12#include <botan/secmem.h>
13#include <botan/exceptn.h>
22#define CK_DECLARE_FUNCTION(returnType, name) \
23 returnType __declspec(dllimport) name
25#define CK_DECLARE_FUNCTION(returnType, name) \
30#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
31 returnType __declspec(dllimport) (* name)
33#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
37#define CK_CALLBACK_FUNCTION(returnType, name) \
41 #define NULL_PTR nullptr
45 #pragma pack(push, cryptoki, 1)
51 #pragma pack(pop, cryptoki)
55 "The Botan PKCS#11 module was implemented against PKCS#11 v2.40. Please use the correct PKCS#11 headers.");
59class Dynamically_Loaded_Library;
922 bool C_Initialize(
VoidPtr init_args,
935 bool C_Finalize(
VoidPtr reserved,
948 bool C_GetInfo(
Info* info_ptr,
980 bool C_GetSlotList(
Bbool token_present,
997 bool C_GetSlotList(
bool token_present,
998 std::vector<SlotId>& slot_ids,
1013 bool C_GetSlotInfo(
SlotId slot_id,
1030 bool C_GetTokenInfo(
SlotId slot_id,
1067 bool C_GetMechanismList(
SlotId slot_id,
1086 bool C_GetMechanismList(
SlotId slot_id,
1087 std::vector<MechanismType>& mechanisms,
1105 bool C_GetMechanismInfo(
SlotId slot_id,
1127 bool C_InitToken(
SlotId slot_id,
1149 template<
typename TAlloc>
1151 const std::vector<uint8_t, TAlloc>& so_pin,
1152 const std::string& label,
1155 std::string padded_label = label;
1156 if(label.size() < 32)
1158 padded_label.insert(padded_label.end(), 32 - label.size(),
' ');
1161 return C_InitToken(slot_id,
1162 reinterpret_cast< Utf8Char*
>(
const_cast< uint8_t*
>(so_pin.data())),
1163 static_cast<Ulong>(so_pin.size()),
1164 reinterpret_cast< Utf8Char*
>(
const_cast< char*
>(padded_label.c_str())),
1204 template<
typename TAlloc>
1206 const std::vector<uint8_t, TAlloc>& pin,
1209 return C_InitPIN(session,
1210 reinterpret_cast< Utf8Char*
>(
const_cast< uint8_t*
>(pin.data())),
1211 static_cast<Ulong>(pin.size()),
1256 template<
typename TAlloc>
1258 const std::vector<uint8_t, TAlloc>& old_pin,
1259 const std::vector<uint8_t, TAlloc>& new_pin,
1262 return C_SetPIN(session,
1263 reinterpret_cast< Utf8Char*
>(
const_cast< uint8_t*
>(old_pin.data())),
1264 static_cast<Ulong>(old_pin.size()),
1265 reinterpret_cast< Utf8Char*
>(
const_cast< uint8_t*
>(new_pin.data())),
1266 static_cast<Ulong>(new_pin.size()),
1291 bool C_OpenSession(
SlotId slot_id,
1325 bool C_CloseAllSessions(
SlotId slot_id,
1361 Byte* operation_state_ptr,
1362 Ulong* operation_state_len_ptr,
1383 Byte* operation_state_ptr,
1384 Ulong operation_state_len,
1430 template<
typename TAlloc>
1433 const std::vector<uint8_t, TAlloc>& pin,
1436 return C_Login(session, user_type,
1437 reinterpret_cast< Utf8Char*
>(
const_cast< uint8_t*
>(pin.data())),
1438 static_cast<Ulong>(pin.size()),
1585 template<
typename TAlloc>
1588 std::map<
AttributeType, std::vector<uint8_t, TAlloc>>& attribute_values,
1591 std::vector<Attribute> getter_template;
1593 for(
const auto& entry : attribute_values)
1598 bool success = C_GetAttributeValue(session,
1600 const_cast< Attribute*
>(getter_template.data()),
1601 static_cast<Ulong>(getter_template.size()),
1610 for(
auto& entry : attribute_values)
1612 entry.second.clear();
1613 entry.second.resize(getter_template.at(i).ulValueLen);
1614 getter_template.at(i).pValue =
const_cast< uint8_t*
>(entry.second.data());
1618 return C_GetAttributeValue(session,
object,
1619 const_cast< Attribute*
>(getter_template.data()),
1620 static_cast<Ulong>(getter_template.size()),
1665 template<
typename TAlloc>
1668 std::map<
AttributeType, std::vector<uint8_t, TAlloc>>& attribute_values,
1671 std::vector<Attribute> setter_template;
1673 for(
auto& entry : attribute_values)
1678 return C_SetAttributeValue(session,
object,
1679 const_cast< Attribute*
>(setter_template.data()),
1680 static_cast<Ulong>(setter_template.size()),
1721 Ulong max_object_count,
1722 Ulong* object_count_ptr,
1785 Byte* encrypted_data,
1786 Ulong* encrypted_data_len_ptr,
1805 template<
typename TAllocA,
typename TAllocB>
1807 const std::vector<uint8_t, TAllocA>& plaintext_data,
1808 std::vector<uint8_t, TAllocB>& encrypted_data,
1811 Ulong encrypted_size = 0;
1812 if(!C_Encrypt(session,
1813 const_cast<Byte*
>((plaintext_data.data())),
1814 static_cast<Ulong>(plaintext_data.size()),
1815 nullptr, &encrypted_size,
1821 encrypted_data.resize(encrypted_size);
1822 if (!C_Encrypt(session,
1823 const_cast<Byte*
>(plaintext_data.data()),
1824 static_cast<Ulong>(plaintext_data.size()),
1825 encrypted_data.data(),
1826 &encrypted_size, return_value))
1830 encrypted_data.resize(encrypted_size);
1854 Byte* encrypted_part_ptr,
1855 Ulong* encrypted_part_len_ptr,
1874 Byte* last_encrypted_part_ptr,
1875 Ulong* last_encrypted_part_len_ptr,
1921 Byte* encrypted_data_ptr,
1922 Ulong encrypted_data_len,
1924 Ulong* data_len_ptr,
1943 template<
typename TAllocA,
typename TAllocB>
1945 const std::vector<uint8_t, TAllocA>& encrypted_data,
1946 std::vector<uint8_t, TAllocB>& decrypted_data,
1949 Ulong decrypted_size = 0;
1950 if(!C_Decrypt(session,
1951 const_cast<Byte*
>((encrypted_data.data())),
1952 static_cast<Ulong>(encrypted_data.size()),
1953 nullptr, &decrypted_size,
1959 decrypted_data.resize(decrypted_size);
1960 if(!C_Decrypt(session,
1961 const_cast<Byte*
>(encrypted_data.data()),
1962 static_cast<Ulong>(encrypted_data.size()),
1963 decrypted_data.data(),
1964 &decrypted_size, return_value))
1968 decrypted_data.resize(decrypted_size);
1991 Byte* encrypted_part_ptr,
1992 Ulong encrypted_part_len,
1994 Ulong* part_len_ptr,
2014 Byte* last_part_ptr,
2015 Ulong* last_part_len_ptr,
2060 Ulong* digest_len_ptr,
2118 Ulong* digest_len_ptr,
2166 Byte* signature_ptr,
2167 Ulong* signature_len_ptr,
2186 template<
typename TAllocA,
typename TAllocB>
2188 const std::vector<uint8_t, TAllocA>& data,
2189 std::vector<uint8_t, TAllocB>& signature,
2192 Ulong signature_size = 0;
2194 const_cast<Byte*
>((data.data())),
2195 static_cast<Ulong>(data.size()),
2203 signature.resize(signature_size);
2204 if (!C_Sign(session,
2205 const_cast<Byte*
>(data.data()),
2206 static_cast<Ulong>(data.size()),
2213 signature.resize(signature_size);
2251 template<
typename TAlloc>
2253 const std::vector<uint8_t, TAlloc>& part,
2256 return C_SignUpdate(session,
2257 const_cast<Byte*
>(part.data()),
2258 static_cast<Ulong>(part.size()),
2279 Byte* signature_ptr,
2280 Ulong* signature_len_ptr,
2298 template<
typename TAlloc>
2300 std::vector<uint8_t, TAlloc>& signature,
2303 Ulong signature_size = 0;
2304 if(!C_SignFinal(session,
nullptr, &signature_size, return_value))
2309 signature.resize(signature_size);
2310 if (!C_SignFinal(session, signature.data(), &signature_size, return_value))
2314 signature.resize(signature_size);
2361 Byte* signature_ptr,
2362 Ulong* signature_len_ptr,
2410 Byte* signature_ptr,
2411 Ulong signature_len,
2430 template<
typename TAllocA,
typename TAllocB>
2432 const std::vector<uint8_t, TAllocA>& data,
2433 std::vector<uint8_t, TAllocB>& signature,
2436 return C_Verify(session,
2437 const_cast<Byte*
>(data.data()),
2438 static_cast<Ulong>(data.size()),
2440 static_cast<Ulong>(signature.size()),
2478 template<
typename TAlloc>
2480 std::vector<uint8_t, TAlloc> part,
2483 return C_VerifyUpdate(session, part.data(),
static_cast<Ulong>(part.size()), return_value);
2503 Byte* signature_ptr,
2504 Ulong signature_len,
2548 Byte* signature_ptr,
2549 Ulong signature_len,
2551 Ulong* data_len_ptr,
2576 Byte* encrypted_part_ptr,
2577 Ulong* encrypted_part_len_ptr,
2599 Byte* encrypted_part_ptr,
2600 Ulong encrypted_part_len,
2602 Ulong* part_len_ptr,
2626 Byte* encrypted_part_ptr,
2627 Ulong* encrypted_part_len_ptr,
2649 Byte* encrypted_part_ptr,
2650 Ulong encrypted_part_len,
2652 Ulong* part_len_ptr,
2712 Ulong public_key_attribute_count,
2714 Ulong private_key_attribute_count,
2745 Byte* wrapped_key_ptr,
2746 Ulong* wrapped_key_len_ptr,
2778 Byte* wrapped_key_ptr,
2779 Ulong wrapped_key_len,
2781 Ulong attribute_count,
2812 Ulong attribute_count,
2855 Byte* random_data_ptr,
2909 m_return_val(return_val)
2914 return m_return_val;
2919 return static_cast<int>(m_return_val);
Provides access to all PKCS#11 functions.
bool C_InitPIN(SessionHandle session, const std::vector< uint8_t, TAlloc > &pin, ReturnValue *return_value=ThrowException) const
bool C_SetAttributeValue(SessionHandle session, ObjectHandle object, std::map< AttributeType, std::vector< uint8_t, TAlloc > > &attribute_values, ReturnValue *return_value=ThrowException) const
bool C_Sign(SessionHandle session, const std::vector< uint8_t, TAllocA > &data, std::vector< uint8_t, TAllocB > &signature, ReturnValue *return_value=ThrowException) const
bool C_SetPIN(SessionHandle session, const std::vector< uint8_t, TAlloc > &old_pin, const std::vector< uint8_t, TAlloc > &new_pin, ReturnValue *return_value=ThrowException) const
bool C_SignUpdate(SessionHandle session, const std::vector< uint8_t, TAlloc > &part, ReturnValue *return_value=ThrowException) const
bool C_Login(SessionHandle session, UserType user_type, const std::vector< uint8_t, TAlloc > &pin, ReturnValue *return_value=ThrowException) const
bool C_Encrypt(SessionHandle session, const std::vector< uint8_t, TAllocA > &plaintext_data, std::vector< uint8_t, TAllocB > &encrypted_data, ReturnValue *return_value=ThrowException) const
bool C_Verify(SessionHandle session, const std::vector< uint8_t, TAllocA > &data, std::vector< uint8_t, TAllocB > &signature, ReturnValue *return_value=ThrowException) const
bool C_Decrypt(SessionHandle session, const std::vector< uint8_t, TAllocA > &encrypted_data, std::vector< uint8_t, TAllocB > &decrypted_data, ReturnValue *return_value=ThrowException) const
bool C_InitToken(SlotId slot_id, const std::vector< uint8_t, TAlloc > &so_pin, const std::string &label, ReturnValue *return_value=ThrowException) const
bool C_VerifyUpdate(SessionHandle session, std::vector< uint8_t, TAlloc > part, ReturnValue *return_value=ThrowException) const
bool C_SignFinal(SessionHandle session, std::vector< uint8_t, TAlloc > &signature, ReturnValue *return_value=ThrowException) const
bool C_GetAttributeValue(SessionHandle session, ObjectHandle object, std::map< AttributeType, std::vector< uint8_t, TAlloc > > &attribute_values, ReturnValue *return_value=ThrowException) const
PKCS11_Error(const std::string &what)
ErrorType error_type() const noexcept override
int error_code() const noexcept override
ReturnValue get_return_value() const
PKCS11_ReturnError(ReturnValue return_val)
int(* final)(unsigned char *, CTX *)
#define BOTAN_PUBLIC_API(maj, min)
@ Pkcs5Pbkd2HmacSha512256
@ Pkcs5Pbkd2HmacGostr3411
@ Pkcs5Pbkd2HmacSha512224
ReturnValue * ThrowException
@ OtpChallengeRequirement
void change_pin(Slot &slot, const secure_string &old_pin, const secure_string &new_pin)
void change_so_pin(Slot &slot, const secure_string &old_so_pin, const secure_string &new_so_pin)
@ DsaShaweTaylorParameterGen
@ WtlsServerKeyAndMacDerive
@ WtlsClientKeyAndMacDerive
@ DsaProbablisticParameterGen
@ WtlsMasterKeyDeriveDhEcc
CK_FUNCTION_LIST_PTR FunctionListPtr
@ LibraryCantCreateOsThreads
@ ProtectedAuthenticationPath
@ SecondaryAuthentication
secure_vector< uint8_t > secure_string
void initialize_token(Slot &slot, const std::string &label, const secure_string &so_pin, const secure_string &pin)
CK_UNLOCKMUTEX UnlockMutex
CK_DESTROYMUTEX DestroyMutex
Flag operator|(Flag a, Flag b)
CK_SESSION_HANDLE SessionHandle
void set_pin(Slot &slot, const secure_string &so_pin, const secure_string &pin)
CK_OBJECT_HANDLE ObjectHandle
CK_CREATEMUTEX CreateMutex
@ SessionReadWriteSoExists
@ SessionParallelNotSupported
@ UnwrappingKeyHandleInvalid
@ UserAnotherAlreadyLoggedIn
@ UnwrappingKeyTypeInconsistent
@ KeyFunctionNotPermitted
@ CryptokiAlreadyInitialized
@ WrappingKeyTypeInconsistent
@ OperationNotInitialized
@ WrappingKeyHandleInvalid
std::string to_string(ErrorType type)
Convert an ErrorType to string.
std::vector< T, secure_allocator< T > > secure_vector
#define CKA_NEVER_EXTRACTABLE
#define CKM_TLS_MASTER_KEY_DERIVE
#define CKM_DSA_PARAMETER_GEN
#define CKR_SESSION_COUNT
#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE
#define CKM_CONCATENATE_BASE_AND_DATA
#define CKR_DEVICE_MEMORY
#define CKA_JAVA_MIDP_SECURITY_DOMAIN
#define CKM_SSL3_SHA1_MAC
#define CKA_OTP_TIME_INTERVAL
#define CKA_SECONDARY_AUTH
#define CKR_GENERAL_ERROR
#define CKR_MECHANISM_INVALID
#define CKR_SLOT_ID_INVALID
#define CKC_VENDOR_DEFINED
#define CKM_SSL3_MASTER_KEY_DERIVE
#define CKR_ATTRIBUTE_TYPE_INVALID
#define CKA_OTP_SERVICE_IDENTIFIER
#define CKM_GOSTR3411_HMAC
#define CKM_WTLS_PRE_MASTER_KEY_GEN
#define CKA_AUTH_PIN_FLAGS
#define CKM_SHA256_KEY_DERIVATION
#define CKA_SERIAL_NUMBER
#define CKM_CAST5_MAC_GENERAL
#define CKF_LOGIN_REQUIRED
#define CKF_EC_UNCOMPRESS
#define CKA_SUB_PRIME_BITS
#define CKF_LIBRARY_CANT_CREATE_OS_THREADS
#define CKM_SEED_MAC_GENERAL
#define CKF_PROTECTED_AUTHENTICATION_PATH
#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY
#define CKR_FUNCTION_CANCELED
#define CKM_DSA_PROBABLISTIC_PARAMETER_GEN
#define CKM_TWOFISH_CBC_PAD
#define CKM_SKIPJACK_CFB8
#define CKM_RSA_X9_31_KEY_PAIR_GEN
#define CKR_KEY_UNEXTRACTABLE
#define CKR_UNWRAPPING_KEY_HANDLE_INVALID
#define CKM_CONCATENATE_BASE_AND_KEY
#define CKR_NEED_TO_CREATE_THREADS
#define CKM_SEED_ECB_ENCRYPT_DATA
#define CKR_WRAPPING_KEY_SIZE_RANGE
#define CKM_FORTEZZA_TIMESTAMP
#define CKS_RW_PUBLIC_SESSION
#define CKR_MECHANISM_PARAM_INVALID
#define CKA_SUPPORTED_CMS_ATTRIBUTES
#define CKF_TOKEN_INITIALIZED
#define CKR_TOKEN_NOT_RECOGNIZED
#define CKM_SHA512_HMAC_GENERAL
#define CKM_SKIPJACK_CFB64
#define CKM_DES_CBC_ENCRYPT_DATA
#define CKD_SHA1_KDF_ASN1
#define CKR_ATTRIBUTE_SENSITIVE
#define CKM_ECDH1_COFACTOR_DERIVE
#define CKR_RANDOM_NO_RNG
#define CKM_ARIA_CBC_ENCRYPT_DATA
#define CKM_CAMELLIA_KEY_GEN
#define CKR_PIN_LEN_RANGE
#define CKF_USER_PIN_FINAL_TRY
#define CKM_BATON_KEY_GEN
#define CKA_PRIVATE_EXPONENT
#define CKR_RANDOM_SEED_NOT_SUPPORTED
#define CKR_SESSION_PARALLEL_NOT_SUPPORTED
#define CKM_VENDOR_DEFINED
#define CKR_ATTRIBUTE_READ_ONLY
#define CKR_KEY_FUNCTION_NOT_PERMITTED
#define CKA_HW_FEATURE_TYPE
#define CKM_TWOFISH_KEY_GEN
#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT
#define CKA_VERIFY_RECOVER
#define CKM_SHA512_224_HMAC_GENERAL
#define CKM_SKIPJACK_RELAYX
#define CKM_SHA512_224_HMAC
#define CKR_SESSION_EXISTS
#define CKM_MD5_HMAC_GENERAL
#define CKR_FUNCTION_REJECTED
#define CKM_SHA_1_HMAC_GENERAL
#define CKM_TLS10_MAC_CLIENT
unsigned long int CK_ULONG
#define CKM_JUNIPER_ECB128
#define CKA_PUBLIC_EXPONENT
#define CKM_SKIPJACK_CBC64
#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE
#define CKM_PBE_SHA1_DES2_EDE_CBC
#define CKM_X9_42_DH_KEY_PAIR_GEN
#define CRYPTOKI_VERSION_MINOR
#define CKM_RSA_PKCS_KEY_PAIR_GEN
#define CKR_SESSION_READ_ONLY
#define CKA_OTP_TIME_REQUIREMENT
#define CKM_PBE_MD5_CAST5_CBC
#define CKM_KEA_KEY_DERIVE
#define CKC_X_509_ATTR_CERT
#define CKM_JUNIPER_KEY_GEN
#define CKR_ENCRYPTED_DATA_LEN_RANGE
#define CKM_SHA512_KEY_DERIVATION
#define CKA_BITS_PER_PIXEL
#define CKR_SIGNATURE_INVALID
#define CKM_AES_MAC_GENERAL
#define CKM_CAST128_CBC_PAD
#define CKA_OTP_USER_IDENTIFIER
#define CKR_SESSION_HANDLE_INVALID
#define CK_CERTIFICATE_CATEGORY_OTHER_ENTITY
#define CKF_USER_PIN_INITIALIZED
#define CKA_PUBLIC_KEY_INFO
#define CKA_OTP_USER_FRIENDLY_MODE
#define CKM_SHA384_HMAC_GENERAL
#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN
#define CKM_SECURID_KEY_GEN
#define CKM_IDEA_MAC_GENERAL
#define CKS_RO_USER_FUNCTIONS
struct CK_SLOT_INFO CK_SLOT_INFO
#define CKM_TLS_KEY_AND_MAC_DERIVE
#define CKM_GOST28147_ECB
#define CKR_ARGUMENTS_BAD
struct CK_TOKEN_INFO CK_TOKEN_INFO
#define CKM_SHA512_224_KEY_DERIVATION
#define CKM_SHA512_T_HMAC_GENERAL
#define CKM_TLS_MASTER_KEY_DERIVE_DH
#define CKM_CAST3_MAC_GENERAL
#define CKM_CAST5_CBC_PAD
#define CKM_PBE_SHA1_RC2_128_CBC
#define CKA_NAME_HASH_ALGORITHM
#define CKM_SSL3_PRE_MASTER_KEY_GEN
struct CK_ATTRIBUTE CK_ATTRIBUTE
#define CKM_SSL3_MASTER_KEY_DERIVE_DH
#define CKR_LIBRARY_LOAD_FAILED
#define CKM_RIPEMD128_HMAC_GENERAL
#define CKM_PBA_SHA1_WITH_SHA1_HMAC
#define CKA_OTP_SERVICE_LOGO_TYPE
CK_ULONG CK_SESSION_HANDLE
#define CKA_OTP_CHALLENGE_REQUIREMENT
#define CKR_TOKEN_NOT_PRESENT
#define CKM_SHA512_T_KEY_DERIVATION
#define CKR_CRYPTOKI_NOT_INITIALIZED
#define CKM_DH_PKCS_DERIVE
#define CKM_CAMELLIA_MAC_GENERAL
#define CKM_MD2_HMAC_GENERAL
#define CKM_SEED_CBC_ENCRYPT_DATA
#define CKM_DES3_CMAC_GENERAL
#define CKR_PIN_INCORRECT
#define CKM_CAST128_MAC_GENERAL
#define CK_CERTIFICATE_CATEGORY_TOKEN_USER
#define CKM_PBE_SHA1_RC4_40
#define CKM_PBE_SHA1_CAST5_CBC
#define CKM_TLS10_MAC_SERVER
#define CKM_X9_42_DH_DERIVE
#define CKF_GENERATE_KEY_PAIR
#define CKM_SKIPJACK_PRIVATE_WRAP
#define CKM_KEY_WRAP_LYNKS
#define CKM_SHA512_RSA_PKCS_PSS
#define CKM_CAST5_KEY_GEN
#define CKF_REMOVABLE_DEVICE
#define CKP_PKCS5_PBKD2_HMAC_SHA512_256
#define CKM_RSA_PKCS_OAEP
#define CKR_WRAPPED_KEY_INVALID
#define CKF_SECONDARY_AUTHENTICATION
#define CKM_PBE_SHA1_RC4_128
#define CKM_RSA_PKCS_OAEP_TPM_1_1
#define CKM_SHA512_RSA_PKCS
#define CKM_DES3_MAC_GENERAL
#define CKP_PKCS5_PBKD2_HMAC_SHA224