Botan  2.13.0
Crypto and TLS for C++11
p11.h
Go to the documentation of this file.
1 /*
2 * PKCS#11
3 * (C) 2016 Daniel Neus, Sirrix AG
4 * (C) 2016 Philipp Weber, Sirrix AG
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8 
9 #ifndef BOTAN_P11_H_
10 #define BOTAN_P11_H_
11 
12 #include <botan/secmem.h>
13 #include <botan/exceptn.h>
14 #include <botan/dyn_load.h>
15 
16 #include <vector>
17 #include <string>
18 #include <map>
19 
20 #define CK_PTR *
21 
22 #if defined(_MSC_VER)
23 #define CK_DECLARE_FUNCTION(returnType, name) \
24  returnType __declspec(dllimport) name
25 #else
26 #define CK_DECLARE_FUNCTION(returnType, name) \
27  returnType name
28 #endif
29 
30 #if defined(_MSC_VER)
31 #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
32  returnType __declspec(dllimport) (* name)
33 #else
34 #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
35  returnType (* name)
36 #endif
37 
38 #define CK_CALLBACK_FUNCTION(returnType, name) \
39  returnType (* name)
40 
41 #ifndef NULL_PTR
42  #define NULL_PTR nullptr
43 #endif
44 
45 #if defined(_MSC_VER)
46  #pragma pack(push, cryptoki, 1)
47 #endif
48 
49 #include "pkcs11.h"
50 
51 #if defined(_MSC_VER)
52  #pragma pack(pop, cryptoki)
53 #endif
54 
55 static_assert(CRYPTOKI_VERSION_MAJOR == 2 && CRYPTOKI_VERSION_MINOR == 40,
56  "The Botan PKCS#11 module was implemented against PKCS#11 v2.40. Please use the correct PKCS#11 headers.");
57 
58 namespace Botan {
59 namespace PKCS11 {
60 
62 
64  {
65  Class = CKA_CLASS,
66  Token = CKA_TOKEN,
68  Label = CKA_LABEL,
70  Value = CKA_VALUE,
76  Owner = CKA_OWNER,
81  Url = CKA_URL,
88  Id = CKA_ID,
92  Wrap = CKA_WRAP,
94  Sign = CKA_SIGN,
111  Prime = CKA_PRIME,
113  Base = CKA_BASE,
120  Local = CKA_LOCAL,
162  Color = CKA_COLOR,
173  };
174 
176  {
177  X509 = CKC_X_509,
179  Wtls = CKC_WTLS,
181  };
182 
183 /// Indicates if a stored certificate is a user certificate for which the corresponding private key is available
184 /// on the token ("token user"), a CA certificate ("authority"), or another end-entity certificate ("other entity").
186  {
191  };
192 
194  {
195  Null = CKD_NULL,
204  };
205 
206 enum class Flag : CK_FLAGS
207  {
208  None = 0,
212  Rng = CKF_RNG,
234  Hw = CKF_HW,
237  Digest = CKF_DIGEST,
238  Sign = CKF_SIGN,
240  Verify = CKF_VERIFY,
244  Wrap = CKF_WRAP,
245  Unwrap = CKF_UNWRAP,
246  Derive = CKF_DERIVE,
247  EcFP = CKF_EC_F_P,
248  EcF2m = CKF_EC_F_2M,
263  };
264 
265 inline Flag operator | (Flag a, Flag b)
266  {
267  return static_cast< Flag >(static_cast< CK_FLAGS >(a) | static_cast< CK_FLAGS >(b));
268  }
269 
271  {
277  };
278 
280  {
282  Clock = CKH_CLOCK,
285  };
286 
287 enum class KeyType : CK_KEY_TYPE
288  {
289  Rsa = CKK_RSA,
290  Dsa = CKK_DSA,
291  Dh = CKK_DH,
292  Ecdsa = CKK_ECDSA,
293  Ec = CKK_EC,
295  Kea = CKK_KEA,
297  Rc2 = CKK_RC2,
298  Rc4 = CKK_RC4,
299  Des = CKK_DES,
300  Des2 = CKK_DES2,
301  Des3 = CKK_DES3,
302  Cast = CKK_CAST,
303  Cast3 = CKK_CAST3,
304  Cast5 = CKK_CAST5,
306  Rc5 = CKK_RC5,
307  Idea = CKK_IDEA,
309  Baton = CKK_BATON,
311  Cdmf = CKK_CDMF,
312  Aes = CKK_AES,
316  Hotp = CKK_HOTP,
317  Acti = CKK_ACTI,
319  Aria = CKK_ARIA,
328  Seed = CKK_SEED,
333  };
334 
336  {
353  Dsa = CKM_DSA,
392  Rc4 = CKM_RC4,
418  Md2 = CKM_MD2,
421  Md5 = CKM_MD5,
424  Sha1 = CKM_SHA_1,
433  Sha256 = CKM_SHA256,
436  Sha224 = CKM_SHA224,
439  Sha384 = CKM_SHA384,
442  Sha512 = CKM_SHA512,
448  Hotp = CKM_HOTP,
449  Acti = CKM_ACTI,
598  Ecdsa = CKM_ECDSA,
670  };
671 
673  {
676  };
677 
679  {
680  Data = CKO_DATA,
690  };
691 
693  {
702  };
703 
704 enum class SessionState : CK_STATE
705  {
711  };
712 
713 enum class ReturnValue : CK_RV
714  {
715  OK = CKR_OK,
716  Cancel = CKR_CANCEL,
810  };
811 
812 enum class UserType : CK_USER_TYPE
813  {
814  SO = CKU_SO,
815  User = CKU_USER,
817  };
818 
819 enum class PublicPointEncoding : uint32_t
820  {
821  Raw,
822  Der
823  };
824 
828 using CreateMutex = CK_CREATEMUTEX;
829 using DestroyMutex = CK_DESTROYMUTEX;
830 using LockMutex = CK_LOCKMUTEX;
831 using UnlockMutex = CK_UNLOCKMUTEX;
832 using Flags = CK_FLAGS;
833 using Info = CK_INFO;
834 using Bbool = CK_BBOOL;
836 using Ulong = CK_ULONG;
842 using Notify = CK_NOTIFY;
847 using Byte = CK_BYTE;
851 using Date = CK_DATE;
852 
854 
857 
859  {
860  return static_cast<Flags>(flags);
861  }
862 
863 class Slot;
864 
865 /**
866 * Initializes a token
867 * @param slot The slot with the attached token that should be initialized
868 * @param label The token label
869 * @param so_pin PIN of the security officer. Will be set if the token is uninitialized other this has to be the current SO_PIN
870 * @param pin The user PIN that will be set
871 */
872 BOTAN_PUBLIC_API(2,0) void initialize_token(Slot& slot, const std::string& label, const secure_string& so_pin,
873  const secure_string& pin);
874 
875 /**
876 * Change PIN with old PIN to new PIN
877 * @param slot The slot with the attached token
878 * @param old_pin The old user PIN
879 * @param new_pin The new user PIN
880 */
881 
882 BOTAN_PUBLIC_API(2,0) void change_pin(Slot& slot, const secure_string& old_pin, const secure_string& new_pin);
883 
884 /**
885 * Change SO_PIN with old SO_PIN to new SO_PIN
886 * @param slot The slot with the attached token
887 * @param old_so_pin The old SO_PIN
888 * @param new_so_pin The new SO_PIN
889 */
890 BOTAN_PUBLIC_API(2,0) void change_so_pin(Slot& slot, const secure_string& old_so_pin, const secure_string& new_so_pin);
891 
892 /**
893 * Sets user PIN with SO_PIN
894 * @param slot The slot with the attached token
895 * @param so_pin PIN of the security officer
896 * @param pin The user PIN that should be set
897 */
898 BOTAN_PUBLIC_API(2,0) void set_pin(Slot& slot, const secure_string& so_pin, const secure_string& pin);
899 
900 /// Provides access to all PKCS#11 functions
902  {
903  public:
904  /// @param ptr the functon list pointer to use. Can be retrieved via `LowLevel::C_GetFunctionList`
905  explicit LowLevel(FunctionListPtr ptr);
906 
907  /****************************** General purpose functions ******************************/
908 
909  /**
910  * C_Initialize initializes the Cryptoki library.
911  * @param init_args if this is not nullptr, it gets cast to (`C_InitializeArgs`) and dereferenced
912  * @param return_value default value (`ThrowException`): throw exception on error.
913  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
914  * At least the following PKCS#11 return values may be returned:
915  * \li ArgumentsBad \li CantLock \li CryptokiAlreadyInitialized
916  * \li FunctionFailed \li GeneralError \li HostMemory
917  * \li NeedToCreateThreads \li OK
918  * @return true on success, false otherwise
919  */
920  bool C_Initialize(VoidPtr init_args,
921  ReturnValue* return_value = ThrowException) const;
922 
923  /**
924  * C_Finalize indicates that an application is done with the Cryptoki library.
925  * @param reserved reserved. Should be nullptr
926  * @param return_value default value (`ThrowException`): throw exception on error.
927  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
928  * At least the following PKCS#11 return values may be returned:
929  * \li ArgumentsBad \li CryptokiNotInitialized \li FunctionFailed
930  * \li GeneralError \li HostMemory \li OK
931  * @return true on success, false otherwise
932  */
933  bool C_Finalize(VoidPtr reserved,
934  ReturnValue* return_value = ThrowException) const;
935 
936  /**
937  * C_GetInfo returns general information about Cryptoki.
938  * @param info_ptr location that receives information
939  * @param return_value default value (`ThrowException`): throw exception on error.
940  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
941  * At least the following PKCS#11 return values may be returned:
942  * \li ArgumentsBad \li CryptokiNotInitialized \li FunctionFailed
943  * \li GeneralError \li HostMemory \li OK
944  * @return true on success, false otherwise
945  */
946  bool C_GetInfo(Info* info_ptr,
947  ReturnValue* return_value = ThrowException) const;
948 
949  /**
950  * C_GetFunctionList returns the function list.
951  * @param pkcs11_module The PKCS#11 module
952  * @param function_list_ptr_ptr receives pointer to function list
953  * @param return_value default value (`ThrowException`): throw exception on error.
954  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
955  * At least the following PKCS#11 return values may be returned:
956  * \li ArgumentsBad \li FunctionFailed \li GeneralError
957  * \li HostMemory \li OK
958  * @return true on success, false otherwise
959  */
960  static bool C_GetFunctionList(Dynamically_Loaded_Library& pkcs11_module, FunctionListPtr* function_list_ptr_ptr,
961  ReturnValue* return_value = ThrowException);
962 
963  /****************************** Slot and token management functions ******************************/
964 
965  /**
966  * C_GetSlotList obtains a list of slots in the system.
967  * @param token_present only slots with tokens
968  * @param slot_list_ptr receives array of slot IDs
969  * @param count_ptr receives number of slots
970  * @param return_value default value (`ThrowException`): throw exception on error.
971  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
972  * At least the following PKCS#11 return values may be returned:
973  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
974  * \li FunctionFailed \li GeneralError \li HostMemory
975  * \li OK
976  * @return true on success, false otherwise
977  */
978  bool C_GetSlotList(Bbool token_present,
979  SlotId* slot_list_ptr,
980  Ulong* count_ptr,
981  ReturnValue* return_value = ThrowException) const;
982 
983  /**
984  * C_GetSlotList obtains a list of slots in the system.
985  * @param token_present only slots with tokens
986  * @param slot_ids receives vector of slot IDs
987  * @param return_value default value (`ThrowException`): throw exception on error.
988  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
989  * At least the following PKCS#11 return values may be returned:
990  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
991  * \li FunctionFailed \li GeneralError \li HostMemory
992  * \li OK
993  * @return true on success, false otherwise
994  */
995  bool C_GetSlotList(bool token_present,
996  std::vector<SlotId>& slot_ids,
997  ReturnValue* return_value = ThrowException) const;
998 
999  /**
1000  * C_GetSlotInfo obtains information about a particular slot in the system.
1001  * @param slot_id the ID of the slot
1002  * @param info_ptr receives the slot information
1003  * @param return_value default value (`ThrowException`): throw exception on error.
1004  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1005  * At least the following PKCS#11 return values may be returned:
1006  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1007  * \li FunctionFailed \li GeneralError \li HostMemory
1008  * \li OK \li SlotIdInvalid
1009  * @return true on success, false otherwise
1010  */
1011  bool C_GetSlotInfo(SlotId slot_id,
1012  SlotInfo* info_ptr,
1013  ReturnValue* return_value = ThrowException) const;
1014 
1015  /**
1016  * C_GetTokenInfo obtains information about a particular token in the system.
1017  * @param slot_id ID of the token's slot
1018  * @param info_ptr receives the token information
1019  * @param return_value default value (`ThrowException`): throw exception on error.
1020  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1021  * At least the following PKCS#11 return values may be returned:
1022  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1023  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1024  * \li HostMemory \li OK \li SlotIdInvalid
1025  * \li TokenNotPresent \li TokenNotRecognized \li ArgumentsBad
1026  * @return true on success, false otherwise
1027  */
1028  bool C_GetTokenInfo(SlotId slot_id,
1029  TokenInfo* info_ptr,
1030  ReturnValue* return_value = ThrowException) const;
1031 
1032  /**
1033  * C_WaitForSlotEvent waits for a slot event (token insertion, removal, etc.) to occur.
1034  * @param flags blocking/nonblocking flag
1035  * @param slot_ptr location that receives the slot ID
1036  * @param reserved reserved. Should be NULL_PTR
1037  * @param return_value default value (`ThrowException`): throw exception on error.
1038  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1039  * At least the following PKCS#11 return values may be returned:
1040  * \li ArgumentsBad \li CryptokiNotInitialized \li FunctionFailed
1041  * \li GeneralError \li HostMemory \li NoEvent
1042  * \li OK
1043  * @return true on success, false otherwise
1044  */
1045  bool C_WaitForSlotEvent(Flags flags,
1046  SlotId* slot_ptr,
1047  VoidPtr reserved,
1048  ReturnValue* return_value = ThrowException) const;
1049 
1050  /**
1051  * C_GetMechanismList obtains a list of mechanism types supported by a token.
1052  * @param slot_id ID of token's slot
1053  * @param mechanism_list_ptr gets mech. array
1054  * @param count_ptr gets # of mechs.
1055  * @param return_value default value (`ThrowException`): throw exception on error.
1056  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1057  * At least the following PKCS#11 return values may be returned:
1058  * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1059  * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1060  * \li GeneralError \li HostMemory \li OK
1061  * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1062  * \li ArgumentsBad
1063  * @return true on success, false otherwise
1064  */
1065  bool C_GetMechanismList(SlotId slot_id,
1066  MechanismType* mechanism_list_ptr,
1067  Ulong* count_ptr,
1068  ReturnValue* return_value = ThrowException) const;
1069 
1070  /**
1071  * C_GetMechanismList obtains a list of mechanism types supported by a token.
1072  * @param slot_id ID of token's slot
1073  * @param mechanisms receives vector of supported mechanisms
1074  * @param return_value default value (`ThrowException`): throw exception on error.
1075  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1076  * At least the following PKCS#11 return values may be returned:
1077  * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1078  * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1079  * \li GeneralError \li HostMemory \li OK
1080  * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1081  * \li ArgumentsBad
1082  * @return true on success, false otherwise
1083  */
1084  bool C_GetMechanismList(SlotId slot_id,
1085  std::vector<MechanismType>& mechanisms,
1086  ReturnValue* return_value = ThrowException) const;
1087 
1088  /**
1089  * C_GetMechanismInfo obtains information about a particular mechanism possibly supported by a token.
1090  * @param slot_id ID of the token's slot
1091  * @param type type of mechanism
1092  * @param info_ptr receives mechanism info
1093  * @param return_value default value (`ThrowException`): throw exception on error.
1094  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1095  * At least the following PKCS#11 return values may be returned:
1096  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1097  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1098  * \li HostMemory \li MechanismInvalid \li OK
1099  * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1100  * \li ArgumentsBad
1101  * @return true on success, false otherwise
1102  */
1103  bool C_GetMechanismInfo(SlotId slot_id,
1105  MechanismInfo* info_ptr,
1106  ReturnValue* return_value = ThrowException) const;
1107 
1108  /**
1109  * C_InitToken initializes a token.
1110  * @param slot_id ID of the token's slot
1111  * @param so_pin_ptr the SO's initial PIN
1112  * @param so_pin_len length in bytes of the SO_PIN
1113  * @param label_ptr 32-byte token label (blank padded)
1114  * @param return_value default value (`ThrowException`): throw exception on error.
1115  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1116  * At least the following PKCS#11 return values may be returned:
1117  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1118  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1119  * \li GeneralError \li HostMemory \li OK
1120  * \li PinIncorrect \li PinLocked \li SessionExists
1121  * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1122  * \li TokenWriteProtected \li ArgumentsBad
1123  * @return true on success, false otherwise
1124  */
1125  bool C_InitToken(SlotId slot_id,
1126  Utf8Char* so_pin_ptr,
1127  Ulong so_pin_len,
1128  Utf8Char* label_ptr,
1129  ReturnValue* return_value = ThrowException) const;
1130 
1131  /**
1132  * C_InitToken initializes a token.
1133  * @param slot_id ID of the token's slot
1134  * @param so_pin the SO's initial PIN
1135  * @param label token label (at max 32 bytes long)
1136  * @param return_value default value (`ThrowException`): throw exception on error.
1137  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1138  * At least the following PKCS#11 return values may be returned:
1139  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1140  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1141  * \li GeneralError \li HostMemory \li OK
1142  * \li PinIncorrect \li PinLocked \li SessionExists
1143  * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1144  * \li TokenWriteProtected \li ArgumentsBad
1145  * @return true on success, false otherwise
1146  */
1147  template<typename TAlloc>
1148  bool C_InitToken(SlotId slot_id,
1149  const std::vector<uint8_t, TAlloc>& so_pin,
1150  const std::string& label,
1151  ReturnValue* return_value = ThrowException) const
1152  {
1153  std::string padded_label = label;
1154  if(label.size() < 32)
1155  {
1156  padded_label.insert(padded_label.end(), 32 - label.size(), ' ');
1157  }
1158 
1159  return C_InitToken(slot_id,
1160  reinterpret_cast< Utf8Char* >(const_cast< uint8_t* >(so_pin.data())),
1161  static_cast<Ulong>(so_pin.size()),
1162  reinterpret_cast< Utf8Char* >(const_cast< char* >(padded_label.c_str())),
1163  return_value);
1164  }
1165 
1166  /**
1167  * C_InitPIN initializes the normal user's PIN.
1168  * @param session the session's handle
1169  * @param pin_ptr the normal user's PIN
1170  * @param pin_len length in bytes of the PIN
1171  * @param return_value default value (`ThrowException`): throw exception on error.
1172  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1173  * At least the following PKCS#11 return values may be returned:
1174  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1175  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1176  * \li GeneralError \li HostMemory \li OK
1177  * \li PinInvalid \li PinLenRange \li SessionClosed
1178  * \li SessionReadOnly \li SessionHandleInvalid \li TokenWriteProtected
1179  * \li UserNotLoggedIn \li ArgumentsBad
1180  * @return true on success, false otherwise
1181  */
1182  bool C_InitPIN(SessionHandle session,
1183  Utf8Char* pin_ptr,
1184  Ulong pin_len,
1185  ReturnValue* return_value = ThrowException) const;
1186 
1187  /**
1188  * C_InitPIN initializes the normal user's PIN.
1189  * @param session the session's handle
1190  * @param pin the normal user's PIN
1191  * @param return_value default value (`ThrowException`): throw exception on error.
1192  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1193  * At least the following PKCS#11 return values may be returned:
1194  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1195  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1196  * \li GeneralError \li HostMemory \li OK
1197  * \li PinInvalid \li PinLenRange \li SessionClosed
1198  * \li SessionReadOnly \li SessionHandleInvalid \li TokenWriteProtected
1199  * \li UserNotLoggedIn \li ArgumentsBad
1200  * @return true on success, false otherwise
1201  */
1202  template<typename TAlloc>
1203  bool C_InitPIN(SessionHandle session,
1204  const std::vector<uint8_t, TAlloc>& pin,
1205  ReturnValue* return_value = ThrowException) const
1206  {
1207  return C_InitPIN(session,
1208  reinterpret_cast< Utf8Char* >(const_cast< uint8_t* >(pin.data())),
1209  static_cast<Ulong>(pin.size()),
1210  return_value);
1211  }
1212 
1213  /**
1214  * C_SetPIN modifies the PIN of the user who is logged in.
1215  * @param session the session's handle
1216  * @param old_pin_ptr the old PIN
1217  * @param old_len length of the old PIN
1218  * @param new_pin_ptr the new PIN
1219  * @param new_len length of the new PIN
1220  * @param return_value default value (`ThrowException`): throw exception on error.
1221  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1222  * At least the following PKCS#11 return values may be returned:
1223  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1224  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1225  * \li GeneralError \li HostMemory \li OK
1226  * \li PinIncorrect \li PinInvalid \li PinLenRange
1227  * \li PinLocked \li SessionClosed \li SessionHandleInvalid
1228  * \li SessionReadOnly \li TokenWriteProtected \li ArgumentsBad
1229  * @return true on success, false otherwise
1230  */
1231  bool C_SetPIN(SessionHandle session,
1232  Utf8Char* old_pin_ptr,
1233  Ulong old_len,
1234  Utf8Char* new_pin_ptr,
1235  Ulong new_len,
1236  ReturnValue* return_value = ThrowException) const;
1237 
1238  /**
1239  * C_SetPIN modifies the PIN of the user who is logged in.
1240  * @param session the session's handle
1241  * @param old_pin the old PIN
1242  * @param new_pin the new PIN
1243  * @param return_value default value (`ThrowException`): throw exception on error.
1244  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1245  * At least the following PKCS#11 return values may be returned:
1246  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1247  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1248  * \li GeneralError \li HostMemory \li OK
1249  * \li PinIncorrect \li PinInvalid \li PinLenRange
1250  * \li PinLocked \li SessionClosed \li SessionHandleInvalid
1251  * \li SessionReadOnly \li TokenWriteProtected \li ArgumentsBad
1252  * @return true on success, false otherwise
1253  */
1254  template<typename TAlloc>
1255  bool C_SetPIN(SessionHandle session,
1256  const std::vector<uint8_t, TAlloc>& old_pin,
1257  const std::vector<uint8_t, TAlloc>& new_pin,
1258  ReturnValue* return_value = ThrowException) const
1259  {
1260  return C_SetPIN(session,
1261  reinterpret_cast< Utf8Char* >(const_cast< uint8_t* >(old_pin.data())),
1262  static_cast<Ulong>(old_pin.size()),
1263  reinterpret_cast< Utf8Char* >(const_cast< uint8_t* >(new_pin.data())),
1264  static_cast<Ulong>(new_pin.size()),
1265  return_value);
1266  }
1267 
1268 
1269  /****************************** Session management ******************************/
1270 
1271  /**
1272  * C_OpenSession opens a session between an application and a token.
1273  * @param slot_id the slot's ID
1274  * @param flags from CK_SESSION_INFO
1275  * @param application passed to callback
1276  * @param notify callback function
1277  * @param session_ptr gets session handle
1278  * @param return_value default value (`ThrowException`): throw exception on error.
1279  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1280  * At least the following PKCS#11 return values may be returned:
1281  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1282  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1283  * \li HostMemory \li OK \li SessionCount
1284  * \li SessionParallelNotSupported \li SessionReadWriteSoExists \li SlotIdInvalid
1285  * \li TokenNotPresent \li TokenNotRecognized \li TokenWriteProtected
1286  * \li ArgumentsBad
1287  * @return true on success, false otherwise
1288  */
1289  bool C_OpenSession(SlotId slot_id,
1290  Flags flags,
1291  VoidPtr application,
1292  Notify notify,
1293  SessionHandle* session_ptr,
1294  ReturnValue* return_value = ThrowException) const;
1295 
1296  /**
1297  * C_CloseSession closes a session between an application and a token.
1298  * @param session the session's handle
1299  * @param return_value default value (`ThrowException`): throw exception on error.
1300  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1301  * At least the following PKCS#11 return values may be returned:
1302  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1303  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1304  * \li HostMemory \li OK \li SessionClosed
1305  * \li SessionHandleInvalid
1306  * @return true on success, false otherwise
1307  */
1308  bool C_CloseSession(SessionHandle session,
1309  ReturnValue* return_value = ThrowException) const;
1310 
1311  /**
1312  * C_CloseAllSessions closes all sessions with a token.
1313  * @param slot_id the token's slot
1314  * @param return_value default value (`ThrowException`): throw exception on error.
1315  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1316  * At least the following PKCS#11 return values may be returned:
1317  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1318  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1319  * \li HostMemory \li OK \li SlotIdInvalid
1320  * \li TokenNotPresent
1321  * @return true on success, false otherwise
1322  */
1323  bool C_CloseAllSessions(SlotId slot_id,
1324  ReturnValue* return_value = ThrowException) const;
1325 
1326  /**
1327  * C_GetSessionInfo obtains information about the session.
1328  * @param session the session's handle
1329  * @param info_ptr receives session info
1330  * @param return_value default value (`ThrowException`): throw exception on error.
1331  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1332  * At least the following PKCS#11 return values may be returned:
1333  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1334  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1335  * \li HostMemory \li OK \li SessionClosed
1336  * \li SessionHandleInvalid \li ArgumentsBad
1337  * @return true on success, false otherwise
1338  */
1339  bool C_GetSessionInfo(SessionHandle session,
1340  SessionInfo* info_ptr,
1341  ReturnValue* return_value = ThrowException) const;
1342 
1343  /**
1344  * C_GetOperationState obtains the state of the cryptographic operation in a session.
1345  * @param session session's handle
1346  * @param operation_state_ptr gets state
1347  * @param operation_state_len_ptr gets state length
1348  * @param return_value default value (`ThrowException`): throw exception on error.
1349  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1350  * At least the following PKCS#11 return values may be returned:
1351  * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1352  * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1353  * \li GeneralError \li HostMemory \li OK
1354  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
1355  * \li StateUnsaveable \li ArgumentsBad
1356  * @return true on success, false otherwise
1357  */
1358  bool C_GetOperationState(SessionHandle session,
1359  Byte* operation_state_ptr,
1360  Ulong* operation_state_len_ptr,
1361  ReturnValue* return_value = ThrowException) const;
1362 
1363  /**
1364  * C_SetOperationState restores the state of the cryptographic operation in a session.
1365  * @param session session's handle
1366  * @param operation_state_ptr holds state
1367  * @param operation_state_len holds state length
1368  * @param encryption_key en/decryption key
1369  * @param authentication_key sign/verify key
1370  * @param return_value default value (`ThrowException`): throw exception on error.
1371  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1372  * At least the following PKCS#11 return values may be returned:
1373  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1374  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1375  * \li HostMemory \li KeyChanged \li KeyNeeded
1376  * \li KeyNotNeeded \li OK \li SavedStateInvalid
1377  * \li SessionClosed \li SessionHandleInvalid \li ArgumentsBad
1378  * @return true on success, false otherwise
1379  */
1380  bool C_SetOperationState(SessionHandle session,
1381  Byte* operation_state_ptr,
1382  Ulong operation_state_len,
1383  ObjectHandle encryption_key,
1384  ObjectHandle authentication_key,
1385  ReturnValue* return_value = ThrowException) const;
1386 
1387  /**
1388  * C_Login logs a user into a token.
1389  * @param session the session's handle
1390  * @param user_type the user type
1391  * @param pin_ptr the user's PIN
1392  * @param pin_len the length of the PIN
1393  * @param return_value default value (`ThrowException`): throw exception on error.
1394  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1395  * At least the following PKCS#11 return values may be returned:
1396  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1397  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1398  * \li FunctionFailed \li GeneralError \li HostMemory
1399  * \li OK \li OperationNotInitialized \li PinIncorrect
1400  * \li PinLocked \li SessionClosed \li SessionHandleInvalid
1401  * \li SessionReadOnlyExists \li UserAlreadyLoggedIn \li UserAnotherAlreadyLoggedIn
1402  * \li UserPinNotInitialized \li UserTooManyTypes \li UserTypeInvalid
1403  * @return true on success, false otherwise
1404  */
1405  bool C_Login(SessionHandle session,
1406  UserType user_type,
1407  Utf8Char* pin_ptr,
1408  Ulong pin_len,
1409  ReturnValue* return_value = ThrowException) const;
1410 
1411  /**
1412  * C_Login logs a user into a token.
1413  * @param session the session's handle
1414  * @param user_type the user type
1415  * @param pin the user or security officer's PIN
1416  * @param return_value default value (`ThrowException`): throw exception on error.
1417  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1418  * At least the following PKCS#11 return values may be returned:
1419  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1420  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1421  * \li FunctionFailed \li GeneralError \li HostMemory
1422  * \li OK \li OperationNotInitialized \li PinIncorrect
1423  * \li PinLocked \li SessionClosed \li SessionHandleInvalid
1424  * \li SessionReadOnlyExists \li UserAlreadyLoggedIn \li UserAnotherAlreadyLoggedIn
1425  * \li UserPinNotInitialized \li UserTooManyTypes \li UserTypeInvalid
1426  * @return true on success, false otherwise
1427  */
1428  template<typename TAlloc>
1429  bool C_Login(SessionHandle session,
1430  UserType user_type,
1431  const std::vector<uint8_t, TAlloc>& pin,
1432  ReturnValue* return_value = ThrowException) const
1433  {
1434  return C_Login(session, user_type,
1435  reinterpret_cast< Utf8Char* >(const_cast< uint8_t* >(pin.data())),
1436  static_cast<Ulong>(pin.size()),
1437  return_value);
1438  }
1439 
1440  /**
1441  * C_Logout logs a user out from a token.
1442  * @param session the session's handle
1443  * @param return_value default value (`ThrowException`): throw exception on error.
1444  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1445  * At least the following PKCS#11 return values may be returned:
1446  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1447  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1448  * \li HostMemory \li OK \li SessionClosed
1449  * \li SessionHandleInvalid \li UserNotLoggedIn
1450  * @return true on success, false otherwise
1451  */
1452  bool C_Logout(SessionHandle session,
1453  ReturnValue* return_value = ThrowException) const;
1454 
1455  /****************************** Object management functions ******************************/
1456 
1457  /**
1458  * C_CreateObject creates a new object.
1459  * @param session the session's handle
1460  * @param attribute_template_ptr the object's template
1461  * @param count attributes in template
1462  * @param object_ptr gets new object's handle.
1463  * @param return_value default value (`ThrowException`): throw exception on error.
1464  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1465  * At least the following PKCS#11 return values may be returned:
1466  * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
1467  * \li AttributeValueInvalid \li CryptokiNotInitialized \li CurveNotSupported
1468  * \li DeviceError \li DeviceMemory \li DeviceRemoved
1469  * \li DomainParamsInvalid \li FunctionFailed \li GeneralError
1470  * \li HostMemory \li OK \li PinExpired
1471  * \li SessionClosed \li SessionHandleInvalid \li SessionReadOnly
1472  * \li TemplateIncomplete \li TemplateInconsistent \li TokenWriteProtected
1473  * \li UserNotLoggedIn
1474  * @return true on success, false otherwise
1475  */
1476  bool C_CreateObject(SessionHandle session,
1477  Attribute* attribute_template_ptr,
1478  Ulong count,
1479  ObjectHandle* object_ptr,
1480  ReturnValue* return_value = ThrowException) const;
1481 
1482  /**
1483  * C_CopyObject copies an object, creating a new object for the copy.
1484  * @param session the session's handle
1485  * @param object the object's handle
1486  * @param attribute_template_ptr template for new object
1487  * @param count attributes in template
1488  * @param new_object_ptr receives handle of copy
1489  * @param return_value default value (`ThrowException`): throw exception on error.
1490  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1491  * At least the following PKCS#11 return values may be returned:
1492  * \li ActionProhibited \li ArgumentsBad \li AttributeReadOnly
1493  * \li AttributeTypeInvalid \li AttributeValueInvalid \li CryptokiNotInitialized
1494  * \li DeviceError \li DeviceMemory \li DeviceRemoved
1495  * \li FunctionFailed \li GeneralError \li HostMemory
1496  * \li ObjectHandleInvalid \li OK \li PinExpired
1497  * \li SessionClosed \li SessionHandleInvalid \li SessionReadOnly
1498  * \li TemplateInconsistent \li TokenWriteProtected \li UserNotLoggedIn
1499  * @return true on success, false otherwise
1500  */
1501  bool C_CopyObject(SessionHandle session,
1502  ObjectHandle object,
1503  Attribute* attribute_template_ptr,
1504  Ulong count,
1505  ObjectHandle* new_object_ptr,
1506  ReturnValue* return_value = ThrowException) const;
1507 
1508  /**
1509  * C_DestroyObject destroys an object.
1510  * @param session the session's handle
1511  * @param object the object's handle
1512  * @param return_value default value (`ThrowException`): throw exception on error.
1513  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1514  * At least the following PKCS#11 return values may be returned:
1515  * \li ActionProhibited \li CryptokiNotInitialized \li DeviceError
1516  * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1517  * \li GeneralError \li HostMemory \li ObjectHandleInvalid
1518  * \li OK \li PinExpired \li SessionClosed
1519  * \li SessionHandleInvalid \li SessionReadOnly \li TokenWriteProtected
1520  * @return true on success, false otherwise
1521  */
1522  bool C_DestroyObject(SessionHandle session,
1523  ObjectHandle object,
1524  ReturnValue* return_value = ThrowException) const;
1525 
1526  /**
1527  * C_GetObjectSize gets the size of an object in bytes.
1528  * @param session the session's handle
1529  * @param object the object's handle
1530  * @param size_ptr receives size of object
1531  * @param return_value default value (`ThrowException`): throw exception on error.
1532  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1533  * At least the following PKCS#11 return values may be returned:
1534  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1535  * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1536  * \li GeneralError \li HostMemory \li InformationSensitive
1537  * \li ObjectHandleInvalid \li OK \li SessionClosed
1538  * \li SessionHandleInvalid
1539  * @return true on success, false otherwise
1540  */
1541  bool C_GetObjectSize(SessionHandle session,
1542  ObjectHandle object,
1543  Ulong* size_ptr,
1544  ReturnValue* return_value = ThrowException) const;
1545 
1546  /**
1547  * C_GetAttributeValue obtains the value of one or more object attributes.
1548  * @param session the session's handle
1549  * @param object the object's handle
1550  * @param attribute_template_ptr specifies attrs; gets vals
1551  * @param count attributes in template
1552  * @param return_value default value (`ThrowException`): throw exception on error.
1553  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1554  * At least the following PKCS#11 return values may be returned:
1555  * \li ArgumentsBad \li AttributeSensitive \li AttributeTypeInvalid
1556  * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1557  * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1558  * \li GeneralError \li HostMemory \li ObjectHandleInvalid
1559  * \li OK \li SessionClosed \li SessionHandleInvalid
1560  * @return true on success, false otherwise
1561  */
1562  bool C_GetAttributeValue(SessionHandle session,
1563  ObjectHandle object,
1564  Attribute* attribute_template_ptr,
1565  Ulong count,
1566  ReturnValue* return_value = ThrowException) const;
1567 
1568  /**
1569  * C_GetAttributeValue obtains the value of one or more object attributes.
1570  * @param session the session's handle
1571  * @param object the object's handle
1572  * @param attribute_values specifies attrs; gets vals
1573  * @param return_value default value (`ThrowException`): throw exception on error.
1574  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1575  * At least the following PKCS#11 return values may be returned:
1576  * \li ArgumentsBad \li AttributeSensitive \li AttributeTypeInvalid
1577  * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1578  * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1579  * \li GeneralError \li HostMemory \li ObjectHandleInvalid
1580  * \li OK \li SessionClosed \li SessionHandleInvalid
1581  * @return true on success, false otherwise
1582  */
1583  template<typename TAlloc>
1585  ObjectHandle object,
1586  std::map<AttributeType, std::vector<uint8_t, TAlloc>>& attribute_values,
1587  ReturnValue* return_value = ThrowException) const
1588  {
1589  std::vector<Attribute> getter_template;
1590 
1591  for(const auto& entry : attribute_values)
1592  {
1593  getter_template.emplace_back(Attribute{ static_cast< CK_ATTRIBUTE_TYPE >(entry.first), nullptr, 0 });
1594  }
1595 
1596  bool success = C_GetAttributeValue(session,
1597  object,
1598  const_cast< Attribute* >(getter_template.data()),
1599  static_cast<Ulong>(getter_template.size()),
1600  return_value);
1601 
1602  if(!success)
1603  {
1604  return success;
1605  }
1606 
1607  size_t i = 0;
1608  for(auto& entry : attribute_values)
1609  {
1610  entry.second.clear();
1611  entry.second.resize(getter_template.at(i).ulValueLen);
1612  getter_template.at(i).pValue = const_cast< uint8_t* >(entry.second.data());
1613  i++;
1614  }
1615 
1616  return C_GetAttributeValue(session, object,
1617  const_cast< Attribute* >(getter_template.data()),
1618  static_cast<Ulong>(getter_template.size()),
1619  return_value);
1620  }
1621 
1622  /**
1623  * C_SetAttributeValue modifies the value of one or more object attributes.
1624  * @param session the session's handle
1625  * @param object the object's handle
1626  * @param attribute_template_ptr specifies attrs and values
1627  * @param count attributes in template
1628  * @param return_value default value (`ThrowException`): throw exception on error.
1629  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1630  * At least the following PKCS#11 return values may be returned:
1631  * \li ActionProhibited \li ArgumentsBad \li AttributeReadOnly
1632  * \li AttributeTypeInvalid \li AttributeValueInvalid \li CryptokiNotInitialized
1633  * \li DeviceError \li DeviceMemory \li DeviceRemoved
1634  * \li FunctionFailed \li GeneralError \li HostMemory
1635  * \li ObjectHandleInvalid \li OK \li SessionClosed
1636  * \li SessionHandleInvalid \li SessionReadOnly \li TemplateInconsistent
1637  * \li TokenWriteProtected \li UserNotLoggedIn
1638  * @return true on success, false otherwise
1639  */
1640  bool C_SetAttributeValue(SessionHandle session,
1641  ObjectHandle object,
1642  Attribute* attribute_template_ptr,
1643  Ulong count,
1644  ReturnValue* return_value = ThrowException) const;
1645 
1646  /**
1647  * C_SetAttributeValue modifies the value of one or more object attributes.
1648  * @param session the session's handle
1649  * @param object the object's handle
1650  * @param attribute_values specifies attrs and values
1651  * @param return_value default value (`ThrowException`): throw exception on error.
1652  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1653  * At least the following PKCS#11 return values may be returned:
1654  * \li ActionProhibited \li ArgumentsBad \li AttributeReadOnly
1655  * \li AttributeTypeInvalid \li AttributeValueInvalid \li CryptokiNotInitialized
1656  * \li DeviceError \li DeviceMemory \li DeviceRemoved
1657  * \li FunctionFailed \li GeneralError \li HostMemory
1658  * \li ObjectHandleInvalid \li OK \li SessionClosed
1659  * \li SessionHandleInvalid \li SessionReadOnly \li TemplateInconsistent
1660  * \li TokenWriteProtected \li UserNotLoggedIn
1661  * @return true on success, false otherwise
1662  */
1663  template<typename TAlloc>
1665  ObjectHandle object,
1666  std::map<AttributeType, std::vector<uint8_t, TAlloc>>& attribute_values,
1667  ReturnValue* return_value = ThrowException) const
1668  {
1669  std::vector<Attribute> setter_template;
1670 
1671  for(auto& entry : attribute_values)
1672  {
1673  setter_template.emplace_back(Attribute{ static_cast< CK_ATTRIBUTE_TYPE >(entry.first), entry.second.data(), static_cast<CK_ULONG>(entry.second.size()) });
1674  }
1675 
1676  return C_SetAttributeValue(session, object,
1677  const_cast< Attribute* >(setter_template.data()),
1678  static_cast<Ulong>(setter_template.size()),
1679  return_value);
1680  }
1681 
1682  /**
1683  * C_FindObjectsInit initializes a search for token and session objects that match a template.
1684  * @param session the session's handle
1685  * @param attribute_template_ptr attribute values to match
1686  * @param count attrs in search template
1687  * @param return_value default value (`ThrowException`): throw exception on error.
1688  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1689  * At least the following PKCS#11 return values may be returned:
1690  * \li ArgumentsBad \li AttributeTypeInvalid \li AttributeValueInvalid
1691  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1692  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1693  * \li HostMemory \li OK \li OperationActive
1694  * \li PinExpired \li SessionClosed \li SessionHandleInvalid
1695  * @return true on success, false otherwise
1696  */
1697  bool C_FindObjectsInit(SessionHandle session,
1698  Attribute* attribute_template_ptr,
1699  Ulong count,
1700  ReturnValue* return_value = ThrowException) const;
1701 
1702  /**
1703  * C_FindObjects continues a search for token and session objects that match a template, obtaining additional object handles.
1704  * @param session session's handle
1705  * @param object_ptr gets obj. handles
1706  * @param max_object_count max handles to get
1707  * @param object_count_ptr actual # returned
1708  * @param return_value default value (`ThrowException`): throw exception on error.
1709  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1710  * At least the following PKCS#11 return values may be returned:
1711  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1712  * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1713  * \li GeneralError \li HostMemory \li OK
1714  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
1715  * @return true on success, false otherwise
1716  */
1717  bool C_FindObjects(SessionHandle session,
1718  ObjectHandle* object_ptr,
1719  Ulong max_object_count,
1720  Ulong* object_count_ptr,
1721  ReturnValue* return_value = ThrowException) const;
1722 
1723  /**
1724  * C_FindObjectsFinal finishes a search for token and session objects.
1725  * @param session the session's handle
1726  * @param return_value default value (`ThrowException`): throw exception on error.
1727  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1728  * At least the following PKCS#11 return values may be returned:
1729  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1730  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1731  * \li HostMemory \li OK \li OperationNotInitialized
1732  * \li SessionClosed \li SessionHandleInvalid
1733  * @return true on success, false otherwise
1734  */
1735  bool C_FindObjectsFinal(SessionHandle session,
1736  ReturnValue* return_value = ThrowException) const;
1737 
1738  /****************************** Encryption functions ******************************/
1739 
1740  /**
1741  * C_EncryptInit initializes an encryption operation.
1742  * @param session the session's handle
1743  * @param mechanism_ptr the encryption mechanism
1744  * @param key handle of encryption key
1745  * @param return_value default value (`ThrowException`): throw exception on error.
1746  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1747  * At least the following PKCS#11 return values may be returned:
1748  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1749  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1750  * \li GeneralError \li HostMemory \li KeyFunctionNotPermitted
1751  * \li KeyHandleInvalid \li KeySizeRange \li KeyTypeInconsistent
1752  * \li MechanismInvalid \li MechanismParamInvalid \li OK
1753  * \li OperationActive \li PinExpired \li SessionClosed
1754  * \li SessionHandleInvalid \li UserNotLoggedIn
1755  * @return true on success, false otherwise
1756  */
1757  bool C_EncryptInit(SessionHandle session,
1758  Mechanism* mechanism_ptr,
1759  ObjectHandle key,
1760  ReturnValue* return_value = ThrowException) const;
1761 
1762  /**
1763  * C_Encrypt encrypts single-part data.
1764  * @param session session's handle
1765  * @param data_ptr the plaintext data
1766  * @param data_len size of plaintext data in bytes
1767  * @param encrypted_data gets ciphertext
1768  * @param encrypted_data_len_ptr gets c-text size
1769  * @param return_value default value (`ThrowException`): throw exception on error.
1770  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1771  * At least the following PKCS#11 return values may be returned:
1772  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1773  * \li DataInvalid \li DataLenRange \li DeviceError
1774  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1775  * \li FunctionFailed \li GeneralError \li HostMemory
1776  * \li OK \li OperationNotInitialized \li SessionClosed
1777  * \li SessionHandleInvalid
1778  * @return true on success, false otherwise
1779  */
1780  bool C_Encrypt(SessionHandle session,
1781  Byte* data_ptr,
1782  Ulong data_len,
1783  Byte* encrypted_data,
1784  Ulong* encrypted_data_len_ptr,
1785  ReturnValue* return_value = ThrowException) const;
1786 
1787  /**
1788  * C_Encrypt encrypts single-part data.
1789  * @param session session's handle
1790  * @param plaintext_data the plaintext data
1791  * @param encrypted_data gets ciphertext
1792  * @param return_value default value (`ThrowException`): throw exception on error.
1793  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1794  * At least the following PKCS#11 return values may be returned:
1795  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1796  * \li DataInvalid \li DataLenRange \li DeviceError
1797  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1798  * \li FunctionFailed \li GeneralError \li HostMemory
1799  * \li OK \li OperationNotInitialized \li SessionClosed
1800  * \li SessionHandleInvalid
1801  * @return true on success, false otherwise
1802  */
1803  template<typename TAllocA, typename TAllocB>
1804  bool C_Encrypt(SessionHandle session,
1805  const std::vector<uint8_t, TAllocA>& plaintext_data,
1806  std::vector<uint8_t, TAllocB>& encrypted_data,
1807  ReturnValue* return_value = ThrowException) const
1808  {
1809  Ulong encrypted_size = 0;
1810  if(!C_Encrypt(session,
1811  const_cast<Byte*>((plaintext_data.data())),
1812  static_cast<Ulong>(plaintext_data.size()),
1813  nullptr, &encrypted_size,
1814  return_value))
1815  {
1816  return false;
1817  }
1818 
1819  encrypted_data.resize(encrypted_size);
1820  if (!C_Encrypt(session,
1821  const_cast<Byte*>(plaintext_data.data()),
1822  static_cast<Ulong>(plaintext_data.size()),
1823  encrypted_data.data(),
1824  &encrypted_size, return_value))
1825  {
1826  return false;
1827  }
1828  encrypted_data.resize(encrypted_size);
1829  return true;
1830  }
1831 
1832  /**
1833  * C_EncryptUpdate continues a multiple-part encryption operation.
1834  * @param session session's handle
1835  * @param part_ptr the plaintext data
1836  * @param part_len plaintext data len
1837  * @param encrypted_part_ptr gets ciphertext
1838  * @param encrypted_part_len_ptr gets c-text size
1839  * @param return_value default value (`ThrowException`): throw exception on error.
1840  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1841  * At least the following PKCS#11 return values may be returned:
1842  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1843  * \li DataLenRange \li DeviceError \li DeviceMemory
1844  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1845  * \li GeneralError \li HostMemory \li OK
1846  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
1847  * @return true on success, false otherwise
1848  */
1849  bool C_EncryptUpdate(SessionHandle session,
1850  Byte* part_ptr,
1851  Ulong part_len,
1852  Byte* encrypted_part_ptr,
1853  Ulong* encrypted_part_len_ptr,
1854  ReturnValue* return_value = ThrowException) const;
1855 
1856  /**
1857  * C_EncryptFinal finishes a multiple-part encryption operation.
1858  * @param session session handle
1859  * @param last_encrypted_part_ptr last c-text
1860  * @param last_encrypted_part_len_ptr gets last size
1861  * @param return_value default value (`ThrowException`): throw exception on error.
1862  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1863  * At least the following PKCS#11 return values may be returned:
1864  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1865  * \li DataLenRange \li DeviceError \li DeviceMemory
1866  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1867  * \li GeneralError \li HostMemory \li OK
1868  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
1869  * @return true on success, false otherwise
1870  */
1871  bool C_EncryptFinal(SessionHandle session,
1872  Byte* last_encrypted_part_ptr,
1873  Ulong* last_encrypted_part_len_ptr,
1874  ReturnValue* return_value = ThrowException) const;
1875 
1876  /****************************** Decryption functions ******************************/
1877 
1878  /**
1879  * C_DecryptInit initializes a decryption operation.
1880  * @param session the session's handle
1881  * @param mechanism_ptr the decryption mechanism
1882  * @param key handle of decryption key
1883  * @param return_value default value (`ThrowException`): throw exception on error.
1884  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1885  * At least the following PKCS#11 return values may be returned:
1886  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1887  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1888  * \li FunctionFailed \li GeneralError \li HostMemory
1889  * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
1890  * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
1891  * \li OK \li OperationActive \li PinExpired
1892  * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
1893  * @return true on success, false otherwise
1894  */
1895  bool C_DecryptInit(SessionHandle session,
1896  Mechanism* mechanism_ptr,
1897  ObjectHandle key,
1898  ReturnValue* return_value = ThrowException) const;
1899 
1900  /**
1901  * C_Decrypt decrypts encrypted data in a single part.
1902  * @param session session's handle
1903  * @param encrypted_data_ptr ciphertext
1904  * @param encrypted_data_len ciphertext length
1905  * @param data_ptr gets plaintext
1906  * @param data_len_ptr gets p-text size
1907  * @param return_value default value (`ThrowException`): throw exception on error.
1908  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1909  * At least the following PKCS#11 return values may be returned:
1910  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1911  * \li DeviceError \li DeviceMemory \li DeviceRemoved
1912  * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
1913  * \li FunctionFailed \li GeneralError \li HostMemory
1914  * \li OK \li OperationNotInitialized \li SessionClosed
1915  * \li SessionHandleInvalid \li UserNotLoggedIn
1916  * @return true on success, false otherwise
1917  */
1918  bool C_Decrypt(SessionHandle session,
1919  Byte* encrypted_data_ptr,
1920  Ulong encrypted_data_len,
1921  Byte* data_ptr,
1922  Ulong* data_len_ptr,
1923  ReturnValue* return_value = ThrowException) const;
1924 
1925  /**
1926  * C_Decrypt decrypts encrypted data in a single part.
1927  * @param session session's handle
1928  * @param encrypted_data ciphertext
1929  * @param decrypted_data gets plaintext
1930  * @param return_value default value (`ThrowException`): throw exception on error.
1931  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1932  * At least the following PKCS#11 return values may be returned:
1933  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1934  * \li DeviceError \li DeviceMemory \li DeviceRemoved
1935  * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
1936  * \li FunctionFailed \li GeneralError \li HostMemory
1937  * \li OK \li OperationNotInitialized \li SessionClosed
1938  * \li SessionHandleInvalid \li UserNotLoggedIn
1939  * @return true on success, false otherwise
1940  */
1941  template<typename TAllocA, typename TAllocB>
1942  bool C_Decrypt(SessionHandle session,
1943  const std::vector<uint8_t, TAllocA>& encrypted_data,
1944  std::vector<uint8_t, TAllocB>& decrypted_data,
1945  ReturnValue* return_value = ThrowException) const
1946  {
1947  Ulong decrypted_size = 0;
1948  if(!C_Decrypt(session,
1949  const_cast<Byte*>((encrypted_data.data())),
1950  static_cast<Ulong>(encrypted_data.size()),
1951  nullptr, &decrypted_size,
1952  return_value))
1953  {
1954  return false;
1955  }
1956 
1957  decrypted_data.resize(decrypted_size);
1958  if(!C_Decrypt(session,
1959  const_cast<Byte*>(encrypted_data.data()),
1960  static_cast<Ulong>(encrypted_data.size()),
1961  decrypted_data.data(),
1962  &decrypted_size, return_value))
1963  {
1964  return false;
1965  }
1966  decrypted_data.resize(decrypted_size);
1967  return true;
1968  }
1969 
1970  /**
1971  * C_DecryptUpdate continues a multiple-part decryption operation.
1972  * @param session session's handle
1973  * @param encrypted_part_ptr encrypted data
1974  * @param encrypted_part_len input length
1975  * @param part_ptr gets plaintext
1976  * @param part_len_ptr p-text size
1977  * @param return_value default value (`ThrowException`): throw exception on error.
1978  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1979  * At least the following PKCS#11 return values may be returned:
1980  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1981  * \li DeviceError \li DeviceMemory \li DeviceRemoved
1982  * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
1983  * \li FunctionFailed \li GeneralError \li HostMemory
1984  * \li OK \li OperationNotInitialized \li SessionClosed
1985  * \li SessionHandleInvalid \li UserNotLoggedIn
1986  * @return true on success, false otherwise
1987  */
1988  bool C_DecryptUpdate(SessionHandle session,
1989  Byte* encrypted_part_ptr,
1990  Ulong encrypted_part_len,
1991  Byte* part_ptr,
1992  Ulong* part_len_ptr,
1993  ReturnValue* return_value = ThrowException) const;
1994 
1995  /**
1996  * C_DecryptFinal finishes a multiple-part decryption operation.
1997  * @param session the session's handle
1998  * @param last_part_ptr gets plaintext
1999  * @param last_part_len_ptr p-text size
2000  * @param return_value default value (`ThrowException`): throw exception on error.
2001  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2002  * At least the following PKCS#11 return values may be returned:
2003  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2004  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2005  * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
2006  * \li FunctionFailed \li GeneralError \li HostMemory
2007  * \li OK \li OperationNotInitialized \li SessionClosed
2008  * \li SessionHandleInvalid \li UserNotLoggedIn
2009  * @return true on success, false otherwise
2010  */
2011  bool C_DecryptFinal(SessionHandle session,
2012  Byte* last_part_ptr,
2013  Ulong* last_part_len_ptr,
2014  ReturnValue* return_value = ThrowException) const;
2015 
2016  /****************************** Message digesting functions ******************************/
2017 
2018  /**
2019  * C_DigestInit initializes a message-digesting operation.
2020  * @param session the session's handle
2021  * @param mechanism_ptr the digesting mechanism
2022  * @param return_value default value (`ThrowException`): throw exception on error.
2023  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2024  * At least the following PKCS#11 return values may be returned:
2025  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2026  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2027  * \li FunctionFailed \li GeneralError \li HostMemory
2028  * \li MechanismInvalid \li MechanismParamInvalid \li OK
2029  * \li OperationActive \li PinExpired \li SessionClosed
2030  * \li SessionHandleInvalid \li UserNotLoggedIn
2031  * @return true on success, false otherwise
2032  */
2033  bool C_DigestInit(SessionHandle session,
2034  Mechanism* mechanism_ptr,
2035  ReturnValue* return_value = ThrowException) const;
2036 
2037  /**
2038  * C_Digest digests data in a single part.
2039  * @param session the session's handle
2040  * @param data_ptr data to be digested
2041  * @param data_len bytes of data to digest
2042  * @param digest_ptr gets the message digest
2043  * @param digest_len_ptr gets digest length
2044  * @param return_value default value (`ThrowException`): throw exception on error.
2045  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2046  * At least the following PKCS#11 return values may be returned:
2047  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2048  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2049  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2050  * \li HostMemory \li OK \li OperationNotInitialized
2051  * \li SessionClosed \li SessionHandleInvalid
2052  * @return true on success, false otherwise
2053  */
2054  bool C_Digest(SessionHandle session,
2055  Byte* data_ptr,
2056  Ulong data_len,
2057  Byte* digest_ptr,
2058  Ulong* digest_len_ptr,
2059  ReturnValue* return_value = ThrowException) const;
2060 
2061  /**
2062  * C_DigestUpdate continues a multiple-part message-digesting operation.
2063  * @param session the session's handle
2064  * @param part_ptr data to be digested
2065  * @param part_len bytes of data to be digested
2066  * @param return_value default value (`ThrowException`): throw exception on error.
2067  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2068  * At least the following PKCS#11 return values may be returned:
2069  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2070  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2071  * \li FunctionFailed \li GeneralError \li HostMemory
2072  * \li OK \li OperationNotInitialized \li SessionClosed
2073  * \li SessionHandleInvalid
2074  * @return true on success, false otherwise
2075  */
2076  bool C_DigestUpdate(SessionHandle session,
2077  Byte* part_ptr,
2078  Ulong part_len,
2079  ReturnValue* return_value = ThrowException) const;
2080 
2081  /**
2082  * C_DigestKey continues a multi-part message-digesting operation, by digesting the value of a secret key as part of the data already digested.
2083  * @param session the session's handle
2084  * @param key secret key to digest
2085  * @param return_value default value (`ThrowException`): throw exception on error.
2086  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2087  * At least the following PKCS#11 return values may be returned:
2088  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
2089  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2090  * \li GeneralError \li HostMemory \li KeyHandleInvalid
2091  * \li KeyIndigestible \li KeySizeRange \li OK
2092  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2093  * @return true on success, false otherwise
2094  */
2095  bool C_DigestKey(SessionHandle session,
2096  ObjectHandle key,
2097  ReturnValue* return_value = ThrowException) const;
2098 
2099  /**
2100  * C_DigestFinal finishes a multiple-part message-digesting operation.
2101  * @param session the session's handle
2102  * @param digest_ptr gets the message digest
2103  * @param digest_len_ptr gets uint8_t count of digest
2104  * @param return_value default value (`ThrowException`): throw exception on error.
2105  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2106  * At least the following PKCS#11 return values may be returned:
2107  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2108  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2109  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2110  * \li HostMemory \li OK \li OperationNotInitialized
2111  * \li SessionClosed \li SessionHandleInvalid
2112  * @return true on success, false otherwise
2113  */
2114  bool C_DigestFinal(SessionHandle session,
2115  Byte* digest_ptr,
2116  Ulong* digest_len_ptr,
2117  ReturnValue* return_value = ThrowException) const;
2118 
2119  /****************************** Signing and MACing functions ******************************/
2120 
2121  /**
2122  * C_SignInit initializes a signature (private key encryption) operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2123  * @param session the session's handle
2124  * @param mechanism_ptr the signature mechanism
2125  * @param key handle of signature key
2126  * @param return_value default value (`ThrowException`): throw exception on error.
2127  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2128  * At least the following PKCS#11 return values may be returned:
2129  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2130  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2131  * \li FunctionFailed \li GeneralError \li HostMemory
2132  * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
2133  * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
2134  * \li OK \li OperationActive \li PinExpired
2135  * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2136  * @return true on success, false otherwise
2137  */
2138  bool C_SignInit(SessionHandle session,
2139  Mechanism* mechanism_ptr,
2140  ObjectHandle key,
2141  ReturnValue* return_value = ThrowException) const;
2142 
2143  /**
2144  * C_Sign signs (encrypts with private key) data in a single part, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2145  * @param session the session's handle
2146  * @param data_ptr the data to sign
2147  * @param data_len count of bytes to sign
2148  * @param signature_ptr gets the signature
2149  * @param signature_len_ptr gets signature length
2150  * @param return_value default value (`ThrowException`): throw exception on error.
2151  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2152  * At least the following PKCS#11 return values may be returned:
2153  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2154  * \li DataInvalid \li DataLenRange \li DeviceError
2155  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2156  * \li FunctionFailed \li GeneralError \li HostMemory
2157  * \li OK \li OperationNotInitialized \li SessionClosed
2158  * \li SessionHandleInvalid \li UserNotLoggedIn \li FunctionRejected
2159  * @return true on success, false otherwise
2160  */
2161  bool C_Sign(SessionHandle session,
2162  Byte* data_ptr,
2163  Ulong data_len,
2164  Byte* signature_ptr,
2165  Ulong* signature_len_ptr,
2166  ReturnValue* return_value = ThrowException) const;
2167 
2168  /**
2169  * C_Sign signs (encrypts with private key) data in a single part, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2170  * @param session the session's handle
2171  * @param data the data to sign
2172  * @param signature gets the signature
2173  * @param return_value default value (`ThrowException`): throw exception on error.
2174  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2175  * At least the following PKCS#11 return values may be returned:
2176  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2177  * \li DataInvalid \li DataLenRange \li DeviceError
2178  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2179  * \li FunctionFailed \li GeneralError \li HostMemory
2180  * \li OK \li OperationNotInitialized \li SessionClosed
2181  * \li SessionHandleInvalid \li UserNotLoggedIn \li FunctionRejected
2182  * @return true on success, false otherwise
2183  */
2184  template<typename TAllocA, typename TAllocB>
2185  bool C_Sign(SessionHandle session,
2186  const std::vector<uint8_t, TAllocA>& data,
2187  std::vector<uint8_t, TAllocB>& signature,
2188  ReturnValue* return_value = ThrowException) const
2189  {
2190  Ulong signature_size = 0;
2191  if(!C_Sign(session,
2192  const_cast<Byte*>((data.data())),
2193  static_cast<Ulong>(data.size()),
2194  nullptr,
2195  &signature_size,
2196  return_value))
2197  {
2198  return false;
2199  }
2200 
2201  signature.resize(signature_size);
2202  if (!C_Sign(session,
2203  const_cast<Byte*>(data.data()),
2204  static_cast<Ulong>(data.size()),
2205  signature.data(),
2206  &signature_size,
2207  return_value))
2208  {
2209  return false;
2210  }
2211  signature.resize(signature_size);
2212  return true;
2213  }
2214 
2215  /**
2216  * C_SignUpdate continues a multiple-part signature operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2217  * @param session the session's handle
2218  * @param part_ptr the data to sign
2219  * @param part_len count of bytes to sign
2220  * @param return_value default value (`ThrowException`): throw exception on error.
2221  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2222  * At least the following PKCS#11 return values may be returned:
2223  * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2224  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2225  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2226  * \li HostMemory \li OK \li OperationNotInitialized
2227  * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2228  * @return true on success, false otherwise
2229  */
2230  bool C_SignUpdate(SessionHandle session,
2231  Byte* part_ptr,
2232  Ulong part_len,
2233  ReturnValue* return_value = ThrowException) const;
2234 
2235  /**
2236  * C_SignUpdate continues a multiple-part signature operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2237  * @param session the session's handle
2238  * @param part the data to sign
2239  * @param return_value default value (`ThrowException`): throw exception on error.
2240  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2241  * At least the following PKCS#11 return values may be returned:
2242  * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2243  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2244  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2245  * \li HostMemory \li OK \li OperationNotInitialized
2246  * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2247  * @return true on success, false otherwise
2248  */
2249  template<typename TAlloc>
2251  const std::vector<uint8_t, TAlloc>& part,
2252  ReturnValue* return_value = ThrowException) const
2253  {
2254  return C_SignUpdate(session,
2255  const_cast<Byte*>(part.data()),
2256  static_cast<Ulong>(part.size()),
2257  return_value);
2258  }
2259 
2260  /**
2261  * C_SignFinal finishes a multiple-part signature operation, returning the signature.
2262  * @param session the session's handle
2263  * @param signature_ptr gets the signature
2264  * @param signature_len_ptr gets signature length
2265  * @param return_value default value (`ThrowException`): throw exception on error.
2266  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2267  * At least the following PKCS#11 return values may be returned:
2268  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2269  * \li DataLenRange \li DeviceError \li DeviceMemory
2270  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2271  * \li GeneralError \li HostMemory \li OK
2272  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2273  * \li UserNotLoggedIn \li FunctionRejected
2274  * @return true on success, false otherwise
2275  */
2276  bool C_SignFinal(SessionHandle session,
2277  Byte* signature_ptr,
2278  Ulong* signature_len_ptr,
2279  ReturnValue* return_value = ThrowException) const;
2280 
2281  /**
2282  * C_SignFinal finishes a multiple-part signature operation, returning the signature.
2283  * @param session the session's handle
2284  * @param signature gets the signature
2285  * @param return_value default value (`ThrowException`): throw exception on error.
2286  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2287  * At least the following PKCS#11 return values may be returned:
2288  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2289  * \li DataLenRange \li DeviceError \li DeviceMemory
2290  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2291  * \li GeneralError \li HostMemory \li OK
2292  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2293  * \li UserNotLoggedIn \li FunctionRejected
2294  * @return true on success, false otherwise
2295  */
2296  template<typename TAlloc>
2298  std::vector<uint8_t, TAlloc>& signature,
2299  ReturnValue* return_value = ThrowException) const
2300  {
2301  Ulong signature_size = 0;
2302  if(!C_SignFinal(session, nullptr, &signature_size, return_value))
2303  {
2304  return false;
2305  }
2306 
2307  signature.resize(signature_size);
2308  if (!C_SignFinal(session, signature.data(), &signature_size, return_value))
2309  {
2310  return false;
2311  }
2312  signature.resize(signature_size);
2313  return true;
2314  }
2315 
2316  /**
2317  * C_SignRecoverInit initializes a signature operation, where the data can be recovered from the signature.
2318  * @param session the session's handle
2319  * @param mechanism_ptr the signature mechanism
2320  * @param key handle of the signature key
2321  * @param return_value default value (`ThrowException`): throw exception on error.
2322  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2323  * At least the following PKCS#11 return values may be returned:
2324  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2325  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2326  * \li FunctionFailed \li GeneralError \li HostMemory
2327  * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
2328  * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
2329  * \li OK \li OperationActive \li PinExpired
2330  * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2331  * @return true on success, false otherwise
2332  */
2333  bool C_SignRecoverInit(SessionHandle session,
2334  Mechanism* mechanism_ptr,
2335  ObjectHandle key,
2336  ReturnValue* return_value = ThrowException) const;
2337 
2338  /**
2339  * C_SignRecover signs data in a single operation, where the data can be recovered from the signature.
2340  * @param session the session's handle
2341  * @param data_ptr the data to sign
2342  * @param data_len count of bytes to sign
2343  * @param signature_ptr gets the signature
2344  * @param signature_len_ptr gets signature length
2345  * @param return_value default value (`ThrowException`): throw exception on error.
2346  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2347  * At least the following PKCS#11 return values may be returned:
2348  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2349  * \li DataInvalid \li DataLenRange \li DeviceError
2350  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2351  * \li FunctionFailed \li GeneralError \li HostMemory
2352  * \li OK \li OperationNotInitialized \li SessionClosed
2353  * \li SessionHandleInvalid \li UserNotLoggedIn
2354  * @return true on success, false otherwise
2355  */
2356  bool C_SignRecover(SessionHandle session,
2357  Byte* data_ptr,
2358  Ulong data_len,
2359  Byte* signature_ptr,
2360  Ulong* signature_len_ptr,
2361  ReturnValue* return_value = ThrowException) const;
2362 
2363  /****************************** Functions for verifying signatures and MACs ******************************/
2364 
2365  /**
2366  * C_VerifyInit initializes a verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature (e.g. DSA).
2367  * @param session the session's handle
2368  * @param mechanism_ptr the verification mechanism
2369  * @param key verification key
2370  * @param return_value default value (`ThrowException`): throw exception on error.
2371  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2372  * At least the following PKCS#11 return values may be returned:
2373  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2374  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2375  * \li FunctionFailed \li GeneralError \li HostMemory
2376  * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
2377  * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
2378  * \li OK \li OperationActive \li PinExpired
2379  * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2380  * @return true on success, false otherwise
2381  */
2382  bool C_VerifyInit(SessionHandle session,
2383  Mechanism* mechanism_ptr,
2384  ObjectHandle key,
2385  ReturnValue* return_value = ThrowException) const;
2386 
2387  /**
2388  * C_Verify verifies a signature in a single-part operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
2389  * @param session the session's handle
2390  * @param data_ptr signed data
2391  * @param data_len length of signed data
2392  * @param signature_ptr signature
2393  * @param signature_len signature length
2394  * @param return_value default value (`ThrowException`): throw exception on error.
2395  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2396  * At least the following PKCS#11 return values may be returned:
2397  * \li ArgumentsBad \li CryptokiNotInitialized \li DataInvalid
2398  * \li DataLenRange \li DeviceError \li DeviceMemory
2399  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2400  * \li GeneralError \li HostMemory \li OK
2401  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2402  * \li SignatureInvalid \li SignatureLenRange
2403  * @return true on success, false otherwise
2404  */
2405  bool C_Verify(SessionHandle session,
2406  Byte* data_ptr,
2407  Ulong data_len,
2408  Byte* signature_ptr,
2409  Ulong signature_len,
2410  ReturnValue* return_value = ThrowException) const;
2411 
2412  /**
2413  * C_Verify verifies a signature in a single-part operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
2414  * @param session the session's handle
2415  * @param data signed data
2416  * @param signature signature
2417  * @param return_value default value (`ThrowException`): throw exception on error.
2418  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2419  * At least the following PKCS#11 return values may be returned:
2420  * \li ArgumentsBad \li CryptokiNotInitialized \li DataInvalid
2421  * \li DataLenRange \li DeviceError \li DeviceMemory
2422  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2423  * \li GeneralError \li HostMemory \li OK
2424  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2425  * \li SignatureInvalid \li SignatureLenRange
2426  * @return true on success, false otherwise
2427  */
2428  template<typename TAllocA, typename TAllocB>
2429  bool C_Verify(SessionHandle session,
2430  const std::vector<uint8_t, TAllocA>& data,
2431  std::vector<uint8_t, TAllocB>& signature,
2432  ReturnValue* return_value = ThrowException) const
2433  {
2434  return C_Verify(session,
2435  const_cast<Byte*>(data.data()),
2436  static_cast<Ulong>(data.size()),
2437  signature.data(),
2438  static_cast<Ulong>(signature.size()),
2439  return_value);
2440  }
2441 
2442  /**
2443  * C_VerifyUpdate continues a multiple-part verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
2444  * @param session the session's handle
2445  * @param part_ptr signed data
2446  * @param part_len length of signed data
2447  * @param return_value default value (`ThrowException`): throw exception on error.
2448  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2449  * At least the following PKCS#11 return values may be returned:
2450  * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2451  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2452  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2453  * \li HostMemory \li OK \li OperationNotInitialized
2454  * \li SessionClosed \li SessionHandleInvalid
2455  * @return true on success, false otherwise
2456  */
2457  bool C_VerifyUpdate(SessionHandle session,
2458  Byte* part_ptr,
2459  Ulong part_len,
2460  ReturnValue* return_value = ThrowException) const;
2461 
2462  /**
2463  * C_VerifyUpdate continues a multiple-part verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
2464  * @param session the session's handle
2465  * @param part signed data
2466  * @param return_value default value (`ThrowException`): throw exception on error.
2467  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2468  * At least the following PKCS#11 return values may be returned:
2469  * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2470  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2471  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2472  * \li HostMemory \li OK \li OperationNotInitialized
2473  * \li SessionClosed \li SessionHandleInvalid
2474  * @return true on success, false otherwise
2475  */
2476  template<typename TAlloc>
2478  std::vector<uint8_t, TAlloc> part,
2479  ReturnValue* return_value = ThrowException) const
2480  {
2481  return C_VerifyUpdate(session, part.data(), static_cast<Ulong>(part.size()), return_value);
2482  }
2483 
2484  /**
2485  * C_VerifyFinal finishes a multiple-part verification operation, checking the signature.
2486  * @param session the session's handle
2487  * @param signature_ptr signature to verify
2488  * @param signature_len signature length
2489  * @param return_value default value (`ThrowException`): throw exception on error.
2490  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2491  * At least the following PKCS#11 return values may be returned:
2492  * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2493  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2494  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2495  * \li HostMemory \li OK \li OperationNotInitialized
2496  * \li SessionClosed \li SessionHandleInvalid \li SignatureInvalid
2497  * \li SignatureLenRange
2498  * @return true on success, false otherwise
2499  */
2500  bool C_VerifyFinal(SessionHandle session,
2501  Byte* signature_ptr,
2502  Ulong signature_len,
2503  ReturnValue* return_value = ThrowException) const;
2504 
2505  /**
2506  * C_VerifyRecoverInit initializes a signature verification operation, where the data is recovered from the signature.
2507  * @param session the session's handle
2508  * @param mechanism_ptr the verification mechanism
2509  * @param key verification key
2510  * @param return_value default value (`ThrowException`): throw exception on error.
2511  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2512  * At least the following PKCS#11 return values may be returned:
2513  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2514  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2515  * \li FunctionFailed \li GeneralError \li HostMemory
2516  * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
2517  * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
2518  * \li OK \li OperationActive \li PinExpired
2519  * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2520  * @return true on success, false otherwise
2521  */
2522  bool C_VerifyRecoverInit(SessionHandle session,
2523  Mechanism* mechanism_ptr,
2524  ObjectHandle key,
2525  ReturnValue* return_value = ThrowException) const;
2526 
2527  /**
2528  * C_VerifyRecover verifies a signature in a single-part operation, where the data is recovered from the signature.
2529  * @param session the session's handle
2530  * @param signature_ptr signature to verify
2531  * @param signature_len signature length
2532  * @param data_ptr gets signed data
2533  * @param data_len_ptr gets signed data len
2534  * @param return_value default value (`ThrowException`): throw exception on error.
2535  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2536  * At least the following PKCS#11 return values may be returned:
2537  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2538  * \li DataInvalid \li DataLenRange \li DeviceError
2539  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2540  * \li FunctionFailed \li GeneralError \li HostMemory
2541  * \li OK \li OperationNotInitialized \li SessionClosed
2542  * \li SessionHandleInvalid \li SignatureLenRange \li SignatureInvalid
2543  * @return true on success, false otherwise
2544  */
2545  bool C_VerifyRecover(SessionHandle session,
2546  Byte* signature_ptr,
2547  Ulong signature_len,
2548  Byte* data_ptr,
2549  Ulong* data_len_ptr,
2550  ReturnValue* return_value = ThrowException) const;
2551 
2552  /****************************** Dual-purpose cryptographic functions ******************************/
2553 
2554  /**
2555  * C_DigestEncryptUpdate continues a multiple-part digesting and encryption operation.
2556  * @param session session's handle
2557  * @param part_ptr the plaintext data
2558  * @param part_len plaintext length
2559  * @param encrypted_part_ptr gets ciphertext
2560  * @param encrypted_part_len_ptr gets c-text length
2561  * @param return_value default value (`ThrowException`): throw exception on error.
2562  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2563  * At least the following PKCS#11 return values may be returned:
2564  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2565  * \li DataLenRange \li DeviceError \li DeviceMemory
2566  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2567  * \li GeneralError \li HostMemory \li OK
2568  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2569  * @return true on success, false otherwise
2570  */
2571  bool C_DigestEncryptUpdate(SessionHandle session,
2572  Byte* part_ptr,
2573  Ulong part_len,
2574  Byte* encrypted_part_ptr,
2575  Ulong* encrypted_part_len_ptr,
2576  ReturnValue* return_value = ThrowException) const ;
2577 
2578  /**
2579  * C_DecryptDigestUpdate continues a multiple-part decryption and digesting operation.
2580  * @param session session's handle
2581  * @param encrypted_part_ptr ciphertext
2582  * @param encrypted_part_len ciphertext length
2583  * @param part_ptr gets plaintext
2584  * @param part_len_ptr gets plaintext len
2585  * @param return_value default value (`ThrowException`): throw exception on error.
2586  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2587  * At least the following PKCS#11 return values may be returned:
2588  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2589  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2590  * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
2591  * \li FunctionFailed \li GeneralError \li HostMemory
2592  * \li OK \li OperationNotInitialized \li SessionClosed
2593  * \li SessionHandleInvalid
2594  * @return true on success, false otherwise
2595  */
2596  bool C_DecryptDigestUpdate(SessionHandle session,
2597  Byte* encrypted_part_ptr,
2598  Ulong encrypted_part_len,
2599  Byte* part_ptr,
2600  Ulong* part_len_ptr,
2601  ReturnValue* return_value = ThrowException) const;
2602 
2603  /**
2604  * C_SignEncryptUpdate continues a multiple-part signing and encryption operation.
2605  * @param session session's handle
2606  * @param part_ptr the plaintext data
2607  * @param part_len plaintext length
2608  * @param encrypted_part_ptr gets ciphertext
2609  * @param encrypted_part_len_ptr gets c-text length
2610  * @param return_value default value (`ThrowException`): throw exception on error.
2611  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2612  * At least the following PKCS#11 return values may be returned:
2613  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2614  * \li DataLenRange \li DeviceError \li DeviceMemory
2615  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2616  * \li GeneralError \li HostMemory \li OK
2617  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2618  * \li UserNotLoggedIn
2619  * @return true on success, false otherwise
2620  */
2621  bool C_SignEncryptUpdate(SessionHandle session,
2622  Byte* part_ptr,
2623  Ulong part_len,
2624  Byte* encrypted_part_ptr,
2625  Ulong* encrypted_part_len_ptr,
2626  ReturnValue* return_value = ThrowException) const;
2627 
2628  /**
2629  * C_DecryptVerifyUpdate continues a multiple-part decryption and verify operation.
2630  * @param session session's handle
2631  * @param encrypted_part_ptr ciphertext
2632  * @param encrypted_part_len ciphertext length
2633  * @param part_ptr gets plaintext
2634  * @param part_len_ptr gets p-text length
2635  * @param return_value default value (`ThrowException`): throw exception on error.
2636  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2637  * At least the following PKCS#11 return values may be returned:
2638  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2639  * \li DataLenRange \li DeviceError \li DeviceMemory
2640  * \li DeviceRemoved \li EncryptedDataInvalid \li EncryptedDataLenRange
2641  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2642  * \li HostMemory \li OK \li OperationNotInitialized
2643  * \li SessionClosed \li SessionHandleInvalid
2644  * @return true on success, false otherwise
2645  */
2646  bool C_DecryptVerifyUpdate(SessionHandle session,
2647  Byte* encrypted_part_ptr,
2648  Ulong encrypted_part_len,
2649  Byte* part_ptr,
2650  Ulong* part_len_ptr,
2651  ReturnValue* return_value = ThrowException) const;
2652 
2653  /****************************** Key management functions ******************************/
2654 
2655  /**
2656  * C_GenerateKey generates a secret key, creating a new key object.
2657  * @param session the session's handle
2658  * @param mechanism_ptr key generation mech.
2659  * @param attribute_template_ptr template for new key
2660  * @param count # of attrs in template
2661  * @param key_ptr gets handle of new key
2662  * @param return_value default value (`ThrowException`): throw exception on error.
2663  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2664  * At least the following PKCS#11 return values may be returned:
2665  * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
2666  * \li AttributeValueInvalid \li CryptokiNotInitialized \li CurveNotSupported
2667  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2668  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2669  * \li HostMemory \li MechanismInvalid \li MechanismParamInvalid
2670  * \li OK \li OperationActive \li PinExpired
2671  * \li SessionClosed \li SessionHandleInvalid \li SessionReadOnly
2672  * \li TemplateIncomplete \li TemplateInconsistent \li TokenWriteProtected
2673  * \li UserNotLoggedIn
2674  * @return true on success, false otherwise
2675  */
2676  bool C_GenerateKey(SessionHandle session,
2677  Mechanism* mechanism_ptr,
2678  Attribute* attribute_template_ptr,
2679  Ulong count,
2680  ObjectHandle* key_ptr,
2681  ReturnValue* return_value = ThrowException) const;
2682 
2683  /**
2684  * C_GenerateKeyPair generates a public-key/private-key pair, creating new key objects.
2685  * @param session session handle
2686  * @param mechanism_ptr key-gen mech.
2687  * @param public_key_template_ptr template for pub. key
2688  * @param public_key_attribute_count # pub. attrs.
2689  * @param private_key_template_ptr template for priv. key
2690  * @param private_key_attribute_count # priv. attrs.
2691  * @param public_key_ptr gets pub. key handle
2692  * @param private_key_ptr gets priv. key handle
2693  * @param return_value default value (`ThrowException`): throw exception on error.
2694  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2695  * At least the following PKCS#11 return values may be returned:
2696  * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
2697  * \li AttributeValueInvalid \li CryptokiNotInitialized \li CurveNotSupported
2698  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2699  * \li DomainParamsInvalid \li FunctionCanceled \li FunctionFailed
2700  * \li GeneralError \li HostMemory \li MechanismInvalid
2701  * \li MechanismParamInvalid \li OK \li OperationActive
2702  * \li PinExpired \li SessionClosed \li SessionHandleInvalid
2703  * \li SessionReadOnly \li TemplateIncomplete \li TemplateInconsistent
2704  * \li TokenWriteProtected \li UserNotLoggedIn
2705  * @return true on success, false otherwise
2706  */
2707  bool C_GenerateKeyPair(SessionHandle session,
2708  Mechanism* mechanism_ptr,
2709  Attribute* public_key_template_ptr,
2710  Ulong public_key_attribute_count,
2711  Attribute* private_key_template_ptr,
2712  Ulong private_key_attribute_count,
2713  ObjectHandle* public_key_ptr,
2714  ObjectHandle* private_key_ptr,
2715  ReturnValue* return_value = ThrowException) const;
2716 
2717  /**
2718  * C_WrapKey wraps (i.e., encrypts) a key.
2719  * @param session the session's handle
2720  * @param mechanism_ptr the wrapping mechanism
2721  * @param wrapping_key wrapping key
2722  * @param key key to be wrapped
2723  * @param wrapped_key_ptr gets wrapped key
2724  * @param wrapped_key_len_ptr gets wrapped key size
2725  * @param return_value default value (`ThrowException`): throw exception on error.
2726  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2727  * At least the following PKCS#11 return values may be returned:
2728  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2729  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2730  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2731  * \li HostMemory \li KeyHandleInvalid \li KeyNotWrappable
2732  * \li KeySizeRange \li KeyUnextractable \li MechanismInvalid
2733  * \li MechanismParamInvalid \li OK \li OperationActive
2734  * \li PinExpired \li SessionClosed \li SessionHandleInvalid
2735  * \li UserNotLoggedIn \li WrappingKeyHandleInvalid \li WrappingKeySizeRange
2736  * \li WrappingKeyTypeInconsistent
2737  * @return true on success, false otherwise
2738  */
2739  bool C_WrapKey(SessionHandle session,
2740  Mechanism* mechanism_ptr,
2741  ObjectHandle wrapping_key,
2742  ObjectHandle key,
2743  Byte* wrapped_key_ptr,
2744  Ulong* wrapped_key_len_ptr,
2745  ReturnValue* return_value = ThrowException) const;
2746 
2747  /**
2748  * C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new key object.
2749  * @param session session's handle
2750  * @param mechanism_ptr unwrapping mech.
2751  * @param unwrapping_key unwrapping key
2752  * @param wrapped_key_ptr the wrapped key
2753  * @param wrapped_key_len wrapped key len
2754  * @param attribute_template_ptr new key template
2755  * @param attribute_count template length
2756  * @param key_ptr gets new handle
2757  * @param return_value default value (`ThrowException`): throw exception on error.
2758  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2759  * At least the following PKCS#11 return values may be returned:
2760  * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
2761  * \li AttributeValueInvalid \li BufferTooSmall \li CryptokiNotInitialized
2762  * \li CurveNotSupported \li DeviceError \li DeviceMemory
2763  * \li DeviceRemoved \li DomainParamsInvalid \li FunctionCanceled
2764  * \li FunctionFailed \li GeneralError \li HostMemory
2765  * \li MechanismInvalid \li MechanismParamInvalid \li OK
2766  * \li OperationActive \li PinExpired \li SessionClosed
2767  * \li SessionHandleInvalid \li SessionReadOnly \li TemplateIncomplete
2768  * \li TemplateInconsistent \li TokenWriteProtected \li UnwrappingKeyHandleInvalid
2769  * \li UnwrappingKeySizeRange \li UnwrappingKeyTypeInconsistent \li UserNotLoggedIn
2770  * \li WrappedKeyInvalid \li WrappedKeyLenRange
2771  * @return true on success, false otherwise
2772  */
2773  bool C_UnwrapKey(SessionHandle session,
2774  Mechanism* mechanism_ptr,
2775  ObjectHandle unwrapping_key,
2776  Byte* wrapped_key_ptr,
2777  Ulong wrapped_key_len,
2778  Attribute* attribute_template_ptr,
2779  Ulong attribute_count,
2780  ObjectHandle* key_ptr,
2781  ReturnValue* return_value = ThrowException) const;
2782 
2783  /**
2784  * C_DeriveKey derives a key from a base key, creating a new key object.
2785  * @param session session's handle
2786  * @param mechanism_ptr key deriv. mech.
2787  * @param base_key base key
2788  * @param attribute_template_ptr new key template
2789  * @param attribute_count template length
2790  * @param key_ptr gets new handle
2791  * @param return_value default value (`ThrowException`): throw exception on error.
2792  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2793  * At least the following PKCS#11 return values may be returned:
2794  * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
2795  * \li AttributeValueInvalid \li CryptokiNotInitialized \li CurveNotSupported
2796  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2797  * \li DomainParamsInvalid \li FunctionCanceled \li FunctionFailed
2798  * \li GeneralError \li HostMemory \li KeyHandleInvalid
2799  * \li KeySizeRange \li KeyTypeInconsistent \li MechanismInvalid
2800  * \li MechanismParamInvalid \li OK \li OperationActive
2801  * \li PinExpired \li SessionClosed \li SessionHandleInvalid
2802  * \li SessionReadOnly \li TemplateIncomplete \li TemplateInconsistent
2803  * \li TokenWriteProtected \li UserNotLoggedIn
2804  * @return true on success, false otherwise
2805  */
2806  bool C_DeriveKey(SessionHandle session,
2807  Mechanism* mechanism_ptr,
2808  ObjectHandle base_key,
2809  Attribute* attribute_template_ptr,
2810  Ulong attribute_count,
2811  ObjectHandle* key_ptr,
2812  ReturnValue* return_value = ThrowException) const;
2813 
2814  /****************************** Random number generation functions ******************************/
2815 
2816  /**
2817  * C_SeedRandom mixes additional seed material into the token's random number generator.
2818  * @param session the session's handle
2819  * @param seed_ptr the seed material
2820  * @param seed_len length of seed material
2821  * @param return_value default value (`ThrowException`): throw exception on error.
2822  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2823  * At least the following PKCS#11 return values may be returned:
2824  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2825  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2826  * \li FunctionFailed \li GeneralError \li HostMemory
2827  * \li OK \li OperationActive \li RandomSeedNotSupported
2828  * \li RandomNoRng \li SessionClosed \li SessionHandleInvalid
2829  * \li UserNotLoggedIn
2830  * @return true on success, false otherwise
2831  */
2832  bool C_SeedRandom(SessionHandle session,
2833  Byte* seed_ptr,
2834  Ulong seed_len,
2835  ReturnValue* return_value = ThrowException) const;
2836 
2837  /**
2838  * C_GenerateRandom generates random data.
2839  * @param session the session's handle
2840  * @param random_data_ptr receives the random data
2841  * @param random_len # of bytes to generate
2842  * @param return_value default value (`ThrowException`): throw exception on error.
2843  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2844  * At least the following PKCS#11 return values may be returned:
2845  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2846  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2847  * \li FunctionFailed \li GeneralError \li HostMemory
2848  * \li OK \li OperationActive \li RandomNoRng
2849  * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2850  * @return true on success, false otherwise
2851  */
2852  bool C_GenerateRandom(SessionHandle session,
2853  Byte* random_data_ptr,
2854  Ulong random_len,
2855  ReturnValue* return_value = ThrowException) const;
2856 
2857  /****************************** Parallel function management functions ******************************/
2858 
2859  /**
2860  * C_GetFunctionStatus is a legacy function; it obtains an updated status of a function running in parallel with an application.
2861  * @param session the session's handle
2862  * @param return_value default value (`ThrowException`): throw exception on error.
2863  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2864  * At least the following PKCS#11 return values may be returned:
2865  * \li CryptokiNotInitialized \li FunctionFailed \li FunctionNotParallel
2866  * \li GeneralError \li HostMemory \li SessionHandleInvalid
2867  * \li SessionClosed
2868  * @return true on success, false otherwise
2869  */
2870  bool C_GetFunctionStatus(SessionHandle session,
2871  ReturnValue* return_value = ThrowException) const;
2872 
2873  /**
2874  * C_CancelFunction is a legacy function; it cancels a function running in parallel.
2875  * @param session the session's handle
2876  * @param return_value default value (`ThrowException`): throw exception on error.
2877  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2878  * At least the following PKCS#11 return values may be returned:
2879  * \li CryptokiNotInitialized \li FunctionFailed \li FunctionNotParallel
2880  * \li GeneralError \li HostMemory \li SessionHandleInvalid
2881  * \li SessionClosed
2882  * @return true on success, false otherwise
2883  */
2884  bool C_CancelFunction(SessionHandle session,
2885  ReturnValue* return_value = ThrowException) const;
2886 
2887  private:
2888  const FunctionListPtr m_func_list_ptr;
2889  };
2890 
2892  {
2893  public:
2894  explicit PKCS11_Error(const std::string& what) :
2895  Exception("PKCS11 error", what)
2896  {
2897  }
2898 
2899  ErrorType error_type() const noexcept override { return ErrorType::Pkcs11Error; }
2900  };
2901 
2903  {
2904  public:
2905  explicit PKCS11_ReturnError(ReturnValue return_val) :
2906  PKCS11_Error(std::to_string(static_cast< uint32_t >(return_val))),
2907  m_return_val(return_val)
2908  {}
2909 
2911  {
2912  return m_return_val;
2913  }
2914 
2915  int error_code() const noexcept override
2916  {
2917  return static_cast<int>(m_return_val);
2918  }
2919 
2920  private:
2921  const ReturnValue m_return_val;
2922  };
2923 
2924 }
2925 
2926 }
2927 
2928 #endif
#define CKF_EXCLUDE_COUNTER
Definition: pkcs11t.h:1811
#define CKA_CHAR_ROWS
Definition: pkcs11t.h:546
#define CKM_DES3_CBC_ENCRYPT_DATA
Definition: pkcs11t.h:940
#define CKK_RC2
Definition: pkcs11t.h:347
struct CK_RSA_PKCS_OAEP_PARAMS CK_RSA_PKCS_OAEP_PARAMS
#define CKP_PKCS5_PBKD2_HMAC_SHA512
Definition: pkcs11t.h:1724
#define CKF_EC_NAMEDCURVE
Definition: pkcs11t.h:1025
CK_UTF8CHAR Utf8Char
Definition: p11.h:841
#define CKM_HOTP_KEY_GEN
Definition: pkcs11t.h:721
#define CKM_AES_CFB64
Definition: pkcs11t.h:964
#define CKM_CAST128_CBC
Definition: pkcs11t.h:744
#define CKM_SHA512_RSA_PKCS_PSS
Definition: pkcs11t.h:626
#define CKR_RANDOM_SEED_NOT_SUPPORTED
Definition: pkcs11t.h:1129
CK_NOTIFY Notify
Definition: p11.h:842
#define CKR_DEVICE_REMOVED
Definition: pkcs11t.h:1062
#define CKM_DSA_PARAMETER_GEN
Definition: pkcs11t.h:957
#define CKM_AES_CMAC_GENERAL
Definition: pkcs11t.h:924
#define CKM_SHA_1_HMAC_GENERAL
Definition: pkcs11t.h:698
#define CKR_FIPS_SELF_TEST_FAILED
Definition: pkcs11t.h:1151
#define CKM_XOR_BASE_AND_DATA
Definition: pkcs11t.h:767
void change_pin(Slot &slot, const secure_string &old_pin, const secure_string &new_pin)
Definition: p11.cpp:52
#define CKF_USER_PIN_INITIALIZED
Definition: pkcs11t.h:158
#define CKA_HW_FEATURE_TYPE
Definition: pkcs11t.h:539
#define CKM_SHA384_KEY_DERIVATION
Definition: pkcs11t.h:788
#define CKF_SIGN
Definition: pkcs11t.h:1009
#define CKM_KEA_DERIVE
Definition: pkcs11t.h:878
CK_ULONG CK_SLOT_ID
Definition: pkcs11t.h:104
#define CKM_TLS_PRE_MASTER_KEY_GEN
Definition: pkcs11t.h:774
Flag operator|(Flag a, Flag b)
Definition: p11.h:265
#define CKA_TRUSTED
Definition: pkcs11t.h:450
#define CKM_RIPEMD128_HMAC_GENERAL
Definition: pkcs11t.h:702
#define CKR_ENCRYPTED_DATA_INVALID
Definition: pkcs11t.h:1063
#define CKM_PBE_MD5_CAST_CBC
Definition: pkcs11t.h:794
#define CKR_PIN_EXPIRED
Definition: pkcs11t.h:1093
#define CKH_MONOTONIC_COUNTER
Definition: pkcs11t.h:330
#define CKM_RSA_X_509
Definition: pkcs11t.h:589
#define CKA_ENCODING_METHODS
Definition: pkcs11t.h:551
#define CKM_DES_CFB8
Definition: pkcs11t.h:683
#define CKH_USER_INTERFACE
Definition: pkcs11t.h:332
#define CKA_PRIME_1
Definition: pkcs11t.h:478
#define CKG_MGF1_SHA256
Definition: pkcs11t.h:1247
#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC
Definition: pkcs11t.h:813
#define CKR_KEY_NEEDED
Definition: pkcs11t.h:1077
#define CKA_WRAP_WITH_TRUSTED
Definition: pkcs11t.h:515
#define CKR_SAVED_STATE_INVALID
Definition: pkcs11t.h:1138
#define CKM_KEY_WRAP_LYNKS
Definition: pkcs11t.h:829
#define CKA_PRIVATE_EXPONENT
Definition: pkcs11t.h:477
#define CKM_CAST_KEY_GEN
Definition: pkcs11t.h:726
#define CKK_CAST128
Definition: pkcs11t.h:355
#define CKM_SHA512_RSA_PKCS
Definition: pkcs11t.h:623
#define CKM_IDEA_KEY_GEN
Definition: pkcs11t.h:757
#define CKM_SHA224_RSA_PKCS
Definition: pkcs11t.h:628
#define CKM_SEED_CBC_ENCRYPT_DATA
Definition: pkcs11t.h:863
#define CKF_TOKEN_PRESENT
Definition: pkcs11t.h:122
#define CKM_GOSTR3410_WITH_GOSTR3411
Definition: pkcs11t.h:946
#define CKM_SHA256_HMAC
Definition: pkcs11t.h:708
CK_UNLOCKMUTEX UnlockMutex
Definition: p11.h:831
#define CKM_CAMELLIA_MAC_GENERAL
Definition: pkcs11t.h:841
#define CKR_CANCEL
Definition: pkcs11t.h:1039
#define CKM_PBE_SHA1_RC2_128_CBC
Definition: pkcs11t.h:804
#define CKA_UNWRAP_TEMPLATE
Definition: pkcs11t.h:517
#define CKA_SUBJECT
Definition: pkcs11t.h:460
#define CKA_EC_PARAMS
Definition: pkcs11t.h:506
#define CKA_OTP_SERVICE_LOGO_TYPE
Definition: pkcs11t.h:533
#define CKF_EC_ECPARAMETERS
Definition: pkcs11t.h:1024
#define CKM_DES3_CMAC_GENERAL
Definition: pkcs11t.h:671
#define CKM_CDMF_CBC
Definition: pkcs11t.h:675
#define CKM_CAST5_CBC
Definition: pkcs11t.h:743
#define CKD_SHA1_KDF_CONCATENATE
Definition: pkcs11t.h:1295
#define CKF_PROTECTED_AUTHENTICATION_PATH
Definition: pkcs11t.h:177
bool C_Login(SessionHandle session, UserType user_type, const std::vector< uint8_t, TAlloc > &pin, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1429
#define CKM_RC2_ECB
Definition: pkcs11t.h:646
#define CKK_VENDOR_DEFINED
Definition: pkcs11t.h:387
#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT
Definition: pkcs11t.h:1115
#define CKM_SHA512_HMAC
Definition: pkcs11t.h:717
#define CKM_TLS_KDF
Definition: pkcs11t.h:827
#define CKF_GENERATE_KEY_PAIR
Definition: pkcs11t.h:1014
#define CKK_SHA224_HMAC
Definition: pkcs11t.h:378
CK_ULONG CK_MECHANISM_TYPE
Definition: pkcs11t.h:583
#define CKM_ARIA_ECB_ENCRYPT_DATA
Definition: pkcs11t.h:853
#define CKM_PBE_MD5_CAST5_CBC
Definition: pkcs11t.h:796
#define CKA_CHAR_COLUMNS
Definition: pkcs11t.h:547
#define CKU_CONTEXT_SPECIFIC
Definition: pkcs11t.h:268
#define CKA_LABEL
Definition: pkcs11t.h:440
#define CKA_ISSUER
Definition: pkcs11t.h:445
CK_ULONG CK_NOTIFICATION
Definition: pkcs11t.h:100
#define CKM_BATON_WRAP
Definition: pkcs11t.h:886
#define CKS_RW_USER_FUNCTIONS
Definition: pkcs11t.h:275
#define CKM_SEED_ECB_ENCRYPT_DATA
Definition: pkcs11t.h:862
#define CKM_SKIPJACK_CFB8
Definition: pkcs11t.h:872
#define CKM_ECDSA_SHA256
Definition: pkcs11t.h:894
#define CKM_ECDSA_SHA224
Definition: pkcs11t.h:893
#define CKA_ATTR_TYPES
Definition: pkcs11t.h:449
#define CKA_MIME_TYPES
Definition: pkcs11t.h:552
CK_BYTE CK_BBOOL
Definition: pkcs11t.h:45
CertificateType
Definition: p11.h:175
#define CKA_OTP_COUNTER_REQUIREMENT
Definition: pkcs11t.h:526
#define CKA_REQUIRED_CMS_ATTRIBUTES
Definition: pkcs11t.h:554
#define CKA_EXTRACTABLE
Definition: pkcs11t.h:494
#define CKR_DEVICE_ERROR
Definition: pkcs11t.h:1060
#define CKR_SIGNATURE_INVALID
Definition: pkcs11t.h:1106
#define CKK_ARIA
Definition: pkcs11t.h:369
#define CKR_FUNCTION_CANCELED
Definition: pkcs11t.h:1065
#define CKM_PBA_SHA1_WITH_SHA1_HMAC
Definition: pkcs11t.h:809
#define CK_CERTIFICATE_CATEGORY_OTHER_ENTITY
Definition: pkcs11t.h:398
#define CKM_JUNIPER_COUNTER
Definition: pkcs11t.h:908
#define CKM_DSA_SHA512
Definition: pkcs11t.h:611
#define CKF_LIBRARY_CANT_CREATE_OS_THREADS
Definition: pkcs11t.h:1225
#define CKA_EC_POINT
Definition: pkcs11t.h:508
#define CKM_CAMELLIA_CBC_ENCRYPT_DATA
Definition: pkcs11t.h:844
#define CKM_CAST5_ECB
Definition: pkcs11t.h:741
#define CKD_SHA384_KDF
Definition: pkcs11t.h:1298
#define CKM_CAST3_KEY_GEN
Definition: pkcs11t.h:732
#define CKK_HOTP
Definition: pkcs11t.h:366
struct CK_TOKEN_INFO CK_TOKEN_INFO
#define CKK_SHA256_HMAC
Definition: pkcs11t.h:375
#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE
Definition: pkcs11t.h:815
#define CKM_CDMF_CBC_PAD
Definition: pkcs11t.h:678
#define CKM_DES3_CMAC
Definition: pkcs11t.h:672
#define CKM_SKIPJACK_WRAP
Definition: pkcs11t.h:873
#define CKA_COEFFICIENT
Definition: pkcs11t.h:482
#define CKM_RC2_KEY_GEN
Definition: pkcs11t.h:645
#define CKM_RSA_PKCS_TPM_1_1
Definition: pkcs11t.h:972
#define CKC_WTLS
Definition: pkcs11t.h:409
#define CKM_RSA_PKCS
Definition: pkcs11t.h:587
#define CKK_CAST
Definition: pkcs11t.h:352
AttributeType
Definition: p11.h:63
#define CK_CERTIFICATE_CATEGORY_AUTHORITY
Definition: pkcs11t.h:397
#define CKM_CDMF_MAC
Definition: pkcs11t.h:676
#define CKR_ATTRIBUTE_SENSITIVE
Definition: pkcs11t.h:1052
#define CKM_RSA_PKCS_KEY_PAIR_GEN
Definition: pkcs11t.h:586
#define CKM_SKIPJACK_KEY_GEN
Definition: pkcs11t.h:865
#define CKR_NO_EVENT
Definition: pkcs11t.h:1047
#define CKM_CAMELLIA_ECB_ENCRYPT_DATA
Definition: pkcs11t.h:843
#define CKM_AES_KEY_WRAP
Definition: pkcs11t.h:969
#define CRYPTOKI_VERSION_MINOR
Definition: pkcs11t.h:20
#define CKM_CAST_MAC_GENERAL
Definition: pkcs11t.h:730
#define CKA_SERIAL_NUMBER
Definition: pkcs11t.h:446
#define CKM_RC5_CBC_PAD
Definition: pkcs11t.h:756
#define CKM_IDEA_CBC
Definition: pkcs11t.h:759
#define CKF_ERROR_STATE
Definition: pkcs11t.h:248
#define CKM_MD5_RSA_PKCS
Definition: pkcs11t.h:592
#define CKM_SHA512_224_KEY_DERIVATION
Definition: pkcs11t.h:634
#define CKM_SKIPJACK_CFB32
Definition: pkcs11t.h:870
#define CKG_MGF1_SHA384
Definition: pkcs11t.h:1248
#define CKM_SHA512_HMAC_GENERAL
Definition: pkcs11t.h:718
#define CKM_AES_CFB128
Definition: pkcs11t.h:966
#define CKR_GENERAL_ERROR
Definition: pkcs11t.h:1043
void set_pin(Slot &slot, const secure_string &so_pin, const secure_string &pin)
Definition: p11.cpp:66
#define CKM_CAMELLIA_CBC_PAD
Definition: pkcs11t.h:842
#define CKD_NULL
Definition: pkcs11t.h:1290
#define CKM_DES3_CBC
Definition: pkcs11t.h:666
#define CKA_PUBLIC_KEY_INFO
Definition: pkcs11t.h:483
#define CKR_OK
Definition: pkcs11t.h:1038
#define CKK_EC
Definition: pkcs11t.h:343
#define CKR_WRAPPING_KEY_SIZE_RANGE
Definition: pkcs11t.h:1127
#define CKM_DES_CFB64
Definition: pkcs11t.h:682
#define CKA_VALUE
Definition: pkcs11t.h:442
#define CKA_KEY_TYPE
Definition: pkcs11t.h:459
#define CKA_ID
Definition: pkcs11t.h:461
#define CKA_OTP_COUNTER
Definition: pkcs11t.h:528
#define CKM_TLS12_MAC
Definition: pkcs11t.h:820
#define CKM_SSL3_MASTER_KEY_DERIVE
Definition: pkcs11t.h:770
#define CKM_AES_KEY_GEN
Definition: pkcs11t.h:913
CK_ULONG CK_OBJECT_HANDLE
Definition: pkcs11t.h:298
#define CKF_SO_PIN_COUNT_LOW
Definition: pkcs11t.h:229
#define CKM_CONCATENATE_BASE_AND_DATA
Definition: pkcs11t.h:765
#define CKF_GENERATE
Definition: pkcs11t.h:1013
struct CK_INFO CK_INFO
#define CKM_CAST128_MAC_GENERAL
Definition: pkcs11t.h:748
#define CKM_KEA_KEY_DERIVE
Definition: pkcs11t.h:877
#define CKA_OBJECT_ID
Definition: pkcs11t.h:443
int(* final)(unsigned char *, CTX *)
#define CKM_TLS10_MAC_CLIENT
Definition: pkcs11t.h:819
#define CKM_PBE_SHA1_RC4_40
Definition: pkcs11t.h:801
#define CKA_WRAP
Definition: pkcs11t.h:465
#define CKF_WRITE_PROTECTED
Definition: pkcs11t.h:156
#define CKM_CAST3_CBC_PAD
Definition: pkcs11t.h:737
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31
#define CKM_RIPEMD128_RSA_PKCS
Definition: pkcs11t.h:595
#define CKM_RC2_CBC
Definition: pkcs11t.h:647
#define CKR_OBJECT_HANDLE_INVALID
Definition: pkcs11t.h:1086
#define CKK_CAMELLIA
Definition: pkcs11t.h:368
#define CKF_USER_FRIENDLY_OTP
Definition: pkcs11t.h:1814
#define CKO_CERTIFICATE
Definition: pkcs11t.h:311
#define CKK_SEED
Definition: pkcs11t.h:380
#define CKM_TLS_MASTER_KEY_DERIVE_DH
Definition: pkcs11t.h:777
#define CKM_TWOFISH_CBC_PAD
Definition: pkcs11t.h:935
#define CKA_GOST28147_PARAMS
Definition: pkcs11t.h:537
#define CKM_KIP_WRAP
Definition: pkcs11t.h:834
#define CKM_SSL3_MD5_MAC
Definition: pkcs11t.h:781
#define CKM_BATON_COUNTER
Definition: pkcs11t.h:884
#define CKM_BATON_ECB96
Definition: pkcs11t.h:882
Flags flags(Flag flags)
Definition: p11.h:858
#define CK_TRUE
Definition: pkcs11t.h:23
#define CKM_GOSTR3410
Definition: pkcs11t.h:945
Definition: bigint.h:1135
#define CKM_PBE_SHA1_DES3_EDE_CBC
Definition: pkcs11t.h:802
#define CKH_CLOCK
Definition: pkcs11t.h:331
#define CKR_MUTEX_BAD
Definition: pkcs11t.h:1144
#define CKR_RANDOM_NO_RNG
Definition: pkcs11t.h:1131
PseudoRandom
Definition: p11.h:692
#define CKP_PKCS5_PBKD2_HMAC_SHA512_224
Definition: pkcs11t.h:1725
#define CKM_SHA512_224
Definition: pkcs11t.h:631
PKCS11_Error(const std::string &what)
Definition: p11.h:2894
#define CKM_TWOFISH_KEY_GEN
Definition: pkcs11t.h:932
#define CKA_PIXEL_X
Definition: pkcs11t.h:543
#define CKG_MGF1_SHA1
Definition: pkcs11t.h:1246
#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT
Definition: pkcs11t.h:1128
CK_ULONG Ulong
Definition: p11.h:836
#define CKM_SHA224
Definition: pkcs11t.h:710
#define CKS_RO_PUBLIC_SESSION
Definition: pkcs11t.h:272
#define CKO_SECRET_KEY
Definition: pkcs11t.h:314
#define CKR_ATTRIBUTE_READ_ONLY
Definition: pkcs11t.h:1051
bool C_SignFinal(SessionHandle session, std::vector< uint8_t, TAlloc > &signature, ReturnValue *return_value=ThrowException) const
Definition: p11.h:2297
#define CKM_RC5_MAC_GENERAL
Definition: pkcs11t.h:755
#define CKR_SESSION_EXISTS
Definition: pkcs11t.h:1101
CK_VOID_PTR VoidPtr
Definition: p11.h:826
#define CKM_BLOWFISH_KEY_GEN
Definition: pkcs11t.h:930
#define CKF_HW_SLOT
Definition: pkcs11t.h:124
#define CKR_MUTEX_NOT_LOCKED
Definition: pkcs11t.h:1145
unsigned char CK_BYTE
Definition: pkcs11t.h:36
#define CKM_SEED_MAC
Definition: pkcs11t.h:859
#define CKR_NEXT_OTP
Definition: pkcs11t.h:1148
#define CKM_RSA_9796
Definition: pkcs11t.h:588
unsigned long int CK_ULONG
Definition: pkcs11t.h:48
#define CKM_PBE_SHA1_RC2_40_CBC
Definition: pkcs11t.h:805
#define CKA_ALWAYS_AUTHENTICATE
Definition: pkcs11t.h:513
#define CKA_DERIVE
Definition: pkcs11t.h:471
#define CKK_X9_42_DH
Definition: pkcs11t.h:344
#define CKA_OTP_FORMAT
Definition: pkcs11t.h:520
#define CKF_REMOVABLE_DEVICE
Definition: pkcs11t.h:123
#define CKA_OTP_TIME_REQUIREMENT
Definition: pkcs11t.h:525
#define CKR_TOKEN_WRITE_PROTECTED
Definition: pkcs11t.h:1112
#define CKM_DES3_CBC_PAD
Definition: pkcs11t.h:670
#define CKR_DEVICE_MEMORY
Definition: pkcs11t.h:1061
struct CK_MECHANISM CK_MECHANISM
#define CKM_RC4
Definition: pkcs11t.h:654
#define CKR_INFORMATION_SENSITIVE
Definition: pkcs11t.h:1139
#define CKC_X_509
Definition: pkcs11t.h:407
#define CKM_DES_OFB64
Definition: pkcs11t.h:680
#define CKR_EXCEEDED_MAX_ITERATIONS
Definition: pkcs11t.h:1150
CK_ULONG CK_ATTRIBUTE_TYPE
Definition: pkcs11t.h:416
MechanismType type
#define CKP_PKCS5_PBKD2_HMAC_GOSTR3411
Definition: pkcs11t.h:1720
#define CKM_AES_CTR
Definition: pkcs11t.h:919
#define CKA_PRIVATE
Definition: pkcs11t.h:439
#define CKK_MD5_HMAC
Definition: pkcs11t.h:371
#define CKA_OTP_PIN_REQUIREMENT
Definition: pkcs11t.h:527
#define CKA_ALWAYS_SENSITIVE
Definition: pkcs11t.h:497
#define CKR_PIN_INVALID
Definition: pkcs11t.h:1090
#define CKA_END_DATE
Definition: pkcs11t.h:473
#define CKM_ECDSA_SHA1
Definition: pkcs11t.h:892
#define CKU_SO
Definition: pkcs11t.h:264
#define CKA_OTP_LENGTH
Definition: pkcs11t.h:521
#define CKM_CAST128_ECB
Definition: pkcs11t.h:742
CK_ULONG CK_HW_FEATURE_TYPE
Definition: pkcs11t.h:327
#define CKR_LIBRARY_LOAD_FAILED
Definition: pkcs11t.h:1152
#define CKR_PIN_TOO_WEAK
Definition: pkcs11t.h:1153
#define CKM_SSL3_PRE_MASTER_KEY_GEN
Definition: pkcs11t.h:769
CK_BYTE Byte
Definition: p11.h:847
#define CKM_SHA512_T_HMAC_GENERAL
Definition: pkcs11t.h:642
#define CKA_SIGN
Definition: pkcs11t.h:467
#define CKR_DATA_INVALID
Definition: pkcs11t.h:1058
#define CKM_MD2_HMAC
Definition: pkcs11t.h:687
#define CKM_AES_ECB_ENCRYPT_DATA
Definition: pkcs11t.h:941
#define CKR_ATTRIBUTE_TYPE_INVALID
Definition: pkcs11t.h:1053
#define CKA_VENDOR_DEFINED
Definition: pkcs11t.h:559
#define CKM_AES_XCBC_MAC_96
Definition: pkcs11t.h:927
bool C_VerifyUpdate(SessionHandle session, std::vector< uint8_t, TAlloc > part, ReturnValue *return_value=ThrowException) const
Definition: p11.h:2477
#define CKM_ACTI_KEY_GEN
Definition: pkcs11t.h:724
#define CKM_SHA1_RSA_X9_31
Definition: pkcs11t.h:601
#define CKK_DES2
Definition: pkcs11t.h:350
#define CKM_AES_CCM
Definition: pkcs11t.h:921
#define CKK_RC5
Definition: pkcs11t.h:356
#define CKA_ECDSA_PARAMS
Definition: pkcs11t.h:505
#define CKF_WRAP
Definition: pkcs11t.h:1015
#define CKM_TLS12_KDF
Definition: pkcs11t.h:821
#define CKR_PIN_INCORRECT
Definition: pkcs11t.h:1089
#define CKM_DH_PKCS_PARAMETER_GEN
Definition: pkcs11t.h:958
#define CKA_CERTIFICATE_CATEGORY
Definition: pkcs11t.h:451
#define CKA_LOCAL
Definition: pkcs11t.h:495
#define CKM_SHA1_RSA_PKCS_PSS
Definition: pkcs11t.h:603
#define CKA_EXPONENT_1
Definition: pkcs11t.h:480
#define CKM_TLS10_MAC_SERVER
Definition: pkcs11t.h:818
#define CKR_PUBLIC_KEY_INVALID
Definition: pkcs11t.h:1154
#define CKK_ACTI
Definition: pkcs11t.h:367
#define CKF_LOGIN_REQUIRED
Definition: pkcs11t.h:157
#define CKM_VENDOR_DEFINED
Definition: pkcs11t.h:975
CK_ULONG CK_OBJECT_CLASS
Definition: pkcs11t.h:307
#define CKA_HAS_RESET
Definition: pkcs11t.h:541
#define CKR_STATE_UNSAVEABLE
Definition: pkcs11t.h:1140
bool C_Verify(SessionHandle session, const std::vector< uint8_t, TAllocA > &data, std::vector< uint8_t, TAllocB > &signature, ReturnValue *return_value=ThrowException) const
Definition: p11.h:2429
#define CKM_PBE_SHA1_DES2_EDE_CBC
Definition: pkcs11t.h:803
#define CKR_KEY_INDIGESTIBLE
Definition: pkcs11t.h:1078
#define CKM_PBE_MD5_DES_CBC
Definition: pkcs11t.h:793
#define CKF_NEXT_OTP
Definition: pkcs11t.h:1809
#define CKA_OTP_SERVICE_LOGO
Definition: pkcs11t.h:532
#define CKD_SHA512_KDF
Definition: pkcs11t.h:1299
#define CKF_VERIFY_RECOVER
Definition: pkcs11t.h:1012
struct CK_C_INITIALIZE_ARGS CK_C_INITIALIZE_ARGS
std::string to_string(ErrorType type)
Convert an ErrorType to string.
Definition: exceptn.cpp:11
#define CKF_EXTENSION
Definition: pkcs11t.h:1029
#define CKK_GOSTR3410
Definition: pkcs11t.h:381
CK_FUNCTION_LIST_PTR FunctionListPtr
Definition: p11.h:825
#define CKR_ACTION_PROHIBITED
Definition: pkcs11t.h:1056
#define CKM_SHA256
Definition: pkcs11t.h:707
#define CKF_HW
Definition: pkcs11t.h:1003
#define CKF_EC_UNCOMPRESS
Definition: pkcs11t.h:1026
#define CKF_OS_LOCKING_OK
Definition: pkcs11t.h:1226
#define CKF_DERIVE
Definition: pkcs11t.h:1017
#define CKR_USER_TOO_MANY_TYPES
Definition: pkcs11t.h:1122
#define CKM_RC2_MAC
Definition: pkcs11t.h:648
#define CKM_TLS_PRF
Definition: pkcs11t.h:779
#define CKM_X9_42_MQV_DERIVE
Definition: pkcs11t.h:619
#define CKA_SECONDARY_AUTH
Definition: pkcs11t.h:510
#define CKF_EC_F_P
Definition: pkcs11t.h:1022
#define CKM_RIPEMD128
Definition: pkcs11t.h:700
#define CKM_MD5_KEY_DERIVATION
Definition: pkcs11t.h:783
#define CKM_ECDSA_SHA384
Definition: pkcs11t.h:895
#define CKM_SHA1_KEY_DERIVATION
Definition: pkcs11t.h:785
CK_CREATEMUTEX CreateMutex
Definition: p11.h:828
#define CKM_DSA_SHA224
Definition: pkcs11t.h:608
#define CKM_SHA1_RSA_PKCS
Definition: pkcs11t.h:593
#define CKM_AES_CFB1
Definition: pkcs11t.h:968
CK_SESSION_HANDLE SessionHandle
Definition: p11.h:843
ErrorType error_type() const noexcept override
Definition: p11.h:2899
#define CKA_CHAR_SETS
Definition: pkcs11t.h:550
#define CKM_MD2_KEY_DERIVATION
Definition: pkcs11t.h:784
#define CKA_ALLOWED_MECHANISMS
Definition: pkcs11t.h:557
#define CKM_DES_CBC
Definition: pkcs11t.h:657
#define CKF_UNWRAP
Definition: pkcs11t.h:1016
#define CKK_GENERIC_SECRET
Definition: pkcs11t.h:346
#define CKM_SHA384_HMAC
Definition: pkcs11t.h:714
#define CKF_RESTORE_KEY_NOT_NEEDED
Definition: pkcs11t.h:165
#define CKR_OPERATION_ACTIVE
Definition: pkcs11t.h:1087
#define CKM_SHA512_224_HMAC_GENERAL
Definition: pkcs11t.h:633
#define CKM_DES_CBC_PAD
Definition: pkcs11t.h:661
#define CKM_RSA_AES_KEY_WRAP
Definition: pkcs11t.h:903
#define CKA_ENCRYPT
Definition: pkcs11t.h:463
#define CKM_FASTHASH
Definition: pkcs11t.h:911
#define CKM_CONCATENATE_BASE_AND_KEY
Definition: pkcs11t.h:764
#define CKM_ECDSA
Definition: pkcs11t.h:891
#define CKM_BATON_ECB128
Definition: pkcs11t.h:881
CK_ULONG CK_SESSION_HANDLE
Definition: pkcs11t.h:256
#define CKR_KEY_NOT_WRAPPABLE
Definition: pkcs11t.h:1080
#define CKA_MODULUS
Definition: pkcs11t.h:474
#define CKM_SHA512_T_KEY_DERIVATION
Definition: pkcs11t.h:643
#define CKS_RO_USER_FUNCTIONS
Definition: pkcs11t.h:273
#define CKM_AES_CBC_PAD
Definition: pkcs11t.h:918
#define CKF_CLOCK_ON_TOKEN
Definition: pkcs11t.h:171
#define CKA_OTP_USER_IDENTIFIER
Definition: pkcs11t.h:530
#define CKM_ARIA_ECB
Definition: pkcs11t.h:848
#define CKK_KEA
Definition: pkcs11t.h:345
#define CKR_FUNCTION_NOT_SUPPORTED
Definition: pkcs11t.h:1068
#define CKM_AES_GCM
Definition: pkcs11t.h:920
#define CKM_KEY_WRAP_SET_OAEP
Definition: pkcs11t.h:830
void change_so_pin(Slot &slot, const secure_string &old_so_pin, const secure_string &new_so_pin)
Definition: p11.cpp:59
#define CKM_SEED_MAC_GENERAL
Definition: pkcs11t.h:860
#define CKR_PIN_LOCKED
Definition: pkcs11t.h:1094
#define CK_CERTIFICATE_CATEGORY_UNSPECIFIED
Definition: pkcs11t.h:395
#define CKM_AES_CMAC
Definition: pkcs11t.h:923
#define CKM_FORTEZZA_TIMESTAMP
Definition: pkcs11t.h:879
#define CKM_JUNIPER_KEY_GEN
Definition: pkcs11t.h:905
#define CKR_FUNCTION_FAILED
Definition: pkcs11t.h:1044
#define CKR_TEMPLATE_INCONSISTENT
Definition: pkcs11t.h:1109
#define CKA_SENSITIVE
Definition: pkcs11t.h:462
#define CKA_PUBLIC_EXPONENT
Definition: pkcs11t.h:476
struct CK_RSA_PKCS_PSS_PARAMS CK_RSA_PKCS_PSS_PARAMS
#define CKK_CDMF
Definition: pkcs11t.h:361
#define CKM_SHA384_RSA_PKCS
Definition: pkcs11t.h:622
#define CKM_SEED_CBC
Definition: pkcs11t.h:858
#define CKM_AES_OFB
Definition: pkcs11t.h:963
#define CKF_EC_COMPRESS
Definition: pkcs11t.h:1027
#define CKM_GOST28147_KEY_GEN
Definition: pkcs11t.h:951
#define CKP_PKCS5_PBKD2_HMAC_SHA1
Definition: pkcs11t.h:1719
#define CKM_ECDSA_SHA512
Definition: pkcs11t.h:896
#define CKM_AES_MAC
Definition: pkcs11t.h:916
CK_ULONG CK_KEY_TYPE
Definition: pkcs11t.h:336
#define CKM_AES_MAC_GENERAL
Definition: pkcs11t.h:917
#define CKD_SHA224_KDF
Definition: pkcs11t.h:1296
#define CKR_ARGUMENTS_BAD
Definition: pkcs11t.h:1046
#define CKA_OWNER
Definition: pkcs11t.h:448
#define CRYPTOKI_VERSION_MAJOR
Definition: pkcs11t.h:19
#define CKF_SECONDARY_AUTHENTICATION
Definition: pkcs11t.h:199
#define CKA_COPYABLE
Definition: pkcs11t.h:501
#define CKP_PKCS5_PBKD2_HMAC_SHA256
Definition: pkcs11t.h:1722
#define CKM_GENERIC_SECRET_KEY_GEN
Definition: pkcs11t.h:763
#define CKM_SHA256_HMAC_GENERAL
Definition: pkcs11t.h:709
#define CKM_BATON_SHUFFLE
Definition: pkcs11t.h:885
#define CKR_BUFFER_TOO_SMALL
Definition: pkcs11t.h:1137
#define CKR_USER_NOT_LOGGED_IN
Definition: pkcs11t.h:1117
#define CKA_PRIME
Definition: pkcs11t.h:484
#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN
Definition: pkcs11t.h:1121
#define CKM_DSA_PROBABLISTIC_PARAMETER_GEN
Definition: pkcs11t.h:960
#define CKR_FUNCTION_NOT_PARALLEL
Definition: pkcs11t.h:1066
#define CKK_SECURID
Definition: pkcs11t.h:365
CK_ULONG CK_RV
Definition: pkcs11t.h:1036
#define CKM_DES_ECB_ENCRYPT_DATA
Definition: pkcs11t.h:937
#define CKM_BATON_KEY_GEN
Definition: pkcs11t.h:880
#define CKM_TLS12_KEY_AND_MAC_DERIVE
Definition: pkcs11t.h:823
bool C_SetPIN(SessionHandle session, const std::vector< uint8_t, TAlloc > &old_pin, const std::vector< uint8_t, TAlloc > &new_pin, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1255
#define CKM_GOSTR3410_KEY_PAIR_GEN
Definition: pkcs11t.h:944
#define CKM_RIPEMD128_HMAC
Definition: pkcs11t.h:701
#define CKM_X9_42_DH_HYBRID_DERIVE
Definition: pkcs11t.h:618
#define CKM_JUNIPER_ECB128
Definition: pkcs11t.h:906
#define CKK_AES
Definition: pkcs11t.h:362
#define CKF_DUAL_CRYPTO_OPERATIONS
Definition: pkcs11t.h:185
#define CKM_PBE_SHA1_CAST128_CBC
Definition: pkcs11t.h:799
#define CKA_GOSTR3410_PARAMS
Definition: pkcs11t.h:535
struct CK_DATE CK_DATE
#define CKM_DES3_ECB
Definition: pkcs11t.h:665
#define CKM_GOSTR3411
Definition: pkcs11t.h:949
#define CKM_SECURID_KEY_GEN
Definition: pkcs11t.h:719
#define CKM_ARIA_MAC
Definition: pkcs11t.h:850
#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE
Definition: pkcs11t.h:816
#define CKM_MD5_HMAC
Definition: pkcs11t.h:692
#define CKM_CAST_CBC
Definition: pkcs11t.h:728
#define CKO_OTP_KEY
Definition: pkcs11t.h:318
#define CKN_OTP_CHANGED
Definition: pkcs11t.h:102
#define CKM_PBE_SHA1_CAST5_CBC
Definition: pkcs11t.h:798
#define CK_FALSE
Definition: pkcs11t.h:24
ErrorType
Definition: exceptn.h:20
#define CKR_KEY_TYPE_INCONSISTENT
Definition: pkcs11t.h:1073
#define CKM_KIP_MAC
Definition: pkcs11t.h:835
#define CKO_PUBLIC_KEY
Definition: pkcs11t.h:312
#define CKR_SLOT_ID_INVALID
Definition: pkcs11t.h:1041
#define CKR_CANT_LOCK
Definition: pkcs11t.h:1049
#define CKM_SHA384_HMAC_GENERAL
Definition: pkcs11t.h:715
#define CKF_SO_PIN_LOCKED
Definition: pkcs11t.h:239
#define CKK_JUNIPER
Definition: pkcs11t.h:360
#define CKM_SHA512_KEY_DERIVATION
Definition: pkcs11t.h:789
#define CKK_SKIPJACK
Definition: pkcs11t.h:358
CK_ULONG CK_USER_TYPE
Definition: pkcs11t.h:262
#define CKR_KEY_NOT_NEEDED
Definition: pkcs11t.h:1075
#define CKM_IDEA_ECB
Definition: pkcs11t.h:758
#define CKR_ATTRIBUTE_VALUE_INVALID
Definition: pkcs11t.h:1054
#define CKM_ECDSA_KEY_PAIR_GEN
Definition: pkcs11t.h:888
#define CKM_TLS12_KEY_SAFE_DERIVE
Definition: pkcs11t.h:825
#define CKC_VENDOR_DEFINED
Definition: pkcs11t.h:410
#define CKM_RC5_CBC
Definition: pkcs11t.h:753
#define CKR_SIGNATURE_LEN_RANGE
Definition: pkcs11t.h:1107
#define CKM_ECDH1_DERIVE
Definition: pkcs11t.h:898
bool C_Decrypt(SessionHandle session, const std::vector< uint8_t, TAllocA > &encrypted_data, std::vector< uint8_t, TAllocB > &decrypted_data, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1942
#define CKA_NAME_HASH_ALGORITHM
Definition: pkcs11t.h:456
#define CKM_DES_ECB
Definition: pkcs11t.h:656
#define CKM_DES3_KEY_GEN
Definition: pkcs11t.h:664
#define CKM_CAST3_CBC
Definition: pkcs11t.h:734
#define CKF_USER_PIN_LOCKED
Definition: pkcs11t.h:216
#define CKR_KEY_SIZE_RANGE
Definition: pkcs11t.h:1072
#define CKM_AES_CTS
Definition: pkcs11t.h:922
#define CKK_ECDSA
Definition: pkcs11t.h:342
#define CKA_MECHANISM_TYPE
Definition: pkcs11t.h:553
#define CKM_AES_CFB8
Definition: pkcs11t.h:965
#define CKM_MD5
Definition: pkcs11t.h:690
#define CKM_CAMELLIA_ECB
Definition: pkcs11t.h:838
ReturnValue get_return_value() const
Definition: p11.h:2910
#define CKM_EC_KEY_PAIR_GEN
Definition: pkcs11t.h:889
#define CKM_RC5_KEY_GEN
Definition: pkcs11t.h:751
#define CKG_MGF1_SHA512
Definition: pkcs11t.h:1249
#define CKA_SUBPRIME_BITS
Definition: pkcs11t.h:489
#define CKA_DERIVE_TEMPLATE
Definition: pkcs11t.h:518
#define CKU_USER
Definition: pkcs11t.h:266
#define CKM_MD5_HMAC_GENERAL
Definition: pkcs11t.h:693
#define CKR_CRYPTOKI_ALREADY_INITIALIZED
Definition: pkcs11t.h:1143
HardwareType
Definition: p11.h:279
#define CKK_GOST28147
Definition: pkcs11t.h:383
#define CKF_USER_PIN_COUNT_LOW
Definition: pkcs11t.h:205
#define CKF_RW_SESSION
Definition: pkcs11t.h:289
#define CKM_GOST28147
Definition: pkcs11t.h:953
#define CKM_CONCATENATE_DATA_AND_BASE
Definition: pkcs11t.h:766
#define CKF_SO_PIN_TO_BE_CHANGED
Definition: pkcs11t.h:246
#define CKM_SKIPJACK_RELAYX
Definition: pkcs11t.h:875
#define CKM_WTLS_MASTER_KEY_DERIVE
Definition: pkcs11t.h:812
#define CKM_SHA512
Definition: pkcs11t.h:716
#define CKM_JUNIPER_CBC128
Definition: pkcs11t.h:907
#define CKM_CAMELLIA_CTR
Definition: pkcs11t.h:845
#define CKK_RIPEMD160_HMAC
Definition: pkcs11t.h:374
#define CKM_SHA512_256
Definition: pkcs11t.h:635
#define CKR_NEED_TO_CREATE_THREADS
Definition: pkcs11t.h:1048
#define CKA_PIXEL_Y
Definition: pkcs11t.h:544
Provides access to all PKCS#11 functions.
Definition: p11.h:901
const Bbool False
Definition: p11.h:856
#define CKM_GOSTR3410_DERIVE
Definition: pkcs11t.h:948
#define CKM_MD2_RSA_PKCS
Definition: pkcs11t.h:591
#define CKM_RSA_PKCS_PSS
Definition: pkcs11t.h:602
Definition: alg_id.cpp:13
CK_OBJECT_HANDLE ObjectHandle
Definition: p11.h:846
struct CK_SESSION_INFO CK_SESSION_INFO
#define CKA_TOKEN
Definition: pkcs11t.h:438
#define CKM_CMS_SIG
Definition: pkcs11t.h:832
#define CKR_CRYPTOKI_NOT_INITIALIZED
Definition: pkcs11t.h:1142
#define CKF_VERIFY
Definition: pkcs11t.h:1011
#define CKR_WRAPPING_KEY_HANDLE_INVALID
Definition: pkcs11t.h:1126
#define CKK_RSA
Definition: pkcs11t.h:339
#define CKM_MD2_HMAC_GENERAL
Definition: pkcs11t.h:688
#define CKM_SHA384_RSA_PKCS_PSS
Definition: pkcs11t.h:625
bool C_Sign(SessionHandle session, const std::vector< uint8_t, TAllocA > &data, std::vector< uint8_t, TAllocB > &signature, ReturnValue *return_value=ThrowException) const
Definition: p11.h:2185
#define CKR_TOKEN_NOT_PRESENT
Definition: pkcs11t.h:1110
#define CKF_SIGN_RECOVER
Definition: pkcs11t.h:1010
#define CKM_DES_CBC_ENCRYPT_DATA
Definition: pkcs11t.h:938
#define CKM_DES_KEY_GEN
Definition: pkcs11t.h:655
#define CKM_TLS_MASTER_KEY_DERIVE
Definition: pkcs11t.h:775
#define CKK_RC4
Definition: pkcs11t.h:348
#define CKR_UNWRAPPING_KEY_HANDLE_INVALID
Definition: pkcs11t.h:1113
#define CKM_WTLS_PRF
Definition: pkcs11t.h:814
CK_LOCKMUTEX LockMutex
Definition: p11.h:830
#define CKM_AES_ECB
Definition: pkcs11t.h:914
#define CKF_DECRYPT
Definition: pkcs11t.h:1007
#define CKO_DATA
Definition: pkcs11t.h:310
#define CKM_CAST3_MAC
Definition: pkcs11t.h:735
#define CKM_JUNIPER_SHUFFLE
Definition: pkcs11t.h:909
#define CKR_FUNCTION_REJECTED
Definition: pkcs11t.h:1156
#define CKA_GOSTR3411_PARAMS
Definition: pkcs11t.h:536
#define CKM_RIPEMD160_HMAC
Definition: pkcs11t.h:704
CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR
Definition: pkcs11t.h:1175
#define CKM_SKIPJACK_OFB64
Definition: pkcs11t.h:868
#define CKO_MECHANISM
Definition: pkcs11t.h:317
#define CKM_CAST_ECB
Definition: pkcs11t.h:727
#define CKA_APPLICATION
Definition: pkcs11t.h:441
#define CKA_OTP_USER_FRIENDLY_MODE
Definition: pkcs11t.h:523
#define CKA_SUPPORTED_CMS_ATTRIBUTES
Definition: pkcs11t.h:556
void initialize_token(Slot &slot, const std::string &label, const secure_string &so_pin, const secure_string &pin)
Definition: p11.cpp:46
#define CKO_HW_FEATURE
Definition: pkcs11t.h:315
#define CKF_SO_PIN_FINAL_TRY
Definition: pkcs11t.h:234
#define CKF_DONT_BLOCK
Definition: pkcs11t.h:1234
#define CKK_DES3
Definition: pkcs11t.h:351
bool C_Encrypt(SessionHandle session, const std::vector< uint8_t, TAllocA > &plaintext_data, std::vector< uint8_t, TAllocB > &encrypted_data, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1804
CK_BYTE CK_UTF8CHAR
Definition: pkcs11t.h:42
CK_ULONG CK_STATE
Definition: pkcs11t.h:271
#define CKP_PKCS5_PBKD2_HMAC_SHA224
Definition: pkcs11t.h:1721
#define CKM_SKIPJACK_CBC64
Definition: pkcs11t.h:867
#define CKK_TWOFISH
Definition: pkcs11t.h:364
CK_FLAGS Flags
Definition: p11.h:832
#define CKM_RC5_MAC
Definition: pkcs11t.h:754
bool C_InitToken(SlotId slot_id, const std::vector< uint8_t, TAlloc > &so_pin, const std::string &label, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1148
#define CKO_VENDOR_DEFINED
Definition: pkcs11t.h:320
#define CKM_CAST5_CBC_PAD
Definition: pkcs11t.h:749
#define CKR_TOKEN_NOT_RECOGNIZED
Definition: pkcs11t.h:1111
#define CKM_CAST5_MAC_GENERAL
Definition: pkcs11t.h:747
#define CKA_URL
Definition: pkcs11t.h:453
const Bbool True
Definition: p11.h:855
#define CKR_SESSION_PARALLEL_NOT_SUPPORTED
Definition: pkcs11t.h:1099
#define CKM_ECDH1_COFACTOR_DERIVE
Definition: pkcs11t.h:899
CK_ULONG CK_FLAGS
Definition: pkcs11t.h:54
#define CKA_NEVER_EXTRACTABLE
Definition: pkcs11t.h:496
#define CKK_SHA_1_HMAC
Definition: pkcs11t.h:372
#define CKF_DIGEST
Definition: pkcs11t.h:1008
#define CKM_CDMF_KEY_GEN
Definition: pkcs11t.h:673
#define CKK_CAST5
Definition: pkcs11t.h:354
#define CKA_CLASS
Definition: pkcs11t.h:437
#define CKM_CAMELLIA_CBC
Definition: pkcs11t.h:839
#define CKM_SHA224_HMAC_GENERAL
Definition: pkcs11t.h:712
#define CKD_SHA256_KDF
Definition: pkcs11t.h:1297
#define CKA_AC_ISSUER
Definition: pkcs11t.h:447
#define CKA_CHECK_VALUE
Definition: pkcs11t.h:457
CK_ULONG CK_CERTIFICATE_TYPE
Definition: pkcs11t.h:393
#define CKG_MGF1_SHA224
Definition: pkcs11t.h:1250
#define CKM_JUNIPER_WRAP
Definition: pkcs11t.h:910
#define CKM_SHA512_256_HMAC_GENERAL
Definition: pkcs11t.h:637
#define CKM_AES_KEY_WRAP_PAD
Definition: pkcs11t.h:970
#define CKM_TLS12_MASTER_KEY_DERIVE_DH
Definition: pkcs11t.h:824
#define CKM_CAST128_MAC
Definition: pkcs11t.h:746
CK_SLOT_ID SlotId
Definition: p11.h:835
#define CKA_VERIFY_RECOVER
Definition: pkcs11t.h:470
#define CKA_RESET_ON_INIT
Definition: pkcs11t.h:540
#define CKM_CAST_MAC
Definition: pkcs11t.h:729
#define CKM_DES3_MAC_GENERAL
Definition: pkcs11t.h:669
#define CKR_USER_TYPE_INVALID
Definition: pkcs11t.h:1119
#define CKA_BASE
Definition: pkcs11t.h:486
#define CKM_PKCS5_PBKD2
Definition: pkcs11t.h:807
#define CKA_OTP_TIME
Definition: pkcs11t.h:529
#define CKO_PRIVATE_KEY
Definition: pkcs11t.h:313
#define CKA_VERIFY
Definition: pkcs11t.h:469
#define CKM_X9_42_DH_PARAMETER_GEN
Definition: pkcs11t.h:959
#define CKF_ENCRYPT
Definition: pkcs11t.h:1006
#define CKH_VENDOR_DEFINED
Definition: pkcs11t.h:333
#define CKM_KIP_DERIVE
Definition: pkcs11t.h:833
#define CKM_AES_XCBC_MAC
Definition: pkcs11t.h:926
#define CKR_UNWRAPPING_KEY_SIZE_RANGE
Definition: pkcs11t.h:1114
#define CKR_SESSION_HANDLE_INVALID
Definition: pkcs11t.h:1098
#define CKM_RIPEMD160_HMAC_GENERAL
Definition: pkcs11t.h:705
#define CKA_BITS_PER_PIXEL
Definition: pkcs11t.h:549
#define CKF_RNG
Definition: pkcs11t.h:155
#define CKA_SUBPRIME
Definition: pkcs11t.h:485
#define CKR_USER_ALREADY_LOGGED_IN
Definition: pkcs11t.h:1116
#define CKM_SKIPJACK_ECB64
Definition: pkcs11t.h:866
#define CKM_SSL3_KEY_AND_MAC_DERIVE
Definition: pkcs11t.h:771
MechanismType
Definition: p11.h:335
#define CKM_RC2_CBC_PAD
Definition: pkcs11t.h:651
#define CKM_ARIA_MAC_GENERAL
Definition: pkcs11t.h:851
#define CKA_COLOR
Definition: pkcs11t.h:548
#define CKM_EXTRACT_KEY_FROM_KEY
Definition: pkcs11t.h:768
#define CKR_PIN_LEN_RANGE
Definition: pkcs11t.h:1091
#define CKC_X_509_ATTR_CERT
Definition: pkcs11t.h:408
#define CKA_SIGN_RECOVER
Definition: pkcs11t.h:468
#define CKM_BATON_CBC128
Definition: pkcs11t.h:883
#define CKM_RSA_PKCS_OAEP_TPM_1_1
Definition: pkcs11t.h:973
#define CKA_DEFAULT_CMS_ATTRIBUTES
Definition: pkcs11t.h:555
#define CKO_DOMAIN_PARAMETERS
Definition: pkcs11t.h:316
#define CKR_KEY_UNEXTRACTABLE
Definition: pkcs11t.h:1081
#define CKN_SURRENDER
Definition: pkcs11t.h:101
#define CKM_CAST3_ECB
Definition: pkcs11t.h:733
#define CKM_IDEA_MAC
Definition: pkcs11t.h:760
#define CKM_KEA_KEY_PAIR_GEN
Definition: pkcs11t.h:876
#define CKM_GOST28147_KEY_WRAP
Definition: pkcs11t.h:955
#define CKM_TLS_MAC
Definition: pkcs11t.h:826
#define CKM_AES_CBC
Definition: pkcs11t.h:915
bool C_SetAttributeValue(SessionHandle session, ObjectHandle object, std::map< AttributeType, std::vector< uint8_t, TAlloc >> &attribute_values, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1664
#define CKR_SESSION_READ_ONLY_EXISTS
Definition: pkcs11t.h:1103
#define CKM_DES_OFB8
Definition: pkcs11t.h:681
struct CK_SLOT_INFO CK_SLOT_INFO
#define CKK_BLOWFISH
Definition: pkcs11t.h:363
#define CKR_WRAPPED_KEY_LEN_RANGE
Definition: pkcs11t.h:1125
KeyDerivation
Definition: p11.h:193
#define CKF_SERIAL_SESSION
Definition: pkcs11t.h:290
#define CKA_KEY_GEN_MECHANISM
Definition: pkcs11t.h:498
struct CK_ECDH1_DERIVE_PARAMS CK_ECDH1_DERIVE_PARAMS
void CK_PTR CK_VOID_PTR
Definition: pkcs11t.h:66
#define CKR_MECHANISM_INVALID
Definition: pkcs11t.h:1083
#define CKM_PBE_MD2_DES_CBC
Definition: pkcs11t.h:792
#define CKM_CDMF_ECB
Definition: pkcs11t.h:674
#define CKM_SHA512_T
Definition: pkcs11t.h:640
#define CKR_KEY_FUNCTION_NOT_PERMITTED
Definition: pkcs11t.h:1079
#define CKM_DSA_KEY_PAIR_GEN
Definition: pkcs11t.h:605
#define CKK_SHA384_HMAC
Definition: pkcs11t.h:376
#define CKF_USER_PIN_TO_BE_CHANGED
Definition: pkcs11t.h:223
bool C_SignUpdate(SessionHandle session, const std::vector< uint8_t, TAlloc > &part, ReturnValue *return_value=ThrowException) const
Definition: p11.h:2250
#define CKR_VENDOR_DEFINED
Definition: pkcs11t.h:1158
#define CKA_DECRYPT
Definition: pkcs11t.h:464
#define CKA_OTP_TIME_INTERVAL
Definition: pkcs11t.h:522
#define CKM_ARIA_CBC_ENCRYPT_DATA
Definition: pkcs11t.h:854
#define CKP_PKCS5_PBKD2_HMAC_SHA512_256
Definition: pkcs11t.h:1726
#define CKM_DES3_MAC
Definition: pkcs11t.h:667
#define CKK_DES
Definition: pkcs11t.h:349
#define CKR_SESSION_READ_ONLY
Definition: pkcs11t.h:1100
#define CKK_CAST3
Definition: pkcs11t.h:353
#define CKF_EXCLUDE_TIME
Definition: pkcs11t.h:1810
#define CKM_DSA_SHA1
Definition: pkcs11t.h:607
#define CKM_GOST28147_MAC
Definition: pkcs11t.h:954
secure_vector< uint8_t > secure_string
Definition: p11.h:61
#define CKR_MECHANISM_PARAM_INVALID
Definition: pkcs11t.h:1084
#define CKM_WTLS_PRE_MASTER_KEY_GEN
Definition: pkcs11t.h:811
#define CKF_TOKEN_INITIALIZED
Definition: pkcs11t.h:193
#define CKK_SHA512_HMAC
Definition: pkcs11t.h:377
#define CKM_GOSTR3411_HMAC
Definition: pkcs11t.h:950
#define CKM_DES3_ECB_ENCRYPT_DATA
Definition: pkcs11t.h:939
CK_ULONG CK_RSA_PKCS_MGF_TYPE
Definition: pkcs11t.h:1241
#define CKM_ECDH_AES_KEY_WRAP
Definition: pkcs11t.h:902
#define CKM_PBE_SHA1_RC4_128
Definition: pkcs11t.h:800
#define CKA_EXPONENT_2
Definition: pkcs11t.h:481
#define CKP_PKCS5_PBKD2_HMAC_SHA384
Definition: pkcs11t.h:1723
PKCS11_ReturnError(ReturnValue return_val)
Definition: p11.h:2905
#define CKM_SHA224_KEY_DERIVATION
Definition: pkcs11t.h:790
#define CKM_CAST3_MAC_GENERAL
Definition: pkcs11t.h:736
#define CKA_VALUE_BITS
Definition: pkcs11t.h:492
#define CKK_DH
Definition: pkcs11t.h:341
#define CKR_KEY_HANDLE_INVALID
Definition: pkcs11t.h:1070
#define CKM_GOSTR3410_KEY_WRAP
Definition: pkcs11t.h:947
#define CKM_AES_GMAC
Definition: pkcs11t.h:928
#define CKA_DESTROYABLE
Definition: pkcs11t.h:503
struct CK_MECHANISM_INFO CK_MECHANISM_INFO
#define CKM_RIPEMD160
Definition: pkcs11t.h:703
#define CKR_NEW_PIN_MODE
Definition: pkcs11t.h:1147
#define CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN
Definition: pkcs11t.h:961
#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY
Definition: pkcs11t.h:454
#define CKM_CAST_CBC_PAD
Definition: pkcs11t.h:731
int error_code() const noexcept override
Definition: p11.h:2915
#define CKS_RW_PUBLIC_SESSION
Definition: pkcs11t.h:274
#define CKR_KEY_CHANGED
Definition: pkcs11t.h:1076
#define CKM_SHA512_256_HMAC
Definition: pkcs11t.h:636
CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE
Definition: pkcs11t.h:1714
#define CKM_PBE_MD5_CAST3_CBC
Definition: pkcs11t.h:795