/* The flags parameter is defined as follows:
* Bit Flag Mask Meaning
*/
#define CKF_RNG 0x00000001 /* has random # generator */
#define CKF_WRITE_PROTECTED 0x00000002 /* token is write-protected */
#define CKF_LOGIN_REQUIRED 0x00000004 /* user must login */
#define CKF_USER_PIN_INITIALIZED 0x00000008 /* normal user's PIN is set */
/* CKF_RESTORE_KEY_NOT_NEEDED is new for v2.0. If it is set,
* that means that *every* time the state of cryptographic
* operations of a session is successfully saved, all keys
* needed to continue those operations are stored in the state */
#define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020
/* CKF_CLOCK_ON_TOKEN is new for v2.0. If it is set, that means
* that the token has some sort of clock. The time on that
* clock is returned in the token info structure */
#define CKF_CLOCK_ON_TOKEN 0x00000040
/* CKF_PROTECTED_AUTHENTICATION_PATH is new for v2.0. If it is
* set, that means that there is some way for the user to login
* without sending a PIN through the Cryptoki library itself */
#define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100
/* CKF_DUAL_CRYPTO_OPERATIONS is new for v2.0. If it is true,
* that means that a single session with the token can perform
* dual simultaneous cryptographic operations (digest and encrypt;
* decrypt and digest; sign and encrypt; and decrypt and sign) */
#define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200
/* CKF_TOKEN_INITIALIZED is new for v2.11. If it is true, the
* token has been initialized using C_InitializeToken or an
* equivalent mechanism outside the scope of this standard.
* Calling C_InitializeToken when this flag is set will cause
* the token to be reinitialized. */
#define CKF_TOKEN_INITIALIZED 0x00000400
/* CKF_SECONDARY_AUTHENTICATION is new for v2.11. If it is
* true, the token supports secondary authentication for private
* key objects. According to the 2.11 spec pg. 45, this flag
* is deprecated and this flags should never be true. */
#define CKF_SECONDARY_AUTHENTICATION 0x00000800
/* CKF_USER_PIN_COUNT_LOW is new in v2.11. This flag is true
* is an incorrect user PIN has been entered at least once
* since the last successful authentication. */
#define CKF_USER_PIN_COUNT_LOW 0x00010000
/* CKF_USER_PIN_FINAL_TRY is new in v2.11. This flag is true if
* supplying an incorrect user PIN will cause it to become locked. */
#define CKF_USER_PIN_FINAL_TRY 0x00020000
/* CKF_USER_PIN_LOCKED is new in v2.11. This is true if the user
* PIN has been locked. User login to the token is not possible. */
#define CKF_USER_PIN_LOCKED 0x00040000
/* CKF_USER_PIN_TO_BE_CHANGED is new in v2.11. This flag is true if
* the user PIN value is the default value set by token initialization
* of manufacturing, or the PIN has been expired by the card. */
#define CKF_USER_PIN_TO_BE_CHANGED 0x00080000
/* CKF_SO_PIN_COUNT_LOW is new in v2.11. This flag is true if
* and incorrect SO login PIN has been entered at least once
* since the last successful authentication. */
#define CKF_SO_PIN_COUNT_LOW 0x00100000
/* CKF_SO_PIN_FINAL_TRY is new in v2.11. This flag is true if
* supplying an incorrect SO PIN will cause it to become locked. */
#define CKF_SO_PIN_FINAL_TRY 0x00200000
/* CKF_SO_PIN_LOCKED is new in v2.11. This flag is true if the
* SO PIN has been locked. User login to the token is not possible. */
#define CKF_SO_PIN_LOCKED 0x00400000
/* CKF_SO_PIN_TO_BE_CHANGED is new in v2.11. This flag is true if the SO PIN
* value is the default value set by token initialization of manufacturing,
* or the PIN has been expired by the card. */
#define CKF_SO_PIN_TO_BE_CHANGED 0x00800000
/* other IBM extended Token info Flags 05/29/99 */
#define CKF_SO_PIN_DERIVED 0x01000000 // Sec Officer pin on card is derived from card id
#define CKF_SO_CARD 0x02000000 // Security Officer Card
/* End of IBM extented Token Info Flags */