Which PKCS#11 function does Oracle Database 11g makes use of?

Question

I am currently in the process of coming up with a PKCS#11 library with minimal functions such that my legacy HSM is able to support the Oracle database 11g transparent data encryption (TDE). I do not want to come up with the complete PKCS#11 library with all the functions since all I need is to support Oracle database. In addition, coding all functions will take too long a development effort and it would be an overkill in doing so.

Does anybody have any ideas as to which PKCS#11 functions does "Oracle Database 11g Release 2 (11.2)" makes use of for supporting TDE with HSM?

Answer 1

Most probably at least the following:

• C_GetFunctionList
• C_Initialize
• C_GetSlotList
• C_OpenSession
• C_Login
• C_FindObjectsInit
• C_FindObjects
• C_FindObjectsFinal
• C_EncryptInit
• C_Encrypt or
• C_EncryptUpdate
• C_EncryptFinal
• C_DecryptInit
• C_Decrypt or
• C_DecryptUpdate
• C_DecryptFinal

You can use OpenSC pkcs11-spy to sniff on Oracle to see which functions it actually uses and with what kind of parameters.