12#include <botan/secmem.h>
13#include <botan/exceptn.h>
22#define CK_DECLARE_FUNCTION(returnType, name) \
23 returnType __declspec(dllimport) name
25#define CK_DECLARE_FUNCTION(returnType, name) \
30#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
31 returnType __declspec(dllimport) (* name)
33#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
37#define CK_CALLBACK_FUNCTION(returnType, name) \
41 #define NULL_PTR nullptr
45 #pragma pack(push, cryptoki, 1)
51 #pragma pack(pop, cryptoki)
55 "The Botan PKCS#11 module was implemented against PKCS#11 v2.40. Please use the correct PKCS#11 headers.");
59class Dynamically_Loaded_Library;
922 bool C_Initialize(
VoidPtr init_args,
935 bool C_Finalize(
VoidPtr reserved,
948 bool C_GetInfo(
Info* info_ptr,
981 bool C_GetSlotList(
Bbool token_present,
998 bool C_GetSlotList(
bool token_present,
999 std::vector<SlotId>& slot_ids,
1014 bool C_GetSlotInfo(
SlotId slot_id,
1031 bool C_GetTokenInfo(
SlotId slot_id,
1068 bool C_GetMechanismList(
SlotId slot_id,
1087 bool C_GetMechanismList(
SlotId slot_id,
1088 std::vector<MechanismType>& mechanisms,
1106 bool C_GetMechanismInfo(
SlotId slot_id,
1128 bool C_InitToken(
SlotId slot_id,
1150 template<
typename TAlloc>
1152 const std::vector<uint8_t, TAlloc>& so_pin,
1153 std::string_view label,
1156 std::string padded_label(label);
1157 if(label.size() < 32)
1159 padded_label.insert(padded_label.end(), 32 - label.size(),
' ');
1162 return C_InitToken(slot_id,
1163 reinterpret_cast< Utf8Char*
>(
const_cast< uint8_t*
>(so_pin.data())),
1164 static_cast<Ulong>(so_pin.size()),
1165 reinterpret_cast< Utf8Char*
>(
const_cast< char*
>(padded_label.c_str())),
1205 template<
typename TAlloc>
1207 const std::vector<uint8_t, TAlloc>& pin,
1210 return C_InitPIN(session,
1211 reinterpret_cast< Utf8Char*
>(
const_cast< uint8_t*
>(pin.data())),
1212 static_cast<Ulong>(pin.size()),
1257 template<
typename TAlloc>
1259 const std::vector<uint8_t, TAlloc>& old_pin,
1260 const std::vector<uint8_t, TAlloc>& new_pin,
1263 return C_SetPIN(session,
1264 reinterpret_cast< Utf8Char*
>(
const_cast< uint8_t*
>(old_pin.data())),
1265 static_cast<Ulong>(old_pin.size()),
1266 reinterpret_cast< Utf8Char*
>(
const_cast< uint8_t*
>(new_pin.data())),
1267 static_cast<Ulong>(new_pin.size()),
1292 bool C_OpenSession(
SlotId slot_id,
1326 bool C_CloseAllSessions(
SlotId slot_id,
1362 Byte* operation_state_ptr,
1363 Ulong* operation_state_len_ptr,
1384 Byte* operation_state_ptr,
1385 Ulong operation_state_len,
1431 template<
typename TAlloc>
1434 const std::vector<uint8_t, TAlloc>& pin,
1437 return C_Login(session, user_type,
1438 reinterpret_cast< Utf8Char*
>(
const_cast< uint8_t*
>(pin.data())),
1439 static_cast<Ulong>(pin.size()),
1586 template<
typename TAlloc>
1589 std::map<
AttributeType, std::vector<uint8_t, TAlloc>>& attribute_values,
1592 std::vector<Attribute> getter_template;
1594 for(
const auto& entry : attribute_values)
1599 bool success = C_GetAttributeValue(session,
1601 const_cast< Attribute*
>(getter_template.data()),
1602 static_cast<Ulong>(getter_template.size()),
1611 for(
auto& entry : attribute_values)
1613 entry.second.clear();
1614 entry.second.resize(getter_template.at(i).ulValueLen);
1615 getter_template.at(i).pValue =
const_cast< uint8_t*
>(entry.second.data());
1619 return C_GetAttributeValue(session,
object,
1620 const_cast< Attribute*
>(getter_template.data()),
1621 static_cast<Ulong>(getter_template.size()),
1666 template<
typename TAlloc>
1669 std::map<
AttributeType, std::vector<uint8_t, TAlloc>>& attribute_values,
1672 std::vector<Attribute> setter_template;
1674 for(
auto& entry : attribute_values)
1679 return C_SetAttributeValue(session,
object,
1680 const_cast< Attribute*
>(setter_template.data()),
1681 static_cast<Ulong>(setter_template.size()),
1722 Ulong max_object_count,
1723 Ulong* object_count_ptr,
1786 Byte* encrypted_data,
1787 Ulong* encrypted_data_len_ptr,
1806 template<
typename TAllocA,
typename TAllocB>
1808 const std::vector<uint8_t, TAllocA>& plaintext_data,
1809 std::vector<uint8_t, TAllocB>& encrypted_data,
1812 Ulong encrypted_size = 0;
1813 if(!C_Encrypt(session,
1814 const_cast<Byte*
>((plaintext_data.data())),
1815 static_cast<Ulong>(plaintext_data.size()),
1816 nullptr, &encrypted_size,
1822 encrypted_data.resize(encrypted_size);
1823 if (!C_Encrypt(session,
1824 const_cast<Byte*
>(plaintext_data.data()),
1825 static_cast<Ulong>(plaintext_data.size()),
1826 encrypted_data.data(),
1827 &encrypted_size, return_value))
1831 encrypted_data.resize(encrypted_size);
1855 Byte* encrypted_part_ptr,
1856 Ulong* encrypted_part_len_ptr,
1875 Byte* last_encrypted_part_ptr,
1876 Ulong* last_encrypted_part_len_ptr,
1922 Byte* encrypted_data_ptr,
1923 Ulong encrypted_data_len,
1925 Ulong* data_len_ptr,
1944 template<
typename TAllocA,
typename TAllocB>
1946 const std::vector<uint8_t, TAllocA>& encrypted_data,
1947 std::vector<uint8_t, TAllocB>& decrypted_data,
1950 Ulong decrypted_size = 0;
1951 if(!C_Decrypt(session,
1952 const_cast<Byte*
>((encrypted_data.data())),
1953 static_cast<Ulong>(encrypted_data.size()),
1954 nullptr, &decrypted_size,
1960 decrypted_data.resize(decrypted_size);
1961 if(!C_Decrypt(session,
1962 const_cast<Byte*
>(encrypted_data.data()),
1963 static_cast<Ulong>(encrypted_data.size()),
1964 decrypted_data.data(),
1965 &decrypted_size, return_value))
1969 decrypted_data.resize(decrypted_size);
1992 Byte* encrypted_part_ptr,
1993 Ulong encrypted_part_len,
1995 Ulong* part_len_ptr,
2015 Byte* last_part_ptr,
2016 Ulong* last_part_len_ptr,
2061 Ulong* digest_len_ptr,
2119 Ulong* digest_len_ptr,
2165 const Byte* data_ptr,
2167 Byte* signature_ptr,
2168 Ulong* signature_len_ptr,
2187 template<
typename TAllocA,
typename TAllocB>
2189 const std::vector<uint8_t, TAllocA>& data,
2190 std::vector<uint8_t, TAllocB>& signature,
2193 Ulong signature_size = 0;
2196 static_cast<Ulong>(data.size()),
2204 signature.resize(signature_size);
2205 if (!C_Sign(session,
2207 static_cast<Ulong>(data.size()),
2214 signature.resize(signature_size);
2234 const Byte* part_ptr,
2252 template<
typename TAlloc>
2254 const std::vector<uint8_t, TAlloc>& part,
2257 return C_SignUpdate(session,
2259 static_cast<Ulong>(part.size()),
2280 Byte* signature_ptr,
2281 Ulong* signature_len_ptr,
2299 template<
typename TAlloc>
2301 std::vector<uint8_t, TAlloc>& signature,
2304 Ulong signature_size = 0;
2305 if(!C_SignFinal(session,
nullptr, &signature_size, return_value))
2310 signature.resize(signature_size);
2311 if (!C_SignFinal(session, signature.data(), &signature_size, return_value))
2315 signature.resize(signature_size);
2362 Byte* signature_ptr,
2363 Ulong* signature_len_ptr,
2409 const Byte* data_ptr,
2411 const Byte* signature_ptr,
2412 Ulong signature_len,
2431 template<
typename TAllocA,
typename TAllocB>
2433 const std::vector<uint8_t, TAllocA>& data,
2434 std::vector<uint8_t, TAllocB>& signature,
2437 return C_Verify(session,
2439 static_cast<Ulong>(data.size()),
2441 static_cast<Ulong>(signature.size()),
2461 const Byte* part_ptr,
2479 template<
typename TAlloc>
2481 std::vector<uint8_t, TAlloc> part,
2484 return C_VerifyUpdate(session, part.data(),
static_cast<Ulong>(part.size()), return_value);
2504 const Byte* signature_ptr,
2505 Ulong signature_len,
2549 Byte* signature_ptr,
2550 Ulong signature_len,
2552 Ulong* data_len_ptr,
2577 Byte* encrypted_part_ptr,
2578 Ulong* encrypted_part_len_ptr,
2600 Byte* encrypted_part_ptr,
2601 Ulong encrypted_part_len,
2603 Ulong* part_len_ptr,
2627 Byte* encrypted_part_ptr,
2628 Ulong* encrypted_part_len_ptr,
2650 Byte* encrypted_part_ptr,
2651 Ulong encrypted_part_len,
2653 Ulong* part_len_ptr,
2713 Ulong public_key_attribute_count,
2715 Ulong private_key_attribute_count,
2746 Byte* wrapped_key_ptr,
2747 Ulong* wrapped_key_len_ptr,
2779 Byte* wrapped_key_ptr,
2780 Ulong wrapped_key_len,
2782 Ulong attribute_count,
2813 Ulong attribute_count,
2836 const Byte* seed_ptr,
2856 Byte* random_data_ptr,
2906 static bool handle_return_value(
const CK_RV function_result,
ReturnValue* return_value);
2927 m_return_val(return_val)
2932 return m_return_val;
2937 return static_cast<int>(m_return_val);
Provides access to all PKCS#11 functions.
bool C_InitPIN(SessionHandle session, const std::vector< uint8_t, TAlloc > &pin, ReturnValue *return_value=ThrowException) const
bool C_SetAttributeValue(SessionHandle session, ObjectHandle object, std::map< AttributeType, std::vector< uint8_t, TAlloc > > &attribute_values, ReturnValue *return_value=ThrowException) const
bool C_Sign(SessionHandle session, const std::vector< uint8_t, TAllocA > &data, std::vector< uint8_t, TAllocB > &signature, ReturnValue *return_value=ThrowException) const
bool C_SetPIN(SessionHandle session, const std::vector< uint8_t, TAlloc > &old_pin, const std::vector< uint8_t, TAlloc > &new_pin, ReturnValue *return_value=ThrowException) const
bool C_SignUpdate(SessionHandle session, const std::vector< uint8_t, TAlloc > &part, ReturnValue *return_value=ThrowException) const
bool C_InitToken(SlotId slot_id, const std::vector< uint8_t, TAlloc > &so_pin, std::string_view label, ReturnValue *return_value=ThrowException) const
bool C_Login(SessionHandle session, UserType user_type, const std::vector< uint8_t, TAlloc > &pin, ReturnValue *return_value=ThrowException) const
bool C_Encrypt(SessionHandle session, const std::vector< uint8_t, TAllocA > &plaintext_data, std::vector< uint8_t, TAllocB > &encrypted_data, ReturnValue *return_value=ThrowException) const
bool C_Verify(SessionHandle session, const std::vector< uint8_t, TAllocA > &data, std::vector< uint8_t, TAllocB > &signature, ReturnValue *return_value=ThrowException) const
bool C_Decrypt(SessionHandle session, const std::vector< uint8_t, TAllocA > &encrypted_data, std::vector< uint8_t, TAllocB > &decrypted_data, ReturnValue *return_value=ThrowException) const
bool C_VerifyUpdate(SessionHandle session, std::vector< uint8_t, TAlloc > part, ReturnValue *return_value=ThrowException) const
bool C_SignFinal(SessionHandle session, std::vector< uint8_t, TAlloc > &signature, ReturnValue *return_value=ThrowException) const
FunctionListPtr get_functions() const
bool C_GetAttributeValue(SessionHandle session, ObjectHandle object, std::map< AttributeType, std::vector< uint8_t, TAlloc > > &attribute_values, ReturnValue *return_value=ThrowException) const
ErrorType error_type() const noexcept override
PKCS11_Error(std::string_view what)
int error_code() const noexcept override
ReturnValue get_return_value() const
PKCS11_ReturnError(ReturnValue return_val)
int(* final)(unsigned char *, CTX *)
#define BOTAN_PUBLIC_API(maj, min)
@ Pkcs5Pbkd2HmacSha512256
@ Pkcs5Pbkd2HmacGostr3411
@ Pkcs5Pbkd2HmacSha512224
ReturnValue * ThrowException
@ OtpChallengeRequirement
void change_pin(Slot &slot, const secure_string &old_pin, const secure_string &new_pin)
void change_so_pin(Slot &slot, const secure_string &old_so_pin, const secure_string &new_so_pin)
@ DsaShaweTaylorParameterGen
@ WtlsServerKeyAndMacDerive
@ WtlsClientKeyAndMacDerive
@ DsaProbablisticParameterGen
@ WtlsMasterKeyDeriveDhEcc
CK_FUNCTION_LIST_PTR FunctionListPtr
@ LibraryCantCreateOsThreads
@ ProtectedAuthenticationPath
@ SecondaryAuthentication
secure_vector< uint8_t > secure_string
CK_UNLOCKMUTEX UnlockMutex
CK_DESTROYMUTEX DestroyMutex
Flag operator|(Flag a, Flag b)
CK_SESSION_HANDLE SessionHandle
void set_pin(Slot &slot, const secure_string &so_pin, const secure_string &pin)
CK_OBJECT_HANDLE ObjectHandle
CK_CREATEMUTEX CreateMutex
@ SessionReadWriteSoExists
@ SessionParallelNotSupported
@ UnwrappingKeyHandleInvalid
@ UserAnotherAlreadyLoggedIn
@ UnwrappingKeyTypeInconsistent
@ KeyFunctionNotPermitted
@ CryptokiAlreadyInitialized
@ WrappingKeyTypeInconsistent
@ OperationNotInitialized
@ WrappingKeyHandleInvalid
void initialize_token(Slot &slot, std::string_view label, const secure_string &so_pin, const secure_string &pin)
std::vector< T, secure_allocator< T > > secure_vector
#define CKA_NEVER_EXTRACTABLE
#define CKM_TLS_MASTER_KEY_DERIVE
#define CKM_DSA_PARAMETER_GEN
#define CKR_SESSION_COUNT
#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE
#define CKM_CONCATENATE_BASE_AND_DATA
#define CKR_DEVICE_MEMORY
#define CKA_JAVA_MIDP_SECURITY_DOMAIN
#define CKM_SSL3_SHA1_MAC
#define CKA_OTP_TIME_INTERVAL
#define CKA_SECONDARY_AUTH
#define CKR_GENERAL_ERROR
#define CKR_MECHANISM_INVALID
#define CKR_SLOT_ID_INVALID
#define CKC_VENDOR_DEFINED
#define CKM_SSL3_MASTER_KEY_DERIVE
#define CKR_ATTRIBUTE_TYPE_INVALID
#define CKA_OTP_SERVICE_IDENTIFIER
#define CKM_GOSTR3411_HMAC
#define CKM_WTLS_PRE_MASTER_KEY_GEN
#define CKA_AUTH_PIN_FLAGS
#define CKM_SHA256_KEY_DERIVATION
#define CKA_SERIAL_NUMBER
#define CKM_CAST5_MAC_GENERAL
#define CKF_LOGIN_REQUIRED
#define CKF_EC_UNCOMPRESS
#define CKA_SUB_PRIME_BITS
#define CKF_LIBRARY_CANT_CREATE_OS_THREADS
#define CKM_SEED_MAC_GENERAL
#define CKF_PROTECTED_AUTHENTICATION_PATH
#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY
#define CKR_FUNCTION_CANCELED
#define CKM_DSA_PROBABLISTIC_PARAMETER_GEN
#define CKM_TWOFISH_CBC_PAD
#define CKM_SKIPJACK_CFB8
#define CKM_RSA_X9_31_KEY_PAIR_GEN
#define CKR_KEY_UNEXTRACTABLE
#define CKR_UNWRAPPING_KEY_HANDLE_INVALID
#define CKM_CONCATENATE_BASE_AND_KEY
#define CKR_NEED_TO_CREATE_THREADS
#define CKM_SEED_ECB_ENCRYPT_DATA
#define CKR_WRAPPING_KEY_SIZE_RANGE
#define CKM_FORTEZZA_TIMESTAMP
#define CKS_RW_PUBLIC_SESSION
#define CKR_MECHANISM_PARAM_INVALID
#define CKA_SUPPORTED_CMS_ATTRIBUTES
#define CKF_TOKEN_INITIALIZED
#define CKR_TOKEN_NOT_RECOGNIZED
#define CKM_SHA512_HMAC_GENERAL
#define CKM_SKIPJACK_CFB64
#define CKM_DES_CBC_ENCRYPT_DATA
#define CKD_SHA1_KDF_ASN1
#define CKR_ATTRIBUTE_SENSITIVE
#define CKM_ECDH1_COFACTOR_DERIVE
#define CKR_RANDOM_NO_RNG
#define CKM_ARIA_CBC_ENCRYPT_DATA
#define CKM_CAMELLIA_KEY_GEN
#define CKR_PIN_LEN_RANGE
#define CKF_USER_PIN_FINAL_TRY
#define CKM_BATON_KEY_GEN
#define CKA_PRIVATE_EXPONENT
#define CKR_RANDOM_SEED_NOT_SUPPORTED
#define CKR_SESSION_PARALLEL_NOT_SUPPORTED
#define CKM_VENDOR_DEFINED
#define CKR_ATTRIBUTE_READ_ONLY
#define CKR_KEY_FUNCTION_NOT_PERMITTED
#define CKA_HW_FEATURE_TYPE
#define CKM_TWOFISH_KEY_GEN
#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT
#define CKA_VERIFY_RECOVER
#define CKM_SHA512_224_HMAC_GENERAL
#define CKM_SKIPJACK_RELAYX
#define CKM_SHA512_224_HMAC
#define CKR_SESSION_EXISTS
#define CKM_MD5_HMAC_GENERAL
#define CKR_FUNCTION_REJECTED
#define CKM_SHA_1_HMAC_GENERAL
#define CKM_TLS10_MAC_CLIENT
unsigned long int CK_ULONG
#define CKM_JUNIPER_ECB128
#define CKA_PUBLIC_EXPONENT
#define CKM_SKIPJACK_CBC64
#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE
#define CKM_PBE_SHA1_DES2_EDE_CBC
#define CKM_X9_42_DH_KEY_PAIR_GEN
#define CRYPTOKI_VERSION_MINOR
#define CKM_RSA_PKCS_KEY_PAIR_GEN
#define CKR_SESSION_READ_ONLY
#define CKA_OTP_TIME_REQUIREMENT
#define CKM_PBE_MD5_CAST5_CBC
#define CKM_KEA_KEY_DERIVE
#define CKC_X_509_ATTR_CERT
#define CKM_JUNIPER_KEY_GEN
#define CKR_ENCRYPTED_DATA_LEN_RANGE
#define CKM_SHA512_KEY_DERIVATION
#define CKA_BITS_PER_PIXEL
#define CKR_SIGNATURE_INVALID
#define CKM_AES_MAC_GENERAL
#define CKM_CAST128_CBC_PAD
#define CKA_OTP_USER_IDENTIFIER
#define CKR_SESSION_HANDLE_INVALID
#define CK_CERTIFICATE_CATEGORY_OTHER_ENTITY
#define CKF_USER_PIN_INITIALIZED
#define CKA_PUBLIC_KEY_INFO
#define CKA_OTP_USER_FRIENDLY_MODE
#define CKM_SHA384_HMAC_GENERAL
#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN
#define CKM_SECURID_KEY_GEN
#define CKM_IDEA_MAC_GENERAL
#define CKS_RO_USER_FUNCTIONS
#define CKM_TLS_KEY_AND_MAC_DERIVE
#define CKM_GOST28147_ECB
#define CKR_ARGUMENTS_BAD
#define CKM_SHA512_224_KEY_DERIVATION
#define CKM_SHA512_T_HMAC_GENERAL
#define CKM_TLS_MASTER_KEY_DERIVE_DH
#define CKM_CAST3_MAC_GENERAL
#define CKM_CAST5_CBC_PAD
#define CKM_PBE_SHA1_RC2_128_CBC
#define CKA_NAME_HASH_ALGORITHM
#define CKM_SSL3_PRE_MASTER_KEY_GEN
#define CKM_SSL3_MASTER_KEY_DERIVE_DH
#define CKR_LIBRARY_LOAD_FAILED
#define CKM_RIPEMD128_HMAC_GENERAL
#define CKM_PBA_SHA1_WITH_SHA1_HMAC
#define CKA_OTP_SERVICE_LOGO_TYPE
CK_ULONG CK_SESSION_HANDLE
#define CKA_OTP_CHALLENGE_REQUIREMENT
#define CKR_TOKEN_NOT_PRESENT
#define CKM_SHA512_T_KEY_DERIVATION
#define CKR_CRYPTOKI_NOT_INITIALIZED
#define CKM_DH_PKCS_DERIVE
#define CKM_CAMELLIA_MAC_GENERAL
#define CKM_MD2_HMAC_GENERAL
#define CKM_SEED_CBC_ENCRYPT_DATA
#define CKM_DES3_CMAC_GENERAL
#define CKR_PIN_INCORRECT
#define CKM_CAST128_MAC_GENERAL
#define CK_CERTIFICATE_CATEGORY_TOKEN_USER
#define CKM_PBE_SHA1_RC4_40
#define CKM_PBE_SHA1_CAST5_CBC
#define CKM_TLS10_MAC_SERVER
#define CKM_X9_42_DH_DERIVE
#define CKF_GENERATE_KEY_PAIR
#define CKM_SKIPJACK_PRIVATE_WRAP
#define CKM_KEY_WRAP_LYNKS
#define CKM_SHA512_RSA_PKCS_PSS
#define CKM_CAST5_KEY_GEN
#define CKF_REMOVABLE_DEVICE
#define CKP_PKCS5_PBKD2_HMAC_SHA512_256
#define CKM_RSA_PKCS_OAEP
#define CKR_WRAPPED_KEY_INVALID
#define CKF_SECONDARY_AUTHENTICATION
#define CKM_PBE_SHA1_RC4_128
#define CKM_RSA_PKCS_OAEP_TPM_1_1
#define CKM_SHA512_RSA_PKCS
#define CKM_DES3_MAC_GENERAL