Botan 3.0.0
Crypto and TLS for C&
p11.h
Go to the documentation of this file.
1/*
2* PKCS#11
3* (C) 2016 Daniel Neus, Sirrix AG
4* (C) 2016 Philipp Weber, Sirrix AG
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#ifndef BOTAN_P11_H_
10#define BOTAN_P11_H_
11
12#include <botan/secmem.h>
13#include <botan/exceptn.h>
14
15#include <vector>
16#include <string>
17#include <map>
18
19#define CK_PTR *
20
21#if defined(_MSC_VER)
22#define CK_DECLARE_FUNCTION(returnType, name) \
23 returnType __declspec(dllimport) name
24#else
25#define CK_DECLARE_FUNCTION(returnType, name) \
26 returnType name
27#endif
28
29#if defined(_MSC_VER)
30#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
31 returnType __declspec(dllimport) (* name)
32#else
33#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
34 returnType (* name)
35#endif
36
37#define CK_CALLBACK_FUNCTION(returnType, name) \
38 returnType (* name)
39
40#ifndef NULL_PTR
41 #define NULL_PTR nullptr
42#endif
43
44#if defined(_MSC_VER)
45 #pragma pack(push, cryptoki, 1)
46#endif
47
48#include "pkcs11.h"
49
50#if defined(_MSC_VER)
51 #pragma pack(pop, cryptoki)
52#endif
53
54static_assert(CRYPTOKI_VERSION_MAJOR == 2 && CRYPTOKI_VERSION_MINOR == 40,
55 "The Botan PKCS#11 module was implemented against PKCS#11 v2.40. Please use the correct PKCS#11 headers.");
56
57namespace Botan {
58
59class Dynamically_Loaded_Library;
60
61namespace PKCS11 {
62
64
66 {
83 Url = CKA_URL,
90 Id = CKA_ID,
94 Wrap = CKA_WRAP,
96 Sign = CKA_SIGN,
115 Base = CKA_BASE,
175 };
176
178 {
179 X509 = CKC_X_509,
181 Wtls = CKC_WTLS,
183 };
184
185/// Indicates if a stored certificate is a user certificate for which the corresponding private key is available
186/// on the token ("token user"), a CA certificate ("authority"), or another end-entity certificate ("other entity").
188 {
193 };
194
196 {
197 Null = CKD_NULL,
206 };
207
208enum class Flag : CK_FLAGS
209 {
210 None = 0,
214 Rng = CKF_RNG,
236 Hw = CKF_HW,
240 Sign = CKF_SIGN,
246 Wrap = CKF_WRAP,
265 };
266
268 {
269 return static_cast< Flag >(static_cast< CK_FLAGS >(a) | static_cast< CK_FLAGS >(b));
270 }
271
273 {
279 };
280
282 {
287 };
288
290 {
291 Rsa = CKK_RSA,
292 Dsa = CKK_DSA,
293 Dh = CKK_DH,
295 Ec = CKK_EC,
297 Kea = CKK_KEA,
299 Rc2 = CKK_RC2,
300 Rc4 = CKK_RC4,
301 Des = CKK_DES,
302 Des2 = CKK_DES2,
303 Des3 = CKK_DES3,
304 Cast = CKK_CAST,
308 Rc5 = CKK_RC5,
309 Idea = CKK_IDEA,
313 Cdmf = CKK_CDMF,
314 Aes = CKK_AES,
318 Hotp = CKK_HOTP,
319 Acti = CKK_ACTI,
321 Aria = CKK_ARIA,
330 Seed = CKK_SEED,
335 };
336
338 {
355 Dsa = CKM_DSA,
394 Rc4 = CKM_RC4,
420 Md2 = CKM_MD2,
423 Md5 = CKM_MD5,
426 Sha1 = CKM_SHA_1,
450 Hotp = CKM_HOTP,
451 Acti = CKM_ACTI,
672 };
673
675 {
678 };
679
681 {
682 Data = CKO_DATA,
692 };
693
695 {
704 };
705
707 {
713 };
714
715enum class ReturnValue : CK_RV
716 {
717 OK = CKR_OK,
812 };
813
815 {
816 SO = CKU_SO,
817 User = CKU_USER,
819 };
820
821enum class PublicPointEncoding : uint32_t
822 {
823 Raw,
824 Der
825 };
826
830using CreateMutex = CK_CREATEMUTEX;
831using DestroyMutex = CK_DESTROYMUTEX;
832using LockMutex = CK_LOCKMUTEX;
833using UnlockMutex = CK_UNLOCKMUTEX;
835using Info = CK_INFO;
844using Notify = CK_NOTIFY;
849using Byte = CK_BYTE;
853using Date = CK_DATE;
854
856
859
861 {
862 return static_cast<Flags>(flags);
863 }
864
865class Slot;
866
867/**
868* Initializes a token
869* @param slot The slot with the attached token that should be initialized
870* @param label The token label
871* @param so_pin PIN of the security officer. Will be set if the token is uninitialized other this has to be the current SO_PIN
872* @param pin The user PIN that will be set
873*/
874BOTAN_PUBLIC_API(2,0) void initialize_token(Slot& slot, std::string_view label, const secure_string& so_pin,
875 const secure_string& pin);
876
877/**
878* Change PIN with old PIN to new PIN
879* @param slot The slot with the attached token
880* @param old_pin The old user PIN
881* @param new_pin The new user PIN
882*/
883
884BOTAN_PUBLIC_API(2,0) void change_pin(Slot& slot, const secure_string& old_pin, const secure_string& new_pin);
885
886/**
887* Change SO_PIN with old SO_PIN to new SO_PIN
888* @param slot The slot with the attached token
889* @param old_so_pin The old SO_PIN
890* @param new_so_pin The new SO_PIN
891*/
892BOTAN_PUBLIC_API(2,0) void change_so_pin(Slot& slot, const secure_string& old_so_pin, const secure_string& new_so_pin);
893
894/**
895* Sets user PIN with SO_PIN
896* @param slot The slot with the attached token
897* @param so_pin PIN of the security officer
898* @param pin The user PIN that should be set
899*/
900BOTAN_PUBLIC_API(2,0) void set_pin(Slot& slot, const secure_string& so_pin, const secure_string& pin);
901
902/// Provides access to all PKCS#11 functions
904 {
905 public:
906 /// @param ptr the functon list pointer to use. Can be retrieved via `LowLevel::C_GetFunctionList`
907 explicit LowLevel(FunctionListPtr ptr);
908
909 /****************************** General purpose functions ******************************/
910
911 /**
912 * C_Initialize initializes the Cryptoki library.
913 * @param init_args if this is not nullptr, it gets cast to (`C_InitializeArgs`) and dereferenced
914 * @param return_value default value (`ThrowException`): throw exception on error.
915 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
916 * At least the following PKCS#11 return values may be returned:
917 * \li ArgumentsBad \li CantLock \li CryptokiAlreadyInitialized
918 * \li FunctionFailed \li GeneralError \li HostMemory
919 * \li NeedToCreateThreads \li OK
920 * @return true on success, false otherwise
921 */
922 bool C_Initialize(VoidPtr init_args,
923 ReturnValue* return_value = ThrowException) const;
924
925 /**
926 * C_Finalize indicates that an application is done with the Cryptoki library.
927 * @param reserved reserved. Should be nullptr
928 * @param return_value default value (`ThrowException`): throw exception on error.
929 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
930 * At least the following PKCS#11 return values may be returned:
931 * \li ArgumentsBad \li CryptokiNotInitialized \li FunctionFailed
932 * \li GeneralError \li HostMemory \li OK
933 * @return true on success, false otherwise
934 */
935 bool C_Finalize(VoidPtr reserved,
936 ReturnValue* return_value = ThrowException) const;
937
938 /**
939 * C_GetInfo returns general information about Cryptoki.
940 * @param info_ptr location that receives information
941 * @param return_value default value (`ThrowException`): throw exception on error.
942 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
943 * At least the following PKCS#11 return values may be returned:
944 * \li ArgumentsBad \li CryptokiNotInitialized \li FunctionFailed
945 * \li GeneralError \li HostMemory \li OK
946 * @return true on success, false otherwise
947 */
948 bool C_GetInfo(Info* info_ptr,
949 ReturnValue* return_value = ThrowException) const;
950
951 /**
952 * C_GetFunctionList returns the function list.
953 * @param pkcs11_module The PKCS#11 module
954 * @param function_list_ptr_ptr receives pointer to function list
955 * @param return_value default value (`ThrowException`): throw exception on error.
956 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
957 * At least the following PKCS#11 return values may be returned:
958 * \li ArgumentsBad \li FunctionFailed \li GeneralError
959 * \li HostMemory \li OK
960 * @return true on success, false otherwise
961 */
962 static bool C_GetFunctionList(Dynamically_Loaded_Library& pkcs11_module,
963 FunctionListPtr* function_list_ptr_ptr,
964 ReturnValue* return_value = ThrowException);
965
966 /****************************** Slot and token management functions ******************************/
967
968 /**
969 * C_GetSlotList obtains a list of slots in the system.
970 * @param token_present only slots with tokens
971 * @param slot_list_ptr receives array of slot IDs
972 * @param count_ptr receives number of slots
973 * @param return_value default value (`ThrowException`): throw exception on error.
974 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
975 * At least the following PKCS#11 return values may be returned:
976 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
977 * \li FunctionFailed \li GeneralError \li HostMemory
978 * \li OK
979 * @return true on success, false otherwise
980 */
981 bool C_GetSlotList(Bbool token_present,
982 SlotId* slot_list_ptr,
983 Ulong* count_ptr,
984 ReturnValue* return_value = ThrowException) const;
985
986 /**
987 * C_GetSlotList obtains a list of slots in the system.
988 * @param token_present only slots with tokens
989 * @param slot_ids receives vector of slot IDs
990 * @param return_value default value (`ThrowException`): throw exception on error.
991 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
992 * At least the following PKCS#11 return values may be returned:
993 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
994 * \li FunctionFailed \li GeneralError \li HostMemory
995 * \li OK
996 * @return true on success, false otherwise
997 */
998 bool C_GetSlotList(bool token_present,
999 std::vector<SlotId>& slot_ids,
1000 ReturnValue* return_value = ThrowException) const;
1001
1002 /**
1003 * C_GetSlotInfo obtains information about a particular slot in the system.
1004 * @param slot_id the ID of the slot
1005 * @param info_ptr receives the slot information
1006 * @param return_value default value (`ThrowException`): throw exception on error.
1007 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1008 * At least the following PKCS#11 return values may be returned:
1009 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1010 * \li FunctionFailed \li GeneralError \li HostMemory
1011 * \li OK \li SlotIdInvalid
1012 * @return true on success, false otherwise
1013 */
1014 bool C_GetSlotInfo(SlotId slot_id,
1015 SlotInfo* info_ptr,
1016 ReturnValue* return_value = ThrowException) const;
1017
1018 /**
1019 * C_GetTokenInfo obtains information about a particular token in the system.
1020 * @param slot_id ID of the token's slot
1021 * @param info_ptr receives the token information
1022 * @param return_value default value (`ThrowException`): throw exception on error.
1023 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1024 * At least the following PKCS#11 return values may be returned:
1025 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1026 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1027 * \li HostMemory \li OK \li SlotIdInvalid
1028 * \li TokenNotPresent \li TokenNotRecognized \li ArgumentsBad
1029 * @return true on success, false otherwise
1030 */
1031 bool C_GetTokenInfo(SlotId slot_id,
1032 TokenInfo* info_ptr,
1033 ReturnValue* return_value = ThrowException) const;
1034
1035 /**
1036 * C_WaitForSlotEvent waits for a slot event (token insertion, removal, etc.) to occur.
1037 * @param flags blocking/nonblocking flag
1038 * @param slot_ptr location that receives the slot ID
1039 * @param reserved reserved. Should be NULL_PTR
1040 * @param return_value default value (`ThrowException`): throw exception on error.
1041 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1042 * At least the following PKCS#11 return values may be returned:
1043 * \li ArgumentsBad \li CryptokiNotInitialized \li FunctionFailed
1044 * \li GeneralError \li HostMemory \li NoEvent
1045 * \li OK
1046 * @return true on success, false otherwise
1047 */
1048 bool C_WaitForSlotEvent(Flags flags,
1049 SlotId* slot_ptr,
1050 VoidPtr reserved,
1051 ReturnValue* return_value = ThrowException) const;
1052
1053 /**
1054 * C_GetMechanismList obtains a list of mechanism types supported by a token.
1055 * @param slot_id ID of token's slot
1056 * @param mechanism_list_ptr gets mech. array
1057 * @param count_ptr gets # of mechs.
1058 * @param return_value default value (`ThrowException`): throw exception on error.
1059 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1060 * At least the following PKCS#11 return values may be returned:
1061 * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1062 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1063 * \li GeneralError \li HostMemory \li OK
1064 * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1065 * \li ArgumentsBad
1066 * @return true on success, false otherwise
1067 */
1068 bool C_GetMechanismList(SlotId slot_id,
1069 MechanismType* mechanism_list_ptr,
1070 Ulong* count_ptr,
1071 ReturnValue* return_value = ThrowException) const;
1072
1073 /**
1074 * C_GetMechanismList obtains a list of mechanism types supported by a token.
1075 * @param slot_id ID of token's slot
1076 * @param mechanisms receives vector of supported mechanisms
1077 * @param return_value default value (`ThrowException`): throw exception on error.
1078 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1079 * At least the following PKCS#11 return values may be returned:
1080 * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1081 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1082 * \li GeneralError \li HostMemory \li OK
1083 * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1084 * \li ArgumentsBad
1085 * @return true on success, false otherwise
1086 */
1087 bool C_GetMechanismList(SlotId slot_id,
1088 std::vector<MechanismType>& mechanisms,
1089 ReturnValue* return_value = ThrowException) const;
1090
1091 /**
1092 * C_GetMechanismInfo obtains information about a particular mechanism possibly supported by a token.
1093 * @param slot_id ID of the token's slot
1094 * @param type type of mechanism
1095 * @param info_ptr receives mechanism info
1096 * @param return_value default value (`ThrowException`): throw exception on error.
1097 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1098 * At least the following PKCS#11 return values may be returned:
1099 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1100 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1101 * \li HostMemory \li MechanismInvalid \li OK
1102 * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1103 * \li ArgumentsBad
1104 * @return true on success, false otherwise
1105 */
1106 bool C_GetMechanismInfo(SlotId slot_id,
1107 MechanismType type,
1108 MechanismInfo* info_ptr,
1109 ReturnValue* return_value = ThrowException) const;
1110
1111 /**
1112 * C_InitToken initializes a token.
1113 * @param slot_id ID of the token's slot
1114 * @param so_pin_ptr the SO's initial PIN
1115 * @param so_pin_len length in bytes of the SO_PIN
1116 * @param label_ptr 32-byte token label (blank padded)
1117 * @param return_value default value (`ThrowException`): throw exception on error.
1118 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1119 * At least the following PKCS#11 return values may be returned:
1120 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1121 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1122 * \li GeneralError \li HostMemory \li OK
1123 * \li PinIncorrect \li PinLocked \li SessionExists
1124 * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1125 * \li TokenWriteProtected \li ArgumentsBad
1126 * @return true on success, false otherwise
1127 */
1128 bool C_InitToken(SlotId slot_id,
1129 Utf8Char* so_pin_ptr,
1130 Ulong so_pin_len,
1131 Utf8Char* label_ptr,
1132 ReturnValue* return_value = ThrowException) const;
1133
1134 /**
1135 * C_InitToken initializes a token.
1136 * @param slot_id ID of the token's slot
1137 * @param so_pin the SO's initial PIN
1138 * @param label token label (at max 32 bytes long)
1139 * @param return_value default value (`ThrowException`): throw exception on error.
1140 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1141 * At least the following PKCS#11 return values may be returned:
1142 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1143 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1144 * \li GeneralError \li HostMemory \li OK
1145 * \li PinIncorrect \li PinLocked \li SessionExists
1146 * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1147 * \li TokenWriteProtected \li ArgumentsBad
1148 * @return true on success, false otherwise
1149 */
1150 template<typename TAlloc>
1151 bool C_InitToken(SlotId slot_id,
1152 const std::vector<uint8_t, TAlloc>& so_pin,
1153 std::string_view label,
1154 ReturnValue* return_value = ThrowException) const
1155 {
1156 std::string padded_label(label);
1157 if(label.size() < 32)
1158 {
1159 padded_label.insert(padded_label.end(), 32 - label.size(), ' ');
1160 }
1161
1162 return C_InitToken(slot_id,
1163 reinterpret_cast< Utf8Char* >(const_cast< uint8_t* >(so_pin.data())),
1164 static_cast<Ulong>(so_pin.size()),
1165 reinterpret_cast< Utf8Char* >(const_cast< char* >(padded_label.c_str())),
1166 return_value);
1167 }
1168
1169 /**
1170 * C_InitPIN initializes the normal user's PIN.
1171 * @param session the session's handle
1172 * @param pin_ptr the normal user's PIN
1173 * @param pin_len length in bytes of the PIN
1174 * @param return_value default value (`ThrowException`): throw exception on error.
1175 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1176 * At least the following PKCS#11 return values may be returned:
1177 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1178 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1179 * \li GeneralError \li HostMemory \li OK
1180 * \li PinInvalid \li PinLenRange \li SessionClosed
1181 * \li SessionReadOnly \li SessionHandleInvalid \li TokenWriteProtected
1182 * \li UserNotLoggedIn \li ArgumentsBad
1183 * @return true on success, false otherwise
1184 */
1185 bool C_InitPIN(SessionHandle session,
1186 Utf8Char* pin_ptr,
1187 Ulong pin_len,
1188 ReturnValue* return_value = ThrowException) const;
1189
1190 /**
1191 * C_InitPIN initializes the normal user's PIN.
1192 * @param session the session's handle
1193 * @param pin the normal user's PIN
1194 * @param return_value default value (`ThrowException`): throw exception on error.
1195 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1196 * At least the following PKCS#11 return values may be returned:
1197 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1198 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1199 * \li GeneralError \li HostMemory \li OK
1200 * \li PinInvalid \li PinLenRange \li SessionClosed
1201 * \li SessionReadOnly \li SessionHandleInvalid \li TokenWriteProtected
1202 * \li UserNotLoggedIn \li ArgumentsBad
1203 * @return true on success, false otherwise
1204 */
1205 template<typename TAlloc>
1207 const std::vector<uint8_t, TAlloc>& pin,
1208 ReturnValue* return_value = ThrowException) const
1209 {
1210 return C_InitPIN(session,
1211 reinterpret_cast< Utf8Char* >(const_cast< uint8_t* >(pin.data())),
1212 static_cast<Ulong>(pin.size()),
1213 return_value);
1214 }
1215
1216 /**
1217 * C_SetPIN modifies the PIN of the user who is logged in.
1218 * @param session the session's handle
1219 * @param old_pin_ptr the old PIN
1220 * @param old_len length of the old PIN
1221 * @param new_pin_ptr the new PIN
1222 * @param new_len length of the new PIN
1223 * @param return_value default value (`ThrowException`): throw exception on error.
1224 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1225 * At least the following PKCS#11 return values may be returned:
1226 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1227 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1228 * \li GeneralError \li HostMemory \li OK
1229 * \li PinIncorrect \li PinInvalid \li PinLenRange
1230 * \li PinLocked \li SessionClosed \li SessionHandleInvalid
1231 * \li SessionReadOnly \li TokenWriteProtected \li ArgumentsBad
1232 * @return true on success, false otherwise
1233 */
1234 bool C_SetPIN(SessionHandle session,
1235 Utf8Char* old_pin_ptr,
1236 Ulong old_len,
1237 Utf8Char* new_pin_ptr,
1238 Ulong new_len,
1239 ReturnValue* return_value = ThrowException) const;
1240
1241 /**
1242 * C_SetPIN modifies the PIN of the user who is logged in.
1243 * @param session the session's handle
1244 * @param old_pin the old PIN
1245 * @param new_pin the new PIN
1246 * @param return_value default value (`ThrowException`): throw exception on error.
1247 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1248 * At least the following PKCS#11 return values may be returned:
1249 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1250 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1251 * \li GeneralError \li HostMemory \li OK
1252 * \li PinIncorrect \li PinInvalid \li PinLenRange
1253 * \li PinLocked \li SessionClosed \li SessionHandleInvalid
1254 * \li SessionReadOnly \li TokenWriteProtected \li ArgumentsBad
1255 * @return true on success, false otherwise
1256 */
1257 template<typename TAlloc>
1259 const std::vector<uint8_t, TAlloc>& old_pin,
1260 const std::vector<uint8_t, TAlloc>& new_pin,
1261 ReturnValue* return_value = ThrowException) const
1262 {
1263 return C_SetPIN(session,
1264 reinterpret_cast< Utf8Char* >(const_cast< uint8_t* >(old_pin.data())),
1265 static_cast<Ulong>(old_pin.size()),
1266 reinterpret_cast< Utf8Char* >(const_cast< uint8_t* >(new_pin.data())),
1267 static_cast<Ulong>(new_pin.size()),
1268 return_value);
1269 }
1270
1271
1272 /****************************** Session management ******************************/
1273
1274 /**
1275 * C_OpenSession opens a session between an application and a token.
1276 * @param slot_id the slot's ID
1277 * @param flags from CK_SESSION_INFO
1278 * @param application passed to callback
1279 * @param notify callback function
1280 * @param session_ptr gets session handle
1281 * @param return_value default value (`ThrowException`): throw exception on error.
1282 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1283 * At least the following PKCS#11 return values may be returned:
1284 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1285 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1286 * \li HostMemory \li OK \li SessionCount
1287 * \li SessionParallelNotSupported \li SessionReadWriteSoExists \li SlotIdInvalid
1288 * \li TokenNotPresent \li TokenNotRecognized \li TokenWriteProtected
1289 * \li ArgumentsBad
1290 * @return true on success, false otherwise
1291 */
1292 bool C_OpenSession(SlotId slot_id,
1293 Flags flags,
1294 VoidPtr application,
1295 Notify notify,
1296 SessionHandle* session_ptr,
1297 ReturnValue* return_value = ThrowException) const;
1298
1299 /**
1300 * C_CloseSession closes a session between an application and a token.
1301 * @param session the session's handle
1302 * @param return_value default value (`ThrowException`): throw exception on error.
1303 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1304 * At least the following PKCS#11 return values may be returned:
1305 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1306 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1307 * \li HostMemory \li OK \li SessionClosed
1308 * \li SessionHandleInvalid
1309 * @return true on success, false otherwise
1310 */
1311 bool C_CloseSession(SessionHandle session,
1312 ReturnValue* return_value = ThrowException) const;
1313
1314 /**
1315 * C_CloseAllSessions closes all sessions with a token.
1316 * @param slot_id the token's slot
1317 * @param return_value default value (`ThrowException`): throw exception on error.
1318 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1319 * At least the following PKCS#11 return values may be returned:
1320 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1321 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1322 * \li HostMemory \li OK \li SlotIdInvalid
1323 * \li TokenNotPresent
1324 * @return true on success, false otherwise
1325 */
1326 bool C_CloseAllSessions(SlotId slot_id,
1327 ReturnValue* return_value = ThrowException) const;
1328
1329 /**
1330 * C_GetSessionInfo obtains information about the session.
1331 * @param session the session's handle
1332 * @param info_ptr receives session info
1333 * @param return_value default value (`ThrowException`): throw exception on error.
1334 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1335 * At least the following PKCS#11 return values may be returned:
1336 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1337 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1338 * \li HostMemory \li OK \li SessionClosed
1339 * \li SessionHandleInvalid \li ArgumentsBad
1340 * @return true on success, false otherwise
1341 */
1342 bool C_GetSessionInfo(SessionHandle session,
1343 SessionInfo* info_ptr,
1344 ReturnValue* return_value = ThrowException) const;
1345
1346 /**
1347 * C_GetOperationState obtains the state of the cryptographic operation in a session.
1348 * @param session session's handle
1349 * @param operation_state_ptr gets state
1350 * @param operation_state_len_ptr gets state length
1351 * @param return_value default value (`ThrowException`): throw exception on error.
1352 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1353 * At least the following PKCS#11 return values may be returned:
1354 * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1355 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1356 * \li GeneralError \li HostMemory \li OK
1357 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
1358 * \li StateUnsaveable \li ArgumentsBad
1359 * @return true on success, false otherwise
1360 */
1361 bool C_GetOperationState(SessionHandle session,
1362 Byte* operation_state_ptr,
1363 Ulong* operation_state_len_ptr,
1364 ReturnValue* return_value = ThrowException) const;
1365
1366 /**
1367 * C_SetOperationState restores the state of the cryptographic operation in a session.
1368 * @param session session's handle
1369 * @param operation_state_ptr holds state
1370 * @param operation_state_len holds state length
1371 * @param encryption_key en/decryption key
1372 * @param authentication_key sign/verify key
1373 * @param return_value default value (`ThrowException`): throw exception on error.
1374 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1375 * At least the following PKCS#11 return values may be returned:
1376 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1377 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1378 * \li HostMemory \li KeyChanged \li KeyNeeded
1379 * \li KeyNotNeeded \li OK \li SavedStateInvalid
1380 * \li SessionClosed \li SessionHandleInvalid \li ArgumentsBad
1381 * @return true on success, false otherwise
1382 */
1383 bool C_SetOperationState(SessionHandle session,
1384 Byte* operation_state_ptr,
1385 Ulong operation_state_len,
1386 ObjectHandle encryption_key,
1387 ObjectHandle authentication_key,
1388 ReturnValue* return_value = ThrowException) const;
1389
1390 /**
1391 * C_Login logs a user into a token.
1392 * @param session the session's handle
1393 * @param user_type the user type
1394 * @param pin_ptr the user's PIN
1395 * @param pin_len the length of the PIN
1396 * @param return_value default value (`ThrowException`): throw exception on error.
1397 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1398 * At least the following PKCS#11 return values may be returned:
1399 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1400 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1401 * \li FunctionFailed \li GeneralError \li HostMemory
1402 * \li OK \li OperationNotInitialized \li PinIncorrect
1403 * \li PinLocked \li SessionClosed \li SessionHandleInvalid
1404 * \li SessionReadOnlyExists \li UserAlreadyLoggedIn \li UserAnotherAlreadyLoggedIn
1405 * \li UserPinNotInitialized \li UserTooManyTypes \li UserTypeInvalid
1406 * @return true on success, false otherwise
1407 */
1408 bool C_Login(SessionHandle session,
1409 UserType user_type,
1410 Utf8Char* pin_ptr,
1411 Ulong pin_len,
1412 ReturnValue* return_value = ThrowException) const;
1413
1414 /**
1415 * C_Login logs a user into a token.
1416 * @param session the session's handle
1417 * @param user_type the user type
1418 * @param pin the user or security officer's PIN
1419 * @param return_value default value (`ThrowException`): throw exception on error.
1420 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1421 * At least the following PKCS#11 return values may be returned:
1422 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1423 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1424 * \li FunctionFailed \li GeneralError \li HostMemory
1425 * \li OK \li OperationNotInitialized \li PinIncorrect
1426 * \li PinLocked \li SessionClosed \li SessionHandleInvalid
1427 * \li SessionReadOnlyExists \li UserAlreadyLoggedIn \li UserAnotherAlreadyLoggedIn
1428 * \li UserPinNotInitialized \li UserTooManyTypes \li UserTypeInvalid
1429 * @return true on success, false otherwise
1430 */
1431 template<typename TAlloc>
1433 UserType user_type,
1434 const std::vector<uint8_t, TAlloc>& pin,
1435 ReturnValue* return_value = ThrowException) const
1436 {
1437 return C_Login(session, user_type,
1438 reinterpret_cast< Utf8Char* >(const_cast< uint8_t* >(pin.data())),
1439 static_cast<Ulong>(pin.size()),
1440 return_value);
1441 }
1442
1443 /**
1444 * C_Logout logs a user out from a token.
1445 * @param session the session's handle
1446 * @param return_value default value (`ThrowException`): throw exception on error.
1447 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1448 * At least the following PKCS#11 return values may be returned:
1449 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1450 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1451 * \li HostMemory \li OK \li SessionClosed
1452 * \li SessionHandleInvalid \li UserNotLoggedIn
1453 * @return true on success, false otherwise
1454 */
1455 bool C_Logout(SessionHandle session,
1456 ReturnValue* return_value = ThrowException) const;
1457
1458 /****************************** Object management functions ******************************/
1459
1460 /**
1461 * C_CreateObject creates a new object.
1462 * @param session the session's handle
1463 * @param attribute_template_ptr the object's template
1464 * @param count attributes in template
1465 * @param object_ptr gets new object's handle.
1466 * @param return_value default value (`ThrowException`): throw exception on error.
1467 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1468 * At least the following PKCS#11 return values may be returned:
1469 * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
1470 * \li AttributeValueInvalid \li CryptokiNotInitialized \li CurveNotSupported
1471 * \li DeviceError \li DeviceMemory \li DeviceRemoved
1472 * \li DomainParamsInvalid \li FunctionFailed \li GeneralError
1473 * \li HostMemory \li OK \li PinExpired
1474 * \li SessionClosed \li SessionHandleInvalid \li SessionReadOnly
1475 * \li TemplateIncomplete \li TemplateInconsistent \li TokenWriteProtected
1476 * \li UserNotLoggedIn
1477 * @return true on success, false otherwise
1478 */
1479 bool C_CreateObject(SessionHandle session,
1480 Attribute* attribute_template_ptr,
1481 Ulong count,
1482 ObjectHandle* object_ptr,
1483 ReturnValue* return_value = ThrowException) const;
1484
1485 /**
1486 * C_CopyObject copies an object, creating a new object for the copy.
1487 * @param session the session's handle
1488 * @param object the object's handle
1489 * @param attribute_template_ptr template for new object
1490 * @param count attributes in template
1491 * @param new_object_ptr receives handle of copy
1492 * @param return_value default value (`ThrowException`): throw exception on error.
1493 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1494 * At least the following PKCS#11 return values may be returned:
1495 * \li ActionProhibited \li ArgumentsBad \li AttributeReadOnly
1496 * \li AttributeTypeInvalid \li AttributeValueInvalid \li CryptokiNotInitialized
1497 * \li DeviceError \li DeviceMemory \li DeviceRemoved
1498 * \li FunctionFailed \li GeneralError \li HostMemory
1499 * \li ObjectHandleInvalid \li OK \li PinExpired
1500 * \li SessionClosed \li SessionHandleInvalid \li SessionReadOnly
1501 * \li TemplateInconsistent \li TokenWriteProtected \li UserNotLoggedIn
1502 * @return true on success, false otherwise
1503 */
1504 bool C_CopyObject(SessionHandle session,
1505 ObjectHandle object,
1506 Attribute* attribute_template_ptr,
1507 Ulong count,
1508 ObjectHandle* new_object_ptr,
1509 ReturnValue* return_value = ThrowException) const;
1510
1511 /**
1512 * C_DestroyObject destroys an object.
1513 * @param session the session's handle
1514 * @param object the object's handle
1515 * @param return_value default value (`ThrowException`): throw exception on error.
1516 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1517 * At least the following PKCS#11 return values may be returned:
1518 * \li ActionProhibited \li CryptokiNotInitialized \li DeviceError
1519 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1520 * \li GeneralError \li HostMemory \li ObjectHandleInvalid
1521 * \li OK \li PinExpired \li SessionClosed
1522 * \li SessionHandleInvalid \li SessionReadOnly \li TokenWriteProtected
1523 * @return true on success, false otherwise
1524 */
1525 bool C_DestroyObject(SessionHandle session,
1526 ObjectHandle object,
1527 ReturnValue* return_value = ThrowException) const;
1528
1529 /**
1530 * C_GetObjectSize gets the size of an object in bytes.
1531 * @param session the session's handle
1532 * @param object the object's handle
1533 * @param size_ptr receives size of object
1534 * @param return_value default value (`ThrowException`): throw exception on error.
1535 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1536 * At least the following PKCS#11 return values may be returned:
1537 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1538 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1539 * \li GeneralError \li HostMemory \li InformationSensitive
1540 * \li ObjectHandleInvalid \li OK \li SessionClosed
1541 * \li SessionHandleInvalid
1542 * @return true on success, false otherwise
1543 */
1544 bool C_GetObjectSize(SessionHandle session,
1545 ObjectHandle object,
1546 Ulong* size_ptr,
1547 ReturnValue* return_value = ThrowException) const;
1548
1549 /**
1550 * C_GetAttributeValue obtains the value of one or more object attributes.
1551 * @param session the session's handle
1552 * @param object the object's handle
1553 * @param attribute_template_ptr specifies attrs; gets vals
1554 * @param count attributes in template
1555 * @param return_value default value (`ThrowException`): throw exception on error.
1556 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1557 * At least the following PKCS#11 return values may be returned:
1558 * \li ArgumentsBad \li AttributeSensitive \li AttributeTypeInvalid
1559 * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1560 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1561 * \li GeneralError \li HostMemory \li ObjectHandleInvalid
1562 * \li OK \li SessionClosed \li SessionHandleInvalid
1563 * @return true on success, false otherwise
1564 */
1565 bool C_GetAttributeValue(SessionHandle session,
1566 ObjectHandle object,
1567 Attribute* attribute_template_ptr,
1568 Ulong count,
1569 ReturnValue* return_value = ThrowException) const;
1570
1571 /**
1572 * C_GetAttributeValue obtains the value of one or more object attributes.
1573 * @param session the session's handle
1574 * @param object the object's handle
1575 * @param attribute_values specifies attrs; gets vals
1576 * @param return_value default value (`ThrowException`): throw exception on error.
1577 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1578 * At least the following PKCS#11 return values may be returned:
1579 * \li ArgumentsBad \li AttributeSensitive \li AttributeTypeInvalid
1580 * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1581 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1582 * \li GeneralError \li HostMemory \li ObjectHandleInvalid
1583 * \li OK \li SessionClosed \li SessionHandleInvalid
1584 * @return true on success, false otherwise
1585 */
1586 template<typename TAlloc>
1588 ObjectHandle object,
1589 std::map<AttributeType, std::vector<uint8_t, TAlloc>>& attribute_values,
1590 ReturnValue* return_value = ThrowException) const
1591 {
1592 std::vector<Attribute> getter_template;
1593
1594 for(const auto& entry : attribute_values)
1595 {
1596 getter_template.emplace_back(Attribute{ static_cast< CK_ATTRIBUTE_TYPE >(entry.first), nullptr, 0 });
1597 }
1598
1599 bool success = C_GetAttributeValue(session,
1600 object,
1601 const_cast< Attribute* >(getter_template.data()),
1602 static_cast<Ulong>(getter_template.size()),
1603 return_value);
1604
1605 if(!success)
1606 {
1607 return success;
1608 }
1609
1610 size_t i = 0;
1611 for(auto& entry : attribute_values)
1612 {
1613 entry.second.clear();
1614 entry.second.resize(getter_template.at(i).ulValueLen);
1615 getter_template.at(i).pValue = const_cast< uint8_t* >(entry.second.data());
1616 i++;
1617 }
1618
1619 return C_GetAttributeValue(session, object,
1620 const_cast< Attribute* >(getter_template.data()),
1621 static_cast<Ulong>(getter_template.size()),
1622 return_value);
1623 }
1624
1625 /**
1626 * C_SetAttributeValue modifies the value of one or more object attributes.
1627 * @param session the session's handle
1628 * @param object the object's handle
1629 * @param attribute_template_ptr specifies attrs and values
1630 * @param count attributes in template
1631 * @param return_value default value (`ThrowException`): throw exception on error.
1632 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1633 * At least the following PKCS#11 return values may be returned:
1634 * \li ActionProhibited \li ArgumentsBad \li AttributeReadOnly
1635 * \li AttributeTypeInvalid \li AttributeValueInvalid \li CryptokiNotInitialized
1636 * \li DeviceError \li DeviceMemory \li DeviceRemoved
1637 * \li FunctionFailed \li GeneralError \li HostMemory
1638 * \li ObjectHandleInvalid \li OK \li SessionClosed
1639 * \li SessionHandleInvalid \li SessionReadOnly \li TemplateInconsistent
1640 * \li TokenWriteProtected \li UserNotLoggedIn
1641 * @return true on success, false otherwise
1642 */
1643 bool C_SetAttributeValue(SessionHandle session,
1644 ObjectHandle object,
1645 Attribute* attribute_template_ptr,
1646 Ulong count,
1647 ReturnValue* return_value = ThrowException) const;
1648
1649 /**
1650 * C_SetAttributeValue modifies the value of one or more object attributes.
1651 * @param session the session's handle
1652 * @param object the object's handle
1653 * @param attribute_values specifies attrs and values
1654 * @param return_value default value (`ThrowException`): throw exception on error.
1655 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1656 * At least the following PKCS#11 return values may be returned:
1657 * \li ActionProhibited \li ArgumentsBad \li AttributeReadOnly
1658 * \li AttributeTypeInvalid \li AttributeValueInvalid \li CryptokiNotInitialized
1659 * \li DeviceError \li DeviceMemory \li DeviceRemoved
1660 * \li FunctionFailed \li GeneralError \li HostMemory
1661 * \li ObjectHandleInvalid \li OK \li SessionClosed
1662 * \li SessionHandleInvalid \li SessionReadOnly \li TemplateInconsistent
1663 * \li TokenWriteProtected \li UserNotLoggedIn
1664 * @return true on success, false otherwise
1665 */
1666 template<typename TAlloc>
1668 ObjectHandle object,
1669 std::map<AttributeType, std::vector<uint8_t, TAlloc>>& attribute_values,
1670 ReturnValue* return_value = ThrowException) const
1671 {
1672 std::vector<Attribute> setter_template;
1673
1674 for(auto& entry : attribute_values)
1675 {
1676 setter_template.emplace_back(Attribute{ static_cast< CK_ATTRIBUTE_TYPE >(entry.first), entry.second.data(), static_cast<CK_ULONG>(entry.second.size()) });
1677 }
1678
1679 return C_SetAttributeValue(session, object,
1680 const_cast< Attribute* >(setter_template.data()),
1681 static_cast<Ulong>(setter_template.size()),
1682 return_value);
1683 }
1684
1685 /**
1686 * C_FindObjectsInit initializes a search for token and session objects that match a template.
1687 * @param session the session's handle
1688 * @param attribute_template_ptr attribute values to match
1689 * @param count attrs in search template
1690 * @param return_value default value (`ThrowException`): throw exception on error.
1691 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1692 * At least the following PKCS#11 return values may be returned:
1693 * \li ArgumentsBad \li AttributeTypeInvalid \li AttributeValueInvalid
1694 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1695 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1696 * \li HostMemory \li OK \li OperationActive
1697 * \li PinExpired \li SessionClosed \li SessionHandleInvalid
1698 * @return true on success, false otherwise
1699 */
1700 bool C_FindObjectsInit(SessionHandle session,
1701 Attribute* attribute_template_ptr,
1702 Ulong count,
1703 ReturnValue* return_value = ThrowException) const;
1704
1705 /**
1706 * C_FindObjects continues a search for token and session objects that match a template, obtaining additional object handles.
1707 * @param session session's handle
1708 * @param object_ptr gets obj. handles
1709 * @param max_object_count max handles to get
1710 * @param object_count_ptr actual # returned
1711 * @param return_value default value (`ThrowException`): throw exception on error.
1712 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1713 * At least the following PKCS#11 return values may be returned:
1714 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1715 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1716 * \li GeneralError \li HostMemory \li OK
1717 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
1718 * @return true on success, false otherwise
1719 */
1720 bool C_FindObjects(SessionHandle session,
1721 ObjectHandle* object_ptr,
1722 Ulong max_object_count,
1723 Ulong* object_count_ptr,
1724 ReturnValue* return_value = ThrowException) const;
1725
1726 /**
1727 * C_FindObjectsFinal finishes a search for token and session objects.
1728 * @param session the session's handle
1729 * @param return_value default value (`ThrowException`): throw exception on error.
1730 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1731 * At least the following PKCS#11 return values may be returned:
1732 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1733 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1734 * \li HostMemory \li OK \li OperationNotInitialized
1735 * \li SessionClosed \li SessionHandleInvalid
1736 * @return true on success, false otherwise
1737 */
1738 bool C_FindObjectsFinal(SessionHandle session,
1739 ReturnValue* return_value = ThrowException) const;
1740
1741 /****************************** Encryption functions ******************************/
1742
1743 /**
1744 * C_EncryptInit initializes an encryption operation.
1745 * @param session the session's handle
1746 * @param mechanism_ptr the encryption mechanism
1747 * @param key handle of encryption key
1748 * @param return_value default value (`ThrowException`): throw exception on error.
1749 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1750 * At least the following PKCS#11 return values may be returned:
1751 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1752 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1753 * \li GeneralError \li HostMemory \li KeyFunctionNotPermitted
1754 * \li KeyHandleInvalid \li KeySizeRange \li KeyTypeInconsistent
1755 * \li MechanismInvalid \li MechanismParamInvalid \li OK
1756 * \li OperationActive \li PinExpired \li SessionClosed
1757 * \li SessionHandleInvalid \li UserNotLoggedIn
1758 * @return true on success, false otherwise
1759 */
1760 bool C_EncryptInit(SessionHandle session,
1761 Mechanism* mechanism_ptr,
1762 ObjectHandle key,
1763 ReturnValue* return_value = ThrowException) const;
1764
1765 /**
1766 * C_Encrypt encrypts single-part data.
1767 * @param session session's handle
1768 * @param data_ptr the plaintext data
1769 * @param data_len size of plaintext data in bytes
1770 * @param encrypted_data gets ciphertext
1771 * @param encrypted_data_len_ptr gets c-text size
1772 * @param return_value default value (`ThrowException`): throw exception on error.
1773 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1774 * At least the following PKCS#11 return values may be returned:
1775 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1776 * \li DataInvalid \li DataLenRange \li DeviceError
1777 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1778 * \li FunctionFailed \li GeneralError \li HostMemory
1779 * \li OK \li OperationNotInitialized \li SessionClosed
1780 * \li SessionHandleInvalid
1781 * @return true on success, false otherwise
1782 */
1783 bool C_Encrypt(SessionHandle session,
1784 Byte* data_ptr,
1785 Ulong data_len,
1786 Byte* encrypted_data,
1787 Ulong* encrypted_data_len_ptr,
1788 ReturnValue* return_value = ThrowException) const;
1789
1790 /**
1791 * C_Encrypt encrypts single-part data.
1792 * @param session session's handle
1793 * @param plaintext_data the plaintext data
1794 * @param encrypted_data gets ciphertext
1795 * @param return_value default value (`ThrowException`): throw exception on error.
1796 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1797 * At least the following PKCS#11 return values may be returned:
1798 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1799 * \li DataInvalid \li DataLenRange \li DeviceError
1800 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1801 * \li FunctionFailed \li GeneralError \li HostMemory
1802 * \li OK \li OperationNotInitialized \li SessionClosed
1803 * \li SessionHandleInvalid
1804 * @return true on success, false otherwise
1805 */
1806 template<typename TAllocA, typename TAllocB>
1808 const std::vector<uint8_t, TAllocA>& plaintext_data,
1809 std::vector<uint8_t, TAllocB>& encrypted_data,
1810 ReturnValue* return_value = ThrowException) const
1811 {
1812 Ulong encrypted_size = 0;
1813 if(!C_Encrypt(session,
1814 const_cast<Byte*>((plaintext_data.data())),
1815 static_cast<Ulong>(plaintext_data.size()),
1816 nullptr, &encrypted_size,
1817 return_value))
1818 {
1819 return false;
1820 }
1821
1822 encrypted_data.resize(encrypted_size);
1823 if (!C_Encrypt(session,
1824 const_cast<Byte*>(plaintext_data.data()),
1825 static_cast<Ulong>(plaintext_data.size()),
1826 encrypted_data.data(),
1827 &encrypted_size, return_value))
1828 {
1829 return false;
1830 }
1831 encrypted_data.resize(encrypted_size);
1832 return true;
1833 }
1834
1835 /**
1836 * C_EncryptUpdate continues a multiple-part encryption operation.
1837 * @param session session's handle
1838 * @param part_ptr the plaintext data
1839 * @param part_len plaintext data len
1840 * @param encrypted_part_ptr gets ciphertext
1841 * @param encrypted_part_len_ptr gets c-text size
1842 * @param return_value default value (`ThrowException`): throw exception on error.
1843 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1844 * At least the following PKCS#11 return values may be returned:
1845 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1846 * \li DataLenRange \li DeviceError \li DeviceMemory
1847 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1848 * \li GeneralError \li HostMemory \li OK
1849 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
1850 * @return true on success, false otherwise
1851 */
1852 bool C_EncryptUpdate(SessionHandle session,
1853 Byte* part_ptr,
1854 Ulong part_len,
1855 Byte* encrypted_part_ptr,
1856 Ulong* encrypted_part_len_ptr,
1857 ReturnValue* return_value = ThrowException) const;
1858
1859 /**
1860 * C_EncryptFinal finishes a multiple-part encryption operation.
1861 * @param session session handle
1862 * @param last_encrypted_part_ptr last c-text
1863 * @param last_encrypted_part_len_ptr gets last size
1864 * @param return_value default value (`ThrowException`): throw exception on error.
1865 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1866 * At least the following PKCS#11 return values may be returned:
1867 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1868 * \li DataLenRange \li DeviceError \li DeviceMemory
1869 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1870 * \li GeneralError \li HostMemory \li OK
1871 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
1872 * @return true on success, false otherwise
1873 */
1874 bool C_EncryptFinal(SessionHandle session,
1875 Byte* last_encrypted_part_ptr,
1876 Ulong* last_encrypted_part_len_ptr,
1877 ReturnValue* return_value = ThrowException) const;
1878
1879 /****************************** Decryption functions ******************************/
1880
1881 /**
1882 * C_DecryptInit initializes a decryption operation.
1883 * @param session the session's handle
1884 * @param mechanism_ptr the decryption mechanism
1885 * @param key handle of decryption key
1886 * @param return_value default value (`ThrowException`): throw exception on error.
1887 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1888 * At least the following PKCS#11 return values may be returned:
1889 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1890 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1891 * \li FunctionFailed \li GeneralError \li HostMemory
1892 * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
1893 * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
1894 * \li OK \li OperationActive \li PinExpired
1895 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
1896 * @return true on success, false otherwise
1897 */
1898 bool C_DecryptInit(SessionHandle session,
1899 Mechanism* mechanism_ptr,
1900 ObjectHandle key,
1901 ReturnValue* return_value = ThrowException) const;
1902
1903 /**
1904 * C_Decrypt decrypts encrypted data in a single part.
1905 * @param session session's handle
1906 * @param encrypted_data_ptr ciphertext
1907 * @param encrypted_data_len ciphertext length
1908 * @param data_ptr gets plaintext
1909 * @param data_len_ptr gets p-text size
1910 * @param return_value default value (`ThrowException`): throw exception on error.
1911 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1912 * At least the following PKCS#11 return values may be returned:
1913 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1914 * \li DeviceError \li DeviceMemory \li DeviceRemoved
1915 * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
1916 * \li FunctionFailed \li GeneralError \li HostMemory
1917 * \li OK \li OperationNotInitialized \li SessionClosed
1918 * \li SessionHandleInvalid \li UserNotLoggedIn
1919 * @return true on success, false otherwise
1920 */
1921 bool C_Decrypt(SessionHandle session,
1922 Byte* encrypted_data_ptr,
1923 Ulong encrypted_data_len,
1924 Byte* data_ptr,
1925 Ulong* data_len_ptr,
1926 ReturnValue* return_value = ThrowException) const;
1927
1928 /**
1929 * C_Decrypt decrypts encrypted data in a single part.
1930 * @param session session's handle
1931 * @param encrypted_data ciphertext
1932 * @param decrypted_data gets plaintext
1933 * @param return_value default value (`ThrowException`): throw exception on error.
1934 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1935 * At least the following PKCS#11 return values may be returned:
1936 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1937 * \li DeviceError \li DeviceMemory \li DeviceRemoved
1938 * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
1939 * \li FunctionFailed \li GeneralError \li HostMemory
1940 * \li OK \li OperationNotInitialized \li SessionClosed
1941 * \li SessionHandleInvalid \li UserNotLoggedIn
1942 * @return true on success, false otherwise
1943 */
1944 template<typename TAllocA, typename TAllocB>
1946 const std::vector<uint8_t, TAllocA>& encrypted_data,
1947 std::vector<uint8_t, TAllocB>& decrypted_data,
1948 ReturnValue* return_value = ThrowException) const
1949 {
1950 Ulong decrypted_size = 0;
1951 if(!C_Decrypt(session,
1952 const_cast<Byte*>((encrypted_data.data())),
1953 static_cast<Ulong>(encrypted_data.size()),
1954 nullptr, &decrypted_size,
1955 return_value))
1956 {
1957 return false;
1958 }
1959
1960 decrypted_data.resize(decrypted_size);
1961 if(!C_Decrypt(session,
1962 const_cast<Byte*>(encrypted_data.data()),
1963 static_cast<Ulong>(encrypted_data.size()),
1964 decrypted_data.data(),
1965 &decrypted_size, return_value))
1966 {
1967 return false;
1968 }
1969 decrypted_data.resize(decrypted_size);
1970 return true;
1971 }
1972
1973 /**
1974 * C_DecryptUpdate continues a multiple-part decryption operation.
1975 * @param session session's handle
1976 * @param encrypted_part_ptr encrypted data
1977 * @param encrypted_part_len input length
1978 * @param part_ptr gets plaintext
1979 * @param part_len_ptr p-text size
1980 * @param return_value default value (`ThrowException`): throw exception on error.
1981 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1982 * At least the following PKCS#11 return values may be returned:
1983 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1984 * \li DeviceError \li DeviceMemory \li DeviceRemoved
1985 * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
1986 * \li FunctionFailed \li GeneralError \li HostMemory
1987 * \li OK \li OperationNotInitialized \li SessionClosed
1988 * \li SessionHandleInvalid \li UserNotLoggedIn
1989 * @return true on success, false otherwise
1990 */
1991 bool C_DecryptUpdate(SessionHandle session,
1992 Byte* encrypted_part_ptr,
1993 Ulong encrypted_part_len,
1994 Byte* part_ptr,
1995 Ulong* part_len_ptr,
1996 ReturnValue* return_value = ThrowException) const;
1997
1998 /**
1999 * C_DecryptFinal finishes a multiple-part decryption operation.
2000 * @param session the session's handle
2001 * @param last_part_ptr gets plaintext
2002 * @param last_part_len_ptr p-text size
2003 * @param return_value default value (`ThrowException`): throw exception on error.
2004 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2005 * At least the following PKCS#11 return values may be returned:
2006 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2007 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2008 * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
2009 * \li FunctionFailed \li GeneralError \li HostMemory
2010 * \li OK \li OperationNotInitialized \li SessionClosed
2011 * \li SessionHandleInvalid \li UserNotLoggedIn
2012 * @return true on success, false otherwise
2013 */
2014 bool C_DecryptFinal(SessionHandle session,
2015 Byte* last_part_ptr,
2016 Ulong* last_part_len_ptr,
2017 ReturnValue* return_value = ThrowException) const;
2018
2019 /****************************** Message digesting functions ******************************/
2020
2021 /**
2022 * C_DigestInit initializes a message-digesting operation.
2023 * @param session the session's handle
2024 * @param mechanism_ptr the digesting mechanism
2025 * @param return_value default value (`ThrowException`): throw exception on error.
2026 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2027 * At least the following PKCS#11 return values may be returned:
2028 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2029 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2030 * \li FunctionFailed \li GeneralError \li HostMemory
2031 * \li MechanismInvalid \li MechanismParamInvalid \li OK
2032 * \li OperationActive \li PinExpired \li SessionClosed
2033 * \li SessionHandleInvalid \li UserNotLoggedIn
2034 * @return true on success, false otherwise
2035 */
2036 bool C_DigestInit(SessionHandle session,
2037 Mechanism* mechanism_ptr,
2038 ReturnValue* return_value = ThrowException) const;
2039
2040 /**
2041 * C_Digest digests data in a single part.
2042 * @param session the session's handle
2043 * @param data_ptr data to be digested
2044 * @param data_len bytes of data to digest
2045 * @param digest_ptr gets the message digest
2046 * @param digest_len_ptr gets digest length
2047 * @param return_value default value (`ThrowException`): throw exception on error.
2048 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2049 * At least the following PKCS#11 return values may be returned:
2050 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2051 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2052 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2053 * \li HostMemory \li OK \li OperationNotInitialized
2054 * \li SessionClosed \li SessionHandleInvalid
2055 * @return true on success, false otherwise
2056 */
2057 bool C_Digest(SessionHandle session,
2058 Byte* data_ptr,
2059 Ulong data_len,
2060 Byte* digest_ptr,
2061 Ulong* digest_len_ptr,
2062 ReturnValue* return_value = ThrowException) const;
2063
2064 /**
2065 * C_DigestUpdate continues a multiple-part message-digesting operation.
2066 * @param session the session's handle
2067 * @param part_ptr data to be digested
2068 * @param part_len bytes of data to be digested
2069 * @param return_value default value (`ThrowException`): throw exception on error.
2070 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2071 * At least the following PKCS#11 return values may be returned:
2072 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2073 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2074 * \li FunctionFailed \li GeneralError \li HostMemory
2075 * \li OK \li OperationNotInitialized \li SessionClosed
2076 * \li SessionHandleInvalid
2077 * @return true on success, false otherwise
2078 */
2079 bool C_DigestUpdate(SessionHandle session,
2080 Byte* part_ptr,
2081 Ulong part_len,
2082 ReturnValue* return_value = ThrowException) const;
2083
2084 /**
2085 * C_DigestKey continues a multi-part message-digesting operation, by digesting the value of a secret key as part of the data already digested.
2086 * @param session the session's handle
2087 * @param key secret key to digest
2088 * @param return_value default value (`ThrowException`): throw exception on error.
2089 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2090 * At least the following PKCS#11 return values may be returned:
2091 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
2092 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2093 * \li GeneralError \li HostMemory \li KeyHandleInvalid
2094 * \li KeyIndigestible \li KeySizeRange \li OK
2095 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2096 * @return true on success, false otherwise
2097 */
2098 bool C_DigestKey(SessionHandle session,
2099 ObjectHandle key,
2100 ReturnValue* return_value = ThrowException) const;
2101
2102 /**
2103 * C_DigestFinal finishes a multiple-part message-digesting operation.
2104 * @param session the session's handle
2105 * @param digest_ptr gets the message digest
2106 * @param digest_len_ptr gets uint8_t count of digest
2107 * @param return_value default value (`ThrowException`): throw exception on error.
2108 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2109 * At least the following PKCS#11 return values may be returned:
2110 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2111 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2112 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2113 * \li HostMemory \li OK \li OperationNotInitialized
2114 * \li SessionClosed \li SessionHandleInvalid
2115 * @return true on success, false otherwise
2116 */
2117 bool C_DigestFinal(SessionHandle session,
2118 Byte* digest_ptr,
2119 Ulong* digest_len_ptr,
2120 ReturnValue* return_value = ThrowException) const;
2121
2122 /****************************** Signing and MACing functions ******************************/
2123
2124 /**
2125 * C_SignInit initializes a signature (private key encryption) operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2126 * @param session the session's handle
2127 * @param mechanism_ptr the signature mechanism
2128 * @param key handle of signature key
2129 * @param return_value default value (`ThrowException`): throw exception on error.
2130 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2131 * At least the following PKCS#11 return values may be returned:
2132 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2133 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2134 * \li FunctionFailed \li GeneralError \li HostMemory
2135 * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
2136 * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
2137 * \li OK \li OperationActive \li PinExpired
2138 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2139 * @return true on success, false otherwise
2140 */
2141 bool C_SignInit(SessionHandle session,
2142 Mechanism* mechanism_ptr,
2143 ObjectHandle key,
2144 ReturnValue* return_value = ThrowException) const;
2145
2146 /**
2147 * C_Sign signs (encrypts with private key) data in a single part, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2148 * @param session the session's handle
2149 * @param data_ptr the data to sign
2150 * @param data_len count of bytes to sign
2151 * @param signature_ptr gets the signature
2152 * @param signature_len_ptr gets signature length
2153 * @param return_value default value (`ThrowException`): throw exception on error.
2154 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2155 * At least the following PKCS#11 return values may be returned:
2156 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2157 * \li DataInvalid \li DataLenRange \li DeviceError
2158 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2159 * \li FunctionFailed \li GeneralError \li HostMemory
2160 * \li OK \li OperationNotInitialized \li SessionClosed
2161 * \li SessionHandleInvalid \li UserNotLoggedIn \li FunctionRejected
2162 * @return true on success, false otherwise
2163 */
2164 bool C_Sign(SessionHandle session,
2165 const Byte* data_ptr,
2166 Ulong data_len,
2167 Byte* signature_ptr,
2168 Ulong* signature_len_ptr,
2169 ReturnValue* return_value = ThrowException) const;
2170
2171 /**
2172 * C_Sign signs (encrypts with private key) data in a single part, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2173 * @param session the session's handle
2174 * @param data the data to sign
2175 * @param signature gets the signature
2176 * @param return_value default value (`ThrowException`): throw exception on error.
2177 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2178 * At least the following PKCS#11 return values may be returned:
2179 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2180 * \li DataInvalid \li DataLenRange \li DeviceError
2181 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2182 * \li FunctionFailed \li GeneralError \li HostMemory
2183 * \li OK \li OperationNotInitialized \li SessionClosed
2184 * \li SessionHandleInvalid \li UserNotLoggedIn \li FunctionRejected
2185 * @return true on success, false otherwise
2186 */
2187 template<typename TAllocA, typename TAllocB>
2188 bool C_Sign(SessionHandle session,
2189 const std::vector<uint8_t, TAllocA>& data,
2190 std::vector<uint8_t, TAllocB>& signature,
2191 ReturnValue* return_value = ThrowException) const
2192 {
2193 Ulong signature_size = 0;
2194 if(!C_Sign(session,
2195 data.data(),
2196 static_cast<Ulong>(data.size()),
2197 nullptr,
2198 &signature_size,
2199 return_value))
2200 {
2201 return false;
2202 }
2203
2204 signature.resize(signature_size);
2205 if (!C_Sign(session,
2206 data.data(),
2207 static_cast<Ulong>(data.size()),
2208 signature.data(),
2209 &signature_size,
2210 return_value))
2211 {
2212 return false;
2213 }
2214 signature.resize(signature_size);
2215 return true;
2216 }
2217
2218 /**
2219 * C_SignUpdate continues a multiple-part signature operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2220 * @param session the session's handle
2221 * @param part_ptr the data to sign
2222 * @param part_len count of bytes to sign
2223 * @param return_value default value (`ThrowException`): throw exception on error.
2224 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2225 * At least the following PKCS#11 return values may be returned:
2226 * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2227 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2228 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2229 * \li HostMemory \li OK \li OperationNotInitialized
2230 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2231 * @return true on success, false otherwise
2232 */
2233 bool C_SignUpdate(SessionHandle session,
2234 const Byte* part_ptr,
2235 Ulong part_len,
2236 ReturnValue* return_value = ThrowException) const;
2237
2238 /**
2239 * C_SignUpdate continues a multiple-part signature operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2240 * @param session the session's handle
2241 * @param part the data to sign
2242 * @param return_value default value (`ThrowException`): throw exception on error.
2243 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2244 * At least the following PKCS#11 return values may be returned:
2245 * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2246 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2247 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2248 * \li HostMemory \li OK \li OperationNotInitialized
2249 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2250 * @return true on success, false otherwise
2251 */
2252 template<typename TAlloc>
2254 const std::vector<uint8_t, TAlloc>& part,
2255 ReturnValue* return_value = ThrowException) const
2256 {
2257 return C_SignUpdate(session,
2258 part.data(),
2259 static_cast<Ulong>(part.size()),
2260 return_value);
2261 }
2262
2263 /**
2264 * C_SignFinal finishes a multiple-part signature operation, returning the signature.
2265 * @param session the session's handle
2266 * @param signature_ptr gets the signature
2267 * @param signature_len_ptr gets signature length
2268 * @param return_value default value (`ThrowException`): throw exception on error.
2269 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2270 * At least the following PKCS#11 return values may be returned:
2271 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2272 * \li DataLenRange \li DeviceError \li DeviceMemory
2273 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2274 * \li GeneralError \li HostMemory \li OK
2275 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2276 * \li UserNotLoggedIn \li FunctionRejected
2277 * @return true on success, false otherwise
2278 */
2279 bool C_SignFinal(SessionHandle session,
2280 Byte* signature_ptr,
2281 Ulong* signature_len_ptr,
2282 ReturnValue* return_value = ThrowException) const;
2283
2284 /**
2285 * C_SignFinal finishes a multiple-part signature operation, returning the signature.
2286 * @param session the session's handle
2287 * @param signature gets the signature
2288 * @param return_value default value (`ThrowException`): throw exception on error.
2289 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2290 * At least the following PKCS#11 return values may be returned:
2291 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2292 * \li DataLenRange \li DeviceError \li DeviceMemory
2293 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2294 * \li GeneralError \li HostMemory \li OK
2295 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2296 * \li UserNotLoggedIn \li FunctionRejected
2297 * @return true on success, false otherwise
2298 */
2299 template<typename TAlloc>
2301 std::vector<uint8_t, TAlloc>& signature,
2302 ReturnValue* return_value = ThrowException) const
2303 {
2304 Ulong signature_size = 0;
2305 if(!C_SignFinal(session, nullptr, &signature_size, return_value))
2306 {
2307 return false;
2308 }
2309
2310 signature.resize(signature_size);
2311 if (!C_SignFinal(session, signature.data(), &signature_size, return_value))
2312 {
2313 return false;
2314 }
2315 signature.resize(signature_size);
2316 return true;
2317 }
2318
2319 /**
2320 * C_SignRecoverInit initializes a signature operation, where the data can be recovered from the signature.
2321 * @param session the session's handle
2322 * @param mechanism_ptr the signature mechanism
2323 * @param key handle of the signature key
2324 * @param return_value default value (`ThrowException`): throw exception on error.
2325 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2326 * At least the following PKCS#11 return values may be returned:
2327 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2328 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2329 * \li FunctionFailed \li GeneralError \li HostMemory
2330 * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
2331 * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
2332 * \li OK \li OperationActive \li PinExpired
2333 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2334 * @return true on success, false otherwise
2335 */
2336 bool C_SignRecoverInit(SessionHandle session,
2337 Mechanism* mechanism_ptr,
2338 ObjectHandle key,
2339 ReturnValue* return_value = ThrowException) const;
2340
2341 /**
2342 * C_SignRecover signs data in a single operation, where the data can be recovered from the signature.
2343 * @param session the session's handle
2344 * @param data_ptr the data to sign
2345 * @param data_len count of bytes to sign
2346 * @param signature_ptr gets the signature
2347 * @param signature_len_ptr gets signature length
2348 * @param return_value default value (`ThrowException`): throw exception on error.
2349 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2350 * At least the following PKCS#11 return values may be returned:
2351 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2352 * \li DataInvalid \li DataLenRange \li DeviceError
2353 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2354 * \li FunctionFailed \li GeneralError \li HostMemory
2355 * \li OK \li OperationNotInitialized \li SessionClosed
2356 * \li SessionHandleInvalid \li UserNotLoggedIn
2357 * @return true on success, false otherwise
2358 */
2359 bool C_SignRecover(SessionHandle session,
2360 Byte* data_ptr,
2361 Ulong data_len,
2362 Byte* signature_ptr,
2363 Ulong* signature_len_ptr,
2364 ReturnValue* return_value = ThrowException) const;
2365
2366 /****************************** Functions for verifying signatures and MACs ******************************/
2367
2368 /**
2369 * C_VerifyInit initializes a verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature (e.g. DSA).
2370 * @param session the session's handle
2371 * @param mechanism_ptr the verification mechanism
2372 * @param key verification key
2373 * @param return_value default value (`ThrowException`): throw exception on error.
2374 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2375 * At least the following PKCS#11 return values may be returned:
2376 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2377 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2378 * \li FunctionFailed \li GeneralError \li HostMemory
2379 * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
2380 * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
2381 * \li OK \li OperationActive \li PinExpired
2382 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2383 * @return true on success, false otherwise
2384 */
2385 bool C_VerifyInit(SessionHandle session,
2386 Mechanism* mechanism_ptr,
2387 ObjectHandle key,
2388 ReturnValue* return_value = ThrowException) const;
2389
2390 /**
2391 * C_Verify verifies a signature in a single-part operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
2392 * @param session the session's handle
2393 * @param data_ptr signed data
2394 * @param data_len length of signed data
2395 * @param signature_ptr signature
2396 * @param signature_len signature length
2397 * @param return_value default value (`ThrowException`): throw exception on error.
2398 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2399 * At least the following PKCS#11 return values may be returned:
2400 * \li ArgumentsBad \li CryptokiNotInitialized \li DataInvalid
2401 * \li DataLenRange \li DeviceError \li DeviceMemory
2402 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2403 * \li GeneralError \li HostMemory \li OK
2404 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2405 * \li SignatureInvalid \li SignatureLenRange
2406 * @return true on success, false otherwise
2407 */
2408 bool C_Verify(SessionHandle session,
2409 const Byte* data_ptr,
2410 Ulong data_len,
2411 const Byte* signature_ptr,
2412 Ulong signature_len,
2413 ReturnValue* return_value = ThrowException) const;
2414
2415 /**
2416 * C_Verify verifies a signature in a single-part operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
2417 * @param session the session's handle
2418 * @param data signed data
2419 * @param signature signature
2420 * @param return_value default value (`ThrowException`): throw exception on error.
2421 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2422 * At least the following PKCS#11 return values may be returned:
2423 * \li ArgumentsBad \li CryptokiNotInitialized \li DataInvalid
2424 * \li DataLenRange \li DeviceError \li DeviceMemory
2425 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2426 * \li GeneralError \li HostMemory \li OK
2427 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2428 * \li SignatureInvalid \li SignatureLenRange
2429 * @return true on success, false otherwise
2430 */
2431 template<typename TAllocA, typename TAllocB>
2433 const std::vector<uint8_t, TAllocA>& data,
2434 std::vector<uint8_t, TAllocB>& signature,
2435 ReturnValue* return_value = ThrowException) const
2436 {
2437 return C_Verify(session,
2438 data.data(),
2439 static_cast<Ulong>(data.size()),
2440 signature.data(),
2441 static_cast<Ulong>(signature.size()),
2442 return_value);
2443 }
2444
2445 /**
2446 * C_VerifyUpdate continues a multiple-part verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
2447 * @param session the session's handle
2448 * @param part_ptr signed data
2449 * @param part_len length of signed data
2450 * @param return_value default value (`ThrowException`): throw exception on error.
2451 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2452 * At least the following PKCS#11 return values may be returned:
2453 * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2454 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2455 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2456 * \li HostMemory \li OK \li OperationNotInitialized
2457 * \li SessionClosed \li SessionHandleInvalid
2458 * @return true on success, false otherwise
2459 */
2460 bool C_VerifyUpdate(SessionHandle session,
2461 const Byte* part_ptr,
2462 Ulong part_len,
2463 ReturnValue* return_value = ThrowException) const;
2464
2465 /**
2466 * C_VerifyUpdate continues a multiple-part verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
2467 * @param session the session's handle
2468 * @param part signed data
2469 * @param return_value default value (`ThrowException`): throw exception on error.
2470 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2471 * At least the following PKCS#11 return values may be returned:
2472 * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2473 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2474 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2475 * \li HostMemory \li OK \li OperationNotInitialized
2476 * \li SessionClosed \li SessionHandleInvalid
2477 * @return true on success, false otherwise
2478 */
2479 template<typename TAlloc>
2481 std::vector<uint8_t, TAlloc> part,
2482 ReturnValue* return_value = ThrowException) const
2483 {
2484 return C_VerifyUpdate(session, part.data(), static_cast<Ulong>(part.size()), return_value);
2485 }
2486
2487 /**
2488 * C_VerifyFinal finishes a multiple-part verification operation, checking the signature.
2489 * @param session the session's handle
2490 * @param signature_ptr signature to verify
2491 * @param signature_len signature length
2492 * @param return_value default value (`ThrowException`): throw exception on error.
2493 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2494 * At least the following PKCS#11 return values may be returned:
2495 * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2496 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2497 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2498 * \li HostMemory \li OK \li OperationNotInitialized
2499 * \li SessionClosed \li SessionHandleInvalid \li SignatureInvalid
2500 * \li SignatureLenRange
2501 * @return true on success, false otherwise
2502 */
2503 bool C_VerifyFinal(SessionHandle session,
2504 const Byte* signature_ptr,
2505 Ulong signature_len,
2506 ReturnValue* return_value = ThrowException) const;
2507
2508 /**
2509 * C_VerifyRecoverInit initializes a signature verification operation, where the data is recovered from the signature.
2510 * @param session the session's handle
2511 * @param mechanism_ptr the verification mechanism
2512 * @param key verification key
2513 * @param return_value default value (`ThrowException`): throw exception on error.
2514 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2515 * At least the following PKCS#11 return values may be returned:
2516 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2517 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2518 * \li FunctionFailed \li GeneralError \li HostMemory
2519 * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
2520 * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
2521 * \li OK \li OperationActive \li PinExpired
2522 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2523 * @return true on success, false otherwise
2524 */
2525 bool C_VerifyRecoverInit(SessionHandle session,
2526 Mechanism* mechanism_ptr,
2527 ObjectHandle key,
2528 ReturnValue* return_value = ThrowException) const;
2529
2530 /**
2531 * C_VerifyRecover verifies a signature in a single-part operation, where the data is recovered from the signature.
2532 * @param session the session's handle
2533 * @param signature_ptr signature to verify
2534 * @param signature_len signature length
2535 * @param data_ptr gets signed data
2536 * @param data_len_ptr gets signed data len
2537 * @param return_value default value (`ThrowException`): throw exception on error.
2538 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2539 * At least the following PKCS#11 return values may be returned:
2540 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2541 * \li DataInvalid \li DataLenRange \li DeviceError
2542 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2543 * \li FunctionFailed \li GeneralError \li HostMemory
2544 * \li OK \li OperationNotInitialized \li SessionClosed
2545 * \li SessionHandleInvalid \li SignatureLenRange \li SignatureInvalid
2546 * @return true on success, false otherwise
2547 */
2548 bool C_VerifyRecover(SessionHandle session,
2549 Byte* signature_ptr,
2550 Ulong signature_len,
2551 Byte* data_ptr,
2552 Ulong* data_len_ptr,
2553 ReturnValue* return_value = ThrowException) const;
2554
2555 /****************************** Dual-purpose cryptographic functions ******************************/
2556
2557 /**
2558 * C_DigestEncryptUpdate continues a multiple-part digesting and encryption operation.
2559 * @param session session's handle
2560 * @param part_ptr the plaintext data
2561 * @param part_len plaintext length
2562 * @param encrypted_part_ptr gets ciphertext
2563 * @param encrypted_part_len_ptr gets c-text length
2564 * @param return_value default value (`ThrowException`): throw exception on error.
2565 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2566 * At least the following PKCS#11 return values may be returned:
2567 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2568 * \li DataLenRange \li DeviceError \li DeviceMemory
2569 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2570 * \li GeneralError \li HostMemory \li OK
2571 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2572 * @return true on success, false otherwise
2573 */
2574 bool C_DigestEncryptUpdate(SessionHandle session,
2575 Byte* part_ptr,
2576 Ulong part_len,
2577 Byte* encrypted_part_ptr,
2578 Ulong* encrypted_part_len_ptr,
2579 ReturnValue* return_value = ThrowException) const ;
2580
2581 /**
2582 * C_DecryptDigestUpdate continues a multiple-part decryption and digesting operation.
2583 * @param session session's handle
2584 * @param encrypted_part_ptr ciphertext
2585 * @param encrypted_part_len ciphertext length
2586 * @param part_ptr gets plaintext
2587 * @param part_len_ptr gets plaintext len
2588 * @param return_value default value (`ThrowException`): throw exception on error.
2589 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2590 * At least the following PKCS#11 return values may be returned:
2591 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2592 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2593 * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
2594 * \li FunctionFailed \li GeneralError \li HostMemory
2595 * \li OK \li OperationNotInitialized \li SessionClosed
2596 * \li SessionHandleInvalid
2597 * @return true on success, false otherwise
2598 */
2599 bool C_DecryptDigestUpdate(SessionHandle session,
2600 Byte* encrypted_part_ptr,
2601 Ulong encrypted_part_len,
2602 Byte* part_ptr,
2603 Ulong* part_len_ptr,
2604 ReturnValue* return_value = ThrowException) const;
2605
2606 /**
2607 * C_SignEncryptUpdate continues a multiple-part signing and encryption operation.
2608 * @param session session's handle
2609 * @param part_ptr the plaintext data
2610 * @param part_len plaintext length
2611 * @param encrypted_part_ptr gets ciphertext
2612 * @param encrypted_part_len_ptr gets c-text length
2613 * @param return_value default value (`ThrowException`): throw exception on error.
2614 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2615 * At least the following PKCS#11 return values may be returned:
2616 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2617 * \li DataLenRange \li DeviceError \li DeviceMemory
2618 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2619 * \li GeneralError \li HostMemory \li OK
2620 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2621 * \li UserNotLoggedIn
2622 * @return true on success, false otherwise
2623 */
2624 bool C_SignEncryptUpdate(SessionHandle session,
2625 Byte* part_ptr,
2626 Ulong part_len,
2627 Byte* encrypted_part_ptr,
2628 Ulong* encrypted_part_len_ptr,
2629 ReturnValue* return_value = ThrowException) const;
2630
2631 /**
2632 * C_DecryptVerifyUpdate continues a multiple-part decryption and verify operation.
2633 * @param session session's handle
2634 * @param encrypted_part_ptr ciphertext
2635 * @param encrypted_part_len ciphertext length
2636 * @param part_ptr gets plaintext
2637 * @param part_len_ptr gets p-text length
2638 * @param return_value default value (`ThrowException`): throw exception on error.
2639 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2640 * At least the following PKCS#11 return values may be returned:
2641 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2642 * \li DataLenRange \li DeviceError \li DeviceMemory
2643 * \li DeviceRemoved \li EncryptedDataInvalid \li EncryptedDataLenRange
2644 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2645 * \li HostMemory \li OK \li OperationNotInitialized
2646 * \li SessionClosed \li SessionHandleInvalid
2647 * @return true on success, false otherwise
2648 */
2649 bool C_DecryptVerifyUpdate(SessionHandle session,
2650 Byte* encrypted_part_ptr,
2651 Ulong encrypted_part_len,
2652 Byte* part_ptr,
2653 Ulong* part_len_ptr,
2654 ReturnValue* return_value = ThrowException) const;
2655
2656 /****************************** Key management functions ******************************/
2657
2658 /**
2659 * C_GenerateKey generates a secret key, creating a new key object.
2660 * @param session the session's handle
2661 * @param mechanism_ptr key generation mech.
2662 * @param attribute_template_ptr template for new key
2663 * @param count # of attrs in template
2664 * @param key_ptr gets handle of new key
2665 * @param return_value default value (`ThrowException`): throw exception on error.
2666 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2667 * At least the following PKCS#11 return values may be returned:
2668 * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
2669 * \li AttributeValueInvalid \li CryptokiNotInitialized \li CurveNotSupported
2670 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2671 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2672 * \li HostMemory \li MechanismInvalid \li MechanismParamInvalid
2673 * \li OK \li OperationActive \li PinExpired
2674 * \li SessionClosed \li SessionHandleInvalid \li SessionReadOnly
2675 * \li TemplateIncomplete \li TemplateInconsistent \li TokenWriteProtected
2676 * \li UserNotLoggedIn
2677 * @return true on success, false otherwise
2678 */
2679 bool C_GenerateKey(SessionHandle session,
2680 Mechanism* mechanism_ptr,
2681 Attribute* attribute_template_ptr,
2682 Ulong count,
2683 ObjectHandle* key_ptr,
2684 ReturnValue* return_value = ThrowException) const;
2685
2686 /**
2687 * C_GenerateKeyPair generates a public-key/private-key pair, creating new key objects.
2688 * @param session session handle
2689 * @param mechanism_ptr key-gen mech.
2690 * @param public_key_template_ptr template for pub. key
2691 * @param public_key_attribute_count # pub. attrs.
2692 * @param private_key_template_ptr template for priv. key
2693 * @param private_key_attribute_count # priv. attrs.
2694 * @param public_key_ptr gets pub. key handle
2695 * @param private_key_ptr gets priv. key handle
2696 * @param return_value default value (`ThrowException`): throw exception on error.
2697 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2698 * At least the following PKCS#11 return values may be returned:
2699 * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
2700 * \li AttributeValueInvalid \li CryptokiNotInitialized \li CurveNotSupported
2701 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2702 * \li DomainParamsInvalid \li FunctionCanceled \li FunctionFailed
2703 * \li GeneralError \li HostMemory \li MechanismInvalid
2704 * \li MechanismParamInvalid \li OK \li OperationActive
2705 * \li PinExpired \li SessionClosed \li SessionHandleInvalid
2706 * \li SessionReadOnly \li TemplateIncomplete \li TemplateInconsistent
2707 * \li TokenWriteProtected \li UserNotLoggedIn
2708 * @return true on success, false otherwise
2709 */
2710 bool C_GenerateKeyPair(SessionHandle session,
2711 Mechanism* mechanism_ptr,
2712 Attribute* public_key_template_ptr,
2713 Ulong public_key_attribute_count,
2714 Attribute* private_key_template_ptr,
2715 Ulong private_key_attribute_count,
2716 ObjectHandle* public_key_ptr,
2717 ObjectHandle* private_key_ptr,
2718 ReturnValue* return_value = ThrowException) const;
2719
2720 /**
2721 * C_WrapKey wraps (i.e., encrypts) a key.
2722 * @param session the session's handle
2723 * @param mechanism_ptr the wrapping mechanism
2724 * @param wrapping_key wrapping key
2725 * @param key key to be wrapped
2726 * @param wrapped_key_ptr gets wrapped key
2727 * @param wrapped_key_len_ptr gets wrapped key size
2728 * @param return_value default value (`ThrowException`): throw exception on error.
2729 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2730 * At least the following PKCS#11 return values may be returned:
2731 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2732 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2733 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2734 * \li HostMemory \li KeyHandleInvalid \li KeyNotWrappable
2735 * \li KeySizeRange \li KeyUnextractable \li MechanismInvalid
2736 * \li MechanismParamInvalid \li OK \li OperationActive
2737 * \li PinExpired \li SessionClosed \li SessionHandleInvalid
2738 * \li UserNotLoggedIn \li WrappingKeyHandleInvalid \li WrappingKeySizeRange
2739 * \li WrappingKeyTypeInconsistent
2740 * @return true on success, false otherwise
2741 */
2742 bool C_WrapKey(SessionHandle session,
2743 Mechanism* mechanism_ptr,
2744 ObjectHandle wrapping_key,
2745 ObjectHandle key,
2746 Byte* wrapped_key_ptr,
2747 Ulong* wrapped_key_len_ptr,
2748 ReturnValue* return_value = ThrowException) const;
2749
2750 /**
2751 * C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new key object.
2752 * @param session session's handle
2753 * @param mechanism_ptr unwrapping mech.
2754 * @param unwrapping_key unwrapping key
2755 * @param wrapped_key_ptr the wrapped key
2756 * @param wrapped_key_len wrapped key len
2757 * @param attribute_template_ptr new key template
2758 * @param attribute_count template length
2759 * @param key_ptr gets new handle
2760 * @param return_value default value (`ThrowException`): throw exception on error.
2761 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2762 * At least the following PKCS#11 return values may be returned:
2763 * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
2764 * \li AttributeValueInvalid \li BufferTooSmall \li CryptokiNotInitialized
2765 * \li CurveNotSupported \li DeviceError \li DeviceMemory
2766 * \li DeviceRemoved \li DomainParamsInvalid \li FunctionCanceled
2767 * \li FunctionFailed \li GeneralError \li HostMemory
2768 * \li MechanismInvalid \li MechanismParamInvalid \li OK
2769 * \li OperationActive \li PinExpired \li SessionClosed
2770 * \li SessionHandleInvalid \li SessionReadOnly \li TemplateIncomplete
2771 * \li TemplateInconsistent \li TokenWriteProtected \li UnwrappingKeyHandleInvalid
2772 * \li UnwrappingKeySizeRange \li UnwrappingKeyTypeInconsistent \li UserNotLoggedIn
2773 * \li WrappedKeyInvalid \li WrappedKeyLenRange
2774 * @return true on success, false otherwise
2775 */
2776 bool C_UnwrapKey(SessionHandle session,
2777 Mechanism* mechanism_ptr,
2778 ObjectHandle unwrapping_key,
2779 Byte* wrapped_key_ptr,
2780 Ulong wrapped_key_len,
2781 Attribute* attribute_template_ptr,
2782 Ulong attribute_count,
2783 ObjectHandle* key_ptr,
2784 ReturnValue* return_value = ThrowException) const;
2785
2786 /**
2787 * C_DeriveKey derives a key from a base key, creating a new key object.
2788 * @param session session's handle
2789 * @param mechanism_ptr key deriv. mech.
2790 * @param base_key base key
2791 * @param attribute_template_ptr new key template
2792 * @param attribute_count template length
2793 * @param key_ptr gets new handle
2794 * @param return_value default value (`ThrowException`): throw exception on error.
2795 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2796 * At least the following PKCS#11 return values may be returned:
2797 * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
2798 * \li AttributeValueInvalid \li CryptokiNotInitialized \li CurveNotSupported
2799 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2800 * \li DomainParamsInvalid \li FunctionCanceled \li FunctionFailed
2801 * \li GeneralError \li HostMemory \li KeyHandleInvalid
2802 * \li KeySizeRange \li KeyTypeInconsistent \li MechanismInvalid
2803 * \li MechanismParamInvalid \li OK \li OperationActive
2804 * \li PinExpired \li SessionClosed \li SessionHandleInvalid
2805 * \li SessionReadOnly \li TemplateIncomplete \li TemplateInconsistent
2806 * \li TokenWriteProtected \li UserNotLoggedIn
2807 * @return true on success, false otherwise
2808 */
2809 bool C_DeriveKey(SessionHandle session,
2810 Mechanism* mechanism_ptr,
2811 ObjectHandle base_key,
2812 Attribute* attribute_template_ptr,
2813 Ulong attribute_count,
2814 ObjectHandle* key_ptr,
2815 ReturnValue* return_value = ThrowException) const;
2816
2817 /****************************** Random number generation functions ******************************/
2818
2819 /**
2820 * C_SeedRandom mixes additional seed material into the token's random number generator.
2821 * @param session the session's handle
2822 * @param seed_ptr the seed material
2823 * @param seed_len length of seed material
2824 * @param return_value default value (`ThrowException`): throw exception on error.
2825 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2826 * At least the following PKCS#11 return values may be returned:
2827 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2828 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2829 * \li FunctionFailed \li GeneralError \li HostMemory
2830 * \li OK \li OperationActive \li RandomSeedNotSupported
2831 * \li RandomNoRng \li SessionClosed \li SessionHandleInvalid
2832 * \li UserNotLoggedIn
2833 * @return true on success, false otherwise
2834 */
2835 bool C_SeedRandom(SessionHandle session,
2836 const Byte* seed_ptr,
2837 Ulong seed_len,
2838 ReturnValue* return_value = ThrowException) const;
2839
2840 /**
2841 * C_GenerateRandom generates random data.
2842 * @param session the session's handle
2843 * @param random_data_ptr receives the random data
2844 * @param random_len # of bytes to generate
2845 * @param return_value default value (`ThrowException`): throw exception on error.
2846 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2847 * At least the following PKCS#11 return values may be returned:
2848 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2849 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2850 * \li FunctionFailed \li GeneralError \li HostMemory
2851 * \li OK \li OperationActive \li RandomNoRng
2852 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2853 * @return true on success, false otherwise
2854 */
2855 bool C_GenerateRandom(SessionHandle session,
2856 Byte* random_data_ptr,
2857 Ulong random_len,
2858 ReturnValue* return_value = ThrowException) const;
2859
2860 /****************************** Parallel function management functions ******************************/
2861
2862 /**
2863 * C_GetFunctionStatus is a legacy function; it obtains an updated status of a function running in parallel with an application.
2864 * @param session the session's handle
2865 * @param return_value default value (`ThrowException`): throw exception on error.
2866 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2867 * At least the following PKCS#11 return values may be returned:
2868 * \li CryptokiNotInitialized \li FunctionFailed \li FunctionNotParallel
2869 * \li GeneralError \li HostMemory \li SessionHandleInvalid
2870 * \li SessionClosed
2871 * @return true on success, false otherwise
2872 */
2873 bool C_GetFunctionStatus(SessionHandle session,
2874 ReturnValue* return_value = ThrowException) const;
2875
2876 /**
2877 * C_CancelFunction is a legacy function; it cancels a function running in parallel.
2878 * @param session the session's handle
2879 * @param return_value default value (`ThrowException`): throw exception on error.
2880 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2881 * At least the following PKCS#11 return values may be returned:
2882 * \li CryptokiNotInitialized \li FunctionFailed \li FunctionNotParallel
2883 * \li GeneralError \li HostMemory \li SessionHandleInvalid
2884 * \li SessionClosed
2885 * @return true on success, false otherwise
2886 */
2887 bool C_CancelFunction(SessionHandle session,
2888 ReturnValue* return_value = ThrowException) const;
2889
2890 /**
2891 * Return the PKCS11 function list that this LowLevel class contains.
2892 *
2893 * This is primarily useful when invoking vendor specific extension
2894 * functions which are not supported directly by LowLevel or the higher
2895 * level PKCS11 API.
2896 */
2897 FunctionListPtr get_functions() const { return m_func_list_ptr; }
2898
2899 protected:
2900 /**
2901 * A helper for error handling. This is exposed as a protected member so that
2902 * it is possible for an application to inherit from LowLevel in order to
2903 * implement wrappers for vendor specific extensions using the same error
2904 * handling mechanisms as the rest of the library.
2905 */
2906 static bool handle_return_value(const CK_RV function_result, ReturnValue* return_value);
2907 private:
2908 const FunctionListPtr m_func_list_ptr;
2909 };
2910
2912 {
2913 public:
2914 explicit PKCS11_Error(std::string_view what) :
2915 Exception("PKCS11 error", what)
2916 {
2917 }
2918
2919 ErrorType error_type() const noexcept override { return ErrorType::Pkcs11Error; }
2920 };
2921
2923 {
2924 public:
2925 explicit PKCS11_ReturnError(ReturnValue return_val) :
2926 PKCS11_Error(std::to_string(static_cast< uint32_t >(return_val))),
2927 m_return_val(return_val)
2928 {}
2929
2931 {
2932 return m_return_val;
2933 }
2934
2935 int error_code() const noexcept override
2936 {
2937 return static_cast<int>(m_return_val);
2938 }
2939
2940 private:
2941 const ReturnValue m_return_val;
2942 };
2943
2944}
2945
2946}
2947
2948#endif
Provides access to all PKCS#11 functions.
Definition: p11.h:904
bool C_InitPIN(SessionHandle session, const std::vector< uint8_t, TAlloc > &pin, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1206
bool C_SetAttributeValue(SessionHandle session, ObjectHandle object, std::map< AttributeType, std::vector< uint8_t, TAlloc > > &attribute_values, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1667
bool C_Sign(SessionHandle session, const std::vector< uint8_t, TAllocA > &data, std::vector< uint8_t, TAllocB > &signature, ReturnValue *return_value=ThrowException) const
Definition: p11.h:2188
bool C_SetPIN(SessionHandle session, const std::vector< uint8_t, TAlloc > &old_pin, const std::vector< uint8_t, TAlloc > &new_pin, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1258
bool C_SignUpdate(SessionHandle session, const std::vector< uint8_t, TAlloc > &part, ReturnValue *return_value=ThrowException) const
Definition: p11.h:2253
bool C_InitToken(SlotId slot_id, const std::vector< uint8_t, TAlloc > &so_pin, std::string_view label, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1151
bool C_Login(SessionHandle session, UserType user_type, const std::vector< uint8_t, TAlloc > &pin, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1432
bool C_Encrypt(SessionHandle session, const std::vector< uint8_t, TAllocA > &plaintext_data, std::vector< uint8_t, TAllocB > &encrypted_data, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1807
bool C_Verify(SessionHandle session, const std::vector< uint8_t, TAllocA > &data, std::vector< uint8_t, TAllocB > &signature, ReturnValue *return_value=ThrowException) const
Definition: p11.h:2432
bool C_Decrypt(SessionHandle session, const std::vector< uint8_t, TAllocA > &encrypted_data, std::vector< uint8_t, TAllocB > &decrypted_data, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1945
bool C_VerifyUpdate(SessionHandle session, std::vector< uint8_t, TAlloc > part, ReturnValue *return_value=ThrowException) const
Definition: p11.h:2480
bool C_SignFinal(SessionHandle session, std::vector< uint8_t, TAlloc > &signature, ReturnValue *return_value=ThrowException) const
Definition: p11.h:2300
FunctionListPtr get_functions() const
Definition: p11.h:2897
bool C_GetAttributeValue(SessionHandle session, ObjectHandle object, std::map< AttributeType, std::vector< uint8_t, TAlloc > > &attribute_values, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1587
ErrorType error_type() const noexcept override
Definition: p11.h:2919
PKCS11_Error(std::string_view what)
Definition: p11.h:2914
int error_code() const noexcept override
Definition: p11.h:2935
ReturnValue get_return_value() const
Definition: p11.h:2930
PKCS11_ReturnError(ReturnValue return_val)
Definition: p11.h:2925
int(* final)(unsigned char *, CTX *)
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31
PseudoRandom
Definition: p11.h:695
ReturnValue * ThrowException
Definition: p11.cpp:20
CK_BBOOL Bbool
Definition: p11.h:836
KeyDerivation
Definition: p11.h:196
CK_FLAGS Flags
Definition: p11.h:834
PublicPointEncoding
Definition: p11.h:822
AttributeType
Definition: p11.h:66
CK_NOTIFY Notify
Definition: p11.h:844
CertificateType
Definition: p11.h:178
void change_pin(Slot &slot, const secure_string &old_pin, const secure_string &new_pin)
Definition: p11.cpp:51
void change_so_pin(Slot &slot, const secure_string &old_so_pin, const secure_string &new_so_pin)
Definition: p11.cpp:58
MechanismType
Definition: p11.h:338
CK_FUNCTION_LIST_PTR FunctionListPtr
Definition: p11.h:827
CK_ULONG Ulong
Definition: p11.h:838
secure_vector< uint8_t > secure_string
Definition: p11.h:63
CK_UNLOCKMUTEX UnlockMutex
Definition: p11.h:833
Notification
Definition: p11.h:675
CK_DESTROYMUTEX DestroyMutex
Definition: p11.h:831
CK_VOID_PTR VoidPtr
Definition: p11.h:828
Flag operator|(Flag a, Flag b)
Definition: p11.h:267
CK_LOCKMUTEX LockMutex
Definition: p11.h:832
CK_SESSION_HANDLE SessionHandle
Definition: p11.h:845
const Bbool True
Definition: p11.h:857
SessionState
Definition: p11.h:707
const Bbool False
Definition: p11.h:858
void set_pin(Slot &slot, const secure_string &so_pin, const secure_string &pin)
Definition: p11.cpp:65
CK_OBJECT_HANDLE ObjectHandle
Definition: p11.h:848
CertificateCategory
Definition: p11.h:188
CK_CREATEMUTEX CreateMutex
Definition: p11.h:830
CK_BYTE Byte
Definition: p11.h:849
CK_SLOT_ID SlotId
Definition: p11.h:837
Flags flags(Flag flags)
Definition: p11.h:860
CK_UTF8CHAR Utf8Char
Definition: p11.h:843
HardwareType
Definition: p11.h:282
void initialize_token(Slot &slot, std::string_view label, const secure_string &so_pin, const secure_string &pin)
Definition: p11.cpp:45
Definition: alg_id.cpp:12
ErrorType
Definition: exceptn.h:20
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:64
Definition: bigint.h:1092
#define CKD_NULL
Definition: pkcs11t.h:1290
#define CKA_NEVER_EXTRACTABLE
Definition: pkcs11t.h:496
#define CKM_SEED_KEY_GEN
Definition: pkcs11t.h:856
#define CKM_TLS_MASTER_KEY_DERIVE
Definition: pkcs11t.h:775
#define CKD_SHA1_KDF
Definition: pkcs11t.h:1291
#define CKD_SHA256_KDF
Definition: pkcs11t.h:1297
#define CKR_NEXT_OTP
Definition: pkcs11t.h:1148
#define CKK_DES3
Definition: pkcs11t.h:351
#define CKM_DSA_PARAMETER_GEN
Definition: pkcs11t.h:957
#define CKR_SESSION_COUNT
Definition: pkcs11t.h:1097
#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE
Definition: pkcs11t.h:816
#define CKM_CONCATENATE_BASE_AND_DATA
Definition: pkcs11t.h:765
#define CKM_PKCS5_PBKD2
Definition: pkcs11t.h:807
#define CKM_AES_GMAC
Definition: pkcs11t.h:928
#define CKM_KIP_DERIVE
Definition: pkcs11t.h:833
#define CKR_DEVICE_MEMORY
Definition: pkcs11t.h:1061
#define CKA_JAVA_MIDP_SECURITY_DOMAIN
Definition: pkcs11t.h:452
#define CKM_SSL3_SHA1_MAC
Definition: pkcs11t.h:782
#define CKA_OTP_TIME_INTERVAL
Definition: pkcs11t.h:522
#define CKK_RC4
Definition: pkcs11t.h:348
#define CKA_TOKEN
Definition: pkcs11t.h:438
#define CKA_SECONDARY_AUTH
Definition: pkcs11t.h:510
#define CKR_GENERAL_ERROR
Definition: pkcs11t.h:1043
#define CKR_MECHANISM_INVALID
Definition: pkcs11t.h:1083
#define CKR_SLOT_ID_INVALID
Definition: pkcs11t.h:1041
#define CKC_VENDOR_DEFINED
Definition: pkcs11t.h:410
#define CKG_MGF1_SHA256
Definition: pkcs11t.h:1247
#define CKM_SSL3_MASTER_KEY_DERIVE
Definition: pkcs11t.h:770
#define CKM_RSA_PKCS
Definition: pkcs11t.h:587
#define CKM_ECDSA_SHA1
Definition: pkcs11t.h:892
#define CKR_KEY_CHANGED
Definition: pkcs11t.h:1076
#define CKK_SHA224_HMAC
Definition: pkcs11t.h:378
#define CKM_IDEA_ECB
Definition: pkcs11t.h:758
#define CKD_SHA512_KDF
Definition: pkcs11t.h:1299
#define CKA_START_DATE
Definition: pkcs11t.h:472
#define CKK_DH
Definition: pkcs11t.h:341
#define CKK_RC5
Definition: pkcs11t.h:356
#define CKR_ATTRIBUTE_TYPE_INVALID
Definition: pkcs11t.h:1053
#define CKA_OTP_SERVICE_IDENTIFIER
Definition: pkcs11t.h:531
CK_BYTE CK_UTF8CHAR
Definition: pkcs11t.h:42
#define CKM_GOSTR3411_HMAC
Definition: pkcs11t.h:950
#define CKM_WTLS_PRE_MASTER_KEY_GEN
Definition: pkcs11t.h:811
#define CKA_AUTH_PIN_FLAGS
Definition: pkcs11t.h:511
#define CKM_DES3_CMAC
Definition: pkcs11t.h:672
#define CKM_RC2_MAC
Definition: pkcs11t.h:648
#define CKM_SHA256_KEY_DERIVATION
Definition: pkcs11t.h:787
#define CKA_SERIAL_NUMBER
Definition: pkcs11t.h:446
#define CKK_DES2
Definition: pkcs11t.h:350
#define CKM_CAST5_MAC_GENERAL
Definition: pkcs11t.h:747
#define CKF_LOGIN_REQUIRED
Definition: pkcs11t.h:157
#define CKF_HW_SLOT
Definition: pkcs11t.h:124
#define CKO_PUBLIC_KEY
Definition: pkcs11t.h:312
#define CKF_EC_UNCOMPRESS
Definition: pkcs11t.h:1026
#define CKA_SUB_PRIME_BITS
Definition: pkcs11t.h:490
#define CKM_RSA_X_509
Definition: pkcs11t.h:589
#define CKF_LIBRARY_CANT_CREATE_OS_THREADS
Definition: pkcs11t.h:1225
#define CKM_SEED_MAC_GENERAL
Definition: pkcs11t.h:860
#define CKF_PROTECTED_AUTHENTICATION_PATH
Definition: pkcs11t.h:177
#define CKA_ISSUER
Definition: pkcs11t.h:445
#define CKM_ARIA_KEY_GEN
Definition: pkcs11t.h:847
#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY
Definition: pkcs11t.h:454
#define CKR_FUNCTION_CANCELED
Definition: pkcs11t.h:1065
#define CKM_DSA_PROBABLISTIC_PARAMETER_GEN
Definition: pkcs11t.h:960
#define CKM_AES_CTR
Definition: pkcs11t.h:919
#define CKM_TLS12_MAC
Definition: pkcs11t.h:820
#define CKM_DES3_CBC
Definition: pkcs11t.h:666
#define CKM_TWOFISH_CBC_PAD
Definition: pkcs11t.h:935
#define CKM_AES_CMAC
Definition: pkcs11t.h:923
#define CKM_SKIPJACK_CFB8
Definition: pkcs11t.h:872
#define CKM_RSA_X9_31_KEY_PAIR_GEN
Definition: pkcs11t.h:599
#define CKR_KEY_UNEXTRACTABLE
Definition: pkcs11t.h:1081
#define CKR_DATA_INVALID
Definition: pkcs11t.h:1058
#define CKR_UNWRAPPING_KEY_HANDLE_INVALID
Definition: pkcs11t.h:1113
#define CKM_CONCATENATE_BASE_AND_KEY
Definition: pkcs11t.h:764
#define CKR_NEED_TO_CREATE_THREADS
Definition: pkcs11t.h:1048
#define CKK_SHA256_HMAC
Definition: pkcs11t.h:375
#define CKM_SHA512_256
Definition: pkcs11t.h:635
#define CKM_SEED_ECB_ENCRYPT_DATA
Definition: pkcs11t.h:862
#define CKR_WRAPPING_KEY_SIZE_RANGE
Definition: pkcs11t.h:1127
#define CKM_FORTEZZA_TIMESTAMP
Definition: pkcs11t.h:879
#define CKS_RW_PUBLIC_SESSION
Definition: pkcs11t.h:274
#define CKR_MECHANISM_PARAM_INVALID
Definition: pkcs11t.h:1084
#define CKA_SUPPORTED_CMS_ATTRIBUTES
Definition: pkcs11t.h:556
#define CKF_TOKEN_INITIALIZED
Definition: pkcs11t.h:193
#define CKR_TOKEN_NOT_RECOGNIZED
Definition: pkcs11t.h:1111
#define CKM_MD5
Definition: pkcs11t.h:690
#define CKM_SHA512_HMAC_GENERAL
Definition: pkcs11t.h:718
#define CKM_CAST3_ECB
Definition: pkcs11t.h:733
#define CKM_SKIPJACK_CFB64
Definition: pkcs11t.h:869
#define CKM_DES_CBC_ENCRYPT_DATA
Definition: pkcs11t.h:938
#define CK_FALSE
Definition: pkcs11t.h:24
#define CKC_WTLS
Definition: pkcs11t.h:409
#define CKM_SHA_1_HMAC
Definition: pkcs11t.h:697
#define CKD_SHA1_KDF_ASN1
Definition: pkcs11t.h:1294
#define CKR_ATTRIBUTE_SENSITIVE
Definition: pkcs11t.h:1052
#define CKG_MGF1_SHA512
Definition: pkcs11t.h:1249
#define CKM_CAMELLIA_MAC
Definition: pkcs11t.h:840
#define CKM_IDEA_KEY_GEN
Definition: pkcs11t.h:757
#define CKM_ECDH1_COFACTOR_DERIVE
Definition: pkcs11t.h:899
#define CKR_RANDOM_NO_RNG
Definition: pkcs11t.h:1131
#define CKM_ARIA_CBC_ENCRYPT_DATA
Definition: pkcs11t.h:854
#define CKM_CAMELLIA_KEY_GEN
Definition: pkcs11t.h:837
#define CKR_PIN_LEN_RANGE
Definition: pkcs11t.h:1091
#define CKC_X_509
Definition: pkcs11t.h:407
#define CKF_DIGEST
Definition: pkcs11t.h:1008
#define CKF_USER_PIN_FINAL_TRY
Definition: pkcs11t.h:210
#define CKM_ECDSA_SHA224
Definition: pkcs11t.h:893
#define CKF_DERIVE
Definition: pkcs11t.h:1017
#define CKM_BATON_KEY_GEN
Definition: pkcs11t.h:880
#define CKR_DEVICE_ERROR
Definition: pkcs11t.h:1060
#define CKA_PRIVATE_EXPONENT
Definition: pkcs11t.h:477
#define CKR_RANDOM_SEED_NOT_SUPPORTED
Definition: pkcs11t.h:1129
#define CKA_RESOLUTION
Definition: pkcs11t.h:545
#define CKR_SESSION_PARALLEL_NOT_SUPPORTED
Definition: pkcs11t.h:1099
#define CKM_MD2
Definition: pkcs11t.h:685
#define CKM_BATON_CBC128
Definition: pkcs11t.h:883
#define CKM_DSA
Definition: pkcs11t.h:606
#define CKA_ID
Definition: pkcs11t.h:461
#define CKA_OBJECT_ID
Definition: pkcs11t.h:443
#define CKM_AES_CFB8
Definition: pkcs11t.h:965
#define CKM_CMS_SIG
Definition: pkcs11t.h:832
#define CKA_APPLICATION
Definition: pkcs11t.h:441
#define CKM_RIPEMD128
Definition: pkcs11t.h:700
#define CKF_VERIFY
Definition: pkcs11t.h:1011
#define CKM_AES_CBC_PAD
Definition: pkcs11t.h:918
#define CKG_MGF1_SHA224
Definition: pkcs11t.h:1250
#define CKM_CAST3_CBC
Definition: pkcs11t.h:734
#define CKM_ECDH1_DERIVE
Definition: pkcs11t.h:898
#define CKM_VENDOR_DEFINED
Definition: pkcs11t.h:975
#define CKR_ATTRIBUTE_READ_ONLY
Definition: pkcs11t.h:1051
#define CKR_KEY_FUNCTION_NOT_PERMITTED
Definition: pkcs11t.h:1079
#define CKA_HW_FEATURE_TYPE
Definition: pkcs11t.h:539
#define CKM_TWOFISH_KEY_GEN
Definition: pkcs11t.h:932
#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT
Definition: pkcs11t.h:1128
#define CKN_SURRENDER
Definition: pkcs11t.h:101
#define CKK_CAST128
Definition: pkcs11t.h:355
#define CKA_VERIFY_RECOVER
Definition: pkcs11t.h:470
#define CKK_CAST5
Definition: pkcs11t.h:354
#define CKM_SHA512_224_HMAC_GENERAL
Definition: pkcs11t.h:633
#define CKM_SKIPJACK_RELAYX
Definition: pkcs11t.h:875
CK_ULONG CK_RV
Definition: pkcs11t.h:1036
#define CKM_SHA512_224_HMAC
Definition: pkcs11t.h:632
#define CKR_SESSION_EXISTS
Definition: pkcs11t.h:1101
#define CKM_MD5_HMAC_GENERAL
Definition: pkcs11t.h:693
#define CKM_MD2_RSA_PKCS
Definition: pkcs11t.h:591
#define CKR_FUNCTION_REJECTED
Definition: pkcs11t.h:1156
#define CKM_SHA_1_HMAC_GENERAL
Definition: pkcs11t.h:698
#define CKM_TLS10_MAC_CLIENT
Definition: pkcs11t.h:819
unsigned long int CK_ULONG
Definition: pkcs11t.h:48
#define CKO_SECRET_KEY
Definition: pkcs11t.h:314
#define CKK_RSA
Definition: pkcs11t.h:339
#define CKM_JUNIPER_ECB128
Definition: pkcs11t.h:906
#define CKA_PUBLIC_EXPONENT
Definition: pkcs11t.h:476
#define CKM_SKIPJACK_CBC64
Definition: pkcs11t.h:867
#define CKM_DES_ECB
Definition: pkcs11t.h:656
#define CKM_CAST_CBC
Definition: pkcs11t.h:728
#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE
Definition: pkcs11t.h:815
#define CKM_PBE_SHA1_DES2_EDE_CBC
Definition: pkcs11t.h:803
#define CKM_X9_42_DH_KEY_PAIR_GEN
Definition: pkcs11t.h:616
#define CKK_CAMELLIA
Definition: pkcs11t.h:368
#define CKA_MODIFIABLE
Definition: pkcs11t.h:500
#define CRYPTOKI_VERSION_MINOR
Definition: pkcs11t.h:20
#define CKK_SEED
Definition: pkcs11t.h:380
#define CKM_RC5_MAC
Definition: pkcs11t.h:754
#define CKM_RSA_PKCS_KEY_PAIR_GEN
Definition: pkcs11t.h:586
#define CKR_SESSION_READ_ONLY
Definition: pkcs11t.h:1100
#define CKK_KEA
Definition: pkcs11t.h:345
#define CKM_RC2_CBC
Definition: pkcs11t.h:647
#define CKA_OTP_TIME_REQUIREMENT
Definition: pkcs11t.h:525
#define CKM_PBE_MD5_CAST5_CBC
Definition: pkcs11t.h:796
#define CKM_KEA_KEY_DERIVE
Definition: pkcs11t.h:877
#define CKC_X_509_ATTR_CERT
Definition: pkcs11t.h:408
#define CKM_JUNIPER_KEY_GEN
Definition: pkcs11t.h:905
#define CKM_RC5_CBC
Definition: pkcs11t.h:753
#define CKM_ARIA_CBC_PAD
Definition: pkcs11t.h:852
#define CKR_ENCRYPTED_DATA_LEN_RANGE
Definition: pkcs11t.h:1064
#define CKM_SHA512_KEY_DERIVATION
Definition: pkcs11t.h:789
#define CKA_BITS_PER_PIXEL
Definition: pkcs11t.h:549
#define CKR_SIGNATURE_INVALID
Definition: pkcs11t.h:1106
#define CKA_AC_ISSUER
Definition: pkcs11t.h:447
#define CKM_TLS_KDF
Definition: pkcs11t.h:827
#define CKM_AES_MAC_GENERAL
Definition: pkcs11t.h:917
#define CKM_CAST128_CBC_PAD
Definition: pkcs11t.h:750
#define CKM_BATON_ECB128
Definition: pkcs11t.h:881
#define CKA_OTP_USER_IDENTIFIER
Definition: pkcs11t.h:530
#define CKM_BLOWFISH_CBC
Definition: pkcs11t.h:931
#define CKM_FASTHASH
Definition: pkcs11t.h:911
#define CKR_SESSION_HANDLE_INVALID
Definition: pkcs11t.h:1098
#define CKF_EC_F_2M
Definition: pkcs11t.h:1023
#define CKM_ARIA_ECB
Definition: pkcs11t.h:848
#define CK_CERTIFICATE_CATEGORY_OTHER_ENTITY
Definition: pkcs11t.h:398
#define CKO_CERTIFICATE
Definition: pkcs11t.h:311
#define CKA_CHECK_VALUE
Definition: pkcs11t.h:457
#define CKM_DES_CBC
Definition: pkcs11t.h:657
#define CKF_USER_PIN_INITIALIZED
Definition: pkcs11t.h:158
CK_ULONG CK_NOTIFICATION
Definition: pkcs11t.h:100
#define CKM_CAST5_MAC
Definition: pkcs11t.h:745
#define CKA_PUBLIC_KEY_INFO
Definition: pkcs11t.h:483
#define CKA_OTP_USER_FRIENDLY_MODE
Definition: pkcs11t.h:523
#define CKM_SHA384_HMAC_GENERAL
Definition: pkcs11t.h:715
#define CKF_RW_SESSION
Definition: pkcs11t.h:289
#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN
Definition: pkcs11t.h:1121
#define CKM_SECURID_KEY_GEN
Definition: pkcs11t.h:719
#define CKM_IDEA_MAC_GENERAL
Definition: pkcs11t.h:761
#define CKS_RO_USER_FUNCTIONS
Definition: pkcs11t.h:273
#define CKM_TLS_KEY_AND_MAC_DERIVE
Definition: pkcs11t.h:776
#define CKM_GOST28147_ECB
Definition: pkcs11t.h:952
#define CKA_PRIME
Definition: pkcs11t.h:484
#define CKR_ARGUMENTS_BAD
Definition: pkcs11t.h:1046
#define CKM_SECURID
Definition: pkcs11t.h:720
#define CKM_AES_CCM
Definition: pkcs11t.h:921
#define CKR_CANCEL
Definition: pkcs11t.h:1039
#define CKM_SHA512_224_KEY_DERIVATION
Definition: pkcs11t.h:634
#define CKM_SHA256
Definition: pkcs11t.h:707
#define CKM_IDEA_CBC_PAD
Definition: pkcs11t.h:762
#define CKM_SHA512_T_HMAC_GENERAL
Definition: pkcs11t.h:642
#define CKK_BLOWFISH
Definition: pkcs11t.h:363
#define CKM_CDMF_CBC_PAD
Definition: pkcs11t.h:678
#define CKU_USER
Definition: pkcs11t.h:266
#define CKR_PIN_TOO_WEAK
Definition: pkcs11t.h:1153
#define CKA_MODULUS
Definition: pkcs11t.h:474
unsigned char CK_BYTE
Definition: pkcs11t.h:36
#define CKM_AES_CFB64
Definition: pkcs11t.h:964
#define CKM_TLS_MASTER_KEY_DERIVE_DH
Definition: pkcs11t.h:777
#define CKA_PRIVATE
Definition: pkcs11t.h:439
#define CKM_DES_KEY_GEN
Definition: pkcs11t.h:655
CK_ULONG CK_SLOT_ID
Definition: pkcs11t.h:104
CK_ULONG CK_FLAGS
Definition: pkcs11t.h:54
#define CKR_PIN_EXPIRED
Definition: pkcs11t.h:1093
#define CKM_CAST3_MAC_GENERAL
Definition: pkcs11t.h:736
CK_ULONG CK_OBJECT_CLASS
Definition: pkcs11t.h:307
#define CKM_CAST5_CBC_PAD
Definition: pkcs11t.h:749
#define CKM_PBE_SHA1_RC2_128_CBC
Definition: pkcs11t.h:804
#define CKG_MGF1_SHA384
Definition: pkcs11t.h:1248
#define CKR_PIN_LOCKED
Definition: pkcs11t.h:1094
#define CKA_PRIME_1
Definition: pkcs11t.h:478
#define CKA_NAME_HASH_ALGORITHM
Definition: pkcs11t.h:456
#define CKM_DSA_SHA512
Definition: pkcs11t.h:611
#define CKM_SSL3_PRE_MASTER_KEY_GEN
Definition: pkcs11t.h:769
#define CKM_SSL3_MASTER_KEY_DERIVE_DH
Definition: pkcs11t.h:773
#define CKM_IDEA_MAC
Definition: pkcs11t.h:760
#define CKR_LIBRARY_LOAD_FAILED
Definition: pkcs11t.h:1152
#define CKM_MD5_RSA_PKCS
Definition: pkcs11t.h:592
#define CKM_DSA_SHA384
Definition: pkcs11t.h:610
#define CKM_RIPEMD128_HMAC_GENERAL
Definition: pkcs11t.h:702
#define CKF_WRAP
Definition: pkcs11t.h:1015
#define CKK_DES
Definition: pkcs11t.h:349
#define CKM_PBA_SHA1_WITH_SHA1_HMAC
Definition: pkcs11t.h:809
#define CKA_OTP_SERVICE_LOGO_TYPE
Definition: pkcs11t.h:533
CK_ULONG CK_SESSION_HANDLE
Definition: pkcs11t.h:256
#define CKA_OTP_CHALLENGE_REQUIREMENT
Definition: pkcs11t.h:524
#define CKK_ACTI
Definition: pkcs11t.h:367
#define CKR_CANT_LOCK
Definition: pkcs11t.h:1049
#define CKM_DES_CBC_PAD
Definition: pkcs11t.h:661
#define CKR_TOKEN_NOT_PRESENT
Definition: pkcs11t.h:1110
#define CKA_OTP_FORMAT
Definition: pkcs11t.h:520
#define CKF_EXTENSION
Definition: pkcs11t.h:1029
#define CKM_SHA512_T
Definition: pkcs11t.h:640
#define CKM_DES3_CBC_PAD
Definition: pkcs11t.h:670
#define CKM_SHA512_T_KEY_DERIVATION
Definition: pkcs11t.h:643
#define CKA_EC_POINT
Definition: pkcs11t.h:508
#define CKR_CRYPTOKI_NOT_INITIALIZED
Definition: pkcs11t.h:1142
#define CKM_KEA_DERIVE
Definition: pkcs11t.h:878
#define CKM_DH_PKCS_DERIVE
Definition: pkcs11t.h:614
#define CKM_CAMELLIA_MAC_GENERAL
Definition: pkcs11t.h:841
#define CKA_SENSITIVE
Definition: pkcs11t.h:462
#define CKM_MD2_HMAC_GENERAL
Definition: pkcs11t.h:688
#define CKF_EC_F_P
Definition: pkcs11t.h:1022
#define CKM_SEED_CBC_ENCRYPT_DATA
Definition: pkcs11t.h:863
#define CKM_DES3_CMAC_GENERAL
Definition: pkcs11t.h:671
#define CKR_PIN_INCORRECT
Definition: pkcs11t.h:1089
#define CKM_CAST128_MAC_GENERAL
Definition: pkcs11t.h:748
#define CKM_ARIA_CBC
Definition: pkcs11t.h:849
#define CK_CERTIFICATE_CATEGORY_TOKEN_USER
Definition: pkcs11t.h:396
#define CKM_CAMELLIA_CTR
Definition: pkcs11t.h:845
#define CKM_PBE_SHA1_RC4_40
Definition: pkcs11t.h:801
#define CKM_PBE_SHA1_CAST5_CBC
Definition: pkcs11t.h:798
#define CKM_TLS10_MAC_SERVER
Definition: pkcs11t.h:818
#define CKM_X9_42_DH_DERIVE
Definition: pkcs11t.h:617
#define CKF_GENERATE_KEY_PAIR
Definition: pkcs11t.h:1014
#define CKM_AES_KEY_WRAP
Definition: pkcs11t.h:969
#define CKM_SKIPJACK_PRIVATE_WRAP
Definition: pkcs11t.h:874
#define CKF_SIGN_RECOVER
Definition: pkcs11t.h:1010
#define CKA_SIGN_RECOVER
Definition: pkcs11t.h:468
#define CKM_KEY_WRAP_LYNKS
Definition: pkcs11t.h:829
#define CKM_SHA512_RSA_PKCS_PSS
Definition: pkcs11t.h:626
#define CKM_CAST5_KEY_GEN
Definition: pkcs11t.h:739
#define CKF_REMOVABLE_DEVICE
Definition: pkcs11t.h:123
#define CKP_PKCS5_PBKD2_HMAC_SHA512_256
Definition: pkcs11t.h:1726
#define CKM_CAMELLIA_CBC
Definition: pkcs11t.h:839
#define CKM_ECDSA_SHA512
Definition: pkcs11t.h:896
#define CKM_RSA_PKCS_OAEP
Definition: pkcs11t.h:597
#define CKM_DES_OFB64
Definition: pkcs11t.h:680
#define CKR_WRAPPED_KEY_INVALID
Definition: pkcs11t.h:1124
#define CKF_SECONDARY_AUTHENTICATION
Definition: pkcs11t.h:199
#define CKO_OTP_KEY
Definition: pkcs11t.h:318
#define CKM_PBE_SHA1_RC4_128
Definition: pkcs11t.h:800
#define CKM_CDMF_MAC
Definition: pkcs11t.h:676
#define CKM_RSA_PKCS_OAEP_TPM_1_1
Definition: pkcs11t.h:973
#define CKM_SHA512_RSA_PKCS
Definition: pkcs11t.h:623
#define CKA_EXPONENT_1
Definition: pkcs11t.h:480
#define CKM_DES3_MAC_GENERAL
Definition: pkcs11t.h:669