Botan  2.4.0
Crypto and TLS for C++11
p11.h
Go to the documentation of this file.
1 /*
2 * PKCS#11
3 * (C) 2016 Daniel Neus, Sirrix AG
4 * (C) 2016 Philipp Weber, Sirrix AG
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8 
9 #ifndef BOTAN_P11_H_
10 #define BOTAN_P11_H_
11 
12 #include <botan/secmem.h>
13 #include <botan/exceptn.h>
14 #include <botan/dyn_load.h>
15 
16 #include <vector>
17 #include <string>
18 #include <map>
19 
20 #define CK_PTR *
21 
22 #if defined(_MSC_VER)
23 #define CK_DECLARE_FUNCTION(returnType, name) \
24  returnType __declspec(dllimport) name
25 #else
26 #define CK_DECLARE_FUNCTION(returnType, name) \
27  returnType name
28 #endif
29 
30 #if defined(_MSC_VER)
31 #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
32  returnType __declspec(dllimport) (* name)
33 #else
34 #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
35  returnType (* name)
36 #endif
37 
38 #define CK_CALLBACK_FUNCTION(returnType, name) \
39  returnType (* name)
40 
41 #ifndef NULL_PTR
42  #define NULL_PTR nullptr
43 #endif
44 
45 #if defined(_MSC_VER)
46  #pragma pack(push, cryptoki, 1)
47 #endif
48 
49 #include "pkcs11.h"
50 
51 #if defined(_MSC_VER)
52  #pragma pack(pop, cryptoki)
53 #endif
54 
55 static_assert(CRYPTOKI_VERSION_MAJOR == 2 && CRYPTOKI_VERSION_MINOR == 40,
56  "The Botan PKCS#11 module was implemented against PKCS#11 v2.40. Please use the correct PKCS#11 headers.");
57 
58 namespace Botan {
59 namespace PKCS11 {
60 
62 
64  {
65  Class = CKA_CLASS,
66  Token = CKA_TOKEN,
68  Label = CKA_LABEL,
70  Value = CKA_VALUE,
76  Owner = CKA_OWNER,
81  Url = CKA_URL,
88  Id = CKA_ID,
92  Wrap = CKA_WRAP,
94  Sign = CKA_SIGN,
111  Prime = CKA_PRIME,
113  Base = CKA_BASE,
120  Local = CKA_LOCAL,
162  Color = CKA_COLOR,
173  };
174 
176  {
177  X509 = CKC_X_509,
179  Wtls = CKC_WTLS,
181  };
182 
183 /// Indicates if a stored certificate is a user certificate for which the corresponding private key is available
184 /// on the token ("token user"), a CA certificate ("authority"), or another end-entity certificate ("other entity").
186  {
191  };
192 
194  {
195  Null = CKD_NULL,
204  };
205 
206 enum class Flag : CK_FLAGS
207  {
208  None = 0,
212  Rng = CKF_RNG,
234  Hw = CKF_HW,
237  Digest = CKF_DIGEST,
238  Sign = CKF_SIGN,
240  Verify = CKF_VERIFY,
244  Wrap = CKF_WRAP,
245  Unwrap = CKF_UNWRAP,
246  Derive = CKF_DERIVE,
247  EcFP = CKF_EC_F_P,
248  EcF2m = CKF_EC_F_2M,
263  };
264 
265 inline Flag operator | (Flag a, Flag b)
266  {
267  return static_cast< Flag >(static_cast< CK_FLAGS >(a) | static_cast< CK_FLAGS >(b));
268  }
269 
271  {
277  };
278 
280  {
282  Clock = CKH_CLOCK,
285  };
286 
287 enum class KeyType : CK_KEY_TYPE
288  {
289  Rsa = CKK_RSA,
290  Dsa = CKK_DSA,
291  Dh = CKK_DH,
292  Ecdsa = CKK_ECDSA,
293  Ec = CKK_EC,
295  Kea = CKK_KEA,
297  Rc2 = CKK_RC2,
298  Rc4 = CKK_RC4,
299  Des = CKK_DES,
300  Des2 = CKK_DES2,
301  Des3 = CKK_DES3,
302  Cast = CKK_CAST,
303  Cast3 = CKK_CAST3,
304  Cast5 = CKK_CAST5,
306  Rc5 = CKK_RC5,
307  Idea = CKK_IDEA,
309  Baton = CKK_BATON,
311  Cdmf = CKK_CDMF,
312  Aes = CKK_AES,
316  Hotp = CKK_HOTP,
317  Acti = CKK_ACTI,
319  Aria = CKK_ARIA,
328  Seed = CKK_SEED,
333  };
334 
336  {
353  Dsa = CKM_DSA,
392  Rc4 = CKM_RC4,
418  Md2 = CKM_MD2,
421  Md5 = CKM_MD5,
424  Sha1 = CKM_SHA_1,
433  Sha256 = CKM_SHA256,
436  Sha224 = CKM_SHA224,
439  Sha384 = CKM_SHA384,
442  Sha512 = CKM_SHA512,
448  Hotp = CKM_HOTP,
449  Acti = CKM_ACTI,
598  Ecdsa = CKM_ECDSA,
670  };
671 
673  {
676  };
677 
679  {
680  Data = CKO_DATA,
690  };
691 
693  {
702  };
703 
704 enum class SessionState : CK_STATE
705  {
711  };
712 
713 enum class ReturnValue : CK_RV
714  {
715  OK = CKR_OK,
716  Cancel = CKR_CANCEL,
810  };
811 
812 enum class UserType : CK_USER_TYPE
813  {
814  SO = CKU_SO,
815  User = CKU_USER,
817  };
818 
819 enum class PublicPointEncoding : uint32_t
820  {
821  Raw,
822  Der
823  };
824 
828 using CreateMutex = CK_CREATEMUTEX;
829 using DestroyMutex = CK_DESTROYMUTEX;
830 using LockMutex = CK_LOCKMUTEX;
831 using UnlockMutex = CK_UNLOCKMUTEX;
832 using Flags = CK_FLAGS;
833 using Info = CK_INFO;
834 using Bbool = CK_BBOOL;
836 using Ulong = CK_ULONG;
842 using Notify = CK_NOTIFY;
847 using Byte = CK_BYTE;
851 using Date = CK_DATE;
852 
854 
857 
859  {
860  return static_cast<Flags>(flags);
861  }
862 
863 class Slot;
864 
865 /**
866 * Initializes a token
867 * @param slot The slot with the attached token that should be initialized
868 * @param label The token label
869 * @param so_pin PIN of the security officer. Will be set if the token is uninitialized other this has to be the current SO_PIN
870 * @param pin The user PIN that will be set
871 */
872 BOTAN_PUBLIC_API(2,0) void initialize_token(Slot& slot, const std::string& label, const secure_string& so_pin,
873  const secure_string& pin);
874 
875 /**
876 * Change PIN with old PIN to new PIN
877 * @param slot The slot with the attached token
878 * @param old_pin The old user PIN
879 * @param new_pin The new user PIN
880 */
881 
882 BOTAN_PUBLIC_API(2,0) void change_pin(Slot& slot, const secure_string& old_pin, const secure_string& new_pin);
883 
884 /**
885 * Change SO_PIN with old SO_PIN to new SO_PIN
886 * @param slot The slot with the attached token
887 * @param old_so_pin The old SO_PIN
888 * @param new_so_pin The new SO_PIN
889 */
890 BOTAN_PUBLIC_API(2,0) void change_so_pin(Slot& slot, const secure_string& old_so_pin, const secure_string& new_so_pin);
891 
892 /**
893 * Sets user PIN with SO_PIN
894 * @param slot The slot with the attached token
895 * @param so_pin PIN of the security officer
896 * @param pin The user PIN that should be set
897 */
898 BOTAN_PUBLIC_API(2,0) void set_pin(Slot& slot, const secure_string& so_pin, const secure_string& pin);
899 
900 /// Provides access to all PKCS#11 functions
902  {
903  public:
904  /// @param ptr the functon list pointer to use. Can be retrieved via `LowLevel::C_GetFunctionList`
905  explicit LowLevel(FunctionListPtr ptr);
906 
907  /****************************** General purpose functions ******************************/
908 
909  /**
910  * C_Initialize initializes the Cryptoki library.
911  * @param init_args if this is not nullptr, it gets cast to (`C_InitializeArgs`) and dereferenced
912  * @param return_value default value (`ThrowException`): throw exception on error.
913  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
914  * At least the following PKCS#11 return values may be returned:
915  * \li ArgumentsBad \li CantLock \li CryptokiAlreadyInitialized
916  * \li FunctionFailed \li GeneralError \li HostMemory
917  * \li NeedToCreateThreads \li OK
918  * @return true on success, false otherwise
919  */
920  bool C_Initialize(VoidPtr init_args,
921  ReturnValue* return_value = ThrowException) const;
922 
923  /**
924  * C_Finalize indicates that an application is done with the Cryptoki library.
925  * @param reserved reserved. Should be nullptr
926  * @param return_value default value (`ThrowException`): throw exception on error.
927  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
928  * At least the following PKCS#11 return values may be returned:
929  * \li ArgumentsBad \li CryptokiNotInitialized \li FunctionFailed
930  * \li GeneralError \li HostMemory \li OK
931  * @return true on success, false otherwise
932  */
933  bool C_Finalize(VoidPtr reserved,
934  ReturnValue* return_value = ThrowException) const;
935 
936  /**
937  * C_GetInfo returns general information about Cryptoki.
938  * @param info_ptr location that receives information
939  * @param return_value default value (`ThrowException`): throw exception on error.
940  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
941  * At least the following PKCS#11 return values may be returned:
942  * \li ArgumentsBad \li CryptokiNotInitialized \li FunctionFailed
943  * \li GeneralError \li HostMemory \li OK
944  * @return true on success, false otherwise
945  */
946  bool C_GetInfo(Info* info_ptr,
947  ReturnValue* return_value = ThrowException) const;
948 
949  /**
950  * C_GetFunctionList returns the function list.
951  * @param pkcs11_module The PKCS#11 module
952  * @param function_list_ptr_ptr receives pointer to function list
953  * @param return_value default value (`ThrowException`): throw exception on error.
954  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
955  * At least the following PKCS#11 return values may be returned:
956  * \li ArgumentsBad \li FunctionFailed \li GeneralError
957  * \li HostMemory \li OK
958  * @return true on success, false otherwise
959  */
960  static bool C_GetFunctionList(Dynamically_Loaded_Library& pkcs11_module, FunctionListPtr* function_list_ptr_ptr,
961  ReturnValue* return_value = ThrowException);
962 
963  /****************************** Slot and token management functions ******************************/
964 
965  /**
966  * C_GetSlotList obtains a list of slots in the system.
967  * @param token_present only slots with tokens
968  * @param slot_list_ptr receives array of slot IDs
969  * @param count_ptr receives number of slots
970  * @param return_value default value (`ThrowException`): throw exception on error.
971  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
972  * At least the following PKCS#11 return values may be returned:
973  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
974  * \li FunctionFailed \li GeneralError \li HostMemory
975  * \li OK
976  * @return true on success, false otherwise
977  */
978  bool C_GetSlotList(Bbool token_present,
979  SlotId* slot_list_ptr,
980  Ulong* count_ptr,
981  ReturnValue* return_value = ThrowException) const;
982 
983  /**
984  * C_GetSlotList obtains a list of slots in the system.
985  * @param token_present only slots with tokens
986  * @param slot_ids receives vector of slot IDs
987  * @param return_value default value (`ThrowException`): throw exception on error.
988  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
989  * At least the following PKCS#11 return values may be returned:
990  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
991  * \li FunctionFailed \li GeneralError \li HostMemory
992  * \li OK
993  * @return true on success, false otherwise
994  */
995  bool C_GetSlotList(bool token_present,
996  std::vector<SlotId>& slot_ids,
997  ReturnValue* return_value = ThrowException) const;
998 
999  /**
1000  * C_GetSlotInfo obtains information about a particular slot in the system.
1001  * @param slot_id the ID of the slot
1002  * @param info_ptr receives the slot information
1003  * @param return_value default value (`ThrowException`): throw exception on error.
1004  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1005  * At least the following PKCS#11 return values may be returned:
1006  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1007  * \li FunctionFailed \li GeneralError \li HostMemory
1008  * \li OK \li SlotIdInvalid
1009  * @return true on success, false otherwise
1010  */
1011  bool C_GetSlotInfo(SlotId slot_id,
1012  SlotInfo* info_ptr,
1013  ReturnValue* return_value = ThrowException) const;
1014 
1015  /**
1016  * C_GetTokenInfo obtains information about a particular token in the system.
1017  * @param slot_id ID of the token's slot
1018  * @param info_ptr receives the token information
1019  * @param return_value default value (`ThrowException`): throw exception on error.
1020  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1021  * At least the following PKCS#11 return values may be returned:
1022  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1023  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1024  * \li HostMemory \li OK \li SlotIdInvalid
1025  * \li TokenNotPresent \li TokenNotRecognized \li ArgumentsBad
1026  * @return true on success, false otherwise
1027  */
1028  bool C_GetTokenInfo(SlotId slot_id,
1029  TokenInfo* info_ptr,
1030  ReturnValue* return_value = ThrowException) const;
1031 
1032  /**
1033  * C_WaitForSlotEvent waits for a slot event (token insertion, removal, etc.) to occur.
1034  * @param flags blocking/nonblocking flag
1035  * @param slot_ptr location that receives the slot ID
1036  * @param reserved reserved. Should be NULL_PTR
1037  * @param return_value default value (`ThrowException`): throw exception on error.
1038  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1039  * At least the following PKCS#11 return values may be returned:
1040  * \li ArgumentsBad \li CryptokiNotInitialized \li FunctionFailed
1041  * \li GeneralError \li HostMemory \li NoEvent
1042  * \li OK
1043  * @return true on success, false otherwise
1044  */
1045  bool C_WaitForSlotEvent(Flags flags,
1046  SlotId* slot_ptr,
1047  VoidPtr reserved,
1048  ReturnValue* return_value = ThrowException) const;
1049 
1050  /**
1051  * C_GetMechanismList obtains a list of mechanism types supported by a token.
1052  * @param slot_id ID of token's slot
1053  * @param mechanism_list_ptr gets mech. array
1054  * @param count_ptr gets # of mechs.
1055  * @param return_value default value (`ThrowException`): throw exception on error.
1056  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1057  * At least the following PKCS#11 return values may be returned:
1058  * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1059  * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1060  * \li GeneralError \li HostMemory \li OK
1061  * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1062  * \li ArgumentsBad
1063  * @return true on success, false otherwise
1064  */
1065  bool C_GetMechanismList(SlotId slot_id,
1066  MechanismType* mechanism_list_ptr,
1067  Ulong* count_ptr,
1068  ReturnValue* return_value = ThrowException) const;
1069 
1070  /**
1071  * C_GetMechanismList obtains a list of mechanism types supported by a token.
1072  * @param slot_id ID of token's slot
1073  * @param mechanisms receives vector of supported mechanisms
1074  * @param return_value default value (`ThrowException`): throw exception on error.
1075  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1076  * At least the following PKCS#11 return values may be returned:
1077  * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1078  * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1079  * \li GeneralError \li HostMemory \li OK
1080  * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1081  * \li ArgumentsBad
1082  * @return true on success, false otherwise
1083  */
1084  bool C_GetMechanismList(SlotId slot_id,
1085  std::vector<MechanismType>& mechanisms,
1086  ReturnValue* return_value = ThrowException) const;
1087 
1088  /**
1089  * C_GetMechanismInfo obtains information about a particular mechanism possibly supported by a token.
1090  * @param slot_id ID of the token's slot
1091  * @param type type of mechanism
1092  * @param info_ptr receives mechanism info
1093  * @param return_value default value (`ThrowException`): throw exception on error.
1094  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1095  * At least the following PKCS#11 return values may be returned:
1096  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1097  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1098  * \li HostMemory \li MechanismInvalid \li OK
1099  * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1100  * \li ArgumentsBad
1101  * @return true on success, false otherwise
1102  */
1103  bool C_GetMechanismInfo(SlotId slot_id,
1105  MechanismInfo* info_ptr,
1106  ReturnValue* return_value = ThrowException) const;
1107 
1108  /**
1109  * C_InitToken initializes a token.
1110  * @param slot_id ID of the token's slot
1111  * @param so_pin_ptr the SO's initial PIN
1112  * @param so_pin_len length in bytes of the SO_PIN
1113  * @param label_ptr 32-byte token label (blank padded)
1114  * @param return_value default value (`ThrowException`): throw exception on error.
1115  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1116  * At least the following PKCS#11 return values may be returned:
1117  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1118  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1119  * \li GeneralError \li HostMemory \li OK
1120  * \li PinIncorrect \li PinLocked \li SessionExists
1121  * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1122  * \li TokenWriteProtected \li ArgumentsBad
1123  * @return true on success, false otherwise
1124  */
1125  bool C_InitToken(SlotId slot_id,
1126  Utf8Char* so_pin_ptr,
1127  Ulong so_pin_len,
1128  Utf8Char* label_ptr,
1129  ReturnValue* return_value = ThrowException) const;
1130 
1131  /**
1132  * C_InitToken initializes a token.
1133  * @param slot_id ID of the token's slot
1134  * @param so_pin the SO's initial PIN
1135  * @param label token label (at max 32 bytes long)
1136  * @param return_value default value (`ThrowException`): throw exception on error.
1137  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1138  * At least the following PKCS#11 return values may be returned:
1139  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1140  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1141  * \li GeneralError \li HostMemory \li OK
1142  * \li PinIncorrect \li PinLocked \li SessionExists
1143  * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1144  * \li TokenWriteProtected \li ArgumentsBad
1145  * @return true on success, false otherwise
1146  */
1147  template<typename TAlloc>
1148  bool C_InitToken(SlotId slot_id,
1149  const std::vector<uint8_t, TAlloc>& so_pin,
1150  const std::string& label,
1151  ReturnValue* return_value = ThrowException) const
1152  {
1153  std::string padded_label = label;
1154  if(label.size() < 32)
1155  {
1156  padded_label.insert(padded_label.end(), 32 - label.size(), ' ');
1157  }
1158 
1159  return C_InitToken(slot_id, reinterpret_cast< Utf8Char* >(const_cast< uint8_t* >(so_pin.data())),
1160  so_pin.size(), reinterpret_cast< Utf8Char* >(const_cast< char* >(padded_label.c_str())), return_value);
1161  }
1162 
1163  /**
1164  * C_InitPIN initializes the normal user's PIN.
1165  * @param session the session's handle
1166  * @param pin_ptr the normal user's PIN
1167  * @param pin_len length in bytes of the PIN
1168  * @param return_value default value (`ThrowException`): throw exception on error.
1169  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1170  * At least the following PKCS#11 return values may be returned:
1171  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1172  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1173  * \li GeneralError \li HostMemory \li OK
1174  * \li PinInvalid \li PinLenRange \li SessionClosed
1175  * \li SessionReadOnly \li SessionHandleInvalid \li TokenWriteProtected
1176  * \li UserNotLoggedIn \li ArgumentsBad
1177  * @return true on success, false otherwise
1178  */
1179  bool C_InitPIN(SessionHandle session,
1180  Utf8Char* pin_ptr,
1181  Ulong pin_len,
1182  ReturnValue* return_value = ThrowException) const;
1183 
1184  /**
1185  * C_InitPIN initializes the normal user's PIN.
1186  * @param session the session's handle
1187  * @param pin the normal user's PIN
1188  * @param return_value default value (`ThrowException`): throw exception on error.
1189  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1190  * At least the following PKCS#11 return values may be returned:
1191  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1192  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1193  * \li GeneralError \li HostMemory \li OK
1194  * \li PinInvalid \li PinLenRange \li SessionClosed
1195  * \li SessionReadOnly \li SessionHandleInvalid \li TokenWriteProtected
1196  * \li UserNotLoggedIn \li ArgumentsBad
1197  * @return true on success, false otherwise
1198  */
1199  template<typename TAlloc>
1200  bool C_InitPIN(SessionHandle session,
1201  const std::vector<uint8_t, TAlloc>& pin,
1202  ReturnValue* return_value = ThrowException) const
1203  {
1204  return C_InitPIN(session, reinterpret_cast< Utf8Char* >(const_cast< uint8_t* >(pin.data())), pin.size(), return_value);
1205  }
1206 
1207  /**
1208  * C_SetPIN modifies the PIN of the user who is logged in.
1209  * @param session the session's handle
1210  * @param old_pin_ptr the old PIN
1211  * @param old_len length of the old PIN
1212  * @param new_pin_ptr the new PIN
1213  * @param new_len length of the new PIN
1214  * @param return_value default value (`ThrowException`): throw exception on error.
1215  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1216  * At least the following PKCS#11 return values may be returned:
1217  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1218  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1219  * \li GeneralError \li HostMemory \li OK
1220  * \li PinIncorrect \li PinInvalid \li PinLenRange
1221  * \li PinLocked \li SessionClosed \li SessionHandleInvalid
1222  * \li SessionReadOnly \li TokenWriteProtected \li ArgumentsBad
1223  * @return true on success, false otherwise
1224  */
1225  bool C_SetPIN(SessionHandle session,
1226  Utf8Char* old_pin_ptr,
1227  Ulong old_len,
1228  Utf8Char* new_pin_ptr,
1229  Ulong new_len,
1230  ReturnValue* return_value = ThrowException) const;
1231 
1232  /**
1233  * C_SetPIN modifies the PIN of the user who is logged in.
1234  * @param session the session's handle
1235  * @param old_pin the old PIN
1236  * @param new_pin the new PIN
1237  * @param return_value default value (`ThrowException`): throw exception on error.
1238  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1239  * At least the following PKCS#11 return values may be returned:
1240  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1241  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1242  * \li GeneralError \li HostMemory \li OK
1243  * \li PinIncorrect \li PinInvalid \li PinLenRange
1244  * \li PinLocked \li SessionClosed \li SessionHandleInvalid
1245  * \li SessionReadOnly \li TokenWriteProtected \li ArgumentsBad
1246  * @return true on success, false otherwise
1247  */
1248  template<typename TAlloc>
1249  bool C_SetPIN(SessionHandle session,
1250  const std::vector<uint8_t, TAlloc>& old_pin,
1251  const std::vector<uint8_t, TAlloc>& new_pin,
1252  ReturnValue* return_value = ThrowException) const
1253  {
1254  return C_SetPIN(session,
1255  reinterpret_cast< Utf8Char* >(const_cast< uint8_t* >(old_pin.data())), old_pin.size(),
1256  reinterpret_cast< Utf8Char* >(const_cast< uint8_t* >(new_pin.data())), new_pin.size(),
1257  return_value);
1258  }
1259 
1260 
1261  /****************************** Session management ******************************/
1262 
1263  /**
1264  * C_OpenSession opens a session between an application and a token.
1265  * @param slot_id the slot's ID
1266  * @param flags from CK_SESSION_INFO
1267  * @param application passed to callback
1268  * @param notify callback function
1269  * @param session_ptr gets session handle
1270  * @param return_value default value (`ThrowException`): throw exception on error.
1271  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1272  * At least the following PKCS#11 return values may be returned:
1273  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1274  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1275  * \li HostMemory \li OK \li SessionCount
1276  * \li SessionParallelNotSupported \li SessionReadWriteSoExists \li SlotIdInvalid
1277  * \li TokenNotPresent \li TokenNotRecognized \li TokenWriteProtected
1278  * \li ArgumentsBad
1279  * @return true on success, false otherwise
1280  */
1281  bool C_OpenSession(SlotId slot_id,
1282  Flags flags,
1283  VoidPtr application,
1284  Notify notify,
1285  SessionHandle* session_ptr,
1286  ReturnValue* return_value = ThrowException) const;
1287 
1288  /**
1289  * C_CloseSession closes a session between an application and a token.
1290  * @param session the session's handle
1291  * @param return_value default value (`ThrowException`): throw exception on error.
1292  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1293  * At least the following PKCS#11 return values may be returned:
1294  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1295  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1296  * \li HostMemory \li OK \li SessionClosed
1297  * \li SessionHandleInvalid
1298  * @return true on success, false otherwise
1299  */
1300  bool C_CloseSession(SessionHandle session,
1301  ReturnValue* return_value = ThrowException) const;
1302 
1303  /**
1304  * C_CloseAllSessions closes all sessions with a token.
1305  * @param slot_id the token's slot
1306  * @param return_value default value (`ThrowException`): throw exception on error.
1307  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1308  * At least the following PKCS#11 return values may be returned:
1309  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1310  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1311  * \li HostMemory \li OK \li SlotIdInvalid
1312  * \li TokenNotPresent
1313  * @return true on success, false otherwise
1314  */
1315  bool C_CloseAllSessions(SlotId slot_id,
1316  ReturnValue* return_value = ThrowException) const;
1317 
1318  /**
1319  * C_GetSessionInfo obtains information about the session.
1320  * @param session the session's handle
1321  * @param info_ptr receives session info
1322  * @param return_value default value (`ThrowException`): throw exception on error.
1323  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1324  * At least the following PKCS#11 return values may be returned:
1325  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1326  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1327  * \li HostMemory \li OK \li SessionClosed
1328  * \li SessionHandleInvalid \li ArgumentsBad
1329  * @return true on success, false otherwise
1330  */
1331  bool C_GetSessionInfo(SessionHandle session,
1332  SessionInfo* info_ptr,
1333  ReturnValue* return_value = ThrowException) const;
1334 
1335  /**
1336  * C_GetOperationState obtains the state of the cryptographic operation in a session.
1337  * @param session session's handle
1338  * @param operation_state_ptr gets state
1339  * @param operation_state_len_ptr gets state length
1340  * @param return_value default value (`ThrowException`): throw exception on error.
1341  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1342  * At least the following PKCS#11 return values may be returned:
1343  * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1344  * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1345  * \li GeneralError \li HostMemory \li OK
1346  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
1347  * \li StateUnsaveable \li ArgumentsBad
1348  * @return true on success, false otherwise
1349  */
1350  bool C_GetOperationState(SessionHandle session,
1351  Byte* operation_state_ptr,
1352  Ulong* operation_state_len_ptr,
1353  ReturnValue* return_value = ThrowException) const;
1354 
1355  /**
1356  * C_SetOperationState restores the state of the cryptographic operation in a session.
1357  * @param session session's handle
1358  * @param operation_state_ptr holds state
1359  * @param operation_state_len holds state length
1360  * @param encryption_key en/decryption key
1361  * @param authentication_key sign/verify key
1362  * @param return_value default value (`ThrowException`): throw exception on error.
1363  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1364  * At least the following PKCS#11 return values may be returned:
1365  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1366  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1367  * \li HostMemory \li KeyChanged \li KeyNeeded
1368  * \li KeyNotNeeded \li OK \li SavedStateInvalid
1369  * \li SessionClosed \li SessionHandleInvalid \li ArgumentsBad
1370  * @return true on success, false otherwise
1371  */
1372  bool C_SetOperationState(SessionHandle session,
1373  Byte* operation_state_ptr,
1374  Ulong operation_state_len,
1375  ObjectHandle encryption_key,
1376  ObjectHandle authentication_key,
1377  ReturnValue* return_value = ThrowException) const;
1378 
1379  /**
1380  * C_Login logs a user into a token.
1381  * @param session the session's handle
1382  * @param user_type the user type
1383  * @param pin_ptr the user's PIN
1384  * @param pin_len the length of the PIN
1385  * @param return_value default value (`ThrowException`): throw exception on error.
1386  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1387  * At least the following PKCS#11 return values may be returned:
1388  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1389  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1390  * \li FunctionFailed \li GeneralError \li HostMemory
1391  * \li OK \li OperationNotInitialized \li PinIncorrect
1392  * \li PinLocked \li SessionClosed \li SessionHandleInvalid
1393  * \li SessionReadOnlyExists \li UserAlreadyLoggedIn \li UserAnotherAlreadyLoggedIn
1394  * \li UserPinNotInitialized \li UserTooManyTypes \li UserTypeInvalid
1395  * @return true on success, false otherwise
1396  */
1397  bool C_Login(SessionHandle session,
1398  UserType user_type,
1399  Utf8Char* pin_ptr,
1400  Ulong pin_len,
1401  ReturnValue* return_value = ThrowException) const;
1402 
1403  /**
1404  * C_Login logs a user into a token.
1405  * @param session the session's handle
1406  * @param user_type the user type
1407  * @param pin the user or security officer's PIN
1408  * @param return_value default value (`ThrowException`): throw exception on error.
1409  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1410  * At least the following PKCS#11 return values may be returned:
1411  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1412  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1413  * \li FunctionFailed \li GeneralError \li HostMemory
1414  * \li OK \li OperationNotInitialized \li PinIncorrect
1415  * \li PinLocked \li SessionClosed \li SessionHandleInvalid
1416  * \li SessionReadOnlyExists \li UserAlreadyLoggedIn \li UserAnotherAlreadyLoggedIn
1417  * \li UserPinNotInitialized \li UserTooManyTypes \li UserTypeInvalid
1418  * @return true on success, false otherwise
1419  */
1420  template<typename TAlloc>
1421  bool C_Login(SessionHandle session,
1422  UserType user_type,
1423  const std::vector<uint8_t, TAlloc>& pin,
1424  ReturnValue* return_value = ThrowException) const
1425  {
1426  return C_Login(session, user_type, reinterpret_cast< Utf8Char* >(const_cast< uint8_t* >(pin.data())), pin.size(),
1427  return_value);
1428  }
1429 
1430  /**
1431  * C_Logout logs a user out from a token.
1432  * @param session the session's handle
1433  * @param return_value default value (`ThrowException`): throw exception on error.
1434  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1435  * At least the following PKCS#11 return values may be returned:
1436  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1437  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1438  * \li HostMemory \li OK \li SessionClosed
1439  * \li SessionHandleInvalid \li UserNotLoggedIn
1440  * @return true on success, false otherwise
1441  */
1442  bool C_Logout(SessionHandle session,
1443  ReturnValue* return_value = ThrowException) const;
1444 
1445  /****************************** Object management functions ******************************/
1446 
1447  /**
1448  * C_CreateObject creates a new object.
1449  * @param session the session's handle
1450  * @param attribute_template_ptr the object's template
1451  * @param count attributes in template
1452  * @param object_ptr gets new object's handle.
1453  * @param return_value default value (`ThrowException`): throw exception on error.
1454  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1455  * At least the following PKCS#11 return values may be returned:
1456  * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
1457  * \li AttributeValueInvalid \li CryptokiNotInitialized \li CurveNotSupported
1458  * \li DeviceError \li DeviceMemory \li DeviceRemoved
1459  * \li DomainParamsInvalid \li FunctionFailed \li GeneralError
1460  * \li HostMemory \li OK \li PinExpired
1461  * \li SessionClosed \li SessionHandleInvalid \li SessionReadOnly
1462  * \li TemplateIncomplete \li TemplateInconsistent \li TokenWriteProtected
1463  * \li UserNotLoggedIn
1464  * @return true on success, false otherwise
1465  */
1466  bool C_CreateObject(SessionHandle session,
1467  Attribute* attribute_template_ptr,
1468  Ulong count,
1469  ObjectHandle* object_ptr,
1470  ReturnValue* return_value = ThrowException) const;
1471 
1472  /**
1473  * C_CopyObject copies an object, creating a new object for the copy.
1474  * @param session the session's handle
1475  * @param object the object's handle
1476  * @param attribute_template_ptr template for new object
1477  * @param count attributes in template
1478  * @param new_object_ptr receives handle of copy
1479  * @param return_value default value (`ThrowException`): throw exception on error.
1480  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1481  * At least the following PKCS#11 return values may be returned:
1482  * \li ActionProhibited \li ArgumentsBad \li AttributeReadOnly
1483  * \li AttributeTypeInvalid \li AttributeValueInvalid \li CryptokiNotInitialized
1484  * \li DeviceError \li DeviceMemory \li DeviceRemoved
1485  * \li FunctionFailed \li GeneralError \li HostMemory
1486  * \li ObjectHandleInvalid \li OK \li PinExpired
1487  * \li SessionClosed \li SessionHandleInvalid \li SessionReadOnly
1488  * \li TemplateInconsistent \li TokenWriteProtected \li UserNotLoggedIn
1489  * @return true on success, false otherwise
1490  */
1491  bool C_CopyObject(SessionHandle session,
1492  ObjectHandle object,
1493  Attribute* attribute_template_ptr,
1494  Ulong count,
1495  ObjectHandle* new_object_ptr,
1496  ReturnValue* return_value = ThrowException) const;
1497 
1498  /**
1499  * C_DestroyObject destroys an object.
1500  * @param session the session's handle
1501  * @param object the object's handle
1502  * @param return_value default value (`ThrowException`): throw exception on error.
1503  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1504  * At least the following PKCS#11 return values may be returned:
1505  * \li ActionProhibited \li CryptokiNotInitialized \li DeviceError
1506  * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1507  * \li GeneralError \li HostMemory \li ObjectHandleInvalid
1508  * \li OK \li PinExpired \li SessionClosed
1509  * \li SessionHandleInvalid \li SessionReadOnly \li TokenWriteProtected
1510  * @return true on success, false otherwise
1511  */
1512  bool C_DestroyObject(SessionHandle session,
1513  ObjectHandle object,
1514  ReturnValue* return_value = ThrowException) const;
1515 
1516  /**
1517  * C_GetObjectSize gets the size of an object in bytes.
1518  * @param session the session's handle
1519  * @param object the object's handle
1520  * @param size_ptr receives size of object
1521  * @param return_value default value (`ThrowException`): throw exception on error.
1522  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1523  * At least the following PKCS#11 return values may be returned:
1524  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1525  * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1526  * \li GeneralError \li HostMemory \li InformationSensitive
1527  * \li ObjectHandleInvalid \li OK \li SessionClosed
1528  * \li SessionHandleInvalid
1529  * @return true on success, false otherwise
1530  */
1531  bool C_GetObjectSize(SessionHandle session,
1532  ObjectHandle object,
1533  Ulong* size_ptr,
1534  ReturnValue* return_value = ThrowException) const;
1535 
1536  /**
1537  * C_GetAttributeValue obtains the value of one or more object attributes.
1538  * @param session the session's handle
1539  * @param object the object's handle
1540  * @param attribute_template_ptr specifies attrs; gets vals
1541  * @param count attributes in template
1542  * @param return_value default value (`ThrowException`): throw exception on error.
1543  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1544  * At least the following PKCS#11 return values may be returned:
1545  * \li ArgumentsBad \li AttributeSensitive \li AttributeTypeInvalid
1546  * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1547  * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1548  * \li GeneralError \li HostMemory \li ObjectHandleInvalid
1549  * \li OK \li SessionClosed \li SessionHandleInvalid
1550  * @return true on success, false otherwise
1551  */
1552  bool C_GetAttributeValue(SessionHandle session,
1553  ObjectHandle object,
1554  Attribute* attribute_template_ptr,
1555  Ulong count,
1556  ReturnValue* return_value = ThrowException) const;
1557 
1558  /**
1559  * C_GetAttributeValue obtains the value of one or more object attributes.
1560  * @param session the session's handle
1561  * @param object the object's handle
1562  * @param attribute_values specifies attrs; gets vals
1563  * @param return_value default value (`ThrowException`): throw exception on error.
1564  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1565  * At least the following PKCS#11 return values may be returned:
1566  * \li ArgumentsBad \li AttributeSensitive \li AttributeTypeInvalid
1567  * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1568  * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1569  * \li GeneralError \li HostMemory \li ObjectHandleInvalid
1570  * \li OK \li SessionClosed \li SessionHandleInvalid
1571  * @return true on success, false otherwise
1572  */
1573  template<typename TAlloc>
1575  ObjectHandle object,
1576  std::map<AttributeType, std::vector<uint8_t, TAlloc>>& attribute_values,
1577  ReturnValue* return_value = ThrowException) const
1578  {
1579  std::vector<Attribute> getter_template;
1580 
1581  for(const auto& entry : attribute_values)
1582  {
1583  getter_template.emplace_back(Attribute{ static_cast< CK_ATTRIBUTE_TYPE >(entry.first), nullptr, 0 });
1584  }
1585 
1586  bool success = C_GetAttributeValue(session, object, const_cast< Attribute* >(getter_template.data()),
1587  getter_template.size(), return_value);
1588 
1589  if(!success)
1590  {
1591  return success;
1592  }
1593 
1594  size_t i = 0;
1595  for(auto& entry : attribute_values)
1596  {
1597  entry.second.clear();
1598  entry.second.resize(getter_template.at(i).ulValueLen);
1599  getter_template.at(i).pValue = const_cast< uint8_t* >(entry.second.data());
1600  i++;
1601  }
1602 
1603  return C_GetAttributeValue(session, object, const_cast< Attribute* >(getter_template.data()), getter_template.size(),
1604  return_value);
1605  }
1606 
1607  /**
1608  * C_SetAttributeValue modifies the value of one or more object attributes.
1609  * @param session the session's handle
1610  * @param object the object's handle
1611  * @param attribute_template_ptr specifies attrs and values
1612  * @param count attributes in template
1613  * @param return_value default value (`ThrowException`): throw exception on error.
1614  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1615  * At least the following PKCS#11 return values may be returned:
1616  * \li ActionProhibited \li ArgumentsBad \li AttributeReadOnly
1617  * \li AttributeTypeInvalid \li AttributeValueInvalid \li CryptokiNotInitialized
1618  * \li DeviceError \li DeviceMemory \li DeviceRemoved
1619  * \li FunctionFailed \li GeneralError \li HostMemory
1620  * \li ObjectHandleInvalid \li OK \li SessionClosed
1621  * \li SessionHandleInvalid \li SessionReadOnly \li TemplateInconsistent
1622  * \li TokenWriteProtected \li UserNotLoggedIn
1623  * @return true on success, false otherwise
1624  */
1625  bool C_SetAttributeValue(SessionHandle session,
1626  ObjectHandle object,
1627  Attribute* attribute_template_ptr,
1628  Ulong count,
1629  ReturnValue* return_value = ThrowException) const;
1630 
1631  /**
1632  * C_SetAttributeValue modifies the value of one or more object attributes.
1633  * @param session the session's handle
1634  * @param object the object's handle
1635  * @param attribute_values specifies attrs and values
1636  * @param return_value default value (`ThrowException`): throw exception on error.
1637  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1638  * At least the following PKCS#11 return values may be returned:
1639  * \li ActionProhibited \li ArgumentsBad \li AttributeReadOnly
1640  * \li AttributeTypeInvalid \li AttributeValueInvalid \li CryptokiNotInitialized
1641  * \li DeviceError \li DeviceMemory \li DeviceRemoved
1642  * \li FunctionFailed \li GeneralError \li HostMemory
1643  * \li ObjectHandleInvalid \li OK \li SessionClosed
1644  * \li SessionHandleInvalid \li SessionReadOnly \li TemplateInconsistent
1645  * \li TokenWriteProtected \li UserNotLoggedIn
1646  * @return true on success, false otherwise
1647  */
1648  template<typename TAlloc>
1650  ObjectHandle object,
1651  std::map<AttributeType, std::vector<uint8_t, TAlloc>>& attribute_values,
1652  ReturnValue* return_value = ThrowException) const
1653  {
1654  std::vector<Attribute> setter_template;
1655 
1656  for(auto& entry : attribute_values)
1657  {
1658  setter_template.emplace_back(Attribute{ static_cast< CK_ATTRIBUTE_TYPE >(entry.first), entry.second.data(), static_cast<CK_ULONG>(entry.second.size()) });
1659  }
1660 
1661  return C_SetAttributeValue(session, object, const_cast< Attribute* >(setter_template.data()), setter_template.size(),
1662  return_value);
1663  }
1664 
1665  /**
1666  * C_FindObjectsInit initializes a search for token and session objects that match a template.
1667  * @param session the session's handle
1668  * @param attribute_template_ptr attribute values to match
1669  * @param count attrs in search template
1670  * @param return_value default value (`ThrowException`): throw exception on error.
1671  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1672  * At least the following PKCS#11 return values may be returned:
1673  * \li ArgumentsBad \li AttributeTypeInvalid \li AttributeValueInvalid
1674  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1675  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1676  * \li HostMemory \li OK \li OperationActive
1677  * \li PinExpired \li SessionClosed \li SessionHandleInvalid
1678  * @return true on success, false otherwise
1679  */
1680  bool C_FindObjectsInit(SessionHandle session,
1681  Attribute* attribute_template_ptr,
1682  Ulong count,
1683  ReturnValue* return_value = ThrowException) const;
1684 
1685  /**
1686  * C_FindObjects continues a search for token and session objects that match a template, obtaining additional object handles.
1687  * @param session session's handle
1688  * @param object_ptr gets obj. handles
1689  * @param max_object_count max handles to get
1690  * @param object_count_ptr actual # returned
1691  * @param return_value default value (`ThrowException`): throw exception on error.
1692  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1693  * At least the following PKCS#11 return values may be returned:
1694  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1695  * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1696  * \li GeneralError \li HostMemory \li OK
1697  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
1698  * @return true on success, false otherwise
1699  */
1700  bool C_FindObjects(SessionHandle session,
1701  ObjectHandle* object_ptr,
1702  Ulong max_object_count,
1703  Ulong* object_count_ptr,
1704  ReturnValue* return_value = ThrowException) const;
1705 
1706  /**
1707  * C_FindObjectsFinal finishes a search for token and session objects.
1708  * @param session the session's handle
1709  * @param return_value default value (`ThrowException`): throw exception on error.
1710  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1711  * At least the following PKCS#11 return values may be returned:
1712  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1713  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1714  * \li HostMemory \li OK \li OperationNotInitialized
1715  * \li SessionClosed \li SessionHandleInvalid
1716  * @return true on success, false otherwise
1717  */
1718  bool C_FindObjectsFinal(SessionHandle session,
1719  ReturnValue* return_value = ThrowException) const;
1720 
1721  /****************************** Encryption functions ******************************/
1722 
1723  /**
1724  * C_EncryptInit initializes an encryption operation.
1725  * @param session the session's handle
1726  * @param mechanism_ptr the encryption mechanism
1727  * @param key handle of encryption key
1728  * @param return_value default value (`ThrowException`): throw exception on error.
1729  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1730  * At least the following PKCS#11 return values may be returned:
1731  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1732  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1733  * \li GeneralError \li HostMemory \li KeyFunctionNotPermitted
1734  * \li KeyHandleInvalid \li KeySizeRange \li KeyTypeInconsistent
1735  * \li MechanismInvalid \li MechanismParamInvalid \li OK
1736  * \li OperationActive \li PinExpired \li SessionClosed
1737  * \li SessionHandleInvalid \li UserNotLoggedIn
1738  * @return true on success, false otherwise
1739  */
1740  bool C_EncryptInit(SessionHandle session,
1741  Mechanism* mechanism_ptr,
1742  ObjectHandle key,
1743  ReturnValue* return_value = ThrowException) const;
1744 
1745  /**
1746  * C_Encrypt encrypts single-part data.
1747  * @param session session's handle
1748  * @param data_ptr the plaintext data
1749  * @param data_len size of plaintext data in bytes
1750  * @param encrypted_data gets ciphertext
1751  * @param encrypted_data_len_ptr gets c-text size
1752  * @param return_value default value (`ThrowException`): throw exception on error.
1753  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1754  * At least the following PKCS#11 return values may be returned:
1755  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1756  * \li DataInvalid \li DataLenRange \li DeviceError
1757  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1758  * \li FunctionFailed \li GeneralError \li HostMemory
1759  * \li OK \li OperationNotInitialized \li SessionClosed
1760  * \li SessionHandleInvalid
1761  * @return true on success, false otherwise
1762  */
1763  bool C_Encrypt(SessionHandle session,
1764  Byte* data_ptr,
1765  Ulong data_len,
1766  Byte* encrypted_data,
1767  Ulong* encrypted_data_len_ptr,
1768  ReturnValue* return_value = ThrowException) const;
1769 
1770  /**
1771  * C_Encrypt encrypts single-part data.
1772  * @param session session's handle
1773  * @param plaintext_data the plaintext data
1774  * @param encrypted_data gets ciphertext
1775  * @param return_value default value (`ThrowException`): throw exception on error.
1776  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1777  * At least the following PKCS#11 return values may be returned:
1778  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1779  * \li DataInvalid \li DataLenRange \li DeviceError
1780  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1781  * \li FunctionFailed \li GeneralError \li HostMemory
1782  * \li OK \li OperationNotInitialized \li SessionClosed
1783  * \li SessionHandleInvalid
1784  * @return true on success, false otherwise
1785  */
1786  template<typename TAllocA, typename TAllocB>
1787  bool C_Encrypt(SessionHandle session,
1788  const std::vector<uint8_t, TAllocA>& plaintext_data,
1789  std::vector<uint8_t, TAllocB>& encrypted_data,
1790  ReturnValue* return_value = ThrowException) const
1791  {
1792  Ulong encrypted_size = 0;
1793  if(!C_Encrypt(session, const_cast<Byte*>((plaintext_data.data())), plaintext_data.size(), nullptr, &encrypted_size,
1794  return_value))
1795  {
1796  return false;
1797  }
1798 
1799  encrypted_data.resize(encrypted_size);
1800  return C_Encrypt(session, const_cast<Byte*>(plaintext_data.data()), plaintext_data.size(), encrypted_data.data(),
1801  &encrypted_size, return_value);
1802  }
1803 
1804  /**
1805  * C_EncryptUpdate continues a multiple-part encryption operation.
1806  * @param session session's handle
1807  * @param part_ptr the plaintext data
1808  * @param part_len plaintext data len
1809  * @param encrypted_part_ptr gets ciphertext
1810  * @param encrypted_part_len_ptr gets c-text size
1811  * @param return_value default value (`ThrowException`): throw exception on error.
1812  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1813  * At least the following PKCS#11 return values may be returned:
1814  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1815  * \li DataLenRange \li DeviceError \li DeviceMemory
1816  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1817  * \li GeneralError \li HostMemory \li OK
1818  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
1819  * @return true on success, false otherwise
1820  */
1821  bool C_EncryptUpdate(SessionHandle session,
1822  Byte* part_ptr,
1823  Ulong part_len,
1824  Byte* encrypted_part_ptr,
1825  Ulong* encrypted_part_len_ptr,
1826  ReturnValue* return_value = ThrowException) const;
1827 
1828  /**
1829  * C_EncryptFinal finishes a multiple-part encryption operation.
1830  * @param session session handle
1831  * @param last_encrypted_part_ptr last c-text
1832  * @param last_encrypted_part_len_ptr gets last size
1833  * @param return_value default value (`ThrowException`): throw exception on error.
1834  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1835  * At least the following PKCS#11 return values may be returned:
1836  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1837  * \li DataLenRange \li DeviceError \li DeviceMemory
1838  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1839  * \li GeneralError \li HostMemory \li OK
1840  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
1841  * @return true on success, false otherwise
1842  */
1843  bool C_EncryptFinal(SessionHandle session,
1844  Byte* last_encrypted_part_ptr,
1845  Ulong* last_encrypted_part_len_ptr,
1846  ReturnValue* return_value = ThrowException) const;
1847 
1848  /****************************** Decryption functions ******************************/
1849 
1850  /**
1851  * C_DecryptInit initializes a decryption operation.
1852  * @param session the session's handle
1853  * @param mechanism_ptr the decryption mechanism
1854  * @param key handle of decryption key
1855  * @param return_value default value (`ThrowException`): throw exception on error.
1856  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1857  * At least the following PKCS#11 return values may be returned:
1858  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1859  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1860  * \li FunctionFailed \li GeneralError \li HostMemory
1861  * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
1862  * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
1863  * \li OK \li OperationActive \li PinExpired
1864  * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
1865  * @return true on success, false otherwise
1866  */
1867  bool C_DecryptInit(SessionHandle session,
1868  Mechanism* mechanism_ptr,
1869  ObjectHandle key,
1870  ReturnValue* return_value = ThrowException) const;
1871 
1872  /**
1873  * C_Decrypt decrypts encrypted data in a single part.
1874  * @param session session's handle
1875  * @param encrypted_data_ptr ciphertext
1876  * @param encrypted_data_len ciphertext length
1877  * @param data_ptr gets plaintext
1878  * @param data_len_ptr gets p-text size
1879  * @param return_value default value (`ThrowException`): throw exception on error.
1880  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1881  * At least the following PKCS#11 return values may be returned:
1882  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1883  * \li DeviceError \li DeviceMemory \li DeviceRemoved
1884  * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
1885  * \li FunctionFailed \li GeneralError \li HostMemory
1886  * \li OK \li OperationNotInitialized \li SessionClosed
1887  * \li SessionHandleInvalid \li UserNotLoggedIn
1888  * @return true on success, false otherwise
1889  */
1890  bool C_Decrypt(SessionHandle session,
1891  Byte* encrypted_data_ptr,
1892  Ulong encrypted_data_len,
1893  Byte* data_ptr,
1894  Ulong* data_len_ptr,
1895  ReturnValue* return_value = ThrowException) const;
1896 
1897  /**
1898  * C_Decrypt decrypts encrypted data in a single part.
1899  * @param session session's handle
1900  * @param encrypted_data ciphertext
1901  * @param decrypted_data gets plaintext
1902  * @param return_value default value (`ThrowException`): throw exception on error.
1903  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1904  * At least the following PKCS#11 return values may be returned:
1905  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1906  * \li DeviceError \li DeviceMemory \li DeviceRemoved
1907  * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
1908  * \li FunctionFailed \li GeneralError \li HostMemory
1909  * \li OK \li OperationNotInitialized \li SessionClosed
1910  * \li SessionHandleInvalid \li UserNotLoggedIn
1911  * @return true on success, false otherwise
1912  */
1913  template<typename TAllocA, typename TAllocB>
1914  bool C_Decrypt(SessionHandle session,
1915  const std::vector<uint8_t, TAllocA>& encrypted_data,
1916  std::vector<uint8_t, TAllocB>& decrypted_data,
1917  ReturnValue* return_value = ThrowException) const
1918  {
1919  Ulong decrypted_size = 0;
1920  if(!C_Decrypt(session, const_cast<Byte*>((encrypted_data.data())), encrypted_data.size(), nullptr, &decrypted_size,
1921  return_value))
1922  {
1923  return false;
1924  }
1925 
1926  decrypted_data.resize(decrypted_size);
1927  return C_Decrypt(session, const_cast<Byte*>(encrypted_data.data()), encrypted_data.size(), decrypted_data.data(),
1928  &decrypted_size, return_value);
1929  }
1930 
1931  /**
1932  * C_DecryptUpdate continues a multiple-part decryption operation.
1933  * @param session session's handle
1934  * @param encrypted_part_ptr encrypted data
1935  * @param encrypted_part_len input length
1936  * @param part_ptr gets plaintext
1937  * @param part_len_ptr p-text size
1938  * @param return_value default value (`ThrowException`): throw exception on error.
1939  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1940  * At least the following PKCS#11 return values may be returned:
1941  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1942  * \li DeviceError \li DeviceMemory \li DeviceRemoved
1943  * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
1944  * \li FunctionFailed \li GeneralError \li HostMemory
1945  * \li OK \li OperationNotInitialized \li SessionClosed
1946  * \li SessionHandleInvalid \li UserNotLoggedIn
1947  * @return true on success, false otherwise
1948  */
1949  bool C_DecryptUpdate(SessionHandle session,
1950  Byte* encrypted_part_ptr,
1951  Ulong encrypted_part_len,
1952  Byte* part_ptr,
1953  Ulong* part_len_ptr,
1954  ReturnValue* return_value = ThrowException) const;
1955 
1956  /**
1957  * C_DecryptFinal finishes a multiple-part decryption operation.
1958  * @param session the session's handle
1959  * @param last_part_ptr gets plaintext
1960  * @param last_part_len_ptr p-text size
1961  * @param return_value default value (`ThrowException`): throw exception on error.
1962  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1963  * At least the following PKCS#11 return values may be returned:
1964  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1965  * \li DeviceError \li DeviceMemory \li DeviceRemoved
1966  * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
1967  * \li FunctionFailed \li GeneralError \li HostMemory
1968  * \li OK \li OperationNotInitialized \li SessionClosed
1969  * \li SessionHandleInvalid \li UserNotLoggedIn
1970  * @return true on success, false otherwise
1971  */
1972  bool C_DecryptFinal(SessionHandle session,
1973  Byte* last_part_ptr,
1974  Ulong* last_part_len_ptr,
1975  ReturnValue* return_value = ThrowException) const;
1976 
1977  /****************************** Message digesting functions ******************************/
1978 
1979  /**
1980  * C_DigestInit initializes a message-digesting operation.
1981  * @param session the session's handle
1982  * @param mechanism_ptr the digesting mechanism
1983  * @param return_value default value (`ThrowException`): throw exception on error.
1984  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1985  * At least the following PKCS#11 return values may be returned:
1986  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1987  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1988  * \li FunctionFailed \li GeneralError \li HostMemory
1989  * \li MechanismInvalid \li MechanismParamInvalid \li OK
1990  * \li OperationActive \li PinExpired \li SessionClosed
1991  * \li SessionHandleInvalid \li UserNotLoggedIn
1992  * @return true on success, false otherwise
1993  */
1994  bool C_DigestInit(SessionHandle session,
1995  Mechanism* mechanism_ptr,
1996  ReturnValue* return_value = ThrowException) const;
1997 
1998  /**
1999  * C_Digest digests data in a single part.
2000  * @param session the session's handle
2001  * @param data_ptr data to be digested
2002  * @param data_len bytes of data to digest
2003  * @param digest_ptr gets the message digest
2004  * @param digest_len_ptr gets digest length
2005  * @param return_value default value (`ThrowException`): throw exception on error.
2006  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2007  * At least the following PKCS#11 return values may be returned:
2008  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2009  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2010  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2011  * \li HostMemory \li OK \li OperationNotInitialized
2012  * \li SessionClosed \li SessionHandleInvalid
2013  * @return true on success, false otherwise
2014  */
2015  bool C_Digest(SessionHandle session,
2016  Byte* data_ptr,
2017  Ulong data_len,
2018  Byte* digest_ptr,
2019  Ulong* digest_len_ptr,
2020  ReturnValue* return_value = ThrowException) const;
2021 
2022  /**
2023  * C_DigestUpdate continues a multiple-part message-digesting operation.
2024  * @param session the session's handle
2025  * @param part_ptr data to be digested
2026  * @param part_len bytes of data to be digested
2027  * @param return_value default value (`ThrowException`): throw exception on error.
2028  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2029  * At least the following PKCS#11 return values may be returned:
2030  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2031  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2032  * \li FunctionFailed \li GeneralError \li HostMemory
2033  * \li OK \li OperationNotInitialized \li SessionClosed
2034  * \li SessionHandleInvalid
2035  * @return true on success, false otherwise
2036  */
2037  bool C_DigestUpdate(SessionHandle session,
2038  Byte* part_ptr,
2039  Ulong part_len,
2040  ReturnValue* return_value = ThrowException) const;
2041 
2042  /**
2043  * C_DigestKey continues a multi-part message-digesting operation, by digesting the value of a secret key as part of the data already digested.
2044  * @param session the session's handle
2045  * @param key secret key to digest
2046  * @param return_value default value (`ThrowException`): throw exception on error.
2047  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2048  * At least the following PKCS#11 return values may be returned:
2049  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
2050  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2051  * \li GeneralError \li HostMemory \li KeyHandleInvalid
2052  * \li KeyIndigestible \li KeySizeRange \li OK
2053  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2054  * @return true on success, false otherwise
2055  */
2056  bool C_DigestKey(SessionHandle session,
2057  ObjectHandle key,
2058  ReturnValue* return_value = ThrowException) const;
2059 
2060  /**
2061  * C_DigestFinal finishes a multiple-part message-digesting operation.
2062  * @param session the session's handle
2063  * @param digest_ptr gets the message digest
2064  * @param digest_len_ptr gets uint8_t count of digest
2065  * @param return_value default value (`ThrowException`): throw exception on error.
2066  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2067  * At least the following PKCS#11 return values may be returned:
2068  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2069  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2070  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2071  * \li HostMemory \li OK \li OperationNotInitialized
2072  * \li SessionClosed \li SessionHandleInvalid
2073  * @return true on success, false otherwise
2074  */
2075  bool C_DigestFinal(SessionHandle session,
2076  Byte* digest_ptr,
2077  Ulong* digest_len_ptr,
2078  ReturnValue* return_value = ThrowException) const;
2079 
2080  /****************************** Signing and MACing functions ******************************/
2081 
2082  /**
2083  * C_SignInit initializes a signature (private key encryption) operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2084  * @param session the session's handle
2085  * @param mechanism_ptr the signature mechanism
2086  * @param key handle of signature key
2087  * @param return_value default value (`ThrowException`): throw exception on error.
2088  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2089  * At least the following PKCS#11 return values may be returned:
2090  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2091  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2092  * \li FunctionFailed \li GeneralError \li HostMemory
2093  * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
2094  * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
2095  * \li OK \li OperationActive \li PinExpired
2096  * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2097  * @return true on success, false otherwise
2098  */
2099  bool C_SignInit(SessionHandle session,
2100  Mechanism* mechanism_ptr,
2101  ObjectHandle key,
2102  ReturnValue* return_value = ThrowException) const;
2103 
2104  /**
2105  * C_Sign signs (encrypts with private key) data in a single part, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2106  * @param session the session's handle
2107  * @param data_ptr the data to sign
2108  * @param data_len count of bytes to sign
2109  * @param signature_ptr gets the signature
2110  * @param signature_len_ptr gets signature length
2111  * @param return_value default value (`ThrowException`): throw exception on error.
2112  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2113  * At least the following PKCS#11 return values may be returned:
2114  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2115  * \li DataInvalid \li DataLenRange \li DeviceError
2116  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2117  * \li FunctionFailed \li GeneralError \li HostMemory
2118  * \li OK \li OperationNotInitialized \li SessionClosed
2119  * \li SessionHandleInvalid \li UserNotLoggedIn \li FunctionRejected
2120  * @return true on success, false otherwise
2121  */
2122  bool C_Sign(SessionHandle session,
2123  Byte* data_ptr,
2124  Ulong data_len,
2125  Byte* signature_ptr,
2126  Ulong* signature_len_ptr,
2127  ReturnValue* return_value = ThrowException) const;
2128 
2129  /**
2130  * C_Sign signs (encrypts with private key) data in a single part, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2131  * @param session the session's handle
2132  * @param data the data to sign
2133  * @param signature gets the signature
2134  * @param return_value default value (`ThrowException`): throw exception on error.
2135  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2136  * At least the following PKCS#11 return values may be returned:
2137  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2138  * \li DataInvalid \li DataLenRange \li DeviceError
2139  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2140  * \li FunctionFailed \li GeneralError \li HostMemory
2141  * \li OK \li OperationNotInitialized \li SessionClosed
2142  * \li SessionHandleInvalid \li UserNotLoggedIn \li FunctionRejected
2143  * @return true on success, false otherwise
2144  */
2145  template<typename TAllocA, typename TAllocB>
2146  bool C_Sign(SessionHandle session,
2147  const std::vector<uint8_t, TAllocA>& data,
2148  std::vector<uint8_t, TAllocB>& signature,
2149  ReturnValue* return_value = ThrowException) const
2150  {
2151  Ulong signature_size = 0;
2152  if(!C_Sign(session, const_cast<Byte*>((data.data())), data.size(), nullptr, &signature_size, return_value))
2153  {
2154  return false;
2155  }
2156 
2157  signature.resize(signature_size);
2158  return C_Sign(session, const_cast<Byte*>(data.data()), data.size(), signature.data(), &signature_size, return_value);
2159  }
2160 
2161  /**
2162  * C_SignUpdate continues a multiple-part signature operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2163  * @param session the session's handle
2164  * @param part_ptr the data to sign
2165  * @param part_len count of bytes to sign
2166  * @param return_value default value (`ThrowException`): throw exception on error.
2167  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2168  * At least the following PKCS#11 return values may be returned:
2169  * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2170  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2171  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2172  * \li HostMemory \li OK \li OperationNotInitialized
2173  * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2174  * @return true on success, false otherwise
2175  */
2176  bool C_SignUpdate(SessionHandle session,
2177  Byte* part_ptr,
2178  Ulong part_len,
2179  ReturnValue* return_value = ThrowException) const;
2180 
2181  /**
2182  * C_SignUpdate continues a multiple-part signature operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2183  * @param session the session's handle
2184  * @param part the data to sign
2185  * @param return_value default value (`ThrowException`): throw exception on error.
2186  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2187  * At least the following PKCS#11 return values may be returned:
2188  * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2189  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2190  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2191  * \li HostMemory \li OK \li OperationNotInitialized
2192  * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2193  * @return true on success, false otherwise
2194  */
2195  template<typename TAlloc>
2197  const std::vector<uint8_t, TAlloc>& part,
2198  ReturnValue* return_value = ThrowException) const
2199  {
2200  return C_SignUpdate(session, const_cast<Byte*>(part.data()), part.size(), return_value);
2201  }
2202 
2203  /**
2204  * C_SignFinal finishes a multiple-part signature operation, returning the signature.
2205  * @param session the session's handle
2206  * @param signature_ptr gets the signature
2207  * @param signature_len_ptr gets signature length
2208  * @param return_value default value (`ThrowException`): throw exception on error.
2209  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2210  * At least the following PKCS#11 return values may be returned:
2211  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2212  * \li DataLenRange \li DeviceError \li DeviceMemory
2213  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2214  * \li GeneralError \li HostMemory \li OK
2215  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2216  * \li UserNotLoggedIn \li FunctionRejected
2217  * @return true on success, false otherwise
2218  */
2219  bool C_SignFinal(SessionHandle session,
2220  Byte* signature_ptr,
2221  Ulong* signature_len_ptr,
2222  ReturnValue* return_value = ThrowException) const;
2223 
2224  /**
2225  * C_SignFinal finishes a multiple-part signature operation, returning the signature.
2226  * @param session the session's handle
2227  * @param signature gets the signature
2228  * @param return_value default value (`ThrowException`): throw exception on error.
2229  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2230  * At least the following PKCS#11 return values may be returned:
2231  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2232  * \li DataLenRange \li DeviceError \li DeviceMemory
2233  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2234  * \li GeneralError \li HostMemory \li OK
2235  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2236  * \li UserNotLoggedIn \li FunctionRejected
2237  * @return true on success, false otherwise
2238  */
2239  template<typename TAlloc>
2241  std::vector<uint8_t, TAlloc>& signature,
2242  ReturnValue* return_value = ThrowException) const
2243  {
2244  Ulong signature_size = 0;
2245  if(!C_SignFinal(session, nullptr, &signature_size, return_value))
2246  {
2247  return false;
2248  }
2249 
2250  signature.resize(signature_size);
2251  return C_SignFinal(session, signature.data(), &signature_size, return_value);
2252  }
2253 
2254  /**
2255  * C_SignRecoverInit initializes a signature operation, where the data can be recovered from the signature.
2256  * @param session the session's handle
2257  * @param mechanism_ptr the signature mechanism
2258  * @param key handle of the signature key
2259  * @param return_value default value (`ThrowException`): throw exception on error.
2260  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2261  * At least the following PKCS#11 return values may be returned:
2262  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2263  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2264  * \li FunctionFailed \li GeneralError \li HostMemory
2265  * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
2266  * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
2267  * \li OK \li OperationActive \li PinExpired
2268  * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2269  * @return true on success, false otherwise
2270  */
2271  bool C_SignRecoverInit(SessionHandle session,
2272  Mechanism* mechanism_ptr,
2273  ObjectHandle key,
2274  ReturnValue* return_value = ThrowException) const;
2275 
2276  /**
2277  * C_SignRecover signs data in a single operation, where the data can be recovered from the signature.
2278  * @param session the session's handle
2279  * @param data_ptr the data to sign
2280  * @param data_len count of bytes to sign
2281  * @param signature_ptr gets the signature
2282  * @param signature_len_ptr gets signature length
2283  * @param return_value default value (`ThrowException`): throw exception on error.
2284  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2285  * At least the following PKCS#11 return values may be returned:
2286  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2287  * \li DataInvalid \li DataLenRange \li DeviceError
2288  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2289  * \li FunctionFailed \li GeneralError \li HostMemory
2290  * \li OK \li OperationNotInitialized \li SessionClosed
2291  * \li SessionHandleInvalid \li UserNotLoggedIn
2292  * @return true on success, false otherwise
2293  */
2294  bool C_SignRecover(SessionHandle session,
2295  Byte* data_ptr,
2296  Ulong data_len,
2297  Byte* signature_ptr,
2298  Ulong* signature_len_ptr,
2299  ReturnValue* return_value = ThrowException) const;
2300 
2301  /****************************** Functions for verifying signatures and MACs ******************************/
2302 
2303  /**
2304  * C_VerifyInit initializes a verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature (e.g. DSA).
2305  * @param session the session's handle
2306  * @param mechanism_ptr the verification mechanism
2307  * @param key verification key
2308  * @param return_value default value (`ThrowException`): throw exception on error.
2309  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2310  * At least the following PKCS#11 return values may be returned:
2311  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2312  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2313  * \li FunctionFailed \li GeneralError \li HostMemory
2314  * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
2315  * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
2316  * \li OK \li OperationActive \li PinExpired
2317  * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2318  * @return true on success, false otherwise
2319  */
2320  bool C_VerifyInit(SessionHandle session,
2321  Mechanism* mechanism_ptr,
2322  ObjectHandle key,
2323  ReturnValue* return_value = ThrowException) const;
2324 
2325  /**
2326  * C_Verify verifies a signature in a single-part operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
2327  * @param session the session's handle
2328  * @param data_ptr signed data
2329  * @param data_len length of signed data
2330  * @param signature_ptr signature
2331  * @param signature_len signature length
2332  * @param return_value default value (`ThrowException`): throw exception on error.
2333  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2334  * At least the following PKCS#11 return values may be returned:
2335  * \li ArgumentsBad \li CryptokiNotInitialized \li DataInvalid
2336  * \li DataLenRange \li DeviceError \li DeviceMemory
2337  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2338  * \li GeneralError \li HostMemory \li OK
2339  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2340  * \li SignatureInvalid \li SignatureLenRange
2341  * @return true on success, false otherwise
2342  */
2343  bool C_Verify(SessionHandle session,
2344  Byte* data_ptr,
2345  Ulong data_len,
2346  Byte* signature_ptr,
2347  Ulong signature_len,
2348  ReturnValue* return_value = ThrowException) const;
2349 
2350  /**
2351  * C_Verify verifies a signature in a single-part operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
2352  * @param session the session's handle
2353  * @param data signed data
2354  * @param signature signature
2355  * @param return_value default value (`ThrowException`): throw exception on error.
2356  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2357  * At least the following PKCS#11 return values may be returned:
2358  * \li ArgumentsBad \li CryptokiNotInitialized \li DataInvalid
2359  * \li DataLenRange \li DeviceError \li DeviceMemory
2360  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2361  * \li GeneralError \li HostMemory \li OK
2362  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2363  * \li SignatureInvalid \li SignatureLenRange
2364  * @return true on success, false otherwise
2365  */
2366  template<typename TAllocA, typename TAllocB>
2367  bool C_Verify(SessionHandle session,
2368  const std::vector<uint8_t, TAllocA>& data,
2369  std::vector<uint8_t, TAllocB>& signature,
2370  ReturnValue* return_value = ThrowException) const
2371  {
2372  return C_Verify(session, const_cast<Byte*>(data.data()), data.size(), signature.data(), signature.size(), return_value);
2373  }
2374 
2375  /**
2376  * C_VerifyUpdate continues a multiple-part verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
2377  * @param session the session's handle
2378  * @param part_ptr signed data
2379  * @param part_len length of signed data
2380  * @param return_value default value (`ThrowException`): throw exception on error.
2381  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2382  * At least the following PKCS#11 return values may be returned:
2383  * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2384  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2385  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2386  * \li HostMemory \li OK \li OperationNotInitialized
2387  * \li SessionClosed \li SessionHandleInvalid
2388  * @return true on success, false otherwise
2389  */
2390  bool C_VerifyUpdate(SessionHandle session,
2391  Byte* part_ptr,
2392  Ulong part_len,
2393  ReturnValue* return_value = ThrowException) const;
2394 
2395  /**
2396  * C_VerifyUpdate continues a multiple-part verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
2397  * @param session the session's handle
2398  * @param part signed data
2399  * @param return_value default value (`ThrowException`): throw exception on error.
2400  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2401  * At least the following PKCS#11 return values may be returned:
2402  * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2403  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2404  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2405  * \li HostMemory \li OK \li OperationNotInitialized
2406  * \li SessionClosed \li SessionHandleInvalid
2407  * @return true on success, false otherwise
2408  */
2409  template<typename TAlloc>
2411  std::vector<uint8_t, TAlloc> part,
2412  ReturnValue* return_value = ThrowException) const
2413  {
2414  return C_VerifyUpdate(session, part.data(), part.size(), return_value);
2415  }
2416 
2417  /**
2418  * C_VerifyFinal finishes a multiple-part verification operation, checking the signature.
2419  * @param session the session's handle
2420  * @param signature_ptr signature to verify
2421  * @param signature_len signature length
2422  * @param return_value default value (`ThrowException`): throw exception on error.
2423  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2424  * At least the following PKCS#11 return values may be returned:
2425  * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2426  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2427  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2428  * \li HostMemory \li OK \li OperationNotInitialized
2429  * \li SessionClosed \li SessionHandleInvalid \li SignatureInvalid
2430  * \li SignatureLenRange
2431  * @return true on success, false otherwise
2432  */
2433  bool C_VerifyFinal(SessionHandle session,
2434  Byte* signature_ptr,
2435  Ulong signature_len,
2436  ReturnValue* return_value = ThrowException) const;
2437 
2438  /**
2439  * C_VerifyRecoverInit initializes a signature verification operation, where the data is recovered from the signature.
2440  * @param session the session's handle
2441  * @param mechanism_ptr the verification mechanism
2442  * @param key verification key
2443  * @param return_value default value (`ThrowException`): throw exception on error.
2444  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2445  * At least the following PKCS#11 return values may be returned:
2446  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2447  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2448  * \li FunctionFailed \li GeneralError \li HostMemory
2449  * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
2450  * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
2451  * \li OK \li OperationActive \li PinExpired
2452  * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2453  * @return true on success, false otherwise
2454  */
2455  bool C_VerifyRecoverInit(SessionHandle session,
2456  Mechanism* mechanism_ptr,
2457  ObjectHandle key,
2458  ReturnValue* return_value = ThrowException) const;
2459 
2460  /**
2461  * C_VerifyRecover verifies a signature in a single-part operation, where the data is recovered from the signature.
2462  * @param session the session's handle
2463  * @param signature_ptr signature to verify
2464  * @param signature_len signature length
2465  * @param data_ptr gets signed data
2466  * @param data_len_ptr gets signed data len
2467  * @param return_value default value (`ThrowException`): throw exception on error.
2468  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2469  * At least the following PKCS#11 return values may be returned:
2470  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2471  * \li DataInvalid \li DataLenRange \li DeviceError
2472  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2473  * \li FunctionFailed \li GeneralError \li HostMemory
2474  * \li OK \li OperationNotInitialized \li SessionClosed
2475  * \li SessionHandleInvalid \li SignatureLenRange \li SignatureInvalid
2476  * @return true on success, false otherwise
2477  */
2478  bool C_VerifyRecover(SessionHandle session,
2479  Byte* signature_ptr,
2480  Ulong signature_len,
2481  Byte* data_ptr,
2482  Ulong* data_len_ptr,
2483  ReturnValue* return_value = ThrowException) const;
2484 
2485  /****************************** Dual-purpose cryptographic functions ******************************/
2486 
2487  /**
2488  * C_DigestEncryptUpdate continues a multiple-part digesting and encryption operation.
2489  * @param session session's handle
2490  * @param part_ptr the plaintext data
2491  * @param part_len plaintext length
2492  * @param encrypted_part_ptr gets ciphertext
2493  * @param encrypted_part_len_ptr gets c-text length
2494  * @param return_value default value (`ThrowException`): throw exception on error.
2495  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2496  * At least the following PKCS#11 return values may be returned:
2497  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2498  * \li DataLenRange \li DeviceError \li DeviceMemory
2499  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2500  * \li GeneralError \li HostMemory \li OK
2501  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2502  * @return true on success, false otherwise
2503  */
2504  bool C_DigestEncryptUpdate(SessionHandle session,
2505  Byte* part_ptr,
2506  Ulong part_len,
2507  Byte* encrypted_part_ptr,
2508  Ulong* encrypted_part_len_ptr,
2509  ReturnValue* return_value = ThrowException) const ;
2510 
2511  /**
2512  * C_DecryptDigestUpdate continues a multiple-part decryption and digesting operation.
2513  * @param session session's handle
2514  * @param encrypted_part_ptr ciphertext
2515  * @param encrypted_part_len ciphertext length
2516  * @param part_ptr gets plaintext
2517  * @param part_len_ptr gets plaintext len
2518  * @param return_value default value (`ThrowException`): throw exception on error.
2519  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2520  * At least the following PKCS#11 return values may be returned:
2521  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2522  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2523  * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
2524  * \li FunctionFailed \li GeneralError \li HostMemory
2525  * \li OK \li OperationNotInitialized \li SessionClosed
2526  * \li SessionHandleInvalid
2527  * @return true on success, false otherwise
2528  */
2529  bool C_DecryptDigestUpdate(SessionHandle session,
2530  Byte* encrypted_part_ptr,
2531  Ulong encrypted_part_len,
2532  Byte* part_ptr,
2533  Ulong* part_len_ptr,
2534  ReturnValue* return_value = ThrowException) const;
2535 
2536  /**
2537  * C_SignEncryptUpdate continues a multiple-part signing and encryption operation.
2538  * @param session session's handle
2539  * @param part_ptr the plaintext data
2540  * @param part_len plaintext length
2541  * @param encrypted_part_ptr gets ciphertext
2542  * @param encrypted_part_len_ptr gets c-text length
2543  * @param return_value default value (`ThrowException`): throw exception on error.
2544  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2545  * At least the following PKCS#11 return values may be returned:
2546  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2547  * \li DataLenRange \li DeviceError \li DeviceMemory
2548  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2549  * \li GeneralError \li HostMemory \li OK
2550  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2551  * \li UserNotLoggedIn
2552  * @return true on success, false otherwise
2553  */
2554  bool C_SignEncryptUpdate(SessionHandle session,
2555  Byte* part_ptr,
2556  Ulong part_len,
2557  Byte* encrypted_part_ptr,
2558  Ulong* encrypted_part_len_ptr,
2559  ReturnValue* return_value = ThrowException) const;
2560 
2561  /**
2562  * C_DecryptVerifyUpdate continues a multiple-part decryption and verify operation.
2563  * @param session session's handle
2564  * @param encrypted_part_ptr ciphertext
2565  * @param encrypted_part_len ciphertext length
2566  * @param part_ptr gets plaintext
2567  * @param part_len_ptr gets p-text length
2568  * @param return_value default value (`ThrowException`): throw exception on error.
2569  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2570  * At least the following PKCS#11 return values may be returned:
2571  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2572  * \li DataLenRange \li DeviceError \li DeviceMemory
2573  * \li DeviceRemoved \li EncryptedDataInvalid \li EncryptedDataLenRange
2574  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2575  * \li HostMemory \li OK \li OperationNotInitialized
2576  * \li SessionClosed \li SessionHandleInvalid
2577  * @return true on success, false otherwise
2578  */
2579  bool C_DecryptVerifyUpdate(SessionHandle session,
2580  Byte* encrypted_part_ptr,
2581  Ulong encrypted_part_len,
2582  Byte* part_ptr,
2583  Ulong* part_len_ptr,
2584  ReturnValue* return_value = ThrowException) const;
2585 
2586  /****************************** Key management functions ******************************/
2587 
2588  /**
2589  * C_GenerateKey generates a secret key, creating a new key object.
2590  * @param session the session's handle
2591  * @param mechanism_ptr key generation mech.
2592  * @param attribute_template_ptr template for new key
2593  * @param count # of attrs in template
2594  * @param key_ptr gets handle of new key
2595  * @param return_value default value (`ThrowException`): throw exception on error.
2596  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2597  * At least the following PKCS#11 return values may be returned:
2598  * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
2599  * \li AttributeValueInvalid \li CryptokiNotInitialized \li CurveNotSupported
2600  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2601  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2602  * \li HostMemory \li MechanismInvalid \li MechanismParamInvalid
2603  * \li OK \li OperationActive \li PinExpired
2604  * \li SessionClosed \li SessionHandleInvalid \li SessionReadOnly
2605  * \li TemplateIncomplete \li TemplateInconsistent \li TokenWriteProtected
2606  * \li UserNotLoggedIn
2607  * @return true on success, false otherwise
2608  */
2609  bool C_GenerateKey(SessionHandle session,
2610  Mechanism* mechanism_ptr,
2611  Attribute* attribute_template_ptr,
2612  Ulong count,
2613  ObjectHandle* key_ptr,
2614  ReturnValue* return_value = ThrowException) const;
2615 
2616  /**
2617  * C_GenerateKeyPair generates a public-key/private-key pair, creating new key objects.
2618  * @param session session handle
2619  * @param mechanism_ptr key-gen mech.
2620  * @param public_key_template_ptr template for pub. key
2621  * @param public_key_attribute_count # pub. attrs.
2622  * @param private_key_template_ptr template for priv. key
2623  * @param private_key_attribute_count # priv. attrs.
2624  * @param public_key_ptr gets pub. key handle
2625  * @param private_key_ptr gets priv. key handle
2626  * @param return_value default value (`ThrowException`): throw exception on error.
2627  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2628  * At least the following PKCS#11 return values may be returned:
2629  * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
2630  * \li AttributeValueInvalid \li CryptokiNotInitialized \li CurveNotSupported
2631  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2632  * \li DomainParamsInvalid \li FunctionCanceled \li FunctionFailed
2633  * \li GeneralError \li HostMemory \li MechanismInvalid
2634  * \li MechanismParamInvalid \li OK \li OperationActive
2635  * \li PinExpired \li SessionClosed \li SessionHandleInvalid
2636  * \li SessionReadOnly \li TemplateIncomplete \li TemplateInconsistent
2637  * \li TokenWriteProtected \li UserNotLoggedIn
2638  * @return true on success, false otherwise
2639  */
2640  bool C_GenerateKeyPair(SessionHandle session,
2641  Mechanism* mechanism_ptr,
2642  Attribute* public_key_template_ptr,
2643  Ulong public_key_attribute_count,
2644  Attribute* private_key_template_ptr,
2645  Ulong private_key_attribute_count,
2646  ObjectHandle* public_key_ptr,
2647  ObjectHandle* private_key_ptr,
2648  ReturnValue* return_value = ThrowException) const;
2649 
2650  /**
2651  * C_WrapKey wraps (i.e., encrypts) a key.
2652  * @param session the session's handle
2653  * @param mechanism_ptr the wrapping mechanism
2654  * @param wrapping_key wrapping key
2655  * @param key key to be wrapped
2656  * @param wrapped_key_ptr gets wrapped key
2657  * @param wrapped_key_len_ptr gets wrapped key size
2658  * @param return_value default value (`ThrowException`): throw exception on error.
2659  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2660  * At least the following PKCS#11 return values may be returned:
2661  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2662  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2663  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2664  * \li HostMemory \li KeyHandleInvalid \li KeyNotWrappable
2665  * \li KeySizeRange \li KeyUnextractable \li MechanismInvalid
2666  * \li MechanismParamInvalid \li OK \li OperationActive
2667  * \li PinExpired \li SessionClosed \li SessionHandleInvalid
2668  * \li UserNotLoggedIn \li WrappingKeyHandleInvalid \li WrappingKeySizeRange
2669  * \li WrappingKeyTypeInconsistent
2670  * @return true on success, false otherwise
2671  */
2672  bool C_WrapKey(SessionHandle session,
2673  Mechanism* mechanism_ptr,
2674  ObjectHandle wrapping_key,
2675  ObjectHandle key,
2676  Byte* wrapped_key_ptr,
2677  Ulong* wrapped_key_len_ptr,
2678  ReturnValue* return_value = ThrowException) const;
2679 
2680  /**
2681  * C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new key object.
2682  * @param session session's handle
2683  * @param mechanism_ptr unwrapping mech.
2684  * @param unwrapping_key unwrapping key
2685  * @param wrapped_key_ptr the wrapped key
2686  * @param wrapped_key_len wrapped key len
2687  * @param attribute_template_ptr new key template
2688  * @param attribute_count template length
2689  * @param key_ptr gets new handle
2690  * @param return_value default value (`ThrowException`): throw exception on error.
2691  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2692  * At least the following PKCS#11 return values may be returned:
2693  * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
2694  * \li AttributeValueInvalid \li BufferTooSmall \li CryptokiNotInitialized
2695  * \li CurveNotSupported \li DeviceError \li DeviceMemory
2696  * \li DeviceRemoved \li DomainParamsInvalid \li FunctionCanceled
2697  * \li FunctionFailed \li GeneralError \li HostMemory
2698  * \li MechanismInvalid \li MechanismParamInvalid \li OK
2699  * \li OperationActive \li PinExpired \li SessionClosed
2700  * \li SessionHandleInvalid \li SessionReadOnly \li TemplateIncomplete
2701  * \li TemplateInconsistent \li TokenWriteProtected \li UnwrappingKeyHandleInvalid
2702  * \li UnwrappingKeySizeRange \li UnwrappingKeyTypeInconsistent \li UserNotLoggedIn
2703  * \li WrappedKeyInvalid \li WrappedKeyLenRange
2704  * @return true on success, false otherwise
2705  */
2706  bool C_UnwrapKey(SessionHandle session,
2707  Mechanism* mechanism_ptr,
2708  ObjectHandle unwrapping_key,
2709  Byte* wrapped_key_ptr,
2710  Ulong wrapped_key_len,
2711  Attribute* attribute_template_ptr,
2712  Ulong attribute_count,
2713  ObjectHandle* key_ptr,
2714  ReturnValue* return_value = ThrowException) const;
2715 
2716  /**
2717  * C_DeriveKey derives a key from a base key, creating a new key object.
2718  * @param session session's handle
2719  * @param mechanism_ptr key deriv. mech.
2720  * @param base_key base key
2721  * @param attribute_template_ptr new key template
2722  * @param attribute_count template length
2723  * @param key_ptr gets new handle
2724  * @param return_value default value (`ThrowException`): throw exception on error.
2725  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2726  * At least the following PKCS#11 return values may be returned:
2727  * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
2728  * \li AttributeValueInvalid \li CryptokiNotInitialized \li CurveNotSupported
2729  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2730  * \li DomainParamsInvalid \li FunctionCanceled \li FunctionFailed
2731  * \li GeneralError \li HostMemory \li KeyHandleInvalid
2732  * \li KeySizeRange \li KeyTypeInconsistent \li MechanismInvalid
2733  * \li MechanismParamInvalid \li OK \li OperationActive
2734  * \li PinExpired \li SessionClosed \li SessionHandleInvalid
2735  * \li SessionReadOnly \li TemplateIncomplete \li TemplateInconsistent
2736  * \li TokenWriteProtected \li UserNotLoggedIn
2737  * @return true on success, false otherwise
2738  */
2739  bool C_DeriveKey(SessionHandle session,
2740  Mechanism* mechanism_ptr,
2741  ObjectHandle base_key,
2742  Attribute* attribute_template_ptr,
2743  Ulong attribute_count,
2744  ObjectHandle* key_ptr,
2745  ReturnValue* return_value = ThrowException) const;
2746 
2747  /****************************** Random number generation functions ******************************/
2748 
2749  /**
2750  * C_SeedRandom mixes additional seed material into the token's random number generator.
2751  * @param session the session's handle
2752  * @param seed_ptr the seed material
2753  * @param seed_len length of seed material
2754  * @param return_value default value (`ThrowException`): throw exception on error.
2755  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2756  * At least the following PKCS#11 return values may be returned:
2757  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2758  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2759  * \li FunctionFailed \li GeneralError \li HostMemory
2760  * \li OK \li OperationActive \li RandomSeedNotSupported
2761  * \li RandomNoRng \li SessionClosed \li SessionHandleInvalid
2762  * \li UserNotLoggedIn
2763  * @return true on success, false otherwise
2764  */
2765  bool C_SeedRandom(SessionHandle session,
2766  Byte* seed_ptr,
2767  Ulong seed_len,
2768  ReturnValue* return_value = ThrowException) const;
2769 
2770  /**
2771  * C_GenerateRandom generates random data.
2772  * @param session the session's handle
2773  * @param random_data_ptr receives the random data
2774  * @param random_len # of bytes to generate
2775  * @param return_value default value (`ThrowException`): throw exception on error.
2776  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2777  * At least the following PKCS#11 return values may be returned:
2778  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2779  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2780  * \li FunctionFailed \li GeneralError \li HostMemory
2781  * \li OK \li OperationActive \li RandomNoRng
2782  * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2783  * @return true on success, false otherwise
2784  */
2785  bool C_GenerateRandom(SessionHandle session,
2786  Byte* random_data_ptr,
2787  Ulong random_len,
2788  ReturnValue* return_value = ThrowException) const;
2789 
2790  /****************************** Parallel function management functions ******************************/
2791 
2792  /**
2793  * C_GetFunctionStatus is a legacy function; it obtains an updated status of a function running in parallel with an application.
2794  * @param session the session's handle
2795  * @param return_value default value (`ThrowException`): throw exception on error.
2796  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2797  * At least the following PKCS#11 return values may be returned:
2798  * \li CryptokiNotInitialized \li FunctionFailed \li FunctionNotParallel
2799  * \li GeneralError \li HostMemory \li SessionHandleInvalid
2800  * \li SessionClosed
2801  * @return true on success, false otherwise
2802  */
2803  bool C_GetFunctionStatus(SessionHandle session,
2804  ReturnValue* return_value = ThrowException) const;
2805 
2806  /**
2807  * C_CancelFunction is a legacy function; it cancels a function running in parallel.
2808  * @param session the session's handle
2809  * @param return_value default value (`ThrowException`): throw exception on error.
2810  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2811  * At least the following PKCS#11 return values may be returned:
2812  * \li CryptokiNotInitialized \li FunctionFailed \li FunctionNotParallel
2813  * \li GeneralError \li HostMemory \li SessionHandleInvalid
2814  * \li SessionClosed
2815  * @return true on success, false otherwise
2816  */
2817  bool C_CancelFunction(SessionHandle session,
2818  ReturnValue* return_value = ThrowException) const;
2819 
2820  private:
2821  const FunctionListPtr m_func_list_ptr;
2822  };
2823 
2824 class PKCS11_Error : public Exception
2825  {
2826  public:
2827  explicit PKCS11_Error(const std::string& what) :
2828  Exception("PKCS11 error", what)
2829  {
2830  }
2831  };
2832 
2833 class PKCS11_ReturnError final : public PKCS11_Error
2834  {
2835  public:
2836  explicit PKCS11_ReturnError(ReturnValue return_val) :
2837  PKCS11_Error(std::to_string(static_cast< uint32_t >(return_val))),
2838  m_return_val(return_val)
2839  {}
2840 
2842  {
2843  return m_return_val;
2844  }
2845 
2846  private:
2847  const ReturnValue m_return_val;
2848  };
2849 
2850 }
2851 
2852 }
2853 
2854 #endif
#define CKF_EXCLUDE_COUNTER
Definition: pkcs11t.h:1811
#define CKA_CHAR_ROWS
Definition: pkcs11t.h:546
#define CKM_DES3_CBC_ENCRYPT_DATA
Definition: pkcs11t.h:940
#define CKK_RC2
Definition: pkcs11t.h:347
struct CK_RSA_PKCS_OAEP_PARAMS CK_RSA_PKCS_OAEP_PARAMS
#define CKP_PKCS5_PBKD2_HMAC_SHA512
Definition: pkcs11t.h:1724
#define CKF_EC_NAMEDCURVE
Definition: pkcs11t.h:1025
CK_UTF8CHAR Utf8Char
Definition: p11.h:841
#define CKM_HOTP_KEY_GEN
Definition: pkcs11t.h:721
#define CKM_AES_CFB64
Definition: pkcs11t.h:964
#define CKM_CAST128_CBC
Definition: pkcs11t.h:744
#define CKM_SHA512_RSA_PKCS_PSS
Definition: pkcs11t.h:626
#define CKR_RANDOM_SEED_NOT_SUPPORTED
Definition: pkcs11t.h:1129
CK_NOTIFY Notify
Definition: p11.h:842
#define CKR_DEVICE_REMOVED
Definition: pkcs11t.h:1062
#define CKM_DSA_PARAMETER_GEN
Definition: pkcs11t.h:957
#define CKM_AES_CMAC_GENERAL
Definition: pkcs11t.h:924
#define CKM_SHA_1_HMAC_GENERAL
Definition: pkcs11t.h:698
#define CKR_FIPS_SELF_TEST_FAILED
Definition: pkcs11t.h:1151
#define CKM_XOR_BASE_AND_DATA
Definition: pkcs11t.h:767
void change_pin(Slot &slot, const secure_string &old_pin, const secure_string &new_pin)
Definition: p11.cpp:52
#define CKF_USER_PIN_INITIALIZED
Definition: pkcs11t.h:158
#define CKA_HW_FEATURE_TYPE
Definition: pkcs11t.h:539
#define CKM_SHA384_KEY_DERIVATION
Definition: pkcs11t.h:788
#define CKF_SIGN
Definition: pkcs11t.h:1009
#define CKM_KEA_DERIVE
Definition: pkcs11t.h:878
CK_ULONG CK_SLOT_ID
Definition: pkcs11t.h:104
#define CKM_TLS_PRE_MASTER_KEY_GEN
Definition: pkcs11t.h:774
Flag operator|(Flag a, Flag b)
Definition: p11.h:265
#define CKA_TRUSTED
Definition: pkcs11t.h:450
#define CKM_RIPEMD128_HMAC_GENERAL
Definition: pkcs11t.h:702
#define CKR_ENCRYPTED_DATA_INVALID
Definition: pkcs11t.h:1063
#define CKM_PBE_MD5_CAST_CBC
Definition: pkcs11t.h:794
#define CKR_PIN_EXPIRED
Definition: pkcs11t.h:1093
#define CKH_MONOTONIC_COUNTER
Definition: pkcs11t.h:330
#define CKM_RSA_X_509
Definition: pkcs11t.h:589
#define CKA_ENCODING_METHODS
Definition: pkcs11t.h:551
#define CKM_DES_CFB8
Definition: pkcs11t.h:683
#define CKH_USER_INTERFACE
Definition: pkcs11t.h:332
#define CKA_PRIME_1
Definition: pkcs11t.h:478
#define CKG_MGF1_SHA256
Definition: pkcs11t.h:1247
#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC
Definition: pkcs11t.h:813
#define CKR_KEY_NEEDED
Definition: pkcs11t.h:1077
#define CKA_WRAP_WITH_TRUSTED
Definition: pkcs11t.h:515
#define CKR_SAVED_STATE_INVALID
Definition: pkcs11t.h:1138
#define CKM_KEY_WRAP_LYNKS
Definition: pkcs11t.h:829
#define CKA_PRIVATE_EXPONENT
Definition: pkcs11t.h:477
#define CKM_CAST_KEY_GEN
Definition: pkcs11t.h:726
#define CKK_CAST128
Definition: pkcs11t.h:355
#define CKM_SHA512_RSA_PKCS
Definition: pkcs11t.h:623
#define CKM_IDEA_KEY_GEN
Definition: pkcs11t.h:757
#define CKM_SHA224_RSA_PKCS
Definition: pkcs11t.h:628
#define CKM_SEED_CBC_ENCRYPT_DATA
Definition: pkcs11t.h:863
#define CKF_TOKEN_PRESENT
Definition: pkcs11t.h:122
#define CKM_GOSTR3410_WITH_GOSTR3411
Definition: pkcs11t.h:946
#define CKM_SHA256_HMAC
Definition: pkcs11t.h:708
CK_UNLOCKMUTEX UnlockMutex
Definition: p11.h:831
#define CKM_CAMELLIA_MAC_GENERAL
Definition: pkcs11t.h:841
#define CKR_CANCEL
Definition: pkcs11t.h:1039
#define CKM_PBE_SHA1_RC2_128_CBC
Definition: pkcs11t.h:804
#define CKA_UNWRAP_TEMPLATE
Definition: pkcs11t.h:517
#define CKA_SUBJECT
Definition: pkcs11t.h:460
#define CKA_EC_PARAMS
Definition: pkcs11t.h:506
#define CKA_OTP_SERVICE_LOGO_TYPE
Definition: pkcs11t.h:533
#define CKF_EC_ECPARAMETERS
Definition: pkcs11t.h:1024
#define CKM_DES3_CMAC_GENERAL
Definition: pkcs11t.h:671
#define CKM_CDMF_CBC
Definition: pkcs11t.h:675
#define CKM_CAST5_CBC
Definition: pkcs11t.h:743
#define CKD_SHA1_KDF_CONCATENATE
Definition: pkcs11t.h:1295
#define CKF_PROTECTED_AUTHENTICATION_PATH
Definition: pkcs11t.h:177
bool C_Login(SessionHandle session, UserType user_type, const std::vector< uint8_t, TAlloc > &pin, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1421
#define CKM_RC2_ECB
Definition: pkcs11t.h:646
#define CKK_VENDOR_DEFINED
Definition: pkcs11t.h:387
#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT
Definition: pkcs11t.h:1115
#define CKM_SHA512_HMAC
Definition: pkcs11t.h:717
#define CKM_TLS_KDF
Definition: pkcs11t.h:827
#define CKF_GENERATE_KEY_PAIR
Definition: pkcs11t.h:1014
#define CKK_SHA224_HMAC
Definition: pkcs11t.h:378
CK_ULONG CK_MECHANISM_TYPE
Definition: pkcs11t.h:583
#define CKM_ARIA_ECB_ENCRYPT_DATA
Definition: pkcs11t.h:853
#define CKM_PBE_MD5_CAST5_CBC
Definition: pkcs11t.h:796
#define CKA_CHAR_COLUMNS
Definition: pkcs11t.h:547
#define CKU_CONTEXT_SPECIFIC
Definition: pkcs11t.h:268
#define CKA_LABEL
Definition: pkcs11t.h:440
#define CKA_ISSUER
Definition: pkcs11t.h:445
CK_ULONG CK_NOTIFICATION
Definition: pkcs11t.h:100
#define CKM_BATON_WRAP
Definition: pkcs11t.h:886
#define CKS_RW_USER_FUNCTIONS
Definition: pkcs11t.h:275
#define CKM_SEED_ECB_ENCRYPT_DATA
Definition: pkcs11t.h:862
#define CKM_SKIPJACK_CFB8
Definition: pkcs11t.h:872
#define CKM_ECDSA_SHA256
Definition: pkcs11t.h:894
#define CKM_ECDSA_SHA224
Definition: pkcs11t.h:893
#define CKA_ATTR_TYPES
Definition: pkcs11t.h:449
#define CKA_MIME_TYPES
Definition: pkcs11t.h:552
CK_BYTE CK_BBOOL
Definition: pkcs11t.h:45
CertificateType
Definition: p11.h:175
#define CKA_OTP_COUNTER_REQUIREMENT
Definition: pkcs11t.h:526
#define CKA_REQUIRED_CMS_ATTRIBUTES
Definition: pkcs11t.h:554
#define CKA_EXTRACTABLE
Definition: pkcs11t.h:494
#define CKR_DEVICE_ERROR
Definition: pkcs11t.h:1060
#define CKR_SIGNATURE_INVALID
Definition: pkcs11t.h:1106
#define CKK_ARIA
Definition: pkcs11t.h:369
#define CKR_FUNCTION_CANCELED
Definition: pkcs11t.h:1065
#define CKM_PBA_SHA1_WITH_SHA1_HMAC
Definition: pkcs11t.h:809
#define CK_CERTIFICATE_CATEGORY_OTHER_ENTITY
Definition: pkcs11t.h:398
#define CKM_JUNIPER_COUNTER
Definition: pkcs11t.h:908
#define CKM_DSA_SHA512
Definition: pkcs11t.h:611
#define CKF_LIBRARY_CANT_CREATE_OS_THREADS
Definition: pkcs11t.h:1225
#define CKA_EC_POINT
Definition: pkcs11t.h:508
#define CKM_CAMELLIA_CBC_ENCRYPT_DATA
Definition: pkcs11t.h:844
#define CKM_CAST5_ECB
Definition: pkcs11t.h:741
#define CKD_SHA384_KDF
Definition: pkcs11t.h:1298
#define CKM_CAST3_KEY_GEN
Definition: pkcs11t.h:732
#define CKK_HOTP
Definition: pkcs11t.h:366
struct CK_TOKEN_INFO CK_TOKEN_INFO
#define CKK_SHA256_HMAC
Definition: pkcs11t.h:375
#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE
Definition: pkcs11t.h:815
#define CKM_CDMF_CBC_PAD
Definition: pkcs11t.h:678
#define CKM_DES3_CMAC
Definition: pkcs11t.h:672
#define CKM_SKIPJACK_WRAP
Definition: pkcs11t.h:873
#define CKA_COEFFICIENT
Definition: pkcs11t.h:482
#define CKM_RC2_KEY_GEN
Definition: pkcs11t.h:645
#define CKM_RSA_PKCS_TPM_1_1
Definition: pkcs11t.h:972
#define CKC_WTLS
Definition: pkcs11t.h:409
#define CKM_RSA_PKCS
Definition: pkcs11t.h:587
#define CKK_CAST
Definition: pkcs11t.h:352
AttributeType
Definition: p11.h:63
#define CK_CERTIFICATE_CATEGORY_AUTHORITY
Definition: pkcs11t.h:397
#define CKM_CDMF_MAC
Definition: pkcs11t.h:676
#define CKR_ATTRIBUTE_SENSITIVE
Definition: pkcs11t.h:1052
#define CKM_RSA_PKCS_KEY_PAIR_GEN
Definition: pkcs11t.h:586
#define CKM_SKIPJACK_KEY_GEN
Definition: pkcs11t.h:865
#define CKR_NO_EVENT
Definition: pkcs11t.h:1047
#define CKM_CAMELLIA_ECB_ENCRYPT_DATA
Definition: pkcs11t.h:843
#define CKM_AES_KEY_WRAP
Definition: pkcs11t.h:969
#define CRYPTOKI_VERSION_MINOR
Definition: pkcs11t.h:20
#define CKM_CAST_MAC_GENERAL
Definition: pkcs11t.h:730
#define CKA_SERIAL_NUMBER
Definition: pkcs11t.h:446
#define CKM_RC5_CBC_PAD
Definition: pkcs11t.h:756
#define CKM_IDEA_CBC
Definition: pkcs11t.h:759
#define CKF_ERROR_STATE
Definition: pkcs11t.h:248
#define CKM_MD5_RSA_PKCS
Definition: pkcs11t.h:592
#define CKM_SHA512_224_KEY_DERIVATION
Definition: pkcs11t.h:634
#define CKM_SKIPJACK_CFB32
Definition: pkcs11t.h:870
#define CKG_MGF1_SHA384
Definition: pkcs11t.h:1248
#define CKM_SHA512_HMAC_GENERAL
Definition: pkcs11t.h:718
#define CKM_AES_CFB128
Definition: pkcs11t.h:966
#define CKR_GENERAL_ERROR
Definition: pkcs11t.h:1043
void set_pin(Slot &slot, const secure_string &so_pin, const secure_string &pin)
Definition: p11.cpp:66
#define CKM_CAMELLIA_CBC_PAD
Definition: pkcs11t.h:842
#define CKD_NULL
Definition: pkcs11t.h:1290
#define CKM_DES3_CBC
Definition: pkcs11t.h:666
#define CKA_PUBLIC_KEY_INFO
Definition: pkcs11t.h:483
#define CKR_OK
Definition: pkcs11t.h:1038
#define CKK_EC
Definition: pkcs11t.h:343
#define CKR_WRAPPING_KEY_SIZE_RANGE
Definition: pkcs11t.h:1127
#define CKM_DES_CFB64
Definition: pkcs11t.h:682
#define CKA_VALUE
Definition: pkcs11t.h:442
#define CKA_KEY_TYPE
Definition: pkcs11t.h:459
#define CKA_ID
Definition: pkcs11t.h:461
#define CKA_OTP_COUNTER
Definition: pkcs11t.h:528
#define CKM_TLS12_MAC
Definition: pkcs11t.h:820
#define CKM_SSL3_MASTER_KEY_DERIVE
Definition: pkcs11t.h:770
#define CKM_AES_KEY_GEN
Definition: pkcs11t.h:913
CK_ULONG CK_OBJECT_HANDLE
Definition: pkcs11t.h:298
#define CKF_SO_PIN_COUNT_LOW
Definition: pkcs11t.h:229
#define CKM_CONCATENATE_BASE_AND_DATA
Definition: pkcs11t.h:765
#define CKF_GENERATE
Definition: pkcs11t.h:1013
struct CK_INFO CK_INFO
#define CKM_CAST128_MAC_GENERAL
Definition: pkcs11t.h:748
#define CKM_KEA_KEY_DERIVE
Definition: pkcs11t.h:877
#define CKA_OBJECT_ID
Definition: pkcs11t.h:443
#define CKM_TLS10_MAC_CLIENT
Definition: pkcs11t.h:819
#define CKM_PBE_SHA1_RC4_40
Definition: pkcs11t.h:801
#define CKA_WRAP
Definition: pkcs11t.h:465
#define CKF_WRITE_PROTECTED
Definition: pkcs11t.h:156
#define CKM_CAST3_CBC_PAD
Definition: pkcs11t.h:737
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:27
#define CKM_RIPEMD128_RSA_PKCS
Definition: pkcs11t.h:595
#define CKM_RC2_CBC
Definition: pkcs11t.h:647
#define CKR_OBJECT_HANDLE_INVALID
Definition: pkcs11t.h:1086
#define CKK_CAMELLIA
Definition: pkcs11t.h:368
#define CKF_USER_FRIENDLY_OTP
Definition: pkcs11t.h:1814
#define CKO_CERTIFICATE
Definition: pkcs11t.h:311
#define CKK_SEED
Definition: pkcs11t.h:380
#define CKM_TLS_MASTER_KEY_DERIVE_DH
Definition: pkcs11t.h:777
#define CKM_TWOFISH_CBC_PAD
Definition: pkcs11t.h:935
#define CKA_GOST28147_PARAMS
Definition: pkcs11t.h:537
#define CKM_KIP_WRAP
Definition: pkcs11t.h:834
#define CKM_SSL3_MD5_MAC
Definition: pkcs11t.h:781
#define CKM_BATON_COUNTER
Definition: pkcs11t.h:884
#define CKM_BATON_ECB96
Definition: pkcs11t.h:882
Flags flags(Flag flags)
Definition: p11.h:858
#define CK_TRUE
Definition: pkcs11t.h:23
#define CKM_GOSTR3410
Definition: pkcs11t.h:945
Definition: bigint.h:635
#define CKM_PBE_SHA1_DES3_EDE_CBC
Definition: pkcs11t.h:802
#define CKH_CLOCK
Definition: pkcs11t.h:331
#define CKR_MUTEX_BAD
Definition: pkcs11t.h:1144
#define CKR_RANDOM_NO_RNG
Definition: pkcs11t.h:1131
PseudoRandom
Definition: p11.h:692
#define CKP_PKCS5_PBKD2_HMAC_SHA512_224
Definition: pkcs11t.h:1725
#define CKM_SHA512_224
Definition: pkcs11t.h:631
PKCS11_Error(const std::string &what)
Definition: p11.h:2827
#define CKM_TWOFISH_KEY_GEN
Definition: pkcs11t.h:932
#define CKA_PIXEL_X
Definition: pkcs11t.h:543
#define CKG_MGF1_SHA1
Definition: pkcs11t.h:1246
#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT
Definition: pkcs11t.h:1128
CK_ULONG Ulong
Definition: p11.h:836
#define CKM_SHA224
Definition: pkcs11t.h:710
#define CKS_RO_PUBLIC_SESSION
Definition: pkcs11t.h:272
#define CKO_SECRET_KEY
Definition: pkcs11t.h:314
#define CKR_ATTRIBUTE_READ_ONLY
Definition: pkcs11t.h:1051
bool C_SignFinal(SessionHandle session, std::vector< uint8_t, TAlloc > &signature, ReturnValue *return_value=ThrowException) const
Definition: p11.h:2240
#define CKM_RC5_MAC_GENERAL
Definition: pkcs11t.h:755
#define CKR_SESSION_EXISTS
Definition: pkcs11t.h:1101
CK_VOID_PTR VoidPtr
Definition: p11.h:826
#define CKM_BLOWFISH_KEY_GEN
Definition: pkcs11t.h:930
#define CKF_HW_SLOT
Definition: pkcs11t.h:124
#define CKR_MUTEX_NOT_LOCKED
Definition: pkcs11t.h:1145
unsigned char CK_BYTE
Definition: pkcs11t.h:36
#define CKM_SEED_MAC
Definition: pkcs11t.h:859
#define CKR_NEXT_OTP
Definition: pkcs11t.h:1148
#define CKM_RSA_9796
Definition: pkcs11t.h:588
unsigned long int CK_ULONG
Definition: pkcs11t.h:48
#define CKM_PBE_SHA1_RC2_40_CBC
Definition: pkcs11t.h:805
#define CKA_ALWAYS_AUTHENTICATE
Definition: pkcs11t.h:513
#define CKA_DERIVE
Definition: pkcs11t.h:471
#define CKK_X9_42_DH
Definition: pkcs11t.h:344
#define CKA_OTP_FORMAT
Definition: pkcs11t.h:520
#define CKF_REMOVABLE_DEVICE
Definition: pkcs11t.h:123
#define CKA_OTP_TIME_REQUIREMENT
Definition: pkcs11t.h:525
#define CKR_TOKEN_WRITE_PROTECTED
Definition: pkcs11t.h:1112
#define CKM_DES3_CBC_PAD
Definition: pkcs11t.h:670
#define CKR_DEVICE_MEMORY
Definition: pkcs11t.h:1061
struct CK_MECHANISM CK_MECHANISM
#define CKM_RC4
Definition: pkcs11t.h:654
#define CKR_INFORMATION_SENSITIVE
Definition: pkcs11t.h:1139
#define CKC_X_509
Definition: pkcs11t.h:407
#define CKM_DES_OFB64
Definition: pkcs11t.h:680
#define CKR_EXCEEDED_MAX_ITERATIONS
Definition: pkcs11t.h:1150
CK_ULONG CK_ATTRIBUTE_TYPE
Definition: pkcs11t.h:416
MechanismType type
#define CKP_PKCS5_PBKD2_HMAC_GOSTR3411
Definition: pkcs11t.h:1720
#define CKM_AES_CTR
Definition: pkcs11t.h:919
#define CKA_PRIVATE
Definition: pkcs11t.h:439
#define CKK_MD5_HMAC
Definition: pkcs11t.h:371
#define CKA_OTP_PIN_REQUIREMENT
Definition: pkcs11t.h:527
#define CKA_ALWAYS_SENSITIVE
Definition: pkcs11t.h:497
#define CKR_PIN_INVALID
Definition: pkcs11t.h:1090
#define CKA_END_DATE
Definition: pkcs11t.h:473
#define CKM_ECDSA_SHA1
Definition: pkcs11t.h:892
#define CKU_SO
Definition: pkcs11t.h:264
#define CKA_OTP_LENGTH
Definition: pkcs11t.h:521
#define CKM_CAST128_ECB
Definition: pkcs11t.h:742
CK_ULONG CK_HW_FEATURE_TYPE
Definition: pkcs11t.h:327
#define CKR_LIBRARY_LOAD_FAILED
Definition: pkcs11t.h:1152
#define CKR_PIN_TOO_WEAK
Definition: pkcs11t.h:1153
#define CKM_SSL3_PRE_MASTER_KEY_GEN
Definition: pkcs11t.h:769
CK_BYTE Byte
Definition: p11.h:847
#define CKM_SHA512_T_HMAC_GENERAL
Definition: pkcs11t.h:642
#define CKA_SIGN
Definition: pkcs11t.h:467
#define CKR_DATA_INVALID
Definition: pkcs11t.h:1058
#define CKM_MD2_HMAC
Definition: pkcs11t.h:687
#define CKM_AES_ECB_ENCRYPT_DATA
Definition: pkcs11t.h:941
#define CKR_ATTRIBUTE_TYPE_INVALID
Definition: pkcs11t.h:1053
#define CKA_VENDOR_DEFINED
Definition: pkcs11t.h:559
#define CKM_AES_XCBC_MAC_96
Definition: pkcs11t.h:927
bool C_VerifyUpdate(SessionHandle session, std::vector< uint8_t, TAlloc > part, ReturnValue *return_value=ThrowException) const
Definition: p11.h:2410
#define CKM_ACTI_KEY_GEN
Definition: pkcs11t.h:724
#define CKM_SHA1_RSA_X9_31
Definition: pkcs11t.h:601
#define CKK_DES2
Definition: pkcs11t.h:350
#define CKM_AES_CCM
Definition: pkcs11t.h:921
#define CKK_RC5
Definition: pkcs11t.h:356
#define CKA_ECDSA_PARAMS
Definition: pkcs11t.h:505
#define CKF_WRAP
Definition: pkcs11t.h:1015
#define CKM_TLS12_KDF
Definition: pkcs11t.h:821
#define CKR_PIN_INCORRECT
Definition: pkcs11t.h:1089
#define CKM_DH_PKCS_PARAMETER_GEN
Definition: pkcs11t.h:958
#define CKA_CERTIFICATE_CATEGORY
Definition: pkcs11t.h:451
#define CKA_LOCAL
Definition: pkcs11t.h:495
#define CKM_SHA1_RSA_PKCS_PSS
Definition: pkcs11t.h:603
#define CKA_EXPONENT_1
Definition: pkcs11t.h:480
#define CKM_TLS10_MAC_SERVER
Definition: pkcs11t.h:818
#define CKR_PUBLIC_KEY_INVALID
Definition: pkcs11t.h:1154
#define CKK_ACTI
Definition: pkcs11t.h:367
#define CKF_LOGIN_REQUIRED
Definition: pkcs11t.h:157
#define CKM_VENDOR_DEFINED
Definition: pkcs11t.h:975
CK_ULONG CK_OBJECT_CLASS
Definition: pkcs11t.h:307
#define CKA_HAS_RESET
Definition: pkcs11t.h:541
#define CKR_STATE_UNSAVEABLE
Definition: pkcs11t.h:1140
bool C_Verify(SessionHandle session, const std::vector< uint8_t, TAllocA > &data, std::vector< uint8_t, TAllocB > &signature, ReturnValue *return_value=ThrowException) const
Definition: p11.h:2367
#define CKM_PBE_SHA1_DES2_EDE_CBC
Definition: pkcs11t.h:803
#define CKR_KEY_INDIGESTIBLE
Definition: pkcs11t.h:1078
#define CKM_PBE_MD5_DES_CBC
Definition: pkcs11t.h:793
#define CKF_NEXT_OTP
Definition: pkcs11t.h:1809
#define CKA_OTP_SERVICE_LOGO
Definition: pkcs11t.h:532
#define CKD_SHA512_KDF
Definition: pkcs11t.h:1299
#define CKF_VERIFY_RECOVER
Definition: pkcs11t.h:1012
struct CK_C_INITIALIZE_ARGS CK_C_INITIALIZE_ARGS
#define CKF_EXTENSION
Definition: pkcs11t.h:1029
#define CKK_GOSTR3410
Definition: pkcs11t.h:381
CK_FUNCTION_LIST_PTR FunctionListPtr
Definition: p11.h:825
#define CKR_ACTION_PROHIBITED
Definition: pkcs11t.h:1056
#define CKM_SHA256
Definition: pkcs11t.h:707
#define CKF_HW
Definition: pkcs11t.h:1003
#define CKF_EC_UNCOMPRESS
Definition: pkcs11t.h:1026
#define CKF_OS_LOCKING_OK
Definition: pkcs11t.h:1226
#define CKF_DERIVE
Definition: pkcs11t.h:1017
#define CKR_USER_TOO_MANY_TYPES
Definition: pkcs11t.h:1122
#define CKM_RC2_MAC
Definition: pkcs11t.h:648
#define CKM_TLS_PRF
Definition: pkcs11t.h:779
#define CKM_X9_42_MQV_DERIVE
Definition: pkcs11t.h:619
#define CKA_SECONDARY_AUTH
Definition: pkcs11t.h:510
#define CKF_EC_F_P
Definition: pkcs11t.h:1022
#define CKM_RIPEMD128
Definition: pkcs11t.h:700
#define CKM_MD5_KEY_DERIVATION
Definition: pkcs11t.h:783
#define CKM_ECDSA_SHA384
Definition: pkcs11t.h:895
#define CKM_SHA1_KEY_DERIVATION
Definition: pkcs11t.h:785
CK_CREATEMUTEX CreateMutex
Definition: p11.h:828
#define CKM_DSA_SHA224
Definition: pkcs11t.h:608
#define CKM_SHA1_RSA_PKCS
Definition: pkcs11t.h:593
#define CKM_AES_CFB1
Definition: pkcs11t.h:968
CK_SESSION_HANDLE SessionHandle
Definition: p11.h:843
#define CKA_CHAR_SETS
Definition: pkcs11t.h:550
#define CKM_MD2_KEY_DERIVATION
Definition: pkcs11t.h:784
#define CKA_ALLOWED_MECHANISMS
Definition: pkcs11t.h:557
#define CKM_DES_CBC
Definition: pkcs11t.h:657
#define CKF_UNWRAP
Definition: pkcs11t.h:1016
#define CKK_GENERIC_SECRET
Definition: pkcs11t.h:346
#define CKM_SHA384_HMAC
Definition: pkcs11t.h:714
#define CKF_RESTORE_KEY_NOT_NEEDED
Definition: pkcs11t.h:165
#define CKR_OPERATION_ACTIVE
Definition: pkcs11t.h:1087
#define CKM_SHA512_224_HMAC_GENERAL
Definition: pkcs11t.h:633
#define CKM_DES_CBC_PAD
Definition: pkcs11t.h:661
#define CKM_RSA_AES_KEY_WRAP
Definition: pkcs11t.h:903
#define CKA_ENCRYPT
Definition: pkcs11t.h:463
#define CKM_FASTHASH
Definition: pkcs11t.h:911
#define CKM_CONCATENATE_BASE_AND_KEY
Definition: pkcs11t.h:764
#define CKM_ECDSA
Definition: pkcs11t.h:891
#define CKM_BATON_ECB128
Definition: pkcs11t.h:881
CK_ULONG CK_SESSION_HANDLE
Definition: pkcs11t.h:256
#define CKR_KEY_NOT_WRAPPABLE
Definition: pkcs11t.h:1080
#define CKA_MODULUS
Definition: pkcs11t.h:474
#define CKM_SHA512_T_KEY_DERIVATION
Definition: pkcs11t.h:643
#define CKS_RO_USER_FUNCTIONS
Definition: pkcs11t.h:273
#define CKM_AES_CBC_PAD
Definition: pkcs11t.h:918
#define CKF_CLOCK_ON_TOKEN
Definition: pkcs11t.h:171
#define CKA_OTP_USER_IDENTIFIER
Definition: pkcs11t.h:530
#define CKM_ARIA_ECB
Definition: pkcs11t.h:848
#define CKK_KEA
Definition: pkcs11t.h:345
#define CKR_FUNCTION_NOT_SUPPORTED
Definition: pkcs11t.h:1068
#define CKM_AES_GCM
Definition: pkcs11t.h:920
#define CKM_KEY_WRAP_SET_OAEP
Definition: pkcs11t.h:830
void change_so_pin(Slot &slot, const secure_string &old_so_pin, const secure_string &new_so_pin)
Definition: p11.cpp:59
#define CKM_SEED_MAC_GENERAL
Definition: pkcs11t.h:860
#define CKR_PIN_LOCKED
Definition: pkcs11t.h:1094
#define CK_CERTIFICATE_CATEGORY_UNSPECIFIED
Definition: pkcs11t.h:395
#define CKM_AES_CMAC
Definition: pkcs11t.h:923
#define CKM_FORTEZZA_TIMESTAMP
Definition: pkcs11t.h:879
#define CKM_JUNIPER_KEY_GEN
Definition: pkcs11t.h:905
#define CKR_FUNCTION_FAILED
Definition: pkcs11t.h:1044
#define CKR_TEMPLATE_INCONSISTENT
Definition: pkcs11t.h:1109
#define CKA_SENSITIVE
Definition: pkcs11t.h:462
#define CKA_PUBLIC_EXPONENT
Definition: pkcs11t.h:476
struct CK_RSA_PKCS_PSS_PARAMS CK_RSA_PKCS_PSS_PARAMS
#define CKK_CDMF
Definition: pkcs11t.h:361
#define CKM_SHA384_RSA_PKCS
Definition: pkcs11t.h:622
#define CKM_SEED_CBC
Definition: pkcs11t.h:858
#define CKM_AES_OFB
Definition: pkcs11t.h:963
#define CKF_EC_COMPRESS
Definition: pkcs11t.h:1027
#define CKM_GOST28147_KEY_GEN
Definition: pkcs11t.h:951
#define CKP_PKCS5_PBKD2_HMAC_SHA1
Definition: pkcs11t.h:1719
#define CKM_ECDSA_SHA512
Definition: pkcs11t.h:896
#define CKM_AES_MAC
Definition: pkcs11t.h:916
CK_ULONG CK_KEY_TYPE
Definition: pkcs11t.h:336
#define CKM_AES_MAC_GENERAL
Definition: pkcs11t.h:917
#define CKD_SHA224_KDF
Definition: pkcs11t.h:1296
#define CKR_ARGUMENTS_BAD
Definition: pkcs11t.h:1046
#define CKA_OWNER
Definition: pkcs11t.h:448
#define CRYPTOKI_VERSION_MAJOR
Definition: pkcs11t.h:19
#define CKF_SECONDARY_AUTHENTICATION
Definition: pkcs11t.h:199
#define CKA_COPYABLE
Definition: pkcs11t.h:501
#define CKP_PKCS5_PBKD2_HMAC_SHA256
Definition: pkcs11t.h:1722
#define CKM_GENERIC_SECRET_KEY_GEN
Definition: pkcs11t.h:763
#define CKM_SHA256_HMAC_GENERAL
Definition: pkcs11t.h:709
#define CKM_BATON_SHUFFLE
Definition: pkcs11t.h:885
#define CKR_BUFFER_TOO_SMALL
Definition: pkcs11t.h:1137
#define CKR_USER_NOT_LOGGED_IN
Definition: pkcs11t.h:1117
#define CKA_PRIME
Definition: pkcs11t.h:484
#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN
Definition: pkcs11t.h:1121
#define CKM_DSA_PROBABLISTIC_PARAMETER_GEN
Definition: pkcs11t.h:960
#define CKR_FUNCTION_NOT_PARALLEL
Definition: pkcs11t.h:1066
#define CKK_SECURID
Definition: pkcs11t.h:365
CK_ULONG CK_RV
Definition: pkcs11t.h:1036
#define CKM_DES_ECB_ENCRYPT_DATA
Definition: pkcs11t.h:937
#define CKM_BATON_KEY_GEN
Definition: pkcs11t.h:880
#define CKM_TLS12_KEY_AND_MAC_DERIVE
Definition: pkcs11t.h:823
bool C_SetPIN(SessionHandle session, const std::vector< uint8_t, TAlloc > &old_pin, const std::vector< uint8_t, TAlloc > &new_pin, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1249
#define CKM_GOSTR3410_KEY_PAIR_GEN
Definition: pkcs11t.h:944
#define CKM_RIPEMD128_HMAC
Definition: pkcs11t.h:701
#define CKM_X9_42_DH_HYBRID_DERIVE
Definition: pkcs11t.h:618
#define CKM_JUNIPER_ECB128
Definition: pkcs11t.h:906
#define CKK_AES
Definition: pkcs11t.h:362
#define CKF_DUAL_CRYPTO_OPERATIONS
Definition: pkcs11t.h:185
#define CKM_PBE_SHA1_CAST128_CBC
Definition: pkcs11t.h:799
#define CKA_GOSTR3410_PARAMS
Definition: pkcs11t.h:535
struct CK_DATE CK_DATE
#define CKM_DES3_ECB
Definition: pkcs11t.h:665
#define CKM_GOSTR3411
Definition: pkcs11t.h:949
#define CKM_SECURID_KEY_GEN
Definition: pkcs11t.h:719
#define CKM_ARIA_MAC
Definition: pkcs11t.h:850
#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE
Definition: pkcs11t.h:816
#define CKM_MD5_HMAC
Definition: pkcs11t.h:692
#define CKM_CAST_CBC
Definition: pkcs11t.h:728
#define CKO_OTP_KEY
Definition: pkcs11t.h:318
#define CKN_OTP_CHANGED
Definition: pkcs11t.h:102
#define CKM_PBE_SHA1_CAST5_CBC
Definition: pkcs11t.h:798
#define CK_FALSE
Definition: pkcs11t.h:24
#define CKR_KEY_TYPE_INCONSISTENT
Definition: pkcs11t.h:1073
#define CKM_KIP_MAC
Definition: pkcs11t.h:835
#define CKO_PUBLIC_KEY
Definition: pkcs11t.h:312
#define CKR_SLOT_ID_INVALID
Definition: pkcs11t.h:1041
#define CKR_CANT_LOCK
Definition: pkcs11t.h:1049
#define CKM_SHA384_HMAC_GENERAL
Definition: pkcs11t.h:715
#define CKF_SO_PIN_LOCKED
Definition: pkcs11t.h:239
#define CKK_JUNIPER
Definition: pkcs11t.h:360
#define CKM_SHA512_KEY_DERIVATION
Definition: pkcs11t.h:789
#define CKK_SKIPJACK
Definition: pkcs11t.h:358
CK_ULONG CK_USER_TYPE
Definition: pkcs11t.h:262
#define CKR_KEY_NOT_NEEDED
Definition: pkcs11t.h:1075
#define CKM_IDEA_ECB
Definition: pkcs11t.h:758
#define CKR_ATTRIBUTE_VALUE_INVALID
Definition: pkcs11t.h:1054
#define CKM_ECDSA_KEY_PAIR_GEN
Definition: pkcs11t.h:888
#define CKM_TLS12_KEY_SAFE_DERIVE
Definition: pkcs11t.h:825
#define CKC_VENDOR_DEFINED
Definition: pkcs11t.h:410
#define CKM_RC5_CBC
Definition: pkcs11t.h:753
#define CKR_SIGNATURE_LEN_RANGE
Definition: pkcs11t.h:1107
#define CKM_ECDH1_DERIVE
Definition: pkcs11t.h:898
bool C_Decrypt(SessionHandle session, const std::vector< uint8_t, TAllocA > &encrypted_data, std::vector< uint8_t, TAllocB > &decrypted_data, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1914
#define CKA_NAME_HASH_ALGORITHM
Definition: pkcs11t.h:456
#define CKM_DES_ECB
Definition: pkcs11t.h:656
#define CKM_DES3_KEY_GEN
Definition: pkcs11t.h:664
#define CKM_CAST3_CBC
Definition: pkcs11t.h:734
#define CKF_USER_PIN_LOCKED
Definition: pkcs11t.h:216
#define CKR_KEY_SIZE_RANGE
Definition: pkcs11t.h:1072
#define CKM_AES_CTS
Definition: pkcs11t.h:922
#define CKK_ECDSA
Definition: pkcs11t.h:342
#define CKA_MECHANISM_TYPE
Definition: pkcs11t.h:553
#define CKM_AES_CFB8
Definition: pkcs11t.h:965
#define CKM_MD5
Definition: pkcs11t.h:690
#define CKM_CAMELLIA_ECB
Definition: pkcs11t.h:838
ReturnValue get_return_value() const
Definition: p11.h:2841
#define CKM_EC_KEY_PAIR_GEN
Definition: pkcs11t.h:889
#define CKM_RC5_KEY_GEN
Definition: pkcs11t.h:751
#define CKG_MGF1_SHA512
Definition: pkcs11t.h:1249
#define CKA_SUBPRIME_BITS
Definition: pkcs11t.h:489
#define CKA_DERIVE_TEMPLATE
Definition: pkcs11t.h:518
#define CKU_USER
Definition: pkcs11t.h:266
#define CKM_MD5_HMAC_GENERAL
Definition: pkcs11t.h:693
#define CKR_CRYPTOKI_ALREADY_INITIALIZED
Definition: pkcs11t.h:1143
HardwareType
Definition: p11.h:279
#define CKK_GOST28147
Definition: pkcs11t.h:383
#define CKF_USER_PIN_COUNT_LOW
Definition: pkcs11t.h:205
#define CKF_RW_SESSION
Definition: pkcs11t.h:289
#define CKM_GOST28147
Definition: pkcs11t.h:953
#define CKM_CONCATENATE_DATA_AND_BASE
Definition: pkcs11t.h:766
#define CKF_SO_PIN_TO_BE_CHANGED
Definition: pkcs11t.h:246
#define CKM_SKIPJACK_RELAYX
Definition: pkcs11t.h:875
#define CKM_WTLS_MASTER_KEY_DERIVE
Definition: pkcs11t.h:812
#define CKM_SHA512
Definition: pkcs11t.h:716
#define CKM_JUNIPER_CBC128
Definition: pkcs11t.h:907
#define CKM_CAMELLIA_CTR
Definition: pkcs11t.h:845
#define CKK_RIPEMD160_HMAC
Definition: pkcs11t.h:374
#define CKM_SHA512_256
Definition: pkcs11t.h:635
#define CKR_NEED_TO_CREATE_THREADS
Definition: pkcs11t.h:1048
#define CKA_PIXEL_Y
Definition: pkcs11t.h:544
Provides access to all PKCS#11 functions.
Definition: p11.h:901
const Bbool False
Definition: p11.h:856
#define CKM_GOSTR3410_DERIVE
Definition: pkcs11t.h:948
#define CKM_MD2_RSA_PKCS
Definition: pkcs11t.h:591
#define CKM_RSA_PKCS_PSS
Definition: pkcs11t.h:602
Definition: alg_id.cpp:13
CK_OBJECT_HANDLE ObjectHandle
Definition: p11.h:846
struct CK_SESSION_INFO CK_SESSION_INFO
#define CKA_TOKEN
Definition: pkcs11t.h:438
#define CKM_CMS_SIG
Definition: pkcs11t.h:832
#define CKR_CRYPTOKI_NOT_INITIALIZED
Definition: pkcs11t.h:1142
#define CKF_VERIFY
Definition: pkcs11t.h:1011
#define CKR_WRAPPING_KEY_HANDLE_INVALID
Definition: pkcs11t.h:1126
#define CKK_RSA
Definition: pkcs11t.h:339
#define CKM_MD2_HMAC_GENERAL
Definition: pkcs11t.h:688
#define CKM_SHA384_RSA_PKCS_PSS
Definition: pkcs11t.h:625
bool C_Sign(SessionHandle session, const std::vector< uint8_t, TAllocA > &data, std::vector< uint8_t, TAllocB > &signature, ReturnValue *return_value=ThrowException) const
Definition: p11.h:2146
#define CKR_TOKEN_NOT_PRESENT
Definition: pkcs11t.h:1110
#define CKF_SIGN_RECOVER
Definition: pkcs11t.h:1010
#define CKM_DES_CBC_ENCRYPT_DATA
Definition: pkcs11t.h:938
#define CKM_DES_KEY_GEN
Definition: pkcs11t.h:655
#define CKM_TLS_MASTER_KEY_DERIVE
Definition: pkcs11t.h:775
#define CKK_RC4
Definition: pkcs11t.h:348
#define CKR_UNWRAPPING_KEY_HANDLE_INVALID
Definition: pkcs11t.h:1113
#define CKM_WTLS_PRF
Definition: pkcs11t.h:814
CK_LOCKMUTEX LockMutex
Definition: p11.h:830
#define CKM_AES_ECB
Definition: pkcs11t.h:914
#define CKF_DECRYPT
Definition: pkcs11t.h:1007
#define CKO_DATA
Definition: pkcs11t.h:310
#define CKM_CAST3_MAC
Definition: pkcs11t.h:735
#define CKM_JUNIPER_SHUFFLE
Definition: pkcs11t.h:909
#define CKR_FUNCTION_REJECTED
Definition: pkcs11t.h:1156
#define CKA_GOSTR3411_PARAMS
Definition: pkcs11t.h:536
#define CKM_RIPEMD160_HMAC
Definition: pkcs11t.h:704
CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR
Definition: pkcs11t.h:1175
#define CKM_SKIPJACK_OFB64
Definition: pkcs11t.h:868
#define CKO_MECHANISM
Definition: pkcs11t.h:317
#define CKM_CAST_ECB
Definition: pkcs11t.h:727
#define CKA_APPLICATION
Definition: pkcs11t.h:441
#define CKA_OTP_USER_FRIENDLY_MODE
Definition: pkcs11t.h:523
#define CKA_SUPPORTED_CMS_ATTRIBUTES
Definition: pkcs11t.h:556
void initialize_token(Slot &slot, const std::string &label, const secure_string &so_pin, const secure_string &pin)
Definition: p11.cpp:46
#define CKO_HW_FEATURE
Definition: pkcs11t.h:315
#define CKF_SO_PIN_FINAL_TRY
Definition: pkcs11t.h:234
#define CKF_DONT_BLOCK
Definition: pkcs11t.h:1234
#define CKK_DES3
Definition: pkcs11t.h:351
bool C_Encrypt(SessionHandle session, const std::vector< uint8_t, TAllocA > &plaintext_data, std::vector< uint8_t, TAllocB > &encrypted_data, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1787
CK_BYTE CK_UTF8CHAR
Definition: pkcs11t.h:42
CK_ULONG CK_STATE
Definition: pkcs11t.h:271
#define CKP_PKCS5_PBKD2_HMAC_SHA224
Definition: pkcs11t.h:1721
#define CKM_SKIPJACK_CBC64
Definition: pkcs11t.h:867
#define CKK_TWOFISH
Definition: pkcs11t.h:364
CK_FLAGS Flags
Definition: p11.h:832
#define CKM_RC5_MAC
Definition: pkcs11t.h:754
bool C_InitToken(SlotId slot_id, const std::vector< uint8_t, TAlloc > &so_pin, const std::string &label, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1148
#define CKO_VENDOR_DEFINED
Definition: pkcs11t.h:320
#define CKM_CAST5_CBC_PAD
Definition: pkcs11t.h:749
#define CKR_TOKEN_NOT_RECOGNIZED
Definition: pkcs11t.h:1111
#define CKM_CAST5_MAC_GENERAL
Definition: pkcs11t.h:747
#define CKA_URL
Definition: pkcs11t.h:453
const Bbool True
Definition: p11.h:855
#define CKR_SESSION_PARALLEL_NOT_SUPPORTED
Definition: pkcs11t.h:1099
#define CKM_ECDH1_COFACTOR_DERIVE
Definition: pkcs11t.h:899
CK_ULONG CK_FLAGS
Definition: pkcs11t.h:54
#define CKA_NEVER_EXTRACTABLE
Definition: pkcs11t.h:496
#define CKK_SHA_1_HMAC
Definition: pkcs11t.h:372
#define CKF_DIGEST
Definition: pkcs11t.h:1008
#define CKM_CDMF_KEY_GEN
Definition: pkcs11t.h:673
#define CKK_CAST5
Definition: pkcs11t.h:354
#define CKA_CLASS
Definition: pkcs11t.h:437
#define CKM_CAMELLIA_CBC
Definition: pkcs11t.h:839
#define CKM_SHA224_HMAC_GENERAL
Definition: pkcs11t.h:712
#define CKD_SHA256_KDF
Definition: pkcs11t.h:1297
#define CKA_AC_ISSUER
Definition: pkcs11t.h:447
#define CKA_CHECK_VALUE
Definition: pkcs11t.h:457
CK_ULONG CK_CERTIFICATE_TYPE
Definition: pkcs11t.h:393
#define CKG_MGF1_SHA224
Definition: pkcs11t.h:1250
#define CKM_JUNIPER_WRAP
Definition: pkcs11t.h:910
#define CKM_SHA512_256_HMAC_GENERAL
Definition: pkcs11t.h:637
#define CKM_AES_KEY_WRAP_PAD
Definition: pkcs11t.h:970
#define CKM_TLS12_MASTER_KEY_DERIVE_DH
Definition: pkcs11t.h:824
#define CKM_CAST128_MAC
Definition: pkcs11t.h:746
CK_SLOT_ID SlotId
Definition: p11.h:835
#define CKA_VERIFY_RECOVER
Definition: pkcs11t.h:470
#define CKA_RESET_ON_INIT
Definition: pkcs11t.h:540
#define CKM_CAST_MAC
Definition: pkcs11t.h:729
#define CKM_DES3_MAC_GENERAL
Definition: pkcs11t.h:669
#define CKR_USER_TYPE_INVALID
Definition: pkcs11t.h:1119
#define CKA_BASE
Definition: pkcs11t.h:486
#define CKM_PKCS5_PBKD2
Definition: pkcs11t.h:807
#define CKA_OTP_TIME
Definition: pkcs11t.h:529
#define CKO_PRIVATE_KEY
Definition: pkcs11t.h:313
#define CKA_VERIFY
Definition: pkcs11t.h:469
#define CKM_X9_42_DH_PARAMETER_GEN
Definition: pkcs11t.h:959
#define CKF_ENCRYPT
Definition: pkcs11t.h:1006
#define CKH_VENDOR_DEFINED
Definition: pkcs11t.h:333
#define CKM_KIP_DERIVE
Definition: pkcs11t.h:833
#define CKM_AES_XCBC_MAC
Definition: pkcs11t.h:926
#define CKR_UNWRAPPING_KEY_SIZE_RANGE
Definition: pkcs11t.h:1114
#define CKR_SESSION_HANDLE_INVALID
Definition: pkcs11t.h:1098
#define CKM_RIPEMD160_HMAC_GENERAL
Definition: pkcs11t.h:705
#define CKA_BITS_PER_PIXEL
Definition: pkcs11t.h:549
#define CKF_RNG
Definition: pkcs11t.h:155
std::string to_string(const secure_vector< uint8_t > &bytes)
Definition: stl_util.h:25
#define CKA_SUBPRIME
Definition: pkcs11t.h:485
#define CKR_USER_ALREADY_LOGGED_IN
Definition: pkcs11t.h:1116
#define CKM_SKIPJACK_ECB64
Definition: pkcs11t.h:866
#define CKM_SSL3_KEY_AND_MAC_DERIVE
Definition: pkcs11t.h:771
MechanismType
Definition: p11.h:335
#define CKM_RC2_CBC_PAD
Definition: pkcs11t.h:651
#define CKM_ARIA_MAC_GENERAL
Definition: pkcs11t.h:851
#define CKA_COLOR
Definition: pkcs11t.h:548
#define CKM_EXTRACT_KEY_FROM_KEY
Definition: pkcs11t.h:768
#define CKR_PIN_LEN_RANGE
Definition: pkcs11t.h:1091
#define CKC_X_509_ATTR_CERT
Definition: pkcs11t.h:408
#define CKA_SIGN_RECOVER
Definition: pkcs11t.h:468
#define CKM_BATON_CBC128
Definition: pkcs11t.h:883
#define CKM_RSA_PKCS_OAEP_TPM_1_1
Definition: pkcs11t.h:973
#define CKA_DEFAULT_CMS_ATTRIBUTES
Definition: pkcs11t.h:555
#define CKO_DOMAIN_PARAMETERS
Definition: pkcs11t.h:316
#define CKR_KEY_UNEXTRACTABLE
Definition: pkcs11t.h:1081
#define CKN_SURRENDER
Definition: pkcs11t.h:101
#define CKM_CAST3_ECB
Definition: pkcs11t.h:733
#define CKM_IDEA_MAC
Definition: pkcs11t.h:760
#define CKM_KEA_KEY_PAIR_GEN
Definition: pkcs11t.h:876
#define CKM_GOST28147_KEY_WRAP
Definition: pkcs11t.h:955
#define CKM_TLS_MAC
Definition: pkcs11t.h:826
#define CKM_AES_CBC
Definition: pkcs11t.h:915
bool C_SetAttributeValue(SessionHandle session, ObjectHandle object, std::map< AttributeType, std::vector< uint8_t, TAlloc >> &attribute_values, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1649
#define CKR_SESSION_READ_ONLY_EXISTS
Definition: pkcs11t.h:1103
#define CKM_DES_OFB8
Definition: pkcs11t.h:681
struct CK_SLOT_INFO CK_SLOT_INFO
#define CKK_BLOWFISH
Definition: pkcs11t.h:363
#define CKR_WRAPPED_KEY_LEN_RANGE
Definition: pkcs11t.h:1125
KeyDerivation
Definition: p11.h:193
#define CKF_SERIAL_SESSION
Definition: pkcs11t.h:290
#define CKA_KEY_GEN_MECHANISM
Definition: pkcs11t.h:498
struct CK_ECDH1_DERIVE_PARAMS CK_ECDH1_DERIVE_PARAMS
void CK_PTR CK_VOID_PTR
Definition: pkcs11t.h:66
#define CKR_MECHANISM_INVALID
Definition: pkcs11t.h:1083
#define CKM_PBE_MD2_DES_CBC
Definition: pkcs11t.h:792
#define CKM_CDMF_ECB
Definition: pkcs11t.h:674
#define CKM_SHA512_T
Definition: pkcs11t.h:640
#define CKR_KEY_FUNCTION_NOT_PERMITTED
Definition: pkcs11t.h:1079
#define CKM_DSA_KEY_PAIR_GEN
Definition: pkcs11t.h:605
#define CKK_SHA384_HMAC
Definition: pkcs11t.h:376
#define CKF_USER_PIN_TO_BE_CHANGED
Definition: pkcs11t.h:223
bool C_SignUpdate(SessionHandle session, const std::vector< uint8_t, TAlloc > &part, ReturnValue *return_value=ThrowException) const
Definition: p11.h:2196
#define CKR_VENDOR_DEFINED
Definition: pkcs11t.h:1158
#define CKA_DECRYPT
Definition: pkcs11t.h:464
#define CKA_OTP_TIME_INTERVAL
Definition: pkcs11t.h:522
#define CKM_ARIA_CBC_ENCRYPT_DATA
Definition: pkcs11t.h:854
#define CKP_PKCS5_PBKD2_HMAC_SHA512_256
Definition: pkcs11t.h:1726
#define CKM_DES3_MAC
Definition: pkcs11t.h:667
#define CKK_DES
Definition: pkcs11t.h:349
#define CKR_SESSION_READ_ONLY
Definition: pkcs11t.h:1100
#define CKK_CAST3
Definition: pkcs11t.h:353
#define CKF_EXCLUDE_TIME
Definition: pkcs11t.h:1810
#define CKM_DSA_SHA1
Definition: pkcs11t.h:607
#define CKM_GOST28147_MAC
Definition: pkcs11t.h:954
secure_vector< uint8_t > secure_string
Definition: p11.h:61
#define CKR_MECHANISM_PARAM_INVALID
Definition: pkcs11t.h:1084
#define CKM_WTLS_PRE_MASTER_KEY_GEN
Definition: pkcs11t.h:811
#define CKF_TOKEN_INITIALIZED
Definition: pkcs11t.h:193
#define CKK_SHA512_HMAC
Definition: pkcs11t.h:377
#define CKM_GOSTR3411_HMAC
Definition: pkcs11t.h:950
#define CKM_DES3_ECB_ENCRYPT_DATA
Definition: pkcs11t.h:939
CK_ULONG CK_RSA_PKCS_MGF_TYPE
Definition: pkcs11t.h:1241
#define CKM_ECDH_AES_KEY_WRAP
Definition: pkcs11t.h:902
#define CKM_PBE_SHA1_RC4_128
Definition: pkcs11t.h:800
#define CKA_EXPONENT_2
Definition: pkcs11t.h:481
#define CKP_PKCS5_PBKD2_HMAC_SHA384
Definition: pkcs11t.h:1723
PKCS11_ReturnError(ReturnValue return_val)
Definition: p11.h:2836
#define CKM_SHA224_KEY_DERIVATION
Definition: pkcs11t.h:790
#define CKM_CAST3_MAC_GENERAL
Definition: pkcs11t.h:736
#define CKA_VALUE_BITS
Definition: pkcs11t.h:492
#define CKK_DH
Definition: pkcs11t.h:341
#define CKR_KEY_HANDLE_INVALID
Definition: pkcs11t.h:1070
#define CKM_GOSTR3410_KEY_WRAP
Definition: pkcs11t.h:947
#define CKM_AES_GMAC
Definition: pkcs11t.h:928
#define CKA_DESTROYABLE
Definition: pkcs11t.h:503
struct CK_MECHANISM_INFO CK_MECHANISM_INFO
#define CKM_RIPEMD160
Definition: pkcs11t.h:703
#define CKR_NEW_PIN_MODE
Definition: pkcs11t.h:1147
#define CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN
Definition: pkcs11t.h:961
#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY
Definition: pkcs11t.h:454
#define CKM_CAST_CBC_PAD
Definition: pkcs11t.h:731
#define CKS_RW_PUBLIC_SESSION
Definition: pkcs11t.h:274
#define CKR_KEY_CHANGED
Definition: pkcs11t.h:1076
#define CKM_SHA512_256_HMAC
Definition: pkcs11t.h:636
CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE
Definition: pkcs11t.h:1714
#define CKM_PBE_MD5_CAST3_CBC
Definition: pkcs11t.h:795
#define CKM_SHA512_256_KEY_DERIVATION
Definition: pkcs11t.h:638
#define CKR_DOMAIN_PARAMS_INVALID
Definition: pkcs11t.h:1133
#define CKA_PRIME_2
Definition: pkcs11t.h:479
#define CKM_SKIPJACK_PRIVATE_WRAP
Definition: pkcs11t.h:874
#define CKA_MODIFIABLE
Definition: pkcs11t.h:500
#define CKM_RC4_KEY_GEN
Definition: pkcs11t.h:653
#define CKM_ACTI
Definition: pkcs11t.h:723
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:88
#define CKM_SHA224_HMAC
Definition: pkcs11t.h:711
#define CKR_USER_PIN_NOT_INITIALIZED
Definition: pkcs11t.h:1118
#define CKM_SEED_KEY_GEN
Definition: pkcs11t.h:856
#define CKM_RSA_PKCS_OAEP
Definition: pkcs11t.h:597
#define CKM_SEED_ECB
Definition: pkcs11t.h:857
#define CKM_ARIA_KEY_GEN
Definition: pkcs11t.h:847
Notification
Definition: p11.h:672
#define CKD_SHA1_KDF
Definition: pkcs11t.h:1291
#define CKA_WRAP_TEMPLATE
Definition: pkcs11t.h:516
#define CKF_EXCLUDE_PIN
Definition: pkcs11t.h:1813