12#include <botan/exceptn.h>
13#include <botan/secmem.h>
22 #define CK_DECLARE_FUNCTION(returnType, name) returnType __declspec(dllimport) name
24 #define CK_DECLARE_FUNCTION(returnType, name) returnType name
28 #define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType __declspec(dllimport)(*name)
30 #define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType(*name)
33#define CK_CALLBACK_FUNCTION(returnType, name) returnType(*name)
36 #define NULL_PTR nullptr
40 #pragma pack(push, cryptoki, 1)
46 #pragma pack(pop, cryptoki)
51 "The Botan PKCS#11 module was implemented against PKCS#11 v2.40. Please use the correct PKCS#11 headers.");
55class Dynamically_Loaded_Library;
952 bool C_GetSlotList(
Bbool token_present,
969 bool C_GetSlotList(
bool token_present,
970 std::vector<SlotId>& slot_ids,
1035 bool C_GetMechanismList(
SlotId slot_id,
1054 bool C_GetMechanismList(
SlotId slot_id,
1055 std::vector<MechanismType>& mechanisms,
1073 bool C_GetMechanismInfo(
SlotId slot_id,
1095 bool C_InitToken(
SlotId slot_id,
1117 template <
typename TAlloc>
1119 const std::vector<uint8_t, TAlloc>& so_pin,
1120 std::string_view label,
1122 std::string padded_label(label);
1123 if(label.size() < 32) {
1124 padded_label.insert(padded_label.end(), 32 - label.size(),
' ');
1127 return C_InitToken(slot_id,
1128 reinterpret_cast<Utf8Char*
>(
const_cast<uint8_t*
>(so_pin.data())),
1129 static_cast<Ulong>(so_pin.size()),
1130 reinterpret_cast<Utf8Char*
>(
const_cast<char*
>(padded_label.c_str())),
1170 template <
typename TAlloc>
1172 const std::vector<uint8_t, TAlloc>& pin,
1174 return C_InitPIN(session,
1175 reinterpret_cast<Utf8Char*
>(
const_cast<uint8_t*
>(pin.data())),
1176 static_cast<Ulong>(pin.size()),
1221 template <
typename TAlloc>
1223 const std::vector<uint8_t, TAlloc>& old_pin,
1224 const std::vector<uint8_t, TAlloc>& new_pin,
1226 return C_SetPIN(session,
1227 reinterpret_cast<Utf8Char*
>(
const_cast<uint8_t*
>(old_pin.data())),
1228 static_cast<Ulong>(old_pin.size()),
1229 reinterpret_cast<Utf8Char*
>(
const_cast<uint8_t*
>(new_pin.data())),
1230 static_cast<Ulong>(new_pin.size()),
1254 bool C_OpenSession(
SlotId slot_id,
1322 Byte* operation_state_ptr,
1323 Ulong* operation_state_len_ptr,
1344 Byte* operation_state_ptr,
1345 Ulong operation_state_len,
1391 template <
typename TAlloc>
1394 const std::vector<uint8_t, TAlloc>& pin,
1396 return C_Login(session,
1398 reinterpret_cast<Utf8Char*
>(
const_cast<uint8_t*
>(pin.data())),
1399 static_cast<Ulong>(pin.size()),
1545 template <
typename TAlloc>
1548 std::map<
AttributeType, std::vector<uint8_t, TAlloc>>& attribute_values,
1550 std::vector<Attribute> getter_template;
1552 for(
const auto& entry : attribute_values) {
1556 bool success = C_GetAttributeValue(session,
1558 const_cast<Attribute*
>(getter_template.data()),
1559 static_cast<Ulong>(getter_template.size()),
1567 for(
auto& entry : attribute_values) {
1568 entry.second.clear();
1569 entry.second.resize(getter_template.at(i).ulValueLen);
1570 getter_template.at(i).pValue =
const_cast<uint8_t*
>(entry.second.data());
1574 return C_GetAttributeValue(session,
1576 const_cast<Attribute*
>(getter_template.data()),
1577 static_cast<Ulong>(getter_template.size()),
1622 template <
typename TAlloc>
1625 std::map<
AttributeType, std::vector<uint8_t, TAlloc>>& attribute_values,
1627 std::vector<Attribute> setter_template;
1629 for(
auto& entry : attribute_values) {
1631 entry.second.data(),
1632 static_cast<CK_ULONG>(entry.second.size())});
1635 return C_SetAttributeValue(session,
1637 const_cast<Attribute*
>(setter_template.data()),
1638 static_cast<Ulong>(setter_template.size()),
1679 Ulong max_object_count,
1680 Ulong* object_count_ptr,
1742 Byte* encrypted_data,
1743 Ulong* encrypted_data_len_ptr,
1762 template <
typename TAllocA,
typename TAllocB>
1764 const std::vector<uint8_t, TAllocA>& plaintext_data,
1765 std::vector<uint8_t, TAllocB>& encrypted_data,
1767 Ulong encrypted_size = 0;
1768 if(!C_Encrypt(session,
1769 const_cast<Byte*
>((plaintext_data.data())),
1770 static_cast<Ulong>(plaintext_data.size()),
1777 encrypted_data.resize(encrypted_size);
1778 if(!C_Encrypt(session,
1779 const_cast<Byte*
>(plaintext_data.data()),
1780 static_cast<Ulong>(plaintext_data.size()),
1781 encrypted_data.data(),
1786 encrypted_data.resize(encrypted_size);
1810 Byte* encrypted_part_ptr,
1811 Ulong* encrypted_part_len_ptr,
1830 Byte* last_encrypted_part_ptr,
1831 Ulong* last_encrypted_part_len_ptr,
1877 Byte* encrypted_data_ptr,
1878 Ulong encrypted_data_len,
1880 Ulong* data_len_ptr,
1899 template <
typename TAllocA,
typename TAllocB>
1901 const std::vector<uint8_t, TAllocA>& encrypted_data,
1902 std::vector<uint8_t, TAllocB>& decrypted_data,
1904 Ulong decrypted_size = 0;
1905 if(!C_Decrypt(session,
1906 const_cast<Byte*
>((encrypted_data.data())),
1907 static_cast<Ulong>(encrypted_data.size()),
1914 decrypted_data.resize(decrypted_size);
1915 if(!C_Decrypt(session,
1916 const_cast<Byte*
>(encrypted_data.data()),
1917 static_cast<Ulong>(encrypted_data.size()),
1918 decrypted_data.data(),
1923 decrypted_data.resize(decrypted_size);
1946 Byte* encrypted_part_ptr,
1947 Ulong encrypted_part_len,
1949 Ulong* part_len_ptr,
1969 Byte* last_part_ptr,
1970 Ulong* last_part_len_ptr,
2015 Ulong* digest_len_ptr,
2071 Ulong* digest_len_ptr,
2117 const Byte* data_ptr,
2119 Byte* signature_ptr,
2120 Ulong* signature_len_ptr,
2139 template <
typename TAllocA,
typename TAllocB>
2141 const std::vector<uint8_t, TAllocA>& data,
2142 std::vector<uint8_t, TAllocB>& signature,
2144 Ulong signature_size = 0;
2145 if(!C_Sign(session, data.data(),
static_cast<Ulong>(data.size()),
nullptr, &signature_size, return_value)) {
2149 signature.resize(signature_size);
2152 static_cast<Ulong>(data.size()),
2158 signature.resize(signature_size);
2178 const Byte* part_ptr,
2196 template <
typename TAlloc>
2198 const std::vector<uint8_t, TAlloc>& part,
2200 return C_SignUpdate(session, part.data(),
static_cast<Ulong>(part.size()), return_value);
2220 Byte* signature_ptr,
2221 Ulong* signature_len_ptr,
2239 template <
typename TAlloc>
2241 std::vector<uint8_t, TAlloc>& signature,
2243 Ulong signature_size = 0;
2244 if(!C_SignFinal(session,
nullptr, &signature_size, return_value)) {
2248 signature.resize(signature_size);
2249 if(!C_SignFinal(session, signature.data(), &signature_size, return_value)) {
2252 signature.resize(signature_size);
2299 Byte* signature_ptr,
2300 Ulong* signature_len_ptr,
2346 const Byte* data_ptr,
2348 const Byte* signature_ptr,
2349 Ulong signature_len,
2368 template <
typename TAllocA,
typename TAllocB>
2370 const std::vector<uint8_t, TAllocA>& data,
2371 std::vector<uint8_t, TAllocB>& signature,
2373 return C_Verify(session,
2375 static_cast<Ulong>(data.size()),
2377 static_cast<Ulong>(signature.size()),
2397 const Byte* part_ptr,
2415 template <
typename TAlloc>
2417 std::vector<uint8_t, TAlloc> part,
2419 return C_VerifyUpdate(session, part.data(),
static_cast<Ulong>(part.size()), return_value);
2439 const Byte* signature_ptr,
2440 Ulong signature_len,
2484 Byte* signature_ptr,
2485 Ulong signature_len,
2487 Ulong* data_len_ptr,
2512 Byte* encrypted_part_ptr,
2513 Ulong* encrypted_part_len_ptr,
2535 Byte* encrypted_part_ptr,
2536 Ulong encrypted_part_len,
2538 Ulong* part_len_ptr,
2562 Byte* encrypted_part_ptr,
2563 Ulong* encrypted_part_len_ptr,
2585 Byte* encrypted_part_ptr,
2586 Ulong encrypted_part_len,
2588 Ulong* part_len_ptr,
2648 Ulong public_key_attribute_count,
2650 Ulong private_key_attribute_count,
2681 Byte* wrapped_key_ptr,
2682 Ulong* wrapped_key_len_ptr,
2714 Byte* wrapped_key_ptr,
2715 Ulong wrapped_key_len,
2717 Ulong attribute_count,
2748 Ulong attribute_count,
2771 const Byte* seed_ptr,
2791 Byte* random_data_ptr,
2839 static bool handle_return_value(
CK_RV function_result,
ReturnValue* return_value);
2855 PKCS11_Error(std::to_string(static_cast<uint32_t>(return_val))), m_return_val(return_val) {}
2859 int error_code() const noexcept
override {
return static_cast<int>(m_return_val); }
Provides access to all PKCS#11 functions.
bool C_InitPIN(SessionHandle session, const std::vector< uint8_t, TAlloc > &pin, ReturnValue *return_value=ThrowException) const
bool C_SetAttributeValue(SessionHandle session, ObjectHandle object, std::map< AttributeType, std::vector< uint8_t, TAlloc > > &attribute_values, ReturnValue *return_value=ThrowException) const
bool C_Sign(SessionHandle session, const std::vector< uint8_t, TAllocA > &data, std::vector< uint8_t, TAllocB > &signature, ReturnValue *return_value=ThrowException) const
bool C_SetPIN(SessionHandle session, const std::vector< uint8_t, TAlloc > &old_pin, const std::vector< uint8_t, TAlloc > &new_pin, ReturnValue *return_value=ThrowException) const
bool C_SignUpdate(SessionHandle session, const std::vector< uint8_t, TAlloc > &part, ReturnValue *return_value=ThrowException) const
bool C_InitToken(SlotId slot_id, const std::vector< uint8_t, TAlloc > &so_pin, std::string_view label, ReturnValue *return_value=ThrowException) const
bool C_Login(SessionHandle session, UserType user_type, const std::vector< uint8_t, TAlloc > &pin, ReturnValue *return_value=ThrowException) const
bool C_Encrypt(SessionHandle session, const std::vector< uint8_t, TAllocA > &plaintext_data, std::vector< uint8_t, TAllocB > &encrypted_data, ReturnValue *return_value=ThrowException) const
bool C_Verify(SessionHandle session, const std::vector< uint8_t, TAllocA > &data, std::vector< uint8_t, TAllocB > &signature, ReturnValue *return_value=ThrowException) const
bool C_Decrypt(SessionHandle session, const std::vector< uint8_t, TAllocA > &encrypted_data, std::vector< uint8_t, TAllocB > &decrypted_data, ReturnValue *return_value=ThrowException) const
bool C_VerifyUpdate(SessionHandle session, std::vector< uint8_t, TAlloc > part, ReturnValue *return_value=ThrowException) const
bool C_SignFinal(SessionHandle session, std::vector< uint8_t, TAlloc > &signature, ReturnValue *return_value=ThrowException) const
FunctionListPtr get_functions() const
bool C_GetAttributeValue(SessionHandle session, ObjectHandle object, std::map< AttributeType, std::vector< uint8_t, TAlloc > > &attribute_values, ReturnValue *return_value=ThrowException) const
ErrorType error_type() const noexcept override
PKCS11_Error(std::string_view what)
int error_code() const noexcept override
ReturnValue get_return_value() const
PKCS11_ReturnError(ReturnValue return_val)
int(* final)(unsigned char *, CTX *)
#define BOTAN_PUBLIC_API(maj, min)
@ Pkcs5Pbkd2HmacSha512256
@ Pkcs5Pbkd2HmacGostr3411
@ Pkcs5Pbkd2HmacSha512224
ReturnValue * ThrowException
@ OtpChallengeRequirement
void change_pin(Slot &slot, const secure_string &old_pin, const secure_string &new_pin)
void change_so_pin(Slot &slot, const secure_string &old_so_pin, const secure_string &new_so_pin)
@ DsaShaweTaylorParameterGen
@ WtlsServerKeyAndMacDerive
@ WtlsClientKeyAndMacDerive
@ DsaProbablisticParameterGen
@ WtlsMasterKeyDeriveDhEcc
CK_FUNCTION_LIST_PTR FunctionListPtr
@ LibraryCantCreateOsThreads
@ ProtectedAuthenticationPath
@ SecondaryAuthentication
secure_vector< uint8_t > secure_string
CK_UNLOCKMUTEX UnlockMutex
CK_DESTROYMUTEX DestroyMutex
Flag operator|(Flag a, Flag b)
CK_SESSION_HANDLE SessionHandle
void set_pin(Slot &slot, const secure_string &so_pin, const secure_string &pin)
CK_OBJECT_HANDLE ObjectHandle
CK_CREATEMUTEX CreateMutex
@ SessionReadWriteSoExists
@ SessionParallelNotSupported
@ UnwrappingKeyHandleInvalid
@ UserAnotherAlreadyLoggedIn
@ UnwrappingKeyTypeInconsistent
@ KeyFunctionNotPermitted
@ CryptokiAlreadyInitialized
@ WrappingKeyTypeInconsistent
@ OperationNotInitialized
@ WrappingKeyHandleInvalid
void initialize_token(Slot &slot, std::string_view label, const secure_string &so_pin, const secure_string &pin)
std::vector< T, secure_allocator< T > > secure_vector
#define CKA_NEVER_EXTRACTABLE
#define CKM_TLS_MASTER_KEY_DERIVE
#define CKM_DSA_PARAMETER_GEN
#define CKR_SESSION_COUNT
#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE
#define CKM_CONCATENATE_BASE_AND_DATA
#define CKR_DEVICE_MEMORY
#define CKA_JAVA_MIDP_SECURITY_DOMAIN
#define CKM_SSL3_SHA1_MAC
#define CKA_OTP_TIME_INTERVAL
#define CKA_SECONDARY_AUTH
#define CKR_GENERAL_ERROR
#define CKR_MECHANISM_INVALID
#define CKR_SLOT_ID_INVALID
#define CKC_VENDOR_DEFINED
#define CKM_SSL3_MASTER_KEY_DERIVE
#define CKR_ATTRIBUTE_TYPE_INVALID
#define CKA_OTP_SERVICE_IDENTIFIER
#define CKM_GOSTR3411_HMAC
#define CKM_WTLS_PRE_MASTER_KEY_GEN
#define CKA_AUTH_PIN_FLAGS
#define CKM_SHA256_KEY_DERIVATION
#define CKA_SERIAL_NUMBER
#define CKM_CAST5_MAC_GENERAL
#define CKF_LOGIN_REQUIRED
#define CKF_EC_UNCOMPRESS
#define CKA_SUB_PRIME_BITS
#define CKF_LIBRARY_CANT_CREATE_OS_THREADS
#define CKM_SEED_MAC_GENERAL
#define CKF_PROTECTED_AUTHENTICATION_PATH
#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY
#define CKR_FUNCTION_CANCELED
#define CKM_DSA_PROBABLISTIC_PARAMETER_GEN
#define CKM_TWOFISH_CBC_PAD
#define CKM_SKIPJACK_CFB8
#define CKM_RSA_X9_31_KEY_PAIR_GEN
#define CKR_KEY_UNEXTRACTABLE
#define CKR_UNWRAPPING_KEY_HANDLE_INVALID
#define CKM_CONCATENATE_BASE_AND_KEY
#define CKR_NEED_TO_CREATE_THREADS
#define CKM_SEED_ECB_ENCRYPT_DATA
#define CKR_WRAPPING_KEY_SIZE_RANGE
#define CKM_FORTEZZA_TIMESTAMP
#define CKS_RW_PUBLIC_SESSION
#define CKR_MECHANISM_PARAM_INVALID
#define CKA_SUPPORTED_CMS_ATTRIBUTES
#define CKF_TOKEN_INITIALIZED
#define CKR_TOKEN_NOT_RECOGNIZED
#define CKM_SHA512_HMAC_GENERAL
#define CKM_SKIPJACK_CFB64
#define CKM_DES_CBC_ENCRYPT_DATA
#define CKD_SHA1_KDF_ASN1
#define CKR_ATTRIBUTE_SENSITIVE
#define CKM_ECDH1_COFACTOR_DERIVE
#define CKR_RANDOM_NO_RNG
#define CKM_ARIA_CBC_ENCRYPT_DATA
#define CKM_CAMELLIA_KEY_GEN
#define CKR_PIN_LEN_RANGE
#define CKF_USER_PIN_FINAL_TRY
#define CKM_BATON_KEY_GEN
#define CKA_PRIVATE_EXPONENT
#define CKR_RANDOM_SEED_NOT_SUPPORTED
#define CKR_SESSION_PARALLEL_NOT_SUPPORTED
#define CKM_VENDOR_DEFINED
#define CKR_ATTRIBUTE_READ_ONLY
#define CKR_KEY_FUNCTION_NOT_PERMITTED
#define CKA_HW_FEATURE_TYPE
#define CKM_TWOFISH_KEY_GEN
#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT
#define CKA_VERIFY_RECOVER
#define CKM_SHA512_224_HMAC_GENERAL
#define CKM_SKIPJACK_RELAYX
#define CKM_SHA512_224_HMAC
#define CKR_SESSION_EXISTS
#define CKM_MD5_HMAC_GENERAL
#define CKR_FUNCTION_REJECTED
#define CKM_SHA_1_HMAC_GENERAL
#define CKM_TLS10_MAC_CLIENT
unsigned long int CK_ULONG
#define CKM_JUNIPER_ECB128
#define CKA_PUBLIC_EXPONENT
#define CKM_SKIPJACK_CBC64
#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE
#define CKM_PBE_SHA1_DES2_EDE_CBC
#define CKM_X9_42_DH_KEY_PAIR_GEN
#define CRYPTOKI_VERSION_MINOR
#define CKM_RSA_PKCS_KEY_PAIR_GEN
#define CKR_SESSION_READ_ONLY
#define CKA_OTP_TIME_REQUIREMENT
#define CKM_PBE_MD5_CAST5_CBC
#define CKM_KEA_KEY_DERIVE
#define CKC_X_509_ATTR_CERT
#define CKM_JUNIPER_KEY_GEN
#define CKR_ENCRYPTED_DATA_LEN_RANGE
#define CKM_SHA512_KEY_DERIVATION
#define CKA_BITS_PER_PIXEL
#define CKR_SIGNATURE_INVALID
#define CKM_AES_MAC_GENERAL
#define CKM_CAST128_CBC_PAD
#define CKA_OTP_USER_IDENTIFIER
#define CKR_SESSION_HANDLE_INVALID
#define CK_CERTIFICATE_CATEGORY_OTHER_ENTITY
#define CKF_USER_PIN_INITIALIZED
#define CKA_PUBLIC_KEY_INFO
#define CKA_OTP_USER_FRIENDLY_MODE
#define CKM_SHA384_HMAC_GENERAL
#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN
#define CKM_SECURID_KEY_GEN
#define CKM_IDEA_MAC_GENERAL
#define CKS_RO_USER_FUNCTIONS
#define CKM_TLS_KEY_AND_MAC_DERIVE
#define CKM_GOST28147_ECB
#define CKR_ARGUMENTS_BAD
#define CKM_SHA512_224_KEY_DERIVATION
#define CKM_SHA512_T_HMAC_GENERAL
#define CKM_TLS_MASTER_KEY_DERIVE_DH
#define CKM_CAST3_MAC_GENERAL
#define CKM_CAST5_CBC_PAD
#define CKM_PBE_SHA1_RC2_128_CBC
#define CKA_NAME_HASH_ALGORITHM
#define CKM_SSL3_PRE_MASTER_KEY_GEN
#define CKM_SSL3_MASTER_KEY_DERIVE_DH
#define CKR_LIBRARY_LOAD_FAILED
#define CKM_RIPEMD128_HMAC_GENERAL
#define CKM_PBA_SHA1_WITH_SHA1_HMAC
#define CKA_OTP_SERVICE_LOGO_TYPE
CK_ULONG CK_SESSION_HANDLE
#define CKA_OTP_CHALLENGE_REQUIREMENT
#define CKR_TOKEN_NOT_PRESENT
#define CKM_SHA512_T_KEY_DERIVATION
#define CKR_CRYPTOKI_NOT_INITIALIZED
#define CKM_DH_PKCS_DERIVE
#define CKM_CAMELLIA_MAC_GENERAL
#define CKM_MD2_HMAC_GENERAL
#define CKM_SEED_CBC_ENCRYPT_DATA
#define CKM_DES3_CMAC_GENERAL
#define CKR_PIN_INCORRECT
#define CKM_CAST128_MAC_GENERAL
#define CK_CERTIFICATE_CATEGORY_TOKEN_USER
#define CKM_PBE_SHA1_RC4_40
#define CKM_PBE_SHA1_CAST5_CBC
#define CKM_TLS10_MAC_SERVER
#define CKM_X9_42_DH_DERIVE
#define CKF_GENERATE_KEY_PAIR
#define CKM_SKIPJACK_PRIVATE_WRAP
#define CKM_KEY_WRAP_LYNKS
#define CKM_SHA512_RSA_PKCS_PSS
#define CKM_CAST5_KEY_GEN
#define CKF_REMOVABLE_DEVICE
#define CKP_PKCS5_PBKD2_HMAC_SHA512_256
#define CKM_RSA_PKCS_OAEP
#define CKR_WRAPPED_KEY_INVALID
#define CKF_SECONDARY_AUTHENTICATION
#define CKM_PBE_SHA1_RC4_128
#define CKM_RSA_PKCS_OAEP_TPM_1_1
#define CKM_SHA512_RSA_PKCS
#define CKM_DES3_MAC_GENERAL
#define CKP_PKCS5_PBKD2_HMAC_SHA224
#define CKM_EXTRACT_KEY_FROM_KEY
#define CKM_SKIPJACK_CFB32
#define CKF_USER_FRIENDLY_OTP
#define CKR_WRAPPING_KEY_HANDLE_INVALID
#define CKR_MUTEX_NOT_LOCKED
#define CKR_USER_TOO_MANY_TYPES
#define CKM_CAST_MAC_GENERAL
#define CKF_USER_PIN_COUNT_LOW
#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC