Botan 2.19.2
Crypto and TLS for C&
p11.h
Go to the documentation of this file.
1/*
2* PKCS#11
3* (C) 2016 Daniel Neus, Sirrix AG
4* (C) 2016 Philipp Weber, Sirrix AG
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#ifndef BOTAN_P11_H_
10#define BOTAN_P11_H_
11
12#include <botan/secmem.h>
13#include <botan/exceptn.h>
14
15#include <vector>
16#include <string>
17#include <map>
18
19#define CK_PTR *
20
21#if defined(_MSC_VER)
22#define CK_DECLARE_FUNCTION(returnType, name) \
23 returnType __declspec(dllimport) name
24#else
25#define CK_DECLARE_FUNCTION(returnType, name) \
26 returnType name
27#endif
28
29#if defined(_MSC_VER)
30#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
31 returnType __declspec(dllimport) (* name)
32#else
33#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
34 returnType (* name)
35#endif
36
37#define CK_CALLBACK_FUNCTION(returnType, name) \
38 returnType (* name)
39
40#ifndef NULL_PTR
41 #define NULL_PTR nullptr
42#endif
43
44#if defined(_MSC_VER)
45 #pragma pack(push, cryptoki, 1)
46#endif
47
48#include "pkcs11.h"
49
50#if defined(_MSC_VER)
51 #pragma pack(pop, cryptoki)
52#endif
53
54static_assert(CRYPTOKI_VERSION_MAJOR == 2 && CRYPTOKI_VERSION_MINOR == 40,
55 "The Botan PKCS#11 module was implemented against PKCS#11 v2.40. Please use the correct PKCS#11 headers.");
56
57namespace Botan {
58
59class Dynamically_Loaded_Library;
60
61namespace PKCS11 {
62
64
66 {
83 Url = CKA_URL,
90 Id = CKA_ID,
94 Wrap = CKA_WRAP,
96 Sign = CKA_SIGN,
115 Base = CKA_BASE,
175 };
176
178 {
179 X509 = CKC_X_509,
181 Wtls = CKC_WTLS,
183 };
184
185/// Indicates if a stored certificate is a user certificate for which the corresponding private key is available
186/// on the token ("token user"), a CA certificate ("authority"), or another end-entity certificate ("other entity").
188 {
193 };
194
196 {
197 Null = CKD_NULL,
206 };
207
208enum class Flag : CK_FLAGS
209 {
210 None = 0,
214 Rng = CKF_RNG,
236 Hw = CKF_HW,
240 Sign = CKF_SIGN,
246 Wrap = CKF_WRAP,
265 };
266
268 {
269 return static_cast< Flag >(static_cast< CK_FLAGS >(a) | static_cast< CK_FLAGS >(b));
270 }
271
273 {
279 };
280
282 {
287 };
288
290 {
291 Rsa = CKK_RSA,
292 Dsa = CKK_DSA,
293 Dh = CKK_DH,
295 Ec = CKK_EC,
297 Kea = CKK_KEA,
299 Rc2 = CKK_RC2,
300 Rc4 = CKK_RC4,
301 Des = CKK_DES,
302 Des2 = CKK_DES2,
303 Des3 = CKK_DES3,
304 Cast = CKK_CAST,
308 Rc5 = CKK_RC5,
309 Idea = CKK_IDEA,
313 Cdmf = CKK_CDMF,
314 Aes = CKK_AES,
318 Hotp = CKK_HOTP,
319 Acti = CKK_ACTI,
321 Aria = CKK_ARIA,
330 Seed = CKK_SEED,
335 };
336
338 {
355 Dsa = CKM_DSA,
394 Rc4 = CKM_RC4,
420 Md2 = CKM_MD2,
423 Md5 = CKM_MD5,
426 Sha1 = CKM_SHA_1,
450 Hotp = CKM_HOTP,
451 Acti = CKM_ACTI,
672 };
673
675 {
678 };
679
681 {
682 Data = CKO_DATA,
692 };
693
695 {
704 };
705
707 {
713 };
714
715enum class ReturnValue : CK_RV
716 {
717 OK = CKR_OK,
812 };
813
815 {
816 SO = CKU_SO,
817 User = CKU_USER,
819 };
820
821enum class PublicPointEncoding : uint32_t
822 {
823 Raw,
824 Der
825 };
826
830using CreateMutex = CK_CREATEMUTEX;
831using DestroyMutex = CK_DESTROYMUTEX;
832using LockMutex = CK_LOCKMUTEX;
833using UnlockMutex = CK_UNLOCKMUTEX;
835using Info = CK_INFO;
844using Notify = CK_NOTIFY;
849using Byte = CK_BYTE;
853using Date = CK_DATE;
854
856
859
861 {
862 return static_cast<Flags>(flags);
863 }
864
865class Slot;
866
867/**
868* Initializes a token
869* @param slot The slot with the attached token that should be initialized
870* @param label The token label
871* @param so_pin PIN of the security officer. Will be set if the token is uninitialized other this has to be the current SO_PIN
872* @param pin The user PIN that will be set
873*/
874BOTAN_PUBLIC_API(2,0) void initialize_token(Slot& slot, const std::string& label, const secure_string& so_pin,
875 const secure_string& pin);
876
877/**
878* Change PIN with old PIN to new PIN
879* @param slot The slot with the attached token
880* @param old_pin The old user PIN
881* @param new_pin The new user PIN
882*/
883
884BOTAN_PUBLIC_API(2,0) void change_pin(Slot& slot, const secure_string& old_pin, const secure_string& new_pin);
885
886/**
887* Change SO_PIN with old SO_PIN to new SO_PIN
888* @param slot The slot with the attached token
889* @param old_so_pin The old SO_PIN
890* @param new_so_pin The new SO_PIN
891*/
892BOTAN_PUBLIC_API(2,0) void change_so_pin(Slot& slot, const secure_string& old_so_pin, const secure_string& new_so_pin);
893
894/**
895* Sets user PIN with SO_PIN
896* @param slot The slot with the attached token
897* @param so_pin PIN of the security officer
898* @param pin The user PIN that should be set
899*/
900BOTAN_PUBLIC_API(2,0) void set_pin(Slot& slot, const secure_string& so_pin, const secure_string& pin);
901
902/// Provides access to all PKCS#11 functions
904 {
905 public:
906 /// @param ptr the functon list pointer to use. Can be retrieved via `LowLevel::C_GetFunctionList`
907 explicit LowLevel(FunctionListPtr ptr);
908
909 /****************************** General purpose functions ******************************/
910
911 /**
912 * C_Initialize initializes the Cryptoki library.
913 * @param init_args if this is not nullptr, it gets cast to (`C_InitializeArgs`) and dereferenced
914 * @param return_value default value (`ThrowException`): throw exception on error.
915 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
916 * At least the following PKCS#11 return values may be returned:
917 * \li ArgumentsBad \li CantLock \li CryptokiAlreadyInitialized
918 * \li FunctionFailed \li GeneralError \li HostMemory
919 * \li NeedToCreateThreads \li OK
920 * @return true on success, false otherwise
921 */
922 bool C_Initialize(VoidPtr init_args,
923 ReturnValue* return_value = ThrowException) const;
924
925 /**
926 * C_Finalize indicates that an application is done with the Cryptoki library.
927 * @param reserved reserved. Should be nullptr
928 * @param return_value default value (`ThrowException`): throw exception on error.
929 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
930 * At least the following PKCS#11 return values may be returned:
931 * \li ArgumentsBad \li CryptokiNotInitialized \li FunctionFailed
932 * \li GeneralError \li HostMemory \li OK
933 * @return true on success, false otherwise
934 */
935 bool C_Finalize(VoidPtr reserved,
936 ReturnValue* return_value = ThrowException) const;
937
938 /**
939 * C_GetInfo returns general information about Cryptoki.
940 * @param info_ptr location that receives information
941 * @param return_value default value (`ThrowException`): throw exception on error.
942 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
943 * At least the following PKCS#11 return values may be returned:
944 * \li ArgumentsBad \li CryptokiNotInitialized \li FunctionFailed
945 * \li GeneralError \li HostMemory \li OK
946 * @return true on success, false otherwise
947 */
948 bool C_GetInfo(Info* info_ptr,
949 ReturnValue* return_value = ThrowException) const;
950
951 /**
952 * C_GetFunctionList returns the function list.
953 * @param pkcs11_module The PKCS#11 module
954 * @param function_list_ptr_ptr receives pointer to function list
955 * @param return_value default value (`ThrowException`): throw exception on error.
956 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
957 * At least the following PKCS#11 return values may be returned:
958 * \li ArgumentsBad \li FunctionFailed \li GeneralError
959 * \li HostMemory \li OK
960 * @return true on success, false otherwise
961 */
962 static bool C_GetFunctionList(Dynamically_Loaded_Library& pkcs11_module, FunctionListPtr* function_list_ptr_ptr,
963 ReturnValue* return_value = ThrowException);
964
965 /****************************** Slot and token management functions ******************************/
966
967 /**
968 * C_GetSlotList obtains a list of slots in the system.
969 * @param token_present only slots with tokens
970 * @param slot_list_ptr receives array of slot IDs
971 * @param count_ptr receives number of slots
972 * @param return_value default value (`ThrowException`): throw exception on error.
973 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
974 * At least the following PKCS#11 return values may be returned:
975 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
976 * \li FunctionFailed \li GeneralError \li HostMemory
977 * \li OK
978 * @return true on success, false otherwise
979 */
980 bool C_GetSlotList(Bbool token_present,
981 SlotId* slot_list_ptr,
982 Ulong* count_ptr,
983 ReturnValue* return_value = ThrowException) const;
984
985 /**
986 * C_GetSlotList obtains a list of slots in the system.
987 * @param token_present only slots with tokens
988 * @param slot_ids receives vector of slot IDs
989 * @param return_value default value (`ThrowException`): throw exception on error.
990 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
991 * At least the following PKCS#11 return values may be returned:
992 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
993 * \li FunctionFailed \li GeneralError \li HostMemory
994 * \li OK
995 * @return true on success, false otherwise
996 */
997 bool C_GetSlotList(bool token_present,
998 std::vector<SlotId>& slot_ids,
999 ReturnValue* return_value = ThrowException) const;
1000
1001 /**
1002 * C_GetSlotInfo obtains information about a particular slot in the system.
1003 * @param slot_id the ID of the slot
1004 * @param info_ptr receives the slot information
1005 * @param return_value default value (`ThrowException`): throw exception on error.
1006 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1007 * At least the following PKCS#11 return values may be returned:
1008 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1009 * \li FunctionFailed \li GeneralError \li HostMemory
1010 * \li OK \li SlotIdInvalid
1011 * @return true on success, false otherwise
1012 */
1013 bool C_GetSlotInfo(SlotId slot_id,
1014 SlotInfo* info_ptr,
1015 ReturnValue* return_value = ThrowException) const;
1016
1017 /**
1018 * C_GetTokenInfo obtains information about a particular token in the system.
1019 * @param slot_id ID of the token's slot
1020 * @param info_ptr receives the token information
1021 * @param return_value default value (`ThrowException`): throw exception on error.
1022 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1023 * At least the following PKCS#11 return values may be returned:
1024 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1025 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1026 * \li HostMemory \li OK \li SlotIdInvalid
1027 * \li TokenNotPresent \li TokenNotRecognized \li ArgumentsBad
1028 * @return true on success, false otherwise
1029 */
1030 bool C_GetTokenInfo(SlotId slot_id,
1031 TokenInfo* info_ptr,
1032 ReturnValue* return_value = ThrowException) const;
1033
1034 /**
1035 * C_WaitForSlotEvent waits for a slot event (token insertion, removal, etc.) to occur.
1036 * @param flags blocking/nonblocking flag
1037 * @param slot_ptr location that receives the slot ID
1038 * @param reserved reserved. Should be NULL_PTR
1039 * @param return_value default value (`ThrowException`): throw exception on error.
1040 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1041 * At least the following PKCS#11 return values may be returned:
1042 * \li ArgumentsBad \li CryptokiNotInitialized \li FunctionFailed
1043 * \li GeneralError \li HostMemory \li NoEvent
1044 * \li OK
1045 * @return true on success, false otherwise
1046 */
1047 bool C_WaitForSlotEvent(Flags flags,
1048 SlotId* slot_ptr,
1049 VoidPtr reserved,
1050 ReturnValue* return_value = ThrowException) const;
1051
1052 /**
1053 * C_GetMechanismList obtains a list of mechanism types supported by a token.
1054 * @param slot_id ID of token's slot
1055 * @param mechanism_list_ptr gets mech. array
1056 * @param count_ptr gets # of mechs.
1057 * @param return_value default value (`ThrowException`): throw exception on error.
1058 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1059 * At least the following PKCS#11 return values may be returned:
1060 * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1061 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1062 * \li GeneralError \li HostMemory \li OK
1063 * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1064 * \li ArgumentsBad
1065 * @return true on success, false otherwise
1066 */
1067 bool C_GetMechanismList(SlotId slot_id,
1068 MechanismType* mechanism_list_ptr,
1069 Ulong* count_ptr,
1070 ReturnValue* return_value = ThrowException) const;
1071
1072 /**
1073 * C_GetMechanismList obtains a list of mechanism types supported by a token.
1074 * @param slot_id ID of token's slot
1075 * @param mechanisms receives vector of supported mechanisms
1076 * @param return_value default value (`ThrowException`): throw exception on error.
1077 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1078 * At least the following PKCS#11 return values may be returned:
1079 * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1080 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1081 * \li GeneralError \li HostMemory \li OK
1082 * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1083 * \li ArgumentsBad
1084 * @return true on success, false otherwise
1085 */
1086 bool C_GetMechanismList(SlotId slot_id,
1087 std::vector<MechanismType>& mechanisms,
1088 ReturnValue* return_value = ThrowException) const;
1089
1090 /**
1091 * C_GetMechanismInfo obtains information about a particular mechanism possibly supported by a token.
1092 * @param slot_id ID of the token's slot
1093 * @param type type of mechanism
1094 * @param info_ptr receives mechanism info
1095 * @param return_value default value (`ThrowException`): throw exception on error.
1096 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1097 * At least the following PKCS#11 return values may be returned:
1098 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1099 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1100 * \li HostMemory \li MechanismInvalid \li OK
1101 * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1102 * \li ArgumentsBad
1103 * @return true on success, false otherwise
1104 */
1105 bool C_GetMechanismInfo(SlotId slot_id,
1107 MechanismInfo* info_ptr,
1108 ReturnValue* return_value = ThrowException) const;
1109
1110 /**
1111 * C_InitToken initializes a token.
1112 * @param slot_id ID of the token's slot
1113 * @param so_pin_ptr the SO's initial PIN
1114 * @param so_pin_len length in bytes of the SO_PIN
1115 * @param label_ptr 32-byte token label (blank padded)
1116 * @param return_value default value (`ThrowException`): throw exception on error.
1117 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1118 * At least the following PKCS#11 return values may be returned:
1119 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1120 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1121 * \li GeneralError \li HostMemory \li OK
1122 * \li PinIncorrect \li PinLocked \li SessionExists
1123 * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1124 * \li TokenWriteProtected \li ArgumentsBad
1125 * @return true on success, false otherwise
1126 */
1127 bool C_InitToken(SlotId slot_id,
1128 Utf8Char* so_pin_ptr,
1129 Ulong so_pin_len,
1130 Utf8Char* label_ptr,
1131 ReturnValue* return_value = ThrowException) const;
1132
1133 /**
1134 * C_InitToken initializes a token.
1135 * @param slot_id ID of the token's slot
1136 * @param so_pin the SO's initial PIN
1137 * @param label token label (at max 32 bytes long)
1138 * @param return_value default value (`ThrowException`): throw exception on error.
1139 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1140 * At least the following PKCS#11 return values may be returned:
1141 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1142 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1143 * \li GeneralError \li HostMemory \li OK
1144 * \li PinIncorrect \li PinLocked \li SessionExists
1145 * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1146 * \li TokenWriteProtected \li ArgumentsBad
1147 * @return true on success, false otherwise
1148 */
1149 template<typename TAlloc>
1150 bool C_InitToken(SlotId slot_id,
1151 const std::vector<uint8_t, TAlloc>& so_pin,
1152 const std::string& label,
1153 ReturnValue* return_value = ThrowException) const
1154 {
1155 std::string padded_label = label;
1156 if(label.size() < 32)
1157 {
1158 padded_label.insert(padded_label.end(), 32 - label.size(), ' ');
1159 }
1160
1161 return C_InitToken(slot_id,
1162 reinterpret_cast< Utf8Char* >(const_cast< uint8_t* >(so_pin.data())),
1163 static_cast<Ulong>(so_pin.size()),
1164 reinterpret_cast< Utf8Char* >(const_cast< char* >(padded_label.c_str())),
1165 return_value);
1166 }
1167
1168 /**
1169 * C_InitPIN initializes the normal user's PIN.
1170 * @param session the session's handle
1171 * @param pin_ptr the normal user's PIN
1172 * @param pin_len length in bytes of the PIN
1173 * @param return_value default value (`ThrowException`): throw exception on error.
1174 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1175 * At least the following PKCS#11 return values may be returned:
1176 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1177 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1178 * \li GeneralError \li HostMemory \li OK
1179 * \li PinInvalid \li PinLenRange \li SessionClosed
1180 * \li SessionReadOnly \li SessionHandleInvalid \li TokenWriteProtected
1181 * \li UserNotLoggedIn \li ArgumentsBad
1182 * @return true on success, false otherwise
1183 */
1184 bool C_InitPIN(SessionHandle session,
1185 Utf8Char* pin_ptr,
1186 Ulong pin_len,
1187 ReturnValue* return_value = ThrowException) const;
1188
1189 /**
1190 * C_InitPIN initializes the normal user's PIN.
1191 * @param session the session's handle
1192 * @param pin the normal user's PIN
1193 * @param return_value default value (`ThrowException`): throw exception on error.
1194 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1195 * At least the following PKCS#11 return values may be returned:
1196 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1197 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1198 * \li GeneralError \li HostMemory \li OK
1199 * \li PinInvalid \li PinLenRange \li SessionClosed
1200 * \li SessionReadOnly \li SessionHandleInvalid \li TokenWriteProtected
1201 * \li UserNotLoggedIn \li ArgumentsBad
1202 * @return true on success, false otherwise
1203 */
1204 template<typename TAlloc>
1206 const std::vector<uint8_t, TAlloc>& pin,
1207 ReturnValue* return_value = ThrowException) const
1208 {
1209 return C_InitPIN(session,
1210 reinterpret_cast< Utf8Char* >(const_cast< uint8_t* >(pin.data())),
1211 static_cast<Ulong>(pin.size()),
1212 return_value);
1213 }
1214
1215 /**
1216 * C_SetPIN modifies the PIN of the user who is logged in.
1217 * @param session the session's handle
1218 * @param old_pin_ptr the old PIN
1219 * @param old_len length of the old PIN
1220 * @param new_pin_ptr the new PIN
1221 * @param new_len length of the new PIN
1222 * @param return_value default value (`ThrowException`): throw exception on error.
1223 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1224 * At least the following PKCS#11 return values may be returned:
1225 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1226 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1227 * \li GeneralError \li HostMemory \li OK
1228 * \li PinIncorrect \li PinInvalid \li PinLenRange
1229 * \li PinLocked \li SessionClosed \li SessionHandleInvalid
1230 * \li SessionReadOnly \li TokenWriteProtected \li ArgumentsBad
1231 * @return true on success, false otherwise
1232 */
1233 bool C_SetPIN(SessionHandle session,
1234 Utf8Char* old_pin_ptr,
1235 Ulong old_len,
1236 Utf8Char* new_pin_ptr,
1237 Ulong new_len,
1238 ReturnValue* return_value = ThrowException) const;
1239
1240 /**
1241 * C_SetPIN modifies the PIN of the user who is logged in.
1242 * @param session the session's handle
1243 * @param old_pin the old PIN
1244 * @param new_pin the new PIN
1245 * @param return_value default value (`ThrowException`): throw exception on error.
1246 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1247 * At least the following PKCS#11 return values may be returned:
1248 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1249 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1250 * \li GeneralError \li HostMemory \li OK
1251 * \li PinIncorrect \li PinInvalid \li PinLenRange
1252 * \li PinLocked \li SessionClosed \li SessionHandleInvalid
1253 * \li SessionReadOnly \li TokenWriteProtected \li ArgumentsBad
1254 * @return true on success, false otherwise
1255 */
1256 template<typename TAlloc>
1258 const std::vector<uint8_t, TAlloc>& old_pin,
1259 const std::vector<uint8_t, TAlloc>& new_pin,
1260 ReturnValue* return_value = ThrowException) const
1261 {
1262 return C_SetPIN(session,
1263 reinterpret_cast< Utf8Char* >(const_cast< uint8_t* >(old_pin.data())),
1264 static_cast<Ulong>(old_pin.size()),
1265 reinterpret_cast< Utf8Char* >(const_cast< uint8_t* >(new_pin.data())),
1266 static_cast<Ulong>(new_pin.size()),
1267 return_value);
1268 }
1269
1270
1271 /****************************** Session management ******************************/
1272
1273 /**
1274 * C_OpenSession opens a session between an application and a token.
1275 * @param slot_id the slot's ID
1276 * @param flags from CK_SESSION_INFO
1277 * @param application passed to callback
1278 * @param notify callback function
1279 * @param session_ptr gets session handle
1280 * @param return_value default value (`ThrowException`): throw exception on error.
1281 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1282 * At least the following PKCS#11 return values may be returned:
1283 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1284 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1285 * \li HostMemory \li OK \li SessionCount
1286 * \li SessionParallelNotSupported \li SessionReadWriteSoExists \li SlotIdInvalid
1287 * \li TokenNotPresent \li TokenNotRecognized \li TokenWriteProtected
1288 * \li ArgumentsBad
1289 * @return true on success, false otherwise
1290 */
1291 bool C_OpenSession(SlotId slot_id,
1292 Flags flags,
1293 VoidPtr application,
1294 Notify notify,
1295 SessionHandle* session_ptr,
1296 ReturnValue* return_value = ThrowException) const;
1297
1298 /**
1299 * C_CloseSession closes a session between an application and a token.
1300 * @param session the session's handle
1301 * @param return_value default value (`ThrowException`): throw exception on error.
1302 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1303 * At least the following PKCS#11 return values may be returned:
1304 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1305 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1306 * \li HostMemory \li OK \li SessionClosed
1307 * \li SessionHandleInvalid
1308 * @return true on success, false otherwise
1309 */
1310 bool C_CloseSession(SessionHandle session,
1311 ReturnValue* return_value = ThrowException) const;
1312
1313 /**
1314 * C_CloseAllSessions closes all sessions with a token.
1315 * @param slot_id the token's slot
1316 * @param return_value default value (`ThrowException`): throw exception on error.
1317 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1318 * At least the following PKCS#11 return values may be returned:
1319 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1320 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1321 * \li HostMemory \li OK \li SlotIdInvalid
1322 * \li TokenNotPresent
1323 * @return true on success, false otherwise
1324 */
1325 bool C_CloseAllSessions(SlotId slot_id,
1326 ReturnValue* return_value = ThrowException) const;
1327
1328 /**
1329 * C_GetSessionInfo obtains information about the session.
1330 * @param session the session's handle
1331 * @param info_ptr receives session info
1332 * @param return_value default value (`ThrowException`): throw exception on error.
1333 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1334 * At least the following PKCS#11 return values may be returned:
1335 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1336 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1337 * \li HostMemory \li OK \li SessionClosed
1338 * \li SessionHandleInvalid \li ArgumentsBad
1339 * @return true on success, false otherwise
1340 */
1341 bool C_GetSessionInfo(SessionHandle session,
1342 SessionInfo* info_ptr,
1343 ReturnValue* return_value = ThrowException) const;
1344
1345 /**
1346 * C_GetOperationState obtains the state of the cryptographic operation in a session.
1347 * @param session session's handle
1348 * @param operation_state_ptr gets state
1349 * @param operation_state_len_ptr gets state length
1350 * @param return_value default value (`ThrowException`): throw exception on error.
1351 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1352 * At least the following PKCS#11 return values may be returned:
1353 * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1354 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1355 * \li GeneralError \li HostMemory \li OK
1356 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
1357 * \li StateUnsaveable \li ArgumentsBad
1358 * @return true on success, false otherwise
1359 */
1360 bool C_GetOperationState(SessionHandle session,
1361 Byte* operation_state_ptr,
1362 Ulong* operation_state_len_ptr,
1363 ReturnValue* return_value = ThrowException) const;
1364
1365 /**
1366 * C_SetOperationState restores the state of the cryptographic operation in a session.
1367 * @param session session's handle
1368 * @param operation_state_ptr holds state
1369 * @param operation_state_len holds state length
1370 * @param encryption_key en/decryption key
1371 * @param authentication_key sign/verify key
1372 * @param return_value default value (`ThrowException`): throw exception on error.
1373 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1374 * At least the following PKCS#11 return values may be returned:
1375 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1376 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1377 * \li HostMemory \li KeyChanged \li KeyNeeded
1378 * \li KeyNotNeeded \li OK \li SavedStateInvalid
1379 * \li SessionClosed \li SessionHandleInvalid \li ArgumentsBad
1380 * @return true on success, false otherwise
1381 */
1382 bool C_SetOperationState(SessionHandle session,
1383 Byte* operation_state_ptr,
1384 Ulong operation_state_len,
1385 ObjectHandle encryption_key,
1386 ObjectHandle authentication_key,
1387 ReturnValue* return_value = ThrowException) const;
1388
1389 /**
1390 * C_Login logs a user into a token.
1391 * @param session the session's handle
1392 * @param user_type the user type
1393 * @param pin_ptr the user's PIN
1394 * @param pin_len the length of the PIN
1395 * @param return_value default value (`ThrowException`): throw exception on error.
1396 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1397 * At least the following PKCS#11 return values may be returned:
1398 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1399 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1400 * \li FunctionFailed \li GeneralError \li HostMemory
1401 * \li OK \li OperationNotInitialized \li PinIncorrect
1402 * \li PinLocked \li SessionClosed \li SessionHandleInvalid
1403 * \li SessionReadOnlyExists \li UserAlreadyLoggedIn \li UserAnotherAlreadyLoggedIn
1404 * \li UserPinNotInitialized \li UserTooManyTypes \li UserTypeInvalid
1405 * @return true on success, false otherwise
1406 */
1407 bool C_Login(SessionHandle session,
1408 UserType user_type,
1409 Utf8Char* pin_ptr,
1410 Ulong pin_len,
1411 ReturnValue* return_value = ThrowException) const;
1412
1413 /**
1414 * C_Login logs a user into a token.
1415 * @param session the session's handle
1416 * @param user_type the user type
1417 * @param pin the user or security officer's PIN
1418 * @param return_value default value (`ThrowException`): throw exception on error.
1419 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1420 * At least the following PKCS#11 return values may be returned:
1421 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1422 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1423 * \li FunctionFailed \li GeneralError \li HostMemory
1424 * \li OK \li OperationNotInitialized \li PinIncorrect
1425 * \li PinLocked \li SessionClosed \li SessionHandleInvalid
1426 * \li SessionReadOnlyExists \li UserAlreadyLoggedIn \li UserAnotherAlreadyLoggedIn
1427 * \li UserPinNotInitialized \li UserTooManyTypes \li UserTypeInvalid
1428 * @return true on success, false otherwise
1429 */
1430 template<typename TAlloc>
1432 UserType user_type,
1433 const std::vector<uint8_t, TAlloc>& pin,
1434 ReturnValue* return_value = ThrowException) const
1435 {
1436 return C_Login(session, user_type,
1437 reinterpret_cast< Utf8Char* >(const_cast< uint8_t* >(pin.data())),
1438 static_cast<Ulong>(pin.size()),
1439 return_value);
1440 }
1441
1442 /**
1443 * C_Logout logs a user out from a token.
1444 * @param session the session's handle
1445 * @param return_value default value (`ThrowException`): throw exception on error.
1446 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1447 * At least the following PKCS#11 return values may be returned:
1448 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1449 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1450 * \li HostMemory \li OK \li SessionClosed
1451 * \li SessionHandleInvalid \li UserNotLoggedIn
1452 * @return true on success, false otherwise
1453 */
1454 bool C_Logout(SessionHandle session,
1455 ReturnValue* return_value = ThrowException) const;
1456
1457 /****************************** Object management functions ******************************/
1458
1459 /**
1460 * C_CreateObject creates a new object.
1461 * @param session the session's handle
1462 * @param attribute_template_ptr the object's template
1463 * @param count attributes in template
1464 * @param object_ptr gets new object's handle.
1465 * @param return_value default value (`ThrowException`): throw exception on error.
1466 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1467 * At least the following PKCS#11 return values may be returned:
1468 * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
1469 * \li AttributeValueInvalid \li CryptokiNotInitialized \li CurveNotSupported
1470 * \li DeviceError \li DeviceMemory \li DeviceRemoved
1471 * \li DomainParamsInvalid \li FunctionFailed \li GeneralError
1472 * \li HostMemory \li OK \li PinExpired
1473 * \li SessionClosed \li SessionHandleInvalid \li SessionReadOnly
1474 * \li TemplateIncomplete \li TemplateInconsistent \li TokenWriteProtected
1475 * \li UserNotLoggedIn
1476 * @return true on success, false otherwise
1477 */
1478 bool C_CreateObject(SessionHandle session,
1479 Attribute* attribute_template_ptr,
1480 Ulong count,
1481 ObjectHandle* object_ptr,
1482 ReturnValue* return_value = ThrowException) const;
1483
1484 /**
1485 * C_CopyObject copies an object, creating a new object for the copy.
1486 * @param session the session's handle
1487 * @param object the object's handle
1488 * @param attribute_template_ptr template for new object
1489 * @param count attributes in template
1490 * @param new_object_ptr receives handle of copy
1491 * @param return_value default value (`ThrowException`): throw exception on error.
1492 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1493 * At least the following PKCS#11 return values may be returned:
1494 * \li ActionProhibited \li ArgumentsBad \li AttributeReadOnly
1495 * \li AttributeTypeInvalid \li AttributeValueInvalid \li CryptokiNotInitialized
1496 * \li DeviceError \li DeviceMemory \li DeviceRemoved
1497 * \li FunctionFailed \li GeneralError \li HostMemory
1498 * \li ObjectHandleInvalid \li OK \li PinExpired
1499 * \li SessionClosed \li SessionHandleInvalid \li SessionReadOnly
1500 * \li TemplateInconsistent \li TokenWriteProtected \li UserNotLoggedIn
1501 * @return true on success, false otherwise
1502 */
1503 bool C_CopyObject(SessionHandle session,
1504 ObjectHandle object,
1505 Attribute* attribute_template_ptr,
1506 Ulong count,
1507 ObjectHandle* new_object_ptr,
1508 ReturnValue* return_value = ThrowException) const;
1509
1510 /**
1511 * C_DestroyObject destroys an object.
1512 * @param session the session's handle
1513 * @param object the object's handle
1514 * @param return_value default value (`ThrowException`): throw exception on error.
1515 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1516 * At least the following PKCS#11 return values may be returned:
1517 * \li ActionProhibited \li CryptokiNotInitialized \li DeviceError
1518 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1519 * \li GeneralError \li HostMemory \li ObjectHandleInvalid
1520 * \li OK \li PinExpired \li SessionClosed
1521 * \li SessionHandleInvalid \li SessionReadOnly \li TokenWriteProtected
1522 * @return true on success, false otherwise
1523 */
1524 bool C_DestroyObject(SessionHandle session,
1525 ObjectHandle object,
1526 ReturnValue* return_value = ThrowException) const;
1527
1528 /**
1529 * C_GetObjectSize gets the size of an object in bytes.
1530 * @param session the session's handle
1531 * @param object the object's handle
1532 * @param size_ptr receives size of object
1533 * @param return_value default value (`ThrowException`): throw exception on error.
1534 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1535 * At least the following PKCS#11 return values may be returned:
1536 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1537 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1538 * \li GeneralError \li HostMemory \li InformationSensitive
1539 * \li ObjectHandleInvalid \li OK \li SessionClosed
1540 * \li SessionHandleInvalid
1541 * @return true on success, false otherwise
1542 */
1543 bool C_GetObjectSize(SessionHandle session,
1544 ObjectHandle object,
1545 Ulong* size_ptr,
1546 ReturnValue* return_value = ThrowException) const;
1547
1548 /**
1549 * C_GetAttributeValue obtains the value of one or more object attributes.
1550 * @param session the session's handle
1551 * @param object the object's handle
1552 * @param attribute_template_ptr specifies attrs; gets vals
1553 * @param count attributes in template
1554 * @param return_value default value (`ThrowException`): throw exception on error.
1555 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1556 * At least the following PKCS#11 return values may be returned:
1557 * \li ArgumentsBad \li AttributeSensitive \li AttributeTypeInvalid
1558 * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1559 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1560 * \li GeneralError \li HostMemory \li ObjectHandleInvalid
1561 * \li OK \li SessionClosed \li SessionHandleInvalid
1562 * @return true on success, false otherwise
1563 */
1564 bool C_GetAttributeValue(SessionHandle session,
1565 ObjectHandle object,
1566 Attribute* attribute_template_ptr,
1567 Ulong count,
1568 ReturnValue* return_value = ThrowException) const;
1569
1570 /**
1571 * C_GetAttributeValue obtains the value of one or more object attributes.
1572 * @param session the session's handle
1573 * @param object the object's handle
1574 * @param attribute_values specifies attrs; gets vals
1575 * @param return_value default value (`ThrowException`): throw exception on error.
1576 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1577 * At least the following PKCS#11 return values may be returned:
1578 * \li ArgumentsBad \li AttributeSensitive \li AttributeTypeInvalid
1579 * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1580 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1581 * \li GeneralError \li HostMemory \li ObjectHandleInvalid
1582 * \li OK \li SessionClosed \li SessionHandleInvalid
1583 * @return true on success, false otherwise
1584 */
1585 template<typename TAlloc>
1587 ObjectHandle object,
1588 std::map<AttributeType, std::vector<uint8_t, TAlloc>>& attribute_values,
1589 ReturnValue* return_value = ThrowException) const
1590 {
1591 std::vector<Attribute> getter_template;
1592
1593 for(const auto& entry : attribute_values)
1594 {
1595 getter_template.emplace_back(Attribute{ static_cast< CK_ATTRIBUTE_TYPE >(entry.first), nullptr, 0 });
1596 }
1597
1598 bool success = C_GetAttributeValue(session,
1599 object,
1600 const_cast< Attribute* >(getter_template.data()),
1601 static_cast<Ulong>(getter_template.size()),
1602 return_value);
1603
1604 if(!success)
1605 {
1606 return success;
1607 }
1608
1609 size_t i = 0;
1610 for(auto& entry : attribute_values)
1611 {
1612 entry.second.clear();
1613 entry.second.resize(getter_template.at(i).ulValueLen);
1614 getter_template.at(i).pValue = const_cast< uint8_t* >(entry.second.data());
1615 i++;
1616 }
1617
1618 return C_GetAttributeValue(session, object,
1619 const_cast< Attribute* >(getter_template.data()),
1620 static_cast<Ulong>(getter_template.size()),
1621 return_value);
1622 }
1623
1624 /**
1625 * C_SetAttributeValue modifies the value of one or more object attributes.
1626 * @param session the session's handle
1627 * @param object the object's handle
1628 * @param attribute_template_ptr specifies attrs and values
1629 * @param count attributes in template
1630 * @param return_value default value (`ThrowException`): throw exception on error.
1631 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1632 * At least the following PKCS#11 return values may be returned:
1633 * \li ActionProhibited \li ArgumentsBad \li AttributeReadOnly
1634 * \li AttributeTypeInvalid \li AttributeValueInvalid \li CryptokiNotInitialized
1635 * \li DeviceError \li DeviceMemory \li DeviceRemoved
1636 * \li FunctionFailed \li GeneralError \li HostMemory
1637 * \li ObjectHandleInvalid \li OK \li SessionClosed
1638 * \li SessionHandleInvalid \li SessionReadOnly \li TemplateInconsistent
1639 * \li TokenWriteProtected \li UserNotLoggedIn
1640 * @return true on success, false otherwise
1641 */
1642 bool C_SetAttributeValue(SessionHandle session,
1643 ObjectHandle object,
1644 Attribute* attribute_template_ptr,
1645 Ulong count,
1646 ReturnValue* return_value = ThrowException) const;
1647
1648 /**
1649 * C_SetAttributeValue modifies the value of one or more object attributes.
1650 * @param session the session's handle
1651 * @param object the object's handle
1652 * @param attribute_values specifies attrs and values
1653 * @param return_value default value (`ThrowException`): throw exception on error.
1654 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1655 * At least the following PKCS#11 return values may be returned:
1656 * \li ActionProhibited \li ArgumentsBad \li AttributeReadOnly
1657 * \li AttributeTypeInvalid \li AttributeValueInvalid \li CryptokiNotInitialized
1658 * \li DeviceError \li DeviceMemory \li DeviceRemoved
1659 * \li FunctionFailed \li GeneralError \li HostMemory
1660 * \li ObjectHandleInvalid \li OK \li SessionClosed
1661 * \li SessionHandleInvalid \li SessionReadOnly \li TemplateInconsistent
1662 * \li TokenWriteProtected \li UserNotLoggedIn
1663 * @return true on success, false otherwise
1664 */
1665 template<typename TAlloc>
1667 ObjectHandle object,
1668 std::map<AttributeType, std::vector<uint8_t, TAlloc>>& attribute_values,
1669 ReturnValue* return_value = ThrowException) const
1670 {
1671 std::vector<Attribute> setter_template;
1672
1673 for(auto& entry : attribute_values)
1674 {
1675 setter_template.emplace_back(Attribute{ static_cast< CK_ATTRIBUTE_TYPE >(entry.first), entry.second.data(), static_cast<CK_ULONG>(entry.second.size()) });
1676 }
1677
1678 return C_SetAttributeValue(session, object,
1679 const_cast< Attribute* >(setter_template.data()),
1680 static_cast<Ulong>(setter_template.size()),
1681 return_value);
1682 }
1683
1684 /**
1685 * C_FindObjectsInit initializes a search for token and session objects that match a template.
1686 * @param session the session's handle
1687 * @param attribute_template_ptr attribute values to match
1688 * @param count attrs in search template
1689 * @param return_value default value (`ThrowException`): throw exception on error.
1690 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1691 * At least the following PKCS#11 return values may be returned:
1692 * \li ArgumentsBad \li AttributeTypeInvalid \li AttributeValueInvalid
1693 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1694 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1695 * \li HostMemory \li OK \li OperationActive
1696 * \li PinExpired \li SessionClosed \li SessionHandleInvalid
1697 * @return true on success, false otherwise
1698 */
1699 bool C_FindObjectsInit(SessionHandle session,
1700 Attribute* attribute_template_ptr,
1701 Ulong count,
1702 ReturnValue* return_value = ThrowException) const;
1703
1704 /**
1705 * C_FindObjects continues a search for token and session objects that match a template, obtaining additional object handles.
1706 * @param session session's handle
1707 * @param object_ptr gets obj. handles
1708 * @param max_object_count max handles to get
1709 * @param object_count_ptr actual # returned
1710 * @param return_value default value (`ThrowException`): throw exception on error.
1711 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1712 * At least the following PKCS#11 return values may be returned:
1713 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1714 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1715 * \li GeneralError \li HostMemory \li OK
1716 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
1717 * @return true on success, false otherwise
1718 */
1719 bool C_FindObjects(SessionHandle session,
1720 ObjectHandle* object_ptr,
1721 Ulong max_object_count,
1722 Ulong* object_count_ptr,
1723 ReturnValue* return_value = ThrowException) const;
1724
1725 /**
1726 * C_FindObjectsFinal finishes a search for token and session objects.
1727 * @param session the session's handle
1728 * @param return_value default value (`ThrowException`): throw exception on error.
1729 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1730 * At least the following PKCS#11 return values may be returned:
1731 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1732 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1733 * \li HostMemory \li OK \li OperationNotInitialized
1734 * \li SessionClosed \li SessionHandleInvalid
1735 * @return true on success, false otherwise
1736 */
1737 bool C_FindObjectsFinal(SessionHandle session,
1738 ReturnValue* return_value = ThrowException) const;
1739
1740 /****************************** Encryption functions ******************************/
1741
1742 /**
1743 * C_EncryptInit initializes an encryption operation.
1744 * @param session the session's handle
1745 * @param mechanism_ptr the encryption mechanism
1746 * @param key handle of encryption key
1747 * @param return_value default value (`ThrowException`): throw exception on error.
1748 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1749 * At least the following PKCS#11 return values may be returned:
1750 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1751 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1752 * \li GeneralError \li HostMemory \li KeyFunctionNotPermitted
1753 * \li KeyHandleInvalid \li KeySizeRange \li KeyTypeInconsistent
1754 * \li MechanismInvalid \li MechanismParamInvalid \li OK
1755 * \li OperationActive \li PinExpired \li SessionClosed
1756 * \li SessionHandleInvalid \li UserNotLoggedIn
1757 * @return true on success, false otherwise
1758 */
1759 bool C_EncryptInit(SessionHandle session,
1760 Mechanism* mechanism_ptr,
1761 ObjectHandle key,
1762 ReturnValue* return_value = ThrowException) const;
1763
1764 /**
1765 * C_Encrypt encrypts single-part data.
1766 * @param session session's handle
1767 * @param data_ptr the plaintext data
1768 * @param data_len size of plaintext data in bytes
1769 * @param encrypted_data gets ciphertext
1770 * @param encrypted_data_len_ptr gets c-text size
1771 * @param return_value default value (`ThrowException`): throw exception on error.
1772 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1773 * At least the following PKCS#11 return values may be returned:
1774 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1775 * \li DataInvalid \li DataLenRange \li DeviceError
1776 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1777 * \li FunctionFailed \li GeneralError \li HostMemory
1778 * \li OK \li OperationNotInitialized \li SessionClosed
1779 * \li SessionHandleInvalid
1780 * @return true on success, false otherwise
1781 */
1782 bool C_Encrypt(SessionHandle session,
1783 Byte* data_ptr,
1784 Ulong data_len,
1785 Byte* encrypted_data,
1786 Ulong* encrypted_data_len_ptr,
1787 ReturnValue* return_value = ThrowException) const;
1788
1789 /**
1790 * C_Encrypt encrypts single-part data.
1791 * @param session session's handle
1792 * @param plaintext_data the plaintext data
1793 * @param encrypted_data gets ciphertext
1794 * @param return_value default value (`ThrowException`): throw exception on error.
1795 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1796 * At least the following PKCS#11 return values may be returned:
1797 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1798 * \li DataInvalid \li DataLenRange \li DeviceError
1799 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1800 * \li FunctionFailed \li GeneralError \li HostMemory
1801 * \li OK \li OperationNotInitialized \li SessionClosed
1802 * \li SessionHandleInvalid
1803 * @return true on success, false otherwise
1804 */
1805 template<typename TAllocA, typename TAllocB>
1807 const std::vector<uint8_t, TAllocA>& plaintext_data,
1808 std::vector<uint8_t, TAllocB>& encrypted_data,
1809 ReturnValue* return_value = ThrowException) const
1810 {
1811 Ulong encrypted_size = 0;
1812 if(!C_Encrypt(session,
1813 const_cast<Byte*>((plaintext_data.data())),
1814 static_cast<Ulong>(plaintext_data.size()),
1815 nullptr, &encrypted_size,
1816 return_value))
1817 {
1818 return false;
1819 }
1820
1821 encrypted_data.resize(encrypted_size);
1822 if (!C_Encrypt(session,
1823 const_cast<Byte*>(plaintext_data.data()),
1824 static_cast<Ulong>(plaintext_data.size()),
1825 encrypted_data.data(),
1826 &encrypted_size, return_value))
1827 {
1828 return false;
1829 }
1830 encrypted_data.resize(encrypted_size);
1831 return true;
1832 }
1833
1834 /**
1835 * C_EncryptUpdate continues a multiple-part encryption operation.
1836 * @param session session's handle
1837 * @param part_ptr the plaintext data
1838 * @param part_len plaintext data len
1839 * @param encrypted_part_ptr gets ciphertext
1840 * @param encrypted_part_len_ptr gets c-text size
1841 * @param return_value default value (`ThrowException`): throw exception on error.
1842 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1843 * At least the following PKCS#11 return values may be returned:
1844 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1845 * \li DataLenRange \li DeviceError \li DeviceMemory
1846 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1847 * \li GeneralError \li HostMemory \li OK
1848 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
1849 * @return true on success, false otherwise
1850 */
1851 bool C_EncryptUpdate(SessionHandle session,
1852 Byte* part_ptr,
1853 Ulong part_len,
1854 Byte* encrypted_part_ptr,
1855 Ulong* encrypted_part_len_ptr,
1856 ReturnValue* return_value = ThrowException) const;
1857
1858 /**
1859 * C_EncryptFinal finishes a multiple-part encryption operation.
1860 * @param session session handle
1861 * @param last_encrypted_part_ptr last c-text
1862 * @param last_encrypted_part_len_ptr gets last size
1863 * @param return_value default value (`ThrowException`): throw exception on error.
1864 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1865 * At least the following PKCS#11 return values may be returned:
1866 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1867 * \li DataLenRange \li DeviceError \li DeviceMemory
1868 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1869 * \li GeneralError \li HostMemory \li OK
1870 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
1871 * @return true on success, false otherwise
1872 */
1873 bool C_EncryptFinal(SessionHandle session,
1874 Byte* last_encrypted_part_ptr,
1875 Ulong* last_encrypted_part_len_ptr,
1876 ReturnValue* return_value = ThrowException) const;
1877
1878 /****************************** Decryption functions ******************************/
1879
1880 /**
1881 * C_DecryptInit initializes a decryption operation.
1882 * @param session the session's handle
1883 * @param mechanism_ptr the decryption mechanism
1884 * @param key handle of decryption key
1885 * @param return_value default value (`ThrowException`): throw exception on error.
1886 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1887 * At least the following PKCS#11 return values may be returned:
1888 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1889 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1890 * \li FunctionFailed \li GeneralError \li HostMemory
1891 * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
1892 * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
1893 * \li OK \li OperationActive \li PinExpired
1894 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
1895 * @return true on success, false otherwise
1896 */
1897 bool C_DecryptInit(SessionHandle session,
1898 Mechanism* mechanism_ptr,
1899 ObjectHandle key,
1900 ReturnValue* return_value = ThrowException) const;
1901
1902 /**
1903 * C_Decrypt decrypts encrypted data in a single part.
1904 * @param session session's handle
1905 * @param encrypted_data_ptr ciphertext
1906 * @param encrypted_data_len ciphertext length
1907 * @param data_ptr gets plaintext
1908 * @param data_len_ptr gets p-text size
1909 * @param return_value default value (`ThrowException`): throw exception on error.
1910 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1911 * At least the following PKCS#11 return values may be returned:
1912 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1913 * \li DeviceError \li DeviceMemory \li DeviceRemoved
1914 * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
1915 * \li FunctionFailed \li GeneralError \li HostMemory
1916 * \li OK \li OperationNotInitialized \li SessionClosed
1917 * \li SessionHandleInvalid \li UserNotLoggedIn
1918 * @return true on success, false otherwise
1919 */
1920 bool C_Decrypt(SessionHandle session,
1921 Byte* encrypted_data_ptr,
1922 Ulong encrypted_data_len,
1923 Byte* data_ptr,
1924 Ulong* data_len_ptr,
1925 ReturnValue* return_value = ThrowException) const;
1926
1927 /**
1928 * C_Decrypt decrypts encrypted data in a single part.
1929 * @param session session's handle
1930 * @param encrypted_data ciphertext
1931 * @param decrypted_data gets plaintext
1932 * @param return_value default value (`ThrowException`): throw exception on error.
1933 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1934 * At least the following PKCS#11 return values may be returned:
1935 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1936 * \li DeviceError \li DeviceMemory \li DeviceRemoved
1937 * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
1938 * \li FunctionFailed \li GeneralError \li HostMemory
1939 * \li OK \li OperationNotInitialized \li SessionClosed
1940 * \li SessionHandleInvalid \li UserNotLoggedIn
1941 * @return true on success, false otherwise
1942 */
1943 template<typename TAllocA, typename TAllocB>
1945 const std::vector<uint8_t, TAllocA>& encrypted_data,
1946 std::vector<uint8_t, TAllocB>& decrypted_data,
1947 ReturnValue* return_value = ThrowException) const
1948 {
1949 Ulong decrypted_size = 0;
1950 if(!C_Decrypt(session,
1951 const_cast<Byte*>((encrypted_data.data())),
1952 static_cast<Ulong>(encrypted_data.size()),
1953 nullptr, &decrypted_size,
1954 return_value))
1955 {
1956 return false;
1957 }
1958
1959 decrypted_data.resize(decrypted_size);
1960 if(!C_Decrypt(session,
1961 const_cast<Byte*>(encrypted_data.data()),
1962 static_cast<Ulong>(encrypted_data.size()),
1963 decrypted_data.data(),
1964 &decrypted_size, return_value))
1965 {
1966 return false;
1967 }
1968 decrypted_data.resize(decrypted_size);
1969 return true;
1970 }
1971
1972 /**
1973 * C_DecryptUpdate continues a multiple-part decryption operation.
1974 * @param session session's handle
1975 * @param encrypted_part_ptr encrypted data
1976 * @param encrypted_part_len input length
1977 * @param part_ptr gets plaintext
1978 * @param part_len_ptr p-text size
1979 * @param return_value default value (`ThrowException`): throw exception on error.
1980 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1981 * At least the following PKCS#11 return values may be returned:
1982 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1983 * \li DeviceError \li DeviceMemory \li DeviceRemoved
1984 * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
1985 * \li FunctionFailed \li GeneralError \li HostMemory
1986 * \li OK \li OperationNotInitialized \li SessionClosed
1987 * \li SessionHandleInvalid \li UserNotLoggedIn
1988 * @return true on success, false otherwise
1989 */
1990 bool C_DecryptUpdate(SessionHandle session,
1991 Byte* encrypted_part_ptr,
1992 Ulong encrypted_part_len,
1993 Byte* part_ptr,
1994 Ulong* part_len_ptr,
1995 ReturnValue* return_value = ThrowException) const;
1996
1997 /**
1998 * C_DecryptFinal finishes a multiple-part decryption operation.
1999 * @param session the session's handle
2000 * @param last_part_ptr gets plaintext
2001 * @param last_part_len_ptr p-text size
2002 * @param return_value default value (`ThrowException`): throw exception on error.
2003 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2004 * At least the following PKCS#11 return values may be returned:
2005 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2006 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2007 * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
2008 * \li FunctionFailed \li GeneralError \li HostMemory
2009 * \li OK \li OperationNotInitialized \li SessionClosed
2010 * \li SessionHandleInvalid \li UserNotLoggedIn
2011 * @return true on success, false otherwise
2012 */
2013 bool C_DecryptFinal(SessionHandle session,
2014 Byte* last_part_ptr,
2015 Ulong* last_part_len_ptr,
2016 ReturnValue* return_value = ThrowException) const;
2017
2018 /****************************** Message digesting functions ******************************/
2019
2020 /**
2021 * C_DigestInit initializes a message-digesting operation.
2022 * @param session the session's handle
2023 * @param mechanism_ptr the digesting mechanism
2024 * @param return_value default value (`ThrowException`): throw exception on error.
2025 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2026 * At least the following PKCS#11 return values may be returned:
2027 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2028 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2029 * \li FunctionFailed \li GeneralError \li HostMemory
2030 * \li MechanismInvalid \li MechanismParamInvalid \li OK
2031 * \li OperationActive \li PinExpired \li SessionClosed
2032 * \li SessionHandleInvalid \li UserNotLoggedIn
2033 * @return true on success, false otherwise
2034 */
2035 bool C_DigestInit(SessionHandle session,
2036 Mechanism* mechanism_ptr,
2037 ReturnValue* return_value = ThrowException) const;
2038
2039 /**
2040 * C_Digest digests data in a single part.
2041 * @param session the session's handle
2042 * @param data_ptr data to be digested
2043 * @param data_len bytes of data to digest
2044 * @param digest_ptr gets the message digest
2045 * @param digest_len_ptr gets digest length
2046 * @param return_value default value (`ThrowException`): throw exception on error.
2047 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2048 * At least the following PKCS#11 return values may be returned:
2049 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2050 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2051 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2052 * \li HostMemory \li OK \li OperationNotInitialized
2053 * \li SessionClosed \li SessionHandleInvalid
2054 * @return true on success, false otherwise
2055 */
2056 bool C_Digest(SessionHandle session,
2057 Byte* data_ptr,
2058 Ulong data_len,
2059 Byte* digest_ptr,
2060 Ulong* digest_len_ptr,
2061 ReturnValue* return_value = ThrowException) const;
2062
2063 /**
2064 * C_DigestUpdate continues a multiple-part message-digesting operation.
2065 * @param session the session's handle
2066 * @param part_ptr data to be digested
2067 * @param part_len bytes of data to be digested
2068 * @param return_value default value (`ThrowException`): throw exception on error.
2069 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2070 * At least the following PKCS#11 return values may be returned:
2071 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2072 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2073 * \li FunctionFailed \li GeneralError \li HostMemory
2074 * \li OK \li OperationNotInitialized \li SessionClosed
2075 * \li SessionHandleInvalid
2076 * @return true on success, false otherwise
2077 */
2078 bool C_DigestUpdate(SessionHandle session,
2079 Byte* part_ptr,
2080 Ulong part_len,
2081 ReturnValue* return_value = ThrowException) const;
2082
2083 /**
2084 * C_DigestKey continues a multi-part message-digesting operation, by digesting the value of a secret key as part of the data already digested.
2085 * @param session the session's handle
2086 * @param key secret key to digest
2087 * @param return_value default value (`ThrowException`): throw exception on error.
2088 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2089 * At least the following PKCS#11 return values may be returned:
2090 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
2091 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2092 * \li GeneralError \li HostMemory \li KeyHandleInvalid
2093 * \li KeyIndigestible \li KeySizeRange \li OK
2094 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2095 * @return true on success, false otherwise
2096 */
2097 bool C_DigestKey(SessionHandle session,
2098 ObjectHandle key,
2099 ReturnValue* return_value = ThrowException) const;
2100
2101 /**
2102 * C_DigestFinal finishes a multiple-part message-digesting operation.
2103 * @param session the session's handle
2104 * @param digest_ptr gets the message digest
2105 * @param digest_len_ptr gets uint8_t count of digest
2106 * @param return_value default value (`ThrowException`): throw exception on error.
2107 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2108 * At least the following PKCS#11 return values may be returned:
2109 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2110 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2111 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2112 * \li HostMemory \li OK \li OperationNotInitialized
2113 * \li SessionClosed \li SessionHandleInvalid
2114 * @return true on success, false otherwise
2115 */
2116 bool C_DigestFinal(SessionHandle session,
2117 Byte* digest_ptr,
2118 Ulong* digest_len_ptr,
2119 ReturnValue* return_value = ThrowException) const;
2120
2121 /****************************** Signing and MACing functions ******************************/
2122
2123 /**
2124 * C_SignInit initializes a signature (private key encryption) operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2125 * @param session the session's handle
2126 * @param mechanism_ptr the signature mechanism
2127 * @param key handle of signature key
2128 * @param return_value default value (`ThrowException`): throw exception on error.
2129 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2130 * At least the following PKCS#11 return values may be returned:
2131 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2132 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2133 * \li FunctionFailed \li GeneralError \li HostMemory
2134 * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
2135 * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
2136 * \li OK \li OperationActive \li PinExpired
2137 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2138 * @return true on success, false otherwise
2139 */
2140 bool C_SignInit(SessionHandle session,
2141 Mechanism* mechanism_ptr,
2142 ObjectHandle key,
2143 ReturnValue* return_value = ThrowException) const;
2144
2145 /**
2146 * C_Sign signs (encrypts with private key) data in a single part, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2147 * @param session the session's handle
2148 * @param data_ptr the data to sign
2149 * @param data_len count of bytes to sign
2150 * @param signature_ptr gets the signature
2151 * @param signature_len_ptr gets signature length
2152 * @param return_value default value (`ThrowException`): throw exception on error.
2153 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2154 * At least the following PKCS#11 return values may be returned:
2155 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2156 * \li DataInvalid \li DataLenRange \li DeviceError
2157 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2158 * \li FunctionFailed \li GeneralError \li HostMemory
2159 * \li OK \li OperationNotInitialized \li SessionClosed
2160 * \li SessionHandleInvalid \li UserNotLoggedIn \li FunctionRejected
2161 * @return true on success, false otherwise
2162 */
2163 bool C_Sign(SessionHandle session,
2164 Byte* data_ptr,
2165 Ulong data_len,
2166 Byte* signature_ptr,
2167 Ulong* signature_len_ptr,
2168 ReturnValue* return_value = ThrowException) const;
2169
2170 /**
2171 * C_Sign signs (encrypts with private key) data in a single part, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2172 * @param session the session's handle
2173 * @param data the data to sign
2174 * @param signature gets the signature
2175 * @param return_value default value (`ThrowException`): throw exception on error.
2176 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2177 * At least the following PKCS#11 return values may be returned:
2178 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2179 * \li DataInvalid \li DataLenRange \li DeviceError
2180 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2181 * \li FunctionFailed \li GeneralError \li HostMemory
2182 * \li OK \li OperationNotInitialized \li SessionClosed
2183 * \li SessionHandleInvalid \li UserNotLoggedIn \li FunctionRejected
2184 * @return true on success, false otherwise
2185 */
2186 template<typename TAllocA, typename TAllocB>
2187 bool C_Sign(SessionHandle session,
2188 const std::vector<uint8_t, TAllocA>& data,
2189 std::vector<uint8_t, TAllocB>& signature,
2190 ReturnValue* return_value = ThrowException) const
2191 {
2192 Ulong signature_size = 0;
2193 if(!C_Sign(session,
2194 const_cast<Byte*>((data.data())),
2195 static_cast<Ulong>(data.size()),
2196 nullptr,
2197 &signature_size,
2198 return_value))
2199 {
2200 return false;
2201 }
2202
2203 signature.resize(signature_size);
2204 if (!C_Sign(session,
2205 const_cast<Byte*>(data.data()),
2206 static_cast<Ulong>(data.size()),
2207 signature.data(),
2208 &signature_size,
2209 return_value))
2210 {
2211 return false;
2212 }
2213 signature.resize(signature_size);
2214 return true;
2215 }
2216
2217 /**
2218 * C_SignUpdate continues a multiple-part signature operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2219 * @param session the session's handle
2220 * @param part_ptr the data to sign
2221 * @param part_len count of bytes to sign
2222 * @param return_value default value (`ThrowException`): throw exception on error.
2223 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2224 * At least the following PKCS#11 return values may be returned:
2225 * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2226 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2227 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2228 * \li HostMemory \li OK \li OperationNotInitialized
2229 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2230 * @return true on success, false otherwise
2231 */
2232 bool C_SignUpdate(SessionHandle session,
2233 Byte* part_ptr,
2234 Ulong part_len,
2235 ReturnValue* return_value = ThrowException) const;
2236
2237 /**
2238 * C_SignUpdate continues a multiple-part signature operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2239 * @param session the session's handle
2240 * @param part the data to sign
2241 * @param return_value default value (`ThrowException`): throw exception on error.
2242 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2243 * At least the following PKCS#11 return values may be returned:
2244 * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2245 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2246 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2247 * \li HostMemory \li OK \li OperationNotInitialized
2248 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2249 * @return true on success, false otherwise
2250 */
2251 template<typename TAlloc>
2253 const std::vector<uint8_t, TAlloc>& part,
2254 ReturnValue* return_value = ThrowException) const
2255 {
2256 return C_SignUpdate(session,
2257 const_cast<Byte*>(part.data()),
2258 static_cast<Ulong>(part.size()),
2259 return_value);
2260 }
2261
2262 /**
2263 * C_SignFinal finishes a multiple-part signature operation, returning the signature.
2264 * @param session the session's handle
2265 * @param signature_ptr gets the signature
2266 * @param signature_len_ptr gets signature length
2267 * @param return_value default value (`ThrowException`): throw exception on error.
2268 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2269 * At least the following PKCS#11 return values may be returned:
2270 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2271 * \li DataLenRange \li DeviceError \li DeviceMemory
2272 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2273 * \li GeneralError \li HostMemory \li OK
2274 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2275 * \li UserNotLoggedIn \li FunctionRejected
2276 * @return true on success, false otherwise
2277 */
2278 bool C_SignFinal(SessionHandle session,
2279 Byte* signature_ptr,
2280 Ulong* signature_len_ptr,
2281 ReturnValue* return_value = ThrowException) const;
2282
2283 /**
2284 * C_SignFinal finishes a multiple-part signature operation, returning the signature.
2285 * @param session the session's handle
2286 * @param signature gets the signature
2287 * @param return_value default value (`ThrowException`): throw exception on error.
2288 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2289 * At least the following PKCS#11 return values may be returned:
2290 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2291 * \li DataLenRange \li DeviceError \li DeviceMemory
2292 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2293 * \li GeneralError \li HostMemory \li OK
2294 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2295 * \li UserNotLoggedIn \li FunctionRejected
2296 * @return true on success, false otherwise
2297 */
2298 template<typename TAlloc>
2300 std::vector<uint8_t, TAlloc>& signature,
2301 ReturnValue* return_value = ThrowException) const
2302 {
2303 Ulong signature_size = 0;
2304 if(!C_SignFinal(session, nullptr, &signature_size, return_value))
2305 {
2306 return false;
2307 }
2308
2309 signature.resize(signature_size);
2310 if (!C_SignFinal(session, signature.data(), &signature_size, return_value))
2311 {
2312 return false;
2313 }
2314 signature.resize(signature_size);
2315 return true;
2316 }
2317
2318 /**
2319 * C_SignRecoverInit initializes a signature operation, where the data can be recovered from the signature.
2320 * @param session the session's handle
2321 * @param mechanism_ptr the signature mechanism
2322 * @param key handle of the signature key
2323 * @param return_value default value (`ThrowException`): throw exception on error.
2324 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2325 * At least the following PKCS#11 return values may be returned:
2326 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2327 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2328 * \li FunctionFailed \li GeneralError \li HostMemory
2329 * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
2330 * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
2331 * \li OK \li OperationActive \li PinExpired
2332 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2333 * @return true on success, false otherwise
2334 */
2335 bool C_SignRecoverInit(SessionHandle session,
2336 Mechanism* mechanism_ptr,
2337 ObjectHandle key,
2338 ReturnValue* return_value = ThrowException) const;
2339
2340 /**
2341 * C_SignRecover signs data in a single operation, where the data can be recovered from the signature.
2342 * @param session the session's handle
2343 * @param data_ptr the data to sign
2344 * @param data_len count of bytes to sign
2345 * @param signature_ptr gets the signature
2346 * @param signature_len_ptr gets signature length
2347 * @param return_value default value (`ThrowException`): throw exception on error.
2348 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2349 * At least the following PKCS#11 return values may be returned:
2350 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2351 * \li DataInvalid \li DataLenRange \li DeviceError
2352 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2353 * \li FunctionFailed \li GeneralError \li HostMemory
2354 * \li OK \li OperationNotInitialized \li SessionClosed
2355 * \li SessionHandleInvalid \li UserNotLoggedIn
2356 * @return true on success, false otherwise
2357 */
2358 bool C_SignRecover(SessionHandle session,
2359 Byte* data_ptr,
2360 Ulong data_len,
2361 Byte* signature_ptr,
2362 Ulong* signature_len_ptr,
2363 ReturnValue* return_value = ThrowException) const;
2364
2365 /****************************** Functions for verifying signatures and MACs ******************************/
2366
2367 /**
2368 * C_VerifyInit initializes a verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature (e.g. DSA).
2369 * @param session the session's handle
2370 * @param mechanism_ptr the verification mechanism
2371 * @param key verification key
2372 * @param return_value default value (`ThrowException`): throw exception on error.
2373 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2374 * At least the following PKCS#11 return values may be returned:
2375 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2376 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2377 * \li FunctionFailed \li GeneralError \li HostMemory
2378 * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
2379 * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
2380 * \li OK \li OperationActive \li PinExpired
2381 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2382 * @return true on success, false otherwise
2383 */
2384 bool C_VerifyInit(SessionHandle session,
2385 Mechanism* mechanism_ptr,
2386 ObjectHandle key,
2387 ReturnValue* return_value = ThrowException) const;
2388
2389 /**
2390 * C_Verify verifies a signature in a single-part operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
2391 * @param session the session's handle
2392 * @param data_ptr signed data
2393 * @param data_len length of signed data
2394 * @param signature_ptr signature
2395 * @param signature_len signature length
2396 * @param return_value default value (`ThrowException`): throw exception on error.
2397 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2398 * At least the following PKCS#11 return values may be returned:
2399 * \li ArgumentsBad \li CryptokiNotInitialized \li DataInvalid
2400 * \li DataLenRange \li DeviceError \li DeviceMemory
2401 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2402 * \li GeneralError \li HostMemory \li OK
2403 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2404 * \li SignatureInvalid \li SignatureLenRange
2405 * @return true on success, false otherwise
2406 */
2407 bool C_Verify(SessionHandle session,
2408 Byte* data_ptr,
2409 Ulong data_len,
2410 Byte* signature_ptr,
2411 Ulong signature_len,
2412 ReturnValue* return_value = ThrowException) const;
2413
2414 /**
2415 * C_Verify verifies a signature in a single-part operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
2416 * @param session the session's handle
2417 * @param data signed data
2418 * @param signature signature
2419 * @param return_value default value (`ThrowException`): throw exception on error.
2420 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2421 * At least the following PKCS#11 return values may be returned:
2422 * \li ArgumentsBad \li CryptokiNotInitialized \li DataInvalid
2423 * \li DataLenRange \li DeviceError \li DeviceMemory
2424 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2425 * \li GeneralError \li HostMemory \li OK
2426 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2427 * \li SignatureInvalid \li SignatureLenRange
2428 * @return true on success, false otherwise
2429 */
2430 template<typename TAllocA, typename TAllocB>
2432 const std::vector<uint8_t, TAllocA>& data,
2433 std::vector<uint8_t, TAllocB>& signature,
2434 ReturnValue* return_value = ThrowException) const
2435 {
2436 return C_Verify(session,
2437 const_cast<Byte*>(data.data()),
2438 static_cast<Ulong>(data.size()),
2439 signature.data(),
2440 static_cast<Ulong>(signature.size()),
2441 return_value);
2442 }
2443
2444 /**
2445 * C_VerifyUpdate continues a multiple-part verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
2446 * @param session the session's handle
2447 * @param part_ptr signed data
2448 * @param part_len length of signed data
2449 * @param return_value default value (`ThrowException`): throw exception on error.
2450 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2451 * At least the following PKCS#11 return values may be returned:
2452 * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2453 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2454 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2455 * \li HostMemory \li OK \li OperationNotInitialized
2456 * \li SessionClosed \li SessionHandleInvalid
2457 * @return true on success, false otherwise
2458 */
2459 bool C_VerifyUpdate(SessionHandle session,
2460 Byte* part_ptr,
2461 Ulong part_len,
2462 ReturnValue* return_value = ThrowException) const;
2463
2464 /**
2465 * C_VerifyUpdate continues a multiple-part verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
2466 * @param session the session's handle
2467 * @param part signed data
2468 * @param return_value default value (`ThrowException`): throw exception on error.
2469 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2470 * At least the following PKCS#11 return values may be returned:
2471 * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2472 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2473 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2474 * \li HostMemory \li OK \li OperationNotInitialized
2475 * \li SessionClosed \li SessionHandleInvalid
2476 * @return true on success, false otherwise
2477 */
2478 template<typename TAlloc>
2480 std::vector<uint8_t, TAlloc> part,
2481 ReturnValue* return_value = ThrowException) const
2482 {
2483 return C_VerifyUpdate(session, part.data(), static_cast<Ulong>(part.size()), return_value);
2484 }
2485
2486 /**
2487 * C_VerifyFinal finishes a multiple-part verification operation, checking the signature.
2488 * @param session the session's handle
2489 * @param signature_ptr signature to verify
2490 * @param signature_len signature length
2491 * @param return_value default value (`ThrowException`): throw exception on error.
2492 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2493 * At least the following PKCS#11 return values may be returned:
2494 * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2495 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2496 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2497 * \li HostMemory \li OK \li OperationNotInitialized
2498 * \li SessionClosed \li SessionHandleInvalid \li SignatureInvalid
2499 * \li SignatureLenRange
2500 * @return true on success, false otherwise
2501 */
2502 bool C_VerifyFinal(SessionHandle session,
2503 Byte* signature_ptr,
2504 Ulong signature_len,
2505 ReturnValue* return_value = ThrowException) const;
2506
2507 /**
2508 * C_VerifyRecoverInit initializes a signature verification operation, where the data is recovered from the signature.
2509 * @param session the session's handle
2510 * @param mechanism_ptr the verification mechanism
2511 * @param key verification key
2512 * @param return_value default value (`ThrowException`): throw exception on error.
2513 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2514 * At least the following PKCS#11 return values may be returned:
2515 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2516 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2517 * \li FunctionFailed \li GeneralError \li HostMemory
2518 * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
2519 * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
2520 * \li OK \li OperationActive \li PinExpired
2521 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2522 * @return true on success, false otherwise
2523 */
2524 bool C_VerifyRecoverInit(SessionHandle session,
2525 Mechanism* mechanism_ptr,
2526 ObjectHandle key,
2527 ReturnValue* return_value = ThrowException) const;
2528
2529 /**
2530 * C_VerifyRecover verifies a signature in a single-part operation, where the data is recovered from the signature.
2531 * @param session the session's handle
2532 * @param signature_ptr signature to verify
2533 * @param signature_len signature length
2534 * @param data_ptr gets signed data
2535 * @param data_len_ptr gets signed data len
2536 * @param return_value default value (`ThrowException`): throw exception on error.
2537 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2538 * At least the following PKCS#11 return values may be returned:
2539 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2540 * \li DataInvalid \li DataLenRange \li DeviceError
2541 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2542 * \li FunctionFailed \li GeneralError \li HostMemory
2543 * \li OK \li OperationNotInitialized \li SessionClosed
2544 * \li SessionHandleInvalid \li SignatureLenRange \li SignatureInvalid
2545 * @return true on success, false otherwise
2546 */
2547 bool C_VerifyRecover(SessionHandle session,
2548 Byte* signature_ptr,
2549 Ulong signature_len,
2550 Byte* data_ptr,
2551 Ulong* data_len_ptr,
2552 ReturnValue* return_value = ThrowException) const;
2553
2554 /****************************** Dual-purpose cryptographic functions ******************************/
2555
2556 /**
2557 * C_DigestEncryptUpdate continues a multiple-part digesting and encryption operation.
2558 * @param session session's handle
2559 * @param part_ptr the plaintext data
2560 * @param part_len plaintext length
2561 * @param encrypted_part_ptr gets ciphertext
2562 * @param encrypted_part_len_ptr gets c-text length
2563 * @param return_value default value (`ThrowException`): throw exception on error.
2564 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2565 * At least the following PKCS#11 return values may be returned:
2566 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2567 * \li DataLenRange \li DeviceError \li DeviceMemory
2568 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2569 * \li GeneralError \li HostMemory \li OK
2570 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2571 * @return true on success, false otherwise
2572 */
2573 bool C_DigestEncryptUpdate(SessionHandle session,
2574 Byte* part_ptr,
2575 Ulong part_len,
2576 Byte* encrypted_part_ptr,
2577 Ulong* encrypted_part_len_ptr,
2578 ReturnValue* return_value = ThrowException) const ;
2579
2580 /**
2581 * C_DecryptDigestUpdate continues a multiple-part decryption and digesting operation.
2582 * @param session session's handle
2583 * @param encrypted_part_ptr ciphertext
2584 * @param encrypted_part_len ciphertext length
2585 * @param part_ptr gets plaintext
2586 * @param part_len_ptr gets plaintext len
2587 * @param return_value default value (`ThrowException`): throw exception on error.
2588 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2589 * At least the following PKCS#11 return values may be returned:
2590 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2591 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2592 * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
2593 * \li FunctionFailed \li GeneralError \li HostMemory
2594 * \li OK \li OperationNotInitialized \li SessionClosed
2595 * \li SessionHandleInvalid
2596 * @return true on success, false otherwise
2597 */
2598 bool C_DecryptDigestUpdate(SessionHandle session,
2599 Byte* encrypted_part_ptr,
2600 Ulong encrypted_part_len,
2601 Byte* part_ptr,
2602 Ulong* part_len_ptr,
2603 ReturnValue* return_value = ThrowException) const;
2604
2605 /**
2606 * C_SignEncryptUpdate continues a multiple-part signing and encryption operation.
2607 * @param session session's handle
2608 * @param part_ptr the plaintext data
2609 * @param part_len plaintext length
2610 * @param encrypted_part_ptr gets ciphertext
2611 * @param encrypted_part_len_ptr gets c-text length
2612 * @param return_value default value (`ThrowException`): throw exception on error.
2613 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2614 * At least the following PKCS#11 return values may be returned:
2615 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2616 * \li DataLenRange \li DeviceError \li DeviceMemory
2617 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2618 * \li GeneralError \li HostMemory \li OK
2619 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2620 * \li UserNotLoggedIn
2621 * @return true on success, false otherwise
2622 */
2623 bool C_SignEncryptUpdate(SessionHandle session,
2624 Byte* part_ptr,
2625 Ulong part_len,
2626 Byte* encrypted_part_ptr,
2627 Ulong* encrypted_part_len_ptr,
2628 ReturnValue* return_value = ThrowException) const;
2629
2630 /**
2631 * C_DecryptVerifyUpdate continues a multiple-part decryption and verify operation.
2632 * @param session session's handle
2633 * @param encrypted_part_ptr ciphertext
2634 * @param encrypted_part_len ciphertext length
2635 * @param part_ptr gets plaintext
2636 * @param part_len_ptr gets p-text length
2637 * @param return_value default value (`ThrowException`): throw exception on error.
2638 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2639 * At least the following PKCS#11 return values may be returned:
2640 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2641 * \li DataLenRange \li DeviceError \li DeviceMemory
2642 * \li DeviceRemoved \li EncryptedDataInvalid \li EncryptedDataLenRange
2643 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2644 * \li HostMemory \li OK \li OperationNotInitialized
2645 * \li SessionClosed \li SessionHandleInvalid
2646 * @return true on success, false otherwise
2647 */
2648 bool C_DecryptVerifyUpdate(SessionHandle session,
2649 Byte* encrypted_part_ptr,
2650 Ulong encrypted_part_len,
2651 Byte* part_ptr,
2652 Ulong* part_len_ptr,
2653 ReturnValue* return_value = ThrowException) const;
2654
2655 /****************************** Key management functions ******************************/
2656
2657 /**
2658 * C_GenerateKey generates a secret key, creating a new key object.
2659 * @param session the session's handle
2660 * @param mechanism_ptr key generation mech.
2661 * @param attribute_template_ptr template for new key
2662 * @param count # of attrs in template
2663 * @param key_ptr gets handle of new key
2664 * @param return_value default value (`ThrowException`): throw exception on error.
2665 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2666 * At least the following PKCS#11 return values may be returned:
2667 * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
2668 * \li AttributeValueInvalid \li CryptokiNotInitialized \li CurveNotSupported
2669 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2670 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2671 * \li HostMemory \li MechanismInvalid \li MechanismParamInvalid
2672 * \li OK \li OperationActive \li PinExpired
2673 * \li SessionClosed \li SessionHandleInvalid \li SessionReadOnly
2674 * \li TemplateIncomplete \li TemplateInconsistent \li TokenWriteProtected
2675 * \li UserNotLoggedIn
2676 * @return true on success, false otherwise
2677 */
2678 bool C_GenerateKey(SessionHandle session,
2679 Mechanism* mechanism_ptr,
2680 Attribute* attribute_template_ptr,
2681 Ulong count,
2682 ObjectHandle* key_ptr,
2683 ReturnValue* return_value = ThrowException) const;
2684
2685 /**
2686 * C_GenerateKeyPair generates a public-key/private-key pair, creating new key objects.
2687 * @param session session handle
2688 * @param mechanism_ptr key-gen mech.
2689 * @param public_key_template_ptr template for pub. key
2690 * @param public_key_attribute_count # pub. attrs.
2691 * @param private_key_template_ptr template for priv. key
2692 * @param private_key_attribute_count # priv. attrs.
2693 * @param public_key_ptr gets pub. key handle
2694 * @param private_key_ptr gets priv. key handle
2695 * @param return_value default value (`ThrowException`): throw exception on error.
2696 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2697 * At least the following PKCS#11 return values may be returned:
2698 * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
2699 * \li AttributeValueInvalid \li CryptokiNotInitialized \li CurveNotSupported
2700 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2701 * \li DomainParamsInvalid \li FunctionCanceled \li FunctionFailed
2702 * \li GeneralError \li HostMemory \li MechanismInvalid
2703 * \li MechanismParamInvalid \li OK \li OperationActive
2704 * \li PinExpired \li SessionClosed \li SessionHandleInvalid
2705 * \li SessionReadOnly \li TemplateIncomplete \li TemplateInconsistent
2706 * \li TokenWriteProtected \li UserNotLoggedIn
2707 * @return true on success, false otherwise
2708 */
2709 bool C_GenerateKeyPair(SessionHandle session,
2710 Mechanism* mechanism_ptr,
2711 Attribute* public_key_template_ptr,
2712 Ulong public_key_attribute_count,
2713 Attribute* private_key_template_ptr,
2714 Ulong private_key_attribute_count,
2715 ObjectHandle* public_key_ptr,
2716 ObjectHandle* private_key_ptr,
2717 ReturnValue* return_value = ThrowException) const;
2718
2719 /**
2720 * C_WrapKey wraps (i.e., encrypts) a key.
2721 * @param session the session's handle
2722 * @param mechanism_ptr the wrapping mechanism
2723 * @param wrapping_key wrapping key
2724 * @param key key to be wrapped
2725 * @param wrapped_key_ptr gets wrapped key
2726 * @param wrapped_key_len_ptr gets wrapped key size
2727 * @param return_value default value (`ThrowException`): throw exception on error.
2728 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2729 * At least the following PKCS#11 return values may be returned:
2730 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2731 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2732 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2733 * \li HostMemory \li KeyHandleInvalid \li KeyNotWrappable
2734 * \li KeySizeRange \li KeyUnextractable \li MechanismInvalid
2735 * \li MechanismParamInvalid \li OK \li OperationActive
2736 * \li PinExpired \li SessionClosed \li SessionHandleInvalid
2737 * \li UserNotLoggedIn \li WrappingKeyHandleInvalid \li WrappingKeySizeRange
2738 * \li WrappingKeyTypeInconsistent
2739 * @return true on success, false otherwise
2740 */
2741 bool C_WrapKey(SessionHandle session,
2742 Mechanism* mechanism_ptr,
2743 ObjectHandle wrapping_key,
2744 ObjectHandle key,
2745 Byte* wrapped_key_ptr,
2746 Ulong* wrapped_key_len_ptr,
2747 ReturnValue* return_value = ThrowException) const;
2748
2749 /**
2750 * C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new key object.
2751 * @param session session's handle
2752 * @param mechanism_ptr unwrapping mech.
2753 * @param unwrapping_key unwrapping key
2754 * @param wrapped_key_ptr the wrapped key
2755 * @param wrapped_key_len wrapped key len
2756 * @param attribute_template_ptr new key template
2757 * @param attribute_count template length
2758 * @param key_ptr gets new handle
2759 * @param return_value default value (`ThrowException`): throw exception on error.
2760 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2761 * At least the following PKCS#11 return values may be returned:
2762 * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
2763 * \li AttributeValueInvalid \li BufferTooSmall \li CryptokiNotInitialized
2764 * \li CurveNotSupported \li DeviceError \li DeviceMemory
2765 * \li DeviceRemoved \li DomainParamsInvalid \li FunctionCanceled
2766 * \li FunctionFailed \li GeneralError \li HostMemory
2767 * \li MechanismInvalid \li MechanismParamInvalid \li OK
2768 * \li OperationActive \li PinExpired \li SessionClosed
2769 * \li SessionHandleInvalid \li SessionReadOnly \li TemplateIncomplete
2770 * \li TemplateInconsistent \li TokenWriteProtected \li UnwrappingKeyHandleInvalid
2771 * \li UnwrappingKeySizeRange \li UnwrappingKeyTypeInconsistent \li UserNotLoggedIn
2772 * \li WrappedKeyInvalid \li WrappedKeyLenRange
2773 * @return true on success, false otherwise
2774 */
2775 bool C_UnwrapKey(SessionHandle session,
2776 Mechanism* mechanism_ptr,
2777 ObjectHandle unwrapping_key,
2778 Byte* wrapped_key_ptr,
2779 Ulong wrapped_key_len,
2780 Attribute* attribute_template_ptr,
2781 Ulong attribute_count,
2782 ObjectHandle* key_ptr,
2783 ReturnValue* return_value = ThrowException) const;
2784
2785 /**
2786 * C_DeriveKey derives a key from a base key, creating a new key object.
2787 * @param session session's handle
2788 * @param mechanism_ptr key deriv. mech.
2789 * @param base_key base key
2790 * @param attribute_template_ptr new key template
2791 * @param attribute_count template length
2792 * @param key_ptr gets new handle
2793 * @param return_value default value (`ThrowException`): throw exception on error.
2794 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2795 * At least the following PKCS#11 return values may be returned:
2796 * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
2797 * \li AttributeValueInvalid \li CryptokiNotInitialized \li CurveNotSupported
2798 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2799 * \li DomainParamsInvalid \li FunctionCanceled \li FunctionFailed
2800 * \li GeneralError \li HostMemory \li KeyHandleInvalid
2801 * \li KeySizeRange \li KeyTypeInconsistent \li MechanismInvalid
2802 * \li MechanismParamInvalid \li OK \li OperationActive
2803 * \li PinExpired \li SessionClosed \li SessionHandleInvalid
2804 * \li SessionReadOnly \li TemplateIncomplete \li TemplateInconsistent
2805 * \li TokenWriteProtected \li UserNotLoggedIn
2806 * @return true on success, false otherwise
2807 */
2808 bool C_DeriveKey(SessionHandle session,
2809 Mechanism* mechanism_ptr,
2810 ObjectHandle base_key,
2811 Attribute* attribute_template_ptr,
2812 Ulong attribute_count,
2813 ObjectHandle* key_ptr,
2814 ReturnValue* return_value = ThrowException) const;
2815
2816 /****************************** Random number generation functions ******************************/
2817
2818 /**
2819 * C_SeedRandom mixes additional seed material into the token's random number generator.
2820 * @param session the session's handle
2821 * @param seed_ptr the seed material
2822 * @param seed_len length of seed material
2823 * @param return_value default value (`ThrowException`): throw exception on error.
2824 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2825 * At least the following PKCS#11 return values may be returned:
2826 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2827 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2828 * \li FunctionFailed \li GeneralError \li HostMemory
2829 * \li OK \li OperationActive \li RandomSeedNotSupported
2830 * \li RandomNoRng \li SessionClosed \li SessionHandleInvalid
2831 * \li UserNotLoggedIn
2832 * @return true on success, false otherwise
2833 */
2834 bool C_SeedRandom(SessionHandle session,
2835 Byte* seed_ptr,
2836 Ulong seed_len,
2837 ReturnValue* return_value = ThrowException) const;
2838
2839 /**
2840 * C_GenerateRandom generates random data.
2841 * @param session the session's handle
2842 * @param random_data_ptr receives the random data
2843 * @param random_len # of bytes to generate
2844 * @param return_value default value (`ThrowException`): throw exception on error.
2845 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2846 * At least the following PKCS#11 return values may be returned:
2847 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2848 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2849 * \li FunctionFailed \li GeneralError \li HostMemory
2850 * \li OK \li OperationActive \li RandomNoRng
2851 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2852 * @return true on success, false otherwise
2853 */
2854 bool C_GenerateRandom(SessionHandle session,
2855 Byte* random_data_ptr,
2856 Ulong random_len,
2857 ReturnValue* return_value = ThrowException) const;
2858
2859 /****************************** Parallel function management functions ******************************/
2860
2861 /**
2862 * C_GetFunctionStatus is a legacy function; it obtains an updated status of a function running in parallel with an application.
2863 * @param session the session's handle
2864 * @param return_value default value (`ThrowException`): throw exception on error.
2865 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2866 * At least the following PKCS#11 return values may be returned:
2867 * \li CryptokiNotInitialized \li FunctionFailed \li FunctionNotParallel
2868 * \li GeneralError \li HostMemory \li SessionHandleInvalid
2869 * \li SessionClosed
2870 * @return true on success, false otherwise
2871 */
2872 bool C_GetFunctionStatus(SessionHandle session,
2873 ReturnValue* return_value = ThrowException) const;
2874
2875 /**
2876 * C_CancelFunction is a legacy function; it cancels a function running in parallel.
2877 * @param session the session's handle
2878 * @param return_value default value (`ThrowException`): throw exception on error.
2879 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2880 * At least the following PKCS#11 return values may be returned:
2881 * \li CryptokiNotInitialized \li FunctionFailed \li FunctionNotParallel
2882 * \li GeneralError \li HostMemory \li SessionHandleInvalid
2883 * \li SessionClosed
2884 * @return true on success, false otherwise
2885 */
2886 bool C_CancelFunction(SessionHandle session,
2887 ReturnValue* return_value = ThrowException) const;
2888
2889 private:
2890 const FunctionListPtr m_func_list_ptr;
2891 };
2892
2894 {
2895 public:
2896 explicit PKCS11_Error(const std::string& what) :
2897 Exception("PKCS11 error", what)
2898 {
2899 }
2900
2901 ErrorType error_type() const noexcept override { return ErrorType::Pkcs11Error; }
2902 };
2903
2905 {
2906 public:
2907 explicit PKCS11_ReturnError(ReturnValue return_val) :
2908 PKCS11_Error(std::to_string(static_cast< uint32_t >(return_val))),
2909 m_return_val(return_val)
2910 {}
2911
2913 {
2914 return m_return_val;
2915 }
2916
2917 int error_code() const noexcept override
2918 {
2919 return static_cast<int>(m_return_val);
2920 }
2921
2922 private:
2923 const ReturnValue m_return_val;
2924 };
2925
2926}
2927
2928}
2929
2930#endif
Provides access to all PKCS#11 functions.
Definition: p11.h:904
bool C_InitPIN(SessionHandle session, const std::vector< uint8_t, TAlloc > &pin, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1205
bool C_SetAttributeValue(SessionHandle session, ObjectHandle object, std::map< AttributeType, std::vector< uint8_t, TAlloc > > &attribute_values, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1666
bool C_Sign(SessionHandle session, const std::vector< uint8_t, TAllocA > &data, std::vector< uint8_t, TAllocB > &signature, ReturnValue *return_value=ThrowException) const
Definition: p11.h:2187
bool C_SetPIN(SessionHandle session, const std::vector< uint8_t, TAlloc > &old_pin, const std::vector< uint8_t, TAlloc > &new_pin, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1257
bool C_SignUpdate(SessionHandle session, const std::vector< uint8_t, TAlloc > &part, ReturnValue *return_value=ThrowException) const
Definition: p11.h:2252
bool C_Login(SessionHandle session, UserType user_type, const std::vector< uint8_t, TAlloc > &pin, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1431
bool C_Encrypt(SessionHandle session, const std::vector< uint8_t, TAllocA > &plaintext_data, std::vector< uint8_t, TAllocB > &encrypted_data, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1806
bool C_Verify(SessionHandle session, const std::vector< uint8_t, TAllocA > &data, std::vector< uint8_t, TAllocB > &signature, ReturnValue *return_value=ThrowException) const
Definition: p11.h:2431
bool C_Decrypt(SessionHandle session, const std::vector< uint8_t, TAllocA > &encrypted_data, std::vector< uint8_t, TAllocB > &decrypted_data, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1944
bool C_InitToken(SlotId slot_id, const std::vector< uint8_t, TAlloc > &so_pin, const std::string &label, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1150
bool C_VerifyUpdate(SessionHandle session, std::vector< uint8_t, TAlloc > part, ReturnValue *return_value=ThrowException) const
Definition: p11.h:2479
bool C_SignFinal(SessionHandle session, std::vector< uint8_t, TAlloc > &signature, ReturnValue *return_value=ThrowException) const
Definition: p11.h:2299
bool C_GetAttributeValue(SessionHandle session, ObjectHandle object, std::map< AttributeType, std::vector< uint8_t, TAlloc > > &attribute_values, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1586
PKCS11_Error(const std::string &what)
Definition: p11.h:2896
ErrorType error_type() const noexcept override
Definition: p11.h:2901
int error_code() const noexcept override
Definition: p11.h:2917
ReturnValue get_return_value() const
Definition: p11.h:2912
PKCS11_ReturnError(ReturnValue return_val)
Definition: p11.h:2907
int(* final)(unsigned char *, CTX *)
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31
PseudoRandom
Definition: p11.h:695
ReturnValue * ThrowException
Definition: p11.cpp:20
CK_BBOOL Bbool
Definition: p11.h:836
KeyDerivation
Definition: p11.h:196
CK_FLAGS Flags
Definition: p11.h:834
PublicPointEncoding
Definition: p11.h:822
AttributeType
Definition: p11.h:66
CK_NOTIFY Notify
Definition: p11.h:844
CertificateType
Definition: p11.h:178
void change_pin(Slot &slot, const secure_string &old_pin, const secure_string &new_pin)
Definition: p11.cpp:53
void change_so_pin(Slot &slot, const secure_string &old_so_pin, const secure_string &new_so_pin)
Definition: p11.cpp:60
MechanismType
Definition: p11.h:338
CK_FUNCTION_LIST_PTR FunctionListPtr
Definition: p11.h:827
CK_ULONG Ulong
Definition: p11.h:838
secure_vector< uint8_t > secure_string
Definition: p11.h:63
void initialize_token(Slot &slot, const std::string &label, const secure_string &so_pin, const secure_string &pin)
Definition: p11.cpp:47
CK_UNLOCKMUTEX UnlockMutex
Definition: p11.h:833
Notification
Definition: p11.h:675
CK_DESTROYMUTEX DestroyMutex
Definition: p11.h:831
CK_VOID_PTR VoidPtr
Definition: p11.h:828
Flag operator|(Flag a, Flag b)
Definition: p11.h:267
CK_LOCKMUTEX LockMutex
Definition: p11.h:832
CK_SESSION_HANDLE SessionHandle
Definition: p11.h:845
const Bbool True
Definition: p11.h:857
SessionState
Definition: p11.h:707
const Bbool False
Definition: p11.h:858
void set_pin(Slot &slot, const secure_string &so_pin, const secure_string &pin)
Definition: p11.cpp:67
CK_OBJECT_HANDLE ObjectHandle
Definition: p11.h:848
CertificateCategory
Definition: p11.h:188
CK_CREATEMUTEX CreateMutex
Definition: p11.h:830
CK_BYTE Byte
Definition: p11.h:849
CK_SLOT_ID SlotId
Definition: p11.h:837
Flags flags(Flag flags)
Definition: p11.h:860
CK_UTF8CHAR Utf8Char
Definition: p11.h:843
HardwareType
Definition: p11.h:282
Definition: alg_id.cpp:13
ErrorType
Definition: exceptn.h:20
std::string to_string(ErrorType type)
Convert an ErrorType to string.
Definition: exceptn.cpp:11
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:65
Definition: bigint.h:1143
MechanismType type
#define CKD_NULL
Definition: pkcs11t.h:1290
#define CKA_NEVER_EXTRACTABLE
Definition: pkcs11t.h:496
struct CK_DATE CK_DATE
#define CKM_SEED_KEY_GEN
Definition: pkcs11t.h:856
#define CKM_TLS_MASTER_KEY_DERIVE
Definition: pkcs11t.h:775
#define CKD_SHA1_KDF
Definition: pkcs11t.h:1291
#define CKD_SHA256_KDF
Definition: pkcs11t.h:1297
#define CKR_NEXT_OTP
Definition: pkcs11t.h:1148
#define CKK_DES3
Definition: pkcs11t.h:351
#define CKM_DSA_PARAMETER_GEN
Definition: pkcs11t.h:957
#define CKR_SESSION_COUNT
Definition: pkcs11t.h:1097
#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE
Definition: pkcs11t.h:816
#define CKM_CONCATENATE_BASE_AND_DATA
Definition: pkcs11t.h:765
#define CKM_PKCS5_PBKD2
Definition: pkcs11t.h:807
#define CKM_AES_GMAC
Definition: pkcs11t.h:928
#define CKM_KIP_DERIVE
Definition: pkcs11t.h:833
#define CKR_DEVICE_MEMORY
Definition: pkcs11t.h:1061
#define CKA_JAVA_MIDP_SECURITY_DOMAIN
Definition: pkcs11t.h:452
#define CKM_SSL3_SHA1_MAC
Definition: pkcs11t.h:782
#define CKA_OTP_TIME_INTERVAL
Definition: pkcs11t.h:522
#define CKK_RC4
Definition: pkcs11t.h:348
#define CKA_TOKEN
Definition: pkcs11t.h:438
#define CKA_SECONDARY_AUTH
Definition: pkcs11t.h:510
#define CKR_GENERAL_ERROR
Definition: pkcs11t.h:1043
#define CKR_MECHANISM_INVALID
Definition: pkcs11t.h:1083
#define CKR_SLOT_ID_INVALID
Definition: pkcs11t.h:1041
#define CKC_VENDOR_DEFINED
Definition: pkcs11t.h:410
#define CKG_MGF1_SHA256
Definition: pkcs11t.h:1247
#define CKM_SSL3_MASTER_KEY_DERIVE
Definition: pkcs11t.h:770
#define CKM_RSA_PKCS
Definition: pkcs11t.h:587
#define CKM_ECDSA_SHA1
Definition: pkcs11t.h:892
#define CKR_KEY_CHANGED
Definition: pkcs11t.h:1076
#define CKK_SHA224_HMAC
Definition: pkcs11t.h:378
#define CKM_IDEA_ECB
Definition: pkcs11t.h:758
#define CKD_SHA512_KDF
Definition: pkcs11t.h:1299
#define CKA_START_DATE
Definition: pkcs11t.h:472
#define CKK_DH
Definition: pkcs11t.h:341
#define CKK_RC5
Definition: pkcs11t.h:356
#define CKR_ATTRIBUTE_TYPE_INVALID
Definition: pkcs11t.h:1053
#define CKA_OTP_SERVICE_IDENTIFIER
Definition: pkcs11t.h:531
CK_BYTE CK_UTF8CHAR
Definition: pkcs11t.h:42
#define CKM_GOSTR3411_HMAC
Definition: pkcs11t.h:950
#define CKM_WTLS_PRE_MASTER_KEY_GEN
Definition: pkcs11t.h:811
#define CKA_AUTH_PIN_FLAGS
Definition: pkcs11t.h:511
#define CKM_DES3_CMAC
Definition: pkcs11t.h:672
#define CKM_RC2_MAC
Definition: pkcs11t.h:648
#define CKM_SHA256_KEY_DERIVATION
Definition: pkcs11t.h:787
#define CKA_SERIAL_NUMBER
Definition: pkcs11t.h:446
#define CKK_DES2
Definition: pkcs11t.h:350
#define CKM_CAST5_MAC_GENERAL
Definition: pkcs11t.h:747
#define CKF_LOGIN_REQUIRED
Definition: pkcs11t.h:157
#define CKF_HW_SLOT
Definition: pkcs11t.h:124
#define CKO_PUBLIC_KEY
Definition: pkcs11t.h:312
#define CKF_EC_UNCOMPRESS
Definition: pkcs11t.h:1026
#define CKA_SUB_PRIME_BITS
Definition: pkcs11t.h:490
#define CKM_RSA_X_509
Definition: pkcs11t.h:589
#define CKF_LIBRARY_CANT_CREATE_OS_THREADS
Definition: pkcs11t.h:1225
#define CKM_SEED_MAC_GENERAL
Definition: pkcs11t.h:860
#define CKF_PROTECTED_AUTHENTICATION_PATH
Definition: pkcs11t.h:177
#define CKA_ISSUER
Definition: pkcs11t.h:445
#define CKM_ARIA_KEY_GEN
Definition: pkcs11t.h:847
#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY
Definition: pkcs11t.h:454
#define CKR_FUNCTION_CANCELED
Definition: pkcs11t.h:1065
#define CKM_DSA_PROBABLISTIC_PARAMETER_GEN
Definition: pkcs11t.h:960
#define CKM_AES_CTR
Definition: pkcs11t.h:919
#define CKM_TLS12_MAC
Definition: pkcs11t.h:820
#define CKM_DES3_CBC
Definition: pkcs11t.h:666
#define CKM_TWOFISH_CBC_PAD
Definition: pkcs11t.h:935
#define CKM_AES_CMAC
Definition: pkcs11t.h:923
#define CKM_SKIPJACK_CFB8
Definition: pkcs11t.h:872
#define CKM_RSA_X9_31_KEY_PAIR_GEN
Definition: pkcs11t.h:599
#define CKR_KEY_UNEXTRACTABLE
Definition: pkcs11t.h:1081
#define CKR_DATA_INVALID
Definition: pkcs11t.h:1058
#define CKR_UNWRAPPING_KEY_HANDLE_INVALID
Definition: pkcs11t.h:1113
#define CKM_CONCATENATE_BASE_AND_KEY
Definition: pkcs11t.h:764
#define CKR_NEED_TO_CREATE_THREADS
Definition: pkcs11t.h:1048
#define CKK_SHA256_HMAC
Definition: pkcs11t.h:375
#define CKM_SHA512_256
Definition: pkcs11t.h:635
#define CKM_SEED_ECB_ENCRYPT_DATA
Definition: pkcs11t.h:862
#define CKR_WRAPPING_KEY_SIZE_RANGE
Definition: pkcs11t.h:1127
#define CKM_FORTEZZA_TIMESTAMP
Definition: pkcs11t.h:879
#define CKS_RW_PUBLIC_SESSION
Definition: pkcs11t.h:274
#define CKR_MECHANISM_PARAM_INVALID
Definition: pkcs11t.h:1084
#define CKA_SUPPORTED_CMS_ATTRIBUTES
Definition: pkcs11t.h:556
#define CKF_TOKEN_INITIALIZED
Definition: pkcs11t.h:193
#define CKR_TOKEN_NOT_RECOGNIZED
Definition: pkcs11t.h:1111
#define CKM_MD5
Definition: pkcs11t.h:690
#define CKM_SHA512_HMAC_GENERAL
Definition: pkcs11t.h:718
#define CKM_CAST3_ECB
Definition: pkcs11t.h:733
#define CKM_SKIPJACK_CFB64
Definition: pkcs11t.h:869
#define CKM_DES_CBC_ENCRYPT_DATA
Definition: pkcs11t.h:938
#define CK_FALSE
Definition: pkcs11t.h:24
#define CKC_WTLS
Definition: pkcs11t.h:409
#define CKM_SHA_1_HMAC
Definition: pkcs11t.h:697
#define CKD_SHA1_KDF_ASN1
Definition: pkcs11t.h:1294
#define CKR_ATTRIBUTE_SENSITIVE
Definition: pkcs11t.h:1052
#define CKG_MGF1_SHA512
Definition: pkcs11t.h:1249
#define CKM_CAMELLIA_MAC
Definition: pkcs11t.h:840
#define CKM_IDEA_KEY_GEN
Definition: pkcs11t.h:757
#define CKM_ECDH1_COFACTOR_DERIVE
Definition: pkcs11t.h:899
#define CKR_RANDOM_NO_RNG
Definition: pkcs11t.h:1131
#define CKM_ARIA_CBC_ENCRYPT_DATA
Definition: pkcs11t.h:854
#define CKM_CAMELLIA_KEY_GEN
Definition: pkcs11t.h:837
#define CKR_PIN_LEN_RANGE
Definition: pkcs11t.h:1091
#define CKC_X_509
Definition: pkcs11t.h:407
#define CKF_DIGEST
Definition: pkcs11t.h:1008
#define CKF_USER_PIN_FINAL_TRY
Definition: pkcs11t.h:210
#define CKM_ECDSA_SHA224
Definition: pkcs11t.h:893
#define CKF_DERIVE
Definition: pkcs11t.h:1017
#define CKM_BATON_KEY_GEN
Definition: pkcs11t.h:880
#define CKR_DEVICE_ERROR
Definition: pkcs11t.h:1060
#define CKA_PRIVATE_EXPONENT
Definition: pkcs11t.h:477
#define CKR_RANDOM_SEED_NOT_SUPPORTED
Definition: pkcs11t.h:1129
#define CKA_RESOLUTION
Definition: pkcs11t.h:545
#define CKR_SESSION_PARALLEL_NOT_SUPPORTED
Definition: pkcs11t.h:1099
#define CKM_MD2
Definition: pkcs11t.h:685
#define CKM_BATON_CBC128
Definition: pkcs11t.h:883
#define CKM_DSA
Definition: pkcs11t.h:606
#define CKA_ID
Definition: pkcs11t.h:461
#define CKA_OBJECT_ID
Definition: pkcs11t.h:443
#define CKM_AES_CFB8
Definition: pkcs11t.h:965
#define CKM_CMS_SIG
Definition: pkcs11t.h:832
#define CKA_APPLICATION
Definition: pkcs11t.h:441
#define CKM_RIPEMD128
Definition: pkcs11t.h:700
#define CKF_VERIFY
Definition: pkcs11t.h:1011
#define CKM_AES_CBC_PAD
Definition: pkcs11t.h:918
#define CKG_MGF1_SHA224
Definition: pkcs11t.h:1250
#define CKM_CAST3_CBC
Definition: pkcs11t.h:734
#define CKM_ECDH1_DERIVE
Definition: pkcs11t.h:898
#define CKM_VENDOR_DEFINED
Definition: pkcs11t.h:975
#define CKR_ATTRIBUTE_READ_ONLY
Definition: pkcs11t.h:1051
#define CKR_KEY_FUNCTION_NOT_PERMITTED
Definition: pkcs11t.h:1079
#define CKA_HW_FEATURE_TYPE
Definition: pkcs11t.h:539
#define CKM_TWOFISH_KEY_GEN
Definition: pkcs11t.h:932
#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT
Definition: pkcs11t.h:1128
#define CKN_SURRENDER
Definition: pkcs11t.h:101
#define CKK_CAST128
Definition: pkcs11t.h:355
#define CKA_VERIFY_RECOVER
Definition: pkcs11t.h:470
#define CKK_CAST5
Definition: pkcs11t.h:354
#define CKM_SHA512_224_HMAC_GENERAL
Definition: pkcs11t.h:633
#define CKM_SKIPJACK_RELAYX
Definition: pkcs11t.h:875
CK_ULONG CK_RV
Definition: pkcs11t.h:1036
#define CKM_SHA512_224_HMAC
Definition: pkcs11t.h:632
#define CKR_SESSION_EXISTS
Definition: pkcs11t.h:1101
#define CKM_MD5_HMAC_GENERAL
Definition: pkcs11t.h:693
#define CKM_MD2_RSA_PKCS
Definition: pkcs11t.h:591
#define CKR_FUNCTION_REJECTED
Definition: pkcs11t.h:1156
#define CKM_SHA_1_HMAC_GENERAL
Definition: pkcs11t.h:698
#define CKM_TLS10_MAC_CLIENT
Definition: pkcs11t.h:819
unsigned long int CK_ULONG
Definition: pkcs11t.h:48
#define CKO_SECRET_KEY
Definition: pkcs11t.h:314
#define CKK_RSA
Definition: pkcs11t.h:339
#define CKM_JUNIPER_ECB128
Definition: pkcs11t.h:906
#define CKA_PUBLIC_EXPONENT
Definition: pkcs11t.h:476
#define CKM_SKIPJACK_CBC64
Definition: pkcs11t.h:867
#define CKM_DES_ECB
Definition: pkcs11t.h:656
#define CKM_CAST_CBC
Definition: pkcs11t.h:728
#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE
Definition: pkcs11t.h:815
#define CKM_PBE_SHA1_DES2_EDE_CBC
Definition: pkcs11t.h:803
#define CKM_X9_42_DH_KEY_PAIR_GEN
Definition: pkcs11t.h:616
#define CKK_CAMELLIA
Definition: pkcs11t.h:368
#define CKA_MODIFIABLE
Definition: pkcs11t.h:500
#define CRYPTOKI_VERSION_MINOR
Definition: pkcs11t.h:20
#define CKK_SEED
Definition: pkcs11t.h:380
#define CKM_RC5_MAC
Definition: pkcs11t.h:754
#define CKM_RSA_PKCS_KEY_PAIR_GEN
Definition: pkcs11t.h:586
#define CKR_SESSION_READ_ONLY
Definition: pkcs11t.h:1100
#define CKK_KEA
Definition: pkcs11t.h:345
#define CKM_RC2_CBC
Definition: pkcs11t.h:647
#define CKA_OTP_TIME_REQUIREMENT
Definition: pkcs11t.h:525
#define CKM_PBE_MD5_CAST5_CBC
Definition: pkcs11t.h:796
#define CKM_KEA_KEY_DERIVE
Definition: pkcs11t.h:877
#define CKC_X_509_ATTR_CERT
Definition: pkcs11t.h:408
#define CKM_JUNIPER_KEY_GEN
Definition: pkcs11t.h:905
#define CKM_RC5_CBC
Definition: pkcs11t.h:753
#define CKM_ARIA_CBC_PAD
Definition: pkcs11t.h:852
#define CKR_ENCRYPTED_DATA_LEN_RANGE
Definition: pkcs11t.h:1064
#define CKM_SHA512_KEY_DERIVATION
Definition: pkcs11t.h:789
#define CKA_BITS_PER_PIXEL
Definition: pkcs11t.h:549
#define CKR_SIGNATURE_INVALID
Definition: pkcs11t.h:1106
#define CKA_AC_ISSUER
Definition: pkcs11t.h:447
#define CKM_TLS_KDF
Definition: pkcs11t.h:827
#define CKM_AES_MAC_GENERAL
Definition: pkcs11t.h:917
#define CKM_CAST128_CBC_PAD
Definition: pkcs11t.h:750
#define CKM_BATON_ECB128
Definition: pkcs11t.h:881
#define CKA_OTP_USER_IDENTIFIER
Definition: pkcs11t.h:530
#define CKM_BLOWFISH_CBC
Definition: pkcs11t.h:931
#define CKM_FASTHASH
Definition: pkcs11t.h:911
#define CKR_SESSION_HANDLE_INVALID
Definition: pkcs11t.h:1098
#define CKF_EC_F_2M
Definition: pkcs11t.h:1023
#define CKM_ARIA_ECB
Definition: pkcs11t.h:848
#define CK_CERTIFICATE_CATEGORY_OTHER_ENTITY
Definition: pkcs11t.h:398
#define CKO_CERTIFICATE
Definition: pkcs11t.h:311
#define CKA_CHECK_VALUE
Definition: pkcs11t.h:457
#define CKM_DES_CBC
Definition: pkcs11t.h:657
#define CKF_USER_PIN_INITIALIZED
Definition: pkcs11t.h:158
CK_ULONG CK_NOTIFICATION
Definition: pkcs11t.h:100
#define CKM_CAST5_MAC
Definition: pkcs11t.h:745
struct CK_INFO CK_INFO
#define CKA_PUBLIC_KEY_INFO
Definition: pkcs11t.h:483
#define CKA_OTP_USER_FRIENDLY_MODE
Definition: pkcs11t.h:523
#define CKM_SHA384_HMAC_GENERAL
Definition: pkcs11t.h:715
#define CKF_RW_SESSION
Definition: pkcs11t.h:289
#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN
Definition: pkcs11t.h:1121
#define CKM_SECURID_KEY_GEN
Definition: pkcs11t.h:719
#define CKM_IDEA_MAC_GENERAL
Definition: pkcs11t.h:761
#define CKS_RO_USER_FUNCTIONS
Definition: pkcs11t.h:273
struct CK_SLOT_INFO CK_SLOT_INFO
#define CKM_TLS_KEY_AND_MAC_DERIVE
Definition: pkcs11t.h:776
#define CKM_GOST28147_ECB
Definition: pkcs11t.h:952
#define CKA_PRIME
Definition: pkcs11t.h:484
#define CKR_ARGUMENTS_BAD
Definition: pkcs11t.h:1046
struct CK_TOKEN_INFO CK_TOKEN_INFO
#define CKM_SECURID
Definition: pkcs11t.h:720
#define CKM_AES_CCM
Definition: pkcs11t.h:921
#define CKR_CANCEL
Definition: pkcs11t.h:1039
#define CKM_SHA512_224_KEY_DERIVATION
Definition: pkcs11t.h:634
#define CKM_SHA256
Definition: pkcs11t.h:707
#define CKM_IDEA_CBC_PAD
Definition: pkcs11t.h:762
#define CKM_SHA512_T_HMAC_GENERAL
Definition: pkcs11t.h:642
#define CKK_BLOWFISH
Definition: pkcs11t.h:363
#define CKM_CDMF_CBC_PAD
Definition: pkcs11t.h:678
#define CKU_USER
Definition: pkcs11t.h:266
#define CKR_PIN_TOO_WEAK
Definition: pkcs11t.h:1153
#define CKA_MODULUS
Definition: pkcs11t.h:474
unsigned char CK_BYTE
Definition: pkcs11t.h:36
#define CKM_AES_CFB64
Definition: pkcs11t.h:964
#define CKM_TLS_MASTER_KEY_DERIVE_DH
Definition: pkcs11t.h:777
#define CKA_PRIVATE
Definition: pkcs11t.h:439
#define CKM_DES_KEY_GEN
Definition: pkcs11t.h:655
CK_ULONG CK_SLOT_ID
Definition: pkcs11t.h:104
CK_ULONG CK_FLAGS
Definition: pkcs11t.h:54
#define CKR_PIN_EXPIRED
Definition: pkcs11t.h:1093
#define CKM_CAST3_MAC_GENERAL
Definition: pkcs11t.h:736
CK_ULONG CK_OBJECT_CLASS
Definition: pkcs11t.h:307
#define CKM_CAST5_CBC_PAD
Definition: pkcs11t.h:749
#define CKM_PBE_SHA1_RC2_128_CBC
Definition: pkcs11t.h:804
#define CKG_MGF1_SHA384
Definition: pkcs11t.h:1248
#define CKR_PIN_LOCKED
Definition: pkcs11t.h:1094
#define CKA_PRIME_1
Definition: pkcs11t.h:478
#define CKA_NAME_HASH_ALGORITHM
Definition: pkcs11t.h:456
#define CKM_DSA_SHA512
Definition: pkcs11t.h:611
#define CKM_SSL3_PRE_MASTER_KEY_GEN
Definition: pkcs11t.h:769
struct CK_ATTRIBUTE CK_ATTRIBUTE
#define CKM_SSL3_MASTER_KEY_DERIVE_DH
Definition: pkcs11t.h:773
#define CKM_IDEA_MAC
Definition: pkcs11t.h:760
#define CKR_LIBRARY_LOAD_FAILED
Definition: pkcs11t.h:1152
#define CKM_MD5_RSA_PKCS
Definition: pkcs11t.h:592
#define CKM_DSA_SHA384
Definition: pkcs11t.h:610
#define CKM_RIPEMD128_HMAC_GENERAL
Definition: pkcs11t.h:702
#define CKF_WRAP
Definition: pkcs11t.h:1015
#define CKK_DES
Definition: pkcs11t.h:349
#define CKM_PBA_SHA1_WITH_SHA1_HMAC
Definition: pkcs11t.h:809
#define CKA_OTP_SERVICE_LOGO_TYPE
Definition: pkcs11t.h:533
CK_ULONG CK_SESSION_HANDLE
Definition: pkcs11t.h:256
#define CKA_OTP_CHALLENGE_REQUIREMENT
Definition: pkcs11t.h:524
#define CKK_ACTI
Definition: pkcs11t.h:367
#define CKR_CANT_LOCK
Definition: pkcs11t.h:1049
#define CKM_DES_CBC_PAD
Definition: pkcs11t.h:661
#define CKR_TOKEN_NOT_PRESENT
Definition: pkcs11t.h:1110
#define CKA_OTP_FORMAT
Definition: pkcs11t.h:520
#define CKF_EXTENSION
Definition: pkcs11t.h:1029
#define CKM_SHA512_T
Definition: pkcs11t.h:640
#define CKM_DES3_CBC_PAD
Definition: pkcs11t.h:670
#define CKM_SHA512_T_KEY_DERIVATION
Definition: pkcs11t.h:643
#define CKA_EC_POINT
Definition: pkcs11t.h:508
#define CKR_CRYPTOKI_NOT_INITIALIZED
Definition: pkcs11t.h:1142
#define CKM_KEA_DERIVE
Definition: pkcs11t.h:878
#define CKM_DH_PKCS_DERIVE
Definition: pkcs11t.h:614
#define CKM_CAMELLIA_MAC_GENERAL
Definition: pkcs11t.h:841
#define CKA_SENSITIVE
Definition: pkcs11t.h:462
#define CKM_MD2_HMAC_GENERAL
Definition: pkcs11t.h:688
#define CKF_EC_F_P
Definition: pkcs11t.h:1022
#define CKM_SEED_CBC_ENCRYPT_DATA
Definition: pkcs11t.h:863
#define CKM_DES3_CMAC_GENERAL
Definition: pkcs11t.h:671
#define CKR_PIN_INCORRECT
Definition: pkcs11t.h:1089
#define CKM_CAST128_MAC_GENERAL
Definition: pkcs11t.h:748
#define CKM_ARIA_CBC
Definition: pkcs11t.h:849
#define CK_CERTIFICATE_CATEGORY_TOKEN_USER
Definition: pkcs11t.h:396
#define CKM_CAMELLIA_CTR
Definition: pkcs11t.h:845
#define CKM_PBE_SHA1_RC4_40
Definition: pkcs11t.h:801
#define CKM_PBE_SHA1_CAST5_CBC
Definition: pkcs11t.h:798
#define CKM_TLS10_MAC_SERVER
Definition: pkcs11t.h:818
#define CKM_X9_42_DH_DERIVE
Definition: pkcs11t.h:617
#define CKF_GENERATE_KEY_PAIR
Definition: pkcs11t.h:1014
#define CKM_AES_KEY_WRAP
Definition: pkcs11t.h:969
#define CKM_SKIPJACK_PRIVATE_WRAP
Definition: pkcs11t.h:874
#define CKF_SIGN_RECOVER
Definition: pkcs11t.h:1010
#define CKA_SIGN_RECOVER
Definition: pkcs11t.h:468
#define CKM_KEY_WRAP_LYNKS
Definition: pkcs11t.h:829
#define CKM_SHA512_RSA_PKCS_PSS
Definition: pkcs11t.h:626
#define CKM_CAST5_KEY_GEN
Definition: pkcs11t.h:739
#define CKF_REMOVABLE_DEVICE
Definition: pkcs11t.h:123
#define CKP_PKCS5_PBKD2_HMAC_SHA512_256
Definition: pkcs11t.h:1726
#define CKM_CAMELLIA_CBC
Definition: pkcs11t.h:839
#define CKM_ECDSA_SHA512
Definition: pkcs11t.h:896
#define CKM_RSA_PKCS_OAEP
Definition: pkcs11t.h:597
#define CKM_DES_OFB64
Definition: pkcs11t.h:680
#define CKR_WRAPPED_KEY_INVALID
Definition: pkcs11t.h:1124
#define CKF_SECONDARY_AUTHENTICATION
Definition: pkcs11t.h:199
#define CKO_OTP_KEY
Definition: pkcs11t.h:318
#define CKM_PBE_SHA1_RC4_128
Definition: pkcs11t.h:800
#define CKM_CDMF_MAC
Definition: pkcs11t.h:676
#define CKM_RSA_PKCS_OAEP_TPM_1_1
Definition: pkcs11t.h:973
#define CKM_SHA512_RSA_PKCS
Definition: pkcs11t.h:623
#define CKA_EXPONENT_1
Definition: pkcs11t.h:480
#define CKM_DES3_MAC_GENERAL
Definition: pkcs11t.h:669
#define CKM_CAST_CBC_PAD
Definition: pkcs11t.h:731
#define CKP_PKCS5_PBKD2_HMAC_SHA224
Definition: