Botan 3.9.0
Crypto and TLS for C&
p11.h
Go to the documentation of this file.
1/*
2* PKCS#11
3* (C) 2016 Daniel Neus, Sirrix AG
4* (C) 2016 Philipp Weber, Sirrix AG
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#ifndef BOTAN_P11_H_
10#define BOTAN_P11_H_
11
12#include <botan/exceptn.h>
13#include <botan/secmem.h>
14
15#include <map>
16#include <string>
17#include <vector>
18
19// NOLINTBEGIN(*-macro-usage,*-macro-parentheses)
20
21#define CK_PTR *
22
23#if defined(_MSC_VER)
24 #define CK_DECLARE_FUNCTION(returnType, name) returnType __declspec(dllimport) name
25#else
26 #define CK_DECLARE_FUNCTION(returnType, name) returnType name
27#endif
28
29#if defined(_MSC_VER)
30 #define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType __declspec(dllimport)(*name)
31#else
32 #define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType(*name)
33#endif
34
35#define CK_CALLBACK_FUNCTION(returnType, name) returnType(*name)
36
37#ifndef NULL_PTR
38 #define NULL_PTR nullptr
39#endif
40
41#if defined(_MSC_VER)
42 #pragma pack(push, cryptoki, 1)
43#endif
44
45// NOLINTEND(*-macro-usage,*-macro-parentheses)
46
47#include "pkcs11.h"
48
49#if defined(_MSC_VER)
50 #pragma pack(pop, cryptoki)
51#endif
52
53static_assert(
54 // NOLINTNEXTLINE(misc-redundant-expression) clang-tidy doesn't realize there are macros involved here
56 "The Botan PKCS#11 module was implemented against PKCS#11 v2.40. Please use the correct PKCS#11 headers.");
57
58namespace Botan {
59
60class Dynamically_Loaded_Library;
61
62namespace PKCS11 {
63
65
66// NOLINTBEGIN(*-enum-size)
67
177};
178
185
186/// Indicates if a stored certificate is a user certificate for which the corresponding private key is available
187/// on the token ("token user"), a CA certificate ("authority"), or another end-entity certificate ("other entity").
194
206
207enum class Flag : CK_FLAGS {
208 None = 0,
263};
264
265inline Flag operator|(Flag a, Flag b) {
266 // NOLINTNEXTLINE(clang-analyzer-optin.core.EnumCastOutOfRange)
267 return static_cast<Flag>(static_cast<CK_FLAGS>(a) | static_cast<CK_FLAGS>(b));
268}
269
278
285
332
667};
668
673
686
697
705
706enum class ReturnValue : CK_RV {
802};
803
809
810enum class PublicPointEncoding : uint32_t { Raw, Der };
811
812// NOLINTEND(*-enum-size)
813
817using CreateMutex = CK_CREATEMUTEX;
818using DestroyMutex = CK_DESTROYMUTEX;
819using LockMutex = CK_LOCKMUTEX;
820using UnlockMutex = CK_UNLOCKMUTEX;
822using Info = CK_INFO;
831using Notify = CK_NOTIFY;
836using Byte = CK_BYTE;
840using Date = CK_DATE;
841
842// NOLINTNEXTLINE(*-avoid-non-const-global-variables) TODO can this be made const?
844
847
849 return static_cast<Flags>(flags);
850}
851
852class Slot;
853
854/**
855* Initializes a token
856* @param slot The slot with the attached token that should be initialized
857* @param label The token label
858* @param so_pin PIN of the security officer. Will be set if the token is uninitialized other this has to be the current SO_PIN
859* @param pin The user PIN that will be set
860*/
862void initialize_token(Slot& slot, std::string_view label, const secure_string& so_pin, const secure_string& pin);
863
864/**
865* Change PIN with old PIN to new PIN
866* @param slot The slot with the attached token
867* @param old_pin The old user PIN
868* @param new_pin The new user PIN
869*/
870
871BOTAN_PUBLIC_API(2, 0) void change_pin(Slot& slot, const secure_string& old_pin, const secure_string& new_pin);
872
873/**
874* Change SO_PIN with old SO_PIN to new SO_PIN
875* @param slot The slot with the attached token
876* @param old_so_pin The old SO_PIN
877* @param new_so_pin The new SO_PIN
878*/
879BOTAN_PUBLIC_API(2, 0) void change_so_pin(Slot& slot, const secure_string& old_so_pin, const secure_string& new_so_pin);
880
881/**
882* Sets user PIN with SO_PIN
883* @param slot The slot with the attached token
884* @param so_pin PIN of the security officer
885* @param pin The user PIN that should be set
886*/
887BOTAN_PUBLIC_API(2, 0) void set_pin(Slot& slot, const secure_string& so_pin, const secure_string& pin);
888
889/// Provides access to all PKCS#11 functions
891 public:
892 /// @param ptr the functon list pointer to use. Can be retrieved via `LowLevel::C_GetFunctionList`
893 explicit LowLevel(FunctionListPtr ptr);
894
895 /****************************** General purpose functions ******************************/
896
897 /**
898 * C_Initialize initializes the Cryptoki library.
899 * @param init_args if this is not nullptr, it gets cast to (`C_InitializeArgs`) and dereferenced
900 * @param return_value default value (`ThrowException`): throw exception on error.
901 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
902 * At least the following PKCS#11 return values may be returned:
903 * \li ArgumentsBad \li CantLock \li CryptokiAlreadyInitialized
904 * \li FunctionFailed \li GeneralError \li HostMemory
905 * \li NeedToCreateThreads \li OK
906 * @return true on success, false otherwise
907 */
908 bool C_Initialize(VoidPtr init_args, ReturnValue* return_value = ThrowException) const;
909
910 /**
911 * C_Finalize indicates that an application is done with the Cryptoki library.
912 * @param reserved reserved. Should be nullptr
913 * @param return_value default value (`ThrowException`): throw exception on error.
914 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
915 * At least the following PKCS#11 return values may be returned:
916 * \li ArgumentsBad \li CryptokiNotInitialized \li FunctionFailed
917 * \li GeneralError \li HostMemory \li OK
918 * @return true on success, false otherwise
919 */
920 bool C_Finalize(VoidPtr reserved, ReturnValue* return_value = ThrowException) const;
921
922 /**
923 * C_GetInfo returns general information about Cryptoki.
924 * @param info_ptr location that receives information
925 * @param return_value default value (`ThrowException`): throw exception on error.
926 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
927 * At least the following PKCS#11 return values may be returned:
928 * \li ArgumentsBad \li CryptokiNotInitialized \li FunctionFailed
929 * \li GeneralError \li HostMemory \li OK
930 * @return true on success, false otherwise
931 */
932 bool C_GetInfo(Info* info_ptr, ReturnValue* return_value = ThrowException) const;
933
934 /**
935 * C_GetFunctionList returns the function list.
936 * @param pkcs11_module The PKCS#11 module
937 * @param function_list_ptr_ptr receives pointer to function list
938 * @param return_value default value (`ThrowException`): throw exception on error.
939 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
940 * At least the following PKCS#11 return values may be returned:
941 * \li ArgumentsBad \li FunctionFailed \li GeneralError
942 * \li HostMemory \li OK
943 * @return true on success, false otherwise
944 */
945 static bool C_GetFunctionList(Dynamically_Loaded_Library& pkcs11_module,
946 FunctionListPtr* function_list_ptr_ptr,
947 ReturnValue* return_value = ThrowException);
948
949 /****************************** Slot and token management functions ******************************/
950
951 /**
952 * C_GetSlotList obtains a list of slots in the system.
953 * @param token_present only slots with tokens
954 * @param slot_list_ptr receives array of slot IDs
955 * @param count_ptr receives number of slots
956 * @param return_value default value (`ThrowException`): throw exception on error.
957 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
958 * At least the following PKCS#11 return values may be returned:
959 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
960 * \li FunctionFailed \li GeneralError \li HostMemory
961 * \li OK
962 * @return true on success, false otherwise
963 */
964 bool C_GetSlotList(Bbool token_present,
965 SlotId* slot_list_ptr,
966 Ulong* count_ptr,
967 ReturnValue* return_value = ThrowException) const;
968
969 /**
970 * C_GetSlotList obtains a list of slots in the system.
971 * @param token_present only slots with tokens
972 * @param slot_ids receives vector of slot IDs
973 * @param return_value default value (`ThrowException`): throw exception on error.
974 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
975 * At least the following PKCS#11 return values may be returned:
976 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
977 * \li FunctionFailed \li GeneralError \li HostMemory
978 * \li OK
979 * @return true on success, false otherwise
980 */
981 bool C_GetSlotList(bool token_present,
982 std::vector<SlotId>& slot_ids,
983 ReturnValue* return_value = ThrowException) const;
984
985 /**
986 * C_GetSlotInfo obtains information about a particular slot in the system.
987 * @param slot_id the ID of the slot
988 * @param info_ptr receives the slot information
989 * @param return_value default value (`ThrowException`): throw exception on error.
990 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
991 * At least the following PKCS#11 return values may be returned:
992 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
993 * \li FunctionFailed \li GeneralError \li HostMemory
994 * \li OK \li SlotIdInvalid
995 * @return true on success, false otherwise
996 */
997 bool C_GetSlotInfo(SlotId slot_id, SlotInfo* info_ptr, ReturnValue* return_value = ThrowException) const;
998
999 /**
1000 * C_GetTokenInfo obtains information about a particular token in the system.
1001 * @param slot_id ID of the token's slot
1002 * @param info_ptr receives the token information
1003 * @param return_value default value (`ThrowException`): throw exception on error.
1004 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1005 * At least the following PKCS#11 return values may be returned:
1006 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1007 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1008 * \li HostMemory \li OK \li SlotIdInvalid
1009 * \li TokenNotPresent \li TokenNotRecognized \li ArgumentsBad
1010 * @return true on success, false otherwise
1011 */
1012 bool C_GetTokenInfo(SlotId slot_id, TokenInfo* info_ptr, ReturnValue* return_value = ThrowException) const;
1013
1014 /**
1015 * C_WaitForSlotEvent waits for a slot event (token insertion, removal, etc.) to occur.
1016 * @param flags blocking/nonblocking flag
1017 * @param slot_ptr location that receives the slot ID
1018 * @param reserved reserved. Should be NULL_PTR
1019 * @param return_value default value (`ThrowException`): throw exception on error.
1020 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1021 * At least the following PKCS#11 return values may be returned:
1022 * \li ArgumentsBad \li CryptokiNotInitialized \li FunctionFailed
1023 * \li GeneralError \li HostMemory \li NoEvent
1024 * \li OK
1025 * @return true on success, false otherwise
1026 */
1028 SlotId* slot_ptr,
1029 VoidPtr reserved,
1030 ReturnValue* return_value = ThrowException) const;
1031
1032 /**
1033 * C_GetMechanismList obtains a list of mechanism types supported by a token.
1034 * @param slot_id ID of token's slot
1035 * @param mechanism_list_ptr gets mech. array
1036 * @param count_ptr gets # of mechs.
1037 * @param return_value default value (`ThrowException`): throw exception on error.
1038 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1039 * At least the following PKCS#11 return values may be returned:
1040 * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1041 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1042 * \li GeneralError \li HostMemory \li OK
1043 * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1044 * \li ArgumentsBad
1045 * @return true on success, false otherwise
1046 */
1047 bool C_GetMechanismList(SlotId slot_id,
1048 MechanismType* mechanism_list_ptr,
1049 Ulong* count_ptr,
1050 ReturnValue* return_value = ThrowException) const;
1051
1052 /**
1053 * C_GetMechanismList obtains a list of mechanism types supported by a token.
1054 * @param slot_id ID of token's slot
1055 * @param mechanisms receives vector of supported mechanisms
1056 * @param return_value default value (`ThrowException`): throw exception on error.
1057 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1058 * At least the following PKCS#11 return values may be returned:
1059 * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1060 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1061 * \li GeneralError \li HostMemory \li OK
1062 * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1063 * \li ArgumentsBad
1064 * @return true on success, false otherwise
1065 */
1066 bool C_GetMechanismList(SlotId slot_id,
1067 std::vector<MechanismType>& mechanisms,
1068 ReturnValue* return_value = ThrowException) const;
1069
1070 /**
1071 * C_GetMechanismInfo obtains information about a particular mechanism possibly supported by a token.
1072 * @param slot_id ID of the token's slot
1073 * @param type type of mechanism
1074 * @param info_ptr receives mechanism info
1075 * @param return_value default value (`ThrowException`): throw exception on error.
1076 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1077 * At least the following PKCS#11 return values may be returned:
1078 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1079 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1080 * \li HostMemory \li MechanismInvalid \li OK
1081 * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1082 * \li ArgumentsBad
1083 * @return true on success, false otherwise
1084 */
1085 bool C_GetMechanismInfo(SlotId slot_id,
1086 MechanismType type,
1087 MechanismInfo* info_ptr,
1088 ReturnValue* return_value = ThrowException) const;
1089
1090 /**
1091 * C_InitToken initializes a token.
1092 * @param slot_id ID of the token's slot
1093 * @param so_pin_ptr the SO's initial PIN
1094 * @param so_pin_len length in bytes of the SO_PIN
1095 * @param label_ptr 32-byte token label (blank padded)
1096 * @param return_value default value (`ThrowException`): throw exception on error.
1097 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1098 * At least the following PKCS#11 return values may be returned:
1099 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1100 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1101 * \li GeneralError \li HostMemory \li OK
1102 * \li PinIncorrect \li PinLocked \li SessionExists
1103 * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1104 * \li TokenWriteProtected \li ArgumentsBad
1105 * @return true on success, false otherwise
1106 */
1107 bool C_InitToken(SlotId slot_id,
1108 Utf8Char* so_pin_ptr,
1109 Ulong so_pin_len,
1110 Utf8Char* label_ptr,
1111 ReturnValue* return_value = ThrowException) const;
1112
1113 /**
1114 * C_InitToken initializes a token.
1115 * @param slot_id ID of the token's slot
1116 * @param so_pin the SO's initial PIN
1117 * @param label token label (at max 32 bytes long)
1118 * @param return_value default value (`ThrowException`): throw exception on error.
1119 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1120 * At least the following PKCS#11 return values may be returned:
1121 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1122 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1123 * \li GeneralError \li HostMemory \li OK
1124 * \li PinIncorrect \li PinLocked \li SessionExists
1125 * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1126 * \li TokenWriteProtected \li ArgumentsBad
1127 * @return true on success, false otherwise
1128 */
1129 template <typename TAlloc>
1130 bool C_InitToken(SlotId slot_id,
1131 const std::vector<uint8_t, TAlloc>& so_pin,
1132 std::string_view label,
1133 ReturnValue* return_value = ThrowException) const {
1134 std::string padded_label(label);
1135 if(label.size() < 32) {
1136 padded_label.insert(padded_label.end(), 32 - label.size(), ' ');
1137 }
1138
1139 return C_InitToken(slot_id,
1140 reinterpret_cast<Utf8Char*>(const_cast<uint8_t*>(so_pin.data())),
1141 static_cast<Ulong>(so_pin.size()),
1142 reinterpret_cast<Utf8Char*>(const_cast<char*>(padded_label.c_str())),
1143 return_value);
1144 }
1145
1146 /**
1147 * C_InitPIN initializes the normal user's PIN.
1148 * @param session the session's handle
1149 * @param pin_ptr the normal user's PIN
1150 * @param pin_len length in bytes of the PIN
1151 * @param return_value default value (`ThrowException`): throw exception on error.
1152 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1153 * At least the following PKCS#11 return values may be returned:
1154 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1155 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1156 * \li GeneralError \li HostMemory \li OK
1157 * \li PinInvalid \li PinLenRange \li SessionClosed
1158 * \li SessionReadOnly \li SessionHandleInvalid \li TokenWriteProtected
1159 * \li UserNotLoggedIn \li ArgumentsBad
1160 * @return true on success, false otherwise
1161 */
1162 bool C_InitPIN(SessionHandle session,
1163 Utf8Char* pin_ptr,
1164 Ulong pin_len,
1165 ReturnValue* return_value = ThrowException) const;
1166
1167 /**
1168 * C_InitPIN initializes the normal user's PIN.
1169 * @param session the session's handle
1170 * @param pin the normal user's PIN
1171 * @param return_value default value (`ThrowException`): throw exception on error.
1172 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1173 * At least the following PKCS#11 return values may be returned:
1174 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1175 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1176 * \li GeneralError \li HostMemory \li OK
1177 * \li PinInvalid \li PinLenRange \li SessionClosed
1178 * \li SessionReadOnly \li SessionHandleInvalid \li TokenWriteProtected
1179 * \li UserNotLoggedIn \li ArgumentsBad
1180 * @return true on success, false otherwise
1181 */
1182 template <typename TAlloc>
1184 const std::vector<uint8_t, TAlloc>& pin,
1185 ReturnValue* return_value = ThrowException) const {
1186 return C_InitPIN(session,
1187 reinterpret_cast<Utf8Char*>(const_cast<uint8_t*>(pin.data())),
1188 static_cast<Ulong>(pin.size()),
1189 return_value);
1190 }
1191
1192 /**
1193 * C_SetPIN modifies the PIN of the user who is logged in.
1194 * @param session the session's handle
1195 * @param old_pin_ptr the old PIN
1196 * @param old_len length of the old PIN
1197 * @param new_pin_ptr the new PIN
1198 * @param new_len length of the new PIN
1199 * @param return_value default value (`ThrowException`): throw exception on error.
1200 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1201 * At least the following PKCS#11 return values may be returned:
1202 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1203 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1204 * \li GeneralError \li HostMemory \li OK
1205 * \li PinIncorrect \li PinInvalid \li PinLenRange
1206 * \li PinLocked \li SessionClosed \li SessionHandleInvalid
1207 * \li SessionReadOnly \li TokenWriteProtected \li ArgumentsBad
1208 * @return true on success, false otherwise
1209 */
1210 bool C_SetPIN(SessionHandle session,
1211 Utf8Char* old_pin_ptr,
1212 Ulong old_len,
1213 Utf8Char* new_pin_ptr,
1214 Ulong new_len,
1215 ReturnValue* return_value = ThrowException) const;
1216
1217 /**
1218 * C_SetPIN modifies the PIN of the user who is logged in.
1219 * @param session the session's handle
1220 * @param old_pin the old PIN
1221 * @param new_pin the new PIN
1222 * @param return_value default value (`ThrowException`): throw exception on error.
1223 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1224 * At least the following PKCS#11 return values may be returned:
1225 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1226 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1227 * \li GeneralError \li HostMemory \li OK
1228 * \li PinIncorrect \li PinInvalid \li PinLenRange
1229 * \li PinLocked \li SessionClosed \li SessionHandleInvalid
1230 * \li SessionReadOnly \li TokenWriteProtected \li ArgumentsBad
1231 * @return true on success, false otherwise
1232 */
1233 template <typename TAlloc>
1235 const std::vector<uint8_t, TAlloc>& old_pin,
1236 const std::vector<uint8_t, TAlloc>& new_pin,
1237 ReturnValue* return_value = ThrowException) const {
1238 return C_SetPIN(session,
1239 reinterpret_cast<Utf8Char*>(const_cast<uint8_t*>(old_pin.data())),
1240 static_cast<Ulong>(old_pin.size()),
1241 reinterpret_cast<Utf8Char*>(const_cast<uint8_t*>(new_pin.data())),
1242 static_cast<Ulong>(new_pin.size()),
1243 return_value);
1244 }
1245
1246 /****************************** Session management ******************************/
1247
1248 /**
1249 * C_OpenSession opens a session between an application and a token.
1250 * @param slot_id the slot's ID
1251 * @param flags from CK_SESSION_INFO
1252 * @param application passed to callback
1253 * @param notify callback function
1254 * @param session_ptr gets session handle
1255 * @param return_value default value (`ThrowException`): throw exception on error.
1256 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1257 * At least the following PKCS#11 return values may be returned:
1258 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1259 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1260 * \li HostMemory \li OK \li SessionCount
1261 * \li SessionParallelNotSupported \li SessionReadWriteSoExists \li SlotIdInvalid
1262 * \li TokenNotPresent \li TokenNotRecognized \li TokenWriteProtected
1263 * \li ArgumentsBad
1264 * @return true on success, false otherwise
1265 */
1266 bool C_OpenSession(SlotId slot_id,
1267 Flags flags,
1268 VoidPtr application,
1269 Notify notify,
1270 SessionHandle* session_ptr,
1271 ReturnValue* return_value = ThrowException) const;
1272
1273 /**
1274 * C_CloseSession closes a session between an application and a token.
1275 * @param session the session's handle
1276 * @param return_value default value (`ThrowException`): throw exception on error.
1277 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1278 * At least the following PKCS#11 return values may be returned:
1279 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1280 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1281 * \li HostMemory \li OK \li SessionClosed
1282 * \li SessionHandleInvalid
1283 * @return true on success, false otherwise
1284 */
1285 bool C_CloseSession(SessionHandle session, ReturnValue* return_value = ThrowException) const;
1286
1287 /**
1288 * C_CloseAllSessions closes all sessions with a token.
1289 * @param slot_id the token's slot
1290 * @param return_value default value (`ThrowException`): throw exception on error.
1291 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1292 * At least the following PKCS#11 return values may be returned:
1293 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1294 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1295 * \li HostMemory \li OK \li SlotIdInvalid
1296 * \li TokenNotPresent
1297 * @return true on success, false otherwise
1298 */
1299 bool C_CloseAllSessions(SlotId slot_id, ReturnValue* return_value = ThrowException) const;
1300
1301 /**
1302 * C_GetSessionInfo obtains information about the session.
1303 * @param session the session's handle
1304 * @param info_ptr receives session info
1305 * @param return_value default value (`ThrowException`): throw exception on error.
1306 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1307 * At least the following PKCS#11 return values may be returned:
1308 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1309 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1310 * \li HostMemory \li OK \li SessionClosed
1311 * \li SessionHandleInvalid \li ArgumentsBad
1312 * @return true on success, false otherwise
1313 */
1314 bool C_GetSessionInfo(SessionHandle session,
1315 SessionInfo* info_ptr,
1316 ReturnValue* return_value = ThrowException) const;
1317
1318 /**
1319 * C_GetOperationState obtains the state of the cryptographic operation in a session.
1320 * @param session session's handle
1321 * @param operation_state_ptr gets state
1322 * @param operation_state_len_ptr gets state length
1323 * @param return_value default value (`ThrowException`): throw exception on error.
1324 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1325 * At least the following PKCS#11 return values may be returned:
1326 * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1327 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1328 * \li GeneralError \li HostMemory \li OK
1329 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
1330 * \li StateUnsaveable \li ArgumentsBad
1331 * @return true on success, false otherwise
1332 */
1333 bool C_GetOperationState(SessionHandle session,
1334 Byte* operation_state_ptr,
1335 Ulong* operation_state_len_ptr,
1336 ReturnValue* return_value = ThrowException) const;
1337
1338 /**
1339 * C_SetOperationState restores the state of the cryptographic operation in a session.
1340 * @param session session's handle
1341 * @param operation_state_ptr holds state
1342 * @param operation_state_len holds state length
1343 * @param encryption_key en/decryption key
1344 * @param authentication_key sign/verify key
1345 * @param return_value default value (`ThrowException`): throw exception on error.
1346 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1347 * At least the following PKCS#11 return values may be returned:
1348 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1349 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1350 * \li HostMemory \li KeyChanged \li KeyNeeded
1351 * \li KeyNotNeeded \li OK \li SavedStateInvalid
1352 * \li SessionClosed \li SessionHandleInvalid \li ArgumentsBad
1353 * @return true on success, false otherwise
1354 */
1355 bool C_SetOperationState(SessionHandle session,
1356 Byte* operation_state_ptr,
1357 Ulong operation_state_len,
1358 ObjectHandle encryption_key,
1359 ObjectHandle authentication_key,
1360 ReturnValue* return_value = ThrowException) const;
1361
1362 /**
1363 * C_Login logs a user into a token.
1364 * @param session the session's handle
1365 * @param user_type the user type
1366 * @param pin_ptr the user's PIN
1367 * @param pin_len the length of the PIN
1368 * @param return_value default value (`ThrowException`): throw exception on error.
1369 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1370 * At least the following PKCS#11 return values may be returned:
1371 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1372 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1373 * \li FunctionFailed \li GeneralError \li HostMemory
1374 * \li OK \li OperationNotInitialized \li PinIncorrect
1375 * \li PinLocked \li SessionClosed \li SessionHandleInvalid
1376 * \li SessionReadOnlyExists \li UserAlreadyLoggedIn \li UserAnotherAlreadyLoggedIn
1377 * \li UserPinNotInitialized \li UserTooManyTypes \li UserTypeInvalid
1378 * @return true on success, false otherwise
1379 */
1380 bool C_Login(SessionHandle session,
1381 UserType user_type,
1382 Utf8Char* pin_ptr,
1383 Ulong pin_len,
1384 ReturnValue* return_value = ThrowException) const;
1385
1386 /**
1387 * C_Login logs a user into a token.
1388 * @param session the session's handle
1389 * @param user_type the user type
1390 * @param pin the user or security officer's PIN
1391 * @param return_value default value (`ThrowException`): throw exception on error.
1392 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1393 * At least the following PKCS#11 return values may be returned:
1394 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1395 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1396 * \li FunctionFailed \li GeneralError \li HostMemory
1397 * \li OK \li OperationNotInitialized \li PinIncorrect
1398 * \li PinLocked \li SessionClosed \li SessionHandleInvalid
1399 * \li SessionReadOnlyExists \li UserAlreadyLoggedIn \li UserAnotherAlreadyLoggedIn
1400 * \li UserPinNotInitialized \li UserTooManyTypes \li UserTypeInvalid
1401 * @return true on success, false otherwise
1402 */
1403 template <typename TAlloc>
1405 UserType user_type,
1406 const std::vector<uint8_t, TAlloc>& pin,
1407 ReturnValue* return_value = ThrowException) const {
1408 return C_Login(session,
1409 user_type,
1410 reinterpret_cast<Utf8Char*>(const_cast<uint8_t*>(pin.data())),
1411 static_cast<Ulong>(pin.size()),
1412 return_value);
1413 }
1414
1415 /**
1416 * C_Logout logs a user out from a token.
1417 * @param session the session's handle
1418 * @param return_value default value (`ThrowException`): throw exception on error.
1419 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1420 * At least the following PKCS#11 return values may be returned:
1421 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1422 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1423 * \li HostMemory \li OK \li SessionClosed
1424 * \li SessionHandleInvalid \li UserNotLoggedIn
1425 * @return true on success, false otherwise
1426 */
1427 bool C_Logout(SessionHandle session, ReturnValue* return_value = ThrowException) const;
1428
1429 /****************************** Object management functions ******************************/
1430
1431 /**
1432 * C_CreateObject creates a new object.
1433 * @param session the session's handle
1434 * @param attribute_template_ptr the object's template
1435 * @param count attributes in template
1436 * @param object_ptr gets new object's handle.
1437 * @param return_value default value (`ThrowException`): throw exception on error.
1438 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1439 * At least the following PKCS#11 return values may be returned:
1440 * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
1441 * \li AttributeValueInvalid \li CryptokiNotInitialized \li CurveNotSupported
1442 * \li DeviceError \li DeviceMemory \li DeviceRemoved
1443 * \li DomainParamsInvalid \li FunctionFailed \li GeneralError
1444 * \li HostMemory \li OK \li PinExpired
1445 * \li SessionClosed \li SessionHandleInvalid \li SessionReadOnly
1446 * \li TemplateIncomplete \li TemplateInconsistent \li TokenWriteProtected
1447 * \li UserNotLoggedIn
1448 * @return true on success, false otherwise
1449 */
1450 bool C_CreateObject(SessionHandle session,
1451 Attribute* attribute_template_ptr,
1452 Ulong count,
1453 ObjectHandle* object_ptr,
1454 ReturnValue* return_value = ThrowException) const;
1455
1456 /**
1457 * C_CopyObject copies an object, creating a new object for the copy.
1458 * @param session the session's handle
1459 * @param object the object's handle
1460 * @param attribute_template_ptr template for new object
1461 * @param count attributes in template
1462 * @param new_object_ptr receives handle of copy
1463 * @param return_value default value (`ThrowException`): throw exception on error.
1464 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1465 * At least the following PKCS#11 return values may be returned:
1466 * \li ActionProhibited \li ArgumentsBad \li AttributeReadOnly
1467 * \li AttributeTypeInvalid \li AttributeValueInvalid \li CryptokiNotInitialized
1468 * \li DeviceError \li DeviceMemory \li DeviceRemoved
1469 * \li FunctionFailed \li GeneralError \li HostMemory
1470 * \li ObjectHandleInvalid \li OK \li PinExpired
1471 * \li SessionClosed \li SessionHandleInvalid \li SessionReadOnly
1472 * \li TemplateInconsistent \li TokenWriteProtected \li UserNotLoggedIn
1473 * @return true on success, false otherwise
1474 */
1475 bool C_CopyObject(SessionHandle session,
1476 ObjectHandle object,
1477 Attribute* attribute_template_ptr,
1478 Ulong count,
1479 ObjectHandle* new_object_ptr,
1480 ReturnValue* return_value = ThrowException) const;
1481
1482 /**
1483 * C_DestroyObject destroys an object.
1484 * @param session the session's handle
1485 * @param object the object's handle
1486 * @param return_value default value (`ThrowException`): throw exception on error.
1487 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1488 * At least the following PKCS#11 return values may be returned:
1489 * \li ActionProhibited \li CryptokiNotInitialized \li DeviceError
1490 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1491 * \li GeneralError \li HostMemory \li ObjectHandleInvalid
1492 * \li OK \li PinExpired \li SessionClosed
1493 * \li SessionHandleInvalid \li SessionReadOnly \li TokenWriteProtected
1494 * @return true on success, false otherwise
1495 */
1496 bool C_DestroyObject(SessionHandle session,
1497 ObjectHandle object,
1498 ReturnValue* return_value = ThrowException) const;
1499
1500 /**
1501 * C_GetObjectSize gets the size of an object in bytes.
1502 * @param session the session's handle
1503 * @param object the object's handle
1504 * @param size_ptr receives size of object
1505 * @param return_value default value (`ThrowException`): throw exception on error.
1506 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1507 * At least the following PKCS#11 return values may be returned:
1508 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1509 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1510 * \li GeneralError \li HostMemory \li InformationSensitive
1511 * \li ObjectHandleInvalid \li OK \li SessionClosed
1512 * \li SessionHandleInvalid
1513 * @return true on success, false otherwise
1514 */
1515 bool C_GetObjectSize(SessionHandle session,
1516 ObjectHandle object,
1517 Ulong* size_ptr,
1518 ReturnValue* return_value = ThrowException) const;
1519
1520 /**
1521 * C_GetAttributeValue obtains the value of one or more object attributes.
1522 * @param session the session's handle
1523 * @param object the object's handle
1524 * @param attribute_template_ptr specifies attrs; gets vals
1525 * @param count attributes in template
1526 * @param return_value default value (`ThrowException`): throw exception on error.
1527 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1528 * At least the following PKCS#11 return values may be returned:
1529 * \li ArgumentsBad \li AttributeSensitive \li AttributeTypeInvalid
1530 * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1531 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1532 * \li GeneralError \li HostMemory \li ObjectHandleInvalid
1533 * \li OK \li SessionClosed \li SessionHandleInvalid
1534 * @return true on success, false otherwise
1535 */
1536 bool C_GetAttributeValue(SessionHandle session,
1537 ObjectHandle object,
1538 Attribute* attribute_template_ptr,
1539 Ulong count,
1540 ReturnValue* return_value = ThrowException) const;
1541
1542 /**
1543 * C_GetAttributeValue obtains the value of one or more object attributes.
1544 * @param session the session's handle
1545 * @param object the object's handle
1546 * @param attribute_values specifies attrs; gets vals
1547 * @param return_value default value (`ThrowException`): throw exception on error.
1548 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1549 * At least the following PKCS#11 return values may be returned:
1550 * \li ArgumentsBad \li AttributeSensitive \li AttributeTypeInvalid
1551 * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1552 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1553 * \li GeneralError \li HostMemory \li ObjectHandleInvalid
1554 * \li OK \li SessionClosed \li SessionHandleInvalid
1555 * @return true on success, false otherwise
1556 */
1557 template <typename TAlloc>
1559 ObjectHandle object,
1560 std::map<AttributeType, std::vector<uint8_t, TAlloc>>& attribute_values,
1561 ReturnValue* return_value = ThrowException) const {
1562 std::vector<Attribute> getter_template;
1563
1564 getter_template.reserve(attribute_values.size());
1565 for(const auto& entry : attribute_values) {
1566 getter_template.emplace_back(Attribute{static_cast<CK_ATTRIBUTE_TYPE>(entry.first), nullptr, 0});
1567 }
1568
1569 bool success = C_GetAttributeValue(session,
1570 object,
1571 const_cast<Attribute*>(getter_template.data()),
1572 static_cast<Ulong>(getter_template.size()),
1573 return_value);
1574
1575 if(!success) {
1576 return success;
1577 }
1578
1579 size_t i = 0;
1580 for(auto& entry : attribute_values) {
1581 entry.second.clear();
1582 entry.second.resize(getter_template.at(i).ulValueLen);
1583 getter_template.at(i).pValue = const_cast<uint8_t*>(entry.second.data());
1584 i++;
1585 }
1586
1587 return C_GetAttributeValue(session,
1588 object,
1589 const_cast<Attribute*>(getter_template.data()),
1590 static_cast<Ulong>(getter_template.size()),
1591 return_value);
1592 }
1593
1594 /**
1595 * C_SetAttributeValue modifies the value of one or more object attributes.
1596 * @param session the session's handle
1597 * @param object the object's handle
1598 * @param attribute_template_ptr specifies attrs and values
1599 * @param count attributes in template
1600 * @param return_value default value (`ThrowException`): throw exception on error.
1601 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1602 * At least the following PKCS#11 return values may be returned:
1603 * \li ActionProhibited \li ArgumentsBad \li AttributeReadOnly
1604 * \li AttributeTypeInvalid \li AttributeValueInvalid \li CryptokiNotInitialized
1605 * \li DeviceError \li DeviceMemory \li DeviceRemoved
1606 * \li FunctionFailed \li GeneralError \li HostMemory
1607 * \li ObjectHandleInvalid \li OK \li SessionClosed
1608 * \li SessionHandleInvalid \li SessionReadOnly \li TemplateInconsistent
1609 * \li TokenWriteProtected \li UserNotLoggedIn
1610 * @return true on success, false otherwise
1611 */
1612 bool C_SetAttributeValue(SessionHandle session,
1613 ObjectHandle object,
1614 Attribute* attribute_template_ptr,
1615 Ulong count,
1616 ReturnValue* return_value = ThrowException) const;
1617
1618 /**
1619 * C_SetAttributeValue modifies the value of one or more object attributes.
1620 * @param session the session's handle
1621 * @param object the object's handle
1622 * @param attribute_values specifies attrs and values
1623 * @param return_value default value (`ThrowException`): throw exception on error.
1624 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1625 * At least the following PKCS#11 return values may be returned:
1626 * \li ActionProhibited \li ArgumentsBad \li AttributeReadOnly
1627 * \li AttributeTypeInvalid \li AttributeValueInvalid \li CryptokiNotInitialized
1628 * \li DeviceError \li DeviceMemory \li DeviceRemoved
1629 * \li FunctionFailed \li GeneralError \li HostMemory
1630 * \li ObjectHandleInvalid \li OK \li SessionClosed
1631 * \li SessionHandleInvalid \li SessionReadOnly \li TemplateInconsistent
1632 * \li TokenWriteProtected \li UserNotLoggedIn
1633 * @return true on success, false otherwise
1634 */
1635 template <typename TAlloc>
1637 ObjectHandle object,
1638 std::map<AttributeType, std::vector<uint8_t, TAlloc>>& attribute_values,
1639 ReturnValue* return_value = ThrowException) const {
1640 std::vector<Attribute> setter_template;
1641
1642 setter_template.reserve(attribute_values.size());
1643 for(auto& entry : attribute_values) {
1644 setter_template.emplace_back(Attribute{static_cast<CK_ATTRIBUTE_TYPE>(entry.first),
1645 entry.second.data(),
1646 static_cast<CK_ULONG>(entry.second.size())});
1647 }
1648
1649 return C_SetAttributeValue(session,
1650 object,
1651 const_cast<Attribute*>(setter_template.data()),
1652 static_cast<Ulong>(setter_template.size()),
1653 return_value);
1654 }
1655
1656 /**
1657 * C_FindObjectsInit initializes a search for token and session objects that match a template.
1658 * @param session the session's handle
1659 * @param attribute_template_ptr attribute values to match
1660 * @param count attrs in search template
1661 * @param return_value default value (`ThrowException`): throw exception on error.
1662 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1663 * At least the following PKCS#11 return values may be returned:
1664 * \li ArgumentsBad \li AttributeTypeInvalid \li AttributeValueInvalid
1665 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1666 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1667 * \li HostMemory \li OK \li OperationActive
1668 * \li PinExpired \li SessionClosed \li SessionHandleInvalid
1669 * @return true on success, false otherwise
1670 */
1671 bool C_FindObjectsInit(SessionHandle session,
1672 Attribute* attribute_template_ptr,
1673 Ulong count,
1674 ReturnValue* return_value = ThrowException) const;
1675
1676 /**
1677 * C_FindObjects continues a search for token and session objects that match a template, obtaining additional object handles.
1678 * @param session session's handle
1679 * @param object_ptr gets obj. handles
1680 * @param max_object_count max handles to get
1681 * @param object_count_ptr actual # returned
1682 * @param return_value default value (`ThrowException`): throw exception on error.
1683 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1684 * At least the following PKCS#11 return values may be returned:
1685 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1686 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1687 * \li GeneralError \li HostMemory \li OK
1688 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
1689 * @return true on success, false otherwise
1690 */
1691 bool C_FindObjects(SessionHandle session,
1692 ObjectHandle* object_ptr,
1693 Ulong max_object_count,
1694 Ulong* object_count_ptr,
1695 ReturnValue* return_value = ThrowException) const;
1696
1697 /**
1698 * C_FindObjectsFinal finishes a search for token and session objects.
1699 * @param session the session's handle
1700 * @param return_value default value (`ThrowException`): throw exception on error.
1701 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1702 * At least the following PKCS#11 return values may be returned:
1703 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1704 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1705 * \li HostMemory \li OK \li OperationNotInitialized
1706 * \li SessionClosed \li SessionHandleInvalid
1707 * @return true on success, false otherwise
1708 */
1709 bool C_FindObjectsFinal(SessionHandle session, ReturnValue* return_value = ThrowException) const;
1710
1711 /****************************** Encryption functions ******************************/
1712
1713 /**
1714 * C_EncryptInit initializes an encryption operation.
1715 * @param session the session's handle
1716 * @param mechanism_ptr the encryption mechanism
1717 * @param key handle of encryption key
1718 * @param return_value default value (`ThrowException`): throw exception on error.
1719 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1720 * At least the following PKCS#11 return values may be returned:
1721 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1722 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1723 * \li GeneralError \li HostMemory \li KeyFunctionNotPermitted
1724 * \li KeyHandleInvalid \li KeySizeRange \li KeyTypeInconsistent
1725 * \li MechanismInvalid \li MechanismParamInvalid \li OK
1726 * \li OperationActive \li PinExpired \li SessionClosed
1727 * \li SessionHandleInvalid \li UserNotLoggedIn
1728 * @return true on success, false otherwise
1729 */
1730 bool C_EncryptInit(SessionHandle session,
1731 Mechanism* mechanism_ptr,
1732 ObjectHandle key,
1733 ReturnValue* return_value = ThrowException) const;
1734
1735 /**
1736 * C_Encrypt encrypts single-part data.
1737 * @param session session's handle
1738 * @param data_ptr the plaintext data
1739 * @param data_len size of plaintext data in bytes
1740 * @param encrypted_data gets ciphertext
1741 * @param encrypted_data_len_ptr gets c-text size
1742 * @param return_value default value (`ThrowException`): throw exception on error.
1743 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1744 * At least the following PKCS#11 return values may be returned:
1745 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1746 * \li DataInvalid \li DataLenRange \li DeviceError
1747 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1748 * \li FunctionFailed \li GeneralError \li HostMemory
1749 * \li OK \li OperationNotInitialized \li SessionClosed
1750 * \li SessionHandleInvalid
1751 * @return true on success, false otherwise
1752 */
1753 bool C_Encrypt(SessionHandle session,
1754 Byte* data_ptr,
1755 Ulong data_len,
1756 Byte* encrypted_data,
1757 Ulong* encrypted_data_len_ptr,
1758 ReturnValue* return_value = ThrowException) const;
1759
1760 /**
1761 * C_Encrypt encrypts single-part data.
1762 * @param session session's handle
1763 * @param plaintext_data the plaintext data
1764 * @param encrypted_data gets ciphertext
1765 * @param return_value default value (`ThrowException`): throw exception on error.
1766 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1767 * At least the following PKCS#11 return values may be returned:
1768 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1769 * \li DataInvalid \li DataLenRange \li DeviceError
1770 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1771 * \li FunctionFailed \li GeneralError \li HostMemory
1772 * \li OK \li OperationNotInitialized \li SessionClosed
1773 * \li SessionHandleInvalid
1774 * @return true on success, false otherwise
1775 */
1776 template <typename TAllocA, typename TAllocB>
1778 const std::vector<uint8_t, TAllocA>& plaintext_data,
1779 std::vector<uint8_t, TAllocB>& encrypted_data,
1780 ReturnValue* return_value = ThrowException) const {
1781 Ulong encrypted_size = 0;
1782 if(!C_Encrypt(session,
1783 const_cast<Byte*>((plaintext_data.data())),
1784 static_cast<Ulong>(plaintext_data.size()),
1785 nullptr,
1786 &encrypted_size,
1787 return_value)) {
1788 return false;
1789 }
1790
1791 encrypted_data.resize(encrypted_size);
1792 if(!C_Encrypt(session,
1793 const_cast<Byte*>(plaintext_data.data()),
1794 static_cast<Ulong>(plaintext_data.size()),
1795 encrypted_data.data(),
1796 &encrypted_size,
1797 return_value)) {
1798 return false;
1799 }
1800 encrypted_data.resize(encrypted_size);
1801 return true;
1802 }
1803
1804 /**
1805 * C_EncryptUpdate continues a multiple-part encryption operation.
1806 * @param session session's handle
1807 * @param part_ptr the plaintext data
1808 * @param part_len plaintext data len
1809 * @param encrypted_part_ptr gets ciphertext
1810 * @param encrypted_part_len_ptr gets c-text size
1811 * @param return_value default value (`ThrowException`): throw exception on error.
1812 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1813 * At least the following PKCS#11 return values may be returned:
1814 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1815 * \li DataLenRange \li DeviceError \li DeviceMemory
1816 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1817 * \li GeneralError \li HostMemory \li OK
1818 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
1819 * @return true on success, false otherwise
1820 */
1821 bool C_EncryptUpdate(SessionHandle session,
1822 Byte* part_ptr,
1823 Ulong part_len,
1824 Byte* encrypted_part_ptr,
1825 Ulong* encrypted_part_len_ptr,
1826 ReturnValue* return_value = ThrowException) const;
1827
1828 /**
1829 * C_EncryptFinal finishes a multiple-part encryption operation.
1830 * @param session session handle
1831 * @param last_encrypted_part_ptr last c-text
1832 * @param last_encrypted_part_len_ptr gets last size
1833 * @param return_value default value (`ThrowException`): throw exception on error.
1834 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1835 * At least the following PKCS#11 return values may be returned:
1836 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1837 * \li DataLenRange \li DeviceError \li DeviceMemory
1838 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1839 * \li GeneralError \li HostMemory \li OK
1840 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
1841 * @return true on success, false otherwise
1842 */
1843 bool C_EncryptFinal(SessionHandle session,
1844 Byte* last_encrypted_part_ptr,
1845 Ulong* last_encrypted_part_len_ptr,
1846 ReturnValue* return_value = ThrowException) const;
1847
1848 /****************************** Decryption functions ******************************/
1849
1850 /**
1851 * C_DecryptInit initializes a decryption operation.
1852 * @param session the session's handle
1853 * @param mechanism_ptr the decryption mechanism
1854 * @param key handle of decryption key
1855 * @param return_value default value (`ThrowException`): throw exception on error.
1856 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1857 * At least the following PKCS#11 return values may be returned:
1858 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1859 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1860 * \li FunctionFailed \li GeneralError \li HostMemory
1861 * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
1862 * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
1863 * \li OK \li OperationActive \li PinExpired
1864 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
1865 * @return true on success, false otherwise
1866 */
1867 bool C_DecryptInit(SessionHandle session,
1868 Mechanism* mechanism_ptr,
1869 ObjectHandle key,
1870 ReturnValue* return_value = ThrowException) const;
1871
1872 /**
1873 * C_Decrypt decrypts encrypted data in a single part.
1874 * @param session session's handle
1875 * @param encrypted_data_ptr ciphertext
1876 * @param encrypted_data_len ciphertext length
1877 * @param data_ptr gets plaintext
1878 * @param data_len_ptr gets p-text size
1879 * @param return_value default value (`ThrowException`): throw exception on error.
1880 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1881 * At least the following PKCS#11 return values may be returned:
1882 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1883 * \li DeviceError \li DeviceMemory \li DeviceRemoved
1884 * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
1885 * \li FunctionFailed \li GeneralError \li HostMemory
1886 * \li OK \li OperationNotInitialized \li SessionClosed
1887 * \li SessionHandleInvalid \li UserNotLoggedIn
1888 * @return true on success, false otherwise
1889 */
1890 bool C_Decrypt(SessionHandle session,
1891 Byte* encrypted_data_ptr,
1892 Ulong encrypted_data_len,
1893 Byte* data_ptr,
1894 Ulong* data_len_ptr,
1895 ReturnValue* return_value = ThrowException) const;
1896
1897 /**
1898 * C_Decrypt decrypts encrypted data in a single part.
1899 * @param session session's handle
1900 * @param encrypted_data ciphertext
1901 * @param decrypted_data gets plaintext
1902 * @param return_value default value (`ThrowException`): throw exception on error.
1903 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1904 * At least the following PKCS#11 return values may be returned:
1905 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1906 * \li DeviceError \li DeviceMemory \li DeviceRemoved
1907 * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
1908 * \li FunctionFailed \li GeneralError \li HostMemory
1909 * \li OK \li OperationNotInitialized \li SessionClosed
1910 * \li SessionHandleInvalid \li UserNotLoggedIn
1911 * @return true on success, false otherwise
1912 */
1913 template <typename TAllocA, typename TAllocB>
1915 const std::vector<uint8_t, TAllocA>& encrypted_data,
1916 std::vector<uint8_t, TAllocB>& decrypted_data,
1917 ReturnValue* return_value = ThrowException) const {
1918 Ulong decrypted_size = 0;
1919 if(!C_Decrypt(session,
1920 const_cast<Byte*>((encrypted_data.data())),
1921 static_cast<Ulong>(encrypted_data.size()),
1922 nullptr,
1923 &decrypted_size,
1924 return_value)) {
1925 return false;
1926 }
1927
1928 decrypted_data.resize(decrypted_size);
1929 if(!C_Decrypt(session,
1930 const_cast<Byte*>(encrypted_data.data()),
1931 static_cast<Ulong>(encrypted_data.size()),
1932 decrypted_data.data(),
1933 &decrypted_size,
1934 return_value)) {
1935 return false;
1936 }
1937 decrypted_data.resize(decrypted_size);
1938 return true;
1939 }
1940
1941 /**
1942 * C_DecryptUpdate continues a multiple-part decryption operation.
1943 * @param session session's handle
1944 * @param encrypted_part_ptr encrypted data
1945 * @param encrypted_part_len input length
1946 * @param part_ptr gets plaintext
1947 * @param part_len_ptr p-text size
1948 * @param return_value default value (`ThrowException`): throw exception on error.
1949 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1950 * At least the following PKCS#11 return values may be returned:
1951 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1952 * \li DeviceError \li DeviceMemory \li DeviceRemoved
1953 * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
1954 * \li FunctionFailed \li GeneralError \li HostMemory
1955 * \li OK \li OperationNotInitialized \li SessionClosed
1956 * \li SessionHandleInvalid \li UserNotLoggedIn
1957 * @return true on success, false otherwise
1958 */
1959 bool C_DecryptUpdate(SessionHandle session,
1960 Byte* encrypted_part_ptr,
1961 Ulong encrypted_part_len,
1962 Byte* part_ptr,
1963 Ulong* part_len_ptr,
1964 ReturnValue* return_value = ThrowException) const;
1965
1966 /**
1967 * C_DecryptFinal finishes a multiple-part decryption operation.
1968 * @param session the session's handle
1969 * @param last_part_ptr gets plaintext
1970 * @param last_part_len_ptr p-text size
1971 * @param return_value default value (`ThrowException`): throw exception on error.
1972 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1973 * At least the following PKCS#11 return values may be returned:
1974 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1975 * \li DeviceError \li DeviceMemory \li DeviceRemoved
1976 * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
1977 * \li FunctionFailed \li GeneralError \li HostMemory
1978 * \li OK \li OperationNotInitialized \li SessionClosed
1979 * \li SessionHandleInvalid \li UserNotLoggedIn
1980 * @return true on success, false otherwise
1981 */
1982 bool C_DecryptFinal(SessionHandle session,
1983 Byte* last_part_ptr,
1984 Ulong* last_part_len_ptr,
1985 ReturnValue* return_value = ThrowException) const;
1986
1987 /****************************** Message digesting functions ******************************/
1988
1989 /**
1990 * C_DigestInit initializes a message-digesting operation.
1991 * @param session the session's handle
1992 * @param mechanism_ptr the digesting mechanism
1993 * @param return_value default value (`ThrowException`): throw exception on error.
1994 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1995 * At least the following PKCS#11 return values may be returned:
1996 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1997 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1998 * \li FunctionFailed \li GeneralError \li HostMemory
1999 * \li MechanismInvalid \li MechanismParamInvalid \li OK
2000 * \li OperationActive \li PinExpired \li SessionClosed
2001 * \li SessionHandleInvalid \li UserNotLoggedIn
2002 * @return true on success, false otherwise
2003 */
2004 bool C_DigestInit(SessionHandle session,
2005 Mechanism* mechanism_ptr,
2006 ReturnValue* return_value = ThrowException) const;
2007
2008 /**
2009 * C_Digest digests data in a single part.
2010 * @param session the session's handle
2011 * @param data_ptr data to be digested
2012 * @param data_len bytes of data to digest
2013 * @param digest_ptr gets the message digest
2014 * @param digest_len_ptr gets digest length
2015 * @param return_value default value (`ThrowException`): throw exception on error.
2016 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2017 * At least the following PKCS#11 return values may be returned:
2018 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2019 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2020 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2021 * \li HostMemory \li OK \li OperationNotInitialized
2022 * \li SessionClosed \li SessionHandleInvalid
2023 * @return true on success, false otherwise
2024 */
2025 bool C_Digest(SessionHandle session,
2026 Byte* data_ptr,
2027 Ulong data_len,
2028 Byte* digest_ptr,
2029 Ulong* digest_len_ptr,
2030 ReturnValue* return_value = ThrowException) const;
2031
2032 /**
2033 * C_DigestUpdate continues a multiple-part message-digesting operation.
2034 * @param session the session's handle
2035 * @param part_ptr data to be digested
2036 * @param part_len bytes of data to be digested
2037 * @param return_value default value (`ThrowException`): throw exception on error.
2038 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2039 * At least the following PKCS#11 return values may be returned:
2040 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2041 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2042 * \li FunctionFailed \li GeneralError \li HostMemory
2043 * \li OK \li OperationNotInitialized \li SessionClosed
2044 * \li SessionHandleInvalid
2045 * @return true on success, false otherwise
2046 */
2047 bool C_DigestUpdate(SessionHandle session,
2048 Byte* part_ptr,
2049 Ulong part_len,
2050 ReturnValue* return_value = ThrowException) const;
2051
2052 /**
2053 * C_DigestKey continues a multi-part message-digesting operation, by digesting the value of a secret key as part of the data already digested.
2054 * @param session the session's handle
2055 * @param key secret key to digest
2056 * @param return_value default value (`ThrowException`): throw exception on error.
2057 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2058 * At least the following PKCS#11 return values may be returned:
2059 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
2060 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2061 * \li GeneralError \li HostMemory \li KeyHandleInvalid
2062 * \li KeyIndigestible \li KeySizeRange \li OK
2063 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2064 * @return true on success, false otherwise
2065 */
2066 bool C_DigestKey(SessionHandle session, ObjectHandle key, ReturnValue* return_value = ThrowException) const;
2067
2068 /**
2069 * C_DigestFinal finishes a multiple-part message-digesting operation.
2070 * @param session the session's handle
2071 * @param digest_ptr gets the message digest
2072 * @param digest_len_ptr gets uint8_t count of digest
2073 * @param return_value default value (`ThrowException`): throw exception on error.
2074 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2075 * At least the following PKCS#11 return values may be returned:
2076 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2077 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2078 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2079 * \li HostMemory \li OK \li OperationNotInitialized
2080 * \li SessionClosed \li SessionHandleInvalid
2081 * @return true on success, false otherwise
2082 */
2083 bool C_DigestFinal(SessionHandle session,
2084 Byte* digest_ptr,
2085 Ulong* digest_len_ptr,
2086 ReturnValue* return_value = ThrowException) const;
2087
2088 /****************************** Signing and MACing functions ******************************/
2089
2090 /**
2091 * C_SignInit initializes a signature (private key encryption) operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2092 * @param session the session's handle
2093 * @param mechanism_ptr the signature mechanism
2094 * @param key handle of signature key
2095 * @param return_value default value (`ThrowException`): throw exception on error.
2096 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2097 * At least the following PKCS#11 return values may be returned:
2098 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2099 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2100 * \li FunctionFailed \li GeneralError \li HostMemory
2101 * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
2102 * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
2103 * \li OK \li OperationActive \li PinExpired
2104 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2105 * @return true on success, false otherwise
2106 */
2107 bool C_SignInit(SessionHandle session,
2108 Mechanism* mechanism_ptr,
2109 ObjectHandle key,
2110 ReturnValue* return_value = ThrowException) const;
2111
2112 /**
2113 * C_Sign signs (encrypts with private key) data in a single part, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2114 * @param session the session's handle
2115 * @param data_ptr the data to sign
2116 * @param data_len count of bytes to sign
2117 * @param signature_ptr gets the signature
2118 * @param signature_len_ptr gets signature length
2119 * @param return_value default value (`ThrowException`): throw exception on error.
2120 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2121 * At least the following PKCS#11 return values may be returned:
2122 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2123 * \li DataInvalid \li DataLenRange \li DeviceError
2124 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2125 * \li FunctionFailed \li GeneralError \li HostMemory
2126 * \li OK \li OperationNotInitialized \li SessionClosed
2127 * \li SessionHandleInvalid \li UserNotLoggedIn \li FunctionRejected
2128 * @return true on success, false otherwise
2129 */
2130 bool C_Sign(SessionHandle session,
2131 const Byte* data_ptr,
2132 Ulong data_len,
2133 Byte* signature_ptr,
2134 Ulong* signature_len_ptr,
2135 ReturnValue* return_value = ThrowException) const;
2136
2137 /**
2138 * C_Sign signs (encrypts with private key) data in a single part, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2139 * @param session the session's handle
2140 * @param data the data to sign
2141 * @param signature gets the signature
2142 * @param return_value default value (`ThrowException`): throw exception on error.
2143 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2144 * At least the following PKCS#11 return values may be returned:
2145 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2146 * \li DataInvalid \li DataLenRange \li DeviceError
2147 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2148 * \li FunctionFailed \li GeneralError \li HostMemory
2149 * \li OK \li OperationNotInitialized \li SessionClosed
2150 * \li SessionHandleInvalid \li UserNotLoggedIn \li FunctionRejected
2151 * @return true on success, false otherwise
2152 */
2153 template <typename TAllocA, typename TAllocB>
2154 bool C_Sign(SessionHandle session,
2155 const std::vector<uint8_t, TAllocA>& data,
2156 std::vector<uint8_t, TAllocB>& signature,
2157 ReturnValue* return_value = ThrowException) const {
2158 Ulong signature_size = 0;
2159 if(!C_Sign(session, data.data(), static_cast<Ulong>(data.size()), nullptr, &signature_size, return_value)) {
2160 return false;
2161 }
2162
2163 signature.resize(signature_size);
2164 if(!C_Sign(session,
2165 data.data(),
2166 static_cast<Ulong>(data.size()),
2167 signature.data(),
2168 &signature_size,
2169 return_value)) {
2170 return false;
2171 }
2172 signature.resize(signature_size);
2173 return true;
2174 }
2175
2176 /**
2177 * C_SignUpdate continues a multiple-part signature operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2178 * @param session the session's handle
2179 * @param part_ptr the data to sign
2180 * @param part_len count of bytes to sign
2181 * @param return_value default value (`ThrowException`): throw exception on error.
2182 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2183 * At least the following PKCS#11 return values may be returned:
2184 * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2185 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2186 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2187 * \li HostMemory \li OK \li OperationNotInitialized
2188 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2189 * @return true on success, false otherwise
2190 */
2191 bool C_SignUpdate(SessionHandle session,
2192 const Byte* part_ptr,
2193 Ulong part_len,
2194 ReturnValue* return_value = ThrowException) const;
2195
2196 /**
2197 * C_SignUpdate continues a multiple-part signature operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2198 * @param session the session's handle
2199 * @param part the data to sign
2200 * @param return_value default value (`ThrowException`): throw exception on error.
2201 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2202 * At least the following PKCS#11 return values may be returned:
2203 * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2204 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2205 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2206 * \li HostMemory \li OK \li OperationNotInitialized
2207 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2208 * @return true on success, false otherwise
2209 */
2210 template <typename TAlloc>
2212 const std::vector<uint8_t, TAlloc>& part,
2213 ReturnValue* return_value = ThrowException) const {
2214 return C_SignUpdate(session, part.data(), static_cast<Ulong>(part.size()), return_value);
2215 }
2216
2217 /**
2218 * C_SignFinal finishes a multiple-part signature operation, returning the signature.
2219 * @param session the session's handle
2220 * @param signature_ptr gets the signature
2221 * @param signature_len_ptr gets signature length
2222 * @param return_value default value (`ThrowException`): throw exception on error.
2223 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2224 * At least the following PKCS#11 return values may be returned:
2225 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2226 * \li DataLenRange \li DeviceError \li DeviceMemory
2227 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2228 * \li GeneralError \li HostMemory \li OK
2229 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2230 * \li UserNotLoggedIn \li FunctionRejected
2231 * @return true on success, false otherwise
2232 */
2233 bool C_SignFinal(SessionHandle session,
2234 Byte* signature_ptr,
2235 Ulong* signature_len_ptr,
2236 ReturnValue* return_value = ThrowException) const;
2237
2238 /**
2239 * C_SignFinal finishes a multiple-part signature operation, returning the signature.
2240 * @param session the session's handle
2241 * @param signature gets the signature
2242 * @param return_value default value (`ThrowException`): throw exception on error.
2243 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2244 * At least the following PKCS#11 return values may be returned:
2245 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2246 * \li DataLenRange \li DeviceError \li DeviceMemory
2247 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2248 * \li GeneralError \li HostMemory \li OK
2249 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2250 * \li UserNotLoggedIn \li FunctionRejected
2251 * @return true on success, false otherwise
2252 */
2253 template <typename TAlloc>
2255 std::vector<uint8_t, TAlloc>& signature,
2256 ReturnValue* return_value = ThrowException) const {
2257 Ulong signature_size = 0;
2258 if(!C_SignFinal(session, nullptr, &signature_size, return_value)) {
2259 return false;
2260 }
2261
2262 signature.resize(signature_size);
2263 if(!C_SignFinal(session, signature.data(), &signature_size, return_value)) {
2264 return false;
2265 }
2266 signature.resize(signature_size);
2267 return true;
2268 }
2269
2270 /**
2271 * C_SignRecoverInit initializes a signature operation, where the data can be recovered from the signature.
2272 * @param session the session's handle
2273 * @param mechanism_ptr the signature mechanism
2274 * @param key handle of the signature key
2275 * @param return_value default value (`ThrowException`): throw exception on error.
2276 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2277 * At least the following PKCS#11 return values may be returned:
2278 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2279 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2280 * \li FunctionFailed \li GeneralError \li HostMemory
2281 * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
2282 * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
2283 * \li OK \li OperationActive \li PinExpired
2284 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2285 * @return true on success, false otherwise
2286 */
2287 bool C_SignRecoverInit(SessionHandle session,
2288 Mechanism* mechanism_ptr,
2289 ObjectHandle key,
2290 ReturnValue* return_value = ThrowException) const;
2291
2292 /**
2293 * C_SignRecover signs data in a single operation, where the data can be recovered from the signature.
2294 * @param session the session's handle
2295 * @param data_ptr the data to sign
2296 * @param data_len count of bytes to sign
2297 * @param signature_ptr gets the signature
2298 * @param signature_len_ptr gets signature length
2299 * @param return_value default value (`ThrowException`): throw exception on error.
2300 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2301 * At least the following PKCS#11 return values may be returned:
2302 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2303 * \li DataInvalid \li DataLenRange \li DeviceError
2304 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2305 * \li FunctionFailed \li GeneralError \li HostMemory
2306 * \li OK \li OperationNotInitialized \li SessionClosed
2307 * \li SessionHandleInvalid \li UserNotLoggedIn
2308 * @return true on success, false otherwise
2309 */
2310 bool C_SignRecover(SessionHandle session,
2311 Byte* data_ptr,
2312 Ulong data_len,
2313 Byte* signature_ptr,
2314 Ulong* signature_len_ptr,
2315 ReturnValue* return_value = ThrowException) const;
2316
2317 /****************************** Functions for verifying signatures and MACs ******************************/
2318
2319 /**
2320 * C_VerifyInit initializes a verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature (e.g. DSA).
2321 * @param session the session's handle
2322 * @param mechanism_ptr the verification mechanism
2323 * @param key verification key
2324 * @param return_value default value (`ThrowException`): throw exception on error.
2325 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2326 * At least the following PKCS#11 return values may be returned:
2327 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2328 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2329 * \li FunctionFailed \li GeneralError \li HostMemory
2330 * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
2331 * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
2332 * \li OK \li OperationActive \li PinExpired
2333 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2334 * @return true on success, false otherwise
2335 */
2336 bool C_VerifyInit(SessionHandle session,
2337 Mechanism* mechanism_ptr,
2338 ObjectHandle key,
2339 ReturnValue* return_value = ThrowException) const;
2340
2341 /**
2342 * C_Verify verifies a signature in a single-part operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
2343 * @param session the session's handle
2344 * @param data_ptr signed data
2345 * @param data_len length of signed data
2346 * @param signature_ptr signature
2347 * @param signature_len signature length
2348 * @param return_value default value (`ThrowException`): throw exception on error.
2349 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2350 * At least the following PKCS#11 return values may be returned:
2351 * \li ArgumentsBad \li CryptokiNotInitialized \li DataInvalid
2352 * \li DataLenRange \li DeviceError \li DeviceMemory
2353 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2354 * \li GeneralError \li HostMemory \li OK
2355 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2356 * \li SignatureInvalid \li SignatureLenRange
2357 * @return true on success, false otherwise
2358 */
2359 bool C_Verify(SessionHandle session,
2360 const Byte* data_ptr,
2361 Ulong data_len,
2362 const Byte* signature_ptr,
2363 Ulong signature_len,
2364 ReturnValue* return_value = ThrowException) const;
2365
2366 /**
2367 * C_Verify verifies a signature in a single-part operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
2368 * @param session the session's handle
2369 * @param data signed data
2370 * @param signature signature
2371 * @param return_value default value (`ThrowException`): throw exception on error.
2372 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2373 * At least the following PKCS#11 return values may be returned:
2374 * \li ArgumentsBad \li CryptokiNotInitialized \li DataInvalid
2375 * \li DataLenRange \li DeviceError \li DeviceMemory
2376 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2377 * \li GeneralError \li HostMemory \li OK
2378 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2379 * \li SignatureInvalid \li SignatureLenRange
2380 * @return true on success, false otherwise
2381 */
2382 template <typename TAllocA, typename TAllocB>
2384 const std::vector<uint8_t, TAllocA>& data,
2385 std::vector<uint8_t, TAllocB>& signature,
2386 ReturnValue* return_value = ThrowException) const {
2387 return C_Verify(session,
2388 data.data(),
2389 static_cast<Ulong>(data.size()),
2390 signature.data(),
2391 static_cast<Ulong>(signature.size()),
2392 return_value);
2393 }
2394
2395 /**
2396 * C_VerifyUpdate continues a multiple-part verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
2397 * @param session the session's handle
2398 * @param part_ptr signed data
2399 * @param part_len length of signed data
2400 * @param return_value default value (`ThrowException`): throw exception on error.
2401 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2402 * At least the following PKCS#11 return values may be returned:
2403 * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2404 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2405 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2406 * \li HostMemory \li OK \li OperationNotInitialized
2407 * \li SessionClosed \li SessionHandleInvalid
2408 * @return true on success, false otherwise
2409 */
2410 bool C_VerifyUpdate(SessionHandle session,
2411 const Byte* part_ptr,
2412 Ulong part_len,
2413 ReturnValue* return_value = ThrowException) const;
2414
2415 /**
2416 * C_VerifyUpdate continues a multiple-part verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
2417 * @param session the session's handle
2418 * @param part signed data
2419 * @param return_value default value (`ThrowException`): throw exception on error.
2420 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2421 * At least the following PKCS#11 return values may be returned:
2422 * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2423 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2424 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2425 * \li HostMemory \li OK \li OperationNotInitialized
2426 * \li SessionClosed \li SessionHandleInvalid
2427 * @return true on success, false otherwise
2428 */
2429 template <typename TAlloc>
2431 std::vector<uint8_t, TAlloc> part,
2432 ReturnValue* return_value = ThrowException) const {
2433 return C_VerifyUpdate(session, part.data(), static_cast<Ulong>(part.size()), return_value);
2434 }
2435
2436 /**
2437 * C_VerifyFinal finishes a multiple-part verification operation, checking the signature.
2438 * @param session the session's handle
2439 * @param signature_ptr signature to verify
2440 * @param signature_len signature length
2441 * @param return_value default value (`ThrowException`): throw exception on error.
2442 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2443 * At least the following PKCS#11 return values may be returned:
2444 * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2445 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2446 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2447 * \li HostMemory \li OK \li OperationNotInitialized
2448 * \li SessionClosed \li SessionHandleInvalid \li SignatureInvalid
2449 * \li SignatureLenRange
2450 * @return true on success, false otherwise
2451 */
2452 bool C_VerifyFinal(SessionHandle session,
2453 const Byte* signature_ptr,
2454 Ulong signature_len,
2455 ReturnValue* return_value = ThrowException) const;
2456
2457 /**
2458 * C_VerifyRecoverInit initializes a signature verification operation, where the data is recovered from the signature.
2459 * @param session the session's handle
2460 * @param mechanism_ptr the verification mechanism
2461 * @param key verification key
2462 * @param return_value default value (`ThrowException`): throw exception on error.
2463 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2464 * At least the following PKCS#11 return values may be returned:
2465 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2466 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2467 * \li FunctionFailed \li GeneralError \li HostMemory
2468 * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
2469 * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
2470 * \li OK \li OperationActive \li PinExpired
2471 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2472 * @return true on success, false otherwise
2473 */
2474 bool C_VerifyRecoverInit(SessionHandle session,
2475 Mechanism* mechanism_ptr,
2476 ObjectHandle key,
2477 ReturnValue* return_value = ThrowException) const;
2478
2479 /**
2480 * C_VerifyRecover verifies a signature in a single-part operation, where the data is recovered from the signature.
2481 * @param session the session's handle
2482 * @param signature_ptr signature to verify
2483 * @param signature_len signature length
2484 * @param data_ptr gets signed data
2485 * @param data_len_ptr gets signed data len
2486 * @param return_value default value (`ThrowException`): throw exception on error.
2487 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2488 * At least the following PKCS#11 return values may be returned:
2489 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2490 * \li DataInvalid \li DataLenRange \li DeviceError
2491 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2492 * \li FunctionFailed \li GeneralError \li HostMemory
2493 * \li OK \li OperationNotInitialized \li SessionClosed
2494 * \li SessionHandleInvalid \li SignatureLenRange \li SignatureInvalid
2495 * @return true on success, false otherwise
2496 */
2497 bool C_VerifyRecover(SessionHandle session,
2498 Byte* signature_ptr,
2499 Ulong signature_len,
2500 Byte* data_ptr,
2501 Ulong* data_len_ptr,
2502 ReturnValue* return_value = ThrowException) const;
2503
2504 /****************************** Dual-purpose cryptographic functions ******************************/
2505
2506 /**
2507 * C_DigestEncryptUpdate continues a multiple-part digesting and encryption operation.
2508 * @param session session's handle
2509 * @param part_ptr the plaintext data
2510 * @param part_len plaintext length
2511 * @param encrypted_part_ptr gets ciphertext
2512 * @param encrypted_part_len_ptr gets c-text length
2513 * @param return_value default value (`ThrowException`): throw exception on error.
2514 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2515 * At least the following PKCS#11 return values may be returned:
2516 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2517 * \li DataLenRange \li DeviceError \li DeviceMemory
2518 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2519 * \li GeneralError \li HostMemory \li OK
2520 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2521 * @return true on success, false otherwise
2522 */
2523 bool C_DigestEncryptUpdate(SessionHandle session,
2524 Byte* part_ptr,
2525 Ulong part_len,
2526 Byte* encrypted_part_ptr,
2527 Ulong* encrypted_part_len_ptr,
2528 ReturnValue* return_value = ThrowException) const;
2529
2530 /**
2531 * C_DecryptDigestUpdate continues a multiple-part decryption and digesting operation.
2532 * @param session session's handle
2533 * @param encrypted_part_ptr ciphertext
2534 * @param encrypted_part_len ciphertext length
2535 * @param part_ptr gets plaintext
2536 * @param part_len_ptr gets plaintext len
2537 * @param return_value default value (`ThrowException`): throw exception on error.
2538 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2539 * At least the following PKCS#11 return values may be returned:
2540 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2541 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2542 * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
2543 * \li FunctionFailed \li GeneralError \li HostMemory
2544 * \li OK \li OperationNotInitialized \li SessionClosed
2545 * \li SessionHandleInvalid
2546 * @return true on success, false otherwise
2547 */
2548 bool C_DecryptDigestUpdate(SessionHandle session,
2549 Byte* encrypted_part_ptr,
2550 Ulong encrypted_part_len,
2551 Byte* part_ptr,
2552 Ulong* part_len_ptr,
2553 ReturnValue* return_value = ThrowException) const;
2554
2555 /**
2556 * C_SignEncryptUpdate continues a multiple-part signing and encryption operation.
2557 * @param session session's handle
2558 * @param part_ptr the plaintext data
2559 * @param part_len plaintext length
2560 * @param encrypted_part_ptr gets ciphertext
2561 * @param encrypted_part_len_ptr gets c-text length
2562 * @param return_value default value (`ThrowException`): throw exception on error.
2563 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2564 * At least the following PKCS#11 return values may be returned:
2565 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2566 * \li DataLenRange \li DeviceError \li DeviceMemory
2567 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2568 * \li GeneralError \li HostMemory \li OK
2569 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2570 * \li UserNotLoggedIn
2571 * @return true on success, false otherwise
2572 */
2573 bool C_SignEncryptUpdate(SessionHandle session,
2574 Byte* part_ptr,
2575 Ulong part_len,
2576 Byte* encrypted_part_ptr,
2577 Ulong* encrypted_part_len_ptr,
2578 ReturnValue* return_value = ThrowException) const;
2579
2580 /**
2581 * C_DecryptVerifyUpdate continues a multiple-part decryption and verify operation.
2582 * @param session session's handle
2583 * @param encrypted_part_ptr ciphertext
2584 * @param encrypted_part_len ciphertext length
2585 * @param part_ptr gets plaintext
2586 * @param part_len_ptr gets p-text length
2587 * @param return_value default value (`ThrowException`): throw exception on error.
2588 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2589 * At least the following PKCS#11 return values may be returned:
2590 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2591 * \li DataLenRange \li DeviceError \li DeviceMemory
2592 * \li DeviceRemoved \li EncryptedDataInvalid \li EncryptedDataLenRange
2593 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2594 * \li HostMemory \li OK \li OperationNotInitialized
2595 * \li SessionClosed \li SessionHandleInvalid
2596 * @return true on success, false otherwise
2597 */
2598 bool C_DecryptVerifyUpdate(SessionHandle session,
2599 Byte* encrypted_part_ptr,
2600 Ulong encrypted_part_len,
2601 Byte* part_ptr,
2602 Ulong* part_len_ptr,
2603 ReturnValue* return_value = ThrowException) const;
2604
2605 /****************************** Key management functions ******************************/
2606
2607 /**
2608 * C_GenerateKey generates a secret key, creating a new key object.
2609 * @param session the session's handle
2610 * @param mechanism_ptr key generation mech.
2611 * @param attribute_template_ptr template for new key
2612 * @param count # of attrs in template
2613 * @param key_ptr gets handle of new key
2614 * @param return_value default value (`ThrowException`): throw exception on error.
2615 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2616 * At least the following PKCS#11 return values may be returned:
2617 * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
2618 * \li AttributeValueInvalid \li CryptokiNotInitialized \li CurveNotSupported
2619 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2620 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2621 * \li HostMemory \li MechanismInvalid \li MechanismParamInvalid
2622 * \li OK \li OperationActive \li PinExpired
2623 * \li SessionClosed \li SessionHandleInvalid \li SessionReadOnly
2624 * \li TemplateIncomplete \li TemplateInconsistent \li TokenWriteProtected
2625 * \li UserNotLoggedIn
2626 * @return true on success, false otherwise
2627 */
2628 bool C_GenerateKey(SessionHandle session,
2629 Mechanism* mechanism_ptr,
2630 Attribute* attribute_template_ptr,
2631 Ulong count,
2632 ObjectHandle* key_ptr,
2633 ReturnValue* return_value = ThrowException) const;
2634
2635 /**
2636 * C_GenerateKeyPair generates a public-key/private-key pair, creating new key objects.
2637 * @param session session handle
2638 * @param mechanism_ptr key-gen mech.
2639 * @param public_key_template_ptr template for pub. key
2640 * @param public_key_attribute_count # pub. attrs.
2641 * @param private_key_template_ptr template for priv. key
2642 * @param private_key_attribute_count # priv. attrs.
2643 * @param public_key_ptr gets pub. key handle
2644 * @param private_key_ptr gets priv. key handle
2645 * @param return_value default value (`ThrowException`): throw exception on error.
2646 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2647 * At least the following PKCS#11 return values may be returned:
2648 * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
2649 * \li AttributeValueInvalid \li CryptokiNotInitialized \li CurveNotSupported
2650 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2651 * \li DomainParamsInvalid \li FunctionCanceled \li FunctionFailed
2652 * \li GeneralError \li HostMemory \li MechanismInvalid
2653 * \li MechanismParamInvalid \li OK \li OperationActive
2654 * \li PinExpired \li SessionClosed \li SessionHandleInvalid
2655 * \li SessionReadOnly \li TemplateIncomplete \li TemplateInconsistent
2656 * \li TokenWriteProtected \li UserNotLoggedIn
2657 * @return true on success, false otherwise
2658 */
2659 bool C_GenerateKeyPair(SessionHandle session,
2660 Mechanism* mechanism_ptr,
2661 Attribute* public_key_template_ptr,
2662 Ulong public_key_attribute_count,
2663 Attribute* private_key_template_ptr,
2664 Ulong private_key_attribute_count,
2665 ObjectHandle* public_key_ptr,
2666 ObjectHandle* private_key_ptr,
2667 ReturnValue* return_value = ThrowException) const;
2668
2669 /**
2670 * C_WrapKey wraps (i.e., encrypts) a key.
2671 * @param session the session's handle
2672 * @param mechanism_ptr the wrapping mechanism
2673 * @param wrapping_key wrapping key
2674 * @param key key to be wrapped
2675 * @param wrapped_key_ptr gets wrapped key
2676 * @param wrapped_key_len_ptr gets wrapped key size
2677 * @param return_value default value (`ThrowException`): throw exception on error.
2678 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2679 * At least the following PKCS#11 return values may be returned:
2680 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2681 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2682 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2683 * \li HostMemory \li KeyHandleInvalid \li KeyNotWrappable
2684 * \li KeySizeRange \li KeyUnextractable \li MechanismInvalid
2685 * \li MechanismParamInvalid \li OK \li OperationActive
2686 * \li PinExpired \li SessionClosed \li SessionHandleInvalid
2687 * \li UserNotLoggedIn \li WrappingKeyHandleInvalid \li WrappingKeySizeRange
2688 * \li WrappingKeyTypeInconsistent
2689 * @return true on success, false otherwise
2690 */
2691 bool C_WrapKey(SessionHandle session,
2692 Mechanism* mechanism_ptr,
2693 ObjectHandle wrapping_key,
2694 ObjectHandle key,
2695 Byte* wrapped_key_ptr,
2696 Ulong* wrapped_key_len_ptr,
2697 ReturnValue* return_value = ThrowException) const;
2698
2699 /**
2700 * C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new key object.
2701 * @param session session's handle
2702 * @param mechanism_ptr unwrapping mech.
2703 * @param unwrapping_key unwrapping key
2704 * @param wrapped_key_ptr the wrapped key
2705 * @param wrapped_key_len wrapped key len
2706 * @param attribute_template_ptr new key template
2707 * @param attribute_count template length
2708 * @param key_ptr gets new handle
2709 * @param return_value default value (`ThrowException`): throw exception on error.
2710 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2711 * At least the following PKCS#11 return values may be returned:
2712 * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
2713 * \li AttributeValueInvalid \li BufferTooSmall \li CryptokiNotInitialized
2714 * \li CurveNotSupported \li DeviceError \li DeviceMemory
2715 * \li DeviceRemoved \li DomainParamsInvalid \li FunctionCanceled
2716 * \li FunctionFailed \li GeneralError \li HostMemory
2717 * \li MechanismInvalid \li MechanismParamInvalid \li OK
2718 * \li OperationActive \li PinExpired \li SessionClosed
2719 * \li SessionHandleInvalid \li SessionReadOnly \li TemplateIncomplete
2720 * \li TemplateInconsistent \li TokenWriteProtected \li UnwrappingKeyHandleInvalid
2721 * \li UnwrappingKeySizeRange \li UnwrappingKeyTypeInconsistent \li UserNotLoggedIn
2722 * \li WrappedKeyInvalid \li WrappedKeyLenRange
2723 * @return true on success, false otherwise
2724 */
2725 bool C_UnwrapKey(SessionHandle session,
2726 Mechanism* mechanism_ptr,
2727 ObjectHandle unwrapping_key,
2728 Byte* wrapped_key_ptr,
2729 Ulong wrapped_key_len,
2730 Attribute* attribute_template_ptr,
2731 Ulong attribute_count,
2732 ObjectHandle* key_ptr,
2733 ReturnValue* return_value = ThrowException) const;
2734
2735 /**
2736 * C_DeriveKey derives a key from a base key, creating a new key object.
2737 * @param session session's handle
2738 * @param mechanism_ptr key deriv. mech.
2739 * @param base_key base key
2740 * @param attribute_template_ptr new key template
2741 * @param attribute_count template length
2742 * @param key_ptr gets new handle
2743 * @param return_value default value (`ThrowException`): throw exception on error.
2744 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2745 * At least the following PKCS#11 return values may be returned:
2746 * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
2747 * \li AttributeValueInvalid \li CryptokiNotInitialized \li CurveNotSupported
2748 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2749 * \li DomainParamsInvalid \li FunctionCanceled \li FunctionFailed
2750 * \li GeneralError \li HostMemory \li KeyHandleInvalid
2751 * \li KeySizeRange \li KeyTypeInconsistent \li MechanismInvalid
2752 * \li MechanismParamInvalid \li OK \li OperationActive
2753 * \li PinExpired \li SessionClosed \li SessionHandleInvalid
2754 * \li SessionReadOnly \li TemplateIncomplete \li TemplateInconsistent
2755 * \li TokenWriteProtected \li UserNotLoggedIn
2756 * @return true on success, false otherwise
2757 */
2758 bool C_DeriveKey(SessionHandle session,
2759 Mechanism* mechanism_ptr,
2760 ObjectHandle base_key,
2761 Attribute* attribute_template_ptr,
2762 Ulong attribute_count,
2763 ObjectHandle* key_ptr,
2764 ReturnValue* return_value = ThrowException) const;
2765
2766 /****************************** Random number generation functions ******************************/
2767
2768 /**
2769 * C_SeedRandom mixes additional seed material into the token's random number generator.
2770 * @param session the session's handle
2771 * @param seed_ptr the seed material
2772 * @param seed_len length of seed material
2773 * @param return_value default value (`ThrowException`): throw exception on error.
2774 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2775 * At least the following PKCS#11 return values may be returned:
2776 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2777 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2778 * \li FunctionFailed \li GeneralError \li HostMemory
2779 * \li OK \li OperationActive \li RandomSeedNotSupported
2780 * \li RandomNoRng \li SessionClosed \li SessionHandleInvalid
2781 * \li UserNotLoggedIn
2782 * @return true on success, false otherwise
2783 */
2784 bool C_SeedRandom(SessionHandle session,
2785 const Byte* seed_ptr,
2786 Ulong seed_len,
2787 ReturnValue* return_value = ThrowException) const;
2788
2789 /**
2790 * C_GenerateRandom generates random data.
2791 * @param session the session's handle
2792 * @param random_data_ptr receives the random data
2793 * @param random_len # of bytes to generate
2794 * @param return_value default value (`ThrowException`): throw exception on error.
2795 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2796 * At least the following PKCS#11 return values may be returned:
2797 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2798 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2799 * \li FunctionFailed \li GeneralError \li HostMemory
2800 * \li OK \li OperationActive \li RandomNoRng
2801 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2802 * @return true on success, false otherwise
2803 */
2804 bool C_GenerateRandom(SessionHandle session,
2805 Byte* random_data_ptr,
2806 Ulong random_len,
2807 ReturnValue* return_value = ThrowException) const;
2808
2809 /****************************** Parallel function management functions ******************************/
2810
2811 /**
2812 * C_GetFunctionStatus is a legacy function; it obtains an updated status of a function running in parallel with an application.
2813 * @param session the session's handle
2814 * @param return_value default value (`ThrowException`): throw exception on error.
2815 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2816 * At least the following PKCS#11 return values may be returned:
2817 * \li CryptokiNotInitialized \li FunctionFailed \li FunctionNotParallel
2818 * \li GeneralError \li HostMemory \li SessionHandleInvalid
2819 * \li SessionClosed
2820 * @return true on success, false otherwise
2821 */
2822 bool C_GetFunctionStatus(SessionHandle session, ReturnValue* return_value = ThrowException) const;
2823
2824 /**
2825 * C_CancelFunction is a legacy function; it cancels a function running in parallel.
2826 * @param session the session's handle
2827 * @param return_value default value (`ThrowException`): throw exception on error.
2828 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2829 * At least the following PKCS#11 return values may be returned:
2830 * \li CryptokiNotInitialized \li FunctionFailed \li FunctionNotParallel
2831 * \li GeneralError \li HostMemory \li SessionHandleInvalid
2832 * \li SessionClosed
2833 * @return true on success, false otherwise
2834 */
2835 bool C_CancelFunction(SessionHandle session, ReturnValue* return_value = ThrowException) const;
2836
2837 /**
2838 * Return the PKCS11 function list that this LowLevel class contains.
2839 *
2840 * This is primarily useful when invoking vendor specific extension
2841 * functions which are not supported directly by LowLevel or the higher
2842 * level PKCS11 API.
2843 */
2844 FunctionListPtr get_functions() const { return m_func_list_ptr; }
2845
2846 protected:
2847 /**
2848 * A helper for error handling. This is exposed as a protected member so that
2849 * it is possible for an application to inherit from LowLevel in order to
2850 * implement wrappers for vendor specific extensions using the same error
2851 * handling mechanisms as the rest of the library.
2852 */
2853 static bool handle_return_value(CK_RV function_result, ReturnValue* return_value);
2854
2855 private:
2856 const FunctionListPtr m_func_list_ptr;
2857};
2858
2860 public:
2861 explicit PKCS11_Error(std::string_view what) : Exception("PKCS11 error", what) {}
2862
2863 ErrorType error_type() const noexcept override { return ErrorType::Pkcs11Error; }
2864};
2865
2867 public:
2868 explicit PKCS11_ReturnError(ReturnValue return_val) :
2869 PKCS11_Error(std::to_string(static_cast<uint32_t>(return_val))), m_return_val(return_val) {}
2870
2871 inline ReturnValue get_return_value() const { return m_return_val; }
2872
2873 int error_code() const noexcept override { return static_cast<int>(m_return_val); }
2874
2875 private:
2876 const ReturnValue m_return_val;
2877};
2878
2879} // namespace PKCS11
2880
2881} // namespace Botan
2882
2883#endif
#define BOTAN_PUBLIC_API(maj, min)
Definition api.h:21
const char * what() const noexcept override
Definition exceptn.h:93
Exception(std::string_view msg)
Definition exceptn.cpp:71
bool C_Finalize(VoidPtr reserved, ReturnValue *return_value=ThrowException) const
Definition p11.cpp:76
bool C_InitPIN(SessionHandle session, const std::vector< uint8_t, TAlloc > &pin, ReturnValue *return_value=ThrowException) const
Definition p11.h:1183
bool C_SetAttributeValue(SessionHandle session, ObjectHandle object, std::map< AttributeType, std::vector< uint8_t, TAlloc > > &attribute_values, ReturnValue *return_value=ThrowException) const
Definition p11.h:1636
bool C_Sign(SessionHandle session, const std::vector< uint8_t, TAllocA > &data, std::vector< uint8_t, TAllocB > &signature, ReturnValue *return_value=ThrowException) const
Definition p11.h:2154
bool C_SetPIN(SessionHandle session, const std::vector< uint8_t, TAlloc > &old_pin, const std::vector< uint8_t, TAlloc > &new_pin, ReturnValue *return_value=ThrowException) const
Definition p11.h:1234
bool C_SignUpdate(SessionHandle session, const std::vector< uint8_t, TAlloc > &part, ReturnValue *return_value=ThrowException) const
Definition p11.h:2211
bool C_WaitForSlotEvent(Flags flags, SlotId *slot_ptr, VoidPtr reserved, ReturnValue *return_value=ThrowException) const
Definition p11.cpp:128
bool C_GetTokenInfo(SlotId slot_id, TokenInfo *info_ptr, ReturnValue *return_value=ThrowException) const
Definition p11.cpp:124
bool C_InitToken(SlotId slot_id, const std::vector< uint8_t, TAlloc > &so_pin, std::string_view label, ReturnValue *return_value=ThrowException) const
Definition p11.h:1130
bool C_SetAttributeValue(SessionHandle session, ObjectHandle object, Attribute *attribute_template_ptr, Ulong count, ReturnValue *return_value=ThrowException) const
Definition p11.cpp:282
static bool C_GetFunctionList(Dynamically_Loaded_Library &pkcs11_module, FunctionListPtr *function_list_ptr_ptr, ReturnValue *return_value=ThrowException)
Definition p11.cpp:84
LowLevel(FunctionListPtr ptr)
Definition p11.cpp:64
bool C_Login(SessionHandle session, UserType user_type, const std::vector< uint8_t, TAlloc > &pin, ReturnValue *return_value=ThrowException) const
Definition p11.h:1404
bool C_GetSlotInfo(SlotId slot_id, SlotInfo *info_ptr, ReturnValue *return_value=ThrowException) const
Definition p11.cpp:120
bool C_VerifyUpdate(SessionHandle session, const Byte *part_ptr, Ulong part_len, ReturnValue *return_value=ThrowException) const
Definition p11.cpp:492
bool C_GetAttributeValue(SessionHandle session, ObjectHandle object, Attribute *attribute_template_ptr, Ulong count, ReturnValue *return_value=ThrowException) const
Definition p11.cpp:273
bool C_InitPIN(SessionHandle session, Utf8Char *pin_ptr, Ulong pin_len, ReturnValue *return_value=ThrowException) const
Definition p11.cpp:174
bool C_Initialize(VoidPtr init_args, ReturnValue *return_value=ThrowException) const
Definition p11.cpp:72
bool C_Sign(SessionHandle session, const Byte *data_ptr, Ulong data_len, Byte *signature_ptr, Ulong *signature_len_ptr, ReturnValue *return_value=ThrowException) const
Definition p11.cpp:428
bool C_Encrypt(SessionHandle session, const std::vector< uint8_t, TAllocA > &plaintext_data, std::vector< uint8_t, TAllocB > &encrypted_data, ReturnValue *return_value=ThrowException) const
Definition p11.h:1777
bool C_SignUpdate(SessionHandle session, const Byte *part_ptr, Ulong part_len, ReturnValue *return_value=ThrowException) const
Definition p11.cpp:439
bool C_Verify(SessionHandle session, const std::vector< uint8_t, TAllocA > &data, std::vector< uint8_t, TAllocB > &signature, ReturnValue *return_value=ThrowException) const
Definition p11.h:2383
bool C_GetInfo(Info *info_ptr, ReturnValue *return_value=ThrowException) const
Definition p11.cpp:80
bool C_GetMechanismList(SlotId slot_id, MechanismType *mechanism_list_ptr, Ulong *count_ptr, ReturnValue *return_value=ThrowException) const
Definition p11.cpp:132
bool C_Decrypt(SessionHandle session, const std::vector< uint8_t, TAllocA > &encrypted_data, std::vector< uint8_t, TAllocB > &decrypted_data, ReturnValue *return_value=ThrowException) const
Definition p11.h:1914
bool C_Decrypt(SessionHandle session, Byte *encrypted_data_ptr, Ulong encrypted_data_len, Byte *data_ptr, Ulong *data_len_ptr, ReturnValue *return_value=ThrowException) const
Definition p11.cpp:359
bool C_VerifyUpdate(SessionHandle session, std::vector< uint8_t, TAlloc > part, ReturnValue *return_value=ThrowException) const
Definition p11.h:2430
bool C_Encrypt(SessionHandle session, Byte *data_ptr, Ulong data_len, Byte *encrypted_data, Ulong *encrypted_data_len_ptr, ReturnValue *return_value=ThrowException) const
Definition p11.cpp:320
bool C_SignFinal(SessionHandle session, std::vector< uint8_t, TAlloc > &signature, ReturnValue *return_value=ThrowException) const
Definition p11.h:2254
bool C_GetSlotList(Bbool token_present, SlotId *slot_list_ptr, Ulong *count_ptr, ReturnValue *return_value=ThrowException) const
Definition p11.cpp:96
bool C_GetMechanismInfo(SlotId slot_id, MechanismType type, MechanismInfo *info_ptr, ReturnValue *return_value=ThrowException) const
Definition p11.cpp:161
bool C_Login(SessionHandle session, UserType user_type, Utf8Char *pin_ptr, Ulong pin_len, ReturnValue *return_value=ThrowException) const
Definition p11.cpp:231
bool C_SignFinal(SessionHandle session, Byte *signature_ptr, Ulong *signature_len_ptr, ReturnValue *return_value=ThrowException) const
Definition p11.cpp:447
FunctionListPtr get_functions() const
Definition p11.h:2844
bool C_InitToken(SlotId slot_id, Utf8Char *so_pin_ptr, Ulong so_pin_len, Utf8Char *label_ptr, ReturnValue *return_value=ThrowException) const
Definition p11.cpp:169
bool C_Verify(SessionHandle session, const Byte *data_ptr, Ulong data_len, const Byte *signature_ptr, Ulong signature_len, ReturnValue *return_value=ThrowException) const
Definition p11.cpp:480
bool C_SetPIN(SessionHandle session, Utf8Char *old_pin_ptr, Ulong old_len, Utf8Char *new_pin_ptr, Ulong new_len, ReturnValue *return_value=ThrowException) const
Definition p11.cpp:178
bool C_GetAttributeValue(SessionHandle session, ObjectHandle object, std::map< AttributeType, std::vector< uint8_t, TAlloc > > &attribute_values, ReturnValue *return_value=ThrowException) const
Definition p11.h:1558
ErrorType error_type() const noexcept override
Definition p11.h:2863
PKCS11_Error(std::string_view what)
Definition p11.h:2861
int error_code() const noexcept override
Definition p11.h:2873
ReturnValue get_return_value() const
Definition p11.h:2871
PKCS11_ReturnError(ReturnValue return_val)
Definition p11.h:2868
CK_SLOT_ID SlotId
Definition p11.h:824
CK_RSA_PKCS_OAEP_PARAMS RsaPkcsOaepParams
Definition p11.h:837
CK_DESTROYMUTEX DestroyMutex
Definition p11.h:818
ReturnValue * ThrowException
Definition p11.cpp:21
CK_CREATEMUTEX CreateMutex
Definition p11.h:817
PublicPointEncoding
Definition p11.h:810
secure_vector< uint8_t > secure_string
Definition p11.h:64
AttributeType
Definition p11.h:68
CK_C_INITIALIZE_ARGS C_InitializeArgs
Definition p11.h:816
CK_MECHANISM Mechanism
Definition p11.h:828
CK_NOTIFY Notify
Definition p11.h:831
CertificateType
Definition p11.h:179
void change_pin(Slot &slot, const secure_string &old_pin, const secure_string &new_pin)
Definition p11.cpp:46
CK_ECDH1_DERIVE_PARAMS Ecdh1DeriveParams
Definition p11.h:839
CK_OBJECT_HANDLE ObjectHandle
Definition p11.h:835
void change_so_pin(Slot &slot, const secure_string &old_so_pin, const secure_string &new_so_pin)
Definition p11.cpp:52
CK_UNLOCKMUTEX UnlockMutex
Definition p11.h:820
CK_ATTRIBUTE Attribute
Definition p11.h:834
@ LibraryCantCreateOsThreads
Definition p11.h:254
@ ProtectedAuthenticationPath
Definition p11.h:218
@ SecondaryAuthentication
Definition p11.h:221
CK_FUNCTION_LIST_PTR FunctionListPtr
Definition p11.h:814
CK_BYTE Byte
Definition p11.h:836
CK_INFO Info
Definition p11.h:822
CK_SLOT_INFO SlotInfo
Definition p11.h:826
CK_VOID_PTR VoidPtr
Definition p11.h:815
CK_FLAGS Flags
Definition p11.h:821
Flag operator|(Flag a, Flag b)
Definition p11.h:265
CK_DATE Date
Definition p11.h:840
CK_SESSION_INFO SessionInfo
Definition p11.h:833
CK_TOKEN_INFO TokenInfo
Definition p11.h:827
const Bbool True
Definition p11.h:845
CK_UTF8CHAR Utf8Char
Definition p11.h:830
CK_ULONG Ulong
Definition p11.h:825
CK_RSA_PKCS_PSS_PARAMS RsaPkcsPssParams
Definition p11.h:838
const Bbool False
Definition p11.h:846
CK_BBOOL Bbool
Definition p11.h:823
void set_pin(Slot &slot, const secure_string &so_pin, const secure_string &pin)
Definition p11.cpp:58
CK_MECHANISM_INFO MechanismInfo
Definition p11.h:829
CertificateCategory
Definition p11.h:188
Flags flags(Flag flags)
Definition p11.h:848
void initialize_token(Slot &slot, std::string_view label, const secure_string &so_pin, const secure_string &pin)
Definition p11.cpp:41
CK_LOCKMUTEX LockMutex
Definition p11.h:819
CK_SESSION_HANDLE SessionHandle
Definition p11.h:832
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:69
std::string to_string(ErrorType type)
Convert an ErrorType to string.
Definition exceptn.cpp:13
ErrorType
Definition exceptn.h:20
#define CKD_NULL
Definition pkcs11t.h:1290
#define CKA_NEVER_EXTRACTABLE
Definition pkcs11t.h:496
#define CKM_SEED_KEY_GEN
Definition pkcs11t.h:856
#define CKM_TLS_MASTER_KEY_DERIVE
Definition pkcs11t.h:775
#define CKD_SHA1_KDF
Definition pkcs11t.h:1291
#define CKD_SHA256_KDF
Definition pkcs11t.h:1297
#define CKR_NEXT_OTP
Definition pkcs11t.h:1148
#define CKK_DES3
Definition pkcs11t.h:351
#define CKM_DSA_PARAMETER_GEN
Definition pkcs11t.h:957
#define CKR_SESSION_COUNT
Definition pkcs11t.h:1097
#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE
Definition pkcs11t.h:816
#define CKM_CONCATENATE_BASE_AND_DATA
Definition pkcs11t.h:765
#define CKM_PKCS5_PBKD2
Definition pkcs11t.h:807
#define CKM_AES_GMAC
Definition pkcs11t.h:928
#define CKM_KIP_DERIVE
Definition pkcs11t.h:833
#define CKR_DEVICE_MEMORY
Definition pkcs11t.h:1061
#define CKA_JAVA_MIDP_SECURITY_DOMAIN
Definition pkcs11t.h:452
#define CKM_SSL3_SHA1_MAC
Definition pkcs11t.h:782
#define CKA_OTP_TIME_INTERVAL
Definition pkcs11t.h:522
#define CKK_RC4
Definition pkcs11t.h:348
#define CKA_TOKEN
Definition pkcs11t.h:438
#define CKA_SECONDARY_AUTH
Definition pkcs11t.h:510
#define CKR_GENERAL_ERROR
Definition pkcs11t.h:1043
#define CKR_MECHANISM_INVALID
Definition pkcs11t.h:1083
#define CKR_SLOT_ID_INVALID
Definition pkcs11t.h:1041
#define CKC_VENDOR_DEFINED
Definition pkcs11t.h:410
#define CKG_MGF1_SHA256
Definition pkcs11t.h:1247
#define CKM_SSL3_MASTER_KEY_DERIVE
Definition pkcs11t.h:770
#define CKM_RSA_PKCS
Definition pkcs11t.h:587
#define CKM_ECDSA_SHA1
Definition pkcs11t.h:892
#define CKR_KEY_CHANGED
Definition pkcs11t.h:1076
#define CKK_SHA224_HMAC
Definition pkcs11t.h:378
#define CKM_IDEA_ECB
Definition pkcs11t.h:758
#define CKD_SHA512_KDF
Definition pkcs11t.h:1299
#define CKA_START_DATE
Definition pkcs11t.h:472
#define CKK_DH
Definition pkcs11t.h:341
#define CKK_RC5
Definition pkcs11t.h:356
#define CKR_ATTRIBUTE_TYPE_INVALID
Definition pkcs11t.h:1053
#define CKA_OTP_SERVICE_IDENTIFIER
Definition pkcs11t.h:531
CK_BYTE CK_UTF8CHAR
Definition pkcs11t.h:42
#define CKM_GOSTR3411_HMAC
Definition pkcs11t.h:950
#define CKM_WTLS_PRE_MASTER_KEY_GEN
Definition pkcs11t.h:811
#define CKA_AUTH_PIN_FLAGS
Definition pkcs11t.h:511
#define CKM_DES3_CMAC
Definition pkcs11t.h:672
#define CKM_RC2_MAC
Definition pkcs11t.h:648
#define CKM_SHA256_KEY_DERIVATION
Definition pkcs11t.h:787
#define CKA_SERIAL_NUMBER
Definition pkcs11t.h:446
#define CKK_DES2
Definition pkcs11t.h:350
#define CKM_CAST5_MAC_GENERAL
Definition pkcs11t.h:747
#define CKF_LOGIN_REQUIRED
Definition pkcs11t.h:157
#define CKF_HW_SLOT
Definition pkcs11t.h:124
#define CKO_PUBLIC_KEY
Definition pkcs11t.h:312
#define CKF_EC_UNCOMPRESS
Definition pkcs11t.h:1026
#define CKA_SUB_PRIME_BITS
Definition pkcs11t.h:490
#define CKM_RSA_X_509
Definition pkcs11t.h:589
#define CKF_LIBRARY_CANT_CREATE_OS_THREADS
Definition pkcs11t.h:1225
#define CKM_SEED_MAC_GENERAL
Definition pkcs11t.h:860
#define CKF_PROTECTED_AUTHENTICATION_PATH
Definition pkcs11t.h:177
#define CKA_ISSUER
Definition pkcs11t.h:445
#define CKM_ARIA_KEY_GEN
Definition pkcs11t.h:847
#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY
Definition pkcs11t.h:454
#define CKR_FUNCTION_CANCELED
Definition pkcs11t.h:1065
#define CKM_DSA_PROBABLISTIC_PARAMETER_GEN
Definition pkcs11t.h:960
#define CKM_AES_CTR
Definition pkcs11t.h:919
#define CKM_TLS12_MAC
Definition pkcs11t.h:820
#define CKM_DES3_CBC
Definition pkcs11t.h:666
#define CKM_TWOFISH_CBC_PAD
Definition pkcs11t.h:935
#define CKM_AES_CMAC
Definition pkcs11t.h:923
#define CKM_SKIPJACK_CFB8
Definition pkcs11t.h:872
#define CKM_RSA_X9_31_KEY_PAIR_GEN
Definition pkcs11t.h:599
#define CKR_KEY_UNEXTRACTABLE
Definition pkcs11t.h:1081
#define CKR_DATA_INVALID
Definition pkcs11t.h:1058
#define CKR_UNWRAPPING_KEY_HANDLE_INVALID
Definition pkcs11t.h:1113
#define CKM_CONCATENATE_BASE_AND_KEY
Definition pkcs11t.h:764
#define CKR_NEED_TO_CREATE_THREADS
Definition pkcs11t.h:1048
#define CKK_SHA256_HMAC
Definition pkcs11t.h:375
#define CKM_SHA512_256
Definition pkcs11t.h:635
#define CKM_SEED_ECB_ENCRYPT_DATA
Definition pkcs11t.h:862
#define CKR_WRAPPING_KEY_SIZE_RANGE
Definition pkcs11t.h:1127
#define CKM_FORTEZZA_TIMESTAMP
Definition pkcs11t.h:879
#define CKS_RW_PUBLIC_SESSION
Definition pkcs11t.h:274
#define CKR_MECHANISM_PARAM_INVALID
Definition pkcs11t.h:1084
#define CKA_SUPPORTED_CMS_ATTRIBUTES
Definition pkcs11t.h:556
#define CKF_TOKEN_INITIALIZED
Definition pkcs11t.h:193
#define CKR_TOKEN_NOT_RECOGNIZED
Definition pkcs11t.h:1111
#define CKM_MD5
Definition pkcs11t.h:690
#define CKM_SHA512_HMAC_GENERAL
Definition pkcs11t.h:718
#define CKM_CAST3_ECB
Definition pkcs11t.h:733
#define CKM_SKIPJACK_CFB64
Definition pkcs11t.h:869
#define CKM_DES_CBC_ENCRYPT_DATA
Definition pkcs11t.h:938
#define CK_FALSE
Definition pkcs11t.h:24
#define CKC_WTLS
Definition pkcs11t.h:409
#define CKM_SHA_1_HMAC
Definition pkcs11t.h:697
#define CKD_SHA1_KDF_ASN1
Definition pkcs11t.h:1294
#define CKR_ATTRIBUTE_SENSITIVE
Definition pkcs11t.h:1052
#define CKG_MGF1_SHA512
Definition pkcs11t.h:1249
#define CKM_CAMELLIA_MAC
Definition pkcs11t.h:840
#define CKM_IDEA_KEY_GEN
Definition pkcs11t.h:757
#define CKM_ECDH1_COFACTOR_DERIVE
Definition pkcs11t.h:899
#define CKR_RANDOM_NO_RNG
Definition pkcs11t.h:1131
#define CKM_ARIA_CBC_ENCRYPT_DATA
Definition pkcs11t.h:854
#define CKM_CAMELLIA_KEY_GEN
Definition pkcs11t.h:837
#define CKR_PIN_LEN_RANGE
Definition pkcs11t.h:1091
#define CKC_X_509
Definition pkcs11t.h:407
#define CKF_DIGEST
Definition pkcs11t.h:1008
#define CKF_USER_PIN_FINAL_TRY
Definition pkcs11t.h:210
#define CKM_ECDSA_SHA224
Definition pkcs11t.h:893
#define CKF_DERIVE
Definition pkcs11t.h:1017
#define CKM_BATON_KEY_GEN
Definition pkcs11t.h:880
#define CKR_DEVICE_ERROR
Definition pkcs11t.h:1060
#define CKA_PRIVATE_EXPONENT
Definition pkcs11t.h:477
#define CKR_RANDOM_SEED_NOT_SUPPORTED
Definition pkcs11t.h:1129
#define CKA_RESOLUTION
Definition pkcs11t.h:545
#define CKR_SESSION_PARALLEL_NOT_SUPPORTED
Definition pkcs11t.h:1099
#define CKM_MD2
Definition pkcs11t.h:685
#define CKM_BATON_CBC128
Definition pkcs11t.h:883
#define CKM_DSA
Definition pkcs11t.h:606
#define CKA_ID
Definition pkcs11t.h:461
#define CKA_OBJECT_ID
Definition pkcs11t.h:443
#define CKM_AES_CFB8
Definition pkcs11t.h:965
#define CKM_CMS_SIG
Definition pkcs11t.h:832
#define CKA_APPLICATION
Definition pkcs11t.h:441
#define CKM_RIPEMD128
Definition pkcs11t.h:700
#define CKF_VERIFY
Definition pkcs11t.h:1011
#define CKM_AES_CBC_PAD
Definition pkcs11t.h:918
#define CKG_MGF1_SHA224
Definition pkcs11t.h:1250
#define CKM_CAST3_CBC
Definition pkcs11t.h:734
#define CKM_ECDH1_DERIVE
Definition pkcs11t.h:898
#define CKM_VENDOR_DEFINED
Definition pkcs11t.h:975
#define CKR_ATTRIBUTE_READ_ONLY
Definition pkcs11t.h:1051
#define CKR_KEY_FUNCTION_NOT_PERMITTED
Definition pkcs11t.h:1079
#define CKA_HW_FEATURE_TYPE
Definition pkcs11t.h:539
#define CKM_TWOFISH_KEY_GEN
Definition pkcs11t.h:932
#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT
Definition pkcs11t.h:1128
#define CKN_SURRENDER
Definition pkcs11t.h:101
#define CKK_CAST128
Definition pkcs11t.h:355
#define CKA_VERIFY_RECOVER
Definition pkcs11t.h:470
#define CKK_CAST5
Definition pkcs11t.h:354
#define CKM_SHA512_224_HMAC_GENERAL
Definition pkcs11t.h:633
#define CKM_SKIPJACK_RELAYX
Definition pkcs11t.h:875
CK_ULONG CK_RV
Definition pkcs11t.h:1036
#define CKM_SHA512_224_HMAC
Definition pkcs11t.h:632
#define CKR_SESSION_EXISTS
Definition pkcs11t.h:1101
#define CKM_MD5_HMAC_GENERAL
Definition pkcs11t.h:693
#define CKM_MD2_RSA_PKCS
Definition pkcs11t.h:591
#define CKR_FUNCTION_REJECTED
Definition pkcs11t.h:1156
#define CKM_SHA_1_HMAC_GENERAL
Definition pkcs11t.h:698
#define CKM_TLS10_MAC_CLIENT
Definition pkcs11t.h:819
unsigned long int CK_ULONG
Definition pkcs11t.h:48
#define CKO_SECRET_KEY
Definition pkcs11t.h:314
#define CKK_RSA
Definition pkcs11t.h:339
#define CKM_JUNIPER_ECB128
Definition pkcs11t.h:906
#define CKA_PUBLIC_EXPONENT
Definition pkcs11t.h:476
#define CKM_SKIPJACK_CBC64
Definition pkcs11t.h:867
#define CKM_DES_ECB
Definition pkcs11t.h:656
#define CKM_CAST_CBC
Definition pkcs11t.h:728
#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE
Definition pkcs11t.h:815
#define CKM_PBE_SHA1_DES2_EDE_CBC
Definition pkcs11t.h:803
#define CKM_X9_42_DH_KEY_PAIR_GEN
Definition pkcs11t.h:616
#define CKK_CAMELLIA
Definition pkcs11t.h:368
#define CKA_MODIFIABLE
Definition pkcs11t.h:500
#define CRYPTOKI_VERSION_MINOR
Definition pkcs11t.h:20
#define CKK_SEED
Definition pkcs11t.h:380
#define CKM_RC5_MAC
Definition pkcs11t.h:754
#define CKM_RSA_PKCS_KEY_PAIR_GEN
Definition pkcs11t.h:586
#define CKR_SESSION_READ_ONLY
Definition pkcs11t.h:1100
#define CKK_KEA
Definition pkcs11t.h:345
#define CKM_RC2_CBC
Definition pkcs11t.h:647
#define CKA_OTP_TIME_REQUIREMENT
Definition pkcs11t.h:525
#define CKM_PBE_MD5_CAST5_CBC
Definition pkcs11t.h:796
#define CKM_KEA_KEY_DERIVE
Definition pkcs11t.h:877
#define CKC_X_509_ATTR_CERT
Definition pkcs11t.h:408
#define CKM_JUNIPER_KEY_GEN
Definition pkcs11t.h:905
#define CKM_RC5_CBC
Definition pkcs11t.h:753
#define CKM_ARIA_CBC_PAD
Definition pkcs11t.h:852
#define CKR_ENCRYPTED_DATA_LEN_RANGE
Definition pkcs11t.h:1064
#define CKM_SHA512_KEY_DERIVATION
Definition pkcs11t.h:789
#define CKA_BITS_PER_PIXEL
Definition pkcs11t.h:549
#define CKR_SIGNATURE_INVALID
Definition pkcs11t.h:1106
#define CKA_AC_ISSUER
Definition pkcs11t.h:447
#define CKM_TLS_KDF
Definition pkcs11t.h:827
#define CKM_AES_MAC_GENERAL
Definition pkcs11t.h:917
#define CKM_CAST128_CBC_PAD
Definition pkcs11t.h:750
#define CKM_BATON_ECB128
Definition pkcs11t.h:881
#define CKA_OTP_USER_IDENTIFIER
Definition pkcs11t.h:530
#define CKM_BLOWFISH_CBC
Definition pkcs11t.h:931
#define CKM_FASTHASH
Definition pkcs11t.h:911
#define CKR_SESSION_HANDLE_INVALID
Definition pkcs11t.h:1098
#define CKF_EC_F_2M
Definition pkcs11t.h:1023
#define CKM_ARIA_ECB
Definition pkcs11t.h:848
#define CK_CERTIFICATE_CATEGORY_OTHER_ENTITY
Definition pkcs11t.h:398
#define CKO_CERTIFICATE
Definition pkcs11t.h:311
#define CKA_CHECK_VALUE
Definition pkcs11t.h:457
#define CKM_DES_CBC
Definition pkcs11t.h:657
#define CKF_USER_PIN_INITIALIZED
Definition pkcs11t.h:158
CK_ULONG CK_NOTIFICATION
Definition pkcs11t.h:100
#define CKM_CAST5_MAC
Definition pkcs11t.h:745
#define CKA_PUBLIC_KEY_INFO
Definition pkcs11t.h:483
#define CKA_OTP_USER_FRIENDLY_MODE
Definition pkcs11t.h:523
#define CKM_SHA384_HMAC_GENERAL
Definition pkcs11t.h:715
#define CKF_RW_SESSION
Definition pkcs11t.h:289
#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN
Definition pkcs11t.h:1121
#define CKM_SECURID_KEY_GEN
Definition pkcs11t.h:719
#define CKM_IDEA_MAC_GENERAL
Definition pkcs11t.h:761
#define CKS_RO_USER_FUNCTIONS
Definition pkcs11t.h:273
#define CKM_TLS_KEY_AND_MAC_DERIVE
Definition pkcs11t.h:776
#define CKM_GOST28147_ECB
Definition pkcs11t.h:952
#define CKA_PRIME
Definition pkcs11t.h:484
#define CKR_ARGUMENTS_BAD
Definition pkcs11t.h:1046
#define CKM_SECURID
Definition pkcs11t.h:720
#define CKM_AES_CCM
Definition pkcs11t.h:921
#define CKR_CANCEL
Definition pkcs11t.h:1039
#define CKM_SHA512_224_KEY_DERIVATION
Definition pkcs11t.h:634
#define CKM_SHA256
Definition pkcs11t.h:707
#define CKM_IDEA_CBC_PAD
Definition pkcs11t.h:762
#define CKM_SHA512_T_HMAC_GENERAL
Definition pkcs11t.h:642
#define CKK_BLOWFISH
Definition pkcs11t.h:363
#define CKM_CDMF_CBC_PAD
Definition pkcs11t.h:678
#define CKU_USER
Definition pkcs11t.h:266
#define CKR_PIN_TOO_WEAK
Definition pkcs11t.h:1153
#define CKA_MODULUS
Definition pkcs11t.h:474
unsigned char CK_BYTE
Definition pkcs11t.h:36
#define CKM_AES_CFB64
Definition pkcs11t.h:964
#define CKM_TLS_MASTER_KEY_DERIVE_DH
Definition pkcs11t.h:777
#define CKA_PRIVATE
Definition pkcs11t.h:439
#define CKM_DES_KEY_GEN
Definition pkcs11t.h:655
CK_ULONG CK_SLOT_ID
Definition pkcs11t.h:104
CK_ULONG CK_FLAGS
Definition pkcs11t.h:54
#define CKR_PIN_EXPIRED
Definition pkcs11t.h:1093
#define CKM_CAST3_MAC_GENERAL
Definition pkcs11t.h:736
CK_ULONG CK_OBJECT_CLASS
Definition pkcs11t.h:307
#define CKM_CAST5_CBC_PAD
Definition pkcs11t.h:749
#define CKM_PBE_SHA1_RC2_128_CBC
Definition pkcs11t.h:804
#define CKG_MGF1_SHA384
Definition pkcs11t.h:1248
#define CKR_PIN_LOCKED
Definition pkcs11t.h:1094
#define CKA_PRIME_1
Definition pkcs11t.h:478
#define CKA_NAME_HASH_ALGORITHM
Definition pkcs11t.h:456
#define CKM_DSA_SHA512
Definition pkcs11t.h:611
#define CKM_SSL3_PRE_MASTER_KEY_GEN
Definition pkcs11t.h:769
#define CKM_SSL3_MASTER_KEY_DERIVE_DH
Definition pkcs11t.h:773
#define CKM_IDEA_MAC
Definition pkcs11t.h:760
#define CKR_LIBRARY_LOAD_FAILED
Definition pkcs11t.h:1152
#define CKM_MD5_RSA_PKCS
Definition pkcs11t.h:592
#define CKM_DSA_SHA384
Definition pkcs11t.h:610
#define CKM_RIPEMD128_HMAC_GENERAL
Definition pkcs11t.h:702
#define CKF_WRAP
Definition pkcs11t.h:1015
#define CKK_DES
Definition pkcs11t.h:349
#define CKM_PBA_SHA1_WITH_SHA1_HMAC
Definition pkcs11t.h:809
#define CKA_OTP_SERVICE_LOGO_TYPE
Definition pkcs11t.h:533
CK_ULONG CK_SESSION_HANDLE
Definition pkcs11t.h:256
#define CKA_OTP_CHALLENGE_REQUIREMENT
Definition pkcs11t.h:524
#define CKK_ACTI
Definition pkcs11t.h:367
#define CKR_CANT_LOCK
Definition pkcs11t.h:1049
#define CKM_DES_CBC_PAD
Definition pkcs11t.h:661
#define CKR_TOKEN_NOT_PRESENT
Definition pkcs11t.h:1110
#define CKA_OTP_FORMAT
Definition pkcs11t.h:520
#define CKF_EXTENSION
Definition pkcs11t.h:1029
#define CKM_SHA512_T
Definition pkcs11t.h:640
#define CKM_DES3_CBC_PAD
Definition pkcs11t.h:670
#define CKM_SHA512_T_KEY_DERIVATION
Definition pkcs11t.h:643
#define CKA_EC_POINT
Definition pkcs11t.h:508
#define CKR_CRYPTOKI_NOT_INITIALIZED
Definition pkcs11t.h:1142
#define CKM_KEA_DERIVE
Definition pkcs11t.h:878
#define CKM_DH_PKCS_DERIVE
Definition pkcs11t.h:614
#define CKM_CAMELLIA_MAC_GENERAL
Definition pkcs11t.h:841
#define CKA_SENSITIVE
Definition pkcs11t.h:462
#define CKM_MD2_HMAC_GENERAL
Definition pkcs11t.h:688
#define CKF_EC_F_P
Definition pkcs11t.h:1022
#define CKM_SEED_CBC_ENCRYPT_DATA
Definition pkcs11t.h:863
#define CKM_DES3_CMAC_GENERAL
Definition pkcs11t.h:671
#define CKR_PIN_INCORRECT
Definition pkcs11t.h:1089
#define CKM_CAST128_MAC_GENERAL
Definition pkcs11t.h:748
#define CKM_ARIA_CBC
Definition pkcs11t.h:849
#define CK_CERTIFICATE_CATEGORY_TOKEN_USER
Definition pkcs11t.h:396
#define CKM_CAMELLIA_CTR
Definition pkcs11t.h:845
#define CKM_PBE_SHA1_RC4_40
Definition pkcs11t.h:801
#define CKM_PBE_SHA1_CAST5_CBC
Definition pkcs11t.h:798
#define CKM_TLS10_MAC_SERVER
Definition pkcs11t.h:818
#define CKM_X9_42_DH_DERIVE
Definition pkcs11t.h:617
#define CKF_GENERATE_KEY_PAIR
Definition pkcs11t.h:1014
#define CKM_AES_KEY_WRAP
Definition pkcs11t.h:969
#define CKM_SKIPJACK_PRIVATE_WRAP
Definition pkcs11t.h:874
#define CKF_SIGN_RECOVER
Definition pkcs11t.h:1010
#define CKA_SIGN_RECOVER
Definition pkcs11t.h:468
#define CKM_KEY_WRAP_LYNKS
Definition pkcs11t.h:829
#define CKM_SHA512_RSA_PKCS_PSS
Definition pkcs11t.h:626
#define CKM_CAST5_KEY_GEN
Definition pkcs11t.h:739
#define CKF_REMOVABLE_DEVICE
Definition pkcs11t.h:123
#define CKP_PKCS5_PBKD2_HMAC_SHA512_256
Definition pkcs11t.h:1726
#define CKM_CAMELLIA_CBC
Definition pkcs11t.h:839
#define CKM_ECDSA_SHA512
Definition pkcs11t.h:896
#define CKM_RSA_PKCS_OAEP
Definition pkcs11t.h:597
#define CKM_DES_OFB64
Definition pkcs11t.h:680
#define CKR_WRAPPED_KEY_INVALID
Definition pkcs11t.h:1124
#define CKF_SECONDARY_AUTHENTICATION
Definition pkcs11t.h:199
#define CKO_OTP_KEY
Definition pkcs11t.h:318
#define CKM_PBE_SHA1_RC4_128
Definition pkcs11t.h:800
#define CKM_CDMF_MAC
Definition pkcs11t.h:676
#define CKM_RSA_PKCS_OAEP_TPM_1_1
Definition pkcs11t.h:973
#define CKM_SHA512_RSA_PKCS
Definition pkcs11t.h:623
#define CKA_EXPONENT_1
Definition pkcs11t.h:480
#define CKM_DES3_MAC_GENERAL
Definition pkcs11t.h:669
#define CKM_CAST_CBC_PAD
Definition pkcs11t.h:731
#define CKP_PKCS5_PBKD2_HMAC_SHA224
Definition pkcs11t.h:1721
#define CKM_SHA224_HMAC
Definition pkcs11t.h:711
#define CKM_CAST5_CBC
Definition pkcs11t.h:743
#define CKM_SSL3_MD5_MAC
Definition pkcs11t.h:781
#define CKM_EXTRACT_KEY_FROM_KEY
Definition pkcs11t.h:768
#define CKM_SKIPJACK_CFB32
Definition pkcs11t.h:870
#define CKM_ECMQV_DERIVE
Definition pkcs11t.h:900
#define CKA_SIGN
Definition pkcs11t.h:467
#define CKM_AES_KEY_GEN
Definition pkcs11t.h:913
#define CKF_USER_FRIENDLY_OTP
Definition pkcs11t.h:1814
#define CKR_WRAPPING_KEY_HANDLE_INVALID
Definition pkcs11t.h:1126
#define CKR_MUTEX_NOT_LOCKED
Definition pkcs11t.h:1145
#define CKR_USER_TOO_MANY_TYPES
Definition pkcs11t.h:1122
#define CKM_CAST_MAC_GENERAL
Definition pkcs11t.h:730
CK_ULONG CK_USER_TYPE
Definition pkcs11t.h:262
#define CKF_USER_PIN_COUNT_LOW
Definition pkcs11t.h:205
#define CKM_IDEA_CBC
Definition pkcs11t.h:759
#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC
Definition pkcs11t.h:813
#define CKR_SESSION_CLOSED
Definition pkcs11t.h:1096
#define CKA_EXPONENT_2
Definition pkcs11t.h:481
#define CKK_RIPEMD160_HMAC
Definition pkcs11t.h:374
#define CK_TRUE
Definition pkcs11t.h:23
#define CKM_DSA_KEY_PAIR_GEN
Definition pkcs11t.h:605
#define CKM_RC4_KEY_GEN
Definition pkcs11t.h:653
#define CKM_ACTI_KEY_GEN
Definition pkcs11t.h:724
#define CKM_SHA224
Definition pkcs11t.h:710
#define CKM_SHA1_RSA_X9_31
Definition pkcs11t.h:601
#define CKM_AES_CBC_ENCRYPT_DATA
Definition pkcs11t.h:942
#define CKA_VALUE
Definition pkcs11t.h:442
#define CKA_URL
Definition pkcs11t.h:453
#define CKM_GOSTR3410
Definition pkcs11t.h:945
#define CKM_CAMELLIA_CBC_PAD
Definition pkcs11t.h:842
#define CKF_EXCLUDE_COUNTER
Definition pkcs11t.h:1811
CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR
Definition pkcs11t.h:1175
#define CKM_CAMELLIA_ECB_ENCRYPT_DATA
Definition pkcs11t.h:843
#define CKM_SKIPJACK_CFB16
Definition pkcs11t.h:871
#define CKK_JUNIPER
Definition pkcs11t.h:360
#define CKM_WTLS_MASTER_KEY_DERIVE
Definition pkcs11t.h:812
#define CKM_SKIPJACK_KEY_GEN
Definition pkcs11t.h:865
#define CKH_MONOTONIC_COUNTER
Definition pkcs11t.h:330
#define CKF_ENCRYPT
Definition pkcs11t.h:1006
#define CKF_OS_LOCKING_OK
Definition pkcs11t.h:1226
#define CKM_GOST28147_KEY_WRAP
Definition pkcs11t.h:955
#define CKM_SHA224_RSA_PKCS_PSS
Definition pkcs11t.h:629
#define CKA_LOCAL
Definition pkcs11t.h:495
#define CKM_MD5_KEY_DERIVATION
Definition pkcs11t.h:783
#define CKM_BATON_ECB96
Definition pkcs11t.h:882
#define CKP_PKCS5_PBKD2_HMAC_SHA384
Definition pkcs11t.h:1723
#define CKM_CAST3_MAC
Definition pkcs11t.h:735
#define CKR_OBJECT_HANDLE_INVALID
Definition pkcs11t.h:1086
#define CKF_EC_ECPARAMETERS
Definition pkcs11t.h:1024
#define CKM_CDMF_KEY_GEN
Definition pkcs11t.h:673
#define CKA_ECDSA_PARAMS
Definition pkcs11t.h:505
#define CKM_SHA512_224
Definition pkcs11t.h:631
#define CKM_KEA_KEY_PAIR_GEN
Definition pkcs11t.h:876
#define CKM_SHA256_HMAC
Definition pkcs11t.h:708
#define CKA_RESET_ON_INIT
Definition pkcs11t.h:540
#define CKA_VERIFY
Definition pkcs11t.h:469
#define CKR_PIN_INVALID
Definition pkcs11t.h:1090
#define CKA_OTP_PIN_REQUIREMENT
Definition pkcs11t.h:527
CK_ULONG CK_RSA_PKCS_MGF_TYPE
Definition pkcs11t.h:1241
#define CKR_UNWRAPPING_KEY_SIZE_RANGE
Definition pkcs11t.h:1114
#define CKM_X9_42_MQV_DERIVE
Definition pkcs11t.h:619
#define CKM_GOST28147
Definition pkcs11t.h:953
#define CKM_CDMF_ECB
Definition pkcs11t.h:674
#define CKD_CPDIVERSIFY_KDF
Definition pkcs11t.h:1300
#define CKM_TLS12_MASTER_KEY_DERIVE
Definition pkcs11t.h:822
#define CKO_DATA
Definition pkcs11t.h:310
#define CKM_BATON_SHUFFLE
Definition pkcs11t.h:885
#define CKO_PRIVATE_KEY
Definition pkcs11t.h:313
#define CKM_SHA512_256_HMAC_GENERAL
Definition pkcs11t.h:637
#define CKK_IDEA
Definition pkcs11t.h:357
#define CKM_RC5_MAC_GENERAL
Definition pkcs11t.h:755
#define CKD_SHA384_KDF
Definition pkcs11t.h:1298
#define CKR_ENCRYPTED_DATA_INVALID
Definition pkcs11t.h:1063
#define CKM_RC2_CBC_PAD
Definition pkcs11t.h:651
#define CKP_PKCS5_PBKD2_HMAC_GOSTR3411
Definition pkcs11t.h:1720
#define CKM_SEED_CBC_PAD
Definition pkcs11t.h:861
#define CKR_CRYPTOKI_ALREADY_INITIALIZED
Definition pkcs11t.h:1143
#define CKM_GENERIC_SECRET_KEY_GEN
Definition pkcs11t.h:763
#define CKM_DH_PKCS_KEY_PAIR_GEN
Definition pkcs11t.h:613
#define CKM_DES3_ECB_ENCRYPT_DATA
Definition pkcs11t.h:939
#define CKA_ALLOWED_MECHANISMS
Definition pkcs11t.h:557
#define CKF_SERIAL_SESSION
Definition pkcs11t.h:290
#define CKR_FUNCTION_FAILED
Definition pkcs11t.h:1044
#define CKM_CDMF_MAC_GENERAL
Definition pkcs11t.h:677
#define CKH_CLOCK
Definition pkcs11t.h:331
#define CKA_OTP_COUNTER_REQUIREMENT
Definition pkcs11t.h:526
#define CKM_SHA384
Definition pkcs11t.h:713
#define CKA_COPYABLE
Definition pkcs11t.h:501
#define CKF_DUAL_CRYPTO_OPERATIONS
Definition pkcs11t.h:185
#define CKA_PRIME_2
Definition pkcs11t.h:479
#define CKR_OPERATION_NOT_INITIALIZED
Definition pkcs11t.h:1088
#define CKR_ACTION_PROHIBITED
Definition pkcs11t.h:1056
#define CKF_SO_PIN_TO_BE_CHANGED
Definition pkcs11t.h:246
#define CKR_SESSION_READ_ONLY_EXISTS
Definition pkcs11t.h:1103
#define CKM_TLS_PRE_MASTER_KEY_GEN
Definition pkcs11t.h:774
#define CKM_EC_KEY_PAIR_GEN
Definition pkcs11t.h:889
#define CKK_DSA
Definition pkcs11t.h:340
#define CKR_SESSION_READ_WRITE_SO_EXISTS
Definition pkcs11t.h:1104
#define CKM_RC5_KEY_GEN
Definition pkcs11t.h:751
#define CKK_BATON
Definition pkcs11t.h:359
#define CKR_KEY_SIZE_RANGE
Definition pkcs11t.h:1072
#define CKM_AES_GCM
Definition pkcs11t.h:920
#define CKM_DH_PKCS_PARAMETER_GEN
Definition pkcs11t.h:958
#define CKM_PBE_MD5_CAST128_CBC
Definition pkcs11t.h:797
#define CKM_SHA384_HMAC
Definition pkcs11t.h:714
#define CKR_TEMPLATE_INCONSISTENT
Definition pkcs11t.h:1109
#define CKM_CDMF_CBC
Definition pkcs11t.h:675
#define CKA_COLOR
Definition pkcs11t.h:548
#define CKM_RC5_CBC_PAD
Definition pkcs11t.h:756
#define CKR_OPERATION_ACTIVE
Definition pkcs11t.h:1087
#define CKR_DATA_LEN_RANGE
Definition pkcs11t.h:1059
#define CKO_MECHANISM
Definition pkcs11t.h:317
#define CKA_UNWRAP
Definition pkcs11t.h:466
#define CKM_SHA1_RSA_PKCS
Definition pkcs11t.h:593
#define CKF_ARRAY_ATTRIBUTE
Definition pkcs11t.h:421
#define CKK_GOSTR3410
Definition pkcs11t.h:381
#define CKM_SHA512
Definition pkcs11t.h:716
#define CKM_MD2_KEY_DERIVATION
Definition pkcs11t.h:784
CK_ULONG CK_KEY_TYPE
Definition pkcs11t.h:336
#define CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN
Definition pkcs11t.h:961
#define CKA_TRUSTED
Definition pkcs11t.h:450
#define CKA_WRAP_WITH_TRUSTED
Definition pkcs11t.h:515
#define CKK_GOSTR3411
Definition pkcs11t.h:382
CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE
Definition pkcs11t.h:1714
#define CKR_BUFFER_TOO_SMALL
Definition pkcs11t.h:1137
#define CKM_ARIA_MAC_GENERAL
Definition pkcs11t.h:851
#define CKU_SO
Definition pkcs11t.h:264
#define CKM_CAMELLIA_CBC_ENCRYPT_DATA
Definition pkcs11t.h:844
#define CKM_AES_CFB128
Definition pkcs11t.h:966
#define CKS_RW_USER_FUNCTIONS
Definition pkcs11t.h:275
#define CKM_AES_CMAC_GENERAL
Definition pkcs11t.h:924
#define CKS_RO_PUBLIC_SESSION
Definition pkcs11t.h:272
#define CKO_HW_FEATURE
Definition pkcs11t.h:315
#define CKA_DECRYPT
Definition pkcs11t.h:464
#define CKM_PBE_MD5_CAST_CBC
Definition pkcs11t.h:794
#define CKM_SHA1_KEY_DERIVATION
Definition pkcs11t.h:785
#define CKA_OTP_LENGTH
Definition pkcs11t.h:521
#define CKF_EXCLUDE_CHALLENGE
Definition pkcs11t.h:1812
#define CKO_VENDOR_DEFINED
Definition pkcs11t.h:320
#define CKP_PKCS5_PBKD2_HMAC_SHA512
Definition pkcs11t.h:1724
#define CKA_KEY_TYPE
Definition pkcs11t.h:459
#define CKR_USER_PIN_NOT_INITIALIZED
Definition pkcs11t.h:1118
#define CKN_OTP_CHANGED
Definition pkcs11t.h:102
#define CKM_RIPEMD160
Definition pkcs11t.h:703
#define CKA_ALWAYS_AUTHENTICATE
Definition pkcs11t.h:513
#define CKM_RSA_9796
Definition pkcs11t.h:588
#define CKK_CAST
Definition pkcs11t.h:352
#define CKM_JUNIPER_WRAP
Definition pkcs11t.h:910
#define CKA_VALUE_LEN
Definition pkcs11t.h:493
#define CKA_CHAR_ROWS
Definition pkcs11t.h:546
#define CKM_CAST_ECB
Definition pkcs11t.h:727
#define CKM_BATON_COUNTER
Definition pkcs11t.h:884
#define CKM_CAST3_KEY_GEN
Definition pkcs11t.h:732
#define CKM_TLS_PRF
Definition pkcs11t.h:779
#define CKM_JUNIPER_CBC128
Definition pkcs11t.h:907
#define CKK_RC2
Definition pkcs11t.h:347
#define CKM_SHA224_RSA_PKCS
Definition pkcs11t.h:628
#define CKM_PBE_SHA1_DES3_EDE_CBC
Definition pkcs11t.h:802
#define CKR_USER_ALREADY_LOGGED_IN
Definition pkcs11t.h:1116
#define CKK_SHA384_HMAC
Definition pkcs11t.h:376
#define CKR_STATE_UNSAVEABLE
Definition pkcs11t.h:1140
#define CKM_RIPEMD160_RSA_PKCS
Definition pkcs11t.h:596
#define CKF_RNG
Definition pkcs11t.h:155
#define CKP_PKCS5_PBKD2_HMAC_SHA1
Definition pkcs11t.h:1719
#define CKM_AES_CTS
Definition pkcs11t.h:922
#define CKA_GOST28147_PARAMS
Definition pkcs11t.h:537
#define CKM_X9_42_DH_PARAMETER_GEN
Definition pkcs11t.h:959
#define CKK_RIPEMD128_HMAC
Definition pkcs11t.h:373
#define CKF_SIGN
Definition pkcs11t.h:1009
#define CKM_JUNIPER_COUNTER
Definition pkcs11t.h:908
#define CKD_SHA1_KDF_CONCATENATE
Definition pkcs11t.h:1295
#define CKF_GENERATE
Definition pkcs11t.h:1013
#define CKM_SHA512_256_HMAC
Definition pkcs11t.h:636
#define CKM_KIP_WRAP
Definition pkcs11t.h:834
CK_ULONG CK_MECHANISM_TYPE
Definition pkcs11t.h:583
#define CKK_GENERIC_SECRET
Definition pkcs11t.h:346
#define CKM_TLS12_KEY_SAFE_DERIVE
Definition pkcs11t.h:825
#define CKM_PBE_SHA1_CAST128_CBC
Definition pkcs11t.h:799
#define CKU_CONTEXT_SPECIFIC
Definition pkcs11t.h:268
#define CKP_PKCS5_PBKD2_HMAC_SHA512_224
Definition pkcs11t.h:1725
#define CKA_VALUE_BITS
Definition pkcs11t.h:492
#define CKM_TLS12_KDF
Definition pkcs11t.h:821
#define CKF_SO_PIN_FINAL_TRY
Definition pkcs11t.h:234
#define CKF_EXCLUDE_PIN
Definition pkcs11t.h:1813
#define CKA_COEFFICIENT
Definition pkcs11t.h:482
#define CKR_INFORMATION_SENSITIVE
Definition pkcs11t.h:1139
#define CKR_NEW_PIN_MODE
Definition pkcs11t.h:1147
#define CKM_AES_KEY_WRAP_PAD
Definition pkcs11t.h:970
#define CKR_OK
Definition pkcs11t.h:1038
#define CKM_CONCATENATE_DATA_AND_BASE
Definition pkcs11t.h:766
#define CKM_GOSTR3410_KEY_WRAP
Definition pkcs11t.h:947
#define CKA_OWNER
Definition pkcs11t.h:448
#define CKM_XOR_BASE_AND_DATA
Definition pkcs11t.h:767
#define CKA_DESTROYABLE
Definition pkcs11t.h:503
#define CKM_ECDSA
Definition pkcs11t.h:891
#define CKM_ECDSA_SHA384
Definition pkcs11t.h:895
#define CKM_RSA_X9_31
Definition pkcs11t.h:600
#define CKM_GOST28147_KEY_GEN
Definition pkcs11t.h:951
#define CKK_CAST3
Definition pkcs11t.h:353
#define CKA_SUBPRIME
Definition pkcs11t.h:485
#define CKA_DERIVE
Definition pkcs11t.h:471
#define CKK_SKIPJACK
Definition pkcs11t.h:358
#define CKR_ATTRIBUTE_VALUE_INVALID
Definition pkcs11t.h:1054
#define CKA_REQUIRED_CMS_ATTRIBUTES
Definition pkcs11t.h:554
#define CKM_GOSTR3411
Definition pkcs11t.h:949
#define CK_CERTIFICATE_CATEGORY_AUTHORITY
Definition pkcs11t.h:397
#define CKM_PBE_MD2_DES_CBC
Definition pkcs11t.h:792
#define CKM_DES_OFB8
Definition pkcs11t.h:681
#define CKM_RIPEMD160_HMAC
Definition pkcs11t.h:704
#define CKM_HOTP
Definition pkcs11t.h:722
#define CKM_KEY_WRAP_SET_OAEP
Definition pkcs11t.h:830
#define CKM_KIP_MAC
Definition pkcs11t.h:835
#define CKA_MIME_TYPES
Definition pkcs11t.h:552
#define CKM_CAST3_CBC_PAD
Definition pkcs11t.h:737
#define CKA_CERTIFICATE_CATEGORY
Definition pkcs11t.h:451
#define CKK_VENDOR_DEFINED
Definition pkcs11t.h:387
#define CKM_DSA_SHA224
Definition pkcs11t.h:608
#define CKM_TLS_MAC
Definition pkcs11t.h:826
CK_BYTE CK_BBOOL
Definition pkcs11t.h:45
#define CKR_FUNCTION_NOT_SUPPORTED
Definition pkcs11t.h:1068
#define CKF_RESTORE_KEY_NOT_NEEDED
Definition pkcs11t.h:165
#define CKM_CAST5_ECB
Definition pkcs11t.h:741
#define CKA_GOSTR3410_PARAMS
Definition pkcs11t.h:535
#define CKR_USER_NOT_LOGGED_IN
Definition pkcs11t.h:1117
#define CKA_ALWAYS_SENSITIVE
Definition pkcs11t.h:497
#define CKM_DES_CFB64
Definition pkcs11t.h:682
#define CKK_HOTP
Definition pkcs11t.h:366
#define CKM_AES_CFB1
Definition pkcs11t.h:968
#define CKM_DES_ECB_ENCRYPT_DATA
Definition pkcs11t.h:937
#define CKR_DEVICE_REMOVED
Definition pkcs11t.h:1062
#define CKF_UNWRAP
Definition pkcs11t.h:1016
#define CKA_VENDOR_DEFINED
Definition pkcs11t.h:559
#define CKA_OTP_TIME
Definition pkcs11t.h:529
#define CKM_PBE_SHA1_RC2_40_CBC
Definition pkcs11t.h:805
#define CKM_GOSTR3410_DERIVE
Definition pkcs11t.h:948
#define CKA_END_DATE
Definition pkcs11t.h:473
#define CKG_MGF1_SHA1
Definition pkcs11t.h:1246
#define CKK_SECURID
Definition pkcs11t.h:365
#define CKP_PKCS5_PBKD2_HMAC_SHA256
Definition pkcs11t.h:1722
#define CKM_SHA256_HMAC_GENERAL
Definition pkcs11t.h:709
#define CKA_ATTR_TYPES
Definition pkcs11t.h:449
#define CKF_USER_PIN_TO_BE_CHANGED
Definition pkcs11t.h:223
#define CKM_AES_ECB_ENCRYPT_DATA
Definition pkcs11t.h:941
#define CKM_RIPEMD128_RSA_PKCS
Definition pkcs11t.h:595
#define CK_CERTIFICATE_CATEGORY_UNSPECIFIED
Definition pkcs11t.h:395
#define CKR_DOMAIN_PARAMS_INVALID
Definition pkcs11t.h:1133
#define CKA_CERTIFICATE_TYPE
Definition pkcs11t.h:444
#define CKM_ECDSA_SHA256
Definition pkcs11t.h:894
#define CKM_BATON_WRAP
Definition pkcs11t.h:886
#define CKF_SO_PIN_LOCKED
Definition pkcs11t.h:239
CK_ULONG CK_CERTIFICATE_TYPE
Definition pkcs11t.h:393
#define CKM_AES_OFB
Definition pkcs11t.h:963
#define CKR_TOKEN_WRITE_PROTECTED
Definition pkcs11t.h:1112
#define CKA_HASH_OF_ISSUER_PUBLIC_KEY
Definition pkcs11t.h:455
#define CKM_HOTP_KEY_GEN
Definition pkcs11t.h:721
#define CKF_DECRYPT
Definition pkcs11t.h:1007
#define CKH_VENDOR_DEFINED
Definition pkcs11t.h:333
#define CKM_TWOFISH_CBC
Definition pkcs11t.h:933
#define CKK_CDMF
Definition pkcs11t.h:361
#define CKA_MODULUS_BITS
Definition pkcs11t.h:475
void CK_PTR CK_VOID_PTR
Definition pkcs11t.h:66
#define CKM_RIPEMD128_HMAC
Definition pkcs11t.h:701
#define CKA_LABEL
Definition pkcs11t.h:440
#define CKA_EXTRACTABLE
Definition pkcs11t.h:494
#define CKM_ACTI
Definition pkcs11t.h:723
#define CKM_CAST_KEY_GEN
Definition pkcs11t.h:726
#define CKR_TEMPLATE_INCOMPLETE
Definition pkcs11t.h:1108
#define CKM_DES3_KEY_GEN
Definition pkcs11t.h:664
#define CKF_EC_COMPRESS
Definition pkcs11t.h:1027
#define CKM_DES3_CBC_ENCRYPT_DATA
Definition pkcs11t.h:940
#define CKM_CAST128_MAC
Definition pkcs11t.h:746
#define CKM_MD5_HMAC
Definition pkcs11t.h:692
#define CKF_SO_PIN_COUNT_LOW
Definition pkcs11t.h:229
CK_ULONG CK_OBJECT_HANDLE
Definition pkcs11t.h:298
#define CKA_ENCODING_METHODS
Definition pkcs11t.h:551
CK_ULONG CK_HW_FEATURE_TYPE
Definition pkcs11t.h:327
#define CKM_DES3_ECB
Definition pkcs11t.h:665
#define CKM_AES_CBC
Definition pkcs11t.h:915
#define CKM_SEED_MAC
Definition pkcs11t.h:859
#define CKM_AES_MAC
Definition pkcs11t.h:916
#define CKM_SHA256_RSA_PKCS_PSS
Definition pkcs11t.h:624
#define CKR_KEY_NOT_NEEDED
Definition pkcs11t.h:1075
#define CKM_SKIPJACK_WRAP
Definition pkcs11t.h:873
#define CKR_NO_EVENT
Definition pkcs11t.h:1047
#define CKR_VENDOR_DEFINED
Definition pkcs11t.h:1158
#define CKM_SKIPJACK_ECB64
Definition pkcs11t.h:866
#define CKA_ENCRYPT
Definition pkcs11t.h:463
#define CKM_SHA384_KEY_DERIVATION
Definition pkcs11t.h:788
#define CKA_SUBPRIME_BITS
Definition pkcs11t.h:489
#define CKM_RSA_PKCS_PSS
Definition pkcs11t.h:602
#define CKM_SKIPJACK_OFB64
Definition pkcs11t.h:868
#define CKM_GOSTR3410_WITH_GOSTR3411
Definition pkcs11t.h:946
#define CKM_SHA1_RSA_PKCS_PSS
Definition pkcs11t.h:603
#define CKK_ECDSA
Definition pkcs11t.h:342
#define CKM_DES2_KEY_GEN
Definition pkcs11t.h:663
#define CKM_GOSTR3410_KEY_PAIR_GEN
Definition pkcs11t.h:944
#define CKA_PIXEL_X
Definition pkcs11t.h:543
#define CKA_DEFAULT_CMS_ATTRIBUTES
Definition pkcs11t.h:555
#define CKR_HOST_MEMORY
Definition pkcs11t.h:1040
#define CKM_SHA512_256_KEY_DERIVATION
Definition pkcs11t.h:638
#define CKA_GOSTR3411_PARAMS
Definition pkcs11t.h:536
#define CKM_SHA384_RSA_PKCS
Definition pkcs11t.h:622
CK_ULONG CK_ATTRIBUTE_TYPE
Definition pkcs11t.h:416
#define CKR_FUNCTION_NOT_PARALLEL
Definition pkcs11t.h:1066
#define CKK_GOST28147
Definition pkcs11t.h:383
#define CKA_CHAR_COLUMNS
Definition pkcs11t.h:547
#define CKA_UNWRAP_TEMPLATE
Definition pkcs11t.h:517
#define CKR_SIGNATURE_LEN_RANGE
Definition pkcs11t.h:1107
#define CKM_ARIA_MAC
Definition pkcs11t.h:850
#define CKR_CURVE_NOT_SUPPORTED
Definition pkcs11t.h:1135
#define CKM_SHA224_KEY_DERIVATION
Definition pkcs11t.h:790
#define CKA_KEY_GEN_MECHANISM
Definition pkcs11t.h:498
#define CKR_FIPS_SELF_TEST_FAILED
Definition pkcs11t.h:1151
#define CKM_JUNIPER_SHUFFLE
Definition pkcs11t.h:909
#define CKK_TWOFISH
Definition pkcs11t.h:364
#define CKR_USER_TYPE_INVALID
Definition pkcs11t.h:1119
#define CKM_SEED_ECB
Definition pkcs11t.h:857
#define CKM_CAMELLIA_ECB
Definition pkcs11t.h:838
#define CKM_ECDH_AES_KEY_WRAP
Definition pkcs11t.h:902
#define CRYPTOKI_VERSION_MAJOR
Definition pkcs11t.h:19
#define CKO_DOMAIN_PARAMETERS
Definition pkcs11t.h:316
#define CKM_PBE_MD5_CAST3_CBC
Definition pkcs11t.h:795
#define CKM_RC4
Definition pkcs11t.h:654
#define CKM_RSA_AES_KEY_WRAP
Definition pkcs11t.h:903
#define CKF_USER_PIN_LOCKED
Definition pkcs11t.h:216
#define CKM_PBE_MD5_DES_CBC
Definition pkcs11t.h:793
#define CKM_SHA512_T_HMAC
Definition pkcs11t.h:641
#define CKM_SHA512_HMAC
Definition pkcs11t.h:717
#define CKM_RIPEMD160_HMAC_GENERAL
Definition pkcs11t.h:705
#define CKM_SHA256_RSA_PKCS
Definition pkcs11t.h:621
#define CKR_KEY_HANDLE_INVALID
Definition pkcs11t.h:1070
#define CKM_CAST_MAC
Definition pkcs11t.h:729
#define CKM_RC2_MAC_GENERAL
Definition pkcs11t.h:650
#define CKM_RC2_KEY_GEN
Definition pkcs11t.h:645
#define CKR_MUTEX_BAD
Definition pkcs11t.h:1144
#define CKM_CAST128_KEY_GEN
Definition pkcs11t.h:740
#define CKF_TOKEN_PRESENT
Definition pkcs11t.h:122
#define CKM_AES_XCBC_MAC
Definition pkcs11t.h:926
#define CKD_SHA224_KDF
Definition pkcs11t.h:1296
#define CKM_SHA384_RSA_PKCS_PSS
Definition pkcs11t.h:625
#define CKM_RSA_PKCS_TPM_1_1
Definition pkcs11t.h:972
#define CKM_SSL3_KEY_AND_MAC_DERIVE
Definition pkcs11t.h:771
#define CKM_DES_MAC_GENERAL
Definition pkcs11t.h:660
#define CKA_PIXEL_Y
Definition pkcs11t.h:544
#define CKR_SAVED_STATE_INVALID
Definition pkcs11t.h:1138
#define CKM_CAST128_CBC
Definition pkcs11t.h:744
#define CKM_AES_ECB
Definition pkcs11t.h:914
#define CKM_ARIA_ECB_ENCRYPT_DATA
Definition pkcs11t.h:853
#define CKK_EC
Definition pkcs11t.h:343
#define CKA_WRAP_TEMPLATE
Definition pkcs11t.h:516
#define CKR_WRAPPED_KEY_LEN_RANGE
Definition pkcs11t.h:1125
#define CKK_ARIA
Definition pkcs11t.h:369
#define CKF_HW
Definition pkcs11t.h:1003
#define CKM_X9_42_DH_HYBRID_DERIVE
Definition pkcs11t.h:618
#define CKA_PRIME_BITS
Definition pkcs11t.h:488
#define CKF_EXCLUDE_TIME
Definition pkcs11t.h:1810
#define CKR_EXCEEDED_MAX_ITERATIONS
Definition pkcs11t.h:1150
#define CKM_BLOWFISH_KEY_GEN
Definition pkcs11t.h:930
#define CKM_GOST28147_MAC
Definition pkcs11t.h:954
#define CKM_CAST128_ECB
Definition pkcs11t.h:742
#define CKR_KEY_INDIGESTIBLE
Definition pkcs11t.h:1078
#define CKK_MD5_HMAC
Definition pkcs11t.h:371
#define CKH_USER_INTERFACE
Definition pkcs11t.h:332
#define CKK_SHA_1_HMAC
Definition pkcs11t.h:372
#define CKA_OTP_COUNTER
Definition pkcs11t.h:528
#define CKA_CHAR_SETS
Definition pkcs11t.h:550
#define CKF_VERIFY_RECOVER
Definition pkcs11t.h:1012
#define CKA_MECHANISM_TYPE
Definition pkcs11t.h:553
CK_ULONG CK_STATE
Definition pkcs11t.h:271
#define CKK_AES
Definition pkcs11t.h:362
#define CKM_SEED_CBC
Definition pkcs11t.h:858
#define CKA_BASE
Definition pkcs11t.h:486
#define CKM_DSA_SHA256
Definition pkcs11t.h:609
#define CKF_CLOCK_ON_TOKEN
Definition pkcs11t.h:171
#define CKS_RW_SO_FUNCTIONS
Definition pkcs11t.h:276
#define CKM_DES_CFB8
Definition pkcs11t.h:683
#define CKR_KEY_NEEDED
Definition pkcs11t.h:1077
#define CKM_BLOWFISH_CBC_PAD
Definition pkcs11t.h:934
#define CKR_PUBLIC_KEY_INVALID
Definition pkcs11t.h:1154
#define CKR_KEY_TYPE_INCONSISTENT
Definition pkcs11t.h:1073
#define CKM_SHA_1
Definition pkcs11t.h:695
#define CKM_DSA_SHA1
Definition pkcs11t.h:607
#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT
Definition pkcs11t.h:1115
#define CKM_AES_XCBC_MAC_96
Definition pkcs11t.h:927
#define CKM_ECDSA_KEY_PAIR_GEN
Definition pkcs11t.h:888
#define CKK_X9_42_DH
Definition pkcs11t.h:344
#define CKM_WTLS_PRF
Definition pkcs11t.h:814
#define CKF_ERROR_STATE
Definition pkcs11t.h:248
#define CKF_WRITE_PROTECTED
Definition pkcs11t.h:156
#define CKA_EC_PARAMS
Definition pkcs11t.h:506
#define CKM_DES_MAC
Definition pkcs11t.h:658
#define CKM_RC2_ECB
Definition pkcs11t.h:646
#define CKM_TLS12_KEY_AND_MAC_DERIVE
Definition pkcs11t.h:823
#define CKA_WRAP
Definition pkcs11t.h:465
#define CKA_CLASS
Definition pkcs11t.h:437
#define CKK_SHA512_HMAC
Definition pkcs11t.h:377
#define CKR_KEY_NOT_WRAPPABLE
Definition pkcs11t.h:1080
#define CKM_MD2_HMAC
Definition pkcs11t.h:687
#define CKA_DERIVE_TEMPLATE
Definition pkcs11t.h:518
#define CKF_EC_NAMEDCURVE
Definition pkcs11t.h:1025
#define CKF_NEXT_OTP
Definition pkcs11t.h:1809
#define CKM_TLS12_MASTER_KEY_DERIVE_DH
Definition pkcs11t.h:824
#define CKM_RC5_ECB
Definition pkcs11t.h:752
#define CKF_DONT_BLOCK
Definition pkcs11t.h:1234
#define CKM_SHA224_HMAC_GENERAL
Definition pkcs11t.h:712
#define CKA_HAS_RESET
Definition pkcs11t.h:541
#define CKA_OTP_SERVICE_LOGO
Definition pkcs11t.h:532
#define CKA_SUBJECT
Definition pkcs11t.h:460
#define CKM_DES3_MAC
Definition pkcs11t.h:667