Botan  2.8.0
Crypto and TLS for C++11
p11.h
Go to the documentation of this file.
1 /*
2 * PKCS#11
3 * (C) 2016 Daniel Neus, Sirrix AG
4 * (C) 2016 Philipp Weber, Sirrix AG
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8 
9 #ifndef BOTAN_P11_H_
10 #define BOTAN_P11_H_
11 
12 #include <botan/secmem.h>
13 #include <botan/exceptn.h>
14 #include <botan/dyn_load.h>
15 
16 #include <vector>
17 #include <string>
18 #include <map>
19 
20 #define CK_PTR *
21 
22 #if defined(_MSC_VER)
23 #define CK_DECLARE_FUNCTION(returnType, name) \
24  returnType __declspec(dllimport) name
25 #else
26 #define CK_DECLARE_FUNCTION(returnType, name) \
27  returnType name
28 #endif
29 
30 #if defined(_MSC_VER)
31 #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
32  returnType __declspec(dllimport) (* name)
33 #else
34 #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
35  returnType (* name)
36 #endif
37 
38 #define CK_CALLBACK_FUNCTION(returnType, name) \
39  returnType (* name)
40 
41 #ifndef NULL_PTR
42  #define NULL_PTR nullptr
43 #endif
44 
45 #if defined(_MSC_VER)
46  #pragma pack(push, cryptoki, 1)
47 #endif
48 
49 #include "pkcs11.h"
50 
51 #if defined(_MSC_VER)
52  #pragma pack(pop, cryptoki)
53 #endif
54 
55 static_assert(CRYPTOKI_VERSION_MAJOR == 2 && CRYPTOKI_VERSION_MINOR == 40,
56  "The Botan PKCS#11 module was implemented against PKCS#11 v2.40. Please use the correct PKCS#11 headers.");
57 
58 namespace Botan {
59 namespace PKCS11 {
60 
62 
64  {
65  Class = CKA_CLASS,
66  Token = CKA_TOKEN,
68  Label = CKA_LABEL,
70  Value = CKA_VALUE,
76  Owner = CKA_OWNER,
81  Url = CKA_URL,
88  Id = CKA_ID,
92  Wrap = CKA_WRAP,
94  Sign = CKA_SIGN,
111  Prime = CKA_PRIME,
113  Base = CKA_BASE,
120  Local = CKA_LOCAL,
162  Color = CKA_COLOR,
173  };
174 
176  {
177  X509 = CKC_X_509,
179  Wtls = CKC_WTLS,
181  };
182 
183 /// Indicates if a stored certificate is a user certificate for which the corresponding private key is available
184 /// on the token ("token user"), a CA certificate ("authority"), or another end-entity certificate ("other entity").
186  {
191  };
192 
194  {
195  Null = CKD_NULL,
204  };
205 
206 enum class Flag : CK_FLAGS
207  {
208  None = 0,
212  Rng = CKF_RNG,
234  Hw = CKF_HW,
237  Digest = CKF_DIGEST,
238  Sign = CKF_SIGN,
240  Verify = CKF_VERIFY,
244  Wrap = CKF_WRAP,
245  Unwrap = CKF_UNWRAP,
246  Derive = CKF_DERIVE,
247  EcFP = CKF_EC_F_P,
248  EcF2m = CKF_EC_F_2M,
263  };
264 
265 inline Flag operator | (Flag a, Flag b)
266  {
267  return static_cast< Flag >(static_cast< CK_FLAGS >(a) | static_cast< CK_FLAGS >(b));
268  }
269 
271  {
277  };
278 
280  {
282  Clock = CKH_CLOCK,
285  };
286 
287 enum class KeyType : CK_KEY_TYPE
288  {
289  Rsa = CKK_RSA,
290  Dsa = CKK_DSA,
291  Dh = CKK_DH,
292  Ecdsa = CKK_ECDSA,
293  Ec = CKK_EC,
295  Kea = CKK_KEA,
297  Rc2 = CKK_RC2,
298  Rc4 = CKK_RC4,
299  Des = CKK_DES,
300  Des2 = CKK_DES2,
301  Des3 = CKK_DES3,
302  Cast = CKK_CAST,
303  Cast3 = CKK_CAST3,
304  Cast5 = CKK_CAST5,
306  Rc5 = CKK_RC5,
307  Idea = CKK_IDEA,
309  Baton = CKK_BATON,
311  Cdmf = CKK_CDMF,
312  Aes = CKK_AES,
316  Hotp = CKK_HOTP,
317  Acti = CKK_ACTI,
319  Aria = CKK_ARIA,
328  Seed = CKK_SEED,
333  };
334 
336  {
353  Dsa = CKM_DSA,
392  Rc4 = CKM_RC4,
418  Md2 = CKM_MD2,
421  Md5 = CKM_MD5,
424  Sha1 = CKM_SHA_1,
433  Sha256 = CKM_SHA256,
436  Sha224 = CKM_SHA224,
439  Sha384 = CKM_SHA384,
442  Sha512 = CKM_SHA512,
448  Hotp = CKM_HOTP,
449  Acti = CKM_ACTI,
598  Ecdsa = CKM_ECDSA,
670  };
671 
673  {
676  };
677 
679  {
680  Data = CKO_DATA,
690  };
691 
693  {
702  };
703 
704 enum class SessionState : CK_STATE
705  {
711  };
712 
713 enum class ReturnValue : CK_RV
714  {
715  OK = CKR_OK,
716  Cancel = CKR_CANCEL,
810  };
811 
812 enum class UserType : CK_USER_TYPE
813  {
814  SO = CKU_SO,
815  User = CKU_USER,
817  };
818 
819 enum class PublicPointEncoding : uint32_t
820  {
821  Raw,
822  Der
823  };
824 
828 using CreateMutex = CK_CREATEMUTEX;
829 using DestroyMutex = CK_DESTROYMUTEX;
830 using LockMutex = CK_LOCKMUTEX;
831 using UnlockMutex = CK_UNLOCKMUTEX;
832 using Flags = CK_FLAGS;
833 using Info = CK_INFO;
834 using Bbool = CK_BBOOL;
836 using Ulong = CK_ULONG;
842 using Notify = CK_NOTIFY;
847 using Byte = CK_BYTE;
851 using Date = CK_DATE;
852 
854 
857 
859  {
860  return static_cast<Flags>(flags);
861  }
862 
863 class Slot;
864 
865 /**
866 * Initializes a token
867 * @param slot The slot with the attached token that should be initialized
868 * @param label The token label
869 * @param so_pin PIN of the security officer. Will be set if the token is uninitialized other this has to be the current SO_PIN
870 * @param pin The user PIN that will be set
871 */
872 BOTAN_PUBLIC_API(2,0) void initialize_token(Slot& slot, const std::string& label, const secure_string& so_pin,
873  const secure_string& pin);
874 
875 /**
876 * Change PIN with old PIN to new PIN
877 * @param slot The slot with the attached token
878 * @param old_pin The old user PIN
879 * @param new_pin The new user PIN
880 */
881 
882 BOTAN_PUBLIC_API(2,0) void change_pin(Slot& slot, const secure_string& old_pin, const secure_string& new_pin);
883 
884 /**
885 * Change SO_PIN with old SO_PIN to new SO_PIN
886 * @param slot The slot with the attached token
887 * @param old_so_pin The old SO_PIN
888 * @param new_so_pin The new SO_PIN
889 */
890 BOTAN_PUBLIC_API(2,0) void change_so_pin(Slot& slot, const secure_string& old_so_pin, const secure_string& new_so_pin);
891 
892 /**
893 * Sets user PIN with SO_PIN
894 * @param slot The slot with the attached token
895 * @param so_pin PIN of the security officer
896 * @param pin The user PIN that should be set
897 */
898 BOTAN_PUBLIC_API(2,0) void set_pin(Slot& slot, const secure_string& so_pin, const secure_string& pin);
899 
900 /// Provides access to all PKCS#11 functions
902  {
903  public:
904  /// @param ptr the functon list pointer to use. Can be retrieved via `LowLevel::C_GetFunctionList`
905  explicit LowLevel(FunctionListPtr ptr);
906 
907  /****************************** General purpose functions ******************************/
908 
909  /**
910  * C_Initialize initializes the Cryptoki library.
911  * @param init_args if this is not nullptr, it gets cast to (`C_InitializeArgs`) and dereferenced
912  * @param return_value default value (`ThrowException`): throw exception on error.
913  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
914  * At least the following PKCS#11 return values may be returned:
915  * \li ArgumentsBad \li CantLock \li CryptokiAlreadyInitialized
916  * \li FunctionFailed \li GeneralError \li HostMemory
917  * \li NeedToCreateThreads \li OK
918  * @return true on success, false otherwise
919  */
920  bool C_Initialize(VoidPtr init_args,
921  ReturnValue* return_value = ThrowException) const;
922 
923  /**
924  * C_Finalize indicates that an application is done with the Cryptoki library.
925  * @param reserved reserved. Should be nullptr
926  * @param return_value default value (`ThrowException`): throw exception on error.
927  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
928  * At least the following PKCS#11 return values may be returned:
929  * \li ArgumentsBad \li CryptokiNotInitialized \li FunctionFailed
930  * \li GeneralError \li HostMemory \li OK
931  * @return true on success, false otherwise
932  */
933  bool C_Finalize(VoidPtr reserved,
934  ReturnValue* return_value = ThrowException) const;
935 
936  /**
937  * C_GetInfo returns general information about Cryptoki.
938  * @param info_ptr location that receives information
939  * @param return_value default value (`ThrowException`): throw exception on error.
940  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
941  * At least the following PKCS#11 return values may be returned:
942  * \li ArgumentsBad \li CryptokiNotInitialized \li FunctionFailed
943  * \li GeneralError \li HostMemory \li OK
944  * @return true on success, false otherwise
945  */
946  bool C_GetInfo(Info* info_ptr,
947  ReturnValue* return_value = ThrowException) const;
948 
949  /**
950  * C_GetFunctionList returns the function list.
951  * @param pkcs11_module The PKCS#11 module
952  * @param function_list_ptr_ptr receives pointer to function list
953  * @param return_value default value (`ThrowException`): throw exception on error.
954  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
955  * At least the following PKCS#11 return values may be returned:
956  * \li ArgumentsBad \li FunctionFailed \li GeneralError
957  * \li HostMemory \li OK
958  * @return true on success, false otherwise
959  */
960  static bool C_GetFunctionList(Dynamically_Loaded_Library& pkcs11_module, FunctionListPtr* function_list_ptr_ptr,
961  ReturnValue* return_value = ThrowException);
962 
963  /****************************** Slot and token management functions ******************************/
964 
965  /**
966  * C_GetSlotList obtains a list of slots in the system.
967  * @param token_present only slots with tokens
968  * @param slot_list_ptr receives array of slot IDs
969  * @param count_ptr receives number of slots
970  * @param return_value default value (`ThrowException`): throw exception on error.
971  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
972  * At least the following PKCS#11 return values may be returned:
973  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
974  * \li FunctionFailed \li GeneralError \li HostMemory
975  * \li OK
976  * @return true on success, false otherwise
977  */
978  bool C_GetSlotList(Bbool token_present,
979  SlotId* slot_list_ptr,
980  Ulong* count_ptr,
981  ReturnValue* return_value = ThrowException) const;
982 
983  /**
984  * C_GetSlotList obtains a list of slots in the system.
985  * @param token_present only slots with tokens
986  * @param slot_ids receives vector of slot IDs
987  * @param return_value default value (`ThrowException`): throw exception on error.
988  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
989  * At least the following PKCS#11 return values may be returned:
990  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
991  * \li FunctionFailed \li GeneralError \li HostMemory
992  * \li OK
993  * @return true on success, false otherwise
994  */
995  bool C_GetSlotList(bool token_present,
996  std::vector<SlotId>& slot_ids,
997  ReturnValue* return_value = ThrowException) const;
998 
999  /**
1000  * C_GetSlotInfo obtains information about a particular slot in the system.
1001  * @param slot_id the ID of the slot
1002  * @param info_ptr receives the slot information
1003  * @param return_value default value (`ThrowException`): throw exception on error.
1004  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1005  * At least the following PKCS#11 return values may be returned:
1006  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1007  * \li FunctionFailed \li GeneralError \li HostMemory
1008  * \li OK \li SlotIdInvalid
1009  * @return true on success, false otherwise
1010  */
1011  bool C_GetSlotInfo(SlotId slot_id,
1012  SlotInfo* info_ptr,
1013  ReturnValue* return_value = ThrowException) const;
1014 
1015  /**
1016  * C_GetTokenInfo obtains information about a particular token in the system.
1017  * @param slot_id ID of the token's slot
1018  * @param info_ptr receives the token information
1019  * @param return_value default value (`ThrowException`): throw exception on error.
1020  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1021  * At least the following PKCS#11 return values may be returned:
1022  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1023  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1024  * \li HostMemory \li OK \li SlotIdInvalid
1025  * \li TokenNotPresent \li TokenNotRecognized \li ArgumentsBad
1026  * @return true on success, false otherwise
1027  */
1028  bool C_GetTokenInfo(SlotId slot_id,
1029  TokenInfo* info_ptr,
1030  ReturnValue* return_value = ThrowException) const;
1031 
1032  /**
1033  * C_WaitForSlotEvent waits for a slot event (token insertion, removal, etc.) to occur.
1034  * @param flags blocking/nonblocking flag
1035  * @param slot_ptr location that receives the slot ID
1036  * @param reserved reserved. Should be NULL_PTR
1037  * @param return_value default value (`ThrowException`): throw exception on error.
1038  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1039  * At least the following PKCS#11 return values may be returned:
1040  * \li ArgumentsBad \li CryptokiNotInitialized \li FunctionFailed
1041  * \li GeneralError \li HostMemory \li NoEvent
1042  * \li OK
1043  * @return true on success, false otherwise
1044  */
1045  bool C_WaitForSlotEvent(Flags flags,
1046  SlotId* slot_ptr,
1047  VoidPtr reserved,
1048  ReturnValue* return_value = ThrowException) const;
1049 
1050  /**
1051  * C_GetMechanismList obtains a list of mechanism types supported by a token.
1052  * @param slot_id ID of token's slot
1053  * @param mechanism_list_ptr gets mech. array
1054  * @param count_ptr gets # of mechs.
1055  * @param return_value default value (`ThrowException`): throw exception on error.
1056  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1057  * At least the following PKCS#11 return values may be returned:
1058  * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1059  * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1060  * \li GeneralError \li HostMemory \li OK
1061  * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1062  * \li ArgumentsBad
1063  * @return true on success, false otherwise
1064  */
1065  bool C_GetMechanismList(SlotId slot_id,
1066  MechanismType* mechanism_list_ptr,
1067  Ulong* count_ptr,
1068  ReturnValue* return_value = ThrowException) const;
1069 
1070  /**
1071  * C_GetMechanismList obtains a list of mechanism types supported by a token.
1072  * @param slot_id ID of token's slot
1073  * @param mechanisms receives vector of supported mechanisms
1074  * @param return_value default value (`ThrowException`): throw exception on error.
1075  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1076  * At least the following PKCS#11 return values may be returned:
1077  * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1078  * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1079  * \li GeneralError \li HostMemory \li OK
1080  * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1081  * \li ArgumentsBad
1082  * @return true on success, false otherwise
1083  */
1084  bool C_GetMechanismList(SlotId slot_id,
1085  std::vector<MechanismType>& mechanisms,
1086  ReturnValue* return_value = ThrowException) const;
1087 
1088  /**
1089  * C_GetMechanismInfo obtains information about a particular mechanism possibly supported by a token.
1090  * @param slot_id ID of the token's slot
1091  * @param type type of mechanism
1092  * @param info_ptr receives mechanism info
1093  * @param return_value default value (`ThrowException`): throw exception on error.
1094  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1095  * At least the following PKCS#11 return values may be returned:
1096  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1097  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1098  * \li HostMemory \li MechanismInvalid \li OK
1099  * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1100  * \li ArgumentsBad
1101  * @return true on success, false otherwise
1102  */
1103  bool C_GetMechanismInfo(SlotId slot_id,
1105  MechanismInfo* info_ptr,
1106  ReturnValue* return_value = ThrowException) const;
1107 
1108  /**
1109  * C_InitToken initializes a token.
1110  * @param slot_id ID of the token's slot
1111  * @param so_pin_ptr the SO's initial PIN
1112  * @param so_pin_len length in bytes of the SO_PIN
1113  * @param label_ptr 32-byte token label (blank padded)
1114  * @param return_value default value (`ThrowException`): throw exception on error.
1115  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1116  * At least the following PKCS#11 return values may be returned:
1117  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1118  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1119  * \li GeneralError \li HostMemory \li OK
1120  * \li PinIncorrect \li PinLocked \li SessionExists
1121  * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1122  * \li TokenWriteProtected \li ArgumentsBad
1123  * @return true on success, false otherwise
1124  */
1125  bool C_InitToken(SlotId slot_id,
1126  Utf8Char* so_pin_ptr,
1127  Ulong so_pin_len,
1128  Utf8Char* label_ptr,
1129  ReturnValue* return_value = ThrowException) const;
1130 
1131  /**
1132  * C_InitToken initializes a token.
1133  * @param slot_id ID of the token's slot
1134  * @param so_pin the SO's initial PIN
1135  * @param label token label (at max 32 bytes long)
1136  * @param return_value default value (`ThrowException`): throw exception on error.
1137  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1138  * At least the following PKCS#11 return values may be returned:
1139  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1140  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1141  * \li GeneralError \li HostMemory \li OK
1142  * \li PinIncorrect \li PinLocked \li SessionExists
1143  * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1144  * \li TokenWriteProtected \li ArgumentsBad
1145  * @return true on success, false otherwise
1146  */
1147  template<typename TAlloc>
1148  bool C_InitToken(SlotId slot_id,
1149  const std::vector<uint8_t, TAlloc>& so_pin,
1150  const std::string& label,
1151  ReturnValue* return_value = ThrowException) const
1152  {
1153  std::string padded_label = label;
1154  if(label.size() < 32)
1155  {
1156  padded_label.insert(padded_label.end(), 32 - label.size(), ' ');
1157  }
1158 
1159  return C_InitToken(slot_id,
1160  reinterpret_cast< Utf8Char* >(const_cast< uint8_t* >(so_pin.data())),
1161  static_cast<Ulong>(so_pin.size()),
1162  reinterpret_cast< Utf8Char* >(const_cast< char* >(padded_label.c_str())),
1163  return_value);
1164  }
1165 
1166  /**
1167  * C_InitPIN initializes the normal user's PIN.
1168  * @param session the session's handle
1169  * @param pin_ptr the normal user's PIN
1170  * @param pin_len length in bytes of the PIN
1171  * @param return_value default value (`ThrowException`): throw exception on error.
1172  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1173  * At least the following PKCS#11 return values may be returned:
1174  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1175  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1176  * \li GeneralError \li HostMemory \li OK
1177  * \li PinInvalid \li PinLenRange \li SessionClosed
1178  * \li SessionReadOnly \li SessionHandleInvalid \li TokenWriteProtected
1179  * \li UserNotLoggedIn \li ArgumentsBad
1180  * @return true on success, false otherwise
1181  */
1182  bool C_InitPIN(SessionHandle session,
1183  Utf8Char* pin_ptr,
1184  Ulong pin_len,
1185  ReturnValue* return_value = ThrowException) const;
1186 
1187  /**
1188  * C_InitPIN initializes the normal user's PIN.
1189  * @param session the session's handle
1190  * @param pin the normal user's PIN
1191  * @param return_value default value (`ThrowException`): throw exception on error.
1192  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1193  * At least the following PKCS#11 return values may be returned:
1194  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1195  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1196  * \li GeneralError \li HostMemory \li OK
1197  * \li PinInvalid \li PinLenRange \li SessionClosed
1198  * \li SessionReadOnly \li SessionHandleInvalid \li TokenWriteProtected
1199  * \li UserNotLoggedIn \li ArgumentsBad
1200  * @return true on success, false otherwise
1201  */
1202  template<typename TAlloc>
1203  bool C_InitPIN(SessionHandle session,
1204  const std::vector<uint8_t, TAlloc>& pin,
1205  ReturnValue* return_value = ThrowException) const
1206  {
1207  return C_InitPIN(session,
1208  reinterpret_cast< Utf8Char* >(const_cast< uint8_t* >(pin.data())),
1209  static_cast<Ulong>(pin.size()),
1210  return_value);
1211  }
1212 
1213  /**
1214  * C_SetPIN modifies the PIN of the user who is logged in.
1215  * @param session the session's handle
1216  * @param old_pin_ptr the old PIN
1217  * @param old_len length of the old PIN
1218  * @param new_pin_ptr the new PIN
1219  * @param new_len length of the new PIN
1220  * @param return_value default value (`ThrowException`): throw exception on error.
1221  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1222  * At least the following PKCS#11 return values may be returned:
1223  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1224  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1225  * \li GeneralError \li HostMemory \li OK
1226  * \li PinIncorrect \li PinInvalid \li PinLenRange
1227  * \li PinLocked \li SessionClosed \li SessionHandleInvalid
1228  * \li SessionReadOnly \li TokenWriteProtected \li ArgumentsBad
1229  * @return true on success, false otherwise
1230  */
1231  bool C_SetPIN(SessionHandle session,
1232  Utf8Char* old_pin_ptr,
1233  Ulong old_len,
1234  Utf8Char* new_pin_ptr,
1235  Ulong new_len,
1236  ReturnValue* return_value = ThrowException) const;
1237 
1238  /**
1239  * C_SetPIN modifies the PIN of the user who is logged in.
1240  * @param session the session's handle
1241  * @param old_pin the old PIN
1242  * @param new_pin the new PIN
1243  * @param return_value default value (`ThrowException`): throw exception on error.
1244  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1245  * At least the following PKCS#11 return values may be returned:
1246  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1247  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1248  * \li GeneralError \li HostMemory \li OK
1249  * \li PinIncorrect \li PinInvalid \li PinLenRange
1250  * \li PinLocked \li SessionClosed \li SessionHandleInvalid
1251  * \li SessionReadOnly \li TokenWriteProtected \li ArgumentsBad
1252  * @return true on success, false otherwise
1253  */
1254  template<typename TAlloc>
1255  bool C_SetPIN(SessionHandle session,
1256  const std::vector<uint8_t, TAlloc>& old_pin,
1257  const std::vector<uint8_t, TAlloc>& new_pin,
1258  ReturnValue* return_value = ThrowException) const
1259  {
1260  return C_SetPIN(session,
1261  reinterpret_cast< Utf8Char* >(const_cast< uint8_t* >(old_pin.data())),
1262  static_cast<Ulong>(old_pin.size()),
1263  reinterpret_cast< Utf8Char* >(const_cast< uint8_t* >(new_pin.data())),
1264  static_cast<Ulong>(new_pin.size()),
1265  return_value);
1266  }
1267 
1268 
1269  /****************************** Session management ******************************/
1270 
1271  /**
1272  * C_OpenSession opens a session between an application and a token.
1273  * @param slot_id the slot's ID
1274  * @param flags from CK_SESSION_INFO
1275  * @param application passed to callback
1276  * @param notify callback function
1277  * @param session_ptr gets session handle
1278  * @param return_value default value (`ThrowException`): throw exception on error.
1279  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1280  * At least the following PKCS#11 return values may be returned:
1281  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1282  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1283  * \li HostMemory \li OK \li SessionCount
1284  * \li SessionParallelNotSupported \li SessionReadWriteSoExists \li SlotIdInvalid
1285  * \li TokenNotPresent \li TokenNotRecognized \li TokenWriteProtected
1286  * \li ArgumentsBad
1287  * @return true on success, false otherwise
1288  */
1289  bool C_OpenSession(SlotId slot_id,
1290  Flags flags,
1291  VoidPtr application,
1292  Notify notify,
1293  SessionHandle* session_ptr,
1294  ReturnValue* return_value = ThrowException) const;
1295 
1296  /**
1297  * C_CloseSession closes a session between an application and a token.
1298  * @param session the session's handle
1299  * @param return_value default value (`ThrowException`): throw exception on error.
1300  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1301  * At least the following PKCS#11 return values may be returned:
1302  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1303  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1304  * \li HostMemory \li OK \li SessionClosed
1305  * \li SessionHandleInvalid
1306  * @return true on success, false otherwise
1307  */
1308  bool C_CloseSession(SessionHandle session,
1309  ReturnValue* return_value = ThrowException) const;
1310 
1311  /**
1312  * C_CloseAllSessions closes all sessions with a token.
1313  * @param slot_id the token's slot
1314  * @param return_value default value (`ThrowException`): throw exception on error.
1315  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1316  * At least the following PKCS#11 return values may be returned:
1317  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1318  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1319  * \li HostMemory \li OK \li SlotIdInvalid
1320  * \li TokenNotPresent
1321  * @return true on success, false otherwise
1322  */
1323  bool C_CloseAllSessions(SlotId slot_id,
1324  ReturnValue* return_value = ThrowException) const;
1325 
1326  /**
1327  * C_GetSessionInfo obtains information about the session.
1328  * @param session the session's handle
1329  * @param info_ptr receives session info
1330  * @param return_value default value (`ThrowException`): throw exception on error.
1331  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1332  * At least the following PKCS#11 return values may be returned:
1333  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1334  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1335  * \li HostMemory \li OK \li SessionClosed
1336  * \li SessionHandleInvalid \li ArgumentsBad
1337  * @return true on success, false otherwise
1338  */
1339  bool C_GetSessionInfo(SessionHandle session,
1340  SessionInfo* info_ptr,
1341  ReturnValue* return_value = ThrowException) const;
1342 
1343  /**
1344  * C_GetOperationState obtains the state of the cryptographic operation in a session.
1345  * @param session session's handle
1346  * @param operation_state_ptr gets state
1347  * @param operation_state_len_ptr gets state length
1348  * @param return_value default value (`ThrowException`): throw exception on error.
1349  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1350  * At least the following PKCS#11 return values may be returned:
1351  * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1352  * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1353  * \li GeneralError \li HostMemory \li OK
1354  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
1355  * \li StateUnsaveable \li ArgumentsBad
1356  * @return true on success, false otherwise
1357  */
1358  bool C_GetOperationState(SessionHandle session,
1359  Byte* operation_state_ptr,
1360  Ulong* operation_state_len_ptr,
1361  ReturnValue* return_value = ThrowException) const;
1362 
1363  /**
1364  * C_SetOperationState restores the state of the cryptographic operation in a session.
1365  * @param session session's handle
1366  * @param operation_state_ptr holds state
1367  * @param operation_state_len holds state length
1368  * @param encryption_key en/decryption key
1369  * @param authentication_key sign/verify key
1370  * @param return_value default value (`ThrowException`): throw exception on error.
1371  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1372  * At least the following PKCS#11 return values may be returned:
1373  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1374  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1375  * \li HostMemory \li KeyChanged \li KeyNeeded
1376  * \li KeyNotNeeded \li OK \li SavedStateInvalid
1377  * \li SessionClosed \li SessionHandleInvalid \li ArgumentsBad
1378  * @return true on success, false otherwise
1379  */
1380  bool C_SetOperationState(SessionHandle session,
1381  Byte* operation_state_ptr,
1382  Ulong operation_state_len,
1383  ObjectHandle encryption_key,
1384  ObjectHandle authentication_key,
1385  ReturnValue* return_value = ThrowException) const;
1386 
1387  /**
1388  * C_Login logs a user into a token.
1389  * @param session the session's handle
1390  * @param user_type the user type
1391  * @param pin_ptr the user's PIN
1392  * @param pin_len the length of the PIN
1393  * @param return_value default value (`ThrowException`): throw exception on error.
1394  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1395  * At least the following PKCS#11 return values may be returned:
1396  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1397  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1398  * \li FunctionFailed \li GeneralError \li HostMemory
1399  * \li OK \li OperationNotInitialized \li PinIncorrect
1400  * \li PinLocked \li SessionClosed \li SessionHandleInvalid
1401  * \li SessionReadOnlyExists \li UserAlreadyLoggedIn \li UserAnotherAlreadyLoggedIn
1402  * \li UserPinNotInitialized \li UserTooManyTypes \li UserTypeInvalid
1403  * @return true on success, false otherwise
1404  */
1405  bool C_Login(SessionHandle session,
1406  UserType user_type,
1407  Utf8Char* pin_ptr,
1408  Ulong pin_len,
1409  ReturnValue* return_value = ThrowException) const;
1410 
1411  /**
1412  * C_Login logs a user into a token.
1413  * @param session the session's handle
1414  * @param user_type the user type
1415  * @param pin the user or security officer's PIN
1416  * @param return_value default value (`ThrowException`): throw exception on error.
1417  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1418  * At least the following PKCS#11 return values may be returned:
1419  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1420  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1421  * \li FunctionFailed \li GeneralError \li HostMemory
1422  * \li OK \li OperationNotInitialized \li PinIncorrect
1423  * \li PinLocked \li SessionClosed \li SessionHandleInvalid
1424  * \li SessionReadOnlyExists \li UserAlreadyLoggedIn \li UserAnotherAlreadyLoggedIn
1425  * \li UserPinNotInitialized \li UserTooManyTypes \li UserTypeInvalid
1426  * @return true on success, false otherwise
1427  */
1428  template<typename TAlloc>
1429  bool C_Login(SessionHandle session,
1430  UserType user_type,
1431  const std::vector<uint8_t, TAlloc>& pin,
1432  ReturnValue* return_value = ThrowException) const
1433  {
1434  return C_Login(session, user_type,
1435  reinterpret_cast< Utf8Char* >(const_cast< uint8_t* >(pin.data())),
1436  static_cast<Ulong>(pin.size()),
1437  return_value);
1438  }
1439 
1440  /**
1441  * C_Logout logs a user out from a token.
1442  * @param session the session's handle
1443  * @param return_value default value (`ThrowException`): throw exception on error.
1444  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1445  * At least the following PKCS#11 return values may be returned:
1446  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1447  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1448  * \li HostMemory \li OK \li SessionClosed
1449  * \li SessionHandleInvalid \li UserNotLoggedIn
1450  * @return true on success, false otherwise
1451  */
1452  bool C_Logout(SessionHandle session,
1453  ReturnValue* return_value = ThrowException) const;
1454 
1455  /****************************** Object management functions ******************************/
1456 
1457  /**
1458  * C_CreateObject creates a new object.
1459  * @param session the session's handle
1460  * @param attribute_template_ptr the object's template
1461  * @param count attributes in template
1462  * @param object_ptr gets new object's handle.
1463  * @param return_value default value (`ThrowException`): throw exception on error.
1464  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1465  * At least the following PKCS#11 return values may be returned:
1466  * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
1467  * \li AttributeValueInvalid \li CryptokiNotInitialized \li CurveNotSupported
1468  * \li DeviceError \li DeviceMemory \li DeviceRemoved
1469  * \li DomainParamsInvalid \li FunctionFailed \li GeneralError
1470  * \li HostMemory \li OK \li PinExpired
1471  * \li SessionClosed \li SessionHandleInvalid \li SessionReadOnly
1472  * \li TemplateIncomplete \li TemplateInconsistent \li TokenWriteProtected
1473  * \li UserNotLoggedIn
1474  * @return true on success, false otherwise
1475  */
1476  bool C_CreateObject(SessionHandle session,
1477  Attribute* attribute_template_ptr,
1478  Ulong count,
1479  ObjectHandle* object_ptr,
1480  ReturnValue* return_value = ThrowException) const;
1481 
1482  /**
1483  * C_CopyObject copies an object, creating a new object for the copy.
1484  * @param session the session's handle
1485  * @param object the object's handle
1486  * @param attribute_template_ptr template for new object
1487  * @param count attributes in template
1488  * @param new_object_ptr receives handle of copy
1489  * @param return_value default value (`ThrowException`): throw exception on error.
1490  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1491  * At least the following PKCS#11 return values may be returned:
1492  * \li ActionProhibited \li ArgumentsBad \li AttributeReadOnly
1493  * \li AttributeTypeInvalid \li AttributeValueInvalid \li CryptokiNotInitialized
1494  * \li DeviceError \li DeviceMemory \li DeviceRemoved
1495  * \li FunctionFailed \li GeneralError \li HostMemory
1496  * \li ObjectHandleInvalid \li OK \li PinExpired
1497  * \li SessionClosed \li SessionHandleInvalid \li SessionReadOnly
1498  * \li TemplateInconsistent \li TokenWriteProtected \li UserNotLoggedIn
1499  * @return true on success, false otherwise
1500  */
1501  bool C_CopyObject(SessionHandle session,
1502  ObjectHandle object,
1503  Attribute* attribute_template_ptr,
1504  Ulong count,
1505  ObjectHandle* new_object_ptr,
1506  ReturnValue* return_value = ThrowException) const;
1507 
1508  /**
1509  * C_DestroyObject destroys an object.
1510  * @param session the session's handle
1511  * @param object the object's handle
1512  * @param return_value default value (`ThrowException`): throw exception on error.
1513  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1514  * At least the following PKCS#11 return values may be returned:
1515  * \li ActionProhibited \li CryptokiNotInitialized \li DeviceError
1516  * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1517  * \li GeneralError \li HostMemory \li ObjectHandleInvalid
1518  * \li OK \li PinExpired \li SessionClosed
1519  * \li SessionHandleInvalid \li SessionReadOnly \li TokenWriteProtected
1520  * @return true on success, false otherwise
1521  */
1522  bool C_DestroyObject(SessionHandle session,
1523  ObjectHandle object,
1524  ReturnValue* return_value = ThrowException) const;
1525 
1526  /**
1527  * C_GetObjectSize gets the size of an object in bytes.
1528  * @param session the session's handle
1529  * @param object the object's handle
1530  * @param size_ptr receives size of object
1531  * @param return_value default value (`ThrowException`): throw exception on error.
1532  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1533  * At least the following PKCS#11 return values may be returned:
1534  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1535  * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1536  * \li GeneralError \li HostMemory \li InformationSensitive
1537  * \li ObjectHandleInvalid \li OK \li SessionClosed
1538  * \li SessionHandleInvalid
1539  * @return true on success, false otherwise
1540  */
1541  bool C_GetObjectSize(SessionHandle session,
1542  ObjectHandle object,
1543  Ulong* size_ptr,
1544  ReturnValue* return_value = ThrowException) const;
1545 
1546  /**
1547  * C_GetAttributeValue obtains the value of one or more object attributes.
1548  * @param session the session's handle
1549  * @param object the object's handle
1550  * @param attribute_template_ptr specifies attrs; gets vals
1551  * @param count attributes in template
1552  * @param return_value default value (`ThrowException`): throw exception on error.
1553  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1554  * At least the following PKCS#11 return values may be returned:
1555  * \li ArgumentsBad \li AttributeSensitive \li AttributeTypeInvalid
1556  * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1557  * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1558  * \li GeneralError \li HostMemory \li ObjectHandleInvalid
1559  * \li OK \li SessionClosed \li SessionHandleInvalid
1560  * @return true on success, false otherwise
1561  */
1562  bool C_GetAttributeValue(SessionHandle session,
1563  ObjectHandle object,
1564  Attribute* attribute_template_ptr,
1565  Ulong count,
1566  ReturnValue* return_value = ThrowException) const;
1567 
1568  /**
1569  * C_GetAttributeValue obtains the value of one or more object attributes.
1570  * @param session the session's handle
1571  * @param object the object's handle
1572  * @param attribute_values specifies attrs; gets vals
1573  * @param return_value default value (`ThrowException`): throw exception on error.
1574  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1575  * At least the following PKCS#11 return values may be returned:
1576  * \li ArgumentsBad \li AttributeSensitive \li AttributeTypeInvalid
1577  * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1578  * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1579  * \li GeneralError \li HostMemory \li ObjectHandleInvalid
1580  * \li OK \li SessionClosed \li SessionHandleInvalid
1581  * @return true on success, false otherwise
1582  */
1583  template<typename TAlloc>
1585  ObjectHandle object,
1586  std::map<AttributeType, std::vector<uint8_t, TAlloc>>& attribute_values,
1587  ReturnValue* return_value = ThrowException) const
1588  {
1589  std::vector<Attribute> getter_template;
1590 
1591  for(const auto& entry : attribute_values)
1592  {
1593  getter_template.emplace_back(Attribute{ static_cast< CK_ATTRIBUTE_TYPE >(entry.first), nullptr, 0 });
1594  }
1595 
1596  bool success = C_GetAttributeValue(session,
1597  object,
1598  const_cast< Attribute* >(getter_template.data()),
1599  static_cast<Ulong>(getter_template.size()),
1600  return_value);
1601 
1602  if(!success)
1603  {
1604  return success;
1605  }
1606 
1607  size_t i = 0;
1608  for(auto& entry : attribute_values)
1609  {
1610  entry.second.clear();
1611  entry.second.resize(getter_template.at(i).ulValueLen);
1612  getter_template.at(i).pValue = const_cast< uint8_t* >(entry.second.data());
1613  i++;
1614  }
1615 
1616  return C_GetAttributeValue(session, object,
1617  const_cast< Attribute* >(getter_template.data()),
1618  static_cast<Ulong>(getter_template.size()),
1619  return_value);
1620  }
1621 
1622  /**
1623  * C_SetAttributeValue modifies the value of one or more object attributes.
1624  * @param session the session's handle
1625  * @param object the object's handle
1626  * @param attribute_template_ptr specifies attrs and values
1627  * @param count attributes in template
1628  * @param return_value default value (`ThrowException`): throw exception on error.
1629  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1630  * At least the following PKCS#11 return values may be returned:
1631  * \li ActionProhibited \li ArgumentsBad \li AttributeReadOnly
1632  * \li AttributeTypeInvalid \li AttributeValueInvalid \li CryptokiNotInitialized
1633  * \li DeviceError \li DeviceMemory \li DeviceRemoved
1634  * \li FunctionFailed \li GeneralError \li HostMemory
1635  * \li ObjectHandleInvalid \li OK \li SessionClosed
1636  * \li SessionHandleInvalid \li SessionReadOnly \li TemplateInconsistent
1637  * \li TokenWriteProtected \li UserNotLoggedIn
1638  * @return true on success, false otherwise
1639  */
1640  bool C_SetAttributeValue(SessionHandle session,
1641  ObjectHandle object,
1642  Attribute* attribute_template_ptr,
1643  Ulong count,
1644  ReturnValue* return_value = ThrowException) const;
1645 
1646  /**
1647  * C_SetAttributeValue modifies the value of one or more object attributes.
1648  * @param session the session's handle
1649  * @param object the object's handle
1650  * @param attribute_values specifies attrs and values
1651  * @param return_value default value (`ThrowException`): throw exception on error.
1652  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1653  * At least the following PKCS#11 return values may be returned:
1654  * \li ActionProhibited \li ArgumentsBad \li AttributeReadOnly
1655  * \li AttributeTypeInvalid \li AttributeValueInvalid \li CryptokiNotInitialized
1656  * \li DeviceError \li DeviceMemory \li DeviceRemoved
1657  * \li FunctionFailed \li GeneralError \li HostMemory
1658  * \li ObjectHandleInvalid \li OK \li SessionClosed
1659  * \li SessionHandleInvalid \li SessionReadOnly \li TemplateInconsistent
1660  * \li TokenWriteProtected \li UserNotLoggedIn
1661  * @return true on success, false otherwise
1662  */
1663  template<typename TAlloc>
1665  ObjectHandle object,
1666  std::map<AttributeType, std::vector<uint8_t, TAlloc>>& attribute_values,
1667  ReturnValue* return_value = ThrowException) const
1668  {
1669  std::vector<Attribute> setter_template;
1670 
1671  for(auto& entry : attribute_values)
1672  {
1673  setter_template.emplace_back(Attribute{ static_cast< CK_ATTRIBUTE_TYPE >(entry.first), entry.second.data(), static_cast<CK_ULONG>(entry.second.size()) });
1674  }
1675 
1676  return C_SetAttributeValue(session, object,
1677  const_cast< Attribute* >(setter_template.data()),
1678  static_cast<Ulong>(setter_template.size()),
1679  return_value);
1680  }
1681 
1682  /**
1683  * C_FindObjectsInit initializes a search for token and session objects that match a template.
1684  * @param session the session's handle
1685  * @param attribute_template_ptr attribute values to match
1686  * @param count attrs in search template
1687  * @param return_value default value (`ThrowException`): throw exception on error.
1688  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1689  * At least the following PKCS#11 return values may be returned:
1690  * \li ArgumentsBad \li AttributeTypeInvalid \li AttributeValueInvalid
1691  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1692  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1693  * \li HostMemory \li OK \li OperationActive
1694  * \li PinExpired \li SessionClosed \li SessionHandleInvalid
1695  * @return true on success, false otherwise
1696  */
1697  bool C_FindObjectsInit(SessionHandle session,
1698  Attribute* attribute_template_ptr,
1699  Ulong count,
1700  ReturnValue* return_value = ThrowException) const;
1701 
1702  /**
1703  * C_FindObjects continues a search for token and session objects that match a template, obtaining additional object handles.
1704  * @param session session's handle
1705  * @param object_ptr gets obj. handles
1706  * @param max_object_count max handles to get
1707  * @param object_count_ptr actual # returned
1708  * @param return_value default value (`ThrowException`): throw exception on error.
1709  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1710  * At least the following PKCS#11 return values may be returned:
1711  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1712  * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1713  * \li GeneralError \li HostMemory \li OK
1714  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
1715  * @return true on success, false otherwise
1716  */
1717  bool C_FindObjects(SessionHandle session,
1718  ObjectHandle* object_ptr,
1719  Ulong max_object_count,
1720  Ulong* object_count_ptr,
1721  ReturnValue* return_value = ThrowException) const;
1722 
1723  /**
1724  * C_FindObjectsFinal finishes a search for token and session objects.
1725  * @param session the session's handle
1726  * @param return_value default value (`ThrowException`): throw exception on error.
1727  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1728  * At least the following PKCS#11 return values may be returned:
1729  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1730  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1731  * \li HostMemory \li OK \li OperationNotInitialized
1732  * \li SessionClosed \li SessionHandleInvalid
1733  * @return true on success, false otherwise
1734  */
1735  bool C_FindObjectsFinal(SessionHandle session,
1736  ReturnValue* return_value = ThrowException) const;
1737 
1738  /****************************** Encryption functions ******************************/
1739 
1740  /**
1741  * C_EncryptInit initializes an encryption operation.
1742  * @param session the session's handle
1743  * @param mechanism_ptr the encryption mechanism
1744  * @param key handle of encryption key
1745  * @param return_value default value (`ThrowException`): throw exception on error.
1746  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1747  * At least the following PKCS#11 return values may be returned:
1748  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1749  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1750  * \li GeneralError \li HostMemory \li KeyFunctionNotPermitted
1751  * \li KeyHandleInvalid \li KeySizeRange \li KeyTypeInconsistent
1752  * \li MechanismInvalid \li MechanismParamInvalid \li OK
1753  * \li OperationActive \li PinExpired \li SessionClosed
1754  * \li SessionHandleInvalid \li UserNotLoggedIn
1755  * @return true on success, false otherwise
1756  */
1757  bool C_EncryptInit(SessionHandle session,
1758  Mechanism* mechanism_ptr,
1759  ObjectHandle key,
1760  ReturnValue* return_value = ThrowException) const;
1761 
1762  /**
1763  * C_Encrypt encrypts single-part data.
1764  * @param session session's handle
1765  * @param data_ptr the plaintext data
1766  * @param data_len size of plaintext data in bytes
1767  * @param encrypted_data gets ciphertext
1768  * @param encrypted_data_len_ptr gets c-text size
1769  * @param return_value default value (`ThrowException`): throw exception on error.
1770  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1771  * At least the following PKCS#11 return values may be returned:
1772  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1773  * \li DataInvalid \li DataLenRange \li DeviceError
1774  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1775  * \li FunctionFailed \li GeneralError \li HostMemory
1776  * \li OK \li OperationNotInitialized \li SessionClosed
1777  * \li SessionHandleInvalid
1778  * @return true on success, false otherwise
1779  */
1780  bool C_Encrypt(SessionHandle session,
1781  Byte* data_ptr,
1782  Ulong data_len,
1783  Byte* encrypted_data,
1784  Ulong* encrypted_data_len_ptr,
1785  ReturnValue* return_value = ThrowException) const;
1786 
1787  /**
1788  * C_Encrypt encrypts single-part data.
1789  * @param session session's handle
1790  * @param plaintext_data the plaintext data
1791  * @param encrypted_data gets ciphertext
1792  * @param return_value default value (`ThrowException`): throw exception on error.
1793  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1794  * At least the following PKCS#11 return values may be returned:
1795  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1796  * \li DataInvalid \li DataLenRange \li DeviceError
1797  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1798  * \li FunctionFailed \li GeneralError \li HostMemory
1799  * \li OK \li OperationNotInitialized \li SessionClosed
1800  * \li SessionHandleInvalid
1801  * @return true on success, false otherwise
1802  */
1803  template<typename TAllocA, typename TAllocB>
1804  bool C_Encrypt(SessionHandle session,
1805  const std::vector<uint8_t, TAllocA>& plaintext_data,
1806  std::vector<uint8_t, TAllocB>& encrypted_data,
1807  ReturnValue* return_value = ThrowException) const
1808  {
1809  Ulong encrypted_size = 0;
1810  if(!C_Encrypt(session,
1811  const_cast<Byte*>((plaintext_data.data())),
1812  static_cast<Ulong>(plaintext_data.size()),
1813  nullptr, &encrypted_size,
1814  return_value))
1815  {
1816  return false;
1817  }
1818 
1819  encrypted_data.resize(encrypted_size);
1820  return C_Encrypt(session,
1821  const_cast<Byte*>(plaintext_data.data()),
1822  static_cast<Ulong>(plaintext_data.size()),
1823  encrypted_data.data(),
1824  &encrypted_size, return_value);
1825  }
1826 
1827  /**
1828  * C_EncryptUpdate continues a multiple-part encryption operation.
1829  * @param session session's handle
1830  * @param part_ptr the plaintext data
1831  * @param part_len plaintext data len
1832  * @param encrypted_part_ptr gets ciphertext
1833  * @param encrypted_part_len_ptr gets c-text size
1834  * @param return_value default value (`ThrowException`): throw exception on error.
1835  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1836  * At least the following PKCS#11 return values may be returned:
1837  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1838  * \li DataLenRange \li DeviceError \li DeviceMemory
1839  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1840  * \li GeneralError \li HostMemory \li OK
1841  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
1842  * @return true on success, false otherwise
1843  */
1844  bool C_EncryptUpdate(SessionHandle session,
1845  Byte* part_ptr,
1846  Ulong part_len,
1847  Byte* encrypted_part_ptr,
1848  Ulong* encrypted_part_len_ptr,
1849  ReturnValue* return_value = ThrowException) const;
1850 
1851  /**
1852  * C_EncryptFinal finishes a multiple-part encryption operation.
1853  * @param session session handle
1854  * @param last_encrypted_part_ptr last c-text
1855  * @param last_encrypted_part_len_ptr gets last size
1856  * @param return_value default value (`ThrowException`): throw exception on error.
1857  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1858  * At least the following PKCS#11 return values may be returned:
1859  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1860  * \li DataLenRange \li DeviceError \li DeviceMemory
1861  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1862  * \li GeneralError \li HostMemory \li OK
1863  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
1864  * @return true on success, false otherwise
1865  */
1866  bool C_EncryptFinal(SessionHandle session,
1867  Byte* last_encrypted_part_ptr,
1868  Ulong* last_encrypted_part_len_ptr,
1869  ReturnValue* return_value = ThrowException) const;
1870 
1871  /****************************** Decryption functions ******************************/
1872 
1873  /**
1874  * C_DecryptInit initializes a decryption operation.
1875  * @param session the session's handle
1876  * @param mechanism_ptr the decryption mechanism
1877  * @param key handle of decryption key
1878  * @param return_value default value (`ThrowException`): throw exception on error.
1879  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1880  * At least the following PKCS#11 return values may be returned:
1881  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1882  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1883  * \li FunctionFailed \li GeneralError \li HostMemory
1884  * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
1885  * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
1886  * \li OK \li OperationActive \li PinExpired
1887  * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
1888  * @return true on success, false otherwise
1889  */
1890  bool C_DecryptInit(SessionHandle session,
1891  Mechanism* mechanism_ptr,
1892  ObjectHandle key,
1893  ReturnValue* return_value = ThrowException) const;
1894 
1895  /**
1896  * C_Decrypt decrypts encrypted data in a single part.
1897  * @param session session's handle
1898  * @param encrypted_data_ptr ciphertext
1899  * @param encrypted_data_len ciphertext length
1900  * @param data_ptr gets plaintext
1901  * @param data_len_ptr gets p-text size
1902  * @param return_value default value (`ThrowException`): throw exception on error.
1903  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1904  * At least the following PKCS#11 return values may be returned:
1905  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1906  * \li DeviceError \li DeviceMemory \li DeviceRemoved
1907  * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
1908  * \li FunctionFailed \li GeneralError \li HostMemory
1909  * \li OK \li OperationNotInitialized \li SessionClosed
1910  * \li SessionHandleInvalid \li UserNotLoggedIn
1911  * @return true on success, false otherwise
1912  */
1913  bool C_Decrypt(SessionHandle session,
1914  Byte* encrypted_data_ptr,
1915  Ulong encrypted_data_len,
1916  Byte* data_ptr,
1917  Ulong* data_len_ptr,
1918  ReturnValue* return_value = ThrowException) const;
1919 
1920  /**
1921  * C_Decrypt decrypts encrypted data in a single part.
1922  * @param session session's handle
1923  * @param encrypted_data ciphertext
1924  * @param decrypted_data gets plaintext
1925  * @param return_value default value (`ThrowException`): throw exception on error.
1926  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1927  * At least the following PKCS#11 return values may be returned:
1928  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1929  * \li DeviceError \li DeviceMemory \li DeviceRemoved
1930  * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
1931  * \li FunctionFailed \li GeneralError \li HostMemory
1932  * \li OK \li OperationNotInitialized \li SessionClosed
1933  * \li SessionHandleInvalid \li UserNotLoggedIn
1934  * @return true on success, false otherwise
1935  */
1936  template<typename TAllocA, typename TAllocB>
1937  bool C_Decrypt(SessionHandle session,
1938  const std::vector<uint8_t, TAllocA>& encrypted_data,
1939  std::vector<uint8_t, TAllocB>& decrypted_data,
1940  ReturnValue* return_value = ThrowException) const
1941  {
1942  Ulong decrypted_size = 0;
1943  if(!C_Decrypt(session,
1944  const_cast<Byte*>((encrypted_data.data())),
1945  static_cast<Ulong>(encrypted_data.size()),
1946  nullptr, &decrypted_size,
1947  return_value))
1948  {
1949  return false;
1950  }
1951 
1952  decrypted_data.resize(decrypted_size);
1953  return C_Decrypt(session,
1954  const_cast<Byte*>(encrypted_data.data()),
1955  static_cast<Ulong>(encrypted_data.size()),
1956  decrypted_data.data(),
1957  &decrypted_size, return_value);
1958  }
1959 
1960  /**
1961  * C_DecryptUpdate continues a multiple-part decryption operation.
1962  * @param session session's handle
1963  * @param encrypted_part_ptr encrypted data
1964  * @param encrypted_part_len input length
1965  * @param part_ptr gets plaintext
1966  * @param part_len_ptr p-text size
1967  * @param return_value default value (`ThrowException`): throw exception on error.
1968  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1969  * At least the following PKCS#11 return values may be returned:
1970  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1971  * \li DeviceError \li DeviceMemory \li DeviceRemoved
1972  * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
1973  * \li FunctionFailed \li GeneralError \li HostMemory
1974  * \li OK \li OperationNotInitialized \li SessionClosed
1975  * \li SessionHandleInvalid \li UserNotLoggedIn
1976  * @return true on success, false otherwise
1977  */
1978  bool C_DecryptUpdate(SessionHandle session,
1979  Byte* encrypted_part_ptr,
1980  Ulong encrypted_part_len,
1981  Byte* part_ptr,
1982  Ulong* part_len_ptr,
1983  ReturnValue* return_value = ThrowException) const;
1984 
1985  /**
1986  * C_DecryptFinal finishes a multiple-part decryption operation.
1987  * @param session the session's handle
1988  * @param last_part_ptr gets plaintext
1989  * @param last_part_len_ptr p-text size
1990  * @param return_value default value (`ThrowException`): throw exception on error.
1991  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1992  * At least the following PKCS#11 return values may be returned:
1993  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1994  * \li DeviceError \li DeviceMemory \li DeviceRemoved
1995  * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
1996  * \li FunctionFailed \li GeneralError \li HostMemory
1997  * \li OK \li OperationNotInitialized \li SessionClosed
1998  * \li SessionHandleInvalid \li UserNotLoggedIn
1999  * @return true on success, false otherwise
2000  */
2001  bool C_DecryptFinal(SessionHandle session,
2002  Byte* last_part_ptr,
2003  Ulong* last_part_len_ptr,
2004  ReturnValue* return_value = ThrowException) const;
2005 
2006  /****************************** Message digesting functions ******************************/
2007 
2008  /**
2009  * C_DigestInit initializes a message-digesting operation.
2010  * @param session the session's handle
2011  * @param mechanism_ptr the digesting mechanism
2012  * @param return_value default value (`ThrowException`): throw exception on error.
2013  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2014  * At least the following PKCS#11 return values may be returned:
2015  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2016  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2017  * \li FunctionFailed \li GeneralError \li HostMemory
2018  * \li MechanismInvalid \li MechanismParamInvalid \li OK
2019  * \li OperationActive \li PinExpired \li SessionClosed
2020  * \li SessionHandleInvalid \li UserNotLoggedIn
2021  * @return true on success, false otherwise
2022  */
2023  bool C_DigestInit(SessionHandle session,
2024  Mechanism* mechanism_ptr,
2025  ReturnValue* return_value = ThrowException) const;
2026 
2027  /**
2028  * C_Digest digests data in a single part.
2029  * @param session the session's handle
2030  * @param data_ptr data to be digested
2031  * @param data_len bytes of data to digest
2032  * @param digest_ptr gets the message digest
2033  * @param digest_len_ptr gets digest length
2034  * @param return_value default value (`ThrowException`): throw exception on error.
2035  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2036  * At least the following PKCS#11 return values may be returned:
2037  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2038  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2039  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2040  * \li HostMemory \li OK \li OperationNotInitialized
2041  * \li SessionClosed \li SessionHandleInvalid
2042  * @return true on success, false otherwise
2043  */
2044  bool C_Digest(SessionHandle session,
2045  Byte* data_ptr,
2046  Ulong data_len,
2047  Byte* digest_ptr,
2048  Ulong* digest_len_ptr,
2049  ReturnValue* return_value = ThrowException) const;
2050 
2051  /**
2052  * C_DigestUpdate continues a multiple-part message-digesting operation.
2053  * @param session the session's handle
2054  * @param part_ptr data to be digested
2055  * @param part_len bytes of data to be digested
2056  * @param return_value default value (`ThrowException`): throw exception on error.
2057  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2058  * At least the following PKCS#11 return values may be returned:
2059  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2060  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2061  * \li FunctionFailed \li GeneralError \li HostMemory
2062  * \li OK \li OperationNotInitialized \li SessionClosed
2063  * \li SessionHandleInvalid
2064  * @return true on success, false otherwise
2065  */
2066  bool C_DigestUpdate(SessionHandle session,
2067  Byte* part_ptr,
2068  Ulong part_len,
2069  ReturnValue* return_value = ThrowException) const;
2070 
2071  /**
2072  * C_DigestKey continues a multi-part message-digesting operation, by digesting the value of a secret key as part of the data already digested.
2073  * @param session the session's handle
2074  * @param key secret key to digest
2075  * @param return_value default value (`ThrowException`): throw exception on error.
2076  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2077  * At least the following PKCS#11 return values may be returned:
2078  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
2079  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2080  * \li GeneralError \li HostMemory \li KeyHandleInvalid
2081  * \li KeyIndigestible \li KeySizeRange \li OK
2082  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2083  * @return true on success, false otherwise
2084  */
2085  bool C_DigestKey(SessionHandle session,
2086  ObjectHandle key,
2087  ReturnValue* return_value = ThrowException) const;
2088 
2089  /**
2090  * C_DigestFinal finishes a multiple-part message-digesting operation.
2091  * @param session the session's handle
2092  * @param digest_ptr gets the message digest
2093  * @param digest_len_ptr gets uint8_t count of digest
2094  * @param return_value default value (`ThrowException`): throw exception on error.
2095  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2096  * At least the following PKCS#11 return values may be returned:
2097  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2098  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2099  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2100  * \li HostMemory \li OK \li OperationNotInitialized
2101  * \li SessionClosed \li SessionHandleInvalid
2102  * @return true on success, false otherwise
2103  */
2104  bool C_DigestFinal(SessionHandle session,
2105  Byte* digest_ptr,
2106  Ulong* digest_len_ptr,
2107  ReturnValue* return_value = ThrowException) const;
2108 
2109  /****************************** Signing and MACing functions ******************************/
2110 
2111  /**
2112  * C_SignInit initializes a signature (private key encryption) operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2113  * @param session the session's handle
2114  * @param mechanism_ptr the signature mechanism
2115  * @param key handle of signature key
2116  * @param return_value default value (`ThrowException`): throw exception on error.
2117  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2118  * At least the following PKCS#11 return values may be returned:
2119  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2120  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2121  * \li FunctionFailed \li GeneralError \li HostMemory
2122  * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
2123  * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
2124  * \li OK \li OperationActive \li PinExpired
2125  * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2126  * @return true on success, false otherwise
2127  */
2128  bool C_SignInit(SessionHandle session,
2129  Mechanism* mechanism_ptr,
2130  ObjectHandle key,
2131  ReturnValue* return_value = ThrowException) const;
2132 
2133  /**
2134  * C_Sign signs (encrypts with private key) data in a single part, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2135  * @param session the session's handle
2136  * @param data_ptr the data to sign
2137  * @param data_len count of bytes to sign
2138  * @param signature_ptr gets the signature
2139  * @param signature_len_ptr gets signature length
2140  * @param return_value default value (`ThrowException`): throw exception on error.
2141  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2142  * At least the following PKCS#11 return values may be returned:
2143  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2144  * \li DataInvalid \li DataLenRange \li DeviceError
2145  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2146  * \li FunctionFailed \li GeneralError \li HostMemory
2147  * \li OK \li OperationNotInitialized \li SessionClosed
2148  * \li SessionHandleInvalid \li UserNotLoggedIn \li FunctionRejected
2149  * @return true on success, false otherwise
2150  */
2151  bool C_Sign(SessionHandle session,
2152  Byte* data_ptr,
2153  Ulong data_len,
2154  Byte* signature_ptr,
2155  Ulong* signature_len_ptr,
2156  ReturnValue* return_value = ThrowException) const;
2157 
2158  /**
2159  * C_Sign signs (encrypts with private key) data in a single part, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2160  * @param session the session's handle
2161  * @param data the data to sign
2162  * @param signature gets the signature
2163  * @param return_value default value (`ThrowException`): throw exception on error.
2164  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2165  * At least the following PKCS#11 return values may be returned:
2166  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2167  * \li DataInvalid \li DataLenRange \li DeviceError
2168  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2169  * \li FunctionFailed \li GeneralError \li HostMemory
2170  * \li OK \li OperationNotInitialized \li SessionClosed
2171  * \li SessionHandleInvalid \li UserNotLoggedIn \li FunctionRejected
2172  * @return true on success, false otherwise
2173  */
2174  template<typename TAllocA, typename TAllocB>
2175  bool C_Sign(SessionHandle session,
2176  const std::vector<uint8_t, TAllocA>& data,
2177  std::vector<uint8_t, TAllocB>& signature,
2178  ReturnValue* return_value = ThrowException) const
2179  {
2180  Ulong signature_size = 0;
2181  if(!C_Sign(session,
2182  const_cast<Byte*>((data.data())),
2183  static_cast<Ulong>(data.size()),
2184  nullptr,
2185  &signature_size,
2186  return_value))
2187  {
2188  return false;
2189  }
2190 
2191  signature.resize(signature_size);
2192  return C_Sign(session,
2193  const_cast<Byte*>(data.data()),
2194  static_cast<Ulong>(data.size()),
2195  signature.data(),
2196  &signature_size,
2197  return_value);
2198  }
2199 
2200  /**
2201  * C_SignUpdate continues a multiple-part signature operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2202  * @param session the session's handle
2203  * @param part_ptr the data to sign
2204  * @param part_len count of bytes to sign
2205  * @param return_value default value (`ThrowException`): throw exception on error.
2206  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2207  * At least the following PKCS#11 return values may be returned:
2208  * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2209  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2210  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2211  * \li HostMemory \li OK \li OperationNotInitialized
2212  * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2213  * @return true on success, false otherwise
2214  */
2215  bool C_SignUpdate(SessionHandle session,
2216  Byte* part_ptr,
2217  Ulong part_len,
2218  ReturnValue* return_value = ThrowException) const;
2219 
2220  /**
2221  * C_SignUpdate continues a multiple-part signature operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2222  * @param session the session's handle
2223  * @param part the data to sign
2224  * @param return_value default value (`ThrowException`): throw exception on error.
2225  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2226  * At least the following PKCS#11 return values may be returned:
2227  * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2228  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2229  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2230  * \li HostMemory \li OK \li OperationNotInitialized
2231  * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2232  * @return true on success, false otherwise
2233  */
2234  template<typename TAlloc>
2236  const std::vector<uint8_t, TAlloc>& part,
2237  ReturnValue* return_value = ThrowException) const
2238  {
2239  return C_SignUpdate(session,
2240  const_cast<Byte*>(part.data()),
2241  static_cast<Ulong>(part.size()),
2242  return_value);
2243  }
2244 
2245  /**
2246  * C_SignFinal finishes a multiple-part signature operation, returning the signature.
2247  * @param session the session's handle
2248  * @param signature_ptr gets the signature
2249  * @param signature_len_ptr gets signature length
2250  * @param return_value default value (`ThrowException`): throw exception on error.
2251  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2252  * At least the following PKCS#11 return values may be returned:
2253  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2254  * \li DataLenRange \li DeviceError \li DeviceMemory
2255  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2256  * \li GeneralError \li HostMemory \li OK
2257  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2258  * \li UserNotLoggedIn \li FunctionRejected
2259  * @return true on success, false otherwise
2260  */
2261  bool C_SignFinal(SessionHandle session,
2262  Byte* signature_ptr,
2263  Ulong* signature_len_ptr,
2264  ReturnValue* return_value = ThrowException) const;
2265 
2266  /**
2267  * C_SignFinal finishes a multiple-part signature operation, returning the signature.
2268  * @param session the session's handle
2269  * @param signature gets the signature
2270  * @param return_value default value (`ThrowException`): throw exception on error.
2271  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2272  * At least the following PKCS#11 return values may be returned:
2273  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2274  * \li DataLenRange \li DeviceError \li DeviceMemory
2275  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2276  * \li GeneralError \li HostMemory \li OK
2277  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2278  * \li UserNotLoggedIn \li FunctionRejected
2279  * @return true on success, false otherwise
2280  */
2281  template<typename TAlloc>
2283  std::vector<uint8_t, TAlloc>& signature,
2284  ReturnValue* return_value = ThrowException) const
2285  {
2286  Ulong signature_size = 0;
2287  if(!C_SignFinal(session, nullptr, &signature_size, return_value))
2288  {
2289  return false;
2290  }
2291 
2292  signature.resize(signature_size);
2293  return C_SignFinal(session, signature.data(), &signature_size, return_value);
2294  }
2295 
2296  /**
2297  * C_SignRecoverInit initializes a signature operation, where the data can be recovered from the signature.
2298  * @param session the session's handle
2299  * @param mechanism_ptr the signature mechanism
2300  * @param key handle of the signature key
2301  * @param return_value default value (`ThrowException`): throw exception on error.
2302  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2303  * At least the following PKCS#11 return values may be returned:
2304  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2305  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2306  * \li FunctionFailed \li GeneralError \li HostMemory
2307  * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
2308  * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
2309  * \li OK \li OperationActive \li PinExpired
2310  * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2311  * @return true on success, false otherwise
2312  */
2313  bool C_SignRecoverInit(SessionHandle session,
2314  Mechanism* mechanism_ptr,
2315  ObjectHandle key,
2316  ReturnValue* return_value = ThrowException) const;
2317 
2318  /**
2319  * C_SignRecover signs data in a single operation, where the data can be recovered from the signature.
2320  * @param session the session's handle
2321  * @param data_ptr the data to sign
2322  * @param data_len count of bytes to sign
2323  * @param signature_ptr gets the signature
2324  * @param signature_len_ptr gets signature length
2325  * @param return_value default value (`ThrowException`): throw exception on error.
2326  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2327  * At least the following PKCS#11 return values may be returned:
2328  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2329  * \li DataInvalid \li DataLenRange \li DeviceError
2330  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2331  * \li FunctionFailed \li GeneralError \li HostMemory
2332  * \li OK \li OperationNotInitialized \li SessionClosed
2333  * \li SessionHandleInvalid \li UserNotLoggedIn
2334  * @return true on success, false otherwise
2335  */
2336  bool C_SignRecover(SessionHandle session,
2337  Byte* data_ptr,
2338  Ulong data_len,
2339  Byte* signature_ptr,
2340  Ulong* signature_len_ptr,
2341  ReturnValue* return_value = ThrowException) const;
2342 
2343  /****************************** Functions for verifying signatures and MACs ******************************/
2344 
2345  /**
2346  * C_VerifyInit initializes a verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature (e.g. DSA).
2347  * @param session the session's handle
2348  * @param mechanism_ptr the verification mechanism
2349  * @param key verification key
2350  * @param return_value default value (`ThrowException`): throw exception on error.
2351  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2352  * At least the following PKCS#11 return values may be returned:
2353  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2354  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2355  * \li FunctionFailed \li GeneralError \li HostMemory
2356  * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
2357  * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
2358  * \li OK \li OperationActive \li PinExpired
2359  * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2360  * @return true on success, false otherwise
2361  */
2362  bool C_VerifyInit(SessionHandle session,
2363  Mechanism* mechanism_ptr,
2364  ObjectHandle key,
2365  ReturnValue* return_value = ThrowException) const;
2366 
2367  /**
2368  * C_Verify verifies a signature in a single-part operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
2369  * @param session the session's handle
2370  * @param data_ptr signed data
2371  * @param data_len length of signed data
2372  * @param signature_ptr signature
2373  * @param signature_len signature length
2374  * @param return_value default value (`ThrowException`): throw exception on error.
2375  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2376  * At least the following PKCS#11 return values may be returned:
2377  * \li ArgumentsBad \li CryptokiNotInitialized \li DataInvalid
2378  * \li DataLenRange \li DeviceError \li DeviceMemory
2379  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2380  * \li GeneralError \li HostMemory \li OK
2381  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2382  * \li SignatureInvalid \li SignatureLenRange
2383  * @return true on success, false otherwise
2384  */
2385  bool C_Verify(SessionHandle session,
2386  Byte* data_ptr,
2387  Ulong data_len,
2388  Byte* signature_ptr,
2389  Ulong signature_len,
2390  ReturnValue* return_value = ThrowException) const;
2391 
2392  /**
2393  * C_Verify verifies a signature in a single-part operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
2394  * @param session the session's handle
2395  * @param data signed data
2396  * @param signature signature
2397  * @param return_value default value (`ThrowException`): throw exception on error.
2398  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2399  * At least the following PKCS#11 return values may be returned:
2400  * \li ArgumentsBad \li CryptokiNotInitialized \li DataInvalid
2401  * \li DataLenRange \li DeviceError \li DeviceMemory
2402  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2403  * \li GeneralError \li HostMemory \li OK
2404  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2405  * \li SignatureInvalid \li SignatureLenRange
2406  * @return true on success, false otherwise
2407  */
2408  template<typename TAllocA, typename TAllocB>
2409  bool C_Verify(SessionHandle session,
2410  const std::vector<uint8_t, TAllocA>& data,
2411  std::vector<uint8_t, TAllocB>& signature,
2412  ReturnValue* return_value = ThrowException) const
2413  {
2414  return C_Verify(session,
2415  const_cast<Byte*>(data.data()),
2416  static_cast<Ulong>(data.size()),
2417  signature.data(),
2418  static_cast<Ulong>(signature.size()),
2419  return_value);
2420  }
2421 
2422  /**
2423  * C_VerifyUpdate continues a multiple-part verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
2424  * @param session the session's handle
2425  * @param part_ptr signed data
2426  * @param part_len length of signed data
2427  * @param return_value default value (`ThrowException`): throw exception on error.
2428  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2429  * At least the following PKCS#11 return values may be returned:
2430  * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2431  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2432  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2433  * \li HostMemory \li OK \li OperationNotInitialized
2434  * \li SessionClosed \li SessionHandleInvalid
2435  * @return true on success, false otherwise
2436  */
2437  bool C_VerifyUpdate(SessionHandle session,
2438  Byte* part_ptr,
2439  Ulong part_len,
2440  ReturnValue* return_value = ThrowException) const;
2441 
2442  /**
2443  * C_VerifyUpdate continues a multiple-part verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
2444  * @param session the session's handle
2445  * @param part signed data
2446  * @param return_value default value (`ThrowException`): throw exception on error.
2447  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2448  * At least the following PKCS#11 return values may be returned:
2449  * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2450  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2451  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2452  * \li HostMemory \li OK \li OperationNotInitialized
2453  * \li SessionClosed \li SessionHandleInvalid
2454  * @return true on success, false otherwise
2455  */
2456  template<typename TAlloc>
2458  std::vector<uint8_t, TAlloc> part,
2459  ReturnValue* return_value = ThrowException) const
2460  {
2461  return C_VerifyUpdate(session, part.data(), static_cast<Ulong>(part.size()), return_value);
2462  }
2463 
2464  /**
2465  * C_VerifyFinal finishes a multiple-part verification operation, checking the signature.
2466  * @param session the session's handle
2467  * @param signature_ptr signature to verify
2468  * @param signature_len signature length
2469  * @param return_value default value (`ThrowException`): throw exception on error.
2470  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2471  * At least the following PKCS#11 return values may be returned:
2472  * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2473  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2474  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2475  * \li HostMemory \li OK \li OperationNotInitialized
2476  * \li SessionClosed \li SessionHandleInvalid \li SignatureInvalid
2477  * \li SignatureLenRange
2478  * @return true on success, false otherwise
2479  */
2480  bool C_VerifyFinal(SessionHandle session,
2481  Byte* signature_ptr,
2482  Ulong signature_len,
2483  ReturnValue* return_value = ThrowException) const;
2484 
2485  /**
2486  * C_VerifyRecoverInit initializes a signature verification operation, where the data is recovered from the signature.
2487  * @param session the session's handle
2488  * @param mechanism_ptr the verification mechanism
2489  * @param key verification key
2490  * @param return_value default value (`ThrowException`): throw exception on error.
2491  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2492  * At least the following PKCS#11 return values may be returned:
2493  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2494  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2495  * \li FunctionFailed \li GeneralError \li HostMemory
2496  * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
2497  * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
2498  * \li OK \li OperationActive \li PinExpired
2499  * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2500  * @return true on success, false otherwise
2501  */
2502  bool C_VerifyRecoverInit(SessionHandle session,
2503  Mechanism* mechanism_ptr,
2504  ObjectHandle key,
2505  ReturnValue* return_value = ThrowException) const;
2506 
2507  /**
2508  * C_VerifyRecover verifies a signature in a single-part operation, where the data is recovered from the signature.
2509  * @param session the session's handle
2510  * @param signature_ptr signature to verify
2511  * @param signature_len signature length
2512  * @param data_ptr gets signed data
2513  * @param data_len_ptr gets signed data len
2514  * @param return_value default value (`ThrowException`): throw exception on error.
2515  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2516  * At least the following PKCS#11 return values may be returned:
2517  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2518  * \li DataInvalid \li DataLenRange \li DeviceError
2519  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2520  * \li FunctionFailed \li GeneralError \li HostMemory
2521  * \li OK \li OperationNotInitialized \li SessionClosed
2522  * \li SessionHandleInvalid \li SignatureLenRange \li SignatureInvalid
2523  * @return true on success, false otherwise
2524  */
2525  bool C_VerifyRecover(SessionHandle session,
2526  Byte* signature_ptr,
2527  Ulong signature_len,
2528  Byte* data_ptr,
2529  Ulong* data_len_ptr,
2530  ReturnValue* return_value = ThrowException) const;
2531 
2532  /****************************** Dual-purpose cryptographic functions ******************************/
2533 
2534  /**
2535  * C_DigestEncryptUpdate continues a multiple-part digesting and encryption operation.
2536  * @param session session's handle
2537  * @param part_ptr the plaintext data
2538  * @param part_len plaintext length
2539  * @param encrypted_part_ptr gets ciphertext
2540  * @param encrypted_part_len_ptr gets c-text length
2541  * @param return_value default value (`ThrowException`): throw exception on error.
2542  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2543  * At least the following PKCS#11 return values may be returned:
2544  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2545  * \li DataLenRange \li DeviceError \li DeviceMemory
2546  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2547  * \li GeneralError \li HostMemory \li OK
2548  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2549  * @return true on success, false otherwise
2550  */
2551  bool C_DigestEncryptUpdate(SessionHandle session,
2552  Byte* part_ptr,
2553  Ulong part_len,
2554  Byte* encrypted_part_ptr,
2555  Ulong* encrypted_part_len_ptr,
2556  ReturnValue* return_value = ThrowException) const ;
2557 
2558  /**
2559  * C_DecryptDigestUpdate continues a multiple-part decryption and digesting operation.
2560  * @param session session's handle
2561  * @param encrypted_part_ptr ciphertext
2562  * @param encrypted_part_len ciphertext length
2563  * @param part_ptr gets plaintext
2564  * @param part_len_ptr gets plaintext len
2565  * @param return_value default value (`ThrowException`): throw exception on error.
2566  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2567  * At least the following PKCS#11 return values may be returned:
2568  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2569  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2570  * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
2571  * \li FunctionFailed \li GeneralError \li HostMemory
2572  * \li OK \li OperationNotInitialized \li SessionClosed
2573  * \li SessionHandleInvalid
2574  * @return true on success, false otherwise
2575  */
2576  bool C_DecryptDigestUpdate(SessionHandle session,
2577  Byte* encrypted_part_ptr,
2578  Ulong encrypted_part_len,
2579  Byte* part_ptr,
2580  Ulong* part_len_ptr,
2581  ReturnValue* return_value = ThrowException) const;
2582 
2583  /**
2584  * C_SignEncryptUpdate continues a multiple-part signing and encryption operation.
2585  * @param session session's handle
2586  * @param part_ptr the plaintext data
2587  * @param part_len plaintext length
2588  * @param encrypted_part_ptr gets ciphertext
2589  * @param encrypted_part_len_ptr gets c-text length
2590  * @param return_value default value (`ThrowException`): throw exception on error.
2591  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2592  * At least the following PKCS#11 return values may be returned:
2593  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2594  * \li DataLenRange \li DeviceError \li DeviceMemory
2595  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2596  * \li GeneralError \li HostMemory \li OK
2597  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2598  * \li UserNotLoggedIn
2599  * @return true on success, false otherwise
2600  */
2601  bool C_SignEncryptUpdate(SessionHandle session,
2602  Byte* part_ptr,
2603  Ulong part_len,
2604  Byte* encrypted_part_ptr,
2605  Ulong* encrypted_part_len_ptr,
2606  ReturnValue* return_value = ThrowException) const;
2607 
2608  /**
2609  * C_DecryptVerifyUpdate continues a multiple-part decryption and verify operation.
2610  * @param session session's handle
2611  * @param encrypted_part_ptr ciphertext
2612  * @param encrypted_part_len ciphertext length
2613  * @param part_ptr gets plaintext
2614  * @param part_len_ptr gets p-text length
2615  * @param return_value default value (`ThrowException`): throw exception on error.
2616  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2617  * At least the following PKCS#11 return values may be returned:
2618  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2619  * \li DataLenRange \li DeviceError \li DeviceMemory
2620  * \li DeviceRemoved \li EncryptedDataInvalid \li EncryptedDataLenRange
2621  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2622  * \li HostMemory \li OK \li OperationNotInitialized
2623  * \li SessionClosed \li SessionHandleInvalid
2624  * @return true on success, false otherwise
2625  */
2626  bool C_DecryptVerifyUpdate(SessionHandle session,
2627  Byte* encrypted_part_ptr,
2628  Ulong encrypted_part_len,
2629  Byte* part_ptr,
2630  Ulong* part_len_ptr,
2631  ReturnValue* return_value = ThrowException) const;
2632 
2633  /****************************** Key management functions ******************************/
2634 
2635  /**
2636  * C_GenerateKey generates a secret key, creating a new key object.
2637  * @param session the session's handle
2638  * @param mechanism_ptr key generation mech.
2639  * @param attribute_template_ptr template for new key
2640  * @param count # of attrs in template
2641  * @param key_ptr gets handle of new key
2642  * @param return_value default value (`ThrowException`): throw exception on error.
2643  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2644  * At least the following PKCS#11 return values may be returned:
2645  * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
2646  * \li AttributeValueInvalid \li CryptokiNotInitialized \li CurveNotSupported
2647  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2648  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2649  * \li HostMemory \li MechanismInvalid \li MechanismParamInvalid
2650  * \li OK \li OperationActive \li PinExpired
2651  * \li SessionClosed \li SessionHandleInvalid \li SessionReadOnly
2652  * \li TemplateIncomplete \li TemplateInconsistent \li TokenWriteProtected
2653  * \li UserNotLoggedIn
2654  * @return true on success, false otherwise
2655  */
2656  bool C_GenerateKey(SessionHandle session,
2657  Mechanism* mechanism_ptr,
2658  Attribute* attribute_template_ptr,
2659  Ulong count,
2660  ObjectHandle* key_ptr,
2661  ReturnValue* return_value = ThrowException) const;
2662 
2663  /**
2664  * C_GenerateKeyPair generates a public-key/private-key pair, creating new key objects.
2665  * @param session session handle
2666  * @param mechanism_ptr key-gen mech.
2667  * @param public_key_template_ptr template for pub. key
2668  * @param public_key_attribute_count # pub. attrs.
2669  * @param private_key_template_ptr template for priv. key
2670  * @param private_key_attribute_count # priv. attrs.
2671  * @param public_key_ptr gets pub. key handle
2672  * @param private_key_ptr gets priv. key handle
2673  * @param return_value default value (`ThrowException`): throw exception on error.
2674  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2675  * At least the following PKCS#11 return values may be returned:
2676  * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
2677  * \li AttributeValueInvalid \li CryptokiNotInitialized \li CurveNotSupported
2678  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2679  * \li DomainParamsInvalid \li FunctionCanceled \li FunctionFailed
2680  * \li GeneralError \li HostMemory \li MechanismInvalid
2681  * \li MechanismParamInvalid \li OK \li OperationActive
2682  * \li PinExpired \li SessionClosed \li SessionHandleInvalid
2683  * \li SessionReadOnly \li TemplateIncomplete \li TemplateInconsistent
2684  * \li TokenWriteProtected \li UserNotLoggedIn
2685  * @return true on success, false otherwise
2686  */
2687  bool C_GenerateKeyPair(SessionHandle session,
2688  Mechanism* mechanism_ptr,
2689  Attribute* public_key_template_ptr,
2690  Ulong public_key_attribute_count,
2691  Attribute* private_key_template_ptr,
2692  Ulong private_key_attribute_count,
2693  ObjectHandle* public_key_ptr,
2694  ObjectHandle* private_key_ptr,
2695  ReturnValue* return_value = ThrowException) const;
2696 
2697  /**
2698  * C_WrapKey wraps (i.e., encrypts) a key.
2699  * @param session the session's handle
2700  * @param mechanism_ptr the wrapping mechanism
2701  * @param wrapping_key wrapping key
2702  * @param key key to be wrapped
2703  * @param wrapped_key_ptr gets wrapped key
2704  * @param wrapped_key_len_ptr gets wrapped key size
2705  * @param return_value default value (`ThrowException`): throw exception on error.
2706  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2707  * At least the following PKCS#11 return values may be returned:
2708  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2709  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2710  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2711  * \li HostMemory \li KeyHandleInvalid \li KeyNotWrappable
2712  * \li KeySizeRange \li KeyUnextractable \li MechanismInvalid
2713  * \li MechanismParamInvalid \li OK \li OperationActive
2714  * \li PinExpired \li SessionClosed \li SessionHandleInvalid
2715  * \li UserNotLoggedIn \li WrappingKeyHandleInvalid \li WrappingKeySizeRange
2716  * \li WrappingKeyTypeInconsistent
2717  * @return true on success, false otherwise
2718  */
2719  bool C_WrapKey(SessionHandle session,
2720  Mechanism* mechanism_ptr,
2721  ObjectHandle wrapping_key,
2722  ObjectHandle key,
2723  Byte* wrapped_key_ptr,
2724  Ulong* wrapped_key_len_ptr,
2725  ReturnValue* return_value = ThrowException) const;
2726 
2727  /**
2728  * C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new key object.
2729  * @param session session's handle
2730  * @param mechanism_ptr unwrapping mech.
2731  * @param unwrapping_key unwrapping key
2732  * @param wrapped_key_ptr the wrapped key
2733  * @param wrapped_key_len wrapped key len
2734  * @param attribute_template_ptr new key template
2735  * @param attribute_count template length
2736  * @param key_ptr gets new handle
2737  * @param return_value default value (`ThrowException`): throw exception on error.
2738  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2739  * At least the following PKCS#11 return values may be returned:
2740  * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
2741  * \li AttributeValueInvalid \li BufferTooSmall \li CryptokiNotInitialized
2742  * \li CurveNotSupported \li DeviceError \li DeviceMemory
2743  * \li DeviceRemoved \li DomainParamsInvalid \li FunctionCanceled
2744  * \li FunctionFailed \li GeneralError \li HostMemory
2745  * \li MechanismInvalid \li MechanismParamInvalid \li OK
2746  * \li OperationActive \li PinExpired \li SessionClosed
2747  * \li SessionHandleInvalid \li SessionReadOnly \li TemplateIncomplete
2748  * \li TemplateInconsistent \li TokenWriteProtected \li UnwrappingKeyHandleInvalid
2749  * \li UnwrappingKeySizeRange \li UnwrappingKeyTypeInconsistent \li UserNotLoggedIn
2750  * \li WrappedKeyInvalid \li WrappedKeyLenRange
2751  * @return true on success, false otherwise
2752  */
2753  bool C_UnwrapKey(SessionHandle session,
2754  Mechanism* mechanism_ptr,
2755  ObjectHandle unwrapping_key,
2756  Byte* wrapped_key_ptr,
2757  Ulong wrapped_key_len,
2758  Attribute* attribute_template_ptr,
2759  Ulong attribute_count,
2760  ObjectHandle* key_ptr,
2761  ReturnValue* return_value = ThrowException) const;
2762 
2763  /**
2764  * C_DeriveKey derives a key from a base key, creating a new key object.
2765  * @param session session's handle
2766  * @param mechanism_ptr key deriv. mech.
2767  * @param base_key base key
2768  * @param attribute_template_ptr new key template
2769  * @param attribute_count template length
2770  * @param key_ptr gets new handle
2771  * @param return_value default value (`ThrowException`): throw exception on error.
2772  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2773  * At least the following PKCS#11 return values may be returned:
2774  * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
2775  * \li AttributeValueInvalid \li CryptokiNotInitialized \li CurveNotSupported
2776  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2777  * \li DomainParamsInvalid \li FunctionCanceled \li FunctionFailed
2778  * \li GeneralError \li HostMemory \li KeyHandleInvalid
2779  * \li KeySizeRange \li KeyTypeInconsistent \li MechanismInvalid
2780  * \li MechanismParamInvalid \li OK \li OperationActive
2781  * \li PinExpired \li SessionClosed \li SessionHandleInvalid
2782  * \li SessionReadOnly \li TemplateIncomplete \li TemplateInconsistent
2783  * \li TokenWriteProtected \li UserNotLoggedIn
2784  * @return true on success, false otherwise
2785  */
2786  bool C_DeriveKey(SessionHandle session,
2787  Mechanism* mechanism_ptr,
2788  ObjectHandle base_key,
2789  Attribute* attribute_template_ptr,
2790  Ulong attribute_count,
2791  ObjectHandle* key_ptr,
2792  ReturnValue* return_value = ThrowException) const;
2793 
2794  /****************************** Random number generation functions ******************************/
2795 
2796  /**
2797  * C_SeedRandom mixes additional seed material into the token's random number generator.
2798  * @param session the session's handle
2799  * @param seed_ptr the seed material
2800  * @param seed_len length of seed material
2801  * @param return_value default value (`ThrowException`): throw exception on error.
2802  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2803  * At least the following PKCS#11 return values may be returned:
2804  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2805  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2806  * \li FunctionFailed \li GeneralError \li HostMemory
2807  * \li OK \li OperationActive \li RandomSeedNotSupported
2808  * \li RandomNoRng \li SessionClosed \li SessionHandleInvalid
2809  * \li UserNotLoggedIn
2810  * @return true on success, false otherwise
2811  */
2812  bool C_SeedRandom(SessionHandle session,
2813  Byte* seed_ptr,
2814  Ulong seed_len,
2815  ReturnValue* return_value = ThrowException) const;
2816 
2817  /**
2818  * C_GenerateRandom generates random data.
2819  * @param session the session's handle
2820  * @param random_data_ptr receives the random data
2821  * @param random_len # of bytes to generate
2822  * @param return_value default value (`ThrowException`): throw exception on error.
2823  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2824  * At least the following PKCS#11 return values may be returned:
2825  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2826  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2827  * \li FunctionFailed \li GeneralError \li HostMemory
2828  * \li OK \li OperationActive \li RandomNoRng
2829  * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2830  * @return true on success, false otherwise
2831  */
2832  bool C_GenerateRandom(SessionHandle session,
2833  Byte* random_data_ptr,
2834  Ulong random_len,
2835  ReturnValue* return_value = ThrowException) const;
2836 
2837  /****************************** Parallel function management functions ******************************/
2838 
2839  /**
2840  * C_GetFunctionStatus is a legacy function; it obtains an updated status of a function running in parallel with an application.
2841  * @param session the session's handle
2842  * @param return_value default value (`ThrowException`): throw exception on error.
2843  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2844  * At least the following PKCS#11 return values may be returned:
2845  * \li CryptokiNotInitialized \li FunctionFailed \li FunctionNotParallel
2846  * \li GeneralError \li HostMemory \li SessionHandleInvalid
2847  * \li SessionClosed
2848  * @return true on success, false otherwise
2849  */
2850  bool C_GetFunctionStatus(SessionHandle session,
2851  ReturnValue* return_value = ThrowException) const;
2852 
2853  /**
2854  * C_CancelFunction is a legacy function; it cancels a function running in parallel.
2855  * @param session the session's handle
2856  * @param return_value default value (`ThrowException`): throw exception on error.
2857  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2858  * At least the following PKCS#11 return values may be returned:
2859  * \li CryptokiNotInitialized \li FunctionFailed \li FunctionNotParallel
2860  * \li GeneralError \li HostMemory \li SessionHandleInvalid
2861  * \li SessionClosed
2862  * @return true on success, false otherwise
2863  */
2864  bool C_CancelFunction(SessionHandle session,
2865  ReturnValue* return_value = ThrowException) const;
2866 
2867  private:
2868  const FunctionListPtr m_func_list_ptr;
2869  };
2870 
2872  {
2873  public:
2874  explicit PKCS11_Error(const std::string& what) :
2875  Exception("PKCS11 error", what)
2876  {
2877  }
2878  };
2879 
2881  {
2882  public:
2883  explicit PKCS11_ReturnError(ReturnValue return_val) :
2884  PKCS11_Error(std::to_string(static_cast< uint32_t >(return_val))),
2885  m_return_val(return_val)
2886  {}
2887 
2889  {
2890  return m_return_val;
2891  }
2892 
2893  private:
2894  const ReturnValue m_return_val;
2895  };
2896 
2897 }
2898 
2899 }
2900 
2901 #endif
#define CKF_EXCLUDE_COUNTER
Definition: pkcs11t.h:1811
#define CKA_CHAR_ROWS
Definition: pkcs11t.h:546
#define CKM_DES3_CBC_ENCRYPT_DATA
Definition: pkcs11t.h:940
#define CKK_RC2
Definition: pkcs11t.h:347
struct CK_RSA_PKCS_OAEP_PARAMS CK_RSA_PKCS_OAEP_PARAMS
#define CKP_PKCS5_PBKD2_HMAC_SHA512
Definition: pkcs11t.h:1724
#define CKF_EC_NAMEDCURVE
Definition: pkcs11t.h:1025
CK_UTF8CHAR Utf8Char
Definition: p11.h:841
#define CKM_HOTP_KEY_GEN
Definition: pkcs11t.h:721
#define CKM_AES_CFB64
Definition: pkcs11t.h:964
#define CKM_CAST128_CBC
Definition: pkcs11t.h:744
#define CKM_SHA512_RSA_PKCS_PSS
Definition: pkcs11t.h:626
#define CKR_RANDOM_SEED_NOT_SUPPORTED
Definition: pkcs11t.h:1129
CK_NOTIFY Notify
Definition: p11.h:842
#define CKR_DEVICE_REMOVED
Definition: pkcs11t.h:1062
#define CKM_DSA_PARAMETER_GEN
Definition: pkcs11t.h:957
#define CKM_AES_CMAC_GENERAL
Definition: pkcs11t.h:924
#define CKM_SHA_1_HMAC_GENERAL
Definition: pkcs11t.h:698
#define CKR_FIPS_SELF_TEST_FAILED
Definition: pkcs11t.h:1151
#define CKM_XOR_BASE_AND_DATA
Definition: pkcs11t.h:767
void change_pin(Slot &slot, const secure_string &old_pin, const secure_string &new_pin)
Definition: p11.cpp:52
#define CKF_USER_PIN_INITIALIZED
Definition: pkcs11t.h:158
#define CKA_HW_FEATURE_TYPE
Definition: pkcs11t.h:539
#define CKM_SHA384_KEY_DERIVATION
Definition: pkcs11t.h:788
#define CKF_SIGN
Definition: pkcs11t.h:1009
#define CKM_KEA_DERIVE
Definition: pkcs11t.h:878
CK_ULONG CK_SLOT_ID
Definition: pkcs11t.h:104
#define CKM_TLS_PRE_MASTER_KEY_GEN
Definition: pkcs11t.h:774
Flag operator|(Flag a, Flag b)
Definition: p11.h:265
#define CKA_TRUSTED
Definition: pkcs11t.h:450
#define CKM_RIPEMD128_HMAC_GENERAL
Definition: pkcs11t.h:702
#define CKR_ENCRYPTED_DATA_INVALID
Definition: pkcs11t.h:1063
#define CKM_PBE_MD5_CAST_CBC
Definition: pkcs11t.h:794
#define CKR_PIN_EXPIRED
Definition: pkcs11t.h:1093
#define CKH_MONOTONIC_COUNTER
Definition: pkcs11t.h:330
#define CKM_RSA_X_509
Definition: pkcs11t.h:589
#define CKA_ENCODING_METHODS
Definition: pkcs11t.h:551
#define CKM_DES_CFB8
Definition: pkcs11t.h:683
#define CKH_USER_INTERFACE
Definition: pkcs11t.h:332
#define CKA_PRIME_1
Definition: pkcs11t.h:478
#define CKG_MGF1_SHA256
Definition: pkcs11t.h:1247
#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC
Definition: pkcs11t.h:813
#define CKR_KEY_NEEDED
Definition: pkcs11t.h:1077
#define CKA_WRAP_WITH_TRUSTED
Definition: pkcs11t.h:515
#define CKR_SAVED_STATE_INVALID
Definition: pkcs11t.h:1138
#define CKM_KEY_WRAP_LYNKS
Definition: pkcs11t.h:829
#define CKA_PRIVATE_EXPONENT
Definition: pkcs11t.h:477
#define CKM_CAST_KEY_GEN
Definition: pkcs11t.h:726
#define CKK_CAST128
Definition: pkcs11t.h:355
#define CKM_SHA512_RSA_PKCS
Definition: pkcs11t.h:623
#define CKM_IDEA_KEY_GEN
Definition: pkcs11t.h:757
#define CKM_SHA224_RSA_PKCS
Definition: pkcs11t.h:628
#define CKM_SEED_CBC_ENCRYPT_DATA
Definition: pkcs11t.h:863
#define CKF_TOKEN_PRESENT
Definition: pkcs11t.h:122
#define CKM_GOSTR3410_WITH_GOSTR3411
Definition: pkcs11t.h:946
#define CKM_SHA256_HMAC
Definition: pkcs11t.h:708
CK_UNLOCKMUTEX UnlockMutex
Definition: p11.h:831
#define CKM_CAMELLIA_MAC_GENERAL
Definition: pkcs11t.h:841
#define CKR_CANCEL
Definition: pkcs11t.h:1039
#define CKM_PBE_SHA1_RC2_128_CBC
Definition: pkcs11t.h:804
#define CKA_UNWRAP_TEMPLATE
Definition: pkcs11t.h:517
#define CKA_SUBJECT
Definition: pkcs11t.h:460
#define CKA_EC_PARAMS
Definition: pkcs11t.h:506
#define CKA_OTP_SERVICE_LOGO_TYPE
Definition: pkcs11t.h:533
#define CKF_EC_ECPARAMETERS
Definition: pkcs11t.h:1024
#define CKM_DES3_CMAC_GENERAL
Definition: pkcs11t.h:671
#define CKM_CDMF_CBC
Definition: pkcs11t.h:675
#define CKM_CAST5_CBC
Definition: pkcs11t.h:743
#define CKD_SHA1_KDF_CONCATENATE
Definition: pkcs11t.h:1295
#define CKF_PROTECTED_AUTHENTICATION_PATH
Definition: pkcs11t.h:177
bool C_Login(SessionHandle session, UserType user_type, const std::vector< uint8_t, TAlloc > &pin, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1429
#define CKM_RC2_ECB
Definition: pkcs11t.h:646
#define CKK_VENDOR_DEFINED
Definition: pkcs11t.h:387
#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT
Definition: pkcs11t.h:1115
#define CKM_SHA512_HMAC
Definition: pkcs11t.h:717
#define CKM_TLS_KDF
Definition: pkcs11t.h:827
#define CKF_GENERATE_KEY_PAIR
Definition: pkcs11t.h:1014
#define CKK_SHA224_HMAC
Definition: pkcs11t.h:378
CK_ULONG CK_MECHANISM_TYPE
Definition: pkcs11t.h:583
#define CKM_ARIA_ECB_ENCRYPT_DATA
Definition: pkcs11t.h:853
#define CKM_PBE_MD5_CAST5_CBC
Definition: pkcs11t.h:796
#define CKA_CHAR_COLUMNS
Definition: pkcs11t.h:547
#define CKU_CONTEXT_SPECIFIC
Definition: pkcs11t.h:268
#define CKA_LABEL
Definition: pkcs11t.h:440
#define CKA_ISSUER
Definition: pkcs11t.h:445
CK_ULONG CK_NOTIFICATION
Definition: pkcs11t.h:100
#define CKM_BATON_WRAP
Definition: pkcs11t.h:886
#define CKS_RW_USER_FUNCTIONS
Definition: pkcs11t.h:275
#define CKM_SEED_ECB_ENCRYPT_DATA
Definition: pkcs11t.h:862
#define CKM_SKIPJACK_CFB8
Definition: pkcs11t.h:872
#define CKM_ECDSA_SHA256
Definition: pkcs11t.h:894
#define CKM_ECDSA_SHA224
Definition: pkcs11t.h:893
#define CKA_ATTR_TYPES
Definition: pkcs11t.h:449
#define CKA_MIME_TYPES
Definition: pkcs11t.h:552
CK_BYTE CK_BBOOL
Definition: pkcs11t.h:45
CertificateType
Definition: p11.h:175
#define CKA_OTP_COUNTER_REQUIREMENT
Definition: pkcs11t.h:526
#define CKA_REQUIRED_CMS_ATTRIBUTES
Definition: pkcs11t.h:554
#define CKA_EXTRACTABLE
Definition: pkcs11t.h:494
#define CKR_DEVICE_ERROR
Definition: pkcs11t.h:1060
#define CKR_SIGNATURE_INVALID
Definition: pkcs11t.h:1106
#define CKK_ARIA
Definition: pkcs11t.h:369
#define CKR_FUNCTION_CANCELED
Definition: pkcs11t.h:1065
#define CKM_PBA_SHA1_WITH_SHA1_HMAC
Definition: pkcs11t.h:809
#define CK_CERTIFICATE_CATEGORY_OTHER_ENTITY
Definition: pkcs11t.h:398
#define CKM_JUNIPER_COUNTER
Definition: pkcs11t.h:908
#define CKM_DSA_SHA512
Definition: pkcs11t.h:611
#define CKF_LIBRARY_CANT_CREATE_OS_THREADS
Definition: pkcs11t.h:1225
#define CKA_EC_POINT
Definition: pkcs11t.h:508
#define CKM_CAMELLIA_CBC_ENCRYPT_DATA
Definition: pkcs11t.h:844
#define CKM_CAST5_ECB
Definition: pkcs11t.h:741
#define CKD_SHA384_KDF
Definition: pkcs11t.h:1298
#define CKM_CAST3_KEY_GEN
Definition: pkcs11t.h:732
#define CKK_HOTP
Definition: pkcs11t.h:366
struct CK_TOKEN_INFO CK_TOKEN_INFO
#define CKK_SHA256_HMAC
Definition: pkcs11t.h:375
#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE
Definition: pkcs11t.h:815
#define CKM_CDMF_CBC_PAD
Definition: pkcs11t.h:678
#define CKM_DES3_CMAC
Definition: pkcs11t.h:672
#define CKM_SKIPJACK_WRAP
Definition: pkcs11t.h:873
#define CKA_COEFFICIENT
Definition: pkcs11t.h:482
#define CKM_RC2_KEY_GEN
Definition: pkcs11t.h:645
#define CKM_RSA_PKCS_TPM_1_1
Definition: pkcs11t.h:972
#define CKC_WTLS
Definition: pkcs11t.h:409
#define CKM_RSA_PKCS
Definition: pkcs11t.h:587
#define CKK_CAST
Definition: pkcs11t.h:352
AttributeType
Definition: p11.h:63
#define CK_CERTIFICATE_CATEGORY_AUTHORITY
Definition: pkcs11t.h:397
#define CKM_CDMF_MAC
Definition: pkcs11t.h:676
#define CKR_ATTRIBUTE_SENSITIVE
Definition: pkcs11t.h:1052
#define CKM_RSA_PKCS_KEY_PAIR_GEN
Definition: pkcs11t.h:586
#define CKM_SKIPJACK_KEY_GEN
Definition: pkcs11t.h:865
#define CKR_NO_EVENT
Definition: pkcs11t.h:1047
#define CKM_CAMELLIA_ECB_ENCRYPT_DATA
Definition: pkcs11t.h:843
#define CKM_AES_KEY_WRAP
Definition: pkcs11t.h:969
#define CRYPTOKI_VERSION_MINOR
Definition: pkcs11t.h:20
#define CKM_CAST_MAC_GENERAL
Definition: pkcs11t.h:730
#define CKA_SERIAL_NUMBER
Definition: pkcs11t.h:446
#define CKM_RC5_CBC_PAD
Definition: pkcs11t.h:756
#define CKM_IDEA_CBC
Definition: pkcs11t.h:759
#define CKF_ERROR_STATE
Definition: pkcs11t.h:248
#define CKM_MD5_RSA_PKCS
Definition: pkcs11t.h:592
#define CKM_SHA512_224_KEY_DERIVATION
Definition: pkcs11t.h:634
#define CKM_SKIPJACK_CFB32
Definition: pkcs11t.h:870
#define CKG_MGF1_SHA384
Definition: pkcs11t.h:1248
#define CKM_SHA512_HMAC_GENERAL
Definition: pkcs11t.h:718
#define CKM_AES_CFB128
Definition: pkcs11t.h:966
#define CKR_GENERAL_ERROR
Definition: pkcs11t.h:1043
void set_pin(Slot &slot, const secure_string &so_pin, const secure_string &pin)
Definition: p11.cpp:66
#define CKM_CAMELLIA_CBC_PAD
Definition: pkcs11t.h:842
#define CKD_NULL
Definition: pkcs11t.h:1290
#define CKM_DES3_CBC
Definition: pkcs11t.h:666
#define CKA_PUBLIC_KEY_INFO
Definition: pkcs11t.h:483
#define CKR_OK
Definition: pkcs11t.h:1038
#define CKK_EC
Definition: pkcs11t.h:343
#define CKR_WRAPPING_KEY_SIZE_RANGE
Definition: pkcs11t.h:1127
#define CKM_DES_CFB64
Definition: pkcs11t.h:682
#define CKA_VALUE
Definition: pkcs11t.h:442
#define CKA_KEY_TYPE
Definition: pkcs11t.h:459
#define CKA_ID
Definition: pkcs11t.h:461
#define CKA_OTP_COUNTER
Definition: pkcs11t.h:528
#define CKM_TLS12_MAC
Definition: pkcs11t.h:820
#define CKM_SSL3_MASTER_KEY_DERIVE
Definition: pkcs11t.h:770
#define CKM_AES_KEY_GEN
Definition: pkcs11t.h:913
CK_ULONG CK_OBJECT_HANDLE
Definition: pkcs11t.h:298
#define CKF_SO_PIN_COUNT_LOW
Definition: pkcs11t.h:229
#define CKM_CONCATENATE_BASE_AND_DATA
Definition: pkcs11t.h:765
#define CKF_GENERATE
Definition: pkcs11t.h:1013
struct CK_INFO CK_INFO
#define CKM_CAST128_MAC_GENERAL
Definition: pkcs11t.h:748
#define CKM_KEA_KEY_DERIVE
Definition: pkcs11t.h:877
#define CKA_OBJECT_ID
Definition: pkcs11t.h:443
int(* final)(unsigned char *, CTX *)
#define CKM_TLS10_MAC_CLIENT
Definition: pkcs11t.h:819
#define CKM_PBE_SHA1_RC4_40
Definition: pkcs11t.h:801
#define CKA_WRAP
Definition: pkcs11t.h:465
#define CKF_WRITE_PROTECTED
Definition: pkcs11t.h:156
#define CKM_CAST3_CBC_PAD
Definition: pkcs11t.h:737
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:27
#define CKM_RIPEMD128_RSA_PKCS
Definition: pkcs11t.h:595
#define CKM_RC2_CBC
Definition: pkcs11t.h:647
#define CKR_OBJECT_HANDLE_INVALID
Definition: pkcs11t.h:1086
#define CKK_CAMELLIA
Definition: pkcs11t.h:368
#define CKF_USER_FRIENDLY_OTP
Definition: pkcs11t.h:1814
#define CKO_CERTIFICATE
Definition: pkcs11t.h:311
#define CKK_SEED
Definition: pkcs11t.h:380
#define CKM_TLS_MASTER_KEY_DERIVE_DH
Definition: pkcs11t.h:777
#define CKM_TWOFISH_CBC_PAD
Definition: pkcs11t.h:935
#define CKA_GOST28147_PARAMS
Definition: pkcs11t.h:537
#define CKM_KIP_WRAP
Definition: pkcs11t.h:834
#define CKM_SSL3_MD5_MAC
Definition: pkcs11t.h:781
#define CKM_BATON_COUNTER
Definition: pkcs11t.h:884
#define CKM_BATON_ECB96
Definition: pkcs11t.h:882
Flags flags(Flag flags)
Definition: p11.h:858
#define CK_TRUE
Definition: pkcs11t.h:23
#define CKM_GOSTR3410
Definition: pkcs11t.h:945
Definition: bigint.h:891
#define CKM_PBE_SHA1_DES3_EDE_CBC
Definition: pkcs11t.h:802
#define CKH_CLOCK
Definition: pkcs11t.h:331
#define CKR_MUTEX_BAD
Definition: pkcs11t.h:1144
#define CKR_RANDOM_NO_RNG
Definition: pkcs11t.h:1131
PseudoRandom
Definition: p11.h:692
#define CKP_PKCS5_PBKD2_HMAC_SHA512_224
Definition: pkcs11t.h:1725
#define CKM_SHA512_224
Definition: pkcs11t.h:631
PKCS11_Error(const std::string &what)
Definition: p11.h:2874
#define CKM_TWOFISH_KEY_GEN
Definition: pkcs11t.h:932
#define CKA_PIXEL_X
Definition: pkcs11t.h:543
#define CKG_MGF1_SHA1
Definition: pkcs11t.h:1246
#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT
Definition: pkcs11t.h:1128
CK_ULONG Ulong
Definition: p11.h:836
#define CKM_SHA224
Definition: pkcs11t.h:710
#define CKS_RO_PUBLIC_SESSION
Definition: pkcs11t.h:272
#define CKO_SECRET_KEY
Definition: pkcs11t.h:314
#define CKR_ATTRIBUTE_READ_ONLY
Definition: pkcs11t.h:1051
bool C_SignFinal(SessionHandle session, std::vector< uint8_t, TAlloc > &signature, ReturnValue *return_value=ThrowException) const
Definition: p11.h:2282
#define CKM_RC5_MAC_GENERAL
Definition: pkcs11t.h:755
#define CKR_SESSION_EXISTS
Definition: pkcs11t.h:1101
CK_VOID_PTR VoidPtr
Definition: p11.h:826
#define CKM_BLOWFISH_KEY_GEN
Definition: pkcs11t.h:930
#define CKF_HW_SLOT
Definition: pkcs11t.h:124
#define CKR_MUTEX_NOT_LOCKED
Definition: pkcs11t.h:1145
unsigned char CK_BYTE
Definition: pkcs11t.h:36
#define CKM_SEED_MAC
Definition: pkcs11t.h:859
#define CKR_NEXT_OTP
Definition: pkcs11t.h:1148
#define CKM_RSA_9796
Definition: pkcs11t.h:588
unsigned long int CK_ULONG
Definition: pkcs11t.h:48
#define CKM_PBE_SHA1_RC2_40_CBC
Definition: pkcs11t.h:805
#define CKA_ALWAYS_AUTHENTICATE
Definition: pkcs11t.h:513
#define CKA_DERIVE
Definition: pkcs11t.h:471
#define CKK_X9_42_DH
Definition: pkcs11t.h:344
#define CKA_OTP_FORMAT
Definition: pkcs11t.h:520
#define CKF_REMOVABLE_DEVICE
Definition: pkcs11t.h:123
#define CKA_OTP_TIME_REQUIREMENT
Definition: pkcs11t.h:525
#define CKR_TOKEN_WRITE_PROTECTED
Definition: pkcs11t.h:1112
#define CKM_DES3_CBC_PAD
Definition: pkcs11t.h:670
#define CKR_DEVICE_MEMORY
Definition: pkcs11t.h:1061
struct CK_MECHANISM CK_MECHANISM
#define CKM_RC4
Definition: pkcs11t.h:654
#define CKR_INFORMATION_SENSITIVE
Definition: pkcs11t.h:1139
#define CKC_X_509
Definition: pkcs11t.h:407
#define CKM_DES_OFB64
Definition: pkcs11t.h:680
#define CKR_EXCEEDED_MAX_ITERATIONS
Definition: pkcs11t.h:1150
CK_ULONG CK_ATTRIBUTE_TYPE
Definition: pkcs11t.h:416
MechanismType type
#define CKP_PKCS5_PBKD2_HMAC_GOSTR3411
Definition: pkcs11t.h:1720
#define CKM_AES_CTR
Definition: pkcs11t.h:919
#define CKA_PRIVATE
Definition: pkcs11t.h:439
#define CKK_MD5_HMAC
Definition: pkcs11t.h:371
#define CKA_OTP_PIN_REQUIREMENT
Definition: pkcs11t.h:527
#define CKA_ALWAYS_SENSITIVE
Definition: pkcs11t.h:497
#define CKR_PIN_INVALID
Definition: pkcs11t.h:1090
#define CKA_END_DATE
Definition: pkcs11t.h:473
#define CKM_ECDSA_SHA1
Definition: pkcs11t.h:892
#define CKU_SO
Definition: pkcs11t.h:264
#define CKA_OTP_LENGTH
Definition: pkcs11t.h:521
#define CKM_CAST128_ECB
Definition: pkcs11t.h:742
CK_ULONG CK_HW_FEATURE_TYPE
Definition: pkcs11t.h:327
#define CKR_LIBRARY_LOAD_FAILED
Definition: pkcs11t.h:1152
#define CKR_PIN_TOO_WEAK
Definition: pkcs11t.h:1153
#define CKM_SSL3_PRE_MASTER_KEY_GEN
Definition: pkcs11t.h:769
CK_BYTE Byte
Definition: p11.h:847
#define CKM_SHA512_T_HMAC_GENERAL
Definition: pkcs11t.h:642
#define CKA_SIGN
Definition: pkcs11t.h:467
#define CKR_DATA_INVALID
Definition: pkcs11t.h:1058
#define CKM_MD2_HMAC
Definition: pkcs11t.h:687
#define CKM_AES_ECB_ENCRYPT_DATA
Definition: pkcs11t.h:941
#define CKR_ATTRIBUTE_TYPE_INVALID
Definition: pkcs11t.h:1053
#define CKA_VENDOR_DEFINED
Definition: pkcs11t.h:559
#define CKM_AES_XCBC_MAC_96
Definition: pkcs11t.h:927
bool C_VerifyUpdate(SessionHandle session, std::vector< uint8_t, TAlloc > part, ReturnValue *return_value=ThrowException) const
Definition: p11.h:2457
#define CKM_ACTI_KEY_GEN
Definition: pkcs11t.h:724
#define CKM_SHA1_RSA_X9_31
Definition: pkcs11t.h:601
#define CKK_DES2
Definition: pkcs11t.h:350
#define CKM_AES_CCM
Definition: pkcs11t.h:921
#define CKK_RC5
Definition: pkcs11t.h:356
#define CKA_ECDSA_PARAMS
Definition: pkcs11t.h:505
#define CKF_WRAP
Definition: pkcs11t.h:1015
#define CKM_TLS12_KDF
Definition: pkcs11t.h:821
#define CKR_PIN_INCORRECT
Definition: pkcs11t.h:1089
#define CKM_DH_PKCS_PARAMETER_GEN
Definition: pkcs11t.h:958
#define CKA_CERTIFICATE_CATEGORY
Definition: pkcs11t.h:451
#define CKA_LOCAL
Definition: pkcs11t.h:495
#define CKM_SHA1_RSA_PKCS_PSS
Definition: pkcs11t.h:603
#define CKA_EXPONENT_1
Definition: pkcs11t.h:480
#define CKM_TLS10_MAC_SERVER
Definition: pkcs11t.h:818
#define CKR_PUBLIC_KEY_INVALID
Definition: pkcs11t.h:1154
#define CKK_ACTI
Definition: pkcs11t.h:367
#define CKF_LOGIN_REQUIRED
Definition: pkcs11t.h:157
#define CKM_VENDOR_DEFINED
Definition: pkcs11t.h:975
CK_ULONG CK_OBJECT_CLASS
Definition: pkcs11t.h:307
#define CKA_HAS_RESET
Definition: pkcs11t.h:541
#define CKR_STATE_UNSAVEABLE
Definition: pkcs11t.h:1140
bool C_Verify(SessionHandle session, const std::vector< uint8_t, TAllocA > &data, std::vector< uint8_t, TAllocB > &signature, ReturnValue *return_value=ThrowException) const
Definition: p11.h:2409
#define CKM_PBE_SHA1_DES2_EDE_CBC
Definition: pkcs11t.h:803
#define CKR_KEY_INDIGESTIBLE
Definition: pkcs11t.h:1078
#define CKM_PBE_MD5_DES_CBC
Definition: pkcs11t.h:793
#define CKF_NEXT_OTP
Definition: pkcs11t.h:1809
#define CKA_OTP_SERVICE_LOGO
Definition: pkcs11t.h:532
#define CKD_SHA512_KDF
Definition: pkcs11t.h:1299
#define CKF_VERIFY_RECOVER
Definition: pkcs11t.h:1012
struct CK_C_INITIALIZE_ARGS CK_C_INITIALIZE_ARGS
#define CKF_EXTENSION
Definition: pkcs11t.h:1029
#define CKK_GOSTR3410
Definition: pkcs11t.h:381
CK_FUNCTION_LIST_PTR FunctionListPtr
Definition: p11.h:825
#define CKR_ACTION_PROHIBITED
Definition: pkcs11t.h:1056
#define CKM_SHA256
Definition: pkcs11t.h:707
#define CKF_HW
Definition: pkcs11t.h:1003
#define CKF_EC_UNCOMPRESS
Definition: pkcs11t.h:1026
#define CKF_OS_LOCKING_OK
Definition: pkcs11t.h:1226
#define CKF_DERIVE
Definition: pkcs11t.h:1017
#define CKR_USER_TOO_MANY_TYPES
Definition: pkcs11t.h:1122
#define CKM_RC2_MAC
Definition: pkcs11t.h:648
#define CKM_TLS_PRF
Definition: pkcs11t.h:779
#define CKM_X9_42_MQV_DERIVE
Definition: pkcs11t.h:619
#define CKA_SECONDARY_AUTH
Definition: pkcs11t.h:510
#define CKF_EC_F_P
Definition: pkcs11t.h:1022
#define CKM_RIPEMD128
Definition: pkcs11t.h:700
#define CKM_MD5_KEY_DERIVATION
Definition: pkcs11t.h:783
#define CKM_ECDSA_SHA384
Definition: pkcs11t.h:895
#define CKM_SHA1_KEY_DERIVATION
Definition: pkcs11t.h:785
CK_CREATEMUTEX CreateMutex
Definition: p11.h:828
#define CKM_DSA_SHA224
Definition: pkcs11t.h:608
#define CKM_SHA1_RSA_PKCS
Definition: pkcs11t.h:593
#define CKM_AES_CFB1
Definition: pkcs11t.h:968
CK_SESSION_HANDLE SessionHandle
Definition: p11.h:843
#define CKA_CHAR_SETS
Definition: pkcs11t.h:550
#define CKM_MD2_KEY_DERIVATION
Definition: pkcs11t.h:784
#define CKA_ALLOWED_MECHANISMS
Definition: pkcs11t.h:557
#define CKM_DES_CBC
Definition: pkcs11t.h:657
#define CKF_UNWRAP
Definition: pkcs11t.h:1016
#define CKK_GENERIC_SECRET
Definition: pkcs11t.h:346
#define CKM_SHA384_HMAC
Definition: pkcs11t.h:714
#define CKF_RESTORE_KEY_NOT_NEEDED
Definition: pkcs11t.h:165
#define CKR_OPERATION_ACTIVE
Definition: pkcs11t.h:1087
#define CKM_SHA512_224_HMAC_GENERAL
Definition: pkcs11t.h:633
#define CKM_DES_CBC_PAD
Definition: pkcs11t.h:661
#define CKM_RSA_AES_KEY_WRAP
Definition: pkcs11t.h:903
#define CKA_ENCRYPT
Definition: pkcs11t.h:463
#define CKM_FASTHASH
Definition: pkcs11t.h:911
#define CKM_CONCATENATE_BASE_AND_KEY
Definition: pkcs11t.h:764
#define CKM_ECDSA
Definition: pkcs11t.h:891
#define CKM_BATON_ECB128
Definition: pkcs11t.h:881
CK_ULONG CK_SESSION_HANDLE
Definition: pkcs11t.h:256
#define CKR_KEY_NOT_WRAPPABLE
Definition: pkcs11t.h:1080
#define CKA_MODULUS
Definition: pkcs11t.h:474
#define CKM_SHA512_T_KEY_DERIVATION
Definition: pkcs11t.h:643
#define CKS_RO_USER_FUNCTIONS
Definition: pkcs11t.h:273
#define CKM_AES_CBC_PAD
Definition: pkcs11t.h:918
#define CKF_CLOCK_ON_TOKEN
Definition: pkcs11t.h:171
#define CKA_OTP_USER_IDENTIFIER
Definition: pkcs11t.h:530
#define CKM_ARIA_ECB
Definition: pkcs11t.h:848
#define CKK_KEA
Definition: pkcs11t.h:345
#define CKR_FUNCTION_NOT_SUPPORTED
Definition: pkcs11t.h:1068
#define CKM_AES_GCM
Definition: pkcs11t.h:920
#define CKM_KEY_WRAP_SET_OAEP
Definition: pkcs11t.h:830
void change_so_pin(Slot &slot, const secure_string &old_so_pin, const secure_string &new_so_pin)
Definition: p11.cpp:59
#define CKM_SEED_MAC_GENERAL
Definition: pkcs11t.h:860
#define CKR_PIN_LOCKED
Definition: pkcs11t.h:1094
#define CK_CERTIFICATE_CATEGORY_UNSPECIFIED
Definition: pkcs11t.h:395
#define CKM_AES_CMAC
Definition: pkcs11t.h:923
#define CKM_FORTEZZA_TIMESTAMP
Definition: pkcs11t.h:879
#define CKM_JUNIPER_KEY_GEN
Definition: pkcs11t.h:905
#define CKR_FUNCTION_FAILED
Definition: pkcs11t.h:1044
#define CKR_TEMPLATE_INCONSISTENT
Definition: pkcs11t.h:1109
#define CKA_SENSITIVE
Definition: pkcs11t.h:462
#define CKA_PUBLIC_EXPONENT
Definition: pkcs11t.h:476
struct CK_RSA_PKCS_PSS_PARAMS CK_RSA_PKCS_PSS_PARAMS
#define CKK_CDMF
Definition: pkcs11t.h:361
#define CKM_SHA384_RSA_PKCS
Definition: pkcs11t.h:622
#define CKM_SEED_CBC
Definition: pkcs11t.h:858
#define CKM_AES_OFB
Definition: pkcs11t.h:963
#define CKF_EC_COMPRESS
Definition: pkcs11t.h:1027
#define CKM_GOST28147_KEY_GEN
Definition: pkcs11t.h:951
#define CKP_PKCS5_PBKD2_HMAC_SHA1
Definition: pkcs11t.h:1719
#define CKM_ECDSA_SHA512
Definition: pkcs11t.h:896
#define CKM_AES_MAC
Definition: pkcs11t.h:916
CK_ULONG CK_KEY_TYPE
Definition: pkcs11t.h:336
#define CKM_AES_MAC_GENERAL
Definition: pkcs11t.h:917
#define CKD_SHA224_KDF
Definition: pkcs11t.h:1296
#define CKR_ARGUMENTS_BAD
Definition: pkcs11t.h:1046
#define CKA_OWNER
Definition: pkcs11t.h:448
#define CRYPTOKI_VERSION_MAJOR
Definition: pkcs11t.h:19
#define CKF_SECONDARY_AUTHENTICATION
Definition: pkcs11t.h:199
#define CKA_COPYABLE
Definition: pkcs11t.h:501
#define CKP_PKCS5_PBKD2_HMAC_SHA256
Definition: pkcs11t.h:1722
#define CKM_GENERIC_SECRET_KEY_GEN
Definition: pkcs11t.h:763
#define CKM_SHA256_HMAC_GENERAL
Definition: pkcs11t.h:709
#define CKM_BATON_SHUFFLE
Definition: pkcs11t.h:885
#define CKR_BUFFER_TOO_SMALL
Definition: pkcs11t.h:1137
#define CKR_USER_NOT_LOGGED_IN
Definition: pkcs11t.h:1117
#define CKA_PRIME
Definition: pkcs11t.h:484
#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN
Definition: pkcs11t.h:1121
#define CKM_DSA_PROBABLISTIC_PARAMETER_GEN
Definition: pkcs11t.h:960
#define CKR_FUNCTION_NOT_PARALLEL
Definition: pkcs11t.h:1066
#define CKK_SECURID
Definition: pkcs11t.h:365
CK_ULONG CK_RV
Definition: pkcs11t.h:1036
#define CKM_DES_ECB_ENCRYPT_DATA
Definition: pkcs11t.h:937
#define CKM_BATON_KEY_GEN
Definition: pkcs11t.h:880
#define CKM_TLS12_KEY_AND_MAC_DERIVE
Definition: pkcs11t.h:823
bool C_SetPIN(SessionHandle session, const std::vector< uint8_t, TAlloc > &old_pin, const std::vector< uint8_t, TAlloc > &new_pin, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1255
#define CKM_GOSTR3410_KEY_PAIR_GEN
Definition: pkcs11t.h:944
#define CKM_RIPEMD128_HMAC
Definition: pkcs11t.h:701
#define CKM_X9_42_DH_HYBRID_DERIVE
Definition: pkcs11t.h:618
#define CKM_JUNIPER_ECB128
Definition: pkcs11t.h:906
#define CKK_AES
Definition: pkcs11t.h:362
#define CKF_DUAL_CRYPTO_OPERATIONS
Definition: pkcs11t.h:185
#define CKM_PBE_SHA1_CAST128_CBC
Definition: pkcs11t.h:799
#define CKA_GOSTR3410_PARAMS
Definition: pkcs11t.h:535
struct CK_DATE CK_DATE
#define CKM_DES3_ECB
Definition: pkcs11t.h:665
#define CKM_GOSTR3411
Definition: pkcs11t.h:949
#define CKM_SECURID_KEY_GEN
Definition: pkcs11t.h:719
#define CKM_ARIA_MAC
Definition: pkcs11t.h:850
#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE
Definition: pkcs11t.h:816
#define CKM_MD5_HMAC
Definition: pkcs11t.h:692
#define CKM_CAST_CBC
Definition: pkcs11t.h:728
#define CKO_OTP_KEY
Definition: pkcs11t.h:318
#define CKN_OTP_CHANGED
Definition: pkcs11t.h:102
#define CKM_PBE_SHA1_CAST5_CBC
Definition: pkcs11t.h:798
#define CK_FALSE
Definition: pkcs11t.h:24
#define CKR_KEY_TYPE_INCONSISTENT
Definition: pkcs11t.h:1073
#define CKM_KIP_MAC
Definition: pkcs11t.h:835
#define CKO_PUBLIC_KEY
Definition: pkcs11t.h:312
#define CKR_SLOT_ID_INVALID
Definition: pkcs11t.h:1041
#define CKR_CANT_LOCK
Definition: pkcs11t.h:1049
#define CKM_SHA384_HMAC_GENERAL
Definition: pkcs11t.h:715
#define CKF_SO_PIN_LOCKED
Definition: pkcs11t.h:239
#define CKK_JUNIPER
Definition: pkcs11t.h:360
#define CKM_SHA512_KEY_DERIVATION
Definition: pkcs11t.h:789
#define CKK_SKIPJACK
Definition: pkcs11t.h:358
CK_ULONG CK_USER_TYPE
Definition: pkcs11t.h:262
#define CKR_KEY_NOT_NEEDED
Definition: pkcs11t.h:1075
#define CKM_IDEA_ECB
Definition: pkcs11t.h:758
#define CKR_ATTRIBUTE_VALUE_INVALID
Definition: pkcs11t.h:1054
#define CKM_ECDSA_KEY_PAIR_GEN
Definition: pkcs11t.h:888
#define CKM_TLS12_KEY_SAFE_DERIVE
Definition: pkcs11t.h:825
#define CKC_VENDOR_DEFINED
Definition: pkcs11t.h:410
#define CKM_RC5_CBC
Definition: pkcs11t.h:753
#define CKR_SIGNATURE_LEN_RANGE
Definition: pkcs11t.h:1107
#define CKM_ECDH1_DERIVE
Definition: pkcs11t.h:898
bool C_Decrypt(SessionHandle session, const std::vector< uint8_t, TAllocA > &encrypted_data, std::vector< uint8_t, TAllocB > &decrypted_data, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1937
#define CKA_NAME_HASH_ALGORITHM
Definition: pkcs11t.h:456
#define CKM_DES_ECB
Definition: pkcs11t.h:656
#define CKM_DES3_KEY_GEN
Definition: pkcs11t.h:664
#define CKM_CAST3_CBC
Definition: pkcs11t.h:734
#define CKF_USER_PIN_LOCKED
Definition: pkcs11t.h:216
#define CKR_KEY_SIZE_RANGE
Definition: pkcs11t.h:1072
#define CKM_AES_CTS
Definition: pkcs11t.h:922
#define CKK_ECDSA
Definition: pkcs11t.h:342
#define CKA_MECHANISM_TYPE
Definition: pkcs11t.h:553
#define CKM_AES_CFB8
Definition: pkcs11t.h:965
#define CKM_MD5
Definition: pkcs11t.h:690
#define CKM_CAMELLIA_ECB
Definition: pkcs11t.h:838
ReturnValue get_return_value() const
Definition: p11.h:2888
#define CKM_EC_KEY_PAIR_GEN
Definition: pkcs11t.h:889
#define CKM_RC5_KEY_GEN
Definition: pkcs11t.h:751
#define CKG_MGF1_SHA512
Definition: pkcs11t.h:1249
#define CKA_SUBPRIME_BITS
Definition: pkcs11t.h:489
#define CKA_DERIVE_TEMPLATE
Definition: pkcs11t.h:518
#define CKU_USER
Definition: pkcs11t.h:266
#define CKM_MD5_HMAC_GENERAL
Definition: pkcs11t.h:693
#define CKR_CRYPTOKI_ALREADY_INITIALIZED
Definition: pkcs11t.h:1143
HardwareType
Definition: p11.h:279
#define CKK_GOST28147
Definition: pkcs11t.h:383
#define CKF_USER_PIN_COUNT_LOW
Definition: pkcs11t.h:205
#define CKF_RW_SESSION
Definition: pkcs11t.h:289
#define CKM_GOST28147
Definition: pkcs11t.h:953
#define CKM_CONCATENATE_DATA_AND_BASE
Definition: pkcs11t.h:766
#define CKF_SO_PIN_TO_BE_CHANGED
Definition: pkcs11t.h:246
#define CKM_SKIPJACK_RELAYX
Definition: pkcs11t.h:875
#define CKM_WTLS_MASTER_KEY_DERIVE
Definition: pkcs11t.h:812
#define CKM_SHA512
Definition: pkcs11t.h:716
#define CKM_JUNIPER_CBC128
Definition: pkcs11t.h:907
#define CKM_CAMELLIA_CTR
Definition: pkcs11t.h:845
#define CKK_RIPEMD160_HMAC
Definition: pkcs11t.h:374
#define CKM_SHA512_256
Definition: pkcs11t.h:635
#define CKR_NEED_TO_CREATE_THREADS
Definition: pkcs11t.h:1048
#define CKA_PIXEL_Y
Definition: pkcs11t.h:544
Provides access to all PKCS#11 functions.
Definition: p11.h:901
const Bbool False
Definition: p11.h:856
#define CKM_GOSTR3410_DERIVE
Definition: pkcs11t.h:948
#define CKM_MD2_RSA_PKCS
Definition: pkcs11t.h:591
#define CKM_RSA_PKCS_PSS
Definition: pkcs11t.h:602
Definition: alg_id.cpp:13
CK_OBJECT_HANDLE ObjectHandle
Definition: p11.h:846
struct CK_SESSION_INFO CK_SESSION_INFO
#define CKA_TOKEN
Definition: pkcs11t.h:438
#define CKM_CMS_SIG
Definition: pkcs11t.h:832
#define CKR_CRYPTOKI_NOT_INITIALIZED
Definition: pkcs11t.h:1142
#define CKF_VERIFY
Definition: pkcs11t.h:1011
#define CKR_WRAPPING_KEY_HANDLE_INVALID
Definition: pkcs11t.h:1126
#define CKK_RSA
Definition: pkcs11t.h:339
#define CKM_MD2_HMAC_GENERAL
Definition: pkcs11t.h:688
#define CKM_SHA384_RSA_PKCS_PSS
Definition: pkcs11t.h:625
bool C_Sign(SessionHandle session, const std::vector< uint8_t, TAllocA > &data, std::vector< uint8_t, TAllocB > &signature, ReturnValue *return_value=ThrowException) const
Definition: p11.h:2175
#define CKR_TOKEN_NOT_PRESENT
Definition: pkcs11t.h:1110
#define CKF_SIGN_RECOVER
Definition: pkcs11t.h:1010
#define CKM_DES_CBC_ENCRYPT_DATA
Definition: pkcs11t.h:938
#define CKM_DES_KEY_GEN
Definition: pkcs11t.h:655
#define CKM_TLS_MASTER_KEY_DERIVE
Definition: pkcs11t.h:775
#define CKK_RC4
Definition: pkcs11t.h:348
#define CKR_UNWRAPPING_KEY_HANDLE_INVALID
Definition: pkcs11t.h:1113
#define CKM_WTLS_PRF
Definition: pkcs11t.h:814
CK_LOCKMUTEX LockMutex
Definition: p11.h:830
#define CKM_AES_ECB
Definition: pkcs11t.h:914
#define CKF_DECRYPT
Definition: pkcs11t.h:1007
#define CKO_DATA
Definition: pkcs11t.h:310
#define CKM_CAST3_MAC
Definition: pkcs11t.h:735
#define CKM_JUNIPER_SHUFFLE
Definition: pkcs11t.h:909
#define CKR_FUNCTION_REJECTED
Definition: pkcs11t.h:1156
#define CKA_GOSTR3411_PARAMS
Definition: pkcs11t.h:536
#define CKM_RIPEMD160_HMAC
Definition: pkcs11t.h:704
CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR
Definition: pkcs11t.h:1175
#define CKM_SKIPJACK_OFB64
Definition: pkcs11t.h:868
#define CKO_MECHANISM
Definition: pkcs11t.h:317
#define CKM_CAST_ECB
Definition: pkcs11t.h:727
#define CKA_APPLICATION
Definition: pkcs11t.h:441
#define CKA_OTP_USER_FRIENDLY_MODE
Definition: pkcs11t.h:523
#define CKA_SUPPORTED_CMS_ATTRIBUTES
Definition: pkcs11t.h:556
void initialize_token(Slot &slot, const std::string &label, const secure_string &so_pin, const secure_string &pin)
Definition: p11.cpp:46
#define CKO_HW_FEATURE
Definition: pkcs11t.h:315
#define CKF_SO_PIN_FINAL_TRY
Definition: pkcs11t.h:234
#define CKF_DONT_BLOCK
Definition: pkcs11t.h:1234
#define CKK_DES3
Definition: pkcs11t.h:351
bool C_Encrypt(SessionHandle session, const std::vector< uint8_t, TAllocA > &plaintext_data, std::vector< uint8_t, TAllocB > &encrypted_data, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1804
CK_BYTE CK_UTF8CHAR
Definition: pkcs11t.h:42
CK_ULONG CK_STATE
Definition: pkcs11t.h:271
#define CKP_PKCS5_PBKD2_HMAC_SHA224
Definition: pkcs11t.h:1721
#define CKM_SKIPJACK_CBC64
Definition: pkcs11t.h:867
#define CKK_TWOFISH
Definition: pkcs11t.h:364
CK_FLAGS Flags
Definition: p11.h:832
#define CKM_RC5_MAC
Definition: pkcs11t.h:754
bool C_InitToken(SlotId slot_id, const std::vector< uint8_t, TAlloc > &so_pin, const std::string &label, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1148
#define CKO_VENDOR_DEFINED
Definition: pkcs11t.h:320
#define CKM_CAST5_CBC_PAD
Definition: pkcs11t.h:749
#define CKR_TOKEN_NOT_RECOGNIZED
Definition: pkcs11t.h:1111
#define CKM_CAST5_MAC_GENERAL
Definition: pkcs11t.h:747
#define CKA_URL
Definition: pkcs11t.h:453
const Bbool True
Definition: p11.h:855
#define CKR_SESSION_PARALLEL_NOT_SUPPORTED
Definition: pkcs11t.h:1099
#define CKM_ECDH1_COFACTOR_DERIVE
Definition: pkcs11t.h:899
CK_ULONG CK_FLAGS
Definition: pkcs11t.h:54
#define CKA_NEVER_EXTRACTABLE
Definition: pkcs11t.h:496
#define CKK_SHA_1_HMAC
Definition: pkcs11t.h:372
#define CKF_DIGEST
Definition: pkcs11t.h:1008
#define CKM_CDMF_KEY_GEN
Definition: pkcs11t.h:673
#define CKK_CAST5
Definition: pkcs11t.h:354
#define CKA_CLASS
Definition: pkcs11t.h:437
#define CKM_CAMELLIA_CBC
Definition: pkcs11t.h:839
#define CKM_SHA224_HMAC_GENERAL
Definition: pkcs11t.h:712
#define CKD_SHA256_KDF
Definition: pkcs11t.h:1297
#define CKA_AC_ISSUER
Definition: pkcs11t.h:447
#define CKA_CHECK_VALUE
Definition: pkcs11t.h:457
CK_ULONG CK_CERTIFICATE_TYPE
Definition: pkcs11t.h:393
#define CKG_MGF1_SHA224
Definition: pkcs11t.h:1250
#define CKM_JUNIPER_WRAP
Definition: pkcs11t.h:910
#define CKM_SHA512_256_HMAC_GENERAL
Definition: pkcs11t.h:637
#define CKM_AES_KEY_WRAP_PAD
Definition: pkcs11t.h:970
#define CKM_TLS12_MASTER_KEY_DERIVE_DH
Definition: pkcs11t.h:824
#define CKM_CAST128_MAC
Definition: pkcs11t.h:746
CK_SLOT_ID SlotId
Definition: p11.h:835
#define CKA_VERIFY_RECOVER
Definition: pkcs11t.h:470
#define CKA_RESET_ON_INIT
Definition: pkcs11t.h:540
#define CKM_CAST_MAC
Definition: pkcs11t.h:729
#define CKM_DES3_MAC_GENERAL
Definition: pkcs11t.h:669
#define CKR_USER_TYPE_INVALID
Definition: pkcs11t.h:1119
#define CKA_BASE
Definition: pkcs11t.h:486
#define CKM_PKCS5_PBKD2
Definition: pkcs11t.h:807
#define CKA_OTP_TIME
Definition: pkcs11t.h:529
#define CKO_PRIVATE_KEY
Definition: pkcs11t.h:313
#define CKA_VERIFY
Definition: pkcs11t.h:469
#define CKM_X9_42_DH_PARAMETER_GEN
Definition: pkcs11t.h:959
#define CKF_ENCRYPT
Definition: pkcs11t.h:1006
#define CKH_VENDOR_DEFINED
Definition: pkcs11t.h:333
#define CKM_KIP_DERIVE
Definition: pkcs11t.h:833
#define CKM_AES_XCBC_MAC
Definition: pkcs11t.h:926
#define CKR_UNWRAPPING_KEY_SIZE_RANGE
Definition: pkcs11t.h:1114
#define CKR_SESSION_HANDLE_INVALID
Definition: pkcs11t.h:1098
#define CKM_RIPEMD160_HMAC_GENERAL
Definition: pkcs11t.h:705
#define CKA_BITS_PER_PIXEL
Definition: pkcs11t.h:549
#define CKF_RNG
Definition: pkcs11t.h:155
std::string to_string(const secure_vector< uint8_t > &bytes)
Definition: stl_util.h:25
#define CKA_SUBPRIME
Definition: pkcs11t.h:485
#define CKR_USER_ALREADY_LOGGED_IN
Definition: pkcs11t.h:1116
#define CKM_SKIPJACK_ECB64
Definition: pkcs11t.h:866
#define CKM_SSL3_KEY_AND_MAC_DERIVE
Definition: pkcs11t.h:771
MechanismType
Definition: p11.h:335
#define CKM_RC2_CBC_PAD
Definition: pkcs11t.h:651
#define CKM_ARIA_MAC_GENERAL
Definition: pkcs11t.h:851
#define CKA_COLOR
Definition: pkcs11t.h:548
#define CKM_EXTRACT_KEY_FROM_KEY
Definition: pkcs11t.h:768
#define CKR_PIN_LEN_RANGE
Definition: pkcs11t.h:1091
#define CKC_X_509_ATTR_CERT
Definition: pkcs11t.h:408
#define CKA_SIGN_RECOVER
Definition: pkcs11t.h:468
#define CKM_BATON_CBC128
Definition: pkcs11t.h:883
#define CKM_RSA_PKCS_OAEP_TPM_1_1
Definition: pkcs11t.h:973
#define CKA_DEFAULT_CMS_ATTRIBUTES
Definition: pkcs11t.h:555
#define CKO_DOMAIN_PARAMETERS
Definition: pkcs11t.h:316
#define CKR_KEY_UNEXTRACTABLE
Definition: pkcs11t.h:1081
#define CKN_SURRENDER
Definition: pkcs11t.h:101
#define CKM_CAST3_ECB
Definition: pkcs11t.h:733
#define CKM_IDEA_MAC
Definition: pkcs11t.h:760
#define CKM_KEA_KEY_PAIR_GEN
Definition: pkcs11t.h:876
#define CKM_GOST28147_KEY_WRAP
Definition: pkcs11t.h:955
#define CKM_TLS_MAC
Definition: pkcs11t.h:826
#define CKM_AES_CBC
Definition: pkcs11t.h:915
bool C_SetAttributeValue(SessionHandle session, ObjectHandle object, std::map< AttributeType, std::vector< uint8_t, TAlloc >> &attribute_values, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1664
#define CKR_SESSION_READ_ONLY_EXISTS
Definition: pkcs11t.h:1103
#define CKM_DES_OFB8
Definition: pkcs11t.h:681
struct CK_SLOT_INFO CK_SLOT_INFO
#define CKK_BLOWFISH
Definition: pkcs11t.h:363
#define CKR_WRAPPED_KEY_LEN_RANGE
Definition: pkcs11t.h:1125
KeyDerivation
Definition: p11.h:193
#define CKF_SERIAL_SESSION
Definition: pkcs11t.h:290
#define CKA_KEY_GEN_MECHANISM
Definition: pkcs11t.h:498
struct CK_ECDH1_DERIVE_PARAMS CK_ECDH1_DERIVE_PARAMS
void CK_PTR CK_VOID_PTR
Definition: pkcs11t.h:66
#define CKR_MECHANISM_INVALID
Definition: pkcs11t.h:1083
#define CKM_PBE_MD2_DES_CBC
Definition: pkcs11t.h:792
#define CKM_CDMF_ECB
Definition: pkcs11t.h:674
#define CKM_SHA512_T
Definition: pkcs11t.h:640
#define CKR_KEY_FUNCTION_NOT_PERMITTED
Definition: pkcs11t.h:1079
#define CKM_DSA_KEY_PAIR_GEN
Definition: pkcs11t.h:605
#define CKK_SHA384_HMAC
Definition: pkcs11t.h:376
#define CKF_USER_PIN_TO_BE_CHANGED
Definition: pkcs11t.h:223
bool C_SignUpdate(SessionHandle session, const std::vector< uint8_t, TAlloc > &part, ReturnValue *return_value=ThrowException) const
Definition: p11.h:2235
#define CKR_VENDOR_DEFINED
Definition: pkcs11t.h:1158
#define CKA_DECRYPT
Definition: pkcs11t.h:464
#define CKA_OTP_TIME_INTERVAL
Definition: pkcs11t.h:522
#define CKM_ARIA_CBC_ENCRYPT_DATA
Definition: pkcs11t.h:854
#define CKP_PKCS5_PBKD2_HMAC_SHA512_256
Definition: pkcs11t.h:1726
#define CKM_DES3_MAC
Definition: pkcs11t.h:667
#define CKK_DES
Definition: pkcs11t.h:349
#define CKR_SESSION_READ_ONLY
Definition: pkcs11t.h:1100
#define CKK_CAST3
Definition: pkcs11t.h:353
#define CKF_EXCLUDE_TIME
Definition: pkcs11t.h:1810
#define CKM_DSA_SHA1
Definition: pkcs11t.h:607
#define CKM_GOST28147_MAC
Definition: pkcs11t.h:954
secure_vector< uint8_t > secure_string
Definition: p11.h:61
#define CKR_MECHANISM_PARAM_INVALID
Definition: pkcs11t.h:1084
#define CKM_WTLS_PRE_MASTER_KEY_GEN
Definition: pkcs11t.h:811
#define CKF_TOKEN_INITIALIZED
Definition: pkcs11t.h:193
#define CKK_SHA512_HMAC
Definition: pkcs11t.h:377
#define CKM_GOSTR3411_HMAC
Definition: pkcs11t.h:950
#define CKM_DES3_ECB_ENCRYPT_DATA
Definition: pkcs11t.h:939
CK_ULONG CK_RSA_PKCS_MGF_TYPE
Definition: pkcs11t.h:1241
#define CKM_ECDH_AES_KEY_WRAP
Definition: pkcs11t.h:902
#define CKM_PBE_SHA1_RC4_128
Definition: pkcs11t.h:800
#define CKA_EXPONENT_2
Definition: pkcs11t.h:481
#define CKP_PKCS5_PBKD2_HMAC_SHA384
Definition: pkcs11t.h:1723
PKCS11_ReturnError(ReturnValue return_val)
Definition: p11.h:2883
#define CKM_SHA224_KEY_DERIVATION
Definition: pkcs11t.h:790
#define CKM_CAST3_MAC_GENERAL
Definition: pkcs11t.h:736
#define CKA_VALUE_BITS
Definition: pkcs11t.h:492
#define CKK_DH
Definition: pkcs11t.h:341
#define CKR_KEY_HANDLE_INVALID
Definition: pkcs11t.h:1070
#define CKM_GOSTR3410_KEY_WRAP
Definition: pkcs11t.h:947
#define CKM_AES_GMAC
Definition: pkcs11t.h:928
#define CKA_DESTROYABLE
Definition: pkcs11t.h:503
struct CK_MECHANISM_INFO CK_MECHANISM_INFO
#define CKM_RIPEMD160
Definition: pkcs11t.h:703
#define CKR_NEW_PIN_MODE
Definition: pkcs11t.h:1147
#define CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN
Definition: pkcs11t.h:961
#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY
Definition: pkcs11t.h:454
#define CKM_CAST_CBC_PAD
Definition: pkcs11t.h:731
#define CKS_RW_PUBLIC_SESSION
Definition: pkcs11t.h:274
#define CKR_KEY_CHANGED
Definition: pkcs11t.h:1076
#define CKM_SHA512_256_HMAC
Definition: pkcs11t.h:636
CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE
Definition: pkcs11t.h:1714
#define CKM_PBE_MD5_CAST3_CBC
Definition: pkcs11t.h:795
#define CKM_SHA512_256_KEY_DERIVATION
Definition: pkcs11t.h:638
#define CKR_DOMAIN_PARAMS_INVALID
Definition: pkcs11t.h:1133
#define CKA_PRIME_2
Definition: pkcs11t.h:479
#define CKM_SKIPJACK_PRIVATE_WRAP
Definition: pkcs11t.h:874
#define CKA_MODIFIABLE
Definition: pkcs11t.h:500
#define CKM_RC4_KEY_GEN
Definition: pkcs11t.h:653
#define CKM_ACTI
Definition: pkcs11t.h:723