR_OK;
-    }
-
-    printf("Initializing the PKCS11 environment...\n");
-    memset( &initArgs, 0x0, sizeof(initArgs) );
-    rc = funcs->C_Initialize( &initArgs );
-    if (rc != CKR_OK) {
-        printf("error C_Initialize: rc=0x%04lx\n", rc );
-        return !CKR_OK;
-    }
-
-    printf("Initializing the token... \n");
-    memset(tokenNameBuf, ' ', sizeof(tokenNameBuf)); /* Token name is left justified, padded with blanks */
-    memcpy(tokenNameBuf, tokenName, strlen(tokenName));
-
-    /* C_InitToken cleans up private and public keystore thus only needs to be done once.
-     * Subsequent C_InitToken calls will delete any existing keys within the keystores
-     */
-    rc= funcs->C_InitToken(0, soPin, strlen((const char *) soPin), tokenNameBuf);
-    if (rc != CKR_OK) {
-        printf("error C_InitToken: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
-    printf("Opening a session... \n");
-    rc = funcs->C_OpenSession( 0, flags, (CK_VOID_PTR) NULL, NULL, &session );
-    if (rc != CKR_OK) {
-        printf("error C_OpenSession: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    printf("Logging in as normal user... \n");
-    rc = funcs->C_Login( session, CKU_USER, userPin, strlen((const char *) userPin));
-    if (rc != CKR_OK) {
-        printf("error C_Login: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    // User AES key to encrypt & decrypt
-    printf("Generating AES key... \n");
-    CK_ULONG aesKeyLen = 16;
-    CK_ATTRIBUTE aes_tmpl[] = {
-        {CKA_TOKEN,        &isTrue,     sizeof(isTrue) },
-        {CKA_VALUE_LEN,    &aesKeyLen,  sizeof(aesKeyLen) },
-        {CKA_ENCRYPT,      &isTrue,     sizeof(isTrue) },
-        {CKA_DECRYPT,      &isTrue,     sizeof(isTrue) },
-    };
-    mech.mechanism      = CKM_AES_KEY_GEN;
-    mech.ulParameterLen = 0;
-    mech.pParameter     = NULL;
-
-    rc = funcs->C_GenerateKey( session, &mech, aes_tmpl, sizeof(aes_tmpl)/sizeof(CK_ATTRIBUTE), &aesKey);
-    if (rc != CKR_OK) {
-        printf("error C_GenerateKey: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    CK_BYTE iv[16];
-    rc = funcs->C_GenerateRandom(session, (CK_BYTE_PTR)iv, sizeof(iv));
-    if (rc != CKR_OK) {
-        printf("error C_GenerateRandom: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    CK_BYTE clearTxt[] = "this is clear text to be encrypted";
-    CK_ULONG clearTxtLen = strlen(clearTxt);
-    CK_BYTE encrypted[64]; // input length rounded up to multiple of the block size (16 bytes)
-    CK_ULONG encryptedLen = sizeof(encrypted);
-    CK_BYTE decrypted[64];
-    CK_ULONG decryptedLen = sizeof(decrypted);
-
-    mech.mechanism      = CKM_AES_CBC_PAD;
-    mech.ulParameterLen = sizeof(iv);
-    mech.pParameter     = &iv;
-
-    printf("Encrypting with AES key by using C_EncryptInit/C_Encrypt functions... \n");
-    rc = funcs->C_EncryptInit(session, &mech, aesKey);
-    if (rc != CKR_OK) {
-        printf("error C_EncryptInit: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    rc = funcs->C_Encrypt(session, clearTxt, clearTxtLen, encrypted, &encryptedLen);
-    if (rc != CKR_OK) {
-        printf("error C_Encrypt: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    printf("Decrypting with AES key by using C_DecryptInit/C_Decrypt functions... \n");
-    rc = funcs->C_DecryptInit(session, &mech, aesKey);
-    if (rc != CKR_OK) {
-        printf("error C_DecryptInit: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    rc = funcs->C_Decrypt(session, encrypted, encryptedLen, decrypted, &decryptedLen);
-    if (rc != CKR_OK) {
-        printf("error C_Decrypt: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    if ( decryptedLen != clearTxtLen || memcmp(clearTxt, decrypted, decryptedLen) != 0) {
-        printf("Clear text is different from decrypted data[%lu]\n", decryptedLen);
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    printf("Encrypting with AES key by using C_EncryptInit/C_EncryptUpdate/C_EncryptFinal functions... \n");
-    rc = funcs->C_EncryptInit(session, &mech, aesKey);
-    if (rc != CKR_OK) {
-        printf("error C_EncryptInit: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    // Encrypt the first chunk, 16 bytes
-    CK_BYTE tmp[64];
-    CK_ULONG tmplen = sizeof(tmp);
-    encryptedLen = 0;
-    rc = funcs->C_EncryptUpdate(session, clearTxt, 16, tmp, &tmplen);
-    if (rc != CKR_OK) {
-        printf("error C_EncryptUpdate: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-    memcpy(encrypted, tmp, tmplen);
-    encryptedLen += tmplen;
-
-    // Encrypt the second chunk, 16 bytes
-    tmplen = sizeof(tmp);
-    rc = funcs->C_EncryptUpdate(session, &clearTxt[16], 16, tmp, &tmplen);
-    if (rc != CKR_OK) {
-        printf("error C_EncryptUpdate: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-    memcpy(&encrypted[encryptedLen], tmp, tmplen);
-    encryptedLen += tmplen;
-
-    // Encrypt the rest bytes
-    tmplen = sizeof(tmp);
-    rc = funcs->C_EncryptUpdate(session, &clearTxt[32], (int)clearTxtLen - 32, tmp, &tmplen);
-    if (rc != CKR_OK) {
-        printf("error C_EncryptUpdate: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-    memcpy(&encrypted[encryptedLen], tmp, tmplen);
-    encryptedLen += tmplen;
-
-    tmplen = sizeof(tmp);
-    rc = funcs->C_EncryptFinal(session, tmp, &tmplen);
-    if (rc != CKR_OK) {
-        printf("error C_EncryptFinal: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-    memcpy(&encrypted[encryptedLen], tmp, tmplen);
-    encryptedLen += tmplen;
-
-    printf("Decrypting with AES key by using C_DecryptInit/C_DecryptUpdate/C_DecryptFinal functions... \n");
-    rc = funcs->C_DecryptInit(session, &mech, aesKey);
-    if (rc != CKR_OK) {
-        printf("error C_DecryptInit: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    // Decrypt the first chunk, 16 bytes
-    decryptedLen = 0;
-    tmplen = sizeof(tmp);
-    rc = funcs->C_DecryptUpdate(session, encrypted, 16, tmp, &tmplen);
-    if (rc != CKR_OK) {
-        printf("error C_DecryptUpdate: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-    memcpy(decrypted, tmp, tmplen);
-    decryptedLen += tmplen;
-
-    // Decrypt the second chunk, 16 bytes
-    tmplen = sizeof(tmp);
-    rc = funcs->C_DecryptUpdate(session, &encrypted[16], 16, tmp, &tmplen);
-    if (rc != CKR_OK) {
-        printf("error C_DecryptUpdate: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-    memcpy(&decrypted[decryptedLen], tmp, tmplen);
-    decryptedLen += tmplen;
-
-    // Decrypt the rest bytes
-    tmplen = sizeof(tmp);
-    rc = funcs->C_DecryptUpdate(session, &encrypted[32], (int)encryptedLen - 32, tmp, &tmplen);
-    if (rc != CKR_OK) {
-        printf("error C_DecryptUpdate: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-    memcpy(&decrypted[decryptedLen], tmp, tmplen);
-    decryptedLen += tmplen;
-
-    tmplen = sizeof(tmp);
-    rc = funcs->C_DecryptFinal(session, tmp, &tmplen);
-    if (rc != CKR_OK) {
-        printf("error C_DecryptFinal: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-    memcpy(&decrypted[decryptedLen], tmp, tmplen);
-    decryptedLen += tmplen;
-
-    if ( decryptedLen != clearTxtLen || memcmp(clearTxt, decrypted, decryptedLen) != 0) {
-        printf("Clear text is different from decrypted data[%lu]\n", decryptedLen);
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    // Use ECDSA key to sign & verify
-    printf("Generating ECDSA key pair... \n");
-    /* Attributes for the public key to be generated */
-    CK_BYTE curve_name[] = "P-256";
-    CK_ATTRIBUTE pub_tmpl[] = {
-        {CKA_TOKEN,           &isTrue, sizeof(isTrue) },
-        {CKA_EC_PARAMS,       &curve_name,   strlen( (const char *) curve_name) },
-        {CKA_VERIFY,          &isTrue,  sizeof(isTrue) },
-    };
-
-    /* Attributes for the private key to be generated */
-    CK_ATTRIBUTE priv_tmpl[] =
-    {
-        {CKA_TOKEN,    &isTrue, sizeof(isTrue) },
-        {CKA_SIGN,     &isTrue, sizeof(isTrue) }
-    };
-    mech.mechanism      = CKM_EC_KEY_PAIR_GEN;
-    mech.ulParameterLen = 0;
-    mech.pParameter     = NULL;
-
-    rc = funcs->C_GenerateKeyPair( session,   &mech,
-            pub_tmpl,   sizeof(pub_tmpl)/sizeof(CK_ATTRIBUTE),
-            priv_tmpl,  sizeof(priv_tmpl)/sizeof(CK_ATTRIBUTE),
-            &publicKey, &privateKey );
-    if (rc != CKR_OK) {
-        printf("error C_GenerateKeyPair: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    printf("Signing with ECDSA private key... \n");
-    CK_BYTE dataToBeSigned[] = "This is data to be signed";
-    CK_ULONG dataToBeSignedLen = sizeof(dataToBeSigned) - 1;
-    CK_BYTE signature[64]; // minimum 64 bytes in P-256 case
-    CK_ULONG signatureLen = sizeof(signature);
-
-    mech.mechanism      = CKM_ECDSA;
-    mech.ulParameterLen = 0;
-    mech.pParameter     = NULL;
-
-    rc = funcs->C_SignInit(session, &mech, privateKey);
-    if (rc != CKR_OK) {
-        printf("error C_SignInit: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    rc = funcs->C_Sign(session, dataToBeSigned, dataToBeSignedLen, signature, &signatureLen);
-    if (rc != CKR_OK) {
-        printf("error C_Sign: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    printf("Verifying with ECDSA public key... \n");
-    rc = funcs->C_VerifyInit(session, &mech, publicKey);
-    if (rc != CKR_OK) {
-        printf("error C_VerifyInit: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    rc = funcs->C_Verify(session, dataToBeSigned, dataToBeSignedLen, signature, signatureLen);
-    if (rc != CKR_OK) {
-        printf("error C_Verify: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    printf("Logging out... \n");
-    rc = funcs->C_Logout(session);
-    if (rc != CKR_OK) {
-        printf("error C_Logout: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    printf("Closing the session... \n");
-    rc = funcs->C_CloseSession( session );
-    if (rc != CKR_OK) {
-        printf("error C_CloseSession: rc=0x%04lx\n", rc );
-        return !CKR_OK;
-    }
-
-    printf("Finalizing... \n");
-    rc = funcs->C_Finalize( NULL );
-    if (rc != CKR_OK) {
-        printf("error C_Finalize: rc=0x%04lx\n", rc );
-        return !CKR_OK;
-    }
-    printf("Sample completed successfully!\n");
-    return 0;
-}
diff --git a/hpcs-pkcs11/samples/pkcs11-dilithium.c b/hpcs-pkcs11/samples/pkcs11-dilithium.c
deleted file mode 100644
index 12b55d628..000000000
--- a/hpcs-pkcs11/samples/pkcs11-dilithium.c
+++ /dev/null
@@ -1,213 +0,0 @@
- /****************************************************************
- * Copyright IBM Corp. All Rights Reserved.
- *
- * SPDX-License-Identifier: Apache-2.0
- *
- * pkcs11-dilithium.c
- *
- * A sample application to interact with the HPCS PKCS11 library
- * 
- * Compile using:
- * gcc -o pkcs11-dilithium pkcs11-dilithium.c -ldl
- * 
- * Updates to be made within this source file:
- * Replace the text <so-user-api-key> with the SO user's PIN.
- * Replace the text <normal-user-api-key> with the normal user's PIN.
- * Replace the text <pkcs11-library> with name of your pkcs11 library.
- * 
- * Ensure that your pkcs11 library is in your library path (LD_LIBRARY_PATH)
- * and the grep11client.yaml PKCS11 configuration file is in the /etc/ep11client directory. You may
- * need to create the /etc/ep11client directory, if it does not exist.
- *
- * NOTE: This sample code is expecting a default library name of pkcs11-grep11.so (See the pkcs11LibName variable).
- *       Feel free to change the name to match your pkcs11 library name.
- *
- * Please refer to https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-set-up-pkcs-api
- * for more information about the setup of the PKCS11 library and its configuration file.
- * 
- */
- 
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <memory.h>
-#include <dlfcn.h>
-#include <sys/timeb.h>
-#include "sample.h"
-
-CK_FUNCTION_LIST  *funcs;
-CK_BYTE           tokenNameBuf[32];
-const char        tokenName[] = "testToken";
-
-int main( int argc, char **argv )
-{
-   CK_C_INITIALIZE_ARGS  initArgs;
-   CK_RV                   rc;
-   CK_FLAGS                flags = 0;
-   CK_SESSION_HANDLE       session;
-   CK_MECHANISM            mech;
-   CK_OBJECT_HANDLE        publicKey, privateKey, aesKey;
-   static CK_BBOOL         isTrue = TRUE;
-   static CK_BBOOL         isFalse = FALSE;
-
-   CK_RV                   (*pFunc)();
-   void                    *pkcs11Lib;
-   CK_UTF8CHAR_PTR         soPin = (unsigned char *) "<so-user-api-key>";
-   CK_UTF8CHAR_PTR         userPin = (unsigned char *) "<normal-user-api-key>";
-   char                    pkcs11LibName[] = "pkcs11-grep11.so";
- 
-   printf("Opening the PKCS11 library...\n");
-   pkcs11Lib = dlopen(pkcs11LibName, RTLD_NOW);
-   if ( pkcs11Lib == NULL ) {
-      printf("%s not found. Ensure that the PKCS11 library is in the system library path or LD_LIBRARY_PATH\n", pkcs11LibName);
-      return !CKR_OK;
-   }
- 
-   printf("Getting the PKCS11 function list...\n");
-   pFunc = (CK_RV (*)())dlsym(pkcs11Lib, "C_GetFunctionList");
-   if (pFunc == NULL ) {
-      printf("C_GetFunctionList() not found in module %s\n", pkcs11LibName);
-      return !CKR_OK;
-   }
-   rc = pFunc(&funcs);
-   if (rc != CKR_OK) {
-      printf("error C_GetFunctionList: rc=0x%04lx\n", rc );
-      return !CKR_OK;
-   }
- 
-   printf("Initializing the PKCS11 environment...\n");
-   memset( &initArgs, 0x0, sizeof(initArgs) );
-   rc = funcs->C_Initialize( &initArgs );
-   if (rc != CKR_OK) {
-      printf("error C_Initialize: rc=0x%04lx\n", rc );
-      return !CKR_OK;
-   }
-
-   printf("Initializing the token... \n");
-   memset(tokenNameBuf, ' ', sizeof(tokenNameBuf)); /* Token name is left justified, padded with blanks */
-   memcpy(tokenNameBuf, tokenName, strlen(tokenName));
-
-   /* C_InitToken cleans up private and public keystore thus only needs to be done once.
-    * Subsequent C_InitToken calls will delete any existing keys within the keystores
-    */
-   rc= funcs->C_InitToken(0, soPin, strlen((const char *) soPin), tokenNameBuf);
-   if (rc != CKR_OK) {
-      printf("error C_InitToken: rc=0x%04lx\n", rc );
-      funcs->C_Finalize( NULL );
-      return !CKR_OK;
-   }
- 
-   flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
-   printf("Opening a session... \n");
-   rc = funcs->C_OpenSession( 0, flags, (CK_VOID_PTR) NULL, NULL, &session );
-   if (rc != CKR_OK) {
-      printf("error C_OpenSession: rc=0x%04lx\n", rc );
-      funcs->C_Finalize( NULL );
-      return !CKR_OK;
-   }
- 
-   printf("Logging in as normal user... \n");
-   rc = funcs->C_Login( session, CKU_USER, userPin, strlen((const char *) userPin));
-   if (rc != CKR_OK) {
-      printf("error C_Login: rc=0x%04lx\n", rc );
-      funcs->C_Finalize( NULL );
-      return !CKR_OK;
-   }
-
-   // Use Dilithium key to sign & verify
-   printf("Generating Dilithium key pair... \n");
-   /* Attributes for the public key to be generated */
-   CK_KEY_TYPE keyType = CKK_IBM_PQC_DILITHIUM;
-   CK_BYTE dilithium[] = {0x06, 0x0b, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b, 0x01, 0x06, 0x05};
-   CK_ATTRIBUTE pub_tmpl[] = {
-      {CKA_TOKEN,           &isTrue, sizeof(isTrue) },
-      {CKA_IBM_PQC_PARAMS,  &dilithium,   sizeof(dilithium) },
-      {CKA_VERIFY,          &isTrue,  sizeof(isTrue) },
-      {CKA_KEY_TYPE,        &keyType, sizeof(keyType) },
-   };
- 
-   /* Attributes for the private key to be generated */
-   CK_ATTRIBUTE priv_tmpl[] =
-   {
-      {CKA_TOKEN,           &isTrue, sizeof(isTrue) },
-      {CKA_SIGN,            &isTrue, sizeof(isTrue) },
-      {CKA_EXTRACTABLE,     &isFalse,  sizeof(isFalse) },
-      {CKA_KEY_TYPE,        &keyType, sizeof(keyType) },
-   };
-   mech.mechanism      = CKM_IBM_DILITHIUM;
-   mech.ulParameterLen = 0;
-   mech.pParameter     = NULL;
- 
-   rc = funcs->C_GenerateKeyPair( session,   &mech,
-                                  pub_tmpl,   sizeof(pub_tmpl)/sizeof(CK_ATTRIBUTE),
-                                  priv_tmpl,  sizeof(priv_tmpl)/sizeof(CK_ATTRIBUTE),
-                                  &publicKey, &privateKey );
-   if (rc != CKR_OK) {
-      printf("error C_GenerateKeyPair: rc=0x%04lx\n", rc );
-      funcs->C_Finalize( NULL );
-      return !CKR_OK;
-   }
-
-   printf("Signing with Dilithium private key... \n");
-   CK_BYTE dataToBeSigned[] = "This is data to be signed";
-   CK_ULONG dataToBeSignedLen = sizeof(dataToBeSigned) - 1;
-   CK_BYTE signature[10240];
-   CK_ULONG signatureLen = sizeof(signature);
-
-   mech.mechanism      = CKM_IBM_DILITHIUM;
-   mech.ulParameterLen = 0;
-   mech.pParameter     = NULL;
-
-   rc = funcs->C_SignInit(session, &mech, privateKey);
-   if (rc != CKR_OK) {
-      printf("error C_SignInit: rc=0x%04lx\n", rc );
-      funcs->C_Finalize( NULL );
-      return !CKR_OK;
-   }
-
-   rc = funcs->C_Sign(session, dataToBeSigned, dataToBeSignedLen, signature, &signatureLen);
-   if (rc != CKR_OK) {
-      printf("error C_Sign: rc=0x%04lx\n", rc );
-      funcs->C_Finalize( NULL );
-      return !CKR_OK;
-   }
-
-   printf("Verifying with Dilithium public key... \n");
-   rc = funcs->C_VerifyInit(session, &mech, publicKey);
-   if (rc != CKR_OK) {
-      printf("error C_VerifyInit: rc=0x%04lx\n", rc );
-      funcs->C_Finalize( NULL );
-      return !CKR_OK;
-   }
-
-   rc = funcs->C_Verify(session, dataToBeSigned, dataToBeSignedLen, signature, signatureLen);
-   if (rc != CKR_OK) {
-      printf("error C_Verify: rc=0x%04lx\n", rc );
-      funcs->C_Finalize( NULL );
-      return !CKR_OK;
-   }
-
-   printf("Logging out... \n");
-   rc = funcs->C_Logout(session);
-   if (rc != CKR_OK) {
-      printf("error C_Logout: rc=0x%04lx\n", rc );
-      funcs->C_Finalize( NULL );
-      return !CKR_OK;
-   }
-
-   printf("Closing the session... \n");
-   rc = funcs->C_CloseSession( session );
-   if (rc != CKR_OK) {
-      printf("error C_CloseSession: rc=0x%04lx\n", rc );
-      return !CKR_OK;
-   }
-
-   printf("Finalizing... \n");
-   rc = funcs->C_Finalize( NULL );
-   if (rc != CKR_OK) {
-      printf("error C_Finalize: rc=0x%04lx\n", rc );
-      return !CKR_OK;
-   }
-   printf("Sample completed successfully!\n");
-   return 0;
-}
diff --git a/hpcs-pkcs11/samples/pkcs11-object.c b/hpcs-pkcs11/samples/pkcs11-object.c
deleted file mode 100644
index e0f9971f1..000000000
--- a/hpcs-pkcs11/samples/pkcs11-object.c
+++ /dev/null
@@ -1,225 +0,0 @@
-/****************************************************************
- * Copyright IBM Corp. All Rights Reserved.
- *
- * SPDX-License-Identifier: Apache-2.0
- *
- * pkcs11-object.c
- *
- * A sample application to interact with the HPCS PKCS11 library
- * 
- * Compile using:
- * gcc -o pkcs11-object pkcs11-object.c -ldl
- * 
- * Updates to be made within this source file:
- * Replace the text <so-user-api-key> with the SO user's PIN.
- * Replace the text <normal-user-api-key> with the normal user's PIN.
- * Replace the text <pkcs11-library> with name of your pkcs11 library.
- * 
- * Ensure that your pkcs11 library is in your library path (LD_LIBRARY_PATH)
- * and the grep11client.yaml PKCS11 configuration file is in the /etc/ep11client directory. You may
- * need to create the /etc/ep11client directory, if it does not exist.
- *
- * NOTE: This sample code is expecting a default library name of pkcs11-grep11.so (See the pkcs11LibName variable).
- *       Feel free to change the name to match your pkcs11 library name.
- *
- * Please refer to https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-set-up-pkcs-api
- * for more information about the setup of the PKCS11 library and its configuration file.
- * 
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <memory.h>
-#include <dlfcn.h>
-#include <sys/timeb.h>
-#include "sample.h"
-
-CK_FUNCTION_LIST  *funcs;
-CK_BYTE           tokenNameBuf[32];
-const char        tokenName[] = "testToken";
-
-int main( int argc, char **argv )
-{
-    CK_C_INITIALIZE_ARGS  initArgs;
-    CK_RV                   rc;
-    CK_FLAGS                flags = 0;
-    CK_SESSION_HANDLE       session;
-    CK_OBJECT_HANDLE        pubObject, privObject;
-    static CK_BBOOL         isTrue = TRUE;
-    static CK_BBOOL         isFalse = FALSE;
-    CK_MECHANISM            mech;
-
-    CK_RV                   (*pFunc)();
-    void                    *pkcs11Lib;
-    CK_UTF8CHAR_PTR         soPin = (unsigned char *) "<so-user-api-key>";
-    CK_UTF8CHAR_PTR         userPin = (unsigned char *) "<normal-user-api-key>";
-    char                    pkcs11LibName[] = "pkcs11-grep11.so";
-
-    printf("Opening the PKCS11 library...\n");
-    pkcs11Lib = dlopen(pkcs11LibName, RTLD_NOW);
-    if ( pkcs11Lib == NULL ) {
-        printf("%s not found. Ensure that the PKCS11 library is in the system library path or LD_LIBRARY_PATH\n", pkcs11LibName);
-        return !CKR_OK;
-    }
-
-    printf("Getting the PKCS11 function list...\n");
-    pFunc = (CK_RV (*)())dlsym(pkcs11Lib, "C_GetFunctionList");
-    if (pFunc == NULL ) {
-        printf("C_GetFunctionList() not found in module %s\n", pkcs11LibName);
-        return !CKR_OK;
-    }
-    rc = pFunc(&funcs);
-    if (rc != CKR_OK) {
-        printf("error C_GetFunctionList: rc=0x%04lx\n", rc );
-        return !CKR_OK;
-    }
-
-    printf("Initializing the PKCS11 environment...\n");
-    memset( &initArgs, 0x0, sizeof(initArgs) );
-    rc = funcs->C_Initialize( &initArgs );
-    if (rc != CKR_OK) {
-        printf("error C_Initialize: rc=0x%04lx\n", rc );
-        return !CKR_OK;
-    }
-
-    printf("Initializing the token... \n");
-    memset(tokenNameBuf, ' ', sizeof(tokenNameBuf)); /* Token name is left justified, padded with blanks */
-    memcpy(tokenNameBuf, tokenName, strlen(tokenName));
-
-    /* C_InitToken cleans up private and public keystore thus only needs to be done once.
-     * Subsequent C_InitToken calls will delete any existing keys within the keystores
-     */
-    rc= funcs->C_InitToken(0, soPin, strlen((const char *) soPin), tokenNameBuf);
-    if (rc != CKR_OK) {
-        printf("error C_InitToken: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
-    printf("Opening a session... \n");
-    rc = funcs->C_OpenSession( 0, flags, (CK_VOID_PTR) NULL, NULL, &session );
-    if (rc != CKR_OK) {
-        printf("error C_OpenSession: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    printf("Logging in as normal user... \n");
-    rc = funcs->C_Login( session, CKU_USER, userPin, strlen((const char *) userPin));
-    if (rc != CKR_OK) {
-        printf("error C_Login: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    printf("Generating ED25519 public object... \n");
-    CK_OBJECT_CLASS objClass = CKO_PUBLIC_KEY;
-    CK_KEY_TYPE keyType = CKK_ECDSA;
-    CK_BYTE curve_oid[] = {0x06, 0x03, 0x2b, 0x65, 0x70};
-    CK_BYTE ec_point[] = {0x38, 0xf9, 0x52, 0x1b, 0xdd, 0x5d, 0xaa, 0x8e, 0x78, 0xcd, 0x12, 0x5b, 0x57, 0x53, 0x1b, 0x07,
-                          0xd5, 0xe7, 0x85, 0x91, 0x62, 0x34, 0x90, 0x83, 0x0d, 0x2a, 0x5e, 0x32, 0x57, 0x53, 0xf8, 0xed}; 
-    CK_ATTRIBUTE pub_tmpl[] = {
-        {CKA_TOKEN,        &isTrue,     sizeof(isTrue) },
-        {CKA_CLASS,        &objClass,   sizeof(objClass) },
-        {CKA_KEY_TYPE,     &keyType,    sizeof(keyType) },
-        {CKA_PRIVATE,      &isFalse,    sizeof(isFalse) },
-        {CKA_VERIFY,       &isTrue,     sizeof(isTrue) },
-        {CKA_EC_PARAMS,    &curve_oid,  sizeof(curve_oid) },
-        {CKA_EC_POINT,     &ec_point,   sizeof(ec_point) },
-    };
-
-    rc = funcs->C_CreateObject(session, pub_tmpl, sizeof(pub_tmpl)/sizeof(CK_ATTRIBUTE), &pubObject);
-    if (rc != CKR_OK) {
-        printf("error C_CreateObject: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    printf("Generating ED25519 private object... \n");
-    objClass = CKO_PRIVATE_KEY;
-    CK_BYTE value[] = {0xf1, 0x4a, 0x91, 0x00, 0x5f, 0xd6, 0xdb, 0xf7, 0x6f, 0x67, 0x1d, 0x70, 0xbd, 0xc7, 0xb0, 0x91,
-                          0x5b, 0x89, 0xba, 0xb9, 0x6a, 0x60, 0x7c, 0xd8, 0x55, 0xad, 0x32, 0x56, 0xb1, 0x9b, 0x02, 0x74,
-                          0x38, 0xf9, 0x52, 0x1b, 0xdd, 0x5d, 0xaa, 0x8e, 0x78, 0xcd, 0x12, 0x5b, 0x57, 0x53, 0x1b, 0x07,
-                          0xd5, 0xe7, 0x85, 0x91, 0x62, 0x34, 0x90, 0x83, 0x0d, 0x2a, 0x5e, 0x32, 0x57, 0x53, 0xf8, 0xed}; 
-    CK_ATTRIBUTE priv_tmpl[] = {
-        {CKA_TOKEN,        &isTrue,     sizeof(isTrue) },
-        {CKA_CLASS,        &objClass,   sizeof(objClass) },
-        {CKA_KEY_TYPE,     &keyType,    sizeof(keyType) },
-        {CKA_PRIVATE,      &isTrue,     sizeof(isTrue) },
-        {CKA_SIGN,         &isTrue,     sizeof(isTrue) },
-        {CKA_EC_PARAMS,    &curve_oid,  sizeof(curve_oid) },
-        {CKA_VALUE,        &value,      sizeof(value) },
-    };
-
-    rc = funcs->C_CreateObject(session, priv_tmpl, sizeof(priv_tmpl)/sizeof(CK_ATTRIBUTE), &privObject);
-    if (rc != CKR_OK) {
-        printf("error C_CreateObject: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    printf("Signing with ED25519 private object... \n");
-    CK_BYTE dataToBeSigned[] = "This is data to be signed";
-    CK_ULONG dataToBeSignedLen = sizeof(dataToBeSigned) - 1;
-    CK_BYTE signature[64]; // minimum 64 bytes in P-256 case
-    CK_ULONG signatureLen = sizeof(signature);
-
-    mech.mechanism      = CKM_IBM_ED25519_SHA512;
-    mech.ulParameterLen = 0;
-    mech.pParameter     = NULL;
-
-    rc = funcs->C_SignInit(session, &mech, privObject);
-    if (rc != CKR_OK) {
-       printf("error C_SignInit: rc=0x%04lx\n", rc );
-       funcs->C_Finalize( NULL );
-       return !CKR_OK;
-    }
-
-    rc = funcs->C_Sign(session, dataToBeSigned, dataToBeSignedLen, signature, &signatureLen);
-    if (rc != CKR_OK) {
-       printf("error C_Sign: rc=0x%04lx\n", rc );
-       funcs->C_Finalize( NULL );
-       return !CKR_OK;
-    }
-
-    printf("Verifying with ED25519 public object... \n");
-    rc = funcs->C_VerifyInit(session, &mech, pubObject);
-    if (rc != CKR_OK) {
-       printf("error C_VerifyInit: rc=0x%04lx\n", rc );
-       funcs->C_Finalize( NULL );
-       return !CKR_OK;
-    }
-
-    rc = funcs->C_Verify(session, dataToBeSigned, dataToBeSignedLen, signature, signatureLen);
-    if (rc != CKR_OK) {
-       printf("error C_Verify: rc=0x%04lx\n", rc );
-       funcs->C_Finalize( NULL );
-       return !CKR_OK;
-    }
-
-    printf("Logging out... \n");
-    rc = funcs->C_Logout(session);
-    if (rc != CKR_OK) {
-        printf("error C_Logout: rc=0x%04lx\n", rc );
-        funcs->C_Finalize( NULL );
-        return !CKR_OK;
-    }
-
-    printf("Closing the session... \n");
-    rc = funcs->C_CloseSession( session );
-    if (rc != CKR_OK) {
-        printf("error C_CloseSession: rc=0x%04lx\n", rc );
-        return !CKR_OK;
-    }
-
-    printf("Finalizing... \n");
-    rc = funcs->C_Finalize( NULL );
-    if (rc != CKR_OK) {
-        printf("error C_Finalize: rc=0x%04lx\n", rc );
-        return !CKR_OK;
-    }
-    printf("Sample completed successfully!\n");
-    return 0;
-}
diff --git a/hpcs-pkcs11/samples/pkcs11-slhdsa.c b/hpcs-pkcs11/samples/pkcs11-slhdsa.c
deleted file mode 100644
index cfcae5f62..000000000
--- a/hpcs-pkcs11/samples/pkcs11-slhdsa.c
+++ /dev/null
@@ -1,356 +0,0 @@
-/*
- * gcc -o pkcs11-eddsa pkcs11-eddsa.c -ldl
- *
- * Updates to be made within this source file:
- * Replace the text <so-user-api-key> with the SO user's PIN.
- * Replace the text <normal-user-api-key> with the normal user's PIN.
- * Replace the text <pkcs11-library> with name of your pkcs11 library.
- *
- * Ensure that your pkcs11 library is in your library path (LD_LIBRARY_PATH)
- * and the grep11client.yaml PKCS11 configuration file is in the /etc/ep11client directory. You may
- * need to create the /etc/ep11client directory, if it does not exist.
- *
- * NOTE: This sample code is expecting a default library name of pkcs11-grep11.so (See the pkcs11LibName variable).
- * Feel free to change the name to match your pkcs11 library name.
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <memory.h>
-#include <dlfcn.h>
-#include <sys/timeb.h>
-#include "sample.h"
-
-// eddsa
-/* #define CKM_KEY_PAIR_GEN	(0x1055UL) */
-/* #define CKM_SIGN			(0x1057UL) */
-
-// New definitions, slh-dsa
-#define CKM_KEY_PAIR_GEN	(0x80010003UL)
-#define CKM_SIGN			(0x80010006UL)
-#define CKA_PARAMS (0x80000030UL)
-
-CK_FUNCTION_LIST  *funcs;
-CK_BYTE           tokenNameBuf[32];
-const char        tokenName[] = "meulabel";
-
-#define DUMP_HEXA(A, B)   \
-          do {  \
-            printf("%s[%d]: \n", (char *) #A, (int) B); \
-            dump_hexa((const void*) A, (size_t) B);  \
-          } while(0) 
-
-void dump_hexa(const void* data, size_t size) {
-  char ascii[17];
-  size_t i, j;
-  ascii[16] = '\0';
-  for (i = 0; i < size; ++i) {
-    printf("%02X ", ((unsigned char*)data)[i]);
-    if (((unsigned char*)data)[i] >= ' ' && ((unsigned char*)data)[i] <= '~') {
-      ascii[i % 16] = ((unsigned char*)data)[i];
-    } else {
-      ascii[i % 16] = '.';
-    }
-    if ((i+1) % 8 == 0 || i+1 == size) {
-      printf(" ");
-      if ((i+1) % 16 == 0) {
-        printf("|  %s \n", ascii);
-      } else if (i+1 == size) {
-        ascii[(i+1) % 16] = '\0';
-        if ((i+1) % 16 <= 8) {
-          printf(" ");
-        }
-        for (j = (i+1) % 16; j < 16; ++j) {
-          printf("   ");
-        }
-        printf("|  %s \n", ascii);
-      }
-    }
-  }
-}
-
-long get_file_size(char *fname) {
-    FILE *f = fopen(fname, "r");
-    if (!f) return -1;
-    fseek(f, 0, SEEK_END);
-    long size = ftell(f);
-    fclose(f);
-    return size;
-}
-
-int main( int argc, char **argv )
-{
-  CK_C_INITIALIZE_ARGS   initArgs;
-  CK_RV                  rc;
-  CK_FLAGS               flags = 0;
-  CK_SESSION_HANDLE      session;
-  CK_MECHANISM           mech;
-  CK_OBJECT_HANDLE       publicKey, privateKey;
-  static CK_BBOOL        isTrue = TRUE;
-  static CK_BBOOL        isFalse = FALSE;
-  CK_BYTE id[] = {123};
-  CK_UTF8CHAR_PTR keyLabel = (unsigned char *) "pqlabel";
-
-  CK_RV                  (*pFunc)();
-  void                   *pkcs11Lib;
-  CK_UTF8CHAR_PTR        soPin = (unsigned char *) "0000";
-  CK_UTF8CHAR_PTR        userPin = (unsigned char *) "0000";
-  char                   pkcs11LibName[] = "libsofthsm2.so";
-  
-  if (argc != 2) {
-      printf("Usage: %s <file_to_sign>\n", argv[0]);
-      return -1;
-  }
-  
-  char* file_to_sign = argv[1];
-
-  printf("Opening the PKCS11 library...\n");
-  pkcs11Lib = dlopen(pkcs11LibName, RTLD_LAZY);
-  if ( pkcs11Lib == NULL ) {
-    printf("%s not found. Ensure that the PKCS11 library is in the system library path or LD_LIBRARY_PATH\n", pkcs11LibName);
-    return !CKR_OK;
-  }
-
-  printf("Getting the PKCS11 function list...\n");
-  pFunc = (CK_RV (*)())dlsym(pkcs11Lib, "C_GetFunctionList");
-  if (pFunc == NULL ) {
-    printf("C_GetFunctionList() not found in module %s\n", pkcs11LibName);
-    return !CKR_OK;
-  }
-  rc = pFunc(&funcs);
-  if (rc != CKR_OK) {
-    printf("error C_GetFunctionList: rc=0x%04lx\n", rc );
-    return !CKR_OK;
-  }
-
-  printf("Initializing the PKCS11 environment...\n");
-  memset( &initArgs, 0x0, sizeof(initArgs) );
-  rc = funcs->C_Initialize( &initArgs );
-  if (rc != CKR_OK) {
-    printf("error C_Initialize: rc=0x%04lx\n", rc );
-    return !CKR_OK;
-  }
-  
-  CK_SLOT_ID available_slots[10];
-  CK_ULONG num_slots = 10;
-
-  rc = funcs->C_GetSlotList(1, available_slots, &num_slots);
-  if (rc != CKR_OK) {
-    printf("Failed to get the available slots: rc=0x%04lx\n", rc);
-    return 0;
-  }
-  
-  printf("Available slots: 0x%04lx %ld\n", available_slots[0], num_slots);
-  
-  /* printf("Initializing the token... \n"); */
-  /* memset(tokenNameBuf, ' ', sizeof(tokenNameBuf));  */
-  /* memcpy(tokenNameBuf, tokenName, strlen(tokenName)); */
-  /**/
-  /* rc= funcs->C_InitToken(available_slots[0], soPin, strlen((const char *) soPin), tokenNameBuf); */
-  /* if (rc != CKR_OK) { */
-  /*   printf("error C_InitToken: rc=0x%04lx\n", rc ); */
-  /*   funcs->C_Finalize( NULL ); */
-  /*   return !CKR_OK; */
-  /* } */
-
-  flags = CKF_SERIAL_SESSION | CKF_RW_SESSION;
-  printf("Opening a session... \n");
-  rc = funcs->C_OpenSession( available_slots[0], flags, (CK_VOID_PTR) NULL, NULL, &session );
-  if (rc != CKR_OK) {
-    printf("error C_OpenSession: rc=0x%04lx\n", rc );
-    funcs->C_Finalize( NULL );
-    return !CKR_OK;
-  }
-  
-  printf("Logging in as SO... \n");
-  rc = funcs->C_Login( session, CKU_SO, soPin, strlen((const char *) soPin));
-  if (rc != CKR_OK) {
-    printf("error C_Login: rc=0x%04lx\n", rc );
-    funcs->C_Finalize( NULL );
-    return !CKR_OK;
-  }
-  
-  printf("Initing normal user pin... \n");
-  rc = funcs->C_InitPIN( session, userPin, strlen((const char *) userPin));
-  if (rc != CKR_OK) {
-    printf("error C_InitPin: rc=0x%04lx\n", rc );
-    funcs->C_Finalize( NULL );
-    return !CKR_OK;
-  }
-  
-  rc = funcs->C_Logout(session);
-  if (rc != CKR_OK) {
-    printf("error C_Logout: rc=0x%04lx\n", rc );
-    funcs->C_Finalize( NULL );
-    return !CKR_OK;
-  }
-
-  printf("Logging in as normal user... \n");
-  rc = funcs->C_Login( session, CKU_USER, userPin, strlen((const char *) userPin));
-  if (rc != CKR_OK) {
-    printf("error C_Login: rc=0x%04lx\n", rc );
-    funcs->C_Finalize( NULL );
-    return !CKR_OK;
-  }
-
-  // Use SLH-DSA-SHA2-128s key to sign & verify
-  printf("Generating SLH-DSA key pair... \n");
-  
-  CK_OBJECT_CLASS keyClass = CKO_PRIVATE_KEY;
-
-  CK_BYTE SLH_DSA_PARAMS[] = "SLH-DSA-SHA2-128s";
-  /* CK_BYTE SLH_DSA_PARAMS[] = "SLH-DSA-SHAKE-128s"; */
-  //--------------------
-  /* CK_BYTE SLH_DSA_PARAMS[] = "SLH-DSA-SHA2-128f"; */
-  /* CK_BYTE SLH_DSA_PARAMS[] = "SLH-DSA-SHAKE-128f"; */
-  //--------------------------------------------------
-  /* CK_BYTE SLH_DSA_PARAMS[] = "SLH-DSA-SHA2-192s"; */
-  /* CK_BYTE SLH_DSA_PARAMS[] = "SLH-DSA-SHAKE-192s"; */
-  //--------------------
-  /* CK_BYTE SLH_DSA_PARAMS[] = "SLH-DSA-SHA2-192f"; */
-  /* CK_BYTE SLH_DSA_PARAMS[] = "SLH-DSA-SHAKE-192f"; */
-  //--------------------------------------------------
-  /* CK_BYTE SLH_DSA_PARAMS[] = "SLH-DSA-SHA2-256s"; */
-  /* CK_BYTE SLH_DSA_PARAMS[] = "SLH-DSA-SHAKE-256s"; */
-  //--------------------
-  /* CK_BYTE SLH_DSA_PARAMS[] = "SLH-DSA-SHA2-256f"; */
-  /* CK_BYTE SLH_DSA_PARAMS[] = "SLH-DSA-SHAKE-256f"; */
-  
-/* Public key template */
-CK_ATTRIBUTE pub_tmpl[] = {
-    { CKA_TOKEN,     &isTrue,  sizeof(isTrue) },
-    { CKA_VERIFY,    &isTrue,  sizeof(isTrue) },
-    { CKA_LABEL,     keyLabel, (CK_ULONG)strlen((char*)keyLabel) },
-    { CKA_ID,        id,       (CK_ULONG)sizeof(id) },
-    { CKA_PARAMS, (CK_VOID_PTR)SLH_DSA_PARAMS,
-                     (CK_ULONG)sizeof(SLH_DSA_PARAMS) }
-};
-
-/* Private key template */
-CK_ATTRIBUTE priv_tmpl[] = {
-    { CKA_TOKEN,   &isTrue,  sizeof(isTrue) },
-    { CKA_SIGN,    &isTrue,  sizeof(isTrue) },
-    { CKA_LABEL,   keyLabel, (CK_ULONG)strlen((char*)keyLabel) },
-    { CKA_ID,      id,       (CK_ULONG)sizeof(id) }
-};
-  
-  mech.mechanism      = CKM_KEY_PAIR_GEN;
-  mech.ulParameterLen = 0;
-  mech.pParameter     = NULL;
-
-  rc = funcs->C_GenerateKeyPair( session,    &mech,
-                 pub_tmpl,   sizeof(pub_tmpl)/sizeof(CK_ATTRIBUTE),
-                 priv_tmpl,  sizeof(priv_tmpl)/sizeof(CK_ATTRIBUTE),
-                 &publicKey, &privateKey );
-  if (rc != CKR_OK) {
-    printf("error C_GenerateKeyPair: rc=0x%04lx\n", rc );
-    funcs->C_Finalize( NULL );
-    return !CKR_OK;
-  }
-  
-  long file_size = get_file_size(file_to_sign);
-  if (file_size == -1) {
-      printf("Error: Could not open or read file %s\n", file_to_sign);
-      funcs->C_Finalize( NULL );
-      return !CKR_OK;
-  }
-  
-  CK_BYTE* dataToBeSigned = (CK_BYTE*) malloc(file_size);
-  if (!dataToBeSigned) {
-      printf("Error: Memory allocation failed.\n");
-      funcs->C_Finalize( NULL );
-      return !CKR_OK;
-  }
-  
-  FILE* fp = fopen(file_to_sign, "rb");
-  if (!fp) {
-      printf("Error: Could not open file %s for reading.\n", file_to_sign);
-      free(dataToBeSigned);
-      funcs->C_Finalize( NULL );
-      return !CKR_OK;
-  }
-  fread(dataToBeSigned, 1, file_size, fp);
-  fclose(fp);
-  
-  CK_ULONG dataToBeSignedLen = file_size;
-  CK_BYTE signature[7856];
-  /* CK_BYTE signature[17088]; */
-  /* CK_BYTE signature[16224]; */
-  /* CK_BYTE signature[35664]; */
-  /* CK_BYTE signature[29792]; */
-  /* CK_BYTE signature[49856]; */
-  CK_ULONG signatureLen = sizeof(signature);
-
-  printf("Signing the data from %s with SLH-DSA-SHA2-128s private key... \n", file_to_sign);
-  mech.mechanism      = CKM_SIGN;
-  mech.ulParameterLen = 0;
-  mech.pParameter     = NULL;
-
-  rc = funcs->C_SignInit(session, &mech, privateKey);
-  if (rc != CKR_OK) {
-    printf("error C_SignInit: rc=0x%04lx\n", rc );
-    free(dataToBeSigned);
-    funcs->C_Finalize( NULL );
-    return !CKR_OK;
-  }
-
-  rc = funcs->C_Sign(session, dataToBeSigned, dataToBeSignedLen, signature, &signatureLen);
-  if (rc != CKR_OK) {
-    printf("error C_Sign: rc=0x%04lx\n", rc );
-    free(dataToBeSigned);
-    funcs->C_Finalize( NULL );
-    return !CKR_OK;
-  }
-  
-  DUMP_HEXA(signature, signatureLen);
-
-  printf("Verifying the data with SLH-DSA-SHA2-128s public key... \n");
-  rc = funcs->C_VerifyInit(session, &mech, publicKey);
-  if (rc != CKR_OK) {
-    printf("error C_VerifyInit: rc=0x%04lx\n", rc );
-    free(dataToBeSigned);
-    funcs->C_Finalize( NULL );
-    return !CKR_OK;
-  }
-  
-  rc = funcs->C_Verify(session, dataToBeSigned, dataToBeSignedLen, signature, signatureLen);
-  if (rc != CKR_OK) {
-    printf("error C_Verify: rc=0x%04lx\n", rc );
-    free(dataToBeSigned);
-    funcs->C_Finalize( NULL );
-    return !CKR_OK;
-  }
-  
-  printf("Signature is valid!\n");
-
-  printf("Logging out... \n");
-  rc = funcs->C_Logout(session);
-  if (rc != CKR_OK) {
-    printf("error C_Logout: rc=0x%04lx\n", rc );
-    free(dataToBeSigned);
-    funcs->C_Finalize( NULL );
-    return !CKR_OK;
-  }
-
-  printf("Closing the session... \n");
-  rc = funcs->C_CloseSession( session );
-  if (rc != CKR_OK) {
-    printf("error C_CloseSession: rc=0x%04lx\n", rc );
-    free(dataToBeSigned);
-    return !CKR_OK;
-  }
-
-  printf("Finalizing... \n");
-  rc = funcs->C_Finalize( NULL );
-  if (rc != CKR_OK) {
-    printf("error C_Finalize: rc=0x%04lx\n", rc );
-    free(dataToBeSigned);
-    return !CKR_OK;
-  }
-  
-  free(dataToBeSigned);
-  printf("Sample completed successfully!\n");
-  return 0;
-}
diff --git a/hpcs-pkcs11/samples/pkcs11.h b/hpcs-pkcs11/samples/pkcs11.h
deleted file mode 100644
index 0d78dd711..000000000
--- a/hpcs-pkcs11/samples/pkcs11.h
+++ /dev/null
@@ -1,265 +0,0 @@
-/* Copyright (c) OASIS Open 2016. All Rights Reserved./
- * /Distributed under the terms of the OASIS IPR Policy,
- * [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT ANY
- * IMPLIED OR EXPRESS WARRANTY; there is no warranty of MERCHANTABILITY, FITNESS FOR A
- * PARTICULAR PURPOSE or NONINFRINGEMENT of the rights of others.
- */
-        
-/* Latest version of the specification:
- * http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html
- */
-
-#ifndef _PKCS11_H_
-#define _PKCS11_H_ 1
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Before including this file (pkcs11.h) (or pkcs11t.h by
- * itself), 5 platform-specific macros must be defined.  These
- * macros are described below, and typical definitions for them
- * are also given.  Be advised that these definitions can depend
- * on both the platform and the compiler used (and possibly also
- * on whether a Cryptoki library is linked statically or
- * dynamically).
- *
- * In addition to defining these 5 macros, the packing convention
- * for Cryptoki structures should be set.  The Cryptoki
- * convention on packing is that structures should be 1-byte
- * aligned.
- *
- * If you're using Microsoft Developer Studio 5.0 to produce
- * Win32 stuff, this might be done by using the following
- * preprocessor directive before including pkcs11.h or pkcs11t.h:
- *
- * #pragma pack(push, cryptoki, 1)
- *
- * and using the following preprocessor directive after including
- * pkcs11.h or pkcs11t.h:
- *
- * #pragma pack(pop, cryptoki)
- *
- * If you're using an earlier version of Microsoft Developer
- * Studio to produce Win16 stuff, this might be done by using
- * the following preprocessor directive before including
- * pkcs11.h or pkcs11t.h:
- *
- * #pragma pack(1)
- *
- * In a UNIX environment, you're on your own for this.  You might
- * not need to do (or be able to do!) anything.
- *
- *
- * Now for the macros:
- *
- *
- * 1. CK_PTR: The indirection string for making a pointer to an
- * object.  It can be used like this:
- *
- * typedef CK_BYTE CK_PTR CK_BYTE_PTR;
- *
- * If you're using Microsoft Developer Studio 5.0 to produce
- * Win32 stuff, it might be defined by:
- *
- * #define CK_PTR *
- *
- * If you're using an earlier version of Microsoft Developer
- * Studio to produce Win16 stuff, it might be defined by:
- *
- * #define CK_PTR far *
- *
- * In a typical UNIX environment, it might be defined by:
- *
- * #define CK_PTR *
- *
- *
- * 2. CK_DECLARE_FUNCTION(returnType, name): A macro which makes
- * an importable Cryptoki library function declaration out of a
- * return type and a function name.  It should be used in the
- * following fashion:
- *
- * extern CK_DECLARE_FUNCTION(CK_RV, C_Initialize)(
- *   CK_VOID_PTR pReserved
- * );
- *
- * If you're using Microsoft Developer Studio 5.0 to declare a
- * function in a Win32 Cryptoki .dll, it might be defined by:
- *
- * #define CK_DECLARE_FUNCTION(returnType, name) \
- *   returnType __declspec(dllimport) name
- *
- * If you're using an earlier version of Microsoft Developer
- * Studio to declare a function in a Win16 Cryptoki .dll, it
- * might be defined by:
- *
- * #define CK_DECLARE_FUNCTION(returnType, name) \
- *   returnType __export _far _pascal name
- *
- * In a UNIX environment, it might be defined by:
- *
- * #define CK_DECLARE_FUNCTION(returnType, name) \
- *   returnType name
- *
- *
- * 3. CK_DECLARE_FUNCTION_POINTER(returnType, name): A macro
- * which makes a Cryptoki API function pointer declaration or
- * function pointer type declaration out of a return type and a
- * function name.  It should be used in the following fashion:
- *
- * // Define funcPtr to be a pointer to a Cryptoki API function
- * // taking arguments args and returning CK_RV.
- * CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtr)(args);
- *
- * or
- *
- * // Define funcPtrType to be the type of a pointer to a
- * // Cryptoki API function taking arguments args and returning
- * // CK_RV, and then define funcPtr to be a variable of type
- * // funcPtrType.
- * typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtrType)(args);
- * funcPtrType funcPtr;
- *
- * If you're using Microsoft Developer Studio 5.0 to access
- * functions in a Win32 Cryptoki .dll, in might be defined by:
- *
- * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
- *   returnType __declspec(dllimport) (* name)
- *
- * If you're using an earlier version of Microsoft Developer
- * Studio to access functions in a Win16 Cryptoki .dll, it might
- * be defined by:
- *
- * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
- *   returnType __export _far _pascal (* name)
- *
- * In a UNIX environment, it might be defined by:
- *
- * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
- *   returnType (* name)
- *
- *
- * 4. CK_CALLBACK_FUNCTION(returnType, name): A macro which makes
- * a function pointer type for an application callback out of
- * a return type for the callback and a name for the callback.
- * It should be used in the following fashion:
- *
- * CK_CALLBACK_FUNCTION(CK_RV, myCallback)(args);
- *
- * to declare a function pointer, myCallback, to a callback
- * which takes arguments args and returns a CK_RV.  It can also
- * be used like this:
- *
- * typedef CK_CALLBACK_FUNCTION(CK_RV, myCallbackType)(args);
- * myCallbackType myCallback;
- *
- * If you're using Microsoft Developer Studio 5.0 to do Win32
- * Cryptoki development, it might be defined by:
- *
- * #define CK_CALLBACK_FUNCTION(returnType, name) \
- *   returnType (* name)
- *
- * If you're using an earlier version of Microsoft Developer
- * Studio to do Win16 development, it might be defined by:
- *
- * #define CK_CALLBACK_FUNCTION(returnType, name) \
- *   returnType _far _pascal (* name)
- *
- * In a UNIX environment, it might be defined by:
- *
- * #define CK_CALLBACK_FUNCTION(returnType, name) \
- *   returnType (* name)
- *
- *
- * 5. NULL_PTR: This macro is the value of a NULL pointer.
- *
- * In any ANSI/ISO C environment (and in many others as well),
- * this should best be defined by
- *
- * #ifndef NULL_PTR
- * #define NULL_PTR 0
- * #endif
- */
-
-
-/* All the various Cryptoki types and #define'd values are in the
- * file pkcs11t.h.
- */
-#include "pkcs11t.h"
-
-#define __PASTE(x,y)      x##y
-
-
-/* ==============================================================
- * Define the "extern" form of all the entry points.
- * ==============================================================
- */
-
-#define CK_NEED_ARG_LIST  1
-#define CK_PKCS11_FUNCTION_INFO(name) \
-  extern CK_DECLARE_FUNCTION(CK_RV, name)
-
-/* pkcs11f.h has all the information about the Cryptoki
- * function prototypes.
- */
-#include "pkcs11f.h"
-
-#undef CK_NEED_ARG_LIST
-#undef CK_PKCS11_FUNCTION_INFO
-
-
-/* ==============================================================
- * Define the typedef form of all the entry points.  That is, for
- * each Cryptoki function C_XXX, define a type CK_C_XXX which is
- * a pointer to that kind of function.
- * ==============================================================
- */
-
-#define CK_NEED_ARG_LIST  1
-#define CK_PKCS11_FUNCTION_INFO(name) \
-  typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, __PASTE(CK_,name))
-
-/* pkcs11f.h has all the information about the Cryptoki
- * function prototypes.
- */
-#include "pkcs11f.h"
-
-#undef CK_NEED_ARG_LIST
-#undef CK_PKCS11_FUNCTION_INFO
-
-
-/* ==============================================================
- * Define structed vector of entry points.  A CK_FUNCTION_LIST
- * contains a CK_VERSION indicating a library's Cryptoki version
- * and then a whole slew of function pointers to the routines in
- * the library.  This type was declared, but not defined, in
- * pkcs11t.h.
- * ==============================================================
- */
-
-#define CK_PKCS11_FUNCTION_INFO(name) \
-  __PASTE(CK_,name) name;
-
-struct CK_FUNCTION_LIST {
-
-  CK_VERSION    version;  /* Cryptoki version */
-
-/* Pile all the function pointers into the CK_FUNCTION_LIST. */
-/* pkcs11f.h has all the information about the Cryptoki
- * function prototypes.
- */
-#include "pkcs11f.h"
-
-};
-
-#undef CK_PKCS11_FUNCTION_INFO
-
-
-#undef __PASTE
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _PKCS11_H_ */
-
diff --git a/hpcs-pkcs11/samples/pkcs11f.h b/hpcs-pkcs11/samples/pkcs11f.h
deleted file mode 100644
index ed90affc5..000000000
--- a/hpcs-pkcs11/samples/pkcs11f.h
+++ /dev/null
@@ -1,939 +0,0 @@
-/* Copyright (c) OASIS Open 2016. All Rights Reserved./
- * /Distributed under the terms of the OASIS IPR Policy,
- * [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT ANY
- * IMPLIED OR EXPRESS WARRANTY; there is no warranty of MERCHANTABILITY, FITNESS FOR A
- * PARTICULAR PURPOSE or NONINFRINGEMENT of the rights of others.
- */
-        
-/* Latest version of the specification:
- * http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html
- */
-
-/* This header file contains pretty much everything about all the
- * Cryptoki function prototypes.  Because this information is
- * used for more than just declaring function prototypes, the
- * order of the functions appearing herein is important, and
- * should not be altered.
- */
-
-/* General-purpose */
-
-/* C_Initialize initializes the Cryptoki library. */
-CK_PKCS11_FUNCTION_INFO(C_Initialize)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_VOID_PTR   pInitArgs  /* if this is not NULL_PTR, it gets
-                            * cast to CK_C_INITIALIZE_ARGS_PTR
-                            * and dereferenced
-                            */
-);
-#endif
-
-
-/* C_Finalize indicates that an application is done with the
- * Cryptoki library.
- */
-CK_PKCS11_FUNCTION_INFO(C_Finalize)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_VOID_PTR   pReserved  /* reserved.  Should be NULL_PTR */
-);
-#endif
-
-
-/* C_GetInfo returns general information about Cryptoki. */
-CK_PKCS11_FUNCTION_INFO(C_GetInfo)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_INFO_PTR   pInfo  /* location that receives information */
-);
-#endif
-
-
-/* C_GetFunctionList returns the function list. */
-CK_PKCS11_FUNCTION_INFO(C_GetFunctionList)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_FUNCTION_LIST_PTR_PTR ppFunctionList  /* receives pointer to
-                                            * function list
-                                            */
-);
-#endif
-
-
-
-/* Slot and token management */
-
-/* C_GetSlotList obtains a list of slots in the system. */
-CK_PKCS11_FUNCTION_INFO(C_GetSlotList)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_BBOOL       tokenPresent,  /* only slots with tokens */
-  CK_SLOT_ID_PTR pSlotList,     /* receives array of slot IDs */
-  CK_ULONG_PTR   pulCount       /* receives number of slots */
-);
-#endif
-
-
-/* C_GetSlotInfo obtains information about a particular slot in
- * the system.
- */
-CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SLOT_ID       slotID,  /* the ID of the slot */
-  CK_SLOT_INFO_PTR pInfo    /* receives the slot information */
-);
-#endif
-
-
-/* C_GetTokenInfo obtains information about a particular token
- * in the system.
- */
-CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SLOT_ID        slotID,  /* ID of the token's slot */
-  CK_TOKEN_INFO_PTR pInfo    /* receives the token information */
-);
-#endif
-
-
-/* C_GetMechanismList obtains a list of mechanism types
- * supported by a token.
- */
-CK_PKCS11_FUNCTION_INFO(C_GetMechanismList)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SLOT_ID            slotID,          /* ID of token's slot */
-  CK_MECHANISM_TYPE_PTR pMechanismList,  /* gets mech. array */
-  CK_ULONG_PTR          pulCount         /* gets # of mechs. */
-);
-#endif
-
-
-/* C_GetMechanismInfo obtains information about a particular
- * mechanism possibly supported by a token.
- */
-CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SLOT_ID            slotID,  /* ID of the token's slot */
-  CK_MECHANISM_TYPE     type,    /* type of mechanism */
-  CK_MECHANISM_INFO_PTR pInfo    /* receives mechanism info */
-);
-#endif
-
-
-/* C_InitToken initializes a token. */
-CK_PKCS11_FUNCTION_INFO(C_InitToken)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SLOT_ID      slotID,    /* ID of the token's slot */
-  CK_UTF8CHAR_PTR pPin,      /* the SO's initial PIN */
-  CK_ULONG        ulPinLen,  /* length in bytes of the PIN */
-  CK_UTF8CHAR_PTR pLabel     /* 32-byte token label (blank padded) */
-);
-#endif
-
-
-/* C_InitPIN initializes the normal user's PIN. */
-CK_PKCS11_FUNCTION_INFO(C_InitPIN)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_UTF8CHAR_PTR   pPin,      /* the normal user's PIN */
-  CK_ULONG          ulPinLen   /* length in bytes of the PIN */
-);
-#endif
-
-
-/* C_SetPIN modifies the PIN of the user who is logged in. */
-CK_PKCS11_FUNCTION_INFO(C_SetPIN)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_UTF8CHAR_PTR   pOldPin,   /* the old PIN */
-  CK_ULONG          ulOldLen,  /* length of the old PIN */
-  CK_UTF8CHAR_PTR   pNewPin,   /* the new PIN */
-  CK_ULONG          ulNewLen   /* length of the new PIN */
-);
-#endif
-
-
-
-/* Session management */
-
-/* C_OpenSession opens a session between an application and a
- * token.
- */
-CK_PKCS11_FUNCTION_INFO(C_OpenSession)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SLOT_ID            slotID,        /* the slot's ID */
-  CK_FLAGS              flags,         /* from CK_SESSION_INFO */
-  CK_VOID_PTR           pApplication,  /* passed to callback */
-  CK_NOTIFY             Notify,        /* callback function */
-  CK_SESSION_HANDLE_PTR phSession      /* gets session handle */
-);
-#endif
-
-
-/* C_CloseSession closes a session between an application and a
- * token.
- */
-CK_PKCS11_FUNCTION_INFO(C_CloseSession)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession  /* the session's handle */
-);
-#endif
-
-
-/* C_CloseAllSessions closes all sessions with a token. */
-CK_PKCS11_FUNCTION_INFO(C_CloseAllSessions)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SLOT_ID     slotID  /* the token's slot */
-);
-#endif
-
-
-/* C_GetSessionInfo obtains information about the session. */
-CK_PKCS11_FUNCTION_INFO(C_GetSessionInfo)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE   hSession,  /* the session's handle */
-  CK_SESSION_INFO_PTR pInfo      /* receives session info */
-);
-#endif
-
-
-/* C_GetOperationState obtains the state of the cryptographic operation
- * in a session.
- */
-CK_PKCS11_FUNCTION_INFO(C_GetOperationState)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,             /* session's handle */
-  CK_BYTE_PTR       pOperationState,      /* gets state */
-  CK_ULONG_PTR      pulOperationStateLen  /* gets state length */
-);
-#endif
-
-
-/* C_SetOperationState restores the state of the cryptographic
- * operation in a session.
- */
-CK_PKCS11_FUNCTION_INFO(C_SetOperationState)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,            /* session's handle */
-  CK_BYTE_PTR      pOperationState,      /* holds state */
-  CK_ULONG         ulOperationStateLen,  /* holds state length */
-  CK_OBJECT_HANDLE hEncryptionKey,       /* en/decryption key */
-  CK_OBJECT_HANDLE hAuthenticationKey    /* sign/verify key */
-);
-#endif
-
-
-/* C_Login logs a user into a token. */
-CK_PKCS11_FUNCTION_INFO(C_Login)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_USER_TYPE      userType,  /* the user type */
-  CK_UTF8CHAR_PTR   pPin,      /* the user's PIN */
-  CK_ULONG          ulPinLen   /* the length of the PIN */
-);
-#endif
-
-
-/* C_Logout logs a user out from a token. */
-CK_PKCS11_FUNCTION_INFO(C_Logout)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession  /* the session's handle */
-);
-#endif
-
-
-
-/* Object management */
-
-/* C_CreateObject creates a new object. */
-CK_PKCS11_FUNCTION_INFO(C_CreateObject)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,    /* the session's handle */
-  CK_ATTRIBUTE_PTR  pTemplate,   /* the object's template */
-  CK_ULONG          ulCount,     /* attributes in template */
-  CK_OBJECT_HANDLE_PTR phObject  /* gets new object's handle. */
-);
-#endif
-
-
-/* C_CopyObject copies an object, creating a new object for the
- * copy.
- */
-CK_PKCS11_FUNCTION_INFO(C_CopyObject)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE    hSession,    /* the session's handle */
-  CK_OBJECT_HANDLE     hObject,     /* the object's handle */
-  CK_ATTRIBUTE_PTR     pTemplate,   /* template for new object */
-  CK_ULONG             ulCount,     /* attributes in template */
-  CK_OBJECT_HANDLE_PTR phNewObject  /* receives handle of copy */
-);
-#endif
-
-
-/* C_DestroyObject destroys an object. */
-CK_PKCS11_FUNCTION_INFO(C_DestroyObject)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_OBJECT_HANDLE  hObject    /* the object's handle */
-);
-#endif
-
-
-/* C_GetObjectSize gets the size of an object in bytes. */
-CK_PKCS11_FUNCTION_INFO(C_GetObjectSize)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_OBJECT_HANDLE  hObject,   /* the object's handle */
-  CK_ULONG_PTR      pulSize    /* receives size of object */
-);
-#endif
-
-
-/* C_GetAttributeValue obtains the value of one or more object
- * attributes.
- */
-CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,   /* the session's handle */
-  CK_OBJECT_HANDLE  hObject,    /* the object's handle */
-  CK_ATTRIBUTE_PTR  pTemplate,  /* specifies attrs; gets vals */
-  CK_ULONG          ulCount     /* attributes in template */
-);
-#endif
-
-
-/* C_SetAttributeValue modifies the value of one or more object
- * attributes.
- */
-CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,   /* the session's handle */
-  CK_OBJECT_HANDLE  hObject,    /* the object's handle */
-  CK_ATTRIBUTE_PTR  pTemplate,  /* specifies attrs and values */
-  CK_ULONG          ulCount     /* attributes in template */
-);
-#endif
-
-
-/* C_FindObjectsInit initializes a search for token and session
- * objects that match a template.
- */
-CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,   /* the session's handle */
-  CK_ATTRIBUTE_PTR  pTemplate,  /* attribute values to match */
-  CK_ULONG          ulCount     /* attrs in search template */
-);
-#endif
-
-
-/* C_FindObjects continues a search for token and session
- * objects that match a template, obtaining additional object
- * handles.
- */
-CK_PKCS11_FUNCTION_INFO(C_FindObjects)
-#ifdef CK_NEED_ARG_LIST
-(
- CK_SESSION_HANDLE    hSession,          /* session's handle */
- CK_OBJECT_HANDLE_PTR phObject,          /* gets obj. handles */
- CK_ULONG             ulMaxObjectCount,  /* max handles to get */
- CK_ULONG_PTR         pulObjectCount     /* actual # returned */
-);
-#endif
-
-
-/* C_FindObjectsFinal finishes a search for token and session
- * objects.
- */
-CK_PKCS11_FUNCTION_INFO(C_FindObjectsFinal)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession  /* the session's handle */
-);
-#endif
-
-
-
-/* Encryption and decryption */
-
-/* C_EncryptInit initializes an encryption operation. */
-CK_PKCS11_FUNCTION_INFO(C_EncryptInit)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,    /* the session's handle */
-  CK_MECHANISM_PTR  pMechanism,  /* the encryption mechanism */
-  CK_OBJECT_HANDLE  hKey         /* handle of encryption key */
-);
-#endif
-
-
-/* C_Encrypt encrypts single-part data. */
-CK_PKCS11_FUNCTION_INFO(C_Encrypt)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,            /* session's handle */
-  CK_BYTE_PTR       pData,               /* the plaintext data */
-  CK_ULONG          ulDataLen,           /* bytes of plaintext */
-  CK_BYTE_PTR       pEncryptedData,      /* gets ciphertext */
-  CK_ULONG_PTR      pulEncryptedDataLen  /* gets c-text size */
-);
-#endif
-
-
-/* C_EncryptUpdate continues a multiple-part encryption
- * operation.
- */
-CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,           /* session's handle */
-  CK_BYTE_PTR       pPart,              /* the plaintext data */
-  CK_ULONG          ulPartLen,          /* plaintext data len */
-  CK_BYTE_PTR       pEncryptedPart,     /* gets ciphertext */
-  CK_ULONG_PTR      pulEncryptedPartLen /* gets c-text size */
-);
-#endif
-
-
-/* C_EncryptFinal finishes a multiple-part encryption
- * operation.
- */
-CK_PKCS11_FUNCTION_INFO(C_EncryptFinal)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,                /* session handle */
-  CK_BYTE_PTR       pLastEncryptedPart,      /* last c-text */
-  CK_ULONG_PTR      pulLastEncryptedPartLen  /* gets last size */
-);
-#endif
-
-
-/* C_DecryptInit initializes a decryption operation. */
-CK_PKCS11_FUNCTION_INFO(C_DecryptInit)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,    /* the session's handle */
-  CK_MECHANISM_PTR  pMechanism,  /* the decryption mechanism */
-  CK_OBJECT_HANDLE  hKey         /* handle of decryption key */
-);
-#endif
-
-
-/* C_Decrypt decrypts encrypted data in a single part. */
-CK_PKCS11_FUNCTION_INFO(C_Decrypt)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,           /* session's handle */
-  CK_BYTE_PTR       pEncryptedData,     /* ciphertext */
-  CK_ULONG          ulEncryptedDataLen, /* ciphertext length */
-  CK_BYTE_PTR       pData,              /* gets plaintext */
-  CK_ULONG_PTR      pulDataLen          /* gets p-text size */
-);
-#endif
-
-
-/* C_DecryptUpdate continues a multiple-part decryption
- * operation.
- */
-CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,            /* session's handle */
-  CK_BYTE_PTR       pEncryptedPart,      /* encrypted data */
-  CK_ULONG          ulEncryptedPartLen,  /* input length */
-  CK_BYTE_PTR       pPart,               /* gets plaintext */
-  CK_ULONG_PTR      pulPartLen           /* p-text size */
-);
-#endif
-
-
-/* C_DecryptFinal finishes a multiple-part decryption
- * operation.
- */
-CK_PKCS11_FUNCTION_INFO(C_DecryptFinal)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,       /* the session's handle */
-  CK_BYTE_PTR       pLastPart,      /* gets plaintext */
-  CK_ULONG_PTR      pulLastPartLen  /* p-text size */
-);
-#endif
-
-
-
-/* Message digesting */
-
-/* C_DigestInit initializes a message-digesting operation. */
-CK_PKCS11_FUNCTION_INFO(C_DigestInit)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,   /* the session's handle */
-  CK_MECHANISM_PTR  pMechanism  /* the digesting mechanism */
-);
-#endif
-
-
-/* C_Digest digests data in a single part. */
-CK_PKCS11_FUNCTION_INFO(C_Digest)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,     /* the session's handle */
-  CK_BYTE_PTR       pData,        /* data to be digested */
-  CK_ULONG          ulDataLen,    /* bytes of data to digest */
-  CK_BYTE_PTR       pDigest,      /* gets the message digest */
-  CK_ULONG_PTR      pulDigestLen  /* gets digest length */
-);
-#endif
-
-
-/* C_DigestUpdate continues a multiple-part message-digesting
- * operation.
- */
-CK_PKCS11_FUNCTION_INFO(C_DigestUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_BYTE_PTR       pPart,     /* data to be digested */
-  CK_ULONG          ulPartLen  /* bytes of data to be digested */
-);
-#endif
-
-
-/* C_DigestKey continues a multi-part message-digesting
- * operation, by digesting the value of a secret key as part of
- * the data already digested.
- */
-CK_PKCS11_FUNCTION_INFO(C_DigestKey)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_OBJECT_HANDLE  hKey       /* secret key to digest */
-);
-#endif
-
-
-/* C_DigestFinal finishes a multiple-part message-digesting
- * operation.
- */
-CK_PKCS11_FUNCTION_INFO(C_DigestFinal)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,     /* the session's handle */
-  CK_BYTE_PTR       pDigest,      /* gets the message digest */
-  CK_ULONG_PTR      pulDigestLen  /* gets byte count of digest */
-);
-#endif
-
-
-
-/* Signing and MACing */
-
-/* C_SignInit initializes a signature (private key encryption)
- * operation, where the signature is (will be) an appendix to
- * the data, and plaintext cannot be recovered from the
- * signature.
- */
-CK_PKCS11_FUNCTION_INFO(C_SignInit)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,    /* the session's handle */
-  CK_MECHANISM_PTR  pMechanism,  /* the signature mechanism */
-  CK_OBJECT_HANDLE  hKey         /* handle of signature key */
-);
-#endif
-
-
-/* C_Sign signs (encrypts with private key) data in a single
- * part, where the signature is (will be) an appendix to the
- * data, and plaintext cannot be recovered from the signature.
- */
-CK_PKCS11_FUNCTION_INFO(C_Sign)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,        /* the session's handle */
-  CK_BYTE_PTR       pData,           /* the data to sign */
-  CK_ULONG          ulDataLen,       /* count of bytes to sign */
-  CK_BYTE_PTR       pSignature,      /* gets the signature */
-  CK_ULONG_PTR      pulSignatureLen  /* gets signature length */
-);
-#endif
-
-
-/* C_SignUpdate continues a multiple-part signature operation,
- * where the signature is (will be) an appendix to the data,
- * and plaintext cannot be recovered from the signature.
- */
-CK_PKCS11_FUNCTION_INFO(C_SignUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_BYTE_PTR       pPart,     /* the data to sign */
-  CK_ULONG          ulPartLen  /* count of bytes to sign */
-);
-#endif
-
-
-/* C_SignFinal finishes a multiple-part signature operation,
- * returning the signature.
- */
-CK_PKCS11_FUNCTION_INFO(C_SignFinal)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,        /* the session's handle */
-  CK_BYTE_PTR       pSignature,      /* gets the signature */
-  CK_ULONG_PTR      pulSignatureLen  /* gets signature length */
-);
-#endif
-
-
-/* C_SignRecoverInit initializes a signature operation, where
- * the data can be recovered from the signature.
- */
-CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,   /* the session's handle */
-  CK_MECHANISM_PTR  pMechanism, /* the signature mechanism */
-  CK_OBJECT_HANDLE  hKey        /* handle of the signature key */
-);
-#endif
-
-
-/* C_SignRecover signs data in a single operation, where the
- * data can be recovered from the signature.
- */
-CK_PKCS11_FUNCTION_INFO(C_SignRecover)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,        /* the session's handle */
-  CK_BYTE_PTR       pData,           /* the data to sign */
-  CK_ULONG          ulDataLen,       /* count of bytes to sign */
-  CK_BYTE_PTR       pSignature,      /* gets the signature */
-  CK_ULONG_PTR      pulSignatureLen  /* gets signature length */
-);
-#endif
-
-
-
-/* Verifying signatures and MACs */
-
-/* C_VerifyInit initializes a verification operation, where the
- * signature is an appendix to the data, and plaintext cannot
- * cannot be recovered from the signature (e.g. DSA).
- */
-CK_PKCS11_FUNCTION_INFO(C_VerifyInit)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,    /* the session's handle */
-  CK_MECHANISM_PTR  pMechanism,  /* the verification mechanism */
-  CK_OBJECT_HANDLE  hKey         /* verification key */
-);
-#endif
-
-
-/* C_Verify verifies a signature in a single-part operation,
- * where the signature is an appendix to the data, and plaintext
- * cannot be recovered from the signature.
- */
-CK_PKCS11_FUNCTION_INFO(C_Verify)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,       /* the session's handle */
-  CK_BYTE_PTR       pData,          /* signed data */
-  CK_ULONG          ulDataLen,      /* length of signed data */
-  CK_BYTE_PTR       pSignature,     /* signature */
-  CK_ULONG          ulSignatureLen  /* signature length*/
-);
-#endif
-
-
-/* C_VerifyUpdate continues a multiple-part verification
- * operation, where the signature is an appendix to the data,
- * and plaintext cannot be recovered from the signature.
- */
-CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_BYTE_PTR       pPart,     /* signed data */
-  CK_ULONG          ulPartLen  /* length of signed data */
-);
-#endif
-
-
-/* C_VerifyFinal finishes a multiple-part verification
- * operation, checking the signature.
- */
-CK_PKCS11_FUNCTION_INFO(C_VerifyFinal)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,       /* the session's handle */
-  CK_BYTE_PTR       pSignature,     /* signature to verify */
-  CK_ULONG          ulSignatureLen  /* signature length */
-);
-#endif
-
-
-/* C_VerifyRecoverInit initializes a signature verification
- * operation, where the data is recovered from the signature.
- */
-CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,    /* the session's handle */
-  CK_MECHANISM_PTR  pMechanism,  /* the verification mechanism */
-  CK_OBJECT_HANDLE  hKey         /* verification key */
-);
-#endif
-
-
-/* C_VerifyRecover verifies a signature in a single-part
- * operation, where the data is recovered from the signature.
- */
-CK_PKCS11_FUNCTION_INFO(C_VerifyRecover)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,        /* the session's handle */
-  CK_BYTE_PTR       pSignature,      /* signature to verify */
-  CK_ULONG          ulSignatureLen,  /* signature length */
-  CK_BYTE_PTR       pData,           /* gets signed data */
-  CK_ULONG_PTR      pulDataLen       /* gets signed data len */
-);
-#endif
-
-
-
-/* Dual-function cryptographic operations */
-
-/* C_DigestEncryptUpdate continues a multiple-part digesting
- * and encryption operation.
- */
-CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,            /* session's handle */
-  CK_BYTE_PTR       pPart,               /* the plaintext data */
-  CK_ULONG          ulPartLen,           /* plaintext length */
-  CK_BYTE_PTR       pEncryptedPart,      /* gets ciphertext */
-  CK_ULONG_PTR      pulEncryptedPartLen  /* gets c-text length */
-);
-#endif
-
-
-/* C_DecryptDigestUpdate continues a multiple-part decryption and
- * digesting operation.
- */
-CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,            /* session's handle */
-  CK_BYTE_PTR       pEncryptedPart,      /* ciphertext */
-  CK_ULONG          ulEncryptedPartLen,  /* ciphertext length */
-  CK_BYTE_PTR       pPart,               /* gets plaintext */
-  CK_ULONG_PTR      pulPartLen           /* gets plaintext len */
-);
-#endif
-
-
-/* C_SignEncryptUpdate continues a multiple-part signing and
- * encryption operation.
- */
-CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,            /* session's handle */
-  CK_BYTE_PTR       pPart,               /* the plaintext data */
-  CK_ULONG          ulPartLen,           /* plaintext length */
-  CK_BYTE_PTR       pEncryptedPart,      /* gets ciphertext */
-  CK_ULONG_PTR      pulEncryptedPartLen  /* gets c-text length */
-);
-#endif
-
-
-/* C_DecryptVerifyUpdate continues a multiple-part decryption and
- * verify operation.
- */
-CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,            /* session's handle */
-  CK_BYTE_PTR       pEncryptedPart,      /* ciphertext */
-  CK_ULONG          ulEncryptedPartLen,  /* ciphertext length */
-  CK_BYTE_PTR       pPart,               /* gets plaintext */
-  CK_ULONG_PTR      pulPartLen           /* gets p-text length */
-);
-#endif
-
-
-
-/* Key management */
-
-/* C_GenerateKey generates a secret key, creating a new key
- * object.
- */
-CK_PKCS11_FUNCTION_INFO(C_GenerateKey)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE    hSession,    /* the session's handle */
-  CK_MECHANISM_PTR     pMechanism,  /* key generation mech. */
-  CK_ATTRIBUTE_PTR     pTemplate,   /* template for new key */
-  CK_ULONG             ulCount,     /* # of attrs in template */
-  CK_OBJECT_HANDLE_PTR phKey        /* gets handle of new key */
-);
-#endif
-
-
-/* C_GenerateKeyPair generates a public-key/private-key pair,
- * creating new key objects.
- */
-CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE    hSession,                    /* session handle */
-  CK_MECHANISM_PTR     pMechanism,                  /* key-gen mech. */
-  CK_ATTRIBUTE_PTR     pPublicKeyTemplate,          /* template for pub. key */
-  CK_ULONG             ulPublicKeyAttributeCount,   /* # pub. attrs. */
-  CK_ATTRIBUTE_PTR     pPrivateKeyTemplate,         /* template for priv. key */
-  CK_ULONG             ulPrivateKeyAttributeCount,  /* # priv.  attrs. */
-  CK_OBJECT_HANDLE_PTR phPublicKey,                 /* gets pub. key handle */
-  CK_OBJECT_HANDLE_PTR phPrivateKey                 /* gets priv. key handle */
-);
-#endif
-
-
-/* C_WrapKey wraps (i.e., encrypts) a key. */
-CK_PKCS11_FUNCTION_INFO(C_WrapKey)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,        /* the session's handle */
-  CK_MECHANISM_PTR  pMechanism,      /* the wrapping mechanism */
-  CK_OBJECT_HANDLE  hWrappingKey,    /* wrapping key */
-  CK_OBJECT_HANDLE  hKey,            /* key to be wrapped */
-  CK_BYTE_PTR       pWrappedKey,     /* gets wrapped key */
-  CK_ULONG_PTR      pulWrappedKeyLen /* gets wrapped key size */
-);
-#endif
-
-
-/* C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new
- * key object.
- */
-CK_PKCS11_FUNCTION_INFO(C_UnwrapKey)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE    hSession,          /* session's handle */
-  CK_MECHANISM_PTR     pMechanism,        /* unwrapping mech. */
-  CK_OBJECT_HANDLE     hUnwrappingKey,    /* unwrapping key */
-  CK_BYTE_PTR          pWrappedKey,       /* the wrapped key */
-  CK_ULONG             ulWrappedKeyLen,   /* wrapped key len */
-  CK_ATTRIBUTE_PTR     pTemplate,         /* new key template */
-  CK_ULONG             ulAttributeCount,  /* template length */
-  CK_OBJECT_HANDLE_PTR phKey              /* gets new handle */
-);
-#endif
-
-
-/* C_DeriveKey derives a key from a base key, creating a new key
- * object.
- */
-CK_PKCS11_FUNCTION_INFO(C_DeriveKey)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE    hSession,          /* session's handle */
-  CK_MECHANISM_PTR     pMechanism,        /* key deriv. mech. */
-  CK_OBJECT_HANDLE     hBaseKey,          /* base key */
-  CK_ATTRIBUTE_PTR     pTemplate,         /* new key template */
-  CK_ULONG             ulAttributeCount,  /* template length */
-  CK_OBJECT_HANDLE_PTR phKey              /* gets new handle */
-);
-#endif
-
-
-
-/* Random number generation */
-
-/* C_SeedRandom mixes additional seed material into the token's
- * random number generator.
- */
-CK_PKCS11_FUNCTION_INFO(C_SeedRandom)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,  /* the session's handle */
-  CK_BYTE_PTR       pSeed,     /* the seed material */
-  CK_ULONG          ulSeedLen  /* length of seed material */
-);
-#endif
-
-
-/* C_GenerateRandom generates random data. */
-CK_PKCS11_FUNCTION_INFO(C_GenerateRandom)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession,    /* the session's handle */
-  CK_BYTE_PTR       RandomData,  /* receives the random data */
-  CK_ULONG          ulRandomLen  /* # of bytes to generate */
-);
-#endif
-
-
-
-/* Parallel function management */
-
-/* C_GetFunctionStatus is a legacy function; it obtains an
- * updated status of a function running in parallel with an
- * application.
- */
-CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession  /* the session's handle */
-);
-#endif
-
-
-/* C_CancelFunction is a legacy function; it cancels a function
- * running in parallel.
- */
-CK_PKCS11_FUNCTION_INFO(C_CancelFunction)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_SESSION_HANDLE hSession  /* the session's handle */
-);
-#endif
-
-
-/* C_WaitForSlotEvent waits for a slot event (token insertion,
- * removal, etc.) to occur.
- */
-CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent)
-#ifdef CK_NEED_ARG_LIST
-(
-  CK_FLAGS flags,        /* blocking/nonblocking flag */
-  CK_SLOT_ID_PTR pSlot,  /* location that receives the slot ID */
-  CK_VOID_PTR pRserved   /* reserved.  Should be NULL_PTR */
-);
-#endif
-
diff --git a/hpcs-pkcs11/samples/pkcs11t.h b/hpcs-pkcs11/samples/pkcs11t.h
deleted file mode 100644
index c13e67cf5..000000000
--- a/hpcs-pkcs11/samples/pkcs11t.h
+++ /dev/null
@@ -1,2003 +0,0 @@
-/* Copyright (c) OASIS Open 2016. All Rights Reserved./
- * /Distributed under the terms of the OASIS IPR Policy,
- * [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT ANY
- * IMPLIED OR EXPRESS WARRANTY; there is no warranty of MERCHANTABILITY, FITNESS FOR A
- * PARTICULAR PURPOSE or NONINFRINGEMENT of the rights of others.
- */
-        
-/* Latest version of the specification:
- * http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html
- */
-
-/* See top of pkcs11.h for information about the macros that
- * must be defined and the structure-packing conventions that
- * must be set before including this file.
- */
-
-#ifndef _PKCS11T_H_
-#define _PKCS11T_H_ 1
-
-#define CRYPTOKI_VERSION_MAJOR          2
-#define CRYPTOKI_VERSION_MINOR          40
-#define CRYPTOKI_VERSION_AMENDMENT      0
-
-#define CK_TRUE         1
-#define CK_FALSE        0
-
-#ifndef CK_DISABLE_TRUE_FALSE
-#ifndef FALSE
-#define FALSE CK_FALSE
-#endif
-#ifndef TRUE
-#define TRUE CK_TRUE
-#endif
-#endif
-
-/* an unsigned 8-bit value */
-typedef unsigned char     CK_BYTE;
-
-/* an unsigned 8-bit character */
-typedef CK_BYTE           CK_CHAR;
-
-/* an 8-bit UTF-8 character */
-typedef CK_BYTE           CK_UTF8CHAR;
-
-/* a BYTE-sized Boolean flag */
-typedef CK_BYTE           CK_BBOOL;
-
-/* an unsigned value, at least 32 bits long */
-typedef unsigned long int CK_ULONG;
-
-/* a signed value, the same size as a CK_ULONG */
-typedef long int          CK_LONG;
-
-/* at least 32 bits; each bit is a Boolean flag */
-typedef CK_ULONG          CK_FLAGS;
-
-
-/* some special values for certain CK_ULONG variables */
-#define CK_UNAVAILABLE_INFORMATION      (~0UL)
-#define CK_EFFECTIVELY_INFINITE         0UL
-
-
-typedef CK_BYTE     CK_PTR   CK_BYTE_PTR;
-typedef CK_CHAR     CK_PTR   CK_CHAR_PTR;
-typedef CK_UTF8CHAR CK_PTR   CK_UTF8CHAR_PTR;
-typedef CK_ULONG    CK_PTR   CK_ULONG_PTR;
-typedef void        CK_PTR   CK_VOID_PTR;
-
-/* Pointer to a CK_VOID_PTR-- i.e., pointer to pointer to void */
-typedef CK_VOID_PTR CK_PTR CK_VOID_PTR_PTR;
-
-
-/* The following value is always invalid if used as a session
- * handle or object handle
- */
-#define CK_INVALID_HANDLE       0UL
-
-
-typedef struct CK_VERSION {
-  CK_BYTE       major;  /* integer portion of version number */
-  CK_BYTE       minor;  /* 1/100ths portion of version number */
-} CK_VERSION;
-
-typedef CK_VERSION CK_PTR CK_VERSION_PTR;
-
-
-typedef struct CK_INFO {
-  CK_VERSION    cryptokiVersion;     /* Cryptoki interface ver */
-  CK_UTF8CHAR   manufacturerID[32];  /* blank padded */
-  CK_FLAGS      flags;               /* must be zero */
-  CK_UTF8CHAR   libraryDescription[32];  /* blank padded */
-  CK_VERSION    libraryVersion;          /* version of library */
-} CK_INFO;
-
-typedef CK_INFO CK_PTR    CK_INFO_PTR;
-
-
-/* CK_NOTIFICATION enumerates the types of notifications that
- * Cryptoki provides to an application
- */
-typedef CK_ULONG CK_NOTIFICATION;
-#define CKN_SURRENDER           0UL
-#define CKN_OTP_CHANGED         1UL
-
-typedef CK_ULONG          CK_SLOT_ID;
-
-typedef CK_SLOT_ID CK_PTR CK_SLOT_ID_PTR;
-
-
-/* CK_SLOT_INFO provides information about a slot */
-typedef struct CK_SLOT_INFO {
-  CK_UTF8CHAR   slotDescription[64];  /* blank padded */
-  CK_UTF8CHAR   manufacturerID[32];   /* blank padded */
-  CK_FLAGS      flags;
-
-  CK_VERSION    hardwareVersion;  /* version of hardware */
-  CK_VERSION    firmwareVersion;  /* version of firmware */
-} CK_SLOT_INFO;
-
-/* flags: bit flags that provide capabilities of the slot
- *      Bit Flag              Mask        Meaning
- */
-#define CKF_TOKEN_PRESENT     0x00000001UL  /* a token is there */
-#define CKF_REMOVABLE_DEVICE  0x00000002UL  /* removable devices*/
-#define CKF_HW_SLOT           0x00000004UL  /* hardware slot */
-
-typedef CK_SLOT_INFO CK_PTR CK_SLOT_INFO_PTR;
-
-
-/* CK_TOKEN_INFO provides information about a token */
-typedef struct CK_TOKEN_INFO {
-  CK_UTF8CHAR   label[32];           /* blank padded */
-  CK_UTF8CHAR   manufacturerID[32];  /* blank padded */
-  CK_UTF8CHAR   model[16];           /* blank padded */
-  CK_CHAR       serialNumber[16];    /* blank padded */
-  CK_FLAGS      flags;               /* see below */
-
-  CK_ULONG      ulMaxSessionCount;     /* max open sessions */
-  CK_ULONG      ulSessionCount;        /* sess. now open */
-  CK_ULONG      ulMaxRwSessionCount;   /* max R/W sessions */
-  CK_ULONG      ulRwSessionCount;      /* R/W sess. now open */
-  CK_ULONG      ulMaxPinLen;           /* in bytes */
-  CK_ULONG      ulMinPinLen;           /* in bytes */
-  CK_ULONG      ulTotalPublicMemory;   /* in bytes */
-  CK_ULONG      ulFreePublicMemory;    /* in bytes */
-  CK_ULONG      ulTotalPrivateMemory;  /* in bytes */
-  CK_ULONG      ulFreePrivateMemory;   /* in bytes */
-  CK_VERSION    hardwareVersion;       /* version of hardware */
-  CK_VERSION    firmwareVersion;       /* version of firmware */
-  CK_CHAR       utcTime[16];           /* time */
-} CK_TOKEN_INFO;
-
-/* The flags parameter is defined as follows:
- *      Bit Flag                    Mask        Meaning
- */
-#define CKF_RNG                     0x00000001UL  /* has random # generator */
-#define CKF_WRITE_PROTECTED         0x00000002UL  /* token is write-protected */
-#define CKF_LOGIN_REQUIRED          0x00000004UL  /* user must login */
-#define CKF_USER_PIN_INITIALIZED    0x00000008UL  /* normal user's PIN is set */
-
-/* CKF_RESTORE_KEY_NOT_NEEDED.  If it is set,
- * that means that *every* time the state of cryptographic
- * operations of a session is successfully saved, all keys
- * needed to continue those operations are stored in the state
- */
-#define CKF_RESTORE_KEY_NOT_NEEDED  0x00000020UL
-
-/* CKF_CLOCK_ON_TOKEN.  If it is set, that means
- * that the token has some sort of clock.  The time on that
- * clock is returned in the token info structure
- */
-#define CKF_CLOCK_ON_TOKEN          0x00000040UL
-
-/* CKF_PROTECTED_AUTHENTICATION_PATH.  If it is
- * set, that means that there is some way for the user to login
- * without sending a PIN through the Cryptoki library itself
- */
-#define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100UL
-
-/* CKF_DUAL_CRYPTO_OPERATIONS.  If it is true,
- * that means that a single session with the token can perform
- * dual simultaneous cryptographic operations (digest and
- * encrypt; decrypt and digest; sign and encrypt; and decrypt
- * and sign)
- */
-#define CKF_DUAL_CRYPTO_OPERATIONS  0x00000200UL
-
-/* CKF_TOKEN_INITIALIZED. If it is true, the
- * token has been initialized using C_InitializeToken or an
- * equivalent mechanism outside the scope of PKCS #11.
- * Calling C_InitializeToken when this flag is set will cause
- * the token to be reinitialized.
- */
-#define CKF_TOKEN_INITIALIZED       0x00000400UL
-
-/* CKF_SECONDARY_AUTHENTICATION. If it is
- * true, the token supports secondary authentication for
- * private key objects.
- */
-#define CKF_SECONDARY_AUTHENTICATION  0x00000800UL
-
-/* CKF_USER_PIN_COUNT_LOW. If it is true, an
- * incorrect user login PIN has been entered at least once
- * since the last successful authentication.
- */
-#define CKF_USER_PIN_COUNT_LOW       0x00010000UL
-
-/* CKF_USER_PIN_FINAL_TRY. If it is true,
- * supplying an incorrect user PIN will it to become locked.
- */
-#define CKF_USER_PIN_FINAL_TRY       0x00020000UL
-
-/* CKF_USER_PIN_LOCKED. If it is true, the
- * user PIN has been locked. User login to the token is not
- * possible.
- */
-#define CKF_USER_PIN_LOCKED          0x00040000UL
-
-/* CKF_USER_PIN_TO_BE_CHANGED. If it is true,
- * the user PIN value is the default value set by token
- * initialization or manufacturing, or the PIN has been
- * expired by the card.
- */
-#define CKF_USER_PIN_TO_BE_CHANGED   0x00080000UL
-
-/* CKF_SO_PIN_COUNT_LOW. If it is true, an
- * incorrect SO login PIN has been entered at least once since
- * the last successful authentication.
- */
-#define CKF_SO_PIN_COUNT_LOW         0x00100000UL
-
-/* CKF_SO_PIN_FINAL_TRY. If it is true,
- * supplying an incorrect SO PIN will it to become locked.
- */
-#define CKF_SO_PIN_FINAL_TRY         0x00200000UL
-
-/* CKF_SO_PIN_LOCKED. If it is true, the SO
- * PIN has been locked. SO login to the token is not possible.
- */
-#define CKF_SO_PIN_LOCKED            0x00400000UL
-
-/* CKF_SO_PIN_TO_BE_CHANGED. If it is true,
- * the SO PIN value is the default value set by token
- * initialization or manufacturing, or the PIN has been
- * expired by the card.
- */
-#define CKF_SO_PIN_TO_BE_CHANGED     0x00800000UL
-
-#define CKF_ERROR_STATE              0x01000000UL
-
-typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR;
-
-
-/* CK_SESSION_HANDLE is a Cryptoki-assigned value that
- * identifies a session
- */
-typedef CK_ULONG          CK_SESSION_HANDLE;
-
-typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR;
-
-
-/* CK_USER_TYPE enumerates the types of Cryptoki users */
-typedef CK_ULONG          CK_USER_TYPE;
-/* Security Officer */
-#define CKU_SO                  0UL
-/* Normal user */
-#define CKU_USER                1UL
-/* Context specific */
-#define CKU_CONTEXT_SPECIFIC    2UL
-
-/* CK_STATE enumerates the session states */
-typedef CK_ULONG          CK_STATE;
-#define CKS_RO_PUBLIC_SESSION   0UL
-#define CKS_RO_USER_FUNCTIONS   1UL
-#define CKS_RW_PUBLIC_SESSION   2UL
-#define CKS_RW_USER_FUNCTIONS   3UL
-#define CKS_RW_SO_FUNCTIONS     4UL
-
-/* CK_SESSION_INFO provides information about a session */
-typedef struct CK_SESSION_INFO {
-  CK_SLOT_ID    slotID;
-  CK_STATE      state;
-  CK_FLAGS      flags;          /* see below */
-  CK_ULONG      ulDeviceError;  /* device-dependent error code */
-} CK_SESSION_INFO;
-
-/* The flags are defined in the following table:
- *      Bit Flag                Mask        Meaning
- */
-#define CKF_RW_SESSION          0x00000002UL /* session is r/w */
-#define CKF_SERIAL_SESSION      0x00000004UL /* no parallel    */
-
-typedef CK_SESSION_INFO CK_PTR CK_SESSION_INFO_PTR;
-
-
-/* CK_OBJECT_HANDLE is a token-specific identifier for an
- * object
- */
-typedef CK_ULONG          CK_OBJECT_HANDLE;
-
-typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR;
-
-
-/* CK_OBJECT_CLASS is a value that identifies the classes (or
- * types) of objects that Cryptoki recognizes.  It is defined
- * as follows:
- */
-typedef CK_ULONG          CK_OBJECT_CLASS;
-
-/* The following classes of objects are defined: */
-#define CKO_DATA              0x00000000UL
-#define CKO_CERTIFICATE       0x00000001UL
-#define CKO_PUBLIC_KEY        0x00000002UL
-#define CKO_PRIVATE_KEY       0x00000003UL
-#define CKO_SECRET_KEY        0x00000004UL
-#define CKO_HW_FEATURE        0x00000005UL
-#define CKO_DOMAIN_PARAMETERS 0x00000006UL
-#define CKO_MECHANISM         0x00000007UL
-#define CKO_OTP_KEY           0x00000008UL
-
-#define CKO_VENDOR_DEFINED    0x80000000UL
-
-typedef CK_OBJECT_CLASS CK_PTR CK_OBJECT_CLASS_PTR;
-
-/* CK_HW_FEATURE_TYPE is a value that identifies the hardware feature type
- * of an object with CK_OBJECT_CLASS equal to CKO_HW_FEATURE.
- */
-typedef CK_ULONG          CK_HW_FEATURE_TYPE;
-
-/* The following hardware feature types are defined */
-#define CKH_MONOTONIC_COUNTER  0x00000001UL
-#define CKH_CLOCK              0x00000002UL
-#define CKH_USER_INTERFACE     0x00000003UL
-#define CKH_VENDOR_DEFINED     0x80000000UL
-
-/* CK_KEY_TYPE is a value that identifies a key type */
-typedef CK_ULONG          CK_KEY_TYPE;
-
-/* the following key types are defined: */
-#define CKK_RSA                 0x00000000UL
-#define CKK_DSA                 0x00000001UL
-#define CKK_DH                  0x00000002UL
-#define CKK_ECDSA               0x00000003UL /* Deprecated */
-#define CKK_EC                  0x00000003UL
-#define CKK_X9_42_DH            0x00000004UL
-#define CKK_KEA                 0x00000005UL
-#define CKK_GENERIC_SECRET      0x00000010UL
-#define CKK_RC2                 0x00000011UL
-#define CKK_RC4                 0x00000012UL
-#define CKK_DES                 0x00000013UL
-#define CKK_DES2                0x00000014UL
-#define CKK_DES3                0x00000015UL
-#define CKK_CAST                0x00000016UL
-#define CKK_CAST3               0x00000017UL
-#define CKK_CAST5               0x00000018UL /* Deprecated */
-#define CKK_CAST128             0x00000018UL
-#define CKK_RC5                 0x00000019UL
-#define CKK_IDEA                0x0000001AUL
-#define CKK_SKIPJACK            0x0000001BUL
-#define CKK_BATON               0x0000001CUL
-#define CKK_JUNIPER             0x0000001DUL
-#define CKK_CDMF                0x0000001EUL
-#define CKK_AES                 0x0000001FUL
-#define CKK_BLOWFISH            0x00000020UL
-#define CKK_TWOFISH             0x00000021UL
-#define CKK_SECURID             0x00000022UL
-#define CKK_HOTP                0x00000023UL
-#define CKK_ACTI                0x00000024UL
-#define CKK_CAMELLIA            0x00000025UL
-#define CKK_ARIA                0x00000026UL
-
-#define CKK_MD5_HMAC            0x00000027UL
-#define CKK_SHA_1_HMAC          0x00000028UL
-#define CKK_RIPEMD128_HMAC      0x00000029UL
-#define CKK_RIPEMD160_HMAC      0x0000002AUL
-#define CKK_SHA256_HMAC         0x0000002BUL
-#define CKK_SHA384_HMAC         0x0000002CUL
-#define CKK_SHA512_HMAC         0x0000002DUL
-#define CKK_SHA224_HMAC         0x0000002EUL
-
-#define CKK_SEED                0x0000002FUL
-#define CKK_GOSTR3410           0x00000030UL
-#define CKK_GOSTR3411           0x00000031UL
-#define CKK_GOST28147           0x00000032UL
-
-
-
-#define CKK_VENDOR_DEFINED      0x80000000UL
-
-
-/* CK_CERTIFICATE_TYPE is a value that identifies a certificate
- * type
- */
-typedef CK_ULONG          CK_CERTIFICATE_TYPE;
-
-#define CK_CERTIFICATE_CATEGORY_UNSPECIFIED     0UL
-#define CK_CERTIFICATE_CATEGORY_TOKEN_USER      1UL
-#define CK_CERTIFICATE_CATEGORY_AUTHORITY       2UL
-#define CK_CERTIFICATE_CATEGORY_OTHER_ENTITY    3UL
-
-#define CK_SECURITY_DOMAIN_UNSPECIFIED     0UL
-#define CK_SECURITY_DOMAIN_MANUFACTURER    1UL
-#define CK_SECURITY_DOMAIN_OPERATOR        2UL
-#define CK_SECURITY_DOMAIN_THIRD_PARTY     3UL
-
-
-/* The following certificate types are defined: */
-#define CKC_X_509               0x00000000UL
-#define CKC_X_509_ATTR_CERT     0x00000001UL
-#define CKC_WTLS                0x00000002UL
-#define CKC_VENDOR_DEFINED      0x80000000UL
-
-
-/* CK_ATTRIBUTE_TYPE is a value that identifies an attribute
- * type
- */
-typedef CK_ULONG          CK_ATTRIBUTE_TYPE;
-
-/* The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which
- * consists of an array of values.
- */
-#define CKF_ARRAY_ATTRIBUTE     0x40000000UL
-
-/* The following OTP-related defines relate to the CKA_OTP_FORMAT attribute */
-#define CK_OTP_FORMAT_DECIMAL           0UL
-#define CK_OTP_FORMAT_HEXADECIMAL       1UL
-#define CK_OTP_FORMAT_ALPHANUMERIC      2UL
-#define CK_OTP_FORMAT_BINARY            3UL
-
-/* The following OTP-related defines relate to the CKA_OTP_..._REQUIREMENT
- * attributes
- */
-#define CK_OTP_PARAM_IGNORED            0UL
-#define CK_OTP_PARAM_OPTIONAL           1UL
-#define CK_OTP_PARAM_MANDATORY          2UL
-
-/* The following attribute types are defined: */
-#define CKA_CLASS              0x00000000UL
-#define CKA_TOKEN              0x00000001UL
-#define CKA_PRIVATE            0x00000002UL
-#define CKA_LABEL              0x00000003UL
-#define CKA_APPLICATION        0x00000010UL
-#define CKA_VALUE              0x00000011UL
-#define CKA_OBJECT_ID          0x00000012UL
-#define CKA_CERTIFICATE_TYPE   0x00000080UL
-#define CKA_ISSUER             0x00000081UL
-#define CKA_SERIAL_NUMBER      0x00000082UL
-#define CKA_AC_ISSUER          0x00000083UL
-#define CKA_OWNER              0x00000084UL
-#define CKA_ATTR_TYPES         0x00000085UL
-#define CKA_TRUSTED            0x00000086UL
-#define CKA_CERTIFICATE_CATEGORY        0x00000087UL
-#define CKA_JAVA_MIDP_SECURITY_DOMAIN   0x00000088UL
-#define CKA_URL                         0x00000089UL
-#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY  0x0000008AUL
-#define CKA_HASH_OF_ISSUER_PUBLIC_KEY   0x0000008BUL
-#define CKA_NAME_HASH_ALGORITHM         0x0000008CUL
-#define CKA_CHECK_VALUE                 0x00000090UL
-
-#define CKA_KEY_TYPE           0x00000100UL
-#define CKA_SUBJECT            0x00000101UL
-#define CKA_ID                 0x00000102UL
-#define CKA_SENSITIVE          0x00000103UL
-#define CKA_ENCRYPT            0x00000104UL
-#define CKA_DECRYPT            0x00000105UL
-#define CKA_WRAP               0x00000106UL
-#define CKA_UNWRAP             0x00000107UL
-#define CKA_SIGN               0x00000108UL
-#define CKA_SIGN_RECOVER       0x00000109UL
-#define CKA_VERIFY             0x0000010AUL
-#define CKA_VERIFY_RECOVER     0x0000010BUL
-#define CKA_DERIVE             0x0000010CUL
-#define CKA_START_DATE         0x00000110UL
-#define CKA_END_DATE           0x00000111UL
-#define CKA_MODULUS            0x00000120UL
-#define CKA_MODULUS_BITS       0x00000121UL
-#define CKA_PUBLIC_EXPONENT    0x00000122UL
-#define CKA_PRIVATE_EXPONENT   0x00000123UL
-#define CKA_PRIME_1            0x00000124UL
-#define CKA_PRIME_2            0x00000125UL
-#define CKA_EXPONENT_1         0x00000126UL
-#define CKA_EXPONENT_2         0x00000127UL
-#define CKA_COEFFICIENT        0x00000128UL
-#define CKA_PUBLIC_KEY_INFO    0x00000129UL
-#define CKA_PRIME              0x00000130UL
-#define CKA_SUBPRIME           0x00000131UL
-#define CKA_BASE               0x00000132UL
-
-#define CKA_PRIME_BITS         0x00000133UL
-#define CKA_SUBPRIME_BITS      0x00000134UL
-#define CKA_SUB_PRIME_BITS     CKA_SUBPRIME_BITS
-
-#define CKA_VALUE_BITS         0x00000160UL
-#define CKA_VALUE_LEN          0x00000161UL
-#define CKA_EXTRACTABLE        0x00000162UL
-#define CKA_LOCAL              0x00000163UL
-#define CKA_NEVER_EXTRACTABLE  0x00000164UL
-#define CKA_ALWAYS_SENSITIVE   0x00000165UL
-#define CKA_KEY_GEN_MECHANISM  0x00000166UL
-
-#define CKA_MODIFIABLE         0x00000170UL
-#define CKA_COPYABLE           0x00000171UL
-
-#define CKA_DESTROYABLE        0x00000172UL
-
-#define CKA_ECDSA_PARAMS       0x00000180UL /* Deprecated */
-#define CKA_EC_PARAMS          0x00000180UL
-
-#define CKA_EC_POINT           0x00000181UL
-
-#define CKA_SECONDARY_AUTH     0x00000200UL /* Deprecated */
-#define CKA_AUTH_PIN_FLAGS     0x00000201UL /* Deprecated */
-
-#define CKA_ALWAYS_AUTHENTICATE  0x00000202UL
-
-#define CKA_WRAP_WITH_TRUSTED    0x00000210UL
-#define CKA_WRAP_TEMPLATE        (CKF_ARRAY_ATTRIBUTE|0x00000211UL)
-#define CKA_UNWRAP_TEMPLATE      (CKF_ARRAY_ATTRIBUTE|0x00000212UL)
-#define CKA_DERIVE_TEMPLATE      (CKF_ARRAY_ATTRIBUTE|0x00000213UL)
-
-#define CKA_OTP_FORMAT                0x00000220UL
-#define CKA_OTP_LENGTH                0x00000221UL
-#define CKA_OTP_TIME_INTERVAL         0x00000222UL
-#define CKA_OTP_USER_FRIENDLY_MODE    0x00000223UL
-#define CKA_OTP_CHALLENGE_REQUIREMENT 0x00000224UL
-#define CKA_OTP_TIME_REQUIREMENT      0x00000225UL
-#define CKA_OTP_COUNTER_REQUIREMENT   0x00000226UL
-#define CKA_OTP_PIN_REQUIREMENT       0x00000227UL
-#define CKA_OTP_COUNTER               0x0000022EUL
-#define CKA_OTP_TIME                  0x0000022FUL
-#define CKA_OTP_USER_IDENTIFIER       0x0000022AUL
-#define CKA_OTP_SERVICE_IDENTIFIER    0x0000022BUL
-#define CKA_OTP_SERVICE_LOGO          0x0000022CUL
-#define CKA_OTP_SERVICE_LOGO_TYPE     0x0000022DUL
-
-#define CKA_GOSTR3410_PARAMS            0x00000250UL
-#define CKA_GOSTR3411_PARAMS            0x00000251UL
-#define CKA_GOST28147_PARAMS            0x00000252UL
-
-#define CKA_HW_FEATURE_TYPE             0x00000300UL
-#define CKA_RESET_ON_INIT               0x00000301UL
-#define CKA_HAS_RESET                   0x00000302UL
-
-#define CKA_PIXEL_X                     0x00000400UL
-#define CKA_PIXEL_Y                     0x00000401UL
-#define CKA_RESOLUTION                  0x00000402UL
-#define CKA_CHAR_ROWS                   0x00000403UL
-#define CKA_CHAR_COLUMNS                0x00000404UL
-#define CKA_COLOR                       0x00000405UL
-#define CKA_BITS_PER_PIXEL              0x00000406UL
-#define CKA_CHAR_SETS                   0x00000480UL
-#define CKA_ENCODING_METHODS            0x00000481UL
-#define CKA_MIME_TYPES                  0x00000482UL
-#define CKA_MECHANISM_TYPE              0x00000500UL
-#define CKA_REQUIRED_CMS_ATTRIBUTES     0x00000501UL
-#define CKA_DEFAULT_CMS_ATTRIBUTES      0x00000502UL
-#define CKA_SUPPORTED_CMS_ATTRIBUTES    0x00000503UL
-#define CKA_ALLOWED_MECHANISMS          (CKF_ARRAY_ATTRIBUTE|0x00000600UL)
-
-#define CKA_VENDOR_DEFINED              0x80000000UL
-
-/* CK_ATTRIBUTE is a structure that includes the type, length
- * and value of an attribute
- */
-typedef struct CK_ATTRIBUTE {
-  CK_ATTRIBUTE_TYPE type;
-  CK_VOID_PTR       pValue;
-  CK_ULONG          ulValueLen;  /* in bytes */
-} CK_ATTRIBUTE;
-
-typedef CK_ATTRIBUTE CK_PTR CK_ATTRIBUTE_PTR;
-
-/* CK_DATE is a structure that defines a date */
-typedef struct CK_DATE{
-  CK_CHAR       year[4];   /* the year ("1900" - "9999") */
-  CK_CHAR       month[2];  /* the month ("01" - "12") */
-  CK_CHAR       day[2];    /* the day   ("01" - "31") */
-} CK_DATE;
-
-
-/* CK_MECHANISM_TYPE is a value that identifies a mechanism
- * type
- */
-typedef CK_ULONG          CK_MECHANISM_TYPE;
-
-/* the following mechanism types are defined: */
-#define CKM_RSA_PKCS_KEY_PAIR_GEN      0x00000000UL
-#define CKM_RSA_PKCS                   0x00000001UL
-#define CKM_RSA_9796                   0x00000002UL
-#define CKM_RSA_X_509                  0x00000003UL
-
-#define CKM_MD2_RSA_PKCS               0x00000004UL
-#define CKM_MD5_RSA_PKCS               0x00000005UL
-#define CKM_SHA1_RSA_PKCS              0x00000006UL
-
-#define CKM_RIPEMD128_RSA_PKCS         0x00000007UL
-#define CKM_RIPEMD160_RSA_PKCS         0x00000008UL
-#define CKM_RSA_PKCS_OAEP              0x00000009UL
-
-#define CKM_RSA_X9_31_KEY_PAIR_GEN     0x0000000AUL
-#define CKM_RSA_X9_31                  0x0000000BUL
-#define CKM_SHA1_RSA_X9_31             0x0000000CUL
-#define CKM_RSA_PKCS_PSS               0x0000000DUL
-#define CKM_SHA1_RSA_PKCS_PSS          0x0000000EUL
-
-#define CKM_DSA_KEY_PAIR_GEN           0x00000010UL
-#define CKM_DSA                        0x00000011UL
-#define CKM_DSA_SHA1                   0x00000012UL
-#define CKM_DSA_SHA224                 0x00000013UL
-#define CKM_DSA_SHA256                 0x00000014UL
-#define CKM_DSA_SHA384                 0x00000015UL
-#define CKM_DSA_SHA512                 0x00000016UL
-
-#define CKM_DH_PKCS_KEY_PAIR_GEN       0x00000020UL
-#define CKM_DH_PKCS_DERIVE             0x00000021UL
-
-#define CKM_X9_42_DH_KEY_PAIR_GEN      0x00000030UL
-#define CKM_X9_42_DH_DERIVE            0x00000031UL
-#define CKM_X9_42_DH_HYBRID_DERIVE     0x00000032UL
-#define CKM_X9_42_MQV_DERIVE           0x00000033UL
-
-#define CKM_SHA256_RSA_PKCS            0x00000040UL
-#define CKM_SHA384_RSA_PKCS            0x00000041UL
-#define CKM_SHA512_RSA_PKCS            0x00000042UL
-#define CKM_SHA256_RSA_PKCS_PSS        0x00000043UL
-#define CKM_SHA384_RSA_PKCS_PSS        0x00000044UL
-#define CKM_SHA512_RSA_PKCS_PSS        0x00000045UL
-
-#define CKM_SHA224_RSA_PKCS            0x00000046UL
-#define CKM_SHA224_RSA_PKCS_PSS        0x00000047UL
-
-#define CKM_SHA512_224                 0x00000048UL
-#define CKM_SHA512_224_HMAC            0x00000049UL
-#define CKM_SHA512_224_HMAC_GENERAL    0x0000004AUL
-#define CKM_SHA512_224_KEY_DERIVATION  0x0000004BUL
-#define CKM_SHA512_256                 0x0000004CUL
-#define CKM_SHA512_256_HMAC            0x0000004DUL
-#define CKM_SHA512_256_HMAC_GENERAL    0x0000004EUL
-#define CKM_SHA512_256_KEY_DERIVATION  0x0000004FUL
-
-#define CKM_SHA512_T                   0x00000050UL
-#define CKM_SHA512_T_HMAC              0x00000051UL
-#define CKM_SHA512_T_HMAC_GENERAL      0x00000052UL
-#define CKM_SHA512_T_KEY_DERIVATION    0x00000053UL
-
-#define CKM_RC2_KEY_GEN                0x00000100UL
-#define CKM_RC2_ECB                    0x00000101UL
-#define CKM_RC2_CBC                    0x00000102UL
-#define CKM_RC2_MAC                    0x00000103UL
-
-#define CKM_RC2_MAC_GENERAL            0x00000104UL
-#define CKM_RC2_CBC_PAD                0x00000105UL
-
-#define CKM_RC4_KEY_GEN                0x00000110UL
-#define CKM_RC4                        0x00000111UL
-#define CKM_DES_KEY_GEN                0x00000120UL
-#define CKM_DES_ECB                    0x00000121UL
-#define CKM_DES_CBC                    0x00000122UL
-#define CKM_DES_MAC                    0x00000123UL
-
-#define CKM_DES_MAC_GENERAL            0x00000124UL
-#define CKM_DES_CBC_PAD                0x00000125UL
-
-#define CKM_DES2_KEY_GEN               0x00000130UL
-#define CKM_DES3_KEY_GEN               0x00000131UL
-#define CKM_DES3_ECB                   0x00000132UL
-#define CKM_DES3_CBC                   0x00000133UL
-#define CKM_DES3_MAC                   0x00000134UL
-
-#define CKM_DES3_MAC_GENERAL           0x00000135UL
-#define CKM_DES3_CBC_PAD               0x00000136UL
-#define CKM_DES3_CMAC_GENERAL          0x00000137UL
-#define CKM_DES3_CMAC                  0x00000138UL
-#define CKM_CDMF_KEY_GEN               0x00000140UL
-#define CKM_CDMF_ECB                   0x00000141UL
-#define CKM_CDMF_CBC                   0x00000142UL
-#define CKM_CDMF_MAC                   0x00000143UL
-#define CKM_CDMF_MAC_GENERAL           0x00000144UL
-#define CKM_CDMF_CBC_PAD               0x00000145UL
-
-#define CKM_DES_OFB64                  0x00000150UL
-#define CKM_DES_OFB8                   0x00000151UL
-#define CKM_DES_CFB64                  0x00000152UL
-#define CKM_DES_CFB8                   0x00000153UL
-
-#define CKM_MD2                        0x00000200UL
-
-#define CKM_MD2_HMAC                   0x00000201UL
-#define CKM_MD2_HMAC_GENERAL           0x00000202UL
-
-#define CKM_MD5                        0x00000210UL
-
-#define CKM_MD5_HMAC                   0x00000211UL
-#define CKM_MD5_HMAC_GENERAL           0x00000212UL
-
-#define CKM_SHA_1                      0x00000220UL
-
-#define CKM_SHA_1_HMAC                 0x00000221UL
-#define CKM_SHA_1_HMAC_GENERAL         0x00000222UL
-
-#define CKM_RIPEMD128                  0x00000230UL
-#define CKM_RIPEMD128_HMAC             0x00000231UL
-#define CKM_RIPEMD128_HMAC_GENERAL     0x00000232UL
-#define CKM_RIPEMD160                  0x00000240UL
-#define CKM_RIPEMD160_HMAC             0x00000241UL
-#define CKM_RIPEMD160_HMAC_GENERAL     0x00000242UL
-
-#define CKM_SHA256                     0x00000250UL
-#define CKM_SHA256_HMAC                0x00000251UL
-#define CKM_SHA256_HMAC_GENERAL        0x00000252UL
-#define CKM_SHA224                     0x00000255UL
-#define CKM_SHA224_HMAC                0x00000256UL
-#define CKM_SHA224_HMAC_GENERAL        0x00000257UL
-#define CKM_SHA384                     0x00000260UL
-#define CKM_SHA384_HMAC                0x00000261UL
-#define CKM_SHA384_HMAC_GENERAL        0x00000262UL
-#define CKM_SHA512                     0x00000270UL
-#define CKM_SHA512_HMAC                0x00000271UL
-#define CKM_SHA512_HMAC_GENERAL        0x00000272UL
-#define CKM_SECURID_KEY_GEN            0x00000280UL
-#define CKM_SECURID                    0x00000282UL
-#define CKM_HOTP_KEY_GEN               0x00000290UL
-#define CKM_HOTP                       0x00000291UL
-#define CKM_ACTI                       0x000002A0UL
-#define CKM_ACTI_KEY_GEN               0x000002A1UL
-
-#define CKM_CAST_KEY_GEN               0x00000300UL
-#define CKM_CAST_ECB                   0x00000301UL
-#define CKM_CAST_CBC                   0x00000302UL
-#define CKM_CAST_MAC                   0x00000303UL
-#define CKM_CAST_MAC_GENERAL           0x00000304UL
-#define CKM_CAST_CBC_PAD               0x00000305UL
-#define CKM_CAST3_KEY_GEN              0x00000310UL
-#define CKM_CAST3_ECB                  0x00000311UL
-#define CKM_CAST3_CBC                  0x00000312UL
-#define CKM_CAST3_MAC                  0x00000313UL
-#define CKM_CAST3_MAC_GENERAL          0x00000314UL
-#define CKM_CAST3_CBC_PAD              0x00000315UL
-/* Note that CAST128 and CAST5 are the same algorithm */
-#define CKM_CAST5_KEY_GEN              0x00000320UL
-#define CKM_CAST128_KEY_GEN            0x00000320UL
-#define CKM_CAST5_ECB                  0x00000321UL
-#define CKM_CAST128_ECB                0x00000321UL
-#define CKM_CAST5_CBC                  0x00000322UL /* Deprecated */
-#define CKM_CAST128_CBC                0x00000322UL
-#define CKM_CAST5_MAC                  0x00000323UL /* Deprecated */
-#define CKM_CAST128_MAC                0x00000323UL
-#define CKM_CAST5_MAC_GENERAL          0x00000324UL /* Deprecated */
-#define CKM_CAST128_MAC_GENERAL        0x00000324UL
-#define CKM_CAST5_CBC_PAD              0x00000325UL /* Deprecated */
-#define CKM_CAST128_CBC_PAD            0x00000325UL
-#define CKM_RC5_KEY_GEN                0x00000330UL
-#define CKM_RC5_ECB                    0x00000331UL
-#define CKM_RC5_CBC                    0x00000332UL
-#define CKM_RC5_MAC                    0x00000333UL
-#define CKM_RC5_MAC_GENERAL            0x00000334UL
-#define CKM_RC5_CBC_PAD                0x00000335UL
-#define CKM_IDEA_KEY_GEN               0x00000340UL
-#define CKM_IDEA_ECB                   0x00000341UL
-#define CKM_IDEA_CBC                   0x00000342UL
-#define CKM_IDEA_MAC                   0x00000343UL
-#define CKM_IDEA_MAC_GENERAL           0x00000344UL
-#define CKM_IDEA_CBC_PAD               0x00000345UL
-#define CKM_GENERIC_SECRET_KEY_GEN     0x00000350UL
-#define CKM_CONCATENATE_BASE_AND_KEY   0x00000360UL
-#define CKM_CONCATENATE_BASE_AND_DATA  0x00000362UL
-#define CKM_CONCATENATE_DATA_AND_BASE  0x00000363UL
-#define CKM_XOR_BASE_AND_DATA          0x00000364UL
-#define CKM_EXTRACT_KEY_FROM_KEY       0x00000365UL
-#define CKM_SSL3_PRE_MASTER_KEY_GEN    0x00000370UL
-#define CKM_SSL3_MASTER_KEY_DERIVE     0x00000371UL
-#define CKM_SSL3_KEY_AND_MAC_DERIVE    0x00000372UL
-
-#define CKM_SSL3_MASTER_KEY_DERIVE_DH  0x00000373UL
-#define CKM_TLS_PRE_MASTER_KEY_GEN     0x00000374UL
-#define CKM_TLS_MASTER_KEY_DERIVE      0x00000375UL
-#define CKM_TLS_KEY_AND_MAC_DERIVE     0x00000376UL
-#define CKM_TLS_MASTER_KEY_DERIVE_DH   0x00000377UL
-
-#define CKM_TLS_PRF                    0x00000378UL
-
-#define CKM_SSL3_MD5_MAC               0x00000380UL
-#define CKM_SSL3_SHA1_MAC              0x00000381UL
-#define CKM_MD5_KEY_DERIVATION         0x00000390UL
-#define CKM_MD2_KEY_DERIVATION         0x00000391UL
-#define CKM_SHA1_KEY_DERIVATION        0x00000392UL
-
-#define CKM_SHA256_KEY_DERIVATION      0x00000393UL
-#define CKM_SHA384_KEY_DERIVATION      0x00000394UL
-#define CKM_SHA512_KEY_DERIVATION      0x00000395UL
-#define CKM_SHA224_KEY_DERIVATION      0x00000396UL
-
-#define CKM_PBE_MD2_DES_CBC            0x000003A0UL
-#define CKM_PBE_MD5_DES_CBC            0x000003A1UL
-#define CKM_PBE_MD5_CAST_CBC           0x000003A2UL
-#define CKM_PBE_MD5_CAST3_CBC          0x000003A3UL
-#define CKM_PBE_MD5_CAST5_CBC          0x000003A4UL /* Deprecated */
-#define CKM_PBE_MD5_CAST128_CBC        0x000003A4UL
-#define CKM_PBE_SHA1_CAST5_CBC         0x000003A5UL /* Deprecated */
-#define CKM_PBE_SHA1_CAST128_CBC       0x000003A5UL
-#define CKM_PBE_SHA1_RC4_128           0x000003A6UL
-#define CKM_PBE_SHA1_RC4_40            0x000003A7UL
-#define CKM_PBE_SHA1_DES3_EDE_CBC      0x000003A8UL
-#define CKM_PBE_SHA1_DES2_EDE_CBC      0x000003A9UL
-#define CKM_PBE_SHA1_RC2_128_CBC       0x000003AAUL
-#define CKM_PBE_SHA1_RC2_40_CBC        0x000003ABUL
-
-#define CKM_PKCS5_PBKD2                0x000003B0UL
-
-#define CKM_PBA_SHA1_WITH_SHA1_HMAC    0x000003C0UL
-
-#define CKM_WTLS_PRE_MASTER_KEY_GEN         0x000003D0UL
-#define CKM_WTLS_MASTER_KEY_DERIVE          0x000003D1UL
-#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC   0x000003D2UL
-#define CKM_WTLS_PRF                        0x000003D3UL
-#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE  0x000003D4UL
-#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE  0x000003D5UL
-
-#define CKM_TLS10_MAC_SERVER                0x000003D6UL
-#define CKM_TLS10_MAC_CLIENT                0x000003D7UL
-#define CKM_TLS12_MAC                       0x000003D8UL
-#define CKM_TLS12_KDF                       0x000003D9UL
-#define CKM_TLS12_MASTER_KEY_DERIVE         0x000003E0UL
-#define CKM_TLS12_KEY_AND_MAC_DERIVE        0x000003E1UL
-#define CKM_TLS12_MASTER_KEY_DERIVE_DH      0x000003E2UL
-#define CKM_TLS12_KEY_SAFE_DERIVE           0x000003E3UL
-#define CKM_TLS_MAC                         0x000003E4UL
-#define CKM_TLS_KDF                         0x000003E5UL
-
-#define CKM_KEY_WRAP_LYNKS             0x00000400UL
-#define CKM_KEY_WRAP_SET_OAEP          0x00000401UL
-
-#define CKM_CMS_SIG                    0x00000500UL
-#define CKM_KIP_DERIVE                 0x00000510UL
-#define CKM_KIP_WRAP                   0x00000511UL
-#define CKM_KIP_MAC                    0x00000512UL
-
-#define CKM_CAMELLIA_KEY_GEN           0x00000550UL
-#define CKM_CAMELLIA_ECB               0x00000551UL
-#define CKM_CAMELLIA_CBC               0x00000552UL
-#define CKM_CAMELLIA_MAC               0x00000553UL
-#define CKM_CAMELLIA_MAC_GENERAL       0x00000554UL
-#define CKM_CAMELLIA_CBC_PAD           0x00000555UL
-#define CKM_CAMELLIA_ECB_ENCRYPT_DATA  0x00000556UL
-#define CKM_CAMELLIA_CBC_ENCRYPT_DATA  0x00000557UL
-#define CKM_CAMELLIA_CTR               0x00000558UL
-
-#define CKM_ARIA_KEY_GEN               0x00000560UL
-#define CKM_ARIA_ECB                   0x00000561UL
-#define CKM_ARIA_CBC                   0x00000562UL
-#define CKM_ARIA_MAC                   0x00000563UL
-#define CKM_ARIA_MAC_GENERAL           0x00000564UL
-#define CKM_ARIA_CBC_PAD               0x00000565UL
-#define CKM_ARIA_ECB_ENCRYPT_DATA      0x00000566UL
-#define CKM_ARIA_CBC_ENCRYPT_DATA      0x00000567UL
-
-#define CKM_SEED_KEY_GEN               0x00000650UL
-#define CKM_SEED_ECB                   0x00000651UL
-#define CKM_SEED_CBC                   0x00000652UL
-#define CKM_SEED_MAC                   0x00000653UL
-#define CKM_SEED_MAC_GENERAL           0x00000654UL
-#define CKM_SEED_CBC_PAD               0x00000655UL
-#define CKM_SEED_ECB_ENCRYPT_DATA      0x00000656UL
-#define CKM_SEED_CBC_ENCRYPT_DATA      0x00000657UL
-
-#define CKM_SKIPJACK_KEY_GEN           0x00001000UL
-#define CKM_SKIPJACK_ECB64             0x00001001UL
-#define CKM_SKIPJACK_CBC64             0x00001002UL
-#define CKM_SKIPJACK_OFB64             0x00001003UL
-#define CKM_SKIPJACK_CFB64             0x00001004UL
-#define CKM_SKIPJACK_CFB32             0x00001005UL
-#define CKM_SKIPJACK_CFB16             0x00001006UL
-#define CKM_SKIPJACK_CFB8              0x00001007UL
-#define CKM_SKIPJACK_WRAP              0x00001008UL
-#define CKM_SKIPJACK_PRIVATE_WRAP      0x00001009UL
-#define CKM_SKIPJACK_RELAYX            0x0000100aUL
-#define CKM_KEA_KEY_PAIR_GEN           0x00001010UL
-#define CKM_KEA_KEY_DERIVE             0x00001011UL
-#define CKM_KEA_DERIVE                 0x00001012UL
-#define CKM_FORTEZZA_TIMESTAMP         0x00001020UL
-#define CKM_BATON_KEY_GEN              0x00001030UL
-#define CKM_BATON_ECB128               0x00001031UL
-#define CKM_BATON_ECB96                0x00001032UL
-#define CKM_BATON_CBC128               0x00001033UL
-#define CKM_BATON_COUNTER              0x00001034UL
-#define CKM_BATON_SHUFFLE              0x00001035UL
-#define CKM_BATON_WRAP                 0x00001036UL
-
-#define CKM_ECDSA_KEY_PAIR_GEN         0x00001040UL /* Deprecated */
-#define CKM_EC_KEY_PAIR_GEN            0x00001040UL
-
-#define CKM_ECDSA                      0x00001041UL
-#define CKM_ECDSA_SHA1                 0x00001042UL
-#define CKM_ECDSA_SHA224               0x00001043UL
-#define CKM_ECDSA_SHA256               0x00001044UL
-#define CKM_ECDSA_SHA384               0x00001045UL
-#define CKM_ECDSA_SHA512               0x00001046UL
-
-#define CKM_ECDH1_DERIVE               0x00001050UL
-#define CKM_ECDH1_COFACTOR_DERIVE      0x00001051UL
-#define CKM_ECMQV_DERIVE               0x00001052UL
-
-#define CKM_ECDH_AES_KEY_WRAP          0x00001053UL
-#define CKM_RSA_AES_KEY_WRAP           0x00001054UL
-
-#define CKM_JUNIPER_KEY_GEN            0x00001060UL
-#define CKM_JUNIPER_ECB128             0x00001061UL
-#define CKM_JUNIPER_CBC128             0x00001062UL
-#define CKM_JUNIPER_COUNTER            0x00001063UL
-#define CKM_JUNIPER_SHUFFLE            0x00001064UL
-#define CKM_JUNIPER_WRAP               0x00001065UL
-#define CKM_FASTHASH                   0x00001070UL
-
-#define CKM_AES_KEY_GEN                0x00001080UL
-#define CKM_AES_ECB                    0x00001081UL
-#define CKM_AES_CBC                    0x00001082UL
-#define CKM_AES_MAC                    0x00001083UL
-#define CKM_AES_MAC_GENERAL            0x00001084UL
-#define CKM_AES_CBC_PAD                0x00001085UL
-#define CKM_AES_CTR                    0x00001086UL
-#define CKM_AES_GCM                    0x00001087UL
-#define CKM_AES_CCM                    0x00001088UL
-#define CKM_AES_CTS                    0x00001089UL
-#define CKM_AES_CMAC                   0x0000108AUL
-#define CKM_AES_CMAC_GENERAL           0x0000108BUL
-
-#define CKM_AES_XCBC_MAC               0x0000108CUL
-#define CKM_AES_XCBC_MAC_96            0x0000108DUL
-#define CKM_AES_GMAC                   0x0000108EUL
-
-#define CKM_BLOWFISH_KEY_GEN           0x00001090UL
-#define CKM_BLOWFISH_CBC               0x00001091UL
-#define CKM_TWOFISH_KEY_GEN            0x00001092UL
-#define CKM_TWOFISH_CBC                0x00001093UL
-#define CKM_BLOWFISH_CBC_PAD           0x00001094UL
-#define CKM_TWOFISH_CBC_PAD            0x00001095UL
-
-#define CKM_DES_ECB_ENCRYPT_DATA       0x00001100UL
-#define CKM_DES_CBC_ENCRYPT_DATA       0x00001101UL
-#define CKM_DES3_ECB_ENCRYPT_DATA      0x00001102UL
-#define CKM_DES3_CBC_ENCRYPT_DATA      0x00001103UL
-#define CKM_AES_ECB_ENCRYPT_DATA       0x00001104UL
-#define CKM_AES_CBC_ENCRYPT_DATA       0x00001105UL
-
-#define CKM_GOSTR3410_KEY_PAIR_GEN     0x00001200UL
-#define CKM_GOSTR3410                  0x00001201UL
-#define CKM_GOSTR3410_WITH_GOSTR3411   0x00001202UL
-#define CKM_GOSTR3410_KEY_WRAP         0x00001203UL
-#define CKM_GOSTR3410_DERIVE           0x00001204UL
-#define CKM_GOSTR3411                  0x00001210UL
-#define CKM_GOSTR3411_HMAC             0x00001211UL
-#define CKM_GOST28147_KEY_GEN          0x00001220UL
-#define CKM_GOST28147_ECB              0x00001221UL
-#define CKM_GOST28147                  0x00001222UL
-#define CKM_GOST28147_MAC              0x00001223UL
-#define CKM_GOST28147_KEY_WRAP         0x00001224UL
-
-#define CKM_DSA_PARAMETER_GEN          0x00002000UL
-#define CKM_DH_PKCS_PARAMETER_GEN      0x00002001UL
-#define CKM_X9_42_DH_PARAMETER_GEN     0x00002002UL
-#define CKM_DSA_PROBABLISTIC_PARAMETER_GEN    0x00002003UL
-#define CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN    0x00002004UL
-
-#define CKM_AES_OFB                    0x00002104UL
-#define CKM_AES_CFB64                  0x00002105UL
-#define CKM_AES_CFB8                   0x00002106UL
-#define CKM_AES_CFB128                 0x00002107UL
-
-#define CKM_AES_CFB1                   0x00002108UL
-#define CKM_AES_KEY_WRAP               0x00002109UL     /* WAS: 0x00001090 */
-#define CKM_AES_KEY_WRAP_PAD           0x0000210AUL     /* WAS: 0x00001091 */
-
-#define CKM_RSA_PKCS_TPM_1_1           0x00004001UL
-#define CKM_RSA_PKCS_OAEP_TPM_1_1      0x00004002UL
-
-#define CKM_VENDOR_DEFINED             0x80000000UL
-
-typedef CK_MECHANISM_TYPE CK_PTR CK_MECHANISM_TYPE_PTR;
-
-
-/* CK_MECHANISM is a structure that specifies a particular
- * mechanism
- */
-typedef struct CK_MECHANISM {
-  CK_MECHANISM_TYPE mechanism;
-  CK_VOID_PTR       pParameter;
-  CK_ULONG          ulParameterLen;  /* in bytes */
-} CK_MECHANISM;
-
-typedef CK_MECHANISM CK_PTR CK_MECHANISM_PTR;
-
-
-/* CK_MECHANISM_INFO provides information about a particular
- * mechanism
- */
-typedef struct CK_MECHANISM_INFO {
-    CK_ULONG    ulMinKeySize;
-    CK_ULONG    ulMaxKeySize;
-    CK_FLAGS    flags;
-} CK_MECHANISM_INFO;
-
-/* The flags are defined as follows:
- *      Bit Flag               Mask          Meaning */
-#define CKF_HW                 0x00000001UL  /* performed by HW */
-
-/* Specify whether or not a mechanism can be used for a particular task */
-#define CKF_ENCRYPT            0x00000100UL
-#define CKF_DECRYPT            0x00000200UL
-#define CKF_DIGEST             0x00000400UL
-#define CKF_SIGN               0x00000800UL
-#define CKF_SIGN_RECOVER       0x00001000UL
-#define CKF_VERIFY             0x00002000UL
-#define CKF_VERIFY_RECOVER     0x00004000UL
-#define CKF_GENERATE           0x00008000UL
-#define CKF_GENERATE_KEY_PAIR  0x00010000UL
-#define CKF_WRAP               0x00020000UL
-#define CKF_UNWRAP             0x00040000UL
-#define CKF_DERIVE             0x00080000UL
-
-/* Describe a token's EC capabilities not available in mechanism
- * information.
- */
-#define CKF_EC_F_P             0x00100000UL
-#define CKF_EC_F_2M            0x00200000UL
-#define CKF_EC_ECPARAMETERS    0x00400000UL
-#define CKF_EC_NAMEDCURVE      0x00800000UL
-#define CKF_EC_UNCOMPRESS      0x01000000UL
-#define CKF_EC_COMPRESS        0x02000000UL
-
-#define CKF_EXTENSION          0x80000000UL
-
-typedef CK_MECHANISM_INFO CK_PTR CK_MECHANISM_INFO_PTR;
-
-/* CK_RV is a value that identifies the return value of a
- * Cryptoki function
- */
-typedef CK_ULONG          CK_RV;
-
-#define CKR_OK                                0x00000000UL
-#define CKR_CANCEL                            0x00000001UL
-#define CKR_HOST_MEMORY                       0x00000002UL
-#define CKR_SLOT_ID_INVALID                   0x00000003UL
-
-#define CKR_GENERAL_ERROR                     0x00000005UL
-#define CKR_FUNCTION_FAILED                   0x00000006UL
-
-#define CKR_ARGUMENTS_BAD                     0x00000007UL
-#define CKR_NO_EVENT                          0x00000008UL
-#define CKR_NEED_TO_CREATE_THREADS            0x00000009UL
-#define CKR_CANT_LOCK                         0x0000000AUL
-
-#define CKR_ATTRIBUTE_READ_ONLY               0x00000010UL
-#define CKR_ATTRIBUTE_SENSITIVE               0x00000011UL
-#define CKR_ATTRIBUTE_TYPE_INVALID            0x00000012UL
-#define CKR_ATTRIBUTE_VALUE_INVALID           0x00000013UL
-
-#define CKR_ACTION_PROHIBITED                 0x0000001BUL
-
-#define CKR_DATA_INVALID                      0x00000020UL
-#define CKR_DATA_LEN_RANGE                    0x00000021UL
-#define CKR_DEVICE_ERROR                      0x00000030UL
-#define CKR_DEVICE_MEMORY                     0x00000031UL
-#define CKR_DEVICE_REMOVED                    0x00000032UL
-#define CKR_ENCRYPTED_DATA_INVALID            0x00000040UL
-#define CKR_ENCRYPTED_DATA_LEN_RANGE          0x00000041UL
-#define CKR_FUNCTION_CANCELED                 0x00000050UL
-#define CKR_FUNCTION_NOT_PARALLEL             0x00000051UL
-
-#define CKR_FUNCTION_NOT_SUPPORTED            0x00000054UL
-
-#define CKR_KEY_HANDLE_INVALID                0x00000060UL
-
-#define CKR_KEY_SIZE_RANGE                    0x00000062UL
-#define CKR_KEY_TYPE_INCONSISTENT             0x00000063UL
-
-#define CKR_KEY_NOT_NEEDED                    0x00000064UL
-#define CKR_KEY_CHANGED                       0x00000065UL
-#define CKR_KEY_NEEDED                        0x00000066UL
-#define CKR_KEY_INDIGESTIBLE                  0x00000067UL
-#define CKR_KEY_FUNCTION_NOT_PERMITTED        0x00000068UL
-#define CKR_KEY_NOT_WRAPPABLE                 0x00000069UL
-#define CKR_KEY_UNEXTRACTABLE                 0x0000006AUL
-
-#define CKR_MECHANISM_INVALID                 0x00000070UL
-#define CKR_MECHANISM_PARAM_INVALID           0x00000071UL
-
-#define CKR_OBJECT_HANDLE_INVALID             0x00000082UL
-#define CKR_OPERATION_ACTIVE                  0x00000090UL
-#define CKR_OPERATION_NOT_INITIALIZED         0x00000091UL
-#define CKR_PIN_INCORRECT                     0x000000A0UL
-#define CKR_PIN_INVALID                       0x000000A1UL
-#define CKR_PIN_LEN_RANGE                     0x000000A2UL
-
-#define CKR_PIN_EXPIRED                       0x000000A3UL
-#define CKR_PIN_LOCKED                        0x000000A4UL
-
-#define CKR_SESSION_CLOSED                    0x000000B0UL
-#define CKR_SESSION_COUNT                     0x000000B1UL
-#define CKR_SESSION_HANDLE_INVALID            0x000000B3UL
-#define CKR_SESSION_PARALLEL_NOT_SUPPORTED    0x000000B4UL
-#define CKR_SESSION_READ_ONLY                 0x000000B5UL
-#define CKR_SESSION_EXISTS                    0x000000B6UL
-
-#define CKR_SESSION_READ_ONLY_EXISTS          0x000000B7UL
-#define CKR_SESSION_READ_WRITE_SO_EXISTS      0x000000B8UL
-
-#define CKR_SIGNATURE_INVALID                 0x000000C0UL
-#define CKR_SIGNATURE_LEN_RANGE               0x000000C1UL
-#define CKR_TEMPLATE_INCOMPLETE               0x000000D0UL
-#define CKR_TEMPLATE_INCONSISTENT             0x000000D1UL
-#define CKR_TOKEN_NOT_PRESENT                 0x000000E0UL
-#define CKR_TOKEN_NOT_RECOGNIZED              0x000000E1UL
-#define CKR_TOKEN_WRITE_PROTECTED             0x000000E2UL
-#define CKR_UNWRAPPING_KEY_HANDLE_INVALID     0x000000F0UL
-#define CKR_UNWRAPPING_KEY_SIZE_RANGE         0x000000F1UL
-#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT  0x000000F2UL
-#define CKR_USER_ALREADY_LOGGED_IN            0x00000100UL
-#define CKR_USER_NOT_LOGGED_IN                0x00000101UL
-#define CKR_USER_PIN_NOT_INITIALIZED          0x00000102UL
-#define CKR_USER_TYPE_INVALID                 0x00000103UL
-
-#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN    0x00000104UL
-#define CKR_USER_TOO_MANY_TYPES               0x00000105UL
-
-#define CKR_WRAPPED_KEY_INVALID               0x00000110UL
-#define CKR_WRAPPED_KEY_LEN_RANGE             0x00000112UL
-#define CKR_WRAPPING_KEY_HANDLE_INVALID       0x00000113UL
-#define CKR_WRAPPING_KEY_SIZE_RANGE           0x00000114UL
-#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT    0x00000115UL
-#define CKR_RANDOM_SEED_NOT_SUPPORTED         0x00000120UL
-
-#define CKR_RANDOM_NO_RNG                     0x00000121UL
-
-#define CKR_DOMAIN_PARAMS_INVALID             0x00000130UL
-
-#define CKR_CURVE_NOT_SUPPORTED               0x00000140UL
-
-#define CKR_BUFFER_TOO_SMALL                  0x00000150UL
-#define CKR_SAVED_STATE_INVALID               0x00000160UL
-#define CKR_INFORMATION_SENSITIVE             0x00000170UL
-#define CKR_STATE_UNSAVEABLE                  0x00000180UL
-
-#define CKR_CRYPTOKI_NOT_INITIALIZED          0x00000190UL
-#define CKR_CRYPTOKI_ALREADY_INITIALIZED      0x00000191UL
-#define CKR_MUTEX_BAD                         0x000001A0UL
-#define CKR_MUTEX_NOT_LOCKED                  0x000001A1UL
-
-#define CKR_NEW_PIN_MODE                      0x000001B0UL
-#define CKR_NEXT_OTP                          0x000001B1UL
-
-#define CKR_EXCEEDED_MAX_ITERATIONS           0x000001B5UL
-#define CKR_FIPS_SELF_TEST_FAILED             0x000001B6UL
-#define CKR_LIBRARY_LOAD_FAILED               0x000001B7UL
-#define CKR_PIN_TOO_WEAK                      0x000001B8UL
-#define CKR_PUBLIC_KEY_INVALID                0x000001B9UL
-
-#define CKR_FUNCTION_REJECTED                 0x00000200UL
-
-#define CKR_VENDOR_DEFINED                    0x80000000UL
-
-
-/* CK_NOTIFY is an application callback that processes events */
-typedef CK_CALLBACK_FUNCTION(CK_RV, CK_NOTIFY)(
-  CK_SESSION_HANDLE hSession,     /* the session's handle */
-  CK_NOTIFICATION   event,
-  CK_VOID_PTR       pApplication  /* passed to C_OpenSession */
-);
-
-
-/* CK_FUNCTION_LIST is a structure holding a Cryptoki spec
- * version and pointers of appropriate types to all the
- * Cryptoki functions
- */
-typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST;
-
-typedef CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR;
-
-typedef CK_FUNCTION_LIST_PTR CK_PTR CK_FUNCTION_LIST_PTR_PTR;
-
-
-/* CK_CREATEMUTEX is an application callback for creating a
- * mutex object
- */
-typedef CK_CALLBACK_FUNCTION(CK_RV, CK_CREATEMUTEX)(
-  CK_VOID_PTR_PTR ppMutex  /* location to receive ptr to mutex */
-);
-
-
-/* CK_DESTROYMUTEX is an application callback for destroying a
- * mutex object
- */
-typedef CK_CALLBACK_FUNCTION(CK_RV, CK_DESTROYMUTEX)(
-  CK_VOID_PTR pMutex  /* pointer to mutex */
-);
-
-
-/* CK_LOCKMUTEX is an application callback for locking a mutex */
-typedef CK_CALLBACK_FUNCTION(CK_RV, CK_LOCKMUTEX)(
-  CK_VOID_PTR pMutex  /* pointer to mutex */
-);
-
-
-/* CK_UNLOCKMUTEX is an application callback for unlocking a
- * mutex
- */
-typedef CK_CALLBACK_FUNCTION(CK_RV, CK_UNLOCKMUTEX)(
-  CK_VOID_PTR pMutex  /* pointer to mutex */
-);
-
-
-/* CK_C_INITIALIZE_ARGS provides the optional arguments to
- * C_Initialize
- */
-typedef struct CK_C_INITIALIZE_ARGS {
-  CK_CREATEMUTEX CreateMutex;
-  CK_DESTROYMUTEX DestroyMutex;
-  CK_LOCKMUTEX LockMutex;
-  CK_UNLOCKMUTEX UnlockMutex;
-  CK_FLAGS flags;
-  CK_VOID_PTR pReserved;
-} CK_C_INITIALIZE_ARGS;
-
-/* flags: bit flags that provide capabilities of the slot
- *      Bit Flag                           Mask       Meaning
- */
-#define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001UL
-#define CKF_OS_LOCKING_OK                  0x00000002UL
-
-typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR;
-
-
-/* additional flags for parameters to functions */
-
-/* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */
-#define CKF_DONT_BLOCK     1
-
-/* CK_RSA_PKCS_MGF_TYPE  is used to indicate the Message
- * Generation Function (MGF) applied to a message block when
- * formatting a message block for the PKCS #1 OAEP encryption
- * scheme.
- */
-typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE;
-
-typedef CK_RSA_PKCS_MGF_TYPE CK_PTR CK_RSA_PKCS_MGF_TYPE_PTR;
-
-/* The following MGFs are defined */
-#define CKG_MGF1_SHA1         0x00000001UL
-#define CKG_MGF1_SHA256       0x00000002UL
-#define CKG_MGF1_SHA384       0x00000003UL
-#define CKG_MGF1_SHA512       0x00000004UL
-#define CKG_MGF1_SHA224       0x00000005UL
-
-/* CK_RSA_PKCS_OAEP_SOURCE_TYPE  is used to indicate the source
- * of the encoding parameter when formatting a message block
- * for the PKCS #1 OAEP encryption scheme.
- */
-typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE;
-
-typedef CK_RSA_PKCS_OAEP_SOURCE_TYPE CK_PTR CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR;
-
-/* The following encoding parameter sources are defined */
-#define CKZ_DATA_SPECIFIED    0x00000001UL
-
-/* CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the
- * CKM_RSA_PKCS_OAEP mechanism.
- */
-typedef struct CK_RSA_PKCS_OAEP_PARAMS {
-        CK_MECHANISM_TYPE hashAlg;
-        CK_RSA_PKCS_MGF_TYPE mgf;
-        CK_RSA_PKCS_OAEP_SOURCE_TYPE source;
-        CK_VOID_PTR pSourceData;
-        CK_ULONG ulSourceDataLen;
-} CK_RSA_PKCS_OAEP_PARAMS;
-
-typedef CK_RSA_PKCS_OAEP_PARAMS CK_PTR CK_RSA_PKCS_OAEP_PARAMS_PTR;
-
-/* CK_RSA_PKCS_PSS_PARAMS provides the parameters to the
- * CKM_RSA_PKCS_PSS mechanism(s).
- */
-typedef struct CK_RSA_PKCS_PSS_PARAMS {
-        CK_MECHANISM_TYPE    hashAlg;
-        CK_RSA_PKCS_MGF_TYPE mgf;
-        CK_ULONG             sLen;
-} CK_RSA_PKCS_PSS_PARAMS;
-
-typedef CK_RSA_PKCS_PSS_PARAMS CK_PTR CK_RSA_PKCS_PSS_PARAMS_PTR;
-
-typedef CK_ULONG CK_EC_KDF_TYPE;
-
-/* The following EC Key Derivation Functions are defined */
-#define CKD_NULL                 0x00000001UL
-#define CKD_SHA1_KDF             0x00000002UL
-
-/* The following X9.42 DH key derivation functions are defined */
-#define CKD_SHA1_KDF_ASN1        0x00000003UL
-#define CKD_SHA1_KDF_CONCATENATE 0x00000004UL
-#define CKD_SHA224_KDF           0x00000005UL
-#define CKD_SHA256_KDF           0x00000006UL
-#define CKD_SHA384_KDF           0x00000007UL
-#define CKD_SHA512_KDF           0x00000008UL
-#define CKD_CPDIVERSIFY_KDF      0x00000009UL
-
-
-/* CK_ECDH1_DERIVE_PARAMS provides the parameters to the
- * CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE mechanisms,
- * where each party contributes one key pair.
- */
-typedef struct CK_ECDH1_DERIVE_PARAMS {
-  CK_EC_KDF_TYPE kdf;
-  CK_ULONG ulSharedDataLen;
-  CK_BYTE_PTR pSharedData;
-  CK_ULONG ulPublicDataLen;
-  CK_BYTE_PTR pPublicData;
-} CK_ECDH1_DERIVE_PARAMS;
-
-typedef CK_ECDH1_DERIVE_PARAMS CK_PTR CK_ECDH1_DERIVE_PARAMS_PTR;
-
-/*
- * CK_ECDH2_DERIVE_PARAMS provides the parameters to the
- * CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs.
- */
-typedef struct CK_ECDH2_DERIVE_PARAMS {
-  CK_EC_KDF_TYPE kdf;
-  CK_ULONG ulSharedDataLen;
-  CK_BYTE_PTR pSharedData;
-  CK_ULONG ulPublicDataLen;
-  CK_BYTE_PTR pPublicData;
-  CK_ULONG ulPrivateDataLen;
-  CK_OBJECT_HANDLE hPrivateData;
-  CK_ULONG ulPublicDataLen2;
-  CK_BYTE_PTR pPublicData2;
-} CK_ECDH2_DERIVE_PARAMS;
-
-typedef CK_ECDH2_DERIVE_PARAMS CK_PTR CK_ECDH2_DERIVE_PARAMS_PTR;
-
-typedef struct CK_ECMQV_DERIVE_PARAMS {
-  CK_EC_KDF_TYPE kdf;
-  CK_ULONG ulSharedDataLen;
-  CK_BYTE_PTR pSharedData;
-  CK_ULONG ulPublicDataLen;
-  CK_BYTE_PTR pPublicData;
-  CK_ULONG ulPrivateDataLen;
-  CK_OBJECT_HANDLE hPrivateData;
-  CK_ULONG ulPublicDataLen2;
-  CK_BYTE_PTR pPublicData2;
-  CK_OBJECT_HANDLE publicKey;
-} CK_ECMQV_DERIVE_PARAMS;
-
-typedef CK_ECMQV_DERIVE_PARAMS CK_PTR CK_ECMQV_DERIVE_PARAMS_PTR;
-
-/* Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the
- * CKM_X9_42_DH_PARAMETER_GEN mechanisms
- */
-typedef CK_ULONG CK_X9_42_DH_KDF_TYPE;
-typedef CK_X9_42_DH_KDF_TYPE CK_PTR CK_X9_42_DH_KDF_TYPE_PTR;
-
-/* CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the
- * CKM_X9_42_DH_DERIVE key derivation mechanism, where each party
- * contributes one key pair
- */
-typedef struct CK_X9_42_DH1_DERIVE_PARAMS {
-  CK_X9_42_DH_KDF_TYPE kdf;
-  CK_ULONG ulOtherInfoLen;
-  CK_BYTE_PTR pOtherInfo;
-  CK_ULONG ulPublicDataLen;
-  CK_BYTE_PTR pPublicData;
-} CK_X9_42_DH1_DERIVE_PARAMS;
-
-typedef struct CK_X9_42_DH1_DERIVE_PARAMS CK_PTR CK_X9_42_DH1_DERIVE_PARAMS_PTR;
-
-/* CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the
- * CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation
- * mechanisms, where each party contributes two key pairs
- */
-typedef struct CK_X9_42_DH2_DERIVE_PARAMS {
-  CK_X9_42_DH_KDF_TYPE kdf;
-  CK_ULONG ulOtherInfoLen;
-  CK_BYTE_PTR pOtherInfo;
-  CK_ULONG ulPublicDataLen;
-  CK_BYTE_PTR pPublicData;
-  CK_ULONG ulPrivateDataLen;
-  CK_OBJECT_HANDLE hPrivateData;
-  CK_ULONG ulPublicDataLen2;
-  CK_BYTE_PTR pPublicData2;
-} CK_X9_42_DH2_DERIVE_PARAMS;
-
-typedef CK_X9_42_DH2_DERIVE_PARAMS CK_PTR CK_X9_42_DH2_DERIVE_PARAMS_PTR;
-
-typedef struct CK_X9_42_MQV_DERIVE_PARAMS {
-  CK_X9_42_DH_KDF_TYPE kdf;
-  CK_ULONG ulOtherInfoLen;
-  CK_BYTE_PTR pOtherInfo;
-  CK_ULONG ulPublicDataLen;
-  CK_BYTE_PTR pPublicData;
-  CK_ULONG ulPrivateDataLen;
-  CK_OBJECT_HANDLE hPrivateData;
-  CK_ULONG ulPublicDataLen2;
-  CK_BYTE_PTR pPublicData2;
-  CK_OBJECT_HANDLE publicKey;
-} CK_X9_42_MQV_DERIVE_PARAMS;
-
-typedef CK_X9_42_MQV_DERIVE_PARAMS CK_PTR CK_X9_42_MQV_DERIVE_PARAMS_PTR;
-
-/* CK_KEA_DERIVE_PARAMS provides the parameters to the
- * CKM_KEA_DERIVE mechanism
- */
-typedef struct CK_KEA_DERIVE_PARAMS {
-  CK_BBOOL      isSender;
-  CK_ULONG      ulRandomLen;
-  CK_BYTE_PTR   pRandomA;
-  CK_BYTE_PTR   pRandomB;
-  CK_ULONG      ulPublicDataLen;
-  CK_BYTE_PTR   pPublicData;
-} CK_KEA_DERIVE_PARAMS;
-
-typedef CK_KEA_DERIVE_PARAMS CK_PTR CK_KEA_DERIVE_PARAMS_PTR;
-
-
-/* CK_RC2_PARAMS provides the parameters to the CKM_RC2_ECB and
- * CKM_RC2_MAC mechanisms.  An instance of CK_RC2_PARAMS just
- * holds the effective keysize
- */
-typedef CK_ULONG          CK_RC2_PARAMS;
-
-typedef CK_RC2_PARAMS CK_PTR CK_RC2_PARAMS_PTR;
-
-
-/* CK_RC2_CBC_PARAMS provides the parameters to the CKM_RC2_CBC
- * mechanism
- */
-typedef struct CK_RC2_CBC_PARAMS {
-  CK_ULONG      ulEffectiveBits;  /* effective bits (1-1024) */
-  CK_BYTE       iv[8];            /* IV for CBC mode */
-} CK_RC2_CBC_PARAMS;
-
-typedef CK_RC2_CBC_PARAMS CK_PTR CK_RC2_CBC_PARAMS_PTR;
-
-
-/* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the
- * CKM_RC2_MAC_GENERAL mechanism
- */
-typedef struct CK_RC2_MAC_GENERAL_PARAMS {
-  CK_ULONG      ulEffectiveBits;  /* effective bits (1-1024) */
-  CK_ULONG      ulMacLength;      /* Length of MAC in bytes */
-} CK_RC2_MAC_GENERAL_PARAMS;
-
-typedef CK_RC2_MAC_GENERAL_PARAMS CK_PTR \
-  CK_RC2_MAC_GENERAL_PARAMS_PTR;
-
-
-/* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and
- * CKM_RC5_MAC mechanisms
- */
-typedef struct CK_RC5_PARAMS {
-  CK_ULONG      ulWordsize;  /* wordsize in bits */
-  CK_ULONG      ulRounds;    /* number of rounds */
-} CK_RC5_PARAMS;
-
-typedef CK_RC5_PARAMS CK_PTR CK_RC5_PARAMS_PTR;
-
-
-/* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC
- * mechanism
- */
-typedef struct CK_RC5_CBC_PARAMS {
-  CK_ULONG      ulWordsize;  /* wordsize in bits */
-  CK_ULONG      ulRounds;    /* number of rounds */
-  CK_BYTE_PTR   pIv;         /* pointer to IV */
-  CK_ULONG      ulIvLen;     /* length of IV in bytes */
-} CK_RC5_CBC_PARAMS;
-
-typedef CK_RC5_CBC_PARAMS CK_PTR CK_RC5_CBC_PARAMS_PTR;
-
-
-/* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the
- * CKM_RC5_MAC_GENERAL mechanism
- */
-typedef struct CK_RC5_MAC_GENERAL_PARAMS {
-  CK_ULONG      ulWordsize;   /* wordsize in bits */
-  CK_ULONG      ulRounds;     /* number of rounds */
-  CK_ULONG      ulMacLength;  /* Length of MAC in bytes */
-} CK_RC5_MAC_GENERAL_PARAMS;
-
-typedef CK_RC5_MAC_GENERAL_PARAMS CK_PTR \
-  CK_RC5_MAC_GENERAL_PARAMS_PTR;
-
-/* CK_MAC_GENERAL_PARAMS provides the parameters to most block
- * ciphers' MAC_GENERAL mechanisms.  Its value is the length of
- * the MAC
- */
-typedef CK_ULONG          CK_MAC_GENERAL_PARAMS;
-
-typedef CK_MAC_GENERAL_PARAMS CK_PTR CK_MAC_GENERAL_PARAMS_PTR;
-
-typedef struct CK_DES_CBC_ENCRYPT_DATA_PARAMS {
-  CK_BYTE      iv[8];
-  CK_BYTE_PTR  pData;
-  CK_ULONG     length;
-} CK_DES_CBC_ENCRYPT_DATA_PARAMS;
-
-typedef CK_DES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR;
-
-typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS {
-  CK_BYTE      iv[16];
-  CK_BYTE_PTR  pData;
-  CK_ULONG     length;
-} CK_AES_CBC_ENCRYPT_DATA_PARAMS;
-
-typedef CK_AES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR;
-
-/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the
- * CKM_SKIPJACK_PRIVATE_WRAP mechanism
- */
-typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS {
-  CK_ULONG      ulPasswordLen;
-  CK_BYTE_PTR   pPassword;
-  CK_ULONG      ulPublicDataLen;
-  CK_BYTE_PTR   pPublicData;
-  CK_ULONG      ulPAndGLen;
-  CK_ULONG      ulQLen;
-  CK_ULONG      ulRandomLen;
-  CK_BYTE_PTR   pRandomA;
-  CK_BYTE_PTR   pPrimeP;
-  CK_BYTE_PTR   pBaseG;
-  CK_BYTE_PTR   pSubprimeQ;
-} CK_SKIPJACK_PRIVATE_WRAP_PARAMS;
-
-typedef CK_SKIPJACK_PRIVATE_WRAP_PARAMS CK_PTR \
-  CK_SKIPJACK_PRIVATE_WRAP_PARAMS_PTR;
-
-
-/* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the
- * CKM_SKIPJACK_RELAYX mechanism
- */
-typedef struct CK_SKIPJACK_RELAYX_PARAMS {
-  CK_ULONG      ulOldWrappedXLen;
-  CK_BYTE_PTR   pOldWrappedX;
-  CK_ULONG      ulOldPasswordLen;
-  CK_BYTE_PTR   pOldPassword;
-  CK_ULONG      ulOldPublicDataLen;
-  CK_BYTE_PTR   pOldPublicData;
-  CK_ULONG      ulOldRandomLen;
-  CK_BYTE_PTR   pOldRandomA;
-  CK_ULONG      ulNewPasswordLen;
-  CK_BYTE_PTR   pNewPassword;
-  CK_ULONG      ulNewPublicDataLen;
-  CK_BYTE_PTR   pNewPublicData;
-  CK_ULONG      ulNewRandomLen;
-  CK_BYTE_PTR   pNewRandomA;
-} CK_SKIPJACK_RELAYX_PARAMS;
-
-typedef CK_SKIPJACK_RELAYX_PARAMS CK_PTR \
-  CK_SKIPJACK_RELAYX_PARAMS_PTR;
-
-
-typedef struct CK_PBE_PARAMS {
-  CK_BYTE_PTR      pInitVector;
-  CK_UTF8CHAR_PTR  pPassword;
-  CK_ULONG         ulPasswordLen;
-  CK_BYTE_PTR      pSalt;
-  CK_ULONG         ulSaltLen;
-  CK_ULONG         ulIteration;
-} CK_PBE_PARAMS;
-
-typedef CK_PBE_PARAMS CK_PTR CK_PBE_PARAMS_PTR;
-
-
-/* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the
- * CKM_KEY_WRAP_SET_OAEP mechanism
- */
-typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS {
-  CK_BYTE       bBC;     /* block contents byte */
-  CK_BYTE_PTR   pX;      /* extra data */
-  CK_ULONG      ulXLen;  /* length of extra data in bytes */
-} CK_KEY_WRAP_SET_OAEP_PARAMS;
-
-typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR CK_KEY_WRAP_SET_OAEP_PARAMS_PTR;
-
-typedef struct CK_SSL3_RANDOM_DATA {
-  CK_BYTE_PTR  pClientRandom;
-  CK_ULONG     ulClientRandomLen;
-  CK_BYTE_PTR  pServerRandom;
-  CK_ULONG     ulServerRandomLen;
-} CK_SSL3_RANDOM_DATA;
-
-
-typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS {
-  CK_SSL3_RANDOM_DATA RandomInfo;
-  CK_VERSION_PTR pVersion;
-} CK_SSL3_MASTER_KEY_DERIVE_PARAMS;
-
-typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR \
-  CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR;
-
-typedef struct CK_SSL3_KEY_MAT_OUT {
-  CK_OBJECT_HANDLE hClientMacSecret;
-  CK_OBJECT_HANDLE hServerMacSecret;
-  CK_OBJECT_HANDLE hClientKey;
-  CK_OBJECT_HANDLE hServerKey;
-  CK_BYTE_PTR      pIVClient;
-  CK_BYTE_PTR      pIVServer;
-} CK_SSL3_KEY_MAT_OUT;
-
-typedef CK_SSL3_KEY_MAT_OUT CK_PTR CK_SSL3_KEY_MAT_OUT_PTR;
-
-
-typedef struct CK_SSL3_KEY_MAT_PARAMS {
-  CK_ULONG                ulMacSizeInBits;
-  CK_ULONG                ulKeySizeInBits;
-  CK_ULONG                ulIVSizeInBits;
-  CK_BBOOL                bIsExport;
-  CK_SSL3_RANDOM_DATA     RandomInfo;
-  CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
-} CK_SSL3_KEY_MAT_PARAMS;
-
-typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR CK_SSL3_KEY_MAT_PARAMS_PTR;
-
-typedef struct CK_TLS_PRF_PARAMS {
-  CK_BYTE_PTR  pSeed;
-  CK_ULONG     ulSeedLen;
-  CK_BYTE_PTR  pLabel;
-  CK_ULONG     ulLabelLen;
-  CK_BYTE_PTR  pOutput;
-  CK_ULONG_PTR pulOutputLen;
-} CK_TLS_PRF_PARAMS;
-
-typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR;
-
-typedef struct CK_WTLS_RANDOM_DATA {
-  CK_BYTE_PTR pClientRandom;
-  CK_ULONG    ulClientRandomLen;
-  CK_BYTE_PTR pServerRandom;
-  CK_ULONG    ulServerRandomLen;
-} CK_WTLS_RANDOM_DATA;
-
-typedef CK_WTLS_RANDOM_DATA CK_PTR CK_WTLS_RANDOM_DATA_PTR;
-
-typedef struct CK_WTLS_MASTER_KEY_DERIVE_PARAMS {
-  CK_MECHANISM_TYPE   DigestMechanism;
-  CK_WTLS_RANDOM_DATA RandomInfo;
-  CK_BYTE_PTR         pVersion;
-} CK_WTLS_MASTER_KEY_DERIVE_PARAMS;
-
-typedef CK_WTLS_MASTER_KEY_DERIVE_PARAMS CK_PTR \
-  CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR;
-
-typedef struct CK_WTLS_PRF_PARAMS {
-  CK_MECHANISM_TYPE DigestMechanism;
-  CK_BYTE_PTR       pSeed;
-  CK_ULONG          ulSeedLen;
-  CK_BYTE_PTR       pLabel;
-  CK_ULONG          ulLabelLen;
-  CK_BYTE_PTR       pOutput;
-  CK_ULONG_PTR      pulOutputLen;
-} CK_WTLS_PRF_PARAMS;
-
-typedef CK_WTLS_PRF_PARAMS CK_PTR CK_WTLS_PRF_PARAMS_PTR;
-
-typedef struct CK_WTLS_KEY_MAT_OUT {
-  CK_OBJECT_HANDLE hMacSecret;
-  CK_OBJECT_HANDLE hKey;
-  CK_BYTE_PTR      pIV;
-} CK_WTLS_KEY_MAT_OUT;
-
-typedef CK_WTLS_KEY_MAT_OUT CK_PTR CK_WTLS_KEY_MAT_OUT_PTR;
-
-typedef struct CK_WTLS_KEY_MAT_PARAMS {
-  CK_MECHANISM_TYPE       DigestMechanism;
-  CK_ULONG                ulMacSizeInBits;
-  CK_ULONG                ulKeySizeInBits;
-  CK_ULONG                ulIVSizeInBits;
-  CK_ULONG                ulSequenceNumber;
-  CK_BBOOL                bIsExport;
-  CK_WTLS_RANDOM_DATA     RandomInfo;
-  CK_WTLS_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
-} CK_WTLS_KEY_MAT_PARAMS;
-
-typedef CK_WTLS_KEY_MAT_PARAMS CK_PTR CK_WTLS_KEY_MAT_PARAMS_PTR;
-
-typedef struct CK_CMS_SIG_PARAMS {
-  CK_OBJECT_HANDLE      certificateHandle;
-  CK_MECHANISM_PTR      pSigningMechanism;
-  CK_MECHANISM_PTR      pDigestMechanism;
-  CK_UTF8CHAR_PTR       pContentType;
-  CK_BYTE_PTR           pRequestedAttributes;
-  CK_ULONG              ulRequestedAttributesLen;
-  CK_BYTE_PTR           pRequiredAttributes;
-  CK_ULONG              ulRequiredAttributesLen;
-} CK_CMS_SIG_PARAMS;
-
-typedef CK_CMS_SIG_PARAMS CK_PTR CK_CMS_SIG_PARAMS_PTR;
-
-typedef struct CK_KEY_DERIVATION_STRING_DATA {
-  CK_BYTE_PTR pData;
-  CK_ULONG    ulLen;
-} CK_KEY_DERIVATION_STRING_DATA;
-
-typedef CK_KEY_DERIVATION_STRING_DATA CK_PTR \
-  CK_KEY_DERIVATION_STRING_DATA_PTR;
-
-
-/* The CK_EXTRACT_PARAMS is used for the
- * CKM_EXTRACT_KEY_FROM_KEY mechanism.  It specifies which bit
- * of the base key should be used as the first bit of the
- * derived key
- */
-typedef CK_ULONG CK_EXTRACT_PARAMS;
-
-typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR;
-
-/* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to
- * indicate the Pseudo-Random Function (PRF) used to generate
- * key bits using PKCS #5 PBKDF2.
- */
-typedef CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE;
-
-typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR \
-                        CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR;
-
-#define CKP_PKCS5_PBKD2_HMAC_SHA1          0x00000001UL
-#define CKP_PKCS5_PBKD2_HMAC_GOSTR3411     0x00000002UL
-#define CKP_PKCS5_PBKD2_HMAC_SHA224        0x00000003UL
-#define CKP_PKCS5_PBKD2_HMAC_SHA256        0x00000004UL
-#define CKP_PKCS5_PBKD2_HMAC_SHA384        0x00000005UL
-#define CKP_PKCS5_PBKD2_HMAC_SHA512        0x00000006UL
-#define CKP_PKCS5_PBKD2_HMAC_SHA512_224    0x00000007UL
-#define CKP_PKCS5_PBKD2_HMAC_SHA512_256    0x00000008UL
-
-/* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the
- * source of the salt value when deriving a key using PKCS #5
- * PBKDF2.
- */
-typedef CK_ULONG CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE;
-
-typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE CK_PTR \
-                        CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR;
-
-/* The following salt value sources are defined in PKCS #5 v2.0. */
-#define CKZ_SALT_SPECIFIED        0x00000001UL
-
-/* CK_PKCS5_PBKD2_PARAMS is a structure that provides the
- * parameters to the CKM_PKCS5_PBKD2 mechanism.
- */
-typedef struct CK_PKCS5_PBKD2_PARAMS {
-        CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE           saltSource;
-        CK_VOID_PTR                                pSaltSourceData;
-        CK_ULONG                                   ulSaltSourceDataLen;
-        CK_ULONG                                   iterations;
-        CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf;
-        CK_VOID_PTR                                pPrfData;
-        CK_ULONG                                   ulPrfDataLen;
-        CK_UTF8CHAR_PTR                            pPassword;
-        CK_ULONG_PTR                               ulPasswordLen;
-} CK_PKCS5_PBKD2_PARAMS;
-
-typedef CK_PKCS5_PBKD2_PARAMS CK_PTR CK_PKCS5_PBKD2_PARAMS_PTR;
-
-/* CK_PKCS5_PBKD2_PARAMS2 is a corrected version of the CK_PKCS5_PBKD2_PARAMS
- * structure that provides the parameters to the CKM_PKCS5_PBKD2 mechanism
- * noting that the ulPasswordLen field is a CK_ULONG and not a CK_ULONG_PTR.
- */
-typedef struct CK_PKCS5_PBKD2_PARAMS2 {
-        CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource;
-        CK_VOID_PTR pSaltSourceData;
-        CK_ULONG ulSaltSourceDataLen;
-        CK_ULONG iterations;
-        CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf;
-        CK_VOID_PTR pPrfData;
-        CK_ULONG ulPrfDataLen;
-        CK_UTF8CHAR_PTR pPassword;
-        CK_ULONG ulPasswordLen;
-} CK_PKCS5_PBKD2_PARAMS2;
-
-typedef CK_PKCS5_PBKD2_PARAMS2 CK_PTR CK_PKCS5_PBKD2_PARAMS2_PTR;
-
-typedef CK_ULONG CK_OTP_PARAM_TYPE;
-typedef CK_OTP_PARAM_TYPE CK_PARAM_TYPE; /* backward compatibility */
-
-typedef struct CK_OTP_PARAM {
-    CK_OTP_PARAM_TYPE type;
-    CK_VOID_PTR pValue;
-    CK_ULONG ulValueLen;
-} CK_OTP_PARAM;
-
-typedef CK_OTP_PARAM CK_PTR CK_OTP_PARAM_PTR;
-
-typedef struct CK_OTP_PARAMS {
-    CK_OTP_PARAM_PTR pParams;
-    CK_ULONG ulCount;
-} CK_OTP_PARAMS;
-
-typedef CK_OTP_PARAMS CK_PTR CK_OTP_PARAMS_PTR;
-
-typedef struct CK_OTP_SIGNATURE_INFO {
-    CK_OTP_PARAM_PTR pParams;
-    CK_ULONG ulCount;
-} CK_OTP_SIGNATURE_INFO;
-
-typedef CK_OTP_SIGNATURE_INFO CK_PTR CK_OTP_SIGNATURE_INFO_PTR;
-
-#define CK_OTP_VALUE          0UL
-#define CK_OTP_PIN            1UL
-#define CK_OTP_CHALLENGE      2UL
-#define CK_OTP_TIME           3UL
-#define CK_OTP_COUNTER        4UL
-#define CK_OTP_FLAGS          5UL
-#define CK_OTP_OUTPUT_LENGTH  6UL
-#define CK_OTP_OUTPUT_FORMAT  7UL
-
-#define CKF_NEXT_OTP          0x00000001UL
-#define CKF_EXCLUDE_TIME      0x00000002UL
-#define CKF_EXCLUDE_COUNTER   0x00000004UL
-#define CKF_EXCLUDE_CHALLENGE 0x00000008UL
-#define CKF_EXCLUDE_PIN       0x00000010UL
-#define CKF_USER_FRIENDLY_OTP 0x00000020UL
-
-typedef struct CK_KIP_PARAMS {
-    CK_MECHANISM_PTR  pMechanism;
-    CK_OBJECT_HANDLE  hKey;
-    CK_BYTE_PTR       pSeed;
-    CK_ULONG          ulSeedLen;
-} CK_KIP_PARAMS;
-
-typedef CK_KIP_PARAMS CK_PTR CK_KIP_PARAMS_PTR;
-
-typedef struct CK_AES_CTR_PARAMS {
-    CK_ULONG ulCounterBits;
-    CK_BYTE cb[16];
-} CK_AES_CTR_PARAMS;
-
-typedef CK_AES_CTR_PARAMS CK_PTR CK_AES_CTR_PARAMS_PTR;
-
-typedef struct CK_GCM_PARAMS {
-    CK_BYTE_PTR       pIv;
-    CK_ULONG          ulIvLen;
-    CK_ULONG          ulIvBits;
-    CK_BYTE_PTR       pAAD;
-    CK_ULONG          ulAADLen;
-    CK_ULONG          ulTagBits;
-} CK_GCM_PARAMS;
-
-typedef CK_GCM_PARAMS CK_PTR CK_GCM_PARAMS_PTR;
-
-typedef struct CK_CCM_PARAMS {
-    CK_ULONG          ulDataLen;
-    CK_BYTE_PTR       pNonce;
-    CK_ULONG          ulNonceLen;
-    CK_BYTE_PTR       pAAD;
-    CK_ULONG          ulAADLen;
-    CK_ULONG          ulMACLen;
-} CK_CCM_PARAMS;
-
-typedef CK_CCM_PARAMS CK_PTR CK_CCM_PARAMS_PTR;
-
-/* Deprecated. Use CK_GCM_PARAMS */
-typedef struct CK_AES_GCM_PARAMS {
-  CK_BYTE_PTR pIv;
-  CK_ULONG ulIvLen;
-  CK_ULONG ulIvBits;
-  CK_BYTE_PTR pAAD;
-  CK_ULONG ulAADLen;
-  CK_ULONG ulTagBits;
-} CK_AES_GCM_PARAMS;
-
-typedef CK_AES_GCM_PARAMS CK_PTR CK_AES_GCM_PARAMS_PTR;
-
-/* Deprecated. Use CK_CCM_PARAMS */
-typedef struct CK_AES_CCM_PARAMS {
-    CK_ULONG          ulDataLen;
-    CK_BYTE_PTR       pNonce;
-    CK_ULONG          ulNonceLen;
-    CK_BYTE_PTR       pAAD;
-    CK_ULONG          ulAADLen;
-    CK_ULONG          ulMACLen;
-} CK_AES_CCM_PARAMS;
-
-typedef CK_AES_CCM_PARAMS CK_PTR CK_AES_CCM_PARAMS_PTR;
-
-typedef struct CK_CAMELLIA_CTR_PARAMS {
-    CK_ULONG          ulCounterBits;
-    CK_BYTE           cb[16];
-} CK_CAMELLIA_CTR_PARAMS;
-
-typedef CK_CAMELLIA_CTR_PARAMS CK_PTR CK_CAMELLIA_CTR_PARAMS_PTR;
-
-typedef struct CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS {
-    CK_BYTE           iv[16];
-    CK_BYTE_PTR       pData;
-    CK_ULONG          length;
-} CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS;
-
-typedef CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR \
-                                CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS_PTR;
-
-typedef struct CK_ARIA_CBC_ENCRYPT_DATA_PARAMS {
-    CK_BYTE           iv[16];
-    CK_BYTE_PTR       pData;
-    CK_ULONG          length;
-} CK_ARIA_CBC_ENCRYPT_DATA_PARAMS;
-
-typedef CK_ARIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR \
-                                CK_ARIA_CBC_ENCRYPT_DATA_PARAMS_PTR;
-
-typedef struct CK_DSA_PARAMETER_GEN_PARAM {
-    CK_MECHANISM_TYPE  hash;
-    CK_BYTE_PTR        pSeed;
-    CK_ULONG           ulSeedLen;
-    CK_ULONG           ulIndex;
-} CK_DSA_PARAMETER_GEN_PARAM;
-
-typedef CK_DSA_PARAMETER_GEN_PARAM CK_PTR CK_DSA_PARAMETER_GEN_PARAM_PTR;
-
-typedef struct CK_ECDH_AES_KEY_WRAP_PARAMS {
-    CK_ULONG           ulAESKeyBits;
-    CK_EC_KDF_TYPE     kdf;
-    CK_ULONG           ulSharedDataLen;
-    CK_BYTE_PTR        pSharedData;
-} CK_ECDH_AES_KEY_WRAP_PARAMS;
-
-typedef CK_ECDH_AES_KEY_WRAP_PARAMS CK_PTR CK_ECDH_AES_KEY_WRAP_PARAMS_PTR;
-
-typedef CK_ULONG CK_JAVA_MIDP_SECURITY_DOMAIN;
-
-typedef CK_ULONG CK_CERTIFICATE_CATEGORY;
-
-typedef struct CK_RSA_AES_KEY_WRAP_PARAMS {
-    CK_ULONG                      ulAESKeyBits;
-    CK_RSA_PKCS_OAEP_PARAMS_PTR   pOAEPParams;
-} CK_RSA_AES_KEY_WRAP_PARAMS;
-
-typedef CK_RSA_AES_KEY_WRAP_PARAMS CK_PTR CK_RSA_AES_KEY_WRAP_PARAMS_PTR;
-
-typedef struct CK_TLS12_MASTER_KEY_DERIVE_PARAMS {
-    CK_SSL3_RANDOM_DATA       RandomInfo;
-    CK_VERSION_PTR            pVersion;
-    CK_MECHANISM_TYPE         prfHashMechanism;
-} CK_TLS12_MASTER_KEY_DERIVE_PARAMS;
-
-typedef CK_TLS12_MASTER_KEY_DERIVE_PARAMS CK_PTR \
-                                CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR;
-
-typedef struct CK_TLS12_KEY_MAT_PARAMS {
-    CK_ULONG                  ulMacSizeInBits;
-    CK_ULONG                  ulKeySizeInBits;
-    CK_ULONG                  ulIVSizeInBits;
-    CK_BBOOL                  bIsExport;
-    CK_SSL3_RANDOM_DATA       RandomInfo;
-    CK_SSL3_KEY_MAT_OUT_PTR   pReturnedKeyMaterial;
-    CK_MECHANISM_TYPE         prfHashMechanism;
-} CK_TLS12_KEY_MAT_PARAMS;
-
-typedef CK_TLS12_KEY_MAT_PARAMS CK_PTR CK_TLS12_KEY_MAT_PARAMS_PTR;
-
-typedef struct CK_TLS_KDF_PARAMS {
-    CK_MECHANISM_TYPE         prfMechanism;
-    CK_BYTE_PTR               pLabel;
-    CK_ULONG                  ulLabelLength;
-    CK_SSL3_RANDOM_DATA       RandomInfo;
-    CK_BYTE_PTR               pContextData;
-    CK_ULONG                  ulContextDataLength;
-} CK_TLS_KDF_PARAMS;
-
-typedef CK_TLS_KDF_PARAMS CK_PTR CK_TLS_KDF_PARAMS_PTR;
-
-typedef struct CK_TLS_MAC_PARAMS {
-    CK_MECHANISM_TYPE         prfHashMechanism;
-    CK_ULONG                  ulMacLength;
-    CK_ULONG                  ulServerOrClient;
-} CK_TLS_MAC_PARAMS;
-
-typedef CK_TLS_MAC_PARAMS CK_PTR CK_TLS_MAC_PARAMS_PTR;
-
-typedef struct CK_GOSTR3410_DERIVE_PARAMS {
-    CK_EC_KDF_TYPE            kdf;
-    CK_BYTE_PTR               pPublicData;
-    CK_ULONG                  ulPublicDataLen;
-    CK_BYTE_PTR               pUKM;
-    CK_ULONG                  ulUKMLen;
-} CK_GOSTR3410_DERIVE_PARAMS;
-
-typedef CK_GOSTR3410_DERIVE_PARAMS CK_PTR CK_GOSTR3410_DERIVE_PARAMS_PTR;
-
-typedef struct CK_GOSTR3410_KEY_WRAP_PARAMS {
-    CK_BYTE_PTR               pWrapOID;
-    CK_ULONG                  ulWrapOIDLen;
-    CK_BYTE_PTR               pUKM;
-    CK_ULONG                  ulUKMLen;
-    CK_OBJECT_HANDLE          hKey;
-} CK_GOSTR3410_KEY_WRAP_PARAMS;
-
-typedef CK_GOSTR3410_KEY_WRAP_PARAMS CK_PTR CK_GOSTR3410_KEY_WRAP_PARAMS_PTR;
-
-typedef struct CK_SEED_CBC_ENCRYPT_DATA_PARAMS {
-    CK_BYTE                   iv[16];
-    CK_BYTE_PTR               pData;
-    CK_ULONG                  length;
-} CK_SEED_CBC_ENCRYPT_DATA_PARAMS;
-
-typedef CK_SEED_CBC_ENCRYPT_DATA_PARAMS CK_PTR \
-                                        CK_SEED_CBC_ENCRYPT_DATA_PARAMS_PTR;
-
-#endif /* _PKCS11T_H_ */
-
diff --git a/hpcs-pkcs11/samples/sample.h b/hpcs-pkcs11/samples/sample.h
deleted file mode 100644
index 9387da42c..000000000
--- a/hpcs-pkcs11/samples/sample.h
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-Copyright IBM Corp. All Rights Reserved.
-
-SPDX-License-Identifier: Apache-2.0
-*/
-
-#ifndef _SAMPLE_H_
-#define _SAMPLE_H_ 1
-
-#define CK_PTR *
-#define CK_DEFINE_FUNCTION(returnType, name) returnType name
-#define CK_DECLARE_FUNCTION(returnType, name) returnType name
-#define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType (* name)
-#define CK_CALLBACK_FUNCTION(returnType, name) returnType (* name)
-
-#include <unistd.h>
-#include <stdint.h>
-
-#include "pkcs11.h"
-#include "ep11.h"
-#include "grep11.h"
-
-#endif
\ No newline at end of file

From 907ffb229c4979e856985a955c9d9372c211c87c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jo=C3=A3o=20Henrique?=
 <42558165+JoaoHenrique12@users.noreply.github.com>
Date: Mon, 6 Oct 2025 21:06:50 -0300
Subject: [PATCH 08/21] feat: update pkcs11 client and add slh-dsa signature
 (#3)

* feat: update slh-dsa pkcs11 params, use different numbers

* docs: add links about oid ed25519

* refactor: replace ec to slh on generateSLH

* chore(logs): added to C_GenerateKeyPair flow structure

found where problems in key generation is: EC_PARAMS must be duplicated to SLH_PARAMS
PKCS11 constant is raising error on P11Object::saveTemplate

* feat(pkcs11): update input params for public key to SLH_DSA_PARAMS

* feat: duplication ECParameters to SLHParameters

* feat: update SLH(Public|Priavte)Key, remove EC and use der for attribs

* feat: update OSSLSLH(Public|Priavte)Key classes

* feat: update softhsm2-util-ossl.(cpp|h)

* feat: update P11Attributes.(cpp|h) + P11Objects.cpp

* feat: make changes on OSSLSLHDSA and SoftHSM to store keys

add logs either

* fix: getOrderLength and setDer(Public|Private)Key

setup name when setDer(Public|Private)Key to get the signature length on OSSLSLH(Private|Public
)Key.cpp

* fix: getOrderLength for private and public key not multiply by 2

* fix: OSSLSLHPublicKey, remove ED key len variables

* fix: OSSLSLHPublicKey use inPKEY instead pkey

* fix: pkcs11-slhdsa.c signature size to 7856

* fix: OSSLSLHPublicKey verification of pkey

* chore: add some debug logs on OSSLSLHDSA and SoftHSM files

* test: add pkcs11-slhdsa.c test cases for all signatures with slh-dsa

add as well data.txt

* fix: file OSSLSLHDSA.cpp get back macro with_slhdsa

replace printf and use ERROR_MSG

* chore: dockerfile enable eddsa either

* fix: remove macro slh-dsa for nid functions

* fix: update m4 files to disable slh-dsa for older versions of OSSL

disable SLH-DSA for Botan either

* fix: warning of unused variable

get slhdsaMin/Maxsize oly if slh-dsa is enabled
---
 Dockerfile                           |   2 +-
 data.txt                             |   1 +
 hpcs-pkcs11/samples/pkcs11-slhdsa.c  |  55 ++++--
 m4/acx_crypto_backend.m4             |   7 +-
 m4/acx_openssl_slhdsa.m4             |   4 +-
 src/bin/util/softhsm2-util-ossl.cpp  | 192 +++++++++------------
 src/bin/util/softhsm2-util-ossl.h    |  25 ++-
 src/lib/P11Attributes.cpp            |  11 ++
 src/lib/P11Attributes.h              |  15 ++
 src/lib/P11Objects.cpp               |  33 ++--
 src/lib/SoftHSM.cpp                  | 129 +++++++++++----
 src/lib/crypto/CMakeLists.txt        |   1 +
 src/lib/crypto/Makefile.am           |   1 +
 src/lib/crypto/OSSLSLHDSA.cpp        |  31 +++-
 src/lib/crypto/OSSLSLHPrivateKey.cpp | 239 ++++++++++-----------------
 src/lib/crypto/OSSLSLHPrivateKey.h   |   7 +-
 src/lib/crypto/OSSLSLHPublicKey.cpp  | 217 +++++++-----------------
 src/lib/crypto/OSSLSLHPublicKey.h    |   5 +-
 src/lib/crypto/OSSLUtil.cpp          |   2 +-
 src/lib/crypto/OSSLUtil.h            |   2 +-
 src/lib/crypto/SLHParameters.cpp     |  74 +++++++++
 src/lib/crypto/SLHParameters.h       |  61 +++++++
 src/lib/crypto/SLHPrivateKey.cpp     |  39 ++---
 src/lib/crypto/SLHPrivateKey.h       |  21 +--
 src/lib/crypto/SLHPublicKey.cpp      |  38 ++---
 src/lib/crypto/SLHPublicKey.h        |  13 +-
 src/lib/pkcs11/pkcs11.h              |   8 +-
 27 files changed, 630 insertions(+), 603 deletions(-)
 create mode 100644 data.txt
 create mode 100644 src/lib/crypto/SLHParameters.cpp
 create mode 100644 src/lib/crypto/SLHParameters.h

diff --git a/Dockerfile b/Dockerfile
index a2a4e85ac..6a1fd3e71 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -55,7 +55,7 @@ COPY . /app
 
 RUN sh autogen.sh
 
-RUN ./configure --with-objectstore-backend-db --disable-gost --disable-eddsa --enable-slhdsa --with-crypto-backend=openssl
+RUN ./configure --with-objectstore-backend-db --disable-gost --enable-eddsa --enable-slhdsa --with-crypto-backend=openssl
 
 RUN make
 
diff --git a/data.txt b/data.txt
new file mode 100644
index 000000000..131c17aeb
--- /dev/null
+++ b/data.txt
@@ -0,0 +1 @@
+msg
diff --git a/hpcs-pkcs11/samples/pkcs11-slhdsa.c b/hpcs-pkcs11/samples/pkcs11-slhdsa.c
index 01a533fdf..cfcae5f62 100644
--- a/hpcs-pkcs11/samples/pkcs11-slhdsa.c
+++ b/hpcs-pkcs11/samples/pkcs11-slhdsa.c
@@ -23,9 +23,14 @@
 #include <sys/timeb.h>
 #include "sample.h"
 
-#define CKK_EC_EDWARDS		(0x40UL)
-#define CKM_EC_EDWARDS_KEY_PAIR_GEN	(0x1055UL)
-#define CKM_EDDSA			(0x1057UL)
+// eddsa
+/* #define CKM_KEY_PAIR_GEN	(0x1055UL) */
+/* #define CKM_SIGN			(0x1057UL) */
+
+// New definitions, slh-dsa
+#define CKM_KEY_PAIR_GEN	(0x80010003UL)
+#define CKM_SIGN			(0x80010006UL)
+#define CKA_PARAMS (0x80000030UL)
 
 CK_FUNCTION_LIST  *funcs;
 CK_BYTE           tokenNameBuf[32];
@@ -190,13 +195,28 @@ int main( int argc, char **argv )
     return !CKR_OK;
   }
 
-  // Use Ed25519 key to sign & verify
-  printf("Generating Ed25519 key pair... \n");
+  // Use SLH-DSA-SHA2-128s key to sign & verify
+  printf("Generating SLH-DSA key pair... \n");
   
-  CK_KEY_TYPE keyType = CKK_EC_EDWARDS;
   CK_OBJECT_CLASS keyClass = CKO_PRIVATE_KEY;
-  /* DER OID for id-Ed25519 (1.3.101.112) */
-  CK_BYTE ED25519_EC_PARAMS[] = { 0x06, 0x03, 0x2B, 0x65, 0x70 };
+
+  CK_BYTE SLH_DSA_PARAMS[] = "SLH-DSA-SHA2-128s";
+  /* CK_BYTE SLH_DSA_PARAMS[] = "SLH-DSA-SHAKE-128s"; */
+  //--------------------
+  /* CK_BYTE SLH_DSA_PARAMS[] = "SLH-DSA-SHA2-128f"; */
+  /* CK_BYTE SLH_DSA_PARAMS[] = "SLH-DSA-SHAKE-128f"; */
+  //--------------------------------------------------
+  /* CK_BYTE SLH_DSA_PARAMS[] = "SLH-DSA-SHA2-192s"; */
+  /* CK_BYTE SLH_DSA_PARAMS[] = "SLH-DSA-SHAKE-192s"; */
+  //--------------------
+  /* CK_BYTE SLH_DSA_PARAMS[] = "SLH-DSA-SHA2-192f"; */
+  /* CK_BYTE SLH_DSA_PARAMS[] = "SLH-DSA-SHAKE-192f"; */
+  //--------------------------------------------------
+  /* CK_BYTE SLH_DSA_PARAMS[] = "SLH-DSA-SHA2-256s"; */
+  /* CK_BYTE SLH_DSA_PARAMS[] = "SLH-DSA-SHAKE-256s"; */
+  //--------------------
+  /* CK_BYTE SLH_DSA_PARAMS[] = "SLH-DSA-SHA2-256f"; */
+  /* CK_BYTE SLH_DSA_PARAMS[] = "SLH-DSA-SHAKE-256f"; */
   
 /* Public key template */
 CK_ATTRIBUTE pub_tmpl[] = {
@@ -204,8 +224,8 @@ CK_ATTRIBUTE pub_tmpl[] = {
     { CKA_VERIFY,    &isTrue,  sizeof(isTrue) },
     { CKA_LABEL,     keyLabel, (CK_ULONG)strlen((char*)keyLabel) },
     { CKA_ID,        id,       (CK_ULONG)sizeof(id) },
-    { CKA_EC_PARAMS, (CK_VOID_PTR)ED25519_EC_PARAMS,
-                     (CK_ULONG)sizeof(ED25519_EC_PARAMS) }
+    { CKA_PARAMS, (CK_VOID_PTR)SLH_DSA_PARAMS,
+                     (CK_ULONG)sizeof(SLH_DSA_PARAMS) }
 };
 
 /* Private key template */
@@ -216,7 +236,7 @@ CK_ATTRIBUTE priv_tmpl[] = {
     { CKA_ID,      id,       (CK_ULONG)sizeof(id) }
 };
   
-  mech.mechanism      = CKM_EC_EDWARDS_KEY_PAIR_GEN;
+  mech.mechanism      = CKM_KEY_PAIR_GEN;
   mech.ulParameterLen = 0;
   mech.pParameter     = NULL;
 
@@ -255,11 +275,16 @@ CK_ATTRIBUTE priv_tmpl[] = {
   fclose(fp);
   
   CK_ULONG dataToBeSignedLen = file_size;
-  CK_BYTE signature[1024];
+  CK_BYTE signature[7856];
+  /* CK_BYTE signature[17088]; */
+  /* CK_BYTE signature[16224]; */
+  /* CK_BYTE signature[35664]; */
+  /* CK_BYTE signature[29792]; */
+  /* CK_BYTE signature[49856]; */
   CK_ULONG signatureLen = sizeof(signature);
 
-  printf("Signing the data from %s with Ed25519 private key... \n", file_to_sign);
-  mech.mechanism      = CKM_EDDSA;
+  printf("Signing the data from %s with SLH-DSA-SHA2-128s private key... \n", file_to_sign);
+  mech.mechanism      = CKM_SIGN;
   mech.ulParameterLen = 0;
   mech.pParameter     = NULL;
 
@@ -281,7 +306,7 @@ CK_ATTRIBUTE priv_tmpl[] = {
   
   DUMP_HEXA(signature, signatureLen);
 
-  printf("Verifying the data with Ed25519 public key... \n");
+  printf("Verifying the data with SLH-DSA-SHA2-128s public key... \n");
   rc = funcs->C_VerifyInit(session, &mech, publicKey);
   if (rc != CKR_OK) {
     printf("error C_VerifyInit: rc=0x%04lx\n", rc );
diff --git a/m4/acx_crypto_backend.m4 b/m4/acx_crypto_backend.m4
index 0a5e42279..1a31cf33d 100644
--- a/m4/acx_crypto_backend.m4
+++ b/m4/acx_crypto_backend.m4
@@ -35,7 +35,7 @@ AC_DEFUN([ACX_CRYPTO_BACKEND],[
 			[Enable support for SLHDSA (default detect, OpenSSL only)]
 		),
 		[enable_slhdsa="${enableval}"],
-		[enable_slhdsa="detect"]
+		[enable_slhdsa="no"]
 	)
 
 	# Second check for the FIPS 140-2 mode
@@ -196,6 +196,11 @@ AC_DEFUN([ACX_CRYPTO_BACKEND],[
 			AC_MSG_ERROR([Botan does not support FIPS 140-2 mode])
 		fi
 
+		if test "x${enable_slhdsa}" = "xyes"; then
+    		AC_MSG_WARN([SLHDSA is not supported with Botan. Disabling.])
+    		enable_slhdsa="no"
+		fi
+
 		ACX_BOTAN_RFC5649
 		ACX_BOTAN_RAWPSS
 
diff --git a/m4/acx_openssl_slhdsa.m4 b/m4/acx_openssl_slhdsa.m4
index 2ed62797c..70d8481cb 100644
--- a/m4/acx_openssl_slhdsa.m4
+++ b/m4/acx_openssl_slhdsa.m4
@@ -17,9 +17,7 @@ AC_DEFUN([ACX_OPENSSL_SLHDSA],[
 				int main()
 				{
 					EVP_PKEY_CTX *ctx;
-
-					/* Replace NID_SLHDSA with the actual NID your patched OpenSSL/liboqs uses */
-					ctx = EVP_PKEY_CTX_new_id(NID_ED25519, NULL);
+    			ctx = EVP_PKEY_CTX_new_from_name(NULL, "SLH-DSA-SHA2-128f", NULL);
 					if (ctx == NULL)
 						return 1;
 					return 0;
diff --git a/src/bin/util/softhsm2-util-ossl.cpp b/src/bin/util/softhsm2-util-ossl.cpp
index 6494758ca..e42f7c020 100644
--- a/src/bin/util/softhsm2-util-ossl.cpp
+++ b/src/bin/util/softhsm2-util-ossl.cpp
@@ -156,6 +156,19 @@ int crypto_import_key_pair
 	EVP_PKEY* slhdsa = NULL;
 #endif
 
+
+	int result = 0;
+#ifdef WITH_SLHDSA
+	const char *name = EVP_PKEY_get0_type_name(pkey);
+	if (strncmp(name, "SLH-DSA", 7) == 0) {
+		EVP_PKEY_up_ref(pkey);
+		slhdsa = pkey;
+		result = crypto_save_slhdsa(hSession, label, objID, objIDLen, noPublicKey, slhdsa);
+		EVP_PKEY_free(slhdsa);
+		return result;
+	}
+#endif
+
 	switch (EVP_PKEY_type(EVP_PKEY_id(pkey)))
 	{
 		case EVP_PKEY_RSA:
@@ -177,15 +190,6 @@ int crypto_import_key_pair
 			EVP_PKEY_up_ref(pkey);
 			eddsa = pkey;
 			break;
-#endif
-#ifdef WITH_SLHDSA
-		case NID_X25519:
-		case NID_ED25519:
-		case NID_X448:
-		case NID_ED448:
-			EVP_PKEY_up_ref(pkey);
-			slhdsa = pkey;
-			break;
 #endif
 		default:
 			fprintf(stderr, "ERROR: Cannot handle this algorithm.\n");
@@ -195,8 +199,6 @@ int crypto_import_key_pair
 	}
 	EVP_PKEY_free(pkey);
 
-	int result = 0;
-
 	if (rsa)
 	{
 		result = crypto_save_rsa(hSession, label, objID, objIDLen, noPublicKey, rsa);
@@ -220,13 +222,6 @@ int crypto_import_key_pair
 		result = crypto_save_eddsa(hSession, label, objID, objIDLen, noPublicKey, eddsa);
 		EVP_PKEY_free(eddsa);
 	}
-#endif
-#ifdef WITH_SLHDSA
-	else if (slhdsa)
-	{
-		result = crypto_save_slhdsa(hSession, label, objID, objIDLen, noPublicKey, slhdsa);
-		EVP_PKEY_free(slhdsa);
-	}
 #endif
 	else
 	{
@@ -1194,8 +1189,7 @@ int crypto_save_slhdsa
 		{ CKA_VERIFY,         &ckTrue,           sizeof(ckTrue) },
 		{ CKA_ENCRYPT,        &ckFalse,          sizeof(ckFalse) },
 		{ CKA_WRAP,           &ckFalse,          sizeof(ckFalse) },
-		{ CKA_SLHDSA_PARAMS,      keyMat->derOID,    keyMat->sizeOID },
-		{ CKA_EC_POINT,       keyMat->bigA,      keyMat->sizeA },
+		{ CKA_SLHDSA_PARAMS,  keyMat->derPublicKey,    keyMat->sizePublicKey },
 	};
 	CK_ATTRIBUTE privTemplate[] = {
 		{ CKA_CLASS,          &privClass,        sizeof(privClass) },
@@ -1209,12 +1203,11 @@ int crypto_save_slhdsa
 		{ CKA_TOKEN,          &ckTrue,           sizeof(ckTrue) },
 		{ CKA_PRIVATE,        &ckTrue,           sizeof(ckTrue) },
 		{ CKA_EXTRACTABLE,    &ckFalse,          sizeof(ckFalse) },
-		{ CKA_EC_PARAMS,      keyMat->derOID,    keyMat->sizeOID },
-		{ CKA_VALUE,          keyMat->bigK,      keyMat->sizeK }
+		{ CKA_SLHDSA_PARAMS,  keyMat->derPrivateKey,    keyMat->sizePrivateKey },
 	};
 
 	CK_OBJECT_HANDLE hKey1, hKey2;
-	CK_RV rv = p11->C_CreateObject(hSession, privTemplate, 13, &hKey1);
+	CK_RV rv = p11->C_CreateObject(hSession, privTemplate, 12, &hKey1);
 	if (rv != CKR_OK)
 	{
 		fprintf(stderr, "ERROR: Could not save the private key in the token. "
@@ -1223,7 +1216,7 @@ int crypto_save_slhdsa
 		return 1;
 	}
 
-	rv = p11->C_CreateObject(hSession, pubTemplate, 10, &hKey2);
+	rv = p11->C_CreateObject(hSession, pubTemplate, 9, &hKey2);
 	crypto_free_slhdsa(keyMat);
 
 	if (rv != CKR_OK)
@@ -1240,103 +1233,74 @@ int crypto_save_slhdsa
 
 // Convert the OpenSSL key to binary
 
-#define X25519_KEYLEN	32
-#define X448_KEYLEN	56
-#define ED448_KEYLEN	57
-
-#define PUBPREFIXLEN	12
-#define PRIVPREFIXLEN	16
-
 slhdsa_key_material_t* crypto_malloc_slhdsa(EVP_PKEY* pkey)
 {
-	int result;
-	int len;
-	unsigned char *buf;
-
-	if (pkey == NULL)
-	{
-		return NULL;
-	}
-
-	slhdsa_key_material_t* keyMat = (slhdsa_key_material_t*)calloc(1, sizeof(slhdsa_key_material_t));
-	if (keyMat == NULL)
-	{
-		return NULL;
-	}
-
-	int nid = EVP_PKEY_id(pkey);
-	keyMat->sizeOID = i2d_ASN1_OBJECT(OBJ_nid2obj(nid), NULL);
-	keyMat->derOID = (CK_VOID_PTR)malloc(keyMat->sizeOID);
-
-	switch (nid) {
-	case NID_X25519:
-	case NID_ED25519:
-		keyMat->sizeK = X25519_KEYLEN;
-		keyMat->sizeA = X25519_KEYLEN;
-		break;
-	case NID_X448:
-		keyMat->sizeK = X448_KEYLEN;
-		keyMat->sizeA = X448_KEYLEN;
-		break;
-	case NID_ED448:
-		keyMat->sizeK = ED448_KEYLEN;
-		keyMat->sizeA = ED448_KEYLEN;
-		break;
-	default:
-		crypto_free_slhdsa(keyMat);
-		return NULL;
-	}
-	keyMat->bigK = (CK_VOID_PTR)malloc(keyMat->sizeK);
-	keyMat->bigA = (CK_VOID_PTR)malloc(keyMat->sizeA);
-	if (!keyMat->derOID || !keyMat->bigK || !keyMat->bigA)
-	{
-		crypto_free_slhdsa(keyMat);
-		return NULL;
-	}
-
-	unsigned char *p = (unsigned char*) keyMat->derOID;
-	result = i2d_ASN1_OBJECT(OBJ_nid2obj(nid), &p);
-	if (result <= 0)
-	{
-		crypto_free_slhdsa(keyMat);
-		return NULL;
-	}
-
-	len = i2d_PUBKEY(pkey, NULL);
-	if (((CK_ULONG) len != PUBPREFIXLEN + keyMat->sizeA) ||
-	    ((buf = (unsigned char*) malloc(len)) == NULL))
-	{
-		crypto_free_slhdsa(keyMat);
-		return NULL;
-	}
-	p = buf;
-	i2d_PUBKEY(pkey, &p);
-	memcpy(keyMat->bigA, buf + PUBPREFIXLEN, keyMat->sizeA);
-	free(buf);
-
-	len = i2d_PrivateKey(pkey, NULL);
-	if (((CK_ULONG) len != PRIVPREFIXLEN + keyMat->sizeK) ||
-	    ((buf = (unsigned char*) malloc(len)) == NULL))
-	{
-		crypto_free_slhdsa(keyMat);
-		return NULL;
-	}
-	p = buf;
-	i2d_PrivateKey(pkey, &p);
-	memcpy(keyMat->bigK, buf + PRIVPREFIXLEN, keyMat->sizeK);
-	free(buf);
-
-	return keyMat;
+    if (pkey == NULL)
+        return NULL;
+
+    slhdsa_key_material_t* keyMat = (slhdsa_key_material_t*)calloc(1, sizeof(slhdsa_key_material_t));
+    if (keyMat == NULL)
+        return NULL;
+
+    unsigned char* buf = NULL;
+    int len = 0;
+
+    // DER encode public key
+    len = i2d_PUBKEY(pkey, NULL);
+    if (len <= 0) {
+        crypto_free_slhdsa(keyMat);
+        return NULL;
+    }
+    buf = (unsigned char*)OPENSSL_malloc(len);
+    if (!buf) {
+        crypto_free_slhdsa(keyMat);
+        return NULL;
+    }
+    unsigned char* p = buf;
+    if (i2d_PUBKEY(pkey, &p) <= 0) {
+        OPENSSL_free(buf);
+        crypto_free_slhdsa(keyMat);
+        return NULL;
+    }
+    keyMat->sizePublicKey = (unsigned long)len;
+    keyMat->derPublicKey = buf;
+
+    // DER encode private key
+    len = i2d_PrivateKey(pkey, NULL);
+    if (len <= 0) {
+        crypto_free_slhdsa(keyMat);
+        return NULL;
+    }
+    buf = (unsigned char*)OPENSSL_malloc(len);
+    if (!buf) {
+        crypto_free_slhdsa(keyMat);
+        return NULL;
+    }
+    p = buf;
+    if (i2d_PrivateKey(pkey, &p) <= 0) {
+        OPENSSL_free(buf);
+        crypto_free_slhdsa(keyMat);
+        return NULL;
+    }
+    keyMat->sizePrivateKey = (unsigned long)len;
+    keyMat->derPrivateKey = buf;
+
+    return keyMat;
 }
 
 // Free the memory of the key
 void crypto_free_slhdsa(slhdsa_key_material_t* keyMat)
 {
-	if (keyMat == NULL) return;
-	if (keyMat->derOID) free(keyMat->derOID);
-	if (keyMat->bigK) free(keyMat->bigK);
-	if (keyMat->bigA) free(keyMat->bigA);
-	free(keyMat);
+    if (keyMat == NULL)
+        return;
+
+    if (keyMat->derPrivateKey)
+        OPENSSL_free(keyMat->derPrivateKey);
+
+    if (keyMat->derPublicKey)
+        OPENSSL_free(keyMat->derPublicKey);
+
+    free(keyMat);
 }
 
 #endif
diff --git a/src/bin/util/softhsm2-util-ossl.h b/src/bin/util/softhsm2-util-ossl.h
index 6b49b04ce..59c96575c 100644
--- a/src/bin/util/softhsm2-util-ossl.h
+++ b/src/bin/util/softhsm2-util-ossl.h
@@ -144,20 +144,17 @@ typedef struct eddsa_key_material_t {
 
 #ifdef WITH_SLHDSA
 typedef struct slhdsa_key_material_t {
-	CK_ULONG sizeOID;
-	CK_ULONG sizeK;
-	CK_ULONG sizeA;
-	CK_VOID_PTR derOID;
-	CK_VOID_PTR bigK;
-	CK_VOID_PTR bigA;
-	slhdsa_key_material_t() {
-		sizeOID = 0;
-		sizeK = 0;
-		sizeA = 0;
-		derOID = NULL_PTR;
-		bigK = NULL_PTR;
-		bigA = NULL_PTR;
-	}
+    CK_ULONG sizePrivateKey;
+    CK_ULONG sizePublicKey;
+    CK_VOID_PTR derPrivateKey;
+    CK_VOID_PTR derPublicKey;
+
+    slhdsa_key_material_t() {
+        sizePrivateKey = 0;
+        sizePublicKey = 0;
+        derPrivateKey = NULL_PTR;
+        derPublicKey = NULL_PTR;
+    }
 } slhdsa_key_material_t;
 #endif
 
diff --git a/src/lib/P11Attributes.cpp b/src/lib/P11Attributes.cpp
index fc9ab0041..f120bc816 100644
--- a/src/lib/P11Attributes.cpp
+++ b/src/lib/P11Attributes.cpp
@@ -2227,6 +2227,17 @@ bool P11AttrEcPoint::setDefault()
 	return osobject->setAttribute(type, attr);
 }
 
+/*****************************************
+ * CKA_SLHDSA_PARAMS
+ *****************************************/
+
+// Set default value
+bool P11AttrSLHDSAParams::setDefault()
+{
+	OSAttribute attr(ByteString(""));
+	return osobject->setAttribute(type, attr);
+}
+
 /*****************************************
  * CKA_GOSTR3410_PARAMS
  *****************************************/
diff --git a/src/lib/P11Attributes.h b/src/lib/P11Attributes.h
index 6fd31f8d0..566ebe19c 100644
--- a/src/lib/P11Attributes.h
+++ b/src/lib/P11Attributes.h
@@ -1144,6 +1144,21 @@ class P11AttrEcPoint : public P11Attribute
 	virtual bool setDefault();
 };
 
+/*****************************************
+ * CKA_SLHDSA_PARAMS
+ *****************************************/
+
+class P11AttrSLHDSAParams : public P11Attribute
+{
+public:
+	// Constructor
+	P11AttrSLHDSAParams(OSObject* inobject, CK_ULONG inchecks = 0) : P11Attribute(inobject) { type = CKA_SLHDSA_PARAMS; checks = ck1|inchecks; }
+
+protected:
+	// Set the default value of the attribute
+	virtual bool setDefault();
+};
+
 /*****************************************
  * CKA_GOSTR3410_PARAMS
  *****************************************/
diff --git a/src/lib/P11Objects.cpp b/src/lib/P11Objects.cpp
index 6d8d0afa4..f3a83e5d7 100644
--- a/src/lib/P11Objects.cpp
+++ b/src/lib/P11Objects.cpp
@@ -189,10 +189,12 @@ CK_RV P11Object::loadTemplate(Token *token, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG
 // Save template
 CK_RV P11Object::saveTemplate(Token *token, bool isPrivate, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, int op)
 {
+	INFO_MSG("INIT saveTemplate, OBJECT_OP_GENERATE %d, isPrivate %d", OBJECT_OP_GENERATE == op,isPrivate)
 	if (osobject == NULL)
 		return CKR_GENERAL_ERROR;
 	if (osobject->startTransaction() == false)
 		return CKR_GENERAL_ERROR;
+	INFO_MSG("osobject is not NULL and started transaction OK")
 
 	if (op == OBJECT_OP_SET)
 	{
@@ -226,6 +228,7 @@ CK_RV P11Object::saveTemplate(Token *token, bool isPrivate, CK_ATTRIBUTE_PTR pTe
 
 		if (attr == NULL)
 		{
+    	ERROR_MSG("ATTR is NULL for attribute type 0x%08X, abortTransaction", (unsigned int)pTemplate[i].type);
 			osobject->abortTransaction();
 			return CKR_ATTRIBUTE_TYPE_INVALID;
 		}
@@ -234,6 +237,7 @@ CK_RV P11Object::saveTemplate(Token *token, bool isPrivate, CK_ATTRIBUTE_PTR pTe
 		CK_RV rv = attr->update(token,isPrivate, pTemplate[i].pValue, pTemplate[i].ulValueLen, op);
 		if (rv != CKR_OK)
 		{
+			ERROR_MSG("ATTR update error, abortTransaction")
 			osobject->abortTransaction();
 			return rv;
 		}
@@ -297,6 +301,7 @@ CK_RV P11Object::saveTemplate(Token *token, bool isPrivate, CK_ATTRIBUTE_PTR pTe
 		return CKR_GENERAL_ERROR;
 	}
 
+	INFO_MSG("END saveTemplate")
 	return CKR_OK;
 }
 
@@ -939,6 +944,7 @@ P11SLHPublicKeyObj::P11SLHPublicKeyObj()
 // Add attributes
 bool P11SLHPublicKeyObj::init(OSObject *inobject)
 {
+	INFO_MSG("INIT P11SLHPublicKeyObj");
 	if (initialized) return true;
 	if (inobject == NULL) return false;
 
@@ -951,27 +957,28 @@ bool P11SLHPublicKeyObj::init(OSObject *inobject)
 	if (!P11PublicKeyObj::init(inobject)) return false;
 
 	// Create attributes
-	P11Attribute* attrEcParams = new P11AttrEcParams(osobject,P11Attribute::ck3);
-	P11Attribute* attrEcPoint = new P11AttrEcPoint(osobject);
+	P11Attribute* attrSLHDSAParams = new P11AttrSLHDSAParams(osobject,P11Attribute::ck3);
+	P11Attribute* attrValue = new P11AttrValue(osobject,P11Attribute::ck1|P11Attribute::ck4|P11Attribute::ck6|P11Attribute::ck7);
 
 	// Initialize the attributes
 	if
 	(
-		!attrEcParams->init() ||
-		!attrEcPoint->init()
+		!attrSLHDSAParams->init() ||
+		!attrValue->init()
 	)
 	{
 		ERROR_MSG("Could not initialize the attribute");
-		delete attrEcParams;
-		delete attrEcPoint;
+		delete attrSLHDSAParams;
+		delete attrValue;
 		return false;
 	}
 
 	// Add them to the map
-	attributes[attrEcParams->getType()] = attrEcParams;
-	attributes[attrEcPoint->getType()] = attrEcPoint;
+	attributes[attrSLHDSAParams->getType()] = attrSLHDSAParams;
+	attributes[attrValue->getType()] = attrValue;
 
 	initialized = true;
+	INFO_MSG("END P11SLHPublicKeyObj");
 	return true;
 }
 
@@ -1389,6 +1396,7 @@ P11SLHPrivateKeyObj::P11SLHPrivateKeyObj()
 // Add attributes
 bool P11SLHPrivateKeyObj::init(OSObject *inobject)
 {
+	INFO_MSG("INIT P11SLHPrivateKeyObj");
 	if (initialized) return true;
 	if (inobject == NULL) return false;
 
@@ -1401,27 +1409,28 @@ bool P11SLHPrivateKeyObj::init(OSObject *inobject)
 	if (!P11PrivateKeyObj::init(inobject)) return false;
 
 	// Create attributes
-	P11Attribute* attrEcParams = new P11AttrEcParams(osobject,P11Attribute::ck4|P11Attribute::ck6);
+	P11Attribute* attrSLHDSAParams = new P11AttrSLHDSAParams(osobject,P11Attribute::ck4|P11Attribute::ck6);
 	P11Attribute* attrValue = new P11AttrValue(osobject,P11Attribute::ck1|P11Attribute::ck4|P11Attribute::ck6|P11Attribute::ck7);
 
 	// Initialize the attributes
 	if
 	(
-		!attrEcParams->init() ||
+		!attrSLHDSAParams->init() ||
 		!attrValue->init()
 	)
 	{
 		ERROR_MSG("Could not initialize the attribute");
-		delete attrEcParams;
+		delete attrSLHDSAParams;
 		delete attrValue;
 		return false;
 	}
 
 	// Add them to the map
-	attributes[attrEcParams->getType()] = attrEcParams;
+	attributes[attrSLHDSAParams->getType()] = attrSLHDSAParams;
 	attributes[attrValue->getType()] = attrValue;
 
 	initialized = true;
+	INFO_MSG("END P11SLHPrivateKeyObj");
 	return true;
 }
 
diff --git a/src/lib/SoftHSM.cpp b/src/lib/SoftHSM.cpp
index 982951860..b13bc01fa 100644
--- a/src/lib/SoftHSM.cpp
+++ b/src/lib/SoftHSM.cpp
@@ -55,6 +55,7 @@
 #include "ECPublicKey.h"
 #include "ECPrivateKey.h"
 #include "ECParameters.h"
+#include "SLHParameters.h"
 #include "EDPublicKey.h"
 #include "EDPrivateKey.h"
 #include "DHParameters.h"
@@ -232,6 +233,7 @@ static CK_RV extractObjectInformation(CK_ATTRIBUTE_PTR pTemplate,
 			case CKA_CLASS:
 				if (pTemplate[i].ulValueLen == sizeof(CK_OBJECT_CLASS))
 				{
+					INFO_MSG("Extracted CKA_CLASS");
 					objClass = *(CK_OBJECT_CLASS_PTR)pTemplate[i].pValue;
 					bHasClass = true;
 				}
@@ -239,6 +241,7 @@ static CK_RV extractObjectInformation(CK_ATTRIBUTE_PTR pTemplate,
 			case CKA_KEY_TYPE:
 				if (pTemplate[i].ulValueLen == sizeof(CK_KEY_TYPE))
 				{
+					INFO_MSG("Extracted CKA_KEY_TYPE");
 					keyType = *(CK_KEY_TYPE*)pTemplate[i].pValue;
 					bHasKeyType = true;
 				}
@@ -246,6 +249,7 @@ static CK_RV extractObjectInformation(CK_ATTRIBUTE_PTR pTemplate,
 			case CKA_CERTIFICATE_TYPE:
 				if (pTemplate[i].ulValueLen == sizeof(CK_CERTIFICATE_TYPE))
 				{
+					INFO_MSG("Extracted CKA_CERTIFICATE_TYPE");
 					certType = *(CK_CERTIFICATE_TYPE*)pTemplate[i].pValue;
 					bHasCertType = true;
 				}
@@ -253,12 +257,14 @@ static CK_RV extractObjectInformation(CK_ATTRIBUTE_PTR pTemplate,
 			case CKA_TOKEN:
 				if (pTemplate[i].ulValueLen == sizeof(CK_BBOOL))
 				{
+					INFO_MSG("Extracted CKA_TOKEN");
 					isOnToken = *(CK_BBOOL*)pTemplate[i].pValue;
 				}
 				break;
 			case CKA_PRIVATE:
 				if (pTemplate[i].ulValueLen == sizeof(CK_BBOOL))
 				{
+					INFO_MSG("Extracted CKA_PRIVATE");
 					isPrivate = *(CK_BBOOL*)pTemplate[i].pValue;
 					bHasPrivate = true;
 				}
@@ -268,6 +274,9 @@ static CK_RV extractObjectInformation(CK_ATTRIBUTE_PTR pTemplate,
 		}
 	}
 
+	INFO_MSG("(class = %d, key_type = %d, cert_type = %d, private = %d, isOnToken=%d, isPrivate=%d)",
+			bHasClass, bHasKeyType, bHasCertType, bHasPrivate, isOnToken, isPrivate);
+
 	if (bImplicit)
 	{
 		return CKR_OK;
@@ -936,6 +945,9 @@ CK_RV SoftHSM::C_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, CK_
 #if defined(WITH_ECC) || defined(WITH_EDDSA) || defined(WITH_SLHDSA)
 	unsigned long ecdhMinSize = 0, ecdhMaxSize = 0;
 	unsigned long eddsaMinSize = 0, eddsaMaxSize = 0;
+#endif
+
+#if defined(WITH_SLHDSA)
 	unsigned long slhdsaMinSize = 0, slhdsaMaxSize = 0;
 #endif
 
@@ -4136,6 +4148,7 @@ CK_RV SoftHSM::MacSignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechani
 // AsymmetricAlgorithm version of C_SignInit
 CK_RV SoftHSM::AsymSignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
 {
+	INFO_MSG("here init signature")
 	if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
 
 	if (pMechanism == NULL_PTR) return CKR_ARGUMENTS_BAD;
@@ -4691,6 +4704,7 @@ static CK_RV MacSign(Session* session, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK
 // AsymmetricAlgorithm version of C_Sign
 static CK_RV AsymSign(Session* session, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)
 {
+	INFO_MSG("here signs the message")
 	AsymmetricAlgorithm* asymCrypto = session->getAsymmetricCryptoOp();
 	AsymMech::Type mechanism = session->getMechanism();
 	PrivateKey* privateKey = session->getPrivateKey();
@@ -4720,6 +4734,7 @@ static CK_RV AsymSign(Session* session, CK_BYTE_PTR pData, CK_ULONG ulDataLen, C
 	// Check buffer size
 	if (*pulSignatureLen < size)
 	{
+		ERROR_MSG("signatureLen=%d, size=%d", *pulSignatureLen, size);
 		*pulSignatureLen = size;
 		return CKR_BUFFER_TOO_SMALL;
 	}
@@ -4754,7 +4769,7 @@ static CK_RV AsymSign(Session* session, CK_BYTE_PTR pData, CK_ULONG ulDataLen, C
 	// Check size
 	if (signature.size() != size)
 	{
-		ERROR_MSG("The size of the signature differs from the size of the mechanism");
+		ERROR_MSG("The size of the signature differs from the size of the mechanism %d, %d", signature.size(), size);
 		session->resetOp();
 		return CKR_GENERAL_ERROR;
 	}
@@ -4762,6 +4777,7 @@ static CK_RV AsymSign(Session* session, CK_BYTE_PTR pData, CK_ULONG ulDataLen, C
 	*pulSignatureLen = size;
 
 	session->resetOp();
+	INFO_MSG("Signature finished.");
 	return CKR_OK;
 }
 
@@ -5587,6 +5603,7 @@ CK_RV SoftHSM::AsymVerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMech
 #ifdef WITH_SLHDSA
 	else if (isSLHDSA)
 	{
+		INFO_MSG("INIT take SLH-DSA public key.");
 		asymCrypto = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::SLHDSA);
 		if (asymCrypto == NULL) return CKR_MECHANISM_INVALID;
 
@@ -5603,6 +5620,7 @@ CK_RV SoftHSM::AsymVerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMech
 			CryptoFactory::i()->recycleAsymmetricAlgorithm(asymCrypto);
 			return CKR_GENERAL_ERROR;
 		}
+		INFO_MSG("END take SLH-DSA public key.");
 	}
 #endif
 	else
@@ -5645,6 +5663,7 @@ CK_RV SoftHSM::AsymVerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMech
 	session->setAllowSinglePartOp(true);
 	session->setPublicKey(publicKey);
 
+	INFO_MSG("END AsymVerifyInit.");
 	return CKR_OK;
 }
 
@@ -6230,6 +6249,7 @@ CK_RV SoftHSM::C_GenerateKeyPair
 	CK_BBOOL ispublicKeyToken = CK_FALSE;
 	CK_BBOOL ispublicKeyPrivate = CK_FALSE;
 	bool isPublicKeyImplicit = true;
+	INFO_MSG("INIT public key extractObjectInformation (CKM_SLH_KEY_PAIR_GEN, CKK_SLHDSA)");
 	extractObjectInformation(pPublicKeyTemplate, ulPublicKeyAttributeCount, publicKeyClass, keyType, dummy, ispublicKeyToken, ispublicKeyPrivate, isPublicKeyImplicit);
 
 	// Report errors caused by accidental template mix-ups in the application using this cryptoki lib.
@@ -6250,11 +6270,14 @@ CK_RV SoftHSM::C_GenerateKeyPair
 	if (pMechanism->mechanism == CKM_SLH_KEY_PAIR_GEN && keyType != CKK_SLHDSA)
 		return CKR_TEMPLATE_INCONSISTENT;
 
+	INFO_MSG("END public key extractObjectInformation (CKM_SLH_KEY_PAIR_GEN, CKK_SLHDSA)");
 	// Extract information from the private key template that is needed to create the object.
 	CK_OBJECT_CLASS privateKeyClass = CKO_PRIVATE_KEY;
 	CK_BBOOL isprivateKeyToken = CK_FALSE;
 	CK_BBOOL isprivateKeyPrivate = CK_TRUE;
 	bool isPrivateKeyImplicit = true;
+
+	INFO_MSG("INIT private key extractObjectInformation (CKM_SLH_KEY_PAIR_GEN, CKK_SLHDSA)");
 	extractObjectInformation(pPrivateKeyTemplate, ulPrivateKeyAttributeCount, privateKeyClass, keyType, dummy, isprivateKeyToken, isprivateKeyPrivate, isPrivateKeyImplicit);
 
 	// Report errors caused by accidental template mix-ups in the application using this cryptoki lib.
@@ -6274,6 +6297,7 @@ CK_RV SoftHSM::C_GenerateKeyPair
 		return CKR_TEMPLATE_INCONSISTENT;
 	if (pMechanism->mechanism == CKM_SLH_KEY_PAIR_GEN && keyType != CKK_SLHDSA)
 		return CKR_TEMPLATE_INCONSISTENT;
+	INFO_MSG("END private key extractObjectInformation (CKM_SLH_KEY_PAIR_GEN, CKK_SLHDSA)");
 
 	// Check user credentials
 	CK_RV rv = haveWrite(session->getState(), ispublicKeyToken || isprivateKeyToken, ispublicKeyPrivate || isprivateKeyPrivate);
@@ -10079,7 +10103,6 @@ CK_RV SoftHSM::generateSLH
 		return CKR_GENERAL_ERROR;
 
 	// Extract desired key information
-	// NOTE: thinking about pPublicKeyTemplate...
 	ByteString params;
 	for (CK_ULONG i = 0; i < ulPublicKeyAttributeCount; i++)
 	{
@@ -10092,6 +10115,8 @@ CK_RV SoftHSM::generateSLH
 				break;
 		}
 	}
+	INFO_MSG("Extracted public key params <%s>", params.const_byte_str());
+
 
 	// The parameters must be specified to be able to generate a key pair.
 	if (params.size() == 0) {
@@ -10100,22 +10125,25 @@ CK_RV SoftHSM::generateSLH
 	}
 
 	// Set the parameters
-	ECParameters p;
-	p.setEC(params);
+	SLHParameters p;
+	p.setName(params);
+	INFO_MSG("seted params for SLH-DSA");
 
 	// Generate key pair
 	AsymmetricKeyPair* kp = NULL;
-	AsymmetricAlgorithm* ec = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::SLHDSA);
-	if (ec == NULL) return CKR_GENERAL_ERROR;
-	if (!ec->generateKeyPair(&kp, &p))
+	AsymmetricAlgorithm* slh = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::SLHDSA);
+	if (slh == NULL) return CKR_GENERAL_ERROR;
+	if (!slh->generateKeyPair(&kp, &p))
 	{
 		ERROR_MSG("Could not generate key pair");
-		CryptoFactory::i()->recycleAsymmetricAlgorithm(ec);
+		CryptoFactory::i()->recycleAsymmetricAlgorithm(slh);
 		return CKR_GENERAL_ERROR;
 	}
 
+	INFO_MSG("INIT Get Public/Private Key");
 	SLHPublicKey* pub = (SLHPublicKey*) kp->getPublicKey();
 	SLHPrivateKey* priv = (SLHPrivateKey*) kp->getPrivateKey();
+	INFO_MSG("END Get Public/Private Key");
 
 	CK_RV rv = CKR_OK;
 
@@ -10151,11 +10179,16 @@ CK_RV SoftHSM::generateSLH
 		}
 
 		if (rv == CKR_OK)
+		{
+			INFO_MSG("INIT PublicKey CreateObject");
 			rv = this->CreateObject(hSession,publicKeyAttribs,publicKeyAttribsCount,phPublicKey,OBJECT_OP_GENERATE);
+			INFO_MSG("END PublicKey CreateObject");
+		}
 
 		// Store the attributes that are being supplied by the key generation to the object
 		if (rv == CKR_OK)
 		{
+			INFO_MSG("INIT PublicKey STORING");
 			OSObject* osobject = (OSObject*)handleManager->getObject(*phPublicKey);
 			if (osobject == NULL_PTR || !osobject->isValid()) {
 				rv = CKR_FUNCTION_FAILED;
@@ -10167,17 +10200,17 @@ CK_RV SoftHSM::generateSLH
 				CK_ULONG ulKeyGenMechanism = (CK_ULONG)CKM_SLH_KEY_PAIR_GEN;
 				bOK = bOK && osobject->setAttribute(CKA_KEY_GEN_MECHANISM,ulKeyGenMechanism);
 
-				// EDDSA Public Key Attributes
+				// SLHDSA Public Key Attributes
 				ByteString value;
 				if (isPublicKeyPrivate)
 				{
-					token->encrypt(pub->getA(), value);
+					token->encrypt(pub->getDerPublicKey(), value);
 				}
 				else
 				{
-					value = pub->getA();
+					value = pub->getDerPublicKey();
 				}
-				bOK = bOK && osobject->setAttribute(CKA_EC_POINT, value);
+				bOK = bOK && osobject->setAttribute(CKA_SLHDSA_PARAMS, value);
 
 				if (bOK)
 					bOK = osobject->commitTransaction();
@@ -10188,6 +10221,7 @@ CK_RV SoftHSM::generateSLH
 					rv = CKR_FUNCTION_FAILED;
 			} else
 				rv = CKR_FUNCTION_FAILED;
+			INFO_MSG("END PublicKey STORING");
 		}
 	}
 
@@ -10221,11 +10255,16 @@ CK_RV SoftHSM::generateSLH
 		}
 
 		if (rv == CKR_OK)
+		{
+			INFO_MSG("INIT PrivateKey CreateObject");
 			rv = this->CreateObject(hSession,privateKeyAttribs,privateKeyAttribsCount,phPrivateKey,OBJECT_OP_GENERATE);
+			INFO_MSG("END PrivateKey CreateObject");
+		}
 
 		// Store the attributes that are being supplied by the key generation to the object
 		if (rv == CKR_OK)
 		{
+			INFO_MSG("INIT PrivateKey STORING");
 			OSObject* osobject = (OSObject*)handleManager->getObject(*phPrivateKey);
 			if (osobject == NULL_PTR || !osobject->isValid()) {
 				rv = CKR_FUNCTION_FAILED;
@@ -10244,20 +10283,16 @@ CK_RV SoftHSM::generateSLH
 				bOK = bOK && osobject->setAttribute(CKA_NEVER_EXTRACTABLE, bNeverExtractable);
 
 				// SLHDSA Private Key Attributes
-				ByteString group;
 				ByteString value;
 				if (isPrivateKeyPrivate)
 				{
-					token->encrypt(priv->getEC(), group);
-					token->encrypt(priv->getK(), value);
+					token->encrypt(priv->getDerPrivateKey(), value);
 				}
 				else
 				{
-					group = priv->getEC();
-					value = priv->getK();
+					value = priv->getDerPrivateKey();
 				}
-				bOK = bOK && osobject->setAttribute(CKA_SLHDSA_PARAMS, group);
-				bOK = bOK && osobject->setAttribute(CKA_VALUE, value);
+				bOK = bOK && osobject->setAttribute(CKA_SLHDSA_PARAMS, value);
 
 				if (bOK)
 					bOK = osobject->commitTransaction();
@@ -10268,12 +10303,13 @@ CK_RV SoftHSM::generateSLH
 					rv = CKR_FUNCTION_FAILED;
 			} else
 				rv = CKR_FUNCTION_FAILED;
+			INFO_MSG("END PrivateKey STORING");
 		}
 	}
 
 	// Clean up
-	ec->recycleKeyPair(kp);
-	CryptoFactory::i()->recycleAsymmetricAlgorithm(ec);
+	slh->recycleKeyPair(kp);
+	CryptoFactory::i()->recycleAsymmetricAlgorithm(slh);
 
 	// Remove keys that may have been created already when the function fails.
 	if (rv != CKR_OK)
@@ -12604,24 +12640,33 @@ CK_RV SoftHSM::deriveSymmetric
 
 CK_RV SoftHSM::CreateObject(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phObject, int op)
 {
+	INFO_MSG("INIT CreateObject");
+
 	if (!isInitialised) return CKR_CRYPTOKI_NOT_INITIALIZED;
+	INFO_MSG("isInitialised OK");
 
 	if (pTemplate == NULL_PTR) return CKR_ARGUMENTS_BAD;
+	INFO_MSG("template OK");
 	if (phObject == NULL_PTR) return CKR_ARGUMENTS_BAD;
+	INFO_MSG("phObject OK");
 
 	// Get the session
 	Session* session = (Session*)handleManager->getSession(hSession);
 	if (session == NULL) return CKR_SESSION_HANDLE_INVALID;
+	INFO_MSG("session OK");
 
 	// Get the slot
 	Slot* slot = session->getSlot();
 	if (slot == NULL_PTR) return CKR_GENERAL_ERROR;
+	INFO_MSG("slot OK");
 
 	// Get the token
 	Token* token = session->getToken();
 	if (token == NULL_PTR) return CKR_GENERAL_ERROR;
+	INFO_MSG("token OK");
 
 	// Extract information from the template that is needed to create the object.
+	INFO_MSG("INIT wheird extraction with RSA");
 	CK_OBJECT_CLASS objClass = CKO_DATA;
 	CK_KEY_TYPE keyType = CKK_RSA;
 	CK_CERTIFICATE_TYPE certType = CKC_X_509;
@@ -12634,6 +12679,7 @@ CK_RV SoftHSM::CreateObject(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTempla
 		ERROR_MSG("Mandatory attribute not present in template");
 		return rv;
 	}
+	INFO_MSG("END wheird extraction with RSA");
 
 	// Check user credentials
 	rv = haveWrite(session->getState(), isOnToken, isPrivate);
@@ -12646,7 +12692,9 @@ CK_RV SoftHSM::CreateObject(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTempla
 
 		return rv;
 	}
+	INFO_MSG("checked user credentials OK");
 
+	INFO_MSG("INIT change order of attributes");
 	// Change order of attributes
 	const CK_ULONG maxAttribs = 32;
 	CK_ATTRIBUTE attribs[maxAttribs];
@@ -12662,30 +12710,39 @@ CK_RV SoftHSM::CreateObject(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTempla
 		switch (pTemplate[i].type)
 		{
 			case CKA_CHECK_VALUE:
+				INFO_MSG("CKA_CHECK_VALUE found");
 				saveAttribs[saveAttribsCount++] = pTemplate[i];
 				break;
 			default:
+				INFO_MSG("DEFAULT found");
 				attribs[attribsCount++] = pTemplate[i];
 		}
 	}
 	for (CK_ULONG i=0; i < saveAttribsCount; i++)
 	{
+		INFO_MSG("saveAttrib appended to attribs");
 		attribs[attribsCount++] = saveAttribs[i];
 	}
+	INFO_MSG("END change order of attributes");
+
+	INFO_MSG("objClass = %d, eq CKO_PRIVATE_KEY = %d, eq CKO_PUBLIC_KEY = %d", objClass, objClass == CKO_PRIVATE_KEY, objClass == CKO_PUBLIC_KEY)
 
 	P11Object* p11object = NULL;
 	rv = newP11Object(objClass,keyType,certType,&p11object);
 	if (rv != CKR_OK)
 		return rv;
+	INFO_MSG("created newP11Object OK")
 
 	// Create the object in session or on the token
 	OSObject *object = NULL_PTR;
 	if (isOnToken)
 	{
+		INFO_MSG("try create object on TOKEN")
 		object = (OSObject*) token->createObject();
 	}
 	else
 	{
+		INFO_MSG("try create object on SESSION")
 		object = sessionObjectStore->createObject(slot->getSlotID(), hSession, isPrivate != CK_FALSE);
 	}
 
@@ -12694,12 +12751,14 @@ CK_RV SoftHSM::CreateObject(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTempla
 		delete p11object;
 		return CKR_GENERAL_ERROR;
 	}
+	INFO_MSG("created object OK")
 
 	rv = p11object->saveTemplate(token, isPrivate != CK_FALSE, attribs,attribsCount,op);
 	delete p11object;
 	if (rv != CKR_OK)
 		return rv;
 
+	INFO_MSG("saveTemplate OK")
 	if (op == OBJECT_OP_CREATE)
 	{
 		if (objClass == CKO_PUBLIC_KEY &&
@@ -12723,11 +12782,14 @@ CK_RV SoftHSM::CreateObject(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTempla
 
 	if (isOnToken)
 	{
+		INFO_MSG("add object on token")
 		*phObject = handleManager->addTokenObject(slot->getSlotID(), isPrivate != CK_FALSE, object);
 	} else {
+		INFO_MSG("add object on session")
 		*phObject = handleManager->addSessionObject(slot->getSlotID(), hSession, isPrivate != CK_FALSE, object);
 	}
 
+	INFO_MSG("END CreateObject");
 	return CKR_OK;
 }
 
@@ -13027,6 +13089,7 @@ CK_RV SoftHSM::getEDPublicKey(EDPublicKey* publicKey, Token* token, OSObject* ke
 	return CKR_OK;
 }
 
+// PTAL
 CK_RV SoftHSM::getSLHPrivateKey(SLHPrivateKey* privateKey, Token* token, OSObject* key)
 {
 	if (privateKey == NULL) return CKR_ARGUMENTS_BAD;
@@ -13037,24 +13100,20 @@ CK_RV SoftHSM::getSLHPrivateKey(SLHPrivateKey* privateKey, Token* token, OSObjec
 	bool isKeyPrivate = key->getBooleanValue(CKA_PRIVATE, false);
 
 	// SLHDSA Private Key Attributes
-	ByteString group;
 	ByteString value;
 	if (isKeyPrivate)
 	{
 		bool bOK = true;
-		bOK = bOK && token->decrypt(key->getByteStringValue(CKA_SLHDSA_PARAMS), group);
-		bOK = bOK && token->decrypt(key->getByteStringValue(CKA_VALUE), value);
+		bOK = bOK && token->decrypt(key->getByteStringValue(CKA_SLHDSA_PARAMS), value);
 		if (!bOK)
 			return CKR_GENERAL_ERROR;
 	}
 	else
 	{
-		group = key->getByteStringValue(CKA_SLHDSA_PARAMS);
-		value = key->getByteStringValue(CKA_VALUE);
+		value = key->getByteStringValue(CKA_SLHDSA_PARAMS);
 	}
 
-	privateKey->setEC(group);
-	privateKey->setK(value);
+	privateKey->setDerPrivateKey(value);
 
 	return CKR_OK;
 }
@@ -13068,25 +13127,23 @@ CK_RV SoftHSM::getSLHPublicKey(SLHPublicKey* publicKey, Token* token, OSObject*
 	// Get the CKA_PRIVATE attribute, when the attribute is not present use default false
 	bool isKeyPrivate = key->getBooleanValue(CKA_PRIVATE, false);
 
-	// EC Public Key Attributes
-	ByteString group;
+	// SLHDSA Public Key Attributes
 	ByteString value;
 	if (isKeyPrivate)
 	{
 		bool bOK = true;
-		bOK = bOK && token->decrypt(key->getByteStringValue(CKA_SLHDSA_PARAMS), group);
-		bOK = bOK && token->decrypt(key->getByteStringValue(CKA_EC_POINT), value);
+		bOK = bOK && token->decrypt(key->getByteStringValue(CKA_SLHDSA_PARAMS), value);
 		if (!bOK)
 			return CKR_GENERAL_ERROR;
 	}
 	else
 	{
-		group = key->getByteStringValue(CKA_SLHDSA_PARAMS);
-		value = key->getByteStringValue(CKA_EC_POINT);
+		value = key->getByteStringValue(CKA_SLHDSA_PARAMS);
 	}
 
-	publicKey->setEC(group);
-	publicKey->setA(value);
+	INFO_MSG("INIT setDerPublicKey");
+	publicKey->setDerPublicKey(value);
+	INFO_MSG("END setDerPublicKey");
 
 	return CKR_OK;
 }
diff --git a/src/lib/crypto/CMakeLists.txt b/src/lib/crypto/CMakeLists.txt
index 3a60daf9e..a3e17ee0f 100644
--- a/src/lib/crypto/CMakeLists.txt
+++ b/src/lib/crypto/CMakeLists.txt
@@ -20,6 +20,7 @@ set(SOURCES AESKey.cpp
             DSAPrivateKey.cpp
             DSAPublicKey.cpp
             ECParameters.cpp
+            SLHParameters.cpp
             ECPrivateKey.cpp
             ECPublicKey.cpp
             EDPrivateKey.cpp
diff --git a/src/lib/crypto/Makefile.am b/src/lib/crypto/Makefile.am
index 8924294b1..8c08fced2 100644
--- a/src/lib/crypto/Makefile.am
+++ b/src/lib/crypto/Makefile.am
@@ -20,6 +20,7 @@ libsofthsm_crypto_la_SOURCES =	AESKey.cpp \
 				DSAPublicKey.cpp \
 				DSAPrivateKey.cpp \
 				ECParameters.cpp \
+        SLHParameters.cpp \
 				ECPublicKey.cpp \
 				ECPrivateKey.cpp \
 				EDPublicKey.cpp \
diff --git a/src/lib/crypto/OSSLSLHDSA.cpp b/src/lib/crypto/OSSLSLHDSA.cpp
index a69b5577f..53d6bd1c5 100644
--- a/src/lib/crypto/OSSLSLHDSA.cpp
+++ b/src/lib/crypto/OSSLSLHDSA.cpp
@@ -35,7 +35,7 @@
 #include "log.h"
 #include "OSSLSLHDSA.h"
 #include "CryptoFactory.h"
-#include "ECParameters.h"
+#include "SLHParameters.h"
 #include "OSSLSLHKeyPair.h"
 #include "OSSLComp.h"
 #include "OSSLUtil.h"
@@ -81,7 +81,6 @@ bool OSSLSLHDSA::sign(PrivateKey* privateKey, const ByteString& dataToSign,
 		ERROR_MSG("Could not get the order length");
 		return false;
 	}
-	len *= 2;
 	signature.resize(len);
 	memset(&signature[0], 0, len);
 	EVP_MD_CTX* ctx = EVP_MD_CTX_new();
@@ -94,6 +93,13 @@ bool OSSLSLHDSA::sign(PrivateKey* privateKey, const ByteString& dataToSign,
 	if (!EVP_DigestSign(ctx, &signature[0], &len, dataToSign.const_byte_str(), dataToSign.size()))
 	{
 		ERROR_MSG("SLHDSA sign failed (0x%08X)", ERR_get_error());
+
+		unsigned long err = ERR_get_error();
+		char buf[256];
+		ERR_error_string_n(err, buf, sizeof(buf));
+		ERROR_MSG("SLHDSA sign failed: %s\n", buf);
+		ERROR_MSG("Key type: %s\n", EVP_PKEY_get0_type_name(pkey));
+
 		EVP_MD_CTX_free(ctx);
 		return false;
 	}
@@ -128,6 +134,7 @@ bool OSSLSLHDSA::verify(PublicKey* publicKey, const ByteString& originalData,
 		       const ByteString& signature, const AsymMech::Type mechanism,
 		       const void* /* param = NULL */, const size_t /* paramLen = 0 */)
 {
+	INFO_MSG("Init verify");
 	if (mechanism != AsymMech::SLHDSA)
 	{
 		ERROR_MSG("Invalid mechanism supplied (%i)", mechanism);
@@ -159,7 +166,6 @@ bool OSSLSLHDSA::verify(PublicKey* publicKey, const ByteString& originalData,
 		ERROR_MSG("Could not get the order length");
 		return false;
 	}
-	len *= 2;
 	if (signature.size() != len)
 	{
 		ERROR_MSG("Invalid buffer length");
@@ -234,19 +240,21 @@ bool OSSLSLHDSA::generateKeyPair(AsymmetricKeyPair** ppKeyPair, AsymmetricParame
 		return false;
 	}
 
-	if (!parameters->areOfType(ECParameters::type))
+	if (!parameters->areOfType(SLHParameters::type))
 	{
 		ERROR_MSG("Invalid parameters supplied for SLHDSA key generation");
 
 		return false;
 	}
 
-	ECParameters* params = (ECParameters*) parameters;
-	int nid = OSSL::byteString2oid(params->getEC());
+	SLHParameters* params = (SLHParameters*) parameters;
+
+	const unsigned char* name = params->getName().const_byte_str();
+	INFO_MSG("SLH-DSA name: <%s>", name);
 
 	// Generate the key-pair
 	EVP_PKEY* pkey = NULL;
-	EVP_PKEY_CTX* ctx = EVP_PKEY_CTX_new_id(nid, NULL);
+	EVP_PKEY_CTX* ctx = EVP_PKEY_CTX_new_from_name(NULL, reinterpret_cast<const char*>(name), NULL);
 	if (ctx == NULL)
 	{
 		ERROR_MSG("Failed to instantiate OpenSSL SLHDSA context");
@@ -272,8 +280,13 @@ bool OSSLSLHDSA::generateKeyPair(AsymmetricKeyPair** ppKeyPair, AsymmetricParame
 	// Create an asymmetric key-pair object to return
 	OSSLSLHKeyPair* kp = new OSSLSLHKeyPair();
 
+	INFO_MSG("INIT PublicKey.setFromOSSL");
 	((OSSLSLHPublicKey*) kp->getPublicKey())->setFromOSSL(pkey);
+	INFO_MSG("END PublicKey.setFromOSSL");
+
+	INFO_MSG("INIT Private.setFromOSSL");
 	((OSSLSLHPrivateKey*) kp->getPrivateKey())->setFromOSSL(pkey);
+	INFO_MSG("END Private.setFromOSSL");
 
 	*ppKeyPair = kp;
 
@@ -468,7 +481,7 @@ PrivateKey* OSSLSLHDSA::newPrivateKey()
 
 AsymmetricParameters* OSSLSLHDSA::newParameters()
 {
-	return (AsymmetricParameters*) new ECParameters();
+	return (AsymmetricParameters*) new SLHParameters();
 }
 
 bool OSSLSLHDSA::reconstructParameters(AsymmetricParameters** ppParams, ByteString& serialisedData)
@@ -479,7 +492,7 @@ bool OSSLSLHDSA::reconstructParameters(AsymmetricParameters** ppParams, ByteStri
 		return false;
 	}
 
-	ECParameters* params = new ECParameters();
+	SLHParameters* params = new SLHParameters();
 
 	if (!params->deserialise(serialisedData))
 	{
diff --git a/src/lib/crypto/OSSLSLHPrivateKey.cpp b/src/lib/crypto/OSSLSLHPrivateKey.cpp
index d7f1a2fb2..2946ca8d0 100644
--- a/src/lib/crypto/OSSLSLHPrivateKey.cpp
+++ b/src/lib/crypto/OSSLSLHPrivateKey.cpp
@@ -35,46 +35,21 @@
 #include "log.h"
 #include "OSSLSLHPrivateKey.h"
 #include "OSSLUtil.h"
+#include <cstdlib>
+#include <cstring>
 #include <openssl/x509.h>
 
-#define X25519_KEYLEN	32
-#define X448_KEYLEN	56
-#define ED448_KEYLEN	57
-
-#define PREFIXLEN	16
-
-// Prefixes
-const unsigned char x25519_prefix[] = {
-	0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06,
-	0x03, 0x2b, 0x65, 0x6e, 0x04, 0x22, 0x04, 0x20
-};
-
-const unsigned char x448_prefix[] = {
-	0x30, 0x46, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06,
-	0x03, 0x2b, 0x65, 0x6f, 0x04, 0x3a, 0x04, 0x38
-};
-
-const unsigned char ed25519_prefix[] = {
-	0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06,
-	0x03, 0x2b, 0x65, 0x70, 0x04, 0x22, 0x04, 0x20
-};
-
-const unsigned char ed448_prefix[] = {
-	0x30, 0x47, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06,
-	0x03, 0x2b, 0x65, 0x71, 0x04, 0x3b, 0x04, 0x39
-};
-
 // Constructors
 OSSLSLHPrivateKey::OSSLSLHPrivateKey()
 {
-	nid = NID_undef;
 	pkey = NULL;
+	name = NULL;
 }
 
 OSSLSLHPrivateKey::OSSLSLHPrivateKey(const EVP_PKEY* inPKEY)
 {
-	nid = NID_undef;
 	pkey = NULL;
+	name = NULL;
 
 	setFromOSSL(inPKEY);
 }
@@ -82,79 +57,76 @@ OSSLSLHPrivateKey::OSSLSLHPrivateKey(const EVP_PKEY* inPKEY)
 // Destructor
 OSSLSLHPrivateKey::~OSSLSLHPrivateKey()
 {
-	EVP_PKEY_free(pkey);
+  if (pkey) {
+      EVP_PKEY_free(pkey);
+      pkey = NULL;
+  }
+  name = NULL;
 }
 
 // The type
 /*static*/ const char* OSSLSLHPrivateKey::type = "OpenSSL SLHDSA Private Key";
 
-// Get the base point order length
 unsigned long OSSLSLHPrivateKey::getOrderLength() const
 {
-	if (nid == NID_ED25519)
-		return X25519_KEYLEN;
-	if (nid == NID_ED448)
-		return ED448_KEYLEN;
-	return 0;
+  if (name == NULL){
+    ERROR_MSG("Could not determine the signature size, name is NULL");
+  	return 0;
+  }
+
+  size_t name_len = strnlen(name, 100);
+  size_t signature_size = 0;
+
+  INFO_MSG("name %s", name);
+  if (strncmp(&name[name_len - 4], "128s", 4) == 0) {
+    signature_size = 7856;
+  } else if (strncmp(&name[name_len - 4], "128f", 4) == 0) {
+    signature_size = 17088;
+  } else if (strncmp(&name[name_len - 4], "192s", 4) == 0) {
+    signature_size = 16224;
+  } else if (strncmp(&name[name_len - 4], "192f", 4) == 0) {
+    signature_size = 35664;
+  } else if (strncmp(&name[name_len - 4], "256s", 4) == 0) {
+    signature_size = 29792;
+  } else if (strncmp(&name[name_len - 4], "256f", 4) == 0) {
+    signature_size = 49856;
+  } else{
+    ERROR_MSG("Could not determine the signature size");
+  }
+	return signature_size;
 }
 
 // Set from OpenSSL representation
 void OSSLSLHPrivateKey::setFromOSSL(const EVP_PKEY* inPKEY)
 {
-	nid = EVP_PKEY_id(inPKEY);
-	if (nid == NID_undef)
-	{
-		return;
-	}
-	ByteString inEC = OSSL::oid2ByteString(nid);
-	SLHPrivateKey::setEC(inEC);
+  if (EVP_PKEY_get0_type_name(inPKEY) == NULL)
+  {
+    ERROR_MSG("Could not determine algorithm name from EVP_PKEY");
+    return;
+  }
+  name = EVP_PKEY_get0_type_name(inPKEY);
+
+  // Serialize to DER (PKCS#8), like function PKCS8Encode
+  ByteString der;
+  PKCS8_PRIV_KEY_INFO* p8inf = EVP_PKEY2PKCS8(inPKEY);
+  if (!p8inf)
+  	{ ERROR_MSG("EVP_PKEY2PKCS8 info error"); return; }
+  int len = i2d_PKCS8_PRIV_KEY_INFO(p8inf, NULL);
+  if (len <= 0)
+  {
+  	ERROR_MSG("i2d_PKCS8_PRIV_KEY_INFO info error, len is smaller or eq than zero");
+  	return;
+  }
+
+  der.resize(len);
+	unsigned char* p = &der[0];
+  if (i2d_PKCS8_PRIV_KEY_INFO(p8inf, &p) != len)
+  	{ ERROR_MSG("i2d_PKCS8_PRIV_KEY_INFO serialization error"); return; }
 
-	// i2d_PrivateKey incorrectly does not const the key argument?!
-	EVP_PKEY* key = const_cast<EVP_PKEY*>(inPKEY);
-	int len = i2d_PrivateKey(key, NULL);
-	if (len <= 0)
-	{
-		ERROR_MSG("Could not encode SLHDSA private key");
-		return;
-	}
-	ByteString der;
-	der.resize(len);
-	unsigned char *p = &der[0];
-	i2d_PrivateKey(key, &p);
-	ByteString inK;
-	switch (nid) {
-	case NID_X25519:
-	case NID_ED25519:
-		if (len != (X25519_KEYLEN + PREFIXLEN))
-		{
-			ERROR_MSG("Invalid size. Expected: %lu, Actual: %lu", X25519_KEYLEN + PREFIXLEN, len);
-			return;
-		}
-		inK.resize(X25519_KEYLEN);
-		memcpy(&inK[0], &der[PREFIXLEN], X25519_KEYLEN);
-		break;
-	case NID_X448:
-		if (len != (X448_KEYLEN + PREFIXLEN))
-		{
-			ERROR_MSG("Invalid size. Expected: %lu, Actual: %lu", X448_KEYLEN + PREFIXLEN, len);
-			return;
-		}
-		inK.resize(X448_KEYLEN);
-		memcpy(&inK[0], &der[PREFIXLEN], X448_KEYLEN);
-		break;
-	case NID_ED448:
-		if (len != (ED448_KEYLEN + PREFIXLEN))
-		{
-			ERROR_MSG("Invalid size. Expected: %lu, Actual: %lu", ED448_KEYLEN + PREFIXLEN, len);
-			return;
-		}
-		inK.resize(ED448_KEYLEN);
-		memcpy(&inK[0], &der[PREFIXLEN], ED448_KEYLEN);
-		break;
-	default:
-		return;
-	}
-	setK(inK);
+  PKCS8_PRIV_KEY_INFO_free(p8inf);
+
+  setDerPrivateKey(der);
+  return;
 }
 
 // Check if the key is of the given type
@@ -163,30 +135,18 @@ bool OSSLSLHPrivateKey::isOfType(const char* inType)
 	return !strcmp(type, inType);
 }
 
-// Setters for the SLHDSA private key components
-void OSSLSLHPrivateKey::setK(const ByteString& inK)
+void OSSLSLHPrivateKey::setDerPrivateKey(const ByteString& inSk)
 {
-	SLHPrivateKey::setK(inK);
-
-	if (pkey)
-	{
-		EVP_PKEY_free(pkey);
-		pkey = NULL;
-	}
-}
+	SLHPrivateKey::setDerPrivateKey(inSk);
 
+	getOSSLKey();
+  if (EVP_PKEY_get0_type_name(pkey) == NULL)
+  	{ ERROR_MSG("Could not determine algorithm name from EVP_PKEY"); return; }
 
-// Setters for the SLHDSA public key components
-void OSSLSLHPrivateKey::setEC(const ByteString& inEC)
-{
-	SLHPrivateKey::setEC(inEC);
+  name = EVP_PKEY_get0_type_name(pkey);
 
-	nid = OSSL::byteString2oid(inEC);
 	if (pkey)
-	{
-		EVP_PKEY_free(pkey);
-		pkey = NULL;
-	}
+		{ EVP_PKEY_free(pkey); pkey = NULL; }
 }
 
 // Encode into PKCS#8 DER
@@ -237,54 +197,23 @@ EVP_PKEY* OSSLSLHPrivateKey::getOSSLKey()
 // Create the OpenSSL representation of the key
 void OSSLSLHPrivateKey::createOSSLKey()
 {
+  // Deserialize from DER (PKCS#8), like function PKCS8Decode
 	if (pkey != NULL) return;
 
-	ByteString der;
-	switch (nid) {
-	case NID_X25519:
-		if (k.size() != X25519_KEYLEN)
-		{
-			ERROR_MSG("Invalid size. Expected: %lu, Actual: %lu", X25519_KEYLEN, k.size());
-			return;
-		}
-		der.resize(PREFIXLEN + X25519_KEYLEN);
-		memcpy(&der[0], x25519_prefix, PREFIXLEN);
-		memcpy(&der[PREFIXLEN], k.const_byte_str(), X25519_KEYLEN);
-		break;
-	case NID_ED25519:
-		if (k.size() != X25519_KEYLEN)
-		{
-			ERROR_MSG("Invalid size. Expected: %lu, Actual: %lu", X25519_KEYLEN, k.size());
-			return;
-		}
-		der.resize(PREFIXLEN + X25519_KEYLEN);
-		memcpy(&der[0], ed25519_prefix, PREFIXLEN);
-		memcpy(&der[PREFIXLEN], k.const_byte_str(), X25519_KEYLEN);
-		break;
-	case NID_X448:
-		if (k.size() != X448_KEYLEN)
-		{
-			ERROR_MSG("Invalid size. Expected: %lu, Actual: %lu", X448_KEYLEN, k.size());
-			return;
-		}
-		der.resize(PREFIXLEN + X448_KEYLEN);
-		memcpy(&der[0], x448_prefix, PREFIXLEN);
-		memcpy(&der[PREFIXLEN], k.const_byte_str(), X448_KEYLEN);
-		break;
-	case NID_ED448:
-		if (k.size() != ED448_KEYLEN)
-		{
-			ERROR_MSG("Invalid size. Expected: %lu, Actual: %lu", ED448_KEYLEN, k.size());
-			return;
-		}
-		der.resize(PREFIXLEN + ED448_KEYLEN);
-		memcpy(&der[0], ed448_prefix, PREFIXLEN);
-		memcpy(&der[PREFIXLEN], k.const_byte_str(), ED448_KEYLEN);
-		break;
-	default:
-		return;
-	}
-	const unsigned char *p = &der[0];
-	pkey = d2i_PrivateKey(nid, NULL, &p, (long)der.size());
+	const unsigned char *p = &derPrivateKey[0];
+  PKCS8_PRIV_KEY_INFO* p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, derPrivateKey.size());
+  if (!p8inf)
+  	ERROR_MSG("d2i_PKCS8_PRIV_KEY_INFO; error on decoding pkey");
+  pkey = EVP_PKCS82PKEY(p8inf);
+  PKCS8_PRIV_KEY_INFO_free(p8inf);
+
+  if (!pkey)
+  	ERROR_MSG("EVP_PKCS82PKEY; Error on deserialize derPrivateKey to pkey");
+
+  if (EVP_PKEY_get0_type_name(pkey) == NULL)
+  	{ ERROR_MSG("Could not determine algorithm name from EVP_PKEY"); return; }
+  name = EVP_PKEY_get0_type_name(pkey);
 }
+
+
 #endif
diff --git a/src/lib/crypto/OSSLSLHPrivateKey.h b/src/lib/crypto/OSSLSLHPrivateKey.h
index 9419abbda..68be7dd90 100644
--- a/src/lib/crypto/OSSLSLHPrivateKey.h
+++ b/src/lib/crypto/OSSLSLHPrivateKey.h
@@ -59,10 +59,7 @@ class OSSLSLHPrivateKey : public SLHPrivateKey
 	virtual unsigned long getOrderLength() const;
 
 	// Setters for the SLHDSA private key components
-	virtual void setK(const ByteString& inK);
-
-	// Setters for the SLHDSA public key components
-	virtual void setEC(const ByteString& inEC);
+	virtual void setDerPrivateKey(const ByteString& inSk);
 
 	// Encode into PKCS#8 DER
 	virtual ByteString PKCS8Encode();
@@ -78,7 +75,7 @@ class OSSLSLHPrivateKey : public SLHPrivateKey
 
 private:
 	// The internal OpenSSL representation
-	int nid;
+	const char* name;
 	EVP_PKEY* pkey;
 
 	// Create the OpenSSL representation of the key
diff --git a/src/lib/crypto/OSSLSLHPublicKey.cpp b/src/lib/crypto/OSSLSLHPublicKey.cpp
index cc71d1b7b..fc782eb26 100644
--- a/src/lib/crypto/OSSLSLHPublicKey.cpp
+++ b/src/lib/crypto/OSSLSLHPublicKey.cpp
@@ -39,43 +39,16 @@
 #include <openssl/x509.h>
 #include <string.h>
 
-#define X25519_KEYLEN	32
-#define X448_KEYLEN	56
-#define ED448_KEYLEN	57
-
-#define PREFIXLEN	12
-
-// Prefixes
-const unsigned char x25519_prefix[] = {
-	0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
-	0x6e, 0x03, 0x21, 0x00
-};
-
-const unsigned char x448_prefix[] = {
-	0x30, 0x42, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
-	0x6f, 0x03, 0x39, 0x00
-};
-
-const unsigned char ed25519_prefix[] = {
-	0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
-	0x70, 0x03, 0x21, 0x00
-};
-
-const unsigned char ed448_prefix[] = {
-	0x30, 0x43, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
-	0x71, 0x03, 0x3a, 0x00
-};
-
 // Constructors
 OSSLSLHPublicKey::OSSLSLHPublicKey()
 {
-	nid = NID_undef;
 	pkey = NULL;
+	name = NULL;
 }
 
 OSSLSLHPublicKey::OSSLSLHPublicKey(const EVP_PKEY* inPKEY)
 {
-	nid = NID_undef;
+	name = NULL;
 	pkey = NULL;
 
 	setFromOSSL(inPKEY);
@@ -84,80 +57,67 @@ OSSLSLHPublicKey::OSSLSLHPublicKey(const EVP_PKEY* inPKEY)
 // Destructor
 OSSLSLHPublicKey::~OSSLSLHPublicKey()
 {
-	EVP_PKEY_free(pkey);
+  if (pkey) {
+      EVP_PKEY_free(pkey);
+      pkey = NULL;
+  }
+  name = NULL;
 }
 
 // The type
 /*static*/ const char* OSSLSLHPublicKey::type = "OpenSSL SLHDSA Public Key";
 
-// Get the base point order length
 unsigned long OSSLSLHPublicKey::getOrderLength() const
 {
-	if (nid == NID_ED25519)
-		return X25519_KEYLEN;
-	if (nid == NID_ED448)
-		return ED448_KEYLEN;
-	return 0;
+  if (name == NULL){
+    ERROR_MSG("Could not determine the signature size, name is NULL");
+    return 0;
+  }
+  size_t name_len = strnlen(name, 100);
+  size_t signature_size = 0;
+
+  INFO_MSG("name %s", name);
+  if (strncmp(&name[name_len - 4], "128s", 4) == 0) {
+    signature_size = 7856;
+  } else if (strncmp(&name[name_len - 4], "128f", 4) == 0) {
+    signature_size = 17088;
+  } else if (strncmp(&name[name_len - 4], "192s", 4) == 0) {
+    signature_size = 16224;
+  } else if (strncmp(&name[name_len - 4], "192f", 4) == 0) {
+    signature_size = 35664;
+  } else if (strncmp(&name[name_len - 4], "256s", 4) == 0) {
+    signature_size = 29792;
+  } else if (strncmp(&name[name_len - 4], "256f", 4) == 0) {
+    signature_size = 49856;
+  } else{
+    ERROR_MSG("Could not determine the signature size");
+  }
+	return signature_size;
 }
 
 // Set from OpenSSL representation
 void OSSLSLHPublicKey::setFromOSSL(const EVP_PKEY* inPKEY)
 {
-	nid = EVP_PKEY_id(inPKEY);
-	if (nid == NID_undef)
-	{
-		return;
-	}
-	ByteString inEC = OSSL::oid2ByteString(nid);
-	SLHPublicKey::setEC(inEC);
+  if (EVP_PKEY_get0_type_name(inPKEY) == NULL)
+  {
+    ERROR_MSG("Could not determine algorithm name from EVP_PKEY");
+    return;
+  }
+  name = EVP_PKEY_get0_type_name(inPKEY);
 
-	// i2d_PUBKEY incorrectly does not const the key argument?!
-        EVP_PKEY* key = const_cast<EVP_PKEY*>(inPKEY);
-	int len = i2d_PUBKEY(key, NULL);
-	if (len <= 0)
-	{
-		ERROR_MSG("Could not encode SLHDSA public key");
-		return;
-	}
 	ByteString der;
+  int len = i2d_PUBKEY(inPKEY, NULL);
+  if (len <= 0)
+  {
+  	ERROR_MSG("i2d_PUBKEY info error, len is smaller or eq than zero");
+  	return;
+  }
 	der.resize(len);
-	unsigned char *p = &der[0];
-	i2d_PUBKEY(key, &p);
-	ByteString raw;
-	switch (nid) {
-	case NID_X25519:
-	case NID_ED25519:
-		if (len != (X25519_KEYLEN + PREFIXLEN))
-		{
-			ERROR_MSG("Invalid size. Expected: %lu, Actual: %lu", X25519_KEYLEN + PREFIXLEN, len);
-			return;
-		}
-		raw.resize(X25519_KEYLEN);
-		memcpy(&raw[0], &der[PREFIXLEN], X25519_KEYLEN);
-		break;
-	case NID_X448:
-		if (len != (X448_KEYLEN + PREFIXLEN))
-		{
-			ERROR_MSG("Invalid size. Expected: %lu, Actual: %lu", X448_KEYLEN + PREFIXLEN, len);
-			return;
-		}
-		raw.resize(X448_KEYLEN);
-		memcpy(&raw[0], &der[PREFIXLEN], X448_KEYLEN);
-		break;
-	case NID_ED448:
-		if (len != (ED448_KEYLEN + PREFIXLEN))
-		{
-			ERROR_MSG("Invalid size. Expected: %lu, Actual: %lu",
-				  ED448_KEYLEN + PREFIXLEN, len);
-			return;
-		}
-		raw.resize(ED448_KEYLEN);
-		memcpy(&raw[0], &der[PREFIXLEN], ED448_KEYLEN);
-		break;
-	default:
-		return;
-	}
-	setA(DERUTIL::raw2Octet(raw));
+  unsigned char* p = &der[0];
+  if (i2d_PUBKEY(inPKEY, &p) != len)
+  	{ ERROR_MSG("i2d_PUBKEY serialization error"); return; }
+
+	setDerPublicKey(der);
 }
 
 // Check if the key is of the given type
@@ -167,27 +127,18 @@ bool OSSLSLHPublicKey::isOfType(const char* inType)
 }
 
 // Setters for the SLHDSA public key components
-void OSSLSLHPublicKey::setEC(const ByteString& inEC)
+void OSSLSLHPublicKey::setDerPublicKey(const ByteString& inPk)
 {
-	SLHPublicKey::setEC(inEC);
+	SLHPublicKey::setDerPublicKey(inPk);
 
-	nid = OSSL::byteString2oid(inEC);
-	if (pkey)
-	{
-		EVP_PKEY_free(pkey);
-		pkey = NULL;
-	}
-}
+	getOSSLKey();
+  if (EVP_PKEY_get0_type_name(pkey) == NULL)
+  	{ ERROR_MSG("Could not determine algorithm name from EVP_PKEY"); return; }
 
-void OSSLSLHPublicKey::setA(const ByteString& inA)
-{
-	SLHPublicKey::setA(inA);
+  name = EVP_PKEY_get0_type_name(pkey);
 
 	if (pkey)
-	{
-		EVP_PKEY_free(pkey);
-		pkey = NULL;
-	}
+		{ EVP_PKEY_free(pkey); pkey = NULL; }
 }
 
 // Retrieve the OpenSSL representation of the key
@@ -203,56 +154,14 @@ void OSSLSLHPublicKey::createOSSLKey()
 {
 	if (pkey != NULL) return;
 
-	ByteString der;
-	ByteString raw = DERUTIL::octet2Raw(a);
-	size_t len = raw.size();
-	if (len == 0) return;
+	const unsigned char *p = &derPublicKey[0];
+	pkey = d2i_PUBKEY(NULL, &p, (long)derPublicKey.size());
+
+  if (!pkey)
+  	ERROR_MSG("d2i_PUBKEY; Error on deserialize derPublicKey to pkey");
 
-	switch (nid) {
-	case NID_X25519:
-		if (len != X25519_KEYLEN)
-		{
-			ERROR_MSG("Invalid size. Expected: %lu, Actual: %lu", X25519_KEYLEN, len);
-			return;
-		}
-		der.resize(PREFIXLEN + X25519_KEYLEN);
-		memcpy(&der[0], x25519_prefix, PREFIXLEN);
-		memcpy(&der[PREFIXLEN], raw.const_byte_str(), X25519_KEYLEN);
-		break;
-	case NID_ED25519:
-		if (len != X25519_KEYLEN)
-		{
-			ERROR_MSG("Invalid size. Expected: %lu, Actual: %lu", X25519_KEYLEN, len);
-			return;
-		}
-		der.resize(PREFIXLEN + X25519_KEYLEN);
-		memcpy(&der[0], ed25519_prefix, PREFIXLEN);
-		memcpy(&der[PREFIXLEN], raw.const_byte_str(), X25519_KEYLEN);
-		break;
-	case NID_X448:
-		if (len != X448_KEYLEN)
-		{
-			ERROR_MSG("Invalid size. Expected: %lu, Actual: %lu", X448_KEYLEN, len);
-			return;
-		}
-		der.resize(PREFIXLEN + X448_KEYLEN);
-		memcpy(&der[0], x448_prefix, PREFIXLEN);
-		memcpy(&der[PREFIXLEN], raw.const_byte_str(), X448_KEYLEN);
-		break;
-	case NID_ED448:
-		if (len != ED448_KEYLEN)
-		{
-			ERROR_MSG("Invalid size. Expected: %lu, Actual: %lu", ED448_KEYLEN, len);
-			return;
-		}
-		der.resize(PREFIXLEN + ED448_KEYLEN);
-		memcpy(&der[0], ed448_prefix, PREFIXLEN);
-		memcpy(&der[PREFIXLEN], raw.const_byte_str(), ED448_KEYLEN);
-		break;
-	default:
-		return;
-	}
-	const unsigned char *p = &der[0];
-	pkey = d2i_PUBKEY(NULL, &p, (long)der.size());
+  if (EVP_PKEY_get0_type_name(pkey) == NULL)
+  	{ ERROR_MSG("Could not determine algorithm name from EVP_PKEY"); return; }
+  name = EVP_PKEY_get0_type_name(pkey);
 }
 #endif
diff --git a/src/lib/crypto/OSSLSLHPublicKey.h b/src/lib/crypto/OSSLSLHPublicKey.h
index 3512952de..0dd4fccf6 100644
--- a/src/lib/crypto/OSSLSLHPublicKey.h
+++ b/src/lib/crypto/OSSLSLHPublicKey.h
@@ -58,8 +58,7 @@ class OSSLSLHPublicKey : public SLHPublicKey
 	virtual unsigned long getOrderLength() const;
 
 	// Setters for the SLHDSA public key components
-	virtual void setEC(const ByteString& inEC);
-	virtual void setA(const ByteString& inA);
+	virtual void setDerPublicKey(const ByteString& inPk);
 
 	// Set from OpenSSL representation
 	virtual void setFromOSSL(const EVP_PKEY* inPKEY);
@@ -69,7 +68,7 @@ class OSSLSLHPublicKey : public SLHPublicKey
 
 private:
 	// The internal OpenSSL representation
-	int nid;
+	const char* name;
 	EVP_PKEY* pkey;
 
 	// Create the OpenSSL representation of the key
diff --git a/src/lib/crypto/OSSLUtil.cpp b/src/lib/crypto/OSSLUtil.cpp
index bf13b1f7f..a0e4b0d80 100644
--- a/src/lib/crypto/OSSLUtil.cpp
+++ b/src/lib/crypto/OSSLUtil.cpp
@@ -118,7 +118,7 @@ EC_POINT* OSSL::byteString2pt(const ByteString& byteString, const EC_GROUP* grp)
 }
 #endif
 
-#if defined(WITH_EDDSA) || defined(WITH_SLHDSA)
+#if defined(WITH_EDDSA)
 // Convert an OpenSSL NID to a ByteString
 ByteString OSSL::oid2ByteString(int nid)
 {
diff --git a/src/lib/crypto/OSSLUtil.h b/src/lib/crypto/OSSLUtil.h
index 2ec7d6f40..6c1512592 100644
--- a/src/lib/crypto/OSSLUtil.h
+++ b/src/lib/crypto/OSSLUtil.h
@@ -65,7 +65,7 @@ namespace OSSL
 	EC_POINT* byteString2pt(const ByteString& byteString, const EC_GROUP* grp);
 #endif
 
-#if defined(WITH_EDDSA) || defined(WITH_SLHDSA)
+#if defined(WITH_EDDSA)
 	// Convert an OpenSSL NID to a ByteString
 	ByteString oid2ByteString(int nid);
 
diff --git a/src/lib/crypto/SLHParameters.cpp b/src/lib/crypto/SLHParameters.cpp
new file mode 100644
index 000000000..4816e9f80
--- /dev/null
+++ b/src/lib/crypto/SLHParameters.cpp
@@ -0,0 +1,74 @@
+/*
+ * Copyright (c) 2010 SURFnet bv
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+ * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+ * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*****************************************************************************
+ SLHParameters.cpp
+
+ SLH-DSA parameters (only used for key generation)
+ *****************************************************************************/
+
+#include "config.h"
+#include "log.h"
+#include "SLHParameters.h"
+#include <string.h>
+
+const char* SLHParameters::type = "Generic SLH parameters";
+
+void SLHParameters::setName(const ByteString& inName)
+{
+	name = inName;
+}
+
+const ByteString& SLHParameters::getName() const
+{
+	return name;
+}
+
+bool SLHParameters::areOfType(const char* inType)
+{
+	return (strcmp(type, inType) == 0);
+}
+
+// Serialisation
+ByteString SLHParameters::serialise() const
+{
+	return name.serialise();
+}
+
+bool SLHParameters::deserialise(ByteString& serialised)
+{
+	ByteString dName = ByteString::chainDeserialise(serialised);
+
+	if (dName.size() == 0)
+	{
+		return false;
+	}
+
+	setName(dName);
+
+	return true;
+}
+
diff --git a/src/lib/crypto/SLHParameters.h b/src/lib/crypto/SLHParameters.h
new file mode 100644
index 000000000..e409e353f
--- /dev/null
+++ b/src/lib/crypto/SLHParameters.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 2010 SURFnet bv
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+ * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+ * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*****************************************************************************
+ SLHParameters.h
+
+ SLH-DSA parameters (only used for key generation)
+ *****************************************************************************/
+
+#ifndef _SOFTHSM_V2_SLHPARAMETERS_H
+#define _SOFTHSM_V2_SLHPARAMETERS_H
+
+#include "config.h"
+#include "ByteString.h"
+#include "AsymmetricParameters.h"
+
+class SLHParameters : public AsymmetricParameters
+{
+public:
+	// The type
+	static const char* type;
+
+	void setName(const ByteString& inName);
+	const ByteString& getName() const;
+
+	// Are the parameters of the given type?
+	virtual bool areOfType(const char* inType);
+
+	// Serialisation
+	virtual ByteString serialise() const;
+	virtual bool deserialise(ByteString& serialised);
+
+private:
+	ByteString name;
+};
+
+#endif // !_SOFTHSM_V2_SLHPARAMETERS_H
+
diff --git a/src/lib/crypto/SLHPrivateKey.cpp b/src/lib/crypto/SLHPrivateKey.cpp
index 1d2d69e03..832061b9d 100644
--- a/src/lib/crypto/SLHPrivateKey.cpp
+++ b/src/lib/crypto/SLHPrivateKey.cpp
@@ -47,60 +47,41 @@ bool SLHPrivateKey::isOfType(const char* inType)
 // Get the bit length
 unsigned long SLHPrivateKey::getBitLength() const
 {
-	return getK().bits();
+	return getDerPrivateKey().size() * 8;
 }
 
 // Get the output length
 unsigned long SLHPrivateKey::getOutputLength() const
 {
-	return getOrderLength() * 2;
+	return getOrderLength();
 }
 
-// Setters for the SLHDSA private key components
-void SLHPrivateKey::setK(const ByteString& inK)
+void SLHPrivateKey::setDerPrivateKey(const ByteString& inSk)
 {
-	k = inK;
+	derPrivateKey = inSk;
 }
 
-// Setters for the SLHDSA public key components
-void SLHPrivateKey::setEC(const ByteString& inEC)
+const ByteString& SLHPrivateKey::getDerPrivateKey() const
 {
-	ec = inEC;
-}
-
-// Getters for the SLHDSA private key components
-const ByteString& SLHPrivateKey::getK() const
-{
-	return k;
-}
-
-// Getters for the SLHDSA public key components
-const ByteString& SLHPrivateKey::getEC() const
-{
-	return ec;
+	return derPrivateKey;
 }
 
 // Serialisation
 ByteString SLHPrivateKey::serialise() const
 {
-	return ec.serialise() +
-	       k.serialise();
+	return derPrivateKey.serialise();
 }
 
 bool SLHPrivateKey::deserialise(ByteString& serialised)
 {
-	ByteString dEC = ByteString::chainDeserialise(serialised);
-	ByteString dK = ByteString::chainDeserialise(serialised);
+	ByteString dDerPrivateKey = ByteString::chainDeserialise(serialised);
 
-	if ((dEC.size() == 0) ||
-	    (dK.size() == 0))
+	if (dDerPrivateKey.size() == 0)
 	{
 		return false;
 	}
 
-	setEC(dEC);
-	setK(dK);
-
+	setDerPrivateKey(dDerPrivateKey);
 	return true;
 }
 
diff --git a/src/lib/crypto/SLHPrivateKey.h b/src/lib/crypto/SLHPrivateKey.h
index 936d21442..55984beb7 100644
--- a/src/lib/crypto/SLHPrivateKey.h
+++ b/src/lib/crypto/SLHPrivateKey.h
@@ -51,31 +51,24 @@ class SLHPrivateKey : public PrivateKey
 	// Get the output length
 	virtual unsigned long getOutputLength() const;
 
-	// Get the base point order length
+	// Get the order length
 	virtual unsigned long getOrderLength() const = 0;
 
 	// Setters for the SLHDSA private key components
-	virtual void setK(const ByteString& inK);
-
-	// Setters for the SLHDSA public key components
-	virtual void setEC(const ByteString& inEC);
+	virtual void setDerPrivateKey(const ByteString& inSk);
 
 	// Getters for the SLHDSA private key components
-	virtual const ByteString& getK() const;
-
-	// Getters for the SLHDSA public key components
-	virtual const ByteString& getEC() const;
+	virtual const ByteString& getDerPrivateKey() const;
 
 	// Serialisation
 	virtual ByteString serialise() const;
 	virtual bool deserialise(ByteString& serialised);
 
 protected:
-	// Private components
-	ByteString k;
-
-	// Public components
-	ByteString ec;
+	// TODO: Replace derPrivateKey with attrs + getters and setters.
+	// generally these attrs are from type ByteString
+	// SK = (SK.seed, SK.prf, PK)
+	ByteString derPrivateKey;
 };
 
 #endif // !_SOFTHSM_V2_SLHPRIVATEKEY_H
diff --git a/src/lib/crypto/SLHPublicKey.cpp b/src/lib/crypto/SLHPublicKey.cpp
index d3644aa02..b88b083ee 100644
--- a/src/lib/crypto/SLHPublicKey.cpp
+++ b/src/lib/crypto/SLHPublicKey.cpp
@@ -47,57 +47,43 @@ bool SLHPublicKey::isOfType(const char* inType)
 // Get the bit length
 unsigned long SLHPublicKey::getBitLength() const
 {
-	return getA().size() * 8;
+	return getDerPublicKey().size() * 8;
 }
 
 // Get the output length
 unsigned long SLHPublicKey::getOutputLength() const
 {
-	return getOrderLength() * 2;
+	return getOrderLength();
 }
 
-// Setters for the EC public key components
-void SLHPublicKey::setEC(const ByteString& inEC)
+// Setters for the SLH public key components
+void SLHPublicKey::setDerPublicKey(const ByteString& inPk)
 {
-	ec = inEC;
+	derPublicKey = inPk;
 }
 
-void SLHPublicKey::setA(const ByteString& inA)
+// Getters for the SLH public key components
+const ByteString& SLHPublicKey::getDerPublicKey() const
 {
-	a = inA;
-}
-
-// Getters for the EC public key components
-const ByteString& SLHPublicKey::getEC() const
-{
-	return ec;
-}
-
-const ByteString& SLHPublicKey::getA() const
-{
-	return a;
+	return derPublicKey;
 }
 
 // Serialisation
 ByteString SLHPublicKey::serialise() const
 {
-	return ec.serialise() +
-	       a.serialise();
+	return derPublicKey.serialise();
 }
 
 bool SLHPublicKey::deserialise(ByteString& serialised)
 {
-	ByteString dEC = ByteString::chainDeserialise(serialised);
-	ByteString dA = ByteString::chainDeserialise(serialised);
+	ByteString dDerPublicKey = ByteString::chainDeserialise(serialised);
 
-	if ((dEC.size() == 0) ||
-	    (dA.size() == 0))
+	if (dDerPublicKey.size() == 0)
 	{
 		return false;
 	}
 
-	setEC(dEC);
-	setA(dA);
+	setDerPublicKey(dDerPublicKey);
 
 	return true;
 }
diff --git a/src/lib/crypto/SLHPublicKey.h b/src/lib/crypto/SLHPublicKey.h
index 393e1c303..1487a6d7b 100644
--- a/src/lib/crypto/SLHPublicKey.h
+++ b/src/lib/crypto/SLHPublicKey.h
@@ -51,16 +51,14 @@ class SLHPublicKey : public PublicKey
 	// Get the output length
 	virtual unsigned long getOutputLength() const;
 
-	// Get the base point order length
+	// Get the order length
 	virtual unsigned long getOrderLength() const = 0;
 
 	// Setters for the SLHDSA public key components
-	virtual void setEC(const ByteString& inEc);
-	virtual void setA(const ByteString& inA);
+	virtual void setDerPublicKey(const ByteString& inPk);
 
 	// Getters for the SLHDSA public key components
-	virtual const ByteString& getEC() const;
-	virtual const ByteString& getA() const;
+	virtual const ByteString& getDerPublicKey() const;
 
 	// Serialisation
 	virtual ByteString serialise() const;
@@ -68,7 +66,10 @@ class SLHPublicKey : public PublicKey
 
 protected:
 	// Public components
-	ByteString ec, a;
+	// TODO: Replace derPrivateKey with attrs + getters and setters.
+	// generally these attrs are from type ByteString
+	// PK = (PK.seed, PK.root)
+	ByteString derPublicKey;
 };
 
 #endif // !_SOFTHSM_V2_SLHPUBLICKEY_H
diff --git a/src/lib/pkcs11/pkcs11.h b/src/lib/pkcs11/pkcs11.h
index b156a4601..8420c5ef0 100644
--- a/src/lib/pkcs11/pkcs11.h
+++ b/src/lib/pkcs11/pkcs11.h
@@ -408,7 +408,7 @@ typedef unsigned long ck_key_type_t;
 #define CKK_GOSTR3411		(0x31UL)
 #define CKK_GOST28147		(0x32UL)
 #define CKK_EC_EDWARDS		(0x40UL)
-#define CKK_SLHDSA		(0x40UL)
+#define CKK_SLHDSA		(0x80010037UL)
 #define CKK_VENDOR_DEFINED	((unsigned long) (1UL << 31))
 
 
@@ -486,7 +486,7 @@ typedef unsigned long ck_attribute_type_t;
 #define CKA_DESTROYABLE			(0x172UL)
 #define CKA_ECDSA_PARAMS		(0x180UL)
 #define CKA_EC_PARAMS			(0x180UL)
-#define CKA_SLHDSA_PARAMS			(0x180UL)
+#define CKA_SLHDSA_PARAMS			(0x80000030UL)
 #define CKA_EC_POINT			(0x181UL)
 #define CKA_SECONDARY_AUTH		(0x200UL)
 #define CKA_AUTH_PIN_FLAGS		(0x201UL)
@@ -894,8 +894,8 @@ typedef unsigned long ck_mechanism_type_t;
 /* From version 3.0 */
 #define CKM_EC_EDWARDS_KEY_PAIR_GEN	(0x1055UL)
 #define CKM_EDDSA			(0x1057UL)
-#define CKM_SLH_KEY_PAIR_GEN	(0x1055UL)
-#define CKM_SLHDSA			(0x1057UL)
+#define CKM_SLH_KEY_PAIR_GEN	(0x80010003UL)
+#define CKM_SLHDSA			(0x80010006UL)
 
 /* Attribute and other constants related to OTP */
 #define CK_OTP_FORMAT_DECIMAL		(0UL)

From 07a76cb7ff69766ae34b34b62dee259a9c2cf80d Mon Sep 17 00:00:00 2001
From: Joao Henrique <joao.henrique1299@hotmail.com>
Date: Tue, 4 Nov 2025 23:00:56 -0300
Subject: [PATCH 09/21] chore: remove dockerfile used on developing process

---
 Dockerfile | 82 ------------------------------------------------------
 1 file changed, 82 deletions(-)
 delete mode 100644 Dockerfile

diff --git a/Dockerfile b/Dockerfile
deleted file mode 100644
index 6a1fd3e71..000000000
--- a/Dockerfile
+++ /dev/null
@@ -1,82 +0,0 @@
-FROM ubuntu:24.04 AS openssl_builder
-
-RUN apt update && \
-    apt install -y \
-    build-essential \
-    make \
-    libtext-template-perl \
-    wget \
-    git && \
-    rm -rf /var/lib/apt/lists/*
-
-WORKDIR /crypt
-
-RUN wget https://github.com/openssl/openssl/archive/refs/tags/openssl-3.5.1.tar.gz && \
-    mkdir openssl && \
-    tar -xvf openssl-3.5.1.tar.gz -C openssl --strip-components=1 && \
-    rm openssl-3.5.1.tar.gz
-
-WORKDIR /crypt/openssl
-
-RUN ./config --prefix=/usr/local --openssldir=/usr/local/ssl -Wl,-rpath=/usr/local/lib && \
-    make -j$(nproc) && \
-    make install
-
-FROM ubuntu:24.04 AS softhsm_builder
-
-COPY --from=openssl_builder /usr/local/bin/openssl /usr/local/bin/
-COPY --from=openssl_builder /usr/local/lib64/ /usr/local/lib64/
-COPY --from=openssl_builder /usr/local/ssl/ /usr/local/ssl/
-COPY --from=openssl_builder /usr/local/include/ /usr/local/include/
-
-RUN echo '/usr/local/lib64' > /etc/ld.so.conf.d/openssl.conf && \
-    ldconfig
-
-ENV LD_LIBRARY_PATH=/usr/local/lib64
-
-RUN apt update && \
-    apt install -y \
-    automake \
-    autoconf \
-    libtool \
-    pkg-config \
-    make \
-    g++ \
-    libsqlite3-dev \
-    libp11-kit-dev \
-    libcppunit-dev \
-    sudo \
-    opensc \
-    opensc-pkcs11 \
-    busybox-syslogd
-
-WORKDIR /app
-COPY . /app
-
-RUN sh autogen.sh
-
-RUN ./configure --with-objectstore-backend-db --disable-gost --enable-eddsa --enable-slhdsa --with-crypto-backend=openssl
-
-RUN make
-
-RUN make install
-
-# If needed, the conf file definitions goes here.
-# about conf file: man softhsm2.conf
-
-# Create config dir and log file
-RUN mkdir -p /etc/softhsm /var/lib/softhsm/tokens
-
-# Write softhsm2.conf
-RUN cat > /etc/softhsm2.conf <<'EOF'
-directories.tokendir = /var/lib/softhsm/tokens/
-
-log.level = INFO
-EOF
-
-# INIT SYSLOG
-# syslogd -n -O /var/log/syslog &
-
-RUN softhsm2-util --init-token --slot 0 --label "My SoftHSM Token" --so-pin 0000 --pin 0000
-
-CMD ["bash"]

From bb16d379886bf611bc2c5a3ba9dbcc8aa0ed0bd9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jo=C3=A3o=20Henrique?=
 <42558165+JoaoHenrique12@users.noreply.github.com>
Date: Mon, 27 Oct 2025 21:57:07 -0300
Subject: [PATCH 10/21] test(unit): slhdsa keypair tests added (#5)

key gen, serialization, deserialization, pkcs8, sign and verify
---
 src/lib/crypto/test/Makefile.am     |   1 +
 src/lib/crypto/test/SLHDSATests.cpp | 241 ++++++++++++++++++++++++++++
 src/lib/crypto/test/SLHDSATests.h   |  61 +++++++
 3 files changed, 303 insertions(+)
 create mode 100644 src/lib/crypto/test/SLHDSATests.cpp
 create mode 100644 src/lib/crypto/test/SLHDSATests.h

diff --git a/src/lib/crypto/test/Makefile.am b/src/lib/crypto/test/Makefile.am
index 4065ef9ce..7def9c5ae 100644
--- a/src/lib/crypto/test/Makefile.am
+++ b/src/lib/crypto/test/Makefile.am
@@ -20,6 +20,7 @@ cryptotest_SOURCES =		cryptotest.cpp \
 				DSATests.cpp \
 				ECDHTests.cpp \
 				ECDSATests.cpp \
+				SLHDSATests.cpp \
 				EDDSATests.cpp \
 				GOSTTests.cpp \
 				HashTests.cpp \
diff --git a/src/lib/crypto/test/SLHDSATests.cpp b/src/lib/crypto/test/SLHDSATests.cpp
new file mode 100644
index 000000000..2067f362d
--- /dev/null
+++ b/src/lib/crypto/test/SLHDSATests.cpp
@@ -0,0 +1,241 @@
+/*
+ * Copyright (c) 2010 SURFnet bv
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+ * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+ * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*****************************************************************************
+ SLHDSATests.cpp
+
+ Contains test cases to test the SLHDSA class
+ *****************************************************************************/
+
+#include "SLHDSATests.h"
+#include "AsymmetricAlgorithm.h"
+#include "AsymmetricKeyPair.h"
+#include "CryptoFactory.h"
+#include "RNG.h"
+#ifdef WITH_SLHDSA
+#include "SLHParameters.h"
+#include "SLHPrivateKey.h"
+#include "SLHPublicKey.h"
+#include <cppunit/extensions/HelperMacros.h>
+#include <stdlib.h>
+#include <utility>
+#include <vector>
+
+CPPUNIT_TEST_SUITE_REGISTRATION(SLHDSATests);
+
+void SLHDSATests::setUp() {
+  slhdsa = NULL;
+
+  slhdsa = CryptoFactory::i()->getAsymmetricAlgorithm(AsymAlgo::SLHDSA);
+
+  // Check the SLHDSA object
+  CPPUNIT_ASSERT(slhdsa != NULL);
+}
+
+void SLHDSATests::tearDown() {
+  if (slhdsa != NULL) {
+    CryptoFactory::i()->recycleAsymmetricAlgorithm(slhdsa);
+  }
+
+  fflush(stdout);
+}
+
+void SLHDSATests::testKeyGeneration() {
+  // slhdsa_names to test
+  std::vector<ByteString> slhdsa_names;
+  slhdsa_names.push_back(
+      ByteString((const unsigned char *)"SLH-DSA-SHA2-128s", 18));
+  slhdsa_names.push_back(
+      ByteString((const unsigned char *)"SLH-DSA-SHAKE-128s", 20));
+  slhdsa_names.push_back(
+      ByteString((const unsigned char *)"SLH-DSA-SHA2-128f", 18));
+  slhdsa_names.push_back(
+      ByteString((const unsigned char *)"SLH-DSA-SHAKE-128f", 20));
+
+  slhdsa_names.push_back(
+      ByteString((const unsigned char *)"SLH-DSA-SHA2-192s", 18));
+  slhdsa_names.push_back(
+      ByteString((const unsigned char *)"SLH-DSA-SHAKE-192s", 20));
+  slhdsa_names.push_back(
+      ByteString((const unsigned char *)"SLH-DSA-SHA2-192f", 18));
+  slhdsa_names.push_back(
+      ByteString((const unsigned char *)"SLH-DSA-SHAKE-192f", 20));
+
+  slhdsa_names.push_back(
+      ByteString((const unsigned char *)"SLH-DSA-SHA2-256s", 18));
+  slhdsa_names.push_back(
+      ByteString((const unsigned char *)"SLH-DSA-SHAKE-256s", 20));
+  slhdsa_names.push_back(
+      ByteString((const unsigned char *)"SLH-DSA-SHA2-256f", 18));
+  slhdsa_names.push_back(
+      ByteString((const unsigned char *)"SLH-DSA-SHAKE-256f", 20));
+
+  for (auto c = slhdsa_names.begin(); c != slhdsa_names.end(); c++) {
+    AsymmetricKeyPair *kp;
+    SLHParameters *p = new SLHParameters();
+    p->setName(*c);
+
+    // Generate key-pair
+    CPPUNIT_ASSERT(slhdsa->generateKeyPair(&kp, p));
+
+    SLHPublicKey *pub = (SLHPublicKey *)kp->getPublicKey();
+    SLHPrivateKey *priv = (SLHPrivateKey *)kp->getPrivateKey();
+
+    CPPUNIT_ASSERT(pub->getDerPublicKey() != ByteString(""));
+    CPPUNIT_ASSERT(priv->getDerPrivateKey() != ByteString(""));
+
+    slhdsa->recycleParameters(p);
+    slhdsa->recycleKeyPair(kp);
+  }
+}
+
+void SLHDSATests::testSerialisation()
+{
+	SLHParameters* p = new SLHParameters;
+	p->setName(ByteString((const unsigned char *) "SLH-DSA-SHA2-192f", 18));
+
+	// Serialise the parameters
+	ByteString serialisedParams = p->serialise();
+
+	// Deserialise the parameters
+	AsymmetricParameters* dName;
+
+	CPPUNIT_ASSERT(slhdsa->reconstructParameters(&dName, serialisedParams));
+
+	CPPUNIT_ASSERT(dName->areOfType(SLHParameters::type));
+
+	SLHParameters* ddName = (SLHParameters*) dName;
+
+	CPPUNIT_ASSERT(p->getName() == ddName->getName());
+
+	// Generate a key-pair
+	AsymmetricKeyPair* kp;
+
+	CPPUNIT_ASSERT(slhdsa->generateKeyPair(&kp, dName));
+
+	// Serialise the key-pair
+	ByteString serialisedKP = kp->serialise();
+
+	// Deserialise the key-pair
+	AsymmetricKeyPair* dKP;
+
+	CPPUNIT_ASSERT(slhdsa->reconstructKeyPair(&dKP, serialisedKP));
+
+	// Check the deserialised key-pair
+	SLHPrivateKey* privKey = (SLHPrivateKey*) kp->getPrivateKey();
+	SLHPublicKey* pubKey = (SLHPublicKey*) kp->getPublicKey();
+
+	SLHPrivateKey* dPrivKey = (SLHPrivateKey*) dKP->getPrivateKey();
+	SLHPublicKey* dPubKey = (SLHPublicKey*) dKP->getPublicKey();
+
+	CPPUNIT_ASSERT(privKey->getDerPrivateKey() == dPrivKey->getDerPrivateKey());
+
+	CPPUNIT_ASSERT(pubKey->getDerPublicKey() == dPubKey->getDerPublicKey());
+
+	slhdsa->recycleParameters(p);
+	slhdsa->recycleParameters(dName);
+	slhdsa->recycleKeyPair(kp);
+	slhdsa->recycleKeyPair(dKP);
+}
+
+void SLHDSATests::testPKCS8()
+{
+	SLHParameters* p = new SLHParameters;
+	p->setName(ByteString((const unsigned char *) "SLH-DSA-SHA2-192f", 18));
+
+	// Generate a key-pair
+	AsymmetricKeyPair* kp;
+
+	CPPUNIT_ASSERT(slhdsa->generateKeyPair(&kp, p));
+	CPPUNIT_ASSERT(kp != NULL);
+
+	SLHPrivateKey* priv = (SLHPrivateKey*) kp->getPrivateKey();
+	CPPUNIT_ASSERT(priv != NULL);
+
+	// Encode and decode the private key
+	ByteString pkcs8 = priv->PKCS8Encode();
+	CPPUNIT_ASSERT(pkcs8.size() != 0);
+
+	SLHPrivateKey* dPriv = (SLHPrivateKey*) slhdsa->newPrivateKey();
+	CPPUNIT_ASSERT(dPriv != NULL);
+
+	CPPUNIT_ASSERT(dPriv->PKCS8Decode(pkcs8));
+
+	CPPUNIT_ASSERT(priv->getDerPrivateKey() == dPriv->getDerPrivateKey());
+
+	slhdsa->recycleParameters(p);
+	slhdsa->recycleKeyPair(kp);
+	slhdsa->recyclePrivateKey(dPriv);
+}
+
+void SLHDSATests::testSigningVerifying()
+{
+  // slhdsa_names to test
+  std::vector<ByteString> slhdsa_names;
+  slhdsa_names.push_back(ByteString((const unsigned char *)"SLH-DSA-SHA2-128s", 18));
+  slhdsa_names.push_back(ByteString((const unsigned char *)"SLH-DSA-SHAKE-128s", 20));
+  slhdsa_names.push_back(ByteString((const unsigned char *)"SLH-DSA-SHA2-128f", 18));
+  slhdsa_names.push_back(ByteString((const unsigned char *)"SLH-DSA-SHAKE-128f", 20));
+
+  slhdsa_names.push_back(ByteString((const unsigned char *)"SLH-DSA-SHA2-192s", 18));
+  slhdsa_names.push_back(ByteString((const unsigned char *)"SLH-DSA-SHAKE-192s", 20));
+  slhdsa_names.push_back(ByteString((const unsigned char *)"SLH-DSA-SHA2-192f", 18));
+  slhdsa_names.push_back(ByteString((const unsigned char *)"SLH-DSA-SHAKE-192f", 20));
+
+  slhdsa_names.push_back(ByteString((const unsigned char *)"SLH-DSA-SHA2-256s", 18));
+  slhdsa_names.push_back(ByteString((const unsigned char *)"SLH-DSA-SHAKE-256s", 20));
+  slhdsa_names.push_back(ByteString((const unsigned char *)"SLH-DSA-SHA2-256f", 18));
+  slhdsa_names.push_back(ByteString((const unsigned char *)"SLH-DSA-SHAKE-256f", 20));
+
+  for (auto c = slhdsa_names.begin(); c != slhdsa_names.end(); c++) {
+    AsymmetricKeyPair *kp;
+    SLHParameters *p = new SLHParameters();
+    p->setName(*c);
+
+    // Generate key-pair
+    CPPUNIT_ASSERT(slhdsa->generateKeyPair(&kp, p));
+		CPPUNIT_ASSERT(p != NULL);
+
+		// Generate some data to sign
+		ByteString dataToSign;
+
+		RNG* rng = CryptoFactory::i()->getRNG();
+		CPPUNIT_ASSERT(rng != NULL);
+
+		CPPUNIT_ASSERT(rng->generateRandom(dataToSign, 567));
+
+		// Sign the data
+		ByteString sig;
+		CPPUNIT_ASSERT(slhdsa->sign(kp->getPrivateKey(), dataToSign, sig, AsymMech::SLHDSA));
+
+		// And verify it
+		CPPUNIT_ASSERT(slhdsa->verify(kp->getPublicKey(), dataToSign, sig, AsymMech::SLHDSA));
+
+		slhdsa->recycleKeyPair(kp);
+		slhdsa->recycleParameters(p);
+	}
+}
+#endif
diff --git a/src/lib/crypto/test/SLHDSATests.h b/src/lib/crypto/test/SLHDSATests.h
new file mode 100644
index 000000000..2523dabb4
--- /dev/null
+++ b/src/lib/crypto/test/SLHDSATests.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 2010 SURFnet bv
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+ * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+ * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*****************************************************************************
+ SLHDSATests.h
+
+ Contains test cases to test the SLHDSA class
+ *****************************************************************************/
+
+#ifndef _SOFTHSM_V2_SLHDSATESTS_H
+#define _SOFTHSM_V2_SLHDSATESTS_H
+
+#include "AsymmetricAlgorithm.h"
+#include <cppunit/extensions/HelperMacros.h>
+
+class SLHDSATests : public CppUnit::TestFixture {
+  CPPUNIT_TEST_SUITE(SLHDSATests);
+  CPPUNIT_TEST(testKeyGeneration);
+  CPPUNIT_TEST(testSerialisation);
+  CPPUNIT_TEST(testPKCS8);
+  CPPUNIT_TEST(testSigningVerifying);
+  CPPUNIT_TEST_SUITE_END();
+
+public:
+  void testKeyGeneration();
+  void testSerialisation();
+  void testPKCS8();
+  void testSigningVerifying();
+
+  void setUp();
+  void tearDown();
+
+private:
+  // SLHDSA instance
+  AsymmetricAlgorithm *slhdsa;
+};
+
+#endif // !_SOFTHSM_V2_SLHDSATESTS_H

From c4d6e5982539d000fc923965c033923512e48d3c Mon Sep 17 00:00:00 2001
From: Joao Henrique <joao.henrique1299@hotmail.com>
Date: Tue, 11 Nov 2025 15:02:00 -0300
Subject: [PATCH 11/21] fix(coderabbit): issue about ';' on error log, removed
 additional logs

these logs was used on exploratory part, do not make sense for now
---
 src/lib/P11Objects.cpp | 2 --
 1 file changed, 2 deletions(-)

diff --git a/src/lib/P11Objects.cpp b/src/lib/P11Objects.cpp
index 4b15556a7..5142a938a 100644
--- a/src/lib/P11Objects.cpp
+++ b/src/lib/P11Objects.cpp
@@ -226,7 +226,6 @@ CK_RV P11Object::saveTemplate(Token *token, bool isPrivate, CK_ATTRIBUTE_PTR pTe
 
 		if (attr == NULL)
 		{
-    	ERROR_MSG("ATTR is NULL for attribute type 0x%08X, abortTransaction", (unsigned int)pTemplate[i].type);
 			osobject->abortTransaction();
 			return CKR_ATTRIBUTE_TYPE_INVALID;
 		}
@@ -235,7 +234,6 @@ CK_RV P11Object::saveTemplate(Token *token, bool isPrivate, CK_ATTRIBUTE_PTR pTe
 		CK_RV rv = attr->update(token,isPrivate, pTemplate[i].pValue, pTemplate[i].ulValueLen, op);
 		if (rv != CKR_OK)
 		{
-			ERROR_MSG("ATTR update error, abortTransaction")
 			osobject->abortTransaction();
 			return rv;
 		}

From 778e4128bd7f8861d07daaa3b36819b91c794ef9 Mon Sep 17 00:00:00 2001
From: Joao Henrique <joao.henrique1299@hotmail.com>
Date: Tue, 11 Nov 2025 15:03:16 -0300
Subject: [PATCH 12/21] fix(coderabbit): remove guard for slhdsa on oid
 operations

slh-dsa do not use it, renmant of duplication of eddsa
---
 src/lib/crypto/OSSLUtil.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lib/crypto/OSSLUtil.h b/src/lib/crypto/OSSLUtil.h
index 6c1512592..04e32df4f 100644
--- a/src/lib/crypto/OSSLUtil.h
+++ b/src/lib/crypto/OSSLUtil.h
@@ -39,7 +39,7 @@
 #ifdef WITH_ECC
 #include <openssl/ec.h>
 #endif
-#if defined(WITH_EDDSA) || defined(WITH_SLHDSA)
+#if defined(WITH_EDDSA)
 #include <openssl/objects.h>
 #endif
 

From f0a9949d2e923da0c0a71ad30aea23e334eb2df3 Mon Sep 17 00:00:00 2001
From: Joao Henrique <joao.henrique1299@hotmail.com>
Date: Tue, 11 Nov 2025 15:04:14 -0300
Subject: [PATCH 13/21] fix(coderabbit): return correct min/max size on
 OSSLSLHDSA.cpp

---
 src/lib/crypto/OSSLSLHDSA.cpp | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/lib/crypto/OSSLSLHDSA.cpp b/src/lib/crypto/OSSLSLHDSA.cpp
index 049f9d641..c4348d35b 100644
--- a/src/lib/crypto/OSSLSLHDSA.cpp
+++ b/src/lib/crypto/OSSLSLHDSA.cpp
@@ -367,14 +367,12 @@ bool OSSLSLHDSA::deriveKey(SymmetricKey **ppSymmetricKey, PublicKey* publicKey,
 
 unsigned long OSSLSLHDSA::getMinKeySize()
 {
-	// Ed25519 is supported
-	return 255;
+	return 7856;
 }
 
 unsigned long OSSLSLHDSA::getMaxKeySize()
 {
-	// Ed448 is supported
-	return 448;
+	return 49856;
 }
 
 bool OSSLSLHDSA::reconstructKeyPair(AsymmetricKeyPair** ppKeyPair, ByteString& serialisedData)

From 811dfdf53a7aff9f8922f572b1da1a2a687c6b72 Mon Sep 17 00:00:00 2001
From: Joao Henrique <joao.henrique1299@hotmail.com>
Date: Tue, 11 Nov 2025 15:05:11 -0300
Subject: [PATCH 14/21] test(coderabbit): fix bytestring size for slhdsa names
 with shake

it was 20 and should be 19
---
 src/lib/crypto/test/SLHDSATests.cpp | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/src/lib/crypto/test/SLHDSATests.cpp b/src/lib/crypto/test/SLHDSATests.cpp
index 2067f362d..b43995e48 100644
--- a/src/lib/crypto/test/SLHDSATests.cpp
+++ b/src/lib/crypto/test/SLHDSATests.cpp
@@ -69,29 +69,29 @@ void SLHDSATests::testKeyGeneration() {
   slhdsa_names.push_back(
       ByteString((const unsigned char *)"SLH-DSA-SHA2-128s", 18));
   slhdsa_names.push_back(
-      ByteString((const unsigned char *)"SLH-DSA-SHAKE-128s", 20));
+      ByteString((const unsigned char *)"SLH-DSA-SHAKE-128s", 19));
   slhdsa_names.push_back(
       ByteString((const unsigned char *)"SLH-DSA-SHA2-128f", 18));
   slhdsa_names.push_back(
-      ByteString((const unsigned char *)"SLH-DSA-SHAKE-128f", 20));
+      ByteString((const unsigned char *)"SLH-DSA-SHAKE-128f", 19));
 
   slhdsa_names.push_back(
       ByteString((const unsigned char *)"SLH-DSA-SHA2-192s", 18));
   slhdsa_names.push_back(
-      ByteString((const unsigned char *)"SLH-DSA-SHAKE-192s", 20));
+      ByteString((const unsigned char *)"SLH-DSA-SHAKE-192s", 19));
   slhdsa_names.push_back(
       ByteString((const unsigned char *)"SLH-DSA-SHA2-192f", 18));
   slhdsa_names.push_back(
-      ByteString((const unsigned char *)"SLH-DSA-SHAKE-192f", 20));
+      ByteString((const unsigned char *)"SLH-DSA-SHAKE-192f", 19));
 
   slhdsa_names.push_back(
       ByteString((const unsigned char *)"SLH-DSA-SHA2-256s", 18));
   slhdsa_names.push_back(
-      ByteString((const unsigned char *)"SLH-DSA-SHAKE-256s", 20));
+      ByteString((const unsigned char *)"SLH-DSA-SHAKE-256s", 19));
   slhdsa_names.push_back(
       ByteString((const unsigned char *)"SLH-DSA-SHA2-256f", 18));
   slhdsa_names.push_back(
-      ByteString((const unsigned char *)"SLH-DSA-SHAKE-256f", 20));
+      ByteString((const unsigned char *)"SLH-DSA-SHAKE-256f", 19));
 
   for (auto c = slhdsa_names.begin(); c != slhdsa_names.end(); c++) {
     AsymmetricKeyPair *kp;
@@ -196,19 +196,19 @@ void SLHDSATests::testSigningVerifying()
   // slhdsa_names to test
   std::vector<ByteString> slhdsa_names;
   slhdsa_names.push_back(ByteString((const unsigned char *)"SLH-DSA-SHA2-128s", 18));
-  slhdsa_names.push_back(ByteString((const unsigned char *)"SLH-DSA-SHAKE-128s", 20));
+  slhdsa_names.push_back(ByteString((const unsigned char *)"SLH-DSA-SHAKE-128s", 19));
   slhdsa_names.push_back(ByteString((const unsigned char *)"SLH-DSA-SHA2-128f", 18));
-  slhdsa_names.push_back(ByteString((const unsigned char *)"SLH-DSA-SHAKE-128f", 20));
+  slhdsa_names.push_back(ByteString((const unsigned char *)"SLH-DSA-SHAKE-128f", 19));
 
   slhdsa_names.push_back(ByteString((const unsigned char *)"SLH-DSA-SHA2-192s", 18));
-  slhdsa_names.push_back(ByteString((const unsigned char *)"SLH-DSA-SHAKE-192s", 20));
+  slhdsa_names.push_back(ByteString((const unsigned char *)"SLH-DSA-SHAKE-192s", 19));
   slhdsa_names.push_back(ByteString((const unsigned char *)"SLH-DSA-SHA2-192f", 18));
-  slhdsa_names.push_back(ByteString((const unsigned char *)"SLH-DSA-SHAKE-192f", 20));
+  slhdsa_names.push_back(ByteString((const unsigned char *)"SLH-DSA-SHAKE-192f", 19));
 
   slhdsa_names.push_back(ByteString((const unsigned char *)"SLH-DSA-SHA2-256s", 18));
-  slhdsa_names.push_back(ByteString((const unsigned char *)"SLH-DSA-SHAKE-256s", 20));
+  slhdsa_names.push_back(ByteString((const unsigned char *)"SLH-DSA-SHAKE-256s", 19));
   slhdsa_names.push_back(ByteString((const unsigned char *)"SLH-DSA-SHA2-256f", 18));
-  slhdsa_names.push_back(ByteString((const unsigned char *)"SLH-DSA-SHAKE-256f", 20));
+  slhdsa_names.push_back(ByteString((const unsigned char *)"SLH-DSA-SHAKE-256f", 19));
 
   for (auto c = slhdsa_names.begin(); c != slhdsa_names.end(); c++) {
     AsymmetricKeyPair *kp;

From 8f620defeca5852fc06331bf0aba6118298ba52b Mon Sep 17 00:00:00 2001
From: Joao Henrique <joao.henrique1299@hotmail.com>
Date: Tue, 11 Nov 2025 15:06:15 -0300
Subject: [PATCH 15/21] fix(coderabbit): deriveKey, this function is not
 covered by slh-dsa

---
 src/lib/crypto/OSSLSLHDSA.cpp | 75 +----------------------------------
 1 file changed, 2 insertions(+), 73 deletions(-)

diff --git a/src/lib/crypto/OSSLSLHDSA.cpp b/src/lib/crypto/OSSLSLHDSA.cpp
index c4348d35b..063c2995f 100644
--- a/src/lib/crypto/OSSLSLHDSA.cpp
+++ b/src/lib/crypto/OSSLSLHDSA.cpp
@@ -290,79 +290,8 @@ bool OSSLSLHDSA::generateKeyPair(AsymmetricKeyPair** ppKeyPair, AsymmetricParame
 
 bool OSSLSLHDSA::deriveKey(SymmetricKey **ppSymmetricKey, PublicKey* publicKey, PrivateKey* privateKey)
 {
-	// Check parameters
-	if ((ppSymmetricKey == NULL) ||
-	    (publicKey == NULL) ||
-	    (privateKey == NULL))
-	{
-		return false;
-	}
-
-	// Get keys
-	EVP_PKEY *pub = ((OSSLSLHPublicKey *)publicKey)->getOSSLKey();
-	EVP_PKEY *priv = ((OSSLSLHPrivateKey *)privateKey)->getOSSLKey();
-	if (pub == NULL || priv == NULL)
-	{
-		ERROR_MSG("Failed to get OpenSSL ECDH keys");
-
-		return false;
-	}
-
-	// Get and set context
-	EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(priv, NULL);
-	if (ctx == NULL)
-	{
-		ERROR_MSG("Failed to get OpenSSL ECDH context");
-
-		return false;
-	}
-	if (EVP_PKEY_derive_init(ctx) <= 0)
-	{
-		ERROR_MSG("Failed to init OpenSSL key derive");
-
-		EVP_PKEY_CTX_free(ctx);
-		return false;
-	}
-	if (EVP_PKEY_derive_set_peer(ctx, pub) <= 0)
-	{
-		ERROR_MSG("Failed to set OpenSSL ECDH public key");
-
-		EVP_PKEY_CTX_free(ctx);
-		return false;
-	}
-
-	// Derive the secret
-	size_t len;
-	if (EVP_PKEY_derive(ctx, NULL, &len) <= 0)
-	{
-		ERROR_MSG("Failed to get OpenSSL ECDH key length");
-
-		EVP_PKEY_CTX_free(ctx);
-		return false;
-	}
-	ByteString secret;
-	secret.resize(len);
-	if (EVP_PKEY_derive(ctx, &secret[0], &len) <= 0)
-	{
-		ERROR_MSG("Failed to derive OpenSSL ECDH secret");
-
-		EVP_PKEY_CTX_free(ctx);
-		return false;
-	}
-	EVP_PKEY_CTX_free(ctx);
-
-	// Create derived key
-	*ppSymmetricKey = new SymmetricKey(secret.size() * 8);
-	if (*ppSymmetricKey == NULL)
-		return false;
-	if (!(*ppSymmetricKey)->setKeyBits(secret))
-	{
-		delete *ppSymmetricKey;
-		*ppSymmetricKey = NULL;
-		return false;
-	}
-
-	return true;
+	ERROR_MSG("SLHDSA does not support key derivation");
+	return false;
 }
 
 unsigned long OSSLSLHDSA::getMinKeySize()

From 4296151854e83fe53a45afc7d99952274f126304 Mon Sep 17 00:00:00 2001
From: Joao Henrique <joao.henrique1299@hotmail.com>
Date: Tue, 11 Nov 2025 15:09:59 -0300
Subject: [PATCH 16/21] fix(coderabbit): by default detect slh-dsa on m4 files

---
 m4/acx_crypto_backend.m4 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/m4/acx_crypto_backend.m4 b/m4/acx_crypto_backend.m4
index 1a31cf33d..56cf8b9bf 100644
--- a/m4/acx_crypto_backend.m4
+++ b/m4/acx_crypto_backend.m4
@@ -35,7 +35,7 @@ AC_DEFUN([ACX_CRYPTO_BACKEND],[
 			[Enable support for SLHDSA (default detect, OpenSSL only)]
 		),
 		[enable_slhdsa="${enableval}"],
-		[enable_slhdsa="no"]
+		[enable_slhdsa="detect"]
 	)
 
 	# Second check for the FIPS 140-2 mode

From 5110c125782e55f9a7b32b1e268cc4001e03abcb Mon Sep 17 00:00:00 2001
From: Joao Henrique <joao.henrique1299@hotmail.com>
Date: Tue, 11 Nov 2025 15:44:57 -0300
Subject: [PATCH 17/21] fix: by default disable slhdsa

---
 m4/acx_crypto_backend.m4 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/m4/acx_crypto_backend.m4 b/m4/acx_crypto_backend.m4
index 56cf8b9bf..444c88b49 100644
--- a/m4/acx_crypto_backend.m4
+++ b/m4/acx_crypto_backend.m4
@@ -32,10 +32,10 @@ AC_DEFUN([ACX_CRYPTO_BACKEND],[
 
 	AC_ARG_ENABLE(slhdsa,
 		AS_HELP_STRING([--enable-slhdsa],
-			[Enable support for SLHDSA (default detect, OpenSSL only)]
+			[Enable support for SLHDSA (default disabled, OpenSSL only)]
 		),
 		[enable_slhdsa="${enableval}"],
-		[enable_slhdsa="detect"]
+		[enable_slhdsa="no"]
 	)
 
 	# Second check for the FIPS 140-2 mode

From ee5d1e240b5ef61946dacfba466f8b39afebc19b Mon Sep 17 00:00:00 2001
From: Joao Henrique <joao.henrique1299@hotmail.com>
Date: Tue, 11 Nov 2025 16:47:42 -0300
Subject: [PATCH 18/21] fix(coderabbit): minor errors, messages and identation
 on m4 file

---
 m4/acx_crypto_backend.m4 | 4 ++--
 src/lib/SoftHSM.cpp      | 2 --
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/m4/acx_crypto_backend.m4 b/m4/acx_crypto_backend.m4
index 444c88b49..4a77f0364 100644
--- a/m4/acx_crypto_backend.m4
+++ b/m4/acx_crypto_backend.m4
@@ -197,8 +197,8 @@ AC_DEFUN([ACX_CRYPTO_BACKEND],[
 		fi
 
 		if test "x${enable_slhdsa}" = "xyes"; then
-    		AC_MSG_WARN([SLHDSA is not supported with Botan. Disabling.])
-    		enable_slhdsa="no"
+    	AC_MSG_WARN([SLHDSA is not supported with Botan. Disabling.])
+    	enable_slhdsa="no"
 		fi
 
 		ACX_BOTAN_RFC5649
diff --git a/src/lib/SoftHSM.cpp b/src/lib/SoftHSM.cpp
index 2ada1e55f..b1c35e6c9 100644
--- a/src/lib/SoftHSM.cpp
+++ b/src/lib/SoftHSM.cpp
@@ -4724,7 +4724,6 @@ static CK_RV AsymSign(Session* session, CK_BYTE_PTR pData, CK_ULONG ulDataLen, C
 	// Check buffer size
 	if (*pulSignatureLen < size)
 	{
-		ERROR_MSG("signatureLen=%d, size=%d", *pulSignatureLen, size);
 		*pulSignatureLen = size;
 		return CKR_BUFFER_TOO_SMALL;
 	}
@@ -13025,7 +13024,6 @@ CK_RV SoftHSM::getEDPublicKey(EDPublicKey* publicKey, Token* token, OSObject* ke
 	return CKR_OK;
 }
 
-// PTAL
 CK_RV SoftHSM::getSLHPrivateKey(SLHPrivateKey* privateKey, Token* token, OSObject* key)
 {
 	if (privateKey == NULL) return CKR_ARGUMENTS_BAD;

From e05047551b775fd106c84c47b5f2da1638200510 Mon Sep 17 00:00:00 2001
From: Joao Henrique <joao.henrique1299@hotmail.com>
Date: Tue, 11 Nov 2025 18:00:45 -0300
Subject: [PATCH 19/21] refactor(coderabbit): dry, applied on define key size
 for slh-dsa

---
 src/lib/crypto/Makefile.am           |  1 +
 src/lib/crypto/OSSLSLHPrivateKey.cpp | 26 +---------
 src/lib/crypto/OSSLSLHPublicKey.cpp  | 25 +---------
 src/lib/crypto/OSSLSLHUtil.cpp       | 72 ++++++++++++++++++++++++++++
 src/lib/crypto/OSSLSLHUtil.h         | 40 ++++++++++++++++
 5 files changed, 117 insertions(+), 47 deletions(-)
 create mode 100644 src/lib/crypto/OSSLSLHUtil.cpp
 create mode 100644 src/lib/crypto/OSSLSLHUtil.h

diff --git a/src/lib/crypto/Makefile.am b/src/lib/crypto/Makefile.am
index 8c08fced2..5620c4a6d 100644
--- a/src/lib/crypto/Makefile.am
+++ b/src/lib/crypto/Makefile.am
@@ -71,6 +71,7 @@ libsofthsm_crypto_la_SOURCES +=	OSSLAES.cpp \
 				OSSLSLHKeyPair.cpp \
 				OSSLSLHPrivateKey.cpp \
 				OSSLSLHPublicKey.cpp \
+				OSSLSLHUtil.cpp \
 				OSSLEVPHashAlgorithm.cpp \
 				OSSLEVPMacAlgorithm.cpp \
 				OSSLEVPCMacAlgorithm.cpp \
diff --git a/src/lib/crypto/OSSLSLHPrivateKey.cpp b/src/lib/crypto/OSSLSLHPrivateKey.cpp
index 043296bc5..ef102564d 100644
--- a/src/lib/crypto/OSSLSLHPrivateKey.cpp
+++ b/src/lib/crypto/OSSLSLHPrivateKey.cpp
@@ -38,6 +38,7 @@
 #include <cstdlib>
 #include <cstring>
 #include <openssl/x509.h>
+#include "OSSLSLHUtil.h"
 
 // Constructors
 OSSLSLHPrivateKey::OSSLSLHPrivateKey()
@@ -69,30 +70,7 @@ OSSLSLHPrivateKey::~OSSLSLHPrivateKey()
 
 unsigned long OSSLSLHPrivateKey::getOrderLength() const
 {
-  if (name == NULL){
-    ERROR_MSG("Could not determine the signature size, name is NULL");
-  	return 0;
-  }
-
-  size_t name_len = strnlen(name, 100);
-  size_t signature_size = 0;
-
-  if (strncmp(&name[name_len - 4], "128s", 4) == 0) {
-    signature_size = 7856;
-  } else if (strncmp(&name[name_len - 4], "128f", 4) == 0) {
-    signature_size = 17088;
-  } else if (strncmp(&name[name_len - 4], "192s", 4) == 0) {
-    signature_size = 16224;
-  } else if (strncmp(&name[name_len - 4], "192f", 4) == 0) {
-    signature_size = 35664;
-  } else if (strncmp(&name[name_len - 4], "256s", 4) == 0) {
-    signature_size = 29792;
-  } else if (strncmp(&name[name_len - 4], "256f", 4) == 0) {
-    signature_size = 49856;
-  } else{
-    ERROR_MSG("Could not determine the signature size");
-  }
-	return signature_size;
+	return OSSLSLH::getSignatureSizeFromName(name);
 }
 
 // Set from OpenSSL representation
diff --git a/src/lib/crypto/OSSLSLHPublicKey.cpp b/src/lib/crypto/OSSLSLHPublicKey.cpp
index cb1790090..0ba92d2fa 100644
--- a/src/lib/crypto/OSSLSLHPublicKey.cpp
+++ b/src/lib/crypto/OSSLSLHPublicKey.cpp
@@ -38,6 +38,7 @@
 #include "OSSLUtil.h"
 #include <openssl/x509.h>
 #include <string.h>
+#include "OSSLSLHUtil.h"
 
 // Constructors
 OSSLSLHPublicKey::OSSLSLHPublicKey()
@@ -69,29 +70,7 @@ OSSLSLHPublicKey::~OSSLSLHPublicKey()
 
 unsigned long OSSLSLHPublicKey::getOrderLength() const
 {
-  if (name == NULL){
-    ERROR_MSG("Could not determine the signature size, name is NULL");
-    return 0;
-  }
-  size_t name_len = strnlen(name, 100);
-  size_t signature_size = 0;
-
-  if (strncmp(&name[name_len - 4], "128s", 4) == 0) {
-    signature_size = 7856;
-  } else if (strncmp(&name[name_len - 4], "128f", 4) == 0) {
-    signature_size = 17088;
-  } else if (strncmp(&name[name_len - 4], "192s", 4) == 0) {
-    signature_size = 16224;
-  } else if (strncmp(&name[name_len - 4], "192f", 4) == 0) {
-    signature_size = 35664;
-  } else if (strncmp(&name[name_len - 4], "256s", 4) == 0) {
-    signature_size = 29792;
-  } else if (strncmp(&name[name_len - 4], "256f", 4) == 0) {
-    signature_size = 49856;
-  } else{
-    ERROR_MSG("Could not determine the signature size");
-  }
-	return signature_size;
+	return OSSLSLH::getSignatureSizeFromName(name);
 }
 
 // Set from OpenSSL representation
diff --git a/src/lib/crypto/OSSLSLHUtil.cpp b/src/lib/crypto/OSSLSLHUtil.cpp
new file mode 100644
index 000000000..3b8c85a33
--- /dev/null
+++ b/src/lib/crypto/OSSLSLHUtil.cpp
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 2010 SURFnet bv
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+ * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+ * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*****************************************************************************
+ OSSLSLHUtils.cpp
+
+ OpenSSL SLHDSA Utils
+ *****************************************************************************/
+
+#include "OSSLSLHUtil.h"
+#include "log.h"
+#include <string.h>
+
+namespace OSSLSLH {
+
+unsigned long getSignatureSizeFromName(const char* name)
+{
+    if (name == NULL){
+        ERROR_MSG("Could not determine the signature size, name is NULL");
+        return 0;
+    }
+    unsigned long name_len = strnlen(name, 100);
+    unsigned long signature_size = 0;
+
+    if (name_len < 4) {
+        ERROR_MSG("Could not determine the signature size, name size is smaller than 4");
+        return 0;
+    }
+
+    if (strncmp(&name[name_len - 4], "128s", 4) == 0) {
+        signature_size = 7856;
+    } else if (strncmp(&name[name_len - 4], "128f", 4) == 0) {
+        signature_size = 17088;
+    } else if (strncmp(&name[name_len - 4], "192s", 4) == 0) {
+        signature_size = 16224;
+    } else if (strncmp(&name[name_len - 4], "192f", 4) == 0) {
+        signature_size = 35664;
+    } else if (strncmp(&name[name_len - 4], "256s", 4) == 0) {
+        signature_size = 29792;
+    } else if (strncmp(&name[name_len - 4], "256f", 4) == 0) {
+        signature_size = 49856;
+    } else{
+        ERROR_MSG("Could not determine the signature size, returned 0");
+        return 0;
+    }
+	return signature_size;
+}
+
+} // namespace OSSLSLH
diff --git a/src/lib/crypto/OSSLSLHUtil.h b/src/lib/crypto/OSSLSLHUtil.h
new file mode 100644
index 000000000..ee0f139a8
--- /dev/null
+++ b/src/lib/crypto/OSSLSLHUtil.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2010 SURFnet bv
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+ * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+ * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*****************************************************************************
+ OSSLSLHUtils.h
+
+ OpenSSL SLHDSA Utils
+ *****************************************************************************/
+
+#ifndef OSSLSLH_UTIL_H
+#define OSSLSLH_UTIL_H
+
+namespace OSSLSLH {
+    unsigned long getSignatureSizeFromName(const char* name);
+}
+
+#endif // OSSLSLH_UTIL_H

From 05eb70ca6eded09b2d50059f9cd801da6b87c6e0 Mon Sep 17 00:00:00 2001
From: Joao Henrique <joao.henrique1299@hotmail.com>
Date: Tue, 11 Nov 2025 18:03:31 -0300
Subject: [PATCH 20/21] fix: remove test file, data.txt

---
 data.txt | 1 -
 1 file changed, 1 deletion(-)
 delete mode 100644 data.txt

diff --git a/data.txt b/data.txt
deleted file mode 100644
index 131c17aeb..000000000
--- a/data.txt
+++ /dev/null
@@ -1 +0,0 @@
-msg

From 3db067692fc64b6ca742e5aab66b61c3190ec13a Mon Sep 17 00:00:00 2001
From: Joao Henrique <joao.henrique1299@hotmail.com>
Date: Tue, 11 Nov 2025 18:10:22 -0300
Subject: [PATCH 21/21] fix(coderabbit): minor issue on OSSLSLHPrivateKey.h,
 comment

---
 src/lib/crypto/OSSLSLHPublicKey.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lib/crypto/OSSLSLHPublicKey.h b/src/lib/crypto/OSSLSLHPublicKey.h
index 0dd4fccf6..e2bc9c465 100644
--- a/src/lib/crypto/OSSLSLHPublicKey.h
+++ b/src/lib/crypto/OSSLSLHPublicKey.h
@@ -75,5 +75,5 @@ class OSSLSLHPublicKey : public SLHPublicKey
 	void createOSSLKey();
 };
 
-#endif // !_SOFTHSM_V2_OSSLDSAPUBLICKEY_H
+#endif // !_SOFTHSM_V2_OSSLSLHPUBLICKEY_H