Botan 3.4.0
Crypto and TLS for C&
p11.h
Go to the documentation of this file.
1/*
2* PKCS#11
3* (C) 2016 Daniel Neus, Sirrix AG
4* (C) 2016 Philipp Weber, Sirrix AG
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#ifndef BOTAN_P11_H_
10#define BOTAN_P11_H_
11
12#include <botan/exceptn.h>
13#include <botan/secmem.h>
14
15#include <map>
16#include <string>
17#include <vector>
18
19#define CK_PTR *
20
21#if defined(_MSC_VER)
22 #define CK_DECLARE_FUNCTION(returnType, name) returnType __declspec(dllimport) name
23#else
24 #define CK_DECLARE_FUNCTION(returnType, name) returnType name
25#endif
26
27#if defined(_MSC_VER)
28 #define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType __declspec(dllimport)(*name)
29#else
30 #define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType(*name)
31#endif
32
33#define CK_CALLBACK_FUNCTION(returnType, name) returnType(*name)
34
35#ifndef NULL_PTR
36 #define NULL_PTR nullptr
37#endif
38
39#if defined(_MSC_VER)
40 #pragma pack(push, cryptoki, 1)
41#endif
42
43#include "pkcs11.h"
44
45#if defined(_MSC_VER)
46 #pragma pack(pop, cryptoki)
47#endif
48
49static_assert(
51 "The Botan PKCS#11 module was implemented against PKCS#11 v2.40. Please use the correct PKCS#11 headers.");
52
53namespace Botan {
54
55class Dynamically_Loaded_Library;
56
57namespace PKCS11 {
58
60
78 Url = CKA_URL,
85 Id = CKA_ID,
89 Wrap = CKA_WRAP,
91 Sign = CKA_SIGN,
110 Base = CKA_BASE,
170};
171
178
179/// Indicates if a stored certificate is a user certificate for which the corresponding private key is available
180/// on the token ("token user"), a CA certificate ("authority"), or another end-entity certificate ("other entity").
187
199
200enum class Flag : CK_FLAGS {
201 None = 0,
205 Rng = CKF_RNG,
227 Hw = CKF_HW,
231 Sign = CKF_SIGN,
237 Wrap = CKF_WRAP,
256};
257
258inline Flag operator|(Flag a, Flag b) {
259 return static_cast<Flag>(static_cast<CK_FLAGS>(a) | static_cast<CK_FLAGS>(b));
260}
261
269
276
323
341 Dsa = CKM_DSA,
380 Rc4 = CKM_RC4,
406 Md2 = CKM_MD2,
409 Md5 = CKM_MD5,
412 Sha1 = CKM_SHA_1,
436 Hotp = CKM_HOTP,
437 Acti = CKM_ACTI,
658};
659
664
677
688
696
697enum class ReturnValue : CK_RV {
698 OK = CKR_OK,
793};
794
800
801enum class PublicPointEncoding : uint32_t { Raw, Der };
802
806using CreateMutex = CK_CREATEMUTEX;
807using DestroyMutex = CK_DESTROYMUTEX;
808using LockMutex = CK_LOCKMUTEX;
809using UnlockMutex = CK_UNLOCKMUTEX;
811using Info = CK_INFO;
820using Notify = CK_NOTIFY;
825using Byte = CK_BYTE;
829using Date = CK_DATE;
830
832
835
837 return static_cast<Flags>(flags);
838}
839
840class Slot;
841
842/**
843* Initializes a token
844* @param slot The slot with the attached token that should be initialized
845* @param label The token label
846* @param so_pin PIN of the security officer. Will be set if the token is uninitialized other this has to be the current SO_PIN
847* @param pin The user PIN that will be set
848*/
850void initialize_token(Slot& slot, std::string_view label, const secure_string& so_pin, const secure_string& pin);
851
852/**
853* Change PIN with old PIN to new PIN
854* @param slot The slot with the attached token
855* @param old_pin The old user PIN
856* @param new_pin The new user PIN
857*/
858
859BOTAN_PUBLIC_API(2, 0) void change_pin(Slot& slot, const secure_string& old_pin, const secure_string& new_pin);
860
861/**
862* Change SO_PIN with old SO_PIN to new SO_PIN
863* @param slot The slot with the attached token
864* @param old_so_pin The old SO_PIN
865* @param new_so_pin The new SO_PIN
866*/
867BOTAN_PUBLIC_API(2, 0) void change_so_pin(Slot& slot, const secure_string& old_so_pin, const secure_string& new_so_pin);
868
869/**
870* Sets user PIN with SO_PIN
871* @param slot The slot with the attached token
872* @param so_pin PIN of the security officer
873* @param pin The user PIN that should be set
874*/
875BOTAN_PUBLIC_API(2, 0) void set_pin(Slot& slot, const secure_string& so_pin, const secure_string& pin);
876
877/// Provides access to all PKCS#11 functions
879 public:
880 /// @param ptr the functon list pointer to use. Can be retrieved via `LowLevel::C_GetFunctionList`
881 explicit LowLevel(FunctionListPtr ptr);
882
883 /****************************** General purpose functions ******************************/
884
885 /**
886 * C_Initialize initializes the Cryptoki library.
887 * @param init_args if this is not nullptr, it gets cast to (`C_InitializeArgs`) and dereferenced
888 * @param return_value default value (`ThrowException`): throw exception on error.
889 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
890 * At least the following PKCS#11 return values may be returned:
891 * \li ArgumentsBad \li CantLock \li CryptokiAlreadyInitialized
892 * \li FunctionFailed \li GeneralError \li HostMemory
893 * \li NeedToCreateThreads \li OK
894 * @return true on success, false otherwise
895 */
896 bool C_Initialize(VoidPtr init_args, ReturnValue* return_value = ThrowException) const;
897
898 /**
899 * C_Finalize indicates that an application is done with the Cryptoki library.
900 * @param reserved reserved. Should be nullptr
901 * @param return_value default value (`ThrowException`): throw exception on error.
902 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
903 * At least the following PKCS#11 return values may be returned:
904 * \li ArgumentsBad \li CryptokiNotInitialized \li FunctionFailed
905 * \li GeneralError \li HostMemory \li OK
906 * @return true on success, false otherwise
907 */
908 bool C_Finalize(VoidPtr reserved, ReturnValue* return_value = ThrowException) const;
909
910 /**
911 * C_GetInfo returns general information about Cryptoki.
912 * @param info_ptr location that receives information
913 * @param return_value default value (`ThrowException`): throw exception on error.
914 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
915 * At least the following PKCS#11 return values may be returned:
916 * \li ArgumentsBad \li CryptokiNotInitialized \li FunctionFailed
917 * \li GeneralError \li HostMemory \li OK
918 * @return true on success, false otherwise
919 */
920 bool C_GetInfo(Info* info_ptr, ReturnValue* return_value = ThrowException) const;
921
922 /**
923 * C_GetFunctionList returns the function list.
924 * @param pkcs11_module The PKCS#11 module
925 * @param function_list_ptr_ptr receives pointer to function list
926 * @param return_value default value (`ThrowException`): throw exception on error.
927 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
928 * At least the following PKCS#11 return values may be returned:
929 * \li ArgumentsBad \li FunctionFailed \li GeneralError
930 * \li HostMemory \li OK
931 * @return true on success, false otherwise
932 */
933 static bool C_GetFunctionList(Dynamically_Loaded_Library& pkcs11_module,
934 FunctionListPtr* function_list_ptr_ptr,
935 ReturnValue* return_value = ThrowException);
936
937 /****************************** Slot and token management functions ******************************/
938
939 /**
940 * C_GetSlotList obtains a list of slots in the system.
941 * @param token_present only slots with tokens
942 * @param slot_list_ptr receives array of slot IDs
943 * @param count_ptr receives number of slots
944 * @param return_value default value (`ThrowException`): throw exception on error.
945 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
946 * At least the following PKCS#11 return values may be returned:
947 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
948 * \li FunctionFailed \li GeneralError \li HostMemory
949 * \li OK
950 * @return true on success, false otherwise
951 */
952 bool C_GetSlotList(Bbool token_present,
953 SlotId* slot_list_ptr,
954 Ulong* count_ptr,
955 ReturnValue* return_value = ThrowException) const;
956
957 /**
958 * C_GetSlotList obtains a list of slots in the system.
959 * @param token_present only slots with tokens
960 * @param slot_ids receives vector of slot IDs
961 * @param return_value default value (`ThrowException`): throw exception on error.
962 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
963 * At least the following PKCS#11 return values may be returned:
964 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
965 * \li FunctionFailed \li GeneralError \li HostMemory
966 * \li OK
967 * @return true on success, false otherwise
968 */
969 bool C_GetSlotList(bool token_present,
970 std::vector<SlotId>& slot_ids,
971 ReturnValue* return_value = ThrowException) const;
972
973 /**
974 * C_GetSlotInfo obtains information about a particular slot in the system.
975 * @param slot_id the ID of the slot
976 * @param info_ptr receives the slot information
977 * @param return_value default value (`ThrowException`): throw exception on error.
978 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
979 * At least the following PKCS#11 return values may be returned:
980 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
981 * \li FunctionFailed \li GeneralError \li HostMemory
982 * \li OK \li SlotIdInvalid
983 * @return true on success, false otherwise
984 */
985 bool C_GetSlotInfo(SlotId slot_id, SlotInfo* info_ptr, ReturnValue* return_value = ThrowException) const;
986
987 /**
988 * C_GetTokenInfo obtains information about a particular token in the system.
989 * @param slot_id ID of the token's slot
990 * @param info_ptr receives the token information
991 * @param return_value default value (`ThrowException`): throw exception on error.
992 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
993 * At least the following PKCS#11 return values may be returned:
994 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
995 * \li DeviceRemoved \li FunctionFailed \li GeneralError
996 * \li HostMemory \li OK \li SlotIdInvalid
997 * \li TokenNotPresent \li TokenNotRecognized \li ArgumentsBad
998 * @return true on success, false otherwise
999 */
1000 bool C_GetTokenInfo(SlotId slot_id, TokenInfo* info_ptr, ReturnValue* return_value = ThrowException) const;
1001
1002 /**
1003 * C_WaitForSlotEvent waits for a slot event (token insertion, removal, etc.) to occur.
1004 * @param flags blocking/nonblocking flag
1005 * @param slot_ptr location that receives the slot ID
1006 * @param reserved reserved. Should be NULL_PTR
1007 * @param return_value default value (`ThrowException`): throw exception on error.
1008 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1009 * At least the following PKCS#11 return values may be returned:
1010 * \li ArgumentsBad \li CryptokiNotInitialized \li FunctionFailed
1011 * \li GeneralError \li HostMemory \li NoEvent
1012 * \li OK
1013 * @return true on success, false otherwise
1014 */
1015 bool C_WaitForSlotEvent(Flags flags,
1016 SlotId* slot_ptr,
1017 VoidPtr reserved,
1018 ReturnValue* return_value = ThrowException) const;
1019
1020 /**
1021 * C_GetMechanismList obtains a list of mechanism types supported by a token.
1022 * @param slot_id ID of token's slot
1023 * @param mechanism_list_ptr gets mech. array
1024 * @param count_ptr gets # of mechs.
1025 * @param return_value default value (`ThrowException`): throw exception on error.
1026 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1027 * At least the following PKCS#11 return values may be returned:
1028 * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1029 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1030 * \li GeneralError \li HostMemory \li OK
1031 * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1032 * \li ArgumentsBad
1033 * @return true on success, false otherwise
1034 */
1035 bool C_GetMechanismList(SlotId slot_id,
1036 MechanismType* mechanism_list_ptr,
1037 Ulong* count_ptr,
1038 ReturnValue* return_value = ThrowException) const;
1039
1040 /**
1041 * C_GetMechanismList obtains a list of mechanism types supported by a token.
1042 * @param slot_id ID of token's slot
1043 * @param mechanisms receives vector of supported mechanisms
1044 * @param return_value default value (`ThrowException`): throw exception on error.
1045 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1046 * At least the following PKCS#11 return values may be returned:
1047 * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1048 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1049 * \li GeneralError \li HostMemory \li OK
1050 * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1051 * \li ArgumentsBad
1052 * @return true on success, false otherwise
1053 */
1054 bool C_GetMechanismList(SlotId slot_id,
1055 std::vector<MechanismType>& mechanisms,
1056 ReturnValue* return_value = ThrowException) const;
1057
1058 /**
1059 * C_GetMechanismInfo obtains information about a particular mechanism possibly supported by a token.
1060 * @param slot_id ID of the token's slot
1061 * @param type type of mechanism
1062 * @param info_ptr receives mechanism info
1063 * @param return_value default value (`ThrowException`): throw exception on error.
1064 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1065 * At least the following PKCS#11 return values may be returned:
1066 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1067 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1068 * \li HostMemory \li MechanismInvalid \li OK
1069 * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1070 * \li ArgumentsBad
1071 * @return true on success, false otherwise
1072 */
1073 bool C_GetMechanismInfo(SlotId slot_id,
1074 MechanismType type,
1075 MechanismInfo* info_ptr,
1076 ReturnValue* return_value = ThrowException) const;
1077
1078 /**
1079 * C_InitToken initializes a token.
1080 * @param slot_id ID of the token's slot
1081 * @param so_pin_ptr the SO's initial PIN
1082 * @param so_pin_len length in bytes of the SO_PIN
1083 * @param label_ptr 32-byte token label (blank padded)
1084 * @param return_value default value (`ThrowException`): throw exception on error.
1085 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1086 * At least the following PKCS#11 return values may be returned:
1087 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1088 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1089 * \li GeneralError \li HostMemory \li OK
1090 * \li PinIncorrect \li PinLocked \li SessionExists
1091 * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1092 * \li TokenWriteProtected \li ArgumentsBad
1093 * @return true on success, false otherwise
1094 */
1095 bool C_InitToken(SlotId slot_id,
1096 Utf8Char* so_pin_ptr,
1097 Ulong so_pin_len,
1098 Utf8Char* label_ptr,
1099 ReturnValue* return_value = ThrowException) const;
1100
1101 /**
1102 * C_InitToken initializes a token.
1103 * @param slot_id ID of the token's slot
1104 * @param so_pin the SO's initial PIN
1105 * @param label token label (at max 32 bytes long)
1106 * @param return_value default value (`ThrowException`): throw exception on error.
1107 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1108 * At least the following PKCS#11 return values may be returned:
1109 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1110 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1111 * \li GeneralError \li HostMemory \li OK
1112 * \li PinIncorrect \li PinLocked \li SessionExists
1113 * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1114 * \li TokenWriteProtected \li ArgumentsBad
1115 * @return true on success, false otherwise
1116 */
1117 template <typename TAlloc>
1118 bool C_InitToken(SlotId slot_id,
1119 const std::vector<uint8_t, TAlloc>& so_pin,
1120 std::string_view label,
1121 ReturnValue* return_value = ThrowException) const {
1122 std::string padded_label(label);
1123 if(label.size() < 32) {
1124 padded_label.insert(padded_label.end(), 32 - label.size(), ' ');
1125 }
1126
1127 return C_InitToken(slot_id,
1128 reinterpret_cast<Utf8Char*>(const_cast<uint8_t*>(so_pin.data())),
1129 static_cast<Ulong>(so_pin.size()),
1130 reinterpret_cast<Utf8Char*>(const_cast<char*>(padded_label.c_str())),
1131 return_value);
1132 }
1133
1134 /**
1135 * C_InitPIN initializes the normal user's PIN.
1136 * @param session the session's handle
1137 * @param pin_ptr the normal user's PIN
1138 * @param pin_len length in bytes of the PIN
1139 * @param return_value default value (`ThrowException`): throw exception on error.
1140 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1141 * At least the following PKCS#11 return values may be returned:
1142 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1143 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1144 * \li GeneralError \li HostMemory \li OK
1145 * \li PinInvalid \li PinLenRange \li SessionClosed
1146 * \li SessionReadOnly \li SessionHandleInvalid \li TokenWriteProtected
1147 * \li UserNotLoggedIn \li ArgumentsBad
1148 * @return true on success, false otherwise
1149 */
1150 bool C_InitPIN(SessionHandle session,
1151 Utf8Char* pin_ptr,
1152 Ulong pin_len,
1153 ReturnValue* return_value = ThrowException) const;
1154
1155 /**
1156 * C_InitPIN initializes the normal user's PIN.
1157 * @param session the session's handle
1158 * @param pin the normal user's PIN
1159 * @param return_value default value (`ThrowException`): throw exception on error.
1160 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1161 * At least the following PKCS#11 return values may be returned:
1162 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1163 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1164 * \li GeneralError \li HostMemory \li OK
1165 * \li PinInvalid \li PinLenRange \li SessionClosed
1166 * \li SessionReadOnly \li SessionHandleInvalid \li TokenWriteProtected
1167 * \li UserNotLoggedIn \li ArgumentsBad
1168 * @return true on success, false otherwise
1169 */
1170 template <typename TAlloc>
1172 const std::vector<uint8_t, TAlloc>& pin,
1173 ReturnValue* return_value = ThrowException) const {
1174 return C_InitPIN(session,
1175 reinterpret_cast<Utf8Char*>(const_cast<uint8_t*>(pin.data())),
1176 static_cast<Ulong>(pin.size()),
1177 return_value);
1178 }
1179
1180 /**
1181 * C_SetPIN modifies the PIN of the user who is logged in.
1182 * @param session the session's handle
1183 * @param old_pin_ptr the old PIN
1184 * @param old_len length of the old PIN
1185 * @param new_pin_ptr the new PIN
1186 * @param new_len length of the new PIN
1187 * @param return_value default value (`ThrowException`): throw exception on error.
1188 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1189 * At least the following PKCS#11 return values may be returned:
1190 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1191 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1192 * \li GeneralError \li HostMemory \li OK
1193 * \li PinIncorrect \li PinInvalid \li PinLenRange
1194 * \li PinLocked \li SessionClosed \li SessionHandleInvalid
1195 * \li SessionReadOnly \li TokenWriteProtected \li ArgumentsBad
1196 * @return true on success, false otherwise
1197 */
1198 bool C_SetPIN(SessionHandle session,
1199 Utf8Char* old_pin_ptr,
1200 Ulong old_len,
1201 Utf8Char* new_pin_ptr,
1202 Ulong new_len,
1203 ReturnValue* return_value = ThrowException) const;
1204
1205 /**
1206 * C_SetPIN modifies the PIN of the user who is logged in.
1207 * @param session the session's handle
1208 * @param old_pin the old PIN
1209 * @param new_pin the new PIN
1210 * @param return_value default value (`ThrowException`): throw exception on error.
1211 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1212 * At least the following PKCS#11 return values may be returned:
1213 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1214 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1215 * \li GeneralError \li HostMemory \li OK
1216 * \li PinIncorrect \li PinInvalid \li PinLenRange
1217 * \li PinLocked \li SessionClosed \li SessionHandleInvalid
1218 * \li SessionReadOnly \li TokenWriteProtected \li ArgumentsBad
1219 * @return true on success, false otherwise
1220 */
1221 template <typename TAlloc>
1223 const std::vector<uint8_t, TAlloc>& old_pin,
1224 const std::vector<uint8_t, TAlloc>& new_pin,
1225 ReturnValue* return_value = ThrowException) const {
1226 return C_SetPIN(session,
1227 reinterpret_cast<Utf8Char*>(const_cast<uint8_t*>(old_pin.data())),
1228 static_cast<Ulong>(old_pin.size()),
1229 reinterpret_cast<Utf8Char*>(const_cast<uint8_t*>(new_pin.data())),
1230 static_cast<Ulong>(new_pin.size()),
1231 return_value);
1232 }
1233
1234 /****************************** Session management ******************************/
1235
1236 /**
1237 * C_OpenSession opens a session between an application and a token.
1238 * @param slot_id the slot's ID
1239 * @param flags from CK_SESSION_INFO
1240 * @param application passed to callback
1241 * @param notify callback function
1242 * @param session_ptr gets session handle
1243 * @param return_value default value (`ThrowException`): throw exception on error.
1244 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1245 * At least the following PKCS#11 return values may be returned:
1246 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1247 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1248 * \li HostMemory \li OK \li SessionCount
1249 * \li SessionParallelNotSupported \li SessionReadWriteSoExists \li SlotIdInvalid
1250 * \li TokenNotPresent \li TokenNotRecognized \li TokenWriteProtected
1251 * \li ArgumentsBad
1252 * @return true on success, false otherwise
1253 */
1254 bool C_OpenSession(SlotId slot_id,
1255 Flags flags,
1256 VoidPtr application,
1257 Notify notify,
1258 SessionHandle* session_ptr,
1259 ReturnValue* return_value = ThrowException) const;
1260
1261 /**
1262 * C_CloseSession closes a session between an application and a token.
1263 * @param session the session's handle
1264 * @param return_value default value (`ThrowException`): throw exception on error.
1265 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1266 * At least the following PKCS#11 return values may be returned:
1267 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1268 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1269 * \li HostMemory \li OK \li SessionClosed
1270 * \li SessionHandleInvalid
1271 * @return true on success, false otherwise
1272 */
1273 bool C_CloseSession(SessionHandle session, ReturnValue* return_value = ThrowException) const;
1274
1275 /**
1276 * C_CloseAllSessions closes all sessions with a token.
1277 * @param slot_id the token's slot
1278 * @param return_value default value (`ThrowException`): throw exception on error.
1279 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1280 * At least the following PKCS#11 return values may be returned:
1281 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1282 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1283 * \li HostMemory \li OK \li SlotIdInvalid
1284 * \li TokenNotPresent
1285 * @return true on success, false otherwise
1286 */
1287 bool C_CloseAllSessions(SlotId slot_id, ReturnValue* return_value = ThrowException) const;
1288
1289 /**
1290 * C_GetSessionInfo obtains information about the session.
1291 * @param session the session's handle
1292 * @param info_ptr receives session info
1293 * @param return_value default value (`ThrowException`): throw exception on error.
1294 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1295 * At least the following PKCS#11 return values may be returned:
1296 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1297 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1298 * \li HostMemory \li OK \li SessionClosed
1299 * \li SessionHandleInvalid \li ArgumentsBad
1300 * @return true on success, false otherwise
1301 */
1302 bool C_GetSessionInfo(SessionHandle session,
1303 SessionInfo* info_ptr,
1304 ReturnValue* return_value = ThrowException) const;
1305
1306 /**
1307 * C_GetOperationState obtains the state of the cryptographic operation in a session.
1308 * @param session session's handle
1309 * @param operation_state_ptr gets state
1310 * @param operation_state_len_ptr gets state length
1311 * @param return_value default value (`ThrowException`): throw exception on error.
1312 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1313 * At least the following PKCS#11 return values may be returned:
1314 * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1315 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1316 * \li GeneralError \li HostMemory \li OK
1317 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
1318 * \li StateUnsaveable \li ArgumentsBad
1319 * @return true on success, false otherwise
1320 */
1321 bool C_GetOperationState(SessionHandle session,
1322 Byte* operation_state_ptr,
1323 Ulong* operation_state_len_ptr,
1324 ReturnValue* return_value = ThrowException) const;
1325
1326 /**
1327 * C_SetOperationState restores the state of the cryptographic operation in a session.
1328 * @param session session's handle
1329 * @param operation_state_ptr holds state
1330 * @param operation_state_len holds state length
1331 * @param encryption_key en/decryption key
1332 * @param authentication_key sign/verify key
1333 * @param return_value default value (`ThrowException`): throw exception on error.
1334 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1335 * At least the following PKCS#11 return values may be returned:
1336 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1337 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1338 * \li HostMemory \li KeyChanged \li KeyNeeded
1339 * \li KeyNotNeeded \li OK \li SavedStateInvalid
1340 * \li SessionClosed \li SessionHandleInvalid \li ArgumentsBad
1341 * @return true on success, false otherwise
1342 */
1343 bool C_SetOperationState(SessionHandle session,
1344 Byte* operation_state_ptr,
1345 Ulong operation_state_len,
1346 ObjectHandle encryption_key,
1347 ObjectHandle authentication_key,
1348 ReturnValue* return_value = ThrowException) const;
1349
1350 /**
1351 * C_Login logs a user into a token.
1352 * @param session the session's handle
1353 * @param user_type the user type
1354 * @param pin_ptr the user's PIN
1355 * @param pin_len the length of the PIN
1356 * @param return_value default value (`ThrowException`): throw exception on error.
1357 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1358 * At least the following PKCS#11 return values may be returned:
1359 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1360 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1361 * \li FunctionFailed \li GeneralError \li HostMemory
1362 * \li OK \li OperationNotInitialized \li PinIncorrect
1363 * \li PinLocked \li SessionClosed \li SessionHandleInvalid
1364 * \li SessionReadOnlyExists \li UserAlreadyLoggedIn \li UserAnotherAlreadyLoggedIn
1365 * \li UserPinNotInitialized \li UserTooManyTypes \li UserTypeInvalid
1366 * @return true on success, false otherwise
1367 */
1368 bool C_Login(SessionHandle session,
1369 UserType user_type,
1370 Utf8Char* pin_ptr,
1371 Ulong pin_len,
1372 ReturnValue* return_value = ThrowException) const;
1373
1374 /**
1375 * C_Login logs a user into a token.
1376 * @param session the session's handle
1377 * @param user_type the user type
1378 * @param pin the user or security officer's PIN
1379 * @param return_value default value (`ThrowException`): throw exception on error.
1380 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1381 * At least the following PKCS#11 return values may be returned:
1382 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1383 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1384 * \li FunctionFailed \li GeneralError \li HostMemory
1385 * \li OK \li OperationNotInitialized \li PinIncorrect
1386 * \li PinLocked \li SessionClosed \li SessionHandleInvalid
1387 * \li SessionReadOnlyExists \li UserAlreadyLoggedIn \li UserAnotherAlreadyLoggedIn
1388 * \li UserPinNotInitialized \li UserTooManyTypes \li UserTypeInvalid
1389 * @return true on success, false otherwise
1390 */
1391 template <typename TAlloc>
1393 UserType user_type,
1394 const std::vector<uint8_t, TAlloc>& pin,
1395 ReturnValue* return_value = ThrowException) const {
1396 return C_Login(session,
1397 user_type,
1398 reinterpret_cast<Utf8Char*>(const_cast<uint8_t*>(pin.data())),
1399 static_cast<Ulong>(pin.size()),
1400 return_value);
1401 }
1402
1403 /**
1404 * C_Logout logs a user out from a token.
1405 * @param session the session's handle
1406 * @param return_value default value (`ThrowException`): throw exception on error.
1407 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1408 * At least the following PKCS#11 return values may be returned:
1409 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1410 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1411 * \li HostMemory \li OK \li SessionClosed
1412 * \li SessionHandleInvalid \li UserNotLoggedIn
1413 * @return true on success, false otherwise
1414 */
1415 bool C_Logout(SessionHandle session, ReturnValue* return_value = ThrowException) const;
1416
1417 /****************************** Object management functions ******************************/
1418
1419 /**
1420 * C_CreateObject creates a new object.
1421 * @param session the session's handle
1422 * @param attribute_template_ptr the object's template
1423 * @param count attributes in template
1424 * @param object_ptr gets new object's handle.
1425 * @param return_value default value (`ThrowException`): throw exception on error.
1426 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1427 * At least the following PKCS#11 return values may be returned:
1428 * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
1429 * \li AttributeValueInvalid \li CryptokiNotInitialized \li CurveNotSupported
1430 * \li DeviceError \li DeviceMemory \li DeviceRemoved
1431 * \li DomainParamsInvalid \li FunctionFailed \li GeneralError
1432 * \li HostMemory \li OK \li PinExpired
1433 * \li SessionClosed \li SessionHandleInvalid \li SessionReadOnly
1434 * \li TemplateIncomplete \li TemplateInconsistent \li TokenWriteProtected
1435 * \li UserNotLoggedIn
1436 * @return true on success, false otherwise
1437 */
1438 bool C_CreateObject(SessionHandle session,
1439 Attribute* attribute_template_ptr,
1440 Ulong count,
1441 ObjectHandle* object_ptr,
1442 ReturnValue* return_value = ThrowException) const;
1443
1444 /**
1445 * C_CopyObject copies an object, creating a new object for the copy.
1446 * @param session the session's handle
1447 * @param object the object's handle
1448 * @param attribute_template_ptr template for new object
1449 * @param count attributes in template
1450 * @param new_object_ptr receives handle of copy
1451 * @param return_value default value (`ThrowException`): throw exception on error.
1452 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1453 * At least the following PKCS#11 return values may be returned:
1454 * \li ActionProhibited \li ArgumentsBad \li AttributeReadOnly
1455 * \li AttributeTypeInvalid \li AttributeValueInvalid \li CryptokiNotInitialized
1456 * \li DeviceError \li DeviceMemory \li DeviceRemoved
1457 * \li FunctionFailed \li GeneralError \li HostMemory
1458 * \li ObjectHandleInvalid \li OK \li PinExpired
1459 * \li SessionClosed \li SessionHandleInvalid \li SessionReadOnly
1460 * \li TemplateInconsistent \li TokenWriteProtected \li UserNotLoggedIn
1461 * @return true on success, false otherwise
1462 */
1463 bool C_CopyObject(SessionHandle session,
1464 ObjectHandle object,
1465 Attribute* attribute_template_ptr,
1466 Ulong count,
1467 ObjectHandle* new_object_ptr,
1468 ReturnValue* return_value = ThrowException) const;
1469
1470 /**
1471 * C_DestroyObject destroys an object.
1472 * @param session the session's handle
1473 * @param object the object's handle
1474 * @param return_value default value (`ThrowException`): throw exception on error.
1475 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1476 * At least the following PKCS#11 return values may be returned:
1477 * \li ActionProhibited \li CryptokiNotInitialized \li DeviceError
1478 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1479 * \li GeneralError \li HostMemory \li ObjectHandleInvalid
1480 * \li OK \li PinExpired \li SessionClosed
1481 * \li SessionHandleInvalid \li SessionReadOnly \li TokenWriteProtected
1482 * @return true on success, false otherwise
1483 */
1484 bool C_DestroyObject(SessionHandle session,
1485 ObjectHandle object,
1486 ReturnValue* return_value = ThrowException) const;
1487
1488 /**
1489 * C_GetObjectSize gets the size of an object in bytes.
1490 * @param session the session's handle
1491 * @param object the object's handle
1492 * @param size_ptr receives size of object
1493 * @param return_value default value (`ThrowException`): throw exception on error.
1494 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1495 * At least the following PKCS#11 return values may be returned:
1496 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1497 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1498 * \li GeneralError \li HostMemory \li InformationSensitive
1499 * \li ObjectHandleInvalid \li OK \li SessionClosed
1500 * \li SessionHandleInvalid
1501 * @return true on success, false otherwise
1502 */
1503 bool C_GetObjectSize(SessionHandle session,
1504 ObjectHandle object,
1505 Ulong* size_ptr,
1506 ReturnValue* return_value = ThrowException) const;
1507
1508 /**
1509 * C_GetAttributeValue obtains the value of one or more object attributes.
1510 * @param session the session's handle
1511 * @param object the object's handle
1512 * @param attribute_template_ptr specifies attrs; gets vals
1513 * @param count attributes in template
1514 * @param return_value default value (`ThrowException`): throw exception on error.
1515 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1516 * At least the following PKCS#11 return values may be returned:
1517 * \li ArgumentsBad \li AttributeSensitive \li AttributeTypeInvalid
1518 * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1519 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1520 * \li GeneralError \li HostMemory \li ObjectHandleInvalid
1521 * \li OK \li SessionClosed \li SessionHandleInvalid
1522 * @return true on success, false otherwise
1523 */
1524 bool C_GetAttributeValue(SessionHandle session,
1525 ObjectHandle object,
1526 Attribute* attribute_template_ptr,
1527 Ulong count,
1528 ReturnValue* return_value = ThrowException) const;
1529
1530 /**
1531 * C_GetAttributeValue obtains the value of one or more object attributes.
1532 * @param session the session's handle
1533 * @param object the object's handle
1534 * @param attribute_values specifies attrs; gets vals
1535 * @param return_value default value (`ThrowException`): throw exception on error.
1536 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1537 * At least the following PKCS#11 return values may be returned:
1538 * \li ArgumentsBad \li AttributeSensitive \li AttributeTypeInvalid
1539 * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1540 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1541 * \li GeneralError \li HostMemory \li ObjectHandleInvalid
1542 * \li OK \li SessionClosed \li SessionHandleInvalid
1543 * @return true on success, false otherwise
1544 */
1545 template <typename TAlloc>
1547 ObjectHandle object,
1548 std::map<AttributeType, std::vector<uint8_t, TAlloc>>& attribute_values,
1549 ReturnValue* return_value = ThrowException) const {
1550 std::vector<Attribute> getter_template;
1551
1552 for(const auto& entry : attribute_values) {
1553 getter_template.emplace_back(Attribute{static_cast<CK_ATTRIBUTE_TYPE>(entry.first), nullptr, 0});
1554 }
1555
1556 bool success = C_GetAttributeValue(session,
1557 object,
1558 const_cast<Attribute*>(getter_template.data()),
1559 static_cast<Ulong>(getter_template.size()),
1560 return_value);
1561
1562 if(!success) {
1563 return success;
1564 }
1565
1566 size_t i = 0;
1567 for(auto& entry : attribute_values) {
1568 entry.second.clear();
1569 entry.second.resize(getter_template.at(i).ulValueLen);
1570 getter_template.at(i).pValue = const_cast<uint8_t*>(entry.second.data());
1571 i++;
1572 }
1573
1574 return C_GetAttributeValue(session,
1575 object,
1576 const_cast<Attribute*>(getter_template.data()),
1577 static_cast<Ulong>(getter_template.size()),
1578 return_value);
1579 }
1580
1581 /**
1582 * C_SetAttributeValue modifies the value of one or more object attributes.
1583 * @param session the session's handle
1584 * @param object the object's handle
1585 * @param attribute_template_ptr specifies attrs and values
1586 * @param count attributes in template
1587 * @param return_value default value (`ThrowException`): throw exception on error.
1588 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1589 * At least the following PKCS#11 return values may be returned:
1590 * \li ActionProhibited \li ArgumentsBad \li AttributeReadOnly
1591 * \li AttributeTypeInvalid \li AttributeValueInvalid \li CryptokiNotInitialized
1592 * \li DeviceError \li DeviceMemory \li DeviceRemoved
1593 * \li FunctionFailed \li GeneralError \li HostMemory
1594 * \li ObjectHandleInvalid \li OK \li SessionClosed
1595 * \li SessionHandleInvalid \li SessionReadOnly \li TemplateInconsistent
1596 * \li TokenWriteProtected \li UserNotLoggedIn
1597 * @return true on success, false otherwise
1598 */
1599 bool C_SetAttributeValue(SessionHandle session,
1600 ObjectHandle object,
1601 Attribute* attribute_template_ptr,
1602 Ulong count,
1603 ReturnValue* return_value = ThrowException) const;
1604
1605 /**
1606 * C_SetAttributeValue modifies the value of one or more object attributes.
1607 * @param session the session's handle
1608 * @param object the object's handle
1609 * @param attribute_values specifies attrs and values
1610 * @param return_value default value (`ThrowException`): throw exception on error.
1611 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1612 * At least the following PKCS#11 return values may be returned:
1613 * \li ActionProhibited \li ArgumentsBad \li AttributeReadOnly
1614 * \li AttributeTypeInvalid \li AttributeValueInvalid \li CryptokiNotInitialized
1615 * \li DeviceError \li DeviceMemory \li DeviceRemoved
1616 * \li FunctionFailed \li GeneralError \li HostMemory
1617 * \li ObjectHandleInvalid \li OK \li SessionClosed
1618 * \li SessionHandleInvalid \li SessionReadOnly \li TemplateInconsistent
1619 * \li TokenWriteProtected \li UserNotLoggedIn
1620 * @return true on success, false otherwise
1621 */
1622 template <typename TAlloc>
1624 ObjectHandle object,
1625 std::map<AttributeType, std::vector<uint8_t, TAlloc>>& attribute_values,
1626 ReturnValue* return_value = ThrowException) const {
1627 std::vector<Attribute> setter_template;
1628
1629 for(auto& entry : attribute_values) {
1630 setter_template.emplace_back(Attribute{static_cast<CK_ATTRIBUTE_TYPE>(entry.first),
1631 entry.second.data(),
1632 static_cast<CK_ULONG>(entry.second.size())});
1633 }
1634
1635 return C_SetAttributeValue(session,
1636 object,
1637 const_cast<Attribute*>(setter_template.data()),
1638 static_cast<Ulong>(setter_template.size()),
1639 return_value);
1640 }
1641
1642 /**
1643 * C_FindObjectsInit initializes a search for token and session objects that match a template.
1644 * @param session the session's handle
1645 * @param attribute_template_ptr attribute values to match
1646 * @param count attrs in search template
1647 * @param return_value default value (`ThrowException`): throw exception on error.
1648 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1649 * At least the following PKCS#11 return values may be returned:
1650 * \li ArgumentsBad \li AttributeTypeInvalid \li AttributeValueInvalid
1651 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1652 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1653 * \li HostMemory \li OK \li OperationActive
1654 * \li PinExpired \li SessionClosed \li SessionHandleInvalid
1655 * @return true on success, false otherwise
1656 */
1657 bool C_FindObjectsInit(SessionHandle session,
1658 Attribute* attribute_template_ptr,
1659 Ulong count,
1660 ReturnValue* return_value = ThrowException) const;
1661
1662 /**
1663 * C_FindObjects continues a search for token and session objects that match a template, obtaining additional object handles.
1664 * @param session session's handle
1665 * @param object_ptr gets obj. handles
1666 * @param max_object_count max handles to get
1667 * @param object_count_ptr actual # returned
1668 * @param return_value default value (`ThrowException`): throw exception on error.
1669 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1670 * At least the following PKCS#11 return values may be returned:
1671 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1672 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1673 * \li GeneralError \li HostMemory \li OK
1674 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
1675 * @return true on success, false otherwise
1676 */
1677 bool C_FindObjects(SessionHandle session,
1678 ObjectHandle* object_ptr,
1679 Ulong max_object_count,
1680 Ulong* object_count_ptr,
1681 ReturnValue* return_value = ThrowException) const;
1682
1683 /**
1684 * C_FindObjectsFinal finishes a search for token and session objects.
1685 * @param session the session's handle
1686 * @param return_value default value (`ThrowException`): throw exception on error.
1687 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1688 * At least the following PKCS#11 return values may be returned:
1689 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1690 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1691 * \li HostMemory \li OK \li OperationNotInitialized
1692 * \li SessionClosed \li SessionHandleInvalid
1693 * @return true on success, false otherwise
1694 */
1695 bool C_FindObjectsFinal(SessionHandle session, ReturnValue* return_value = ThrowException) const;
1696
1697 /****************************** Encryption functions ******************************/
1698
1699 /**
1700 * C_EncryptInit initializes an encryption operation.
1701 * @param session the session's handle
1702 * @param mechanism_ptr the encryption mechanism
1703 * @param key handle of encryption key
1704 * @param return_value default value (`ThrowException`): throw exception on error.
1705 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1706 * At least the following PKCS#11 return values may be returned:
1707 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1708 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1709 * \li GeneralError \li HostMemory \li KeyFunctionNotPermitted
1710 * \li KeyHandleInvalid \li KeySizeRange \li KeyTypeInconsistent
1711 * \li MechanismInvalid \li MechanismParamInvalid \li OK
1712 * \li OperationActive \li PinExpired \li SessionClosed
1713 * \li SessionHandleInvalid \li UserNotLoggedIn
1714 * @return true on success, false otherwise
1715 */
1716 bool C_EncryptInit(SessionHandle session,
1717 Mechanism* mechanism_ptr,
1718 ObjectHandle key,
1719 ReturnValue* return_value = ThrowException) const;
1720
1721 /**
1722 * C_Encrypt encrypts single-part data.
1723 * @param session session's handle
1724 * @param data_ptr the plaintext data
1725 * @param data_len size of plaintext data in bytes
1726 * @param encrypted_data gets ciphertext
1727 * @param encrypted_data_len_ptr gets c-text size
1728 * @param return_value default value (`ThrowException`): throw exception on error.
1729 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1730 * At least the following PKCS#11 return values may be returned:
1731 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1732 * \li DataInvalid \li DataLenRange \li DeviceError
1733 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1734 * \li FunctionFailed \li GeneralError \li HostMemory
1735 * \li OK \li OperationNotInitialized \li SessionClosed
1736 * \li SessionHandleInvalid
1737 * @return true on success, false otherwise
1738 */
1739 bool C_Encrypt(SessionHandle session,
1740 Byte* data_ptr,
1741 Ulong data_len,
1742 Byte* encrypted_data,
1743 Ulong* encrypted_data_len_ptr,
1744 ReturnValue* return_value = ThrowException) const;
1745
1746 /**
1747 * C_Encrypt encrypts single-part data.
1748 * @param session session's handle
1749 * @param plaintext_data the plaintext data
1750 * @param encrypted_data gets ciphertext
1751 * @param return_value default value (`ThrowException`): throw exception on error.
1752 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1753 * At least the following PKCS#11 return values may be returned:
1754 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1755 * \li DataInvalid \li DataLenRange \li DeviceError
1756 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1757 * \li FunctionFailed \li GeneralError \li HostMemory
1758 * \li OK \li OperationNotInitialized \li SessionClosed
1759 * \li SessionHandleInvalid
1760 * @return true on success, false otherwise
1761 */
1762 template <typename TAllocA, typename TAllocB>
1764 const std::vector<uint8_t, TAllocA>& plaintext_data,
1765 std::vector<uint8_t, TAllocB>& encrypted_data,
1766 ReturnValue* return_value = ThrowException) const {
1767 Ulong encrypted_size = 0;
1768 if(!C_Encrypt(session,
1769 const_cast<Byte*>((plaintext_data.data())),
1770 static_cast<Ulong>(plaintext_data.size()),
1771 nullptr,
1772 &encrypted_size,
1773 return_value)) {
1774 return false;
1775 }
1776
1777 encrypted_data.resize(encrypted_size);
1778 if(!C_Encrypt(session,
1779 const_cast<Byte*>(plaintext_data.data()),
1780 static_cast<Ulong>(plaintext_data.size()),
1781 encrypted_data.data(),
1782 &encrypted_size,
1783 return_value)) {
1784 return false;
1785 }
1786 encrypted_data.resize(encrypted_size);
1787 return true;
1788 }
1789
1790 /**
1791 * C_EncryptUpdate continues a multiple-part encryption operation.
1792 * @param session session's handle
1793 * @param part_ptr the plaintext data
1794 * @param part_len plaintext data len
1795 * @param encrypted_part_ptr gets ciphertext
1796 * @param encrypted_part_len_ptr gets c-text size
1797 * @param return_value default value (`ThrowException`): throw exception on error.
1798 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1799 * At least the following PKCS#11 return values may be returned:
1800 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1801 * \li DataLenRange \li DeviceError \li DeviceMemory
1802 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1803 * \li GeneralError \li HostMemory \li OK
1804 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
1805 * @return true on success, false otherwise
1806 */
1807 bool C_EncryptUpdate(SessionHandle session,
1808 Byte* part_ptr,
1809 Ulong part_len,
1810 Byte* encrypted_part_ptr,
1811 Ulong* encrypted_part_len_ptr,
1812 ReturnValue* return_value = ThrowException) const;
1813
1814 /**
1815 * C_EncryptFinal finishes a multiple-part encryption operation.
1816 * @param session session handle
1817 * @param last_encrypted_part_ptr last c-text
1818 * @param last_encrypted_part_len_ptr gets last size
1819 * @param return_value default value (`ThrowException`): throw exception on error.
1820 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1821 * At least the following PKCS#11 return values may be returned:
1822 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1823 * \li DataLenRange \li DeviceError \li DeviceMemory
1824 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1825 * \li GeneralError \li HostMemory \li OK
1826 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
1827 * @return true on success, false otherwise
1828 */
1829 bool C_EncryptFinal(SessionHandle session,
1830 Byte* last_encrypted_part_ptr,
1831 Ulong* last_encrypted_part_len_ptr,
1832 ReturnValue* return_value = ThrowException) const;
1833
1834 /****************************** Decryption functions ******************************/
1835
1836 /**
1837 * C_DecryptInit initializes a decryption operation.
1838 * @param session the session's handle
1839 * @param mechanism_ptr the decryption mechanism
1840 * @param key handle of decryption key
1841 * @param return_value default value (`ThrowException`): throw exception on error.
1842 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1843 * At least the following PKCS#11 return values may be returned:
1844 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1845 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1846 * \li FunctionFailed \li GeneralError \li HostMemory
1847 * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
1848 * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
1849 * \li OK \li OperationActive \li PinExpired
1850 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
1851 * @return true on success, false otherwise
1852 */
1853 bool C_DecryptInit(SessionHandle session,
1854 Mechanism* mechanism_ptr,
1855 ObjectHandle key,
1856 ReturnValue* return_value = ThrowException) const;
1857
1858 /**
1859 * C_Decrypt decrypts encrypted data in a single part.
1860 * @param session session's handle
1861 * @param encrypted_data_ptr ciphertext
1862 * @param encrypted_data_len ciphertext length
1863 * @param data_ptr gets plaintext
1864 * @param data_len_ptr gets p-text size
1865 * @param return_value default value (`ThrowException`): throw exception on error.
1866 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1867 * At least the following PKCS#11 return values may be returned:
1868 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1869 * \li DeviceError \li DeviceMemory \li DeviceRemoved
1870 * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
1871 * \li FunctionFailed \li GeneralError \li HostMemory
1872 * \li OK \li OperationNotInitialized \li SessionClosed
1873 * \li SessionHandleInvalid \li UserNotLoggedIn
1874 * @return true on success, false otherwise
1875 */
1876 bool C_Decrypt(SessionHandle session,
1877 Byte* encrypted_data_ptr,
1878 Ulong encrypted_data_len,
1879 Byte* data_ptr,
1880 Ulong* data_len_ptr,
1881 ReturnValue* return_value = ThrowException) const;
1882
1883 /**
1884 * C_Decrypt decrypts encrypted data in a single part.
1885 * @param session session's handle
1886 * @param encrypted_data ciphertext
1887 * @param decrypted_data gets plaintext
1888 * @param return_value default value (`ThrowException`): throw exception on error.
1889 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1890 * At least the following PKCS#11 return values may be returned:
1891 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1892 * \li DeviceError \li DeviceMemory \li DeviceRemoved
1893 * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
1894 * \li FunctionFailed \li GeneralError \li HostMemory
1895 * \li OK \li OperationNotInitialized \li SessionClosed
1896 * \li SessionHandleInvalid \li UserNotLoggedIn
1897 * @return true on success, false otherwise
1898 */
1899 template <typename TAllocA, typename TAllocB>
1901 const std::vector<uint8_t, TAllocA>& encrypted_data,
1902 std::vector<uint8_t, TAllocB>& decrypted_data,
1903 ReturnValue* return_value = ThrowException) const {
1904 Ulong decrypted_size = 0;
1905 if(!C_Decrypt(session,
1906 const_cast<Byte*>((encrypted_data.data())),
1907 static_cast<Ulong>(encrypted_data.size()),
1908 nullptr,
1909 &decrypted_size,
1910 return_value)) {
1911 return false;
1912 }
1913
1914 decrypted_data.resize(decrypted_size);
1915 if(!C_Decrypt(session,
1916 const_cast<Byte*>(encrypted_data.data()),
1917 static_cast<Ulong>(encrypted_data.size()),
1918 decrypted_data.data(),
1919 &decrypted_size,
1920 return_value)) {
1921 return false;
1922 }
1923 decrypted_data.resize(decrypted_size);
1924 return true;
1925 }
1926
1927 /**
1928 * C_DecryptUpdate continues a multiple-part decryption operation.
1929 * @param session session's handle
1930 * @param encrypted_part_ptr encrypted data
1931 * @param encrypted_part_len input length
1932 * @param part_ptr gets plaintext
1933 * @param part_len_ptr p-text size
1934 * @param return_value default value (`ThrowException`): throw exception on error.
1935 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1936 * At least the following PKCS#11 return values may be returned:
1937 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1938 * \li DeviceError \li DeviceMemory \li DeviceRemoved
1939 * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
1940 * \li FunctionFailed \li GeneralError \li HostMemory
1941 * \li OK \li OperationNotInitialized \li SessionClosed
1942 * \li SessionHandleInvalid \li UserNotLoggedIn
1943 * @return true on success, false otherwise
1944 */
1945 bool C_DecryptUpdate(SessionHandle session,
1946 Byte* encrypted_part_ptr,
1947 Ulong encrypted_part_len,
1948 Byte* part_ptr,
1949 Ulong* part_len_ptr,
1950 ReturnValue* return_value = ThrowException) const;
1951
1952 /**
1953 * C_DecryptFinal finishes a multiple-part decryption operation.
1954 * @param session the session's handle
1955 * @param last_part_ptr gets plaintext
1956 * @param last_part_len_ptr p-text size
1957 * @param return_value default value (`ThrowException`): throw exception on error.
1958 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1959 * At least the following PKCS#11 return values may be returned:
1960 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1961 * \li DeviceError \li DeviceMemory \li DeviceRemoved
1962 * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
1963 * \li FunctionFailed \li GeneralError \li HostMemory
1964 * \li OK \li OperationNotInitialized \li SessionClosed
1965 * \li SessionHandleInvalid \li UserNotLoggedIn
1966 * @return true on success, false otherwise
1967 */
1968 bool C_DecryptFinal(SessionHandle session,
1969 Byte* last_part_ptr,
1970 Ulong* last_part_len_ptr,
1971 ReturnValue* return_value = ThrowException) const;
1972
1973 /****************************** Message digesting functions ******************************/
1974
1975 /**
1976 * C_DigestInit initializes a message-digesting operation.
1977 * @param session the session's handle
1978 * @param mechanism_ptr the digesting mechanism
1979 * @param return_value default value (`ThrowException`): throw exception on error.
1980 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1981 * At least the following PKCS#11 return values may be returned:
1982 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1983 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1984 * \li FunctionFailed \li GeneralError \li HostMemory
1985 * \li MechanismInvalid \li MechanismParamInvalid \li OK
1986 * \li OperationActive \li PinExpired \li SessionClosed
1987 * \li SessionHandleInvalid \li UserNotLoggedIn
1988 * @return true on success, false otherwise
1989 */
1990 bool C_DigestInit(SessionHandle session,
1991 Mechanism* mechanism_ptr,
1992 ReturnValue* return_value = ThrowException) const;
1993
1994 /**
1995 * C_Digest digests data in a single part.
1996 * @param session the session's handle
1997 * @param data_ptr data to be digested
1998 * @param data_len bytes of data to digest
1999 * @param digest_ptr gets the message digest
2000 * @param digest_len_ptr gets digest length
2001 * @param return_value default value (`ThrowException`): throw exception on error.
2002 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2003 * At least the following PKCS#11 return values may be returned:
2004 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2005 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2006 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2007 * \li HostMemory \li OK \li OperationNotInitialized
2008 * \li SessionClosed \li SessionHandleInvalid
2009 * @return true on success, false otherwise
2010 */
2011 bool C_Digest(SessionHandle session,
2012 Byte* data_ptr,
2013 Ulong data_len,
2014 Byte* digest_ptr,
2015 Ulong* digest_len_ptr,
2016 ReturnValue* return_value = ThrowException) const;
2017
2018 /**
2019 * C_DigestUpdate continues a multiple-part message-digesting operation.
2020 * @param session the session's handle
2021 * @param part_ptr data to be digested
2022 * @param part_len bytes of data to be digested
2023 * @param return_value default value (`ThrowException`): throw exception on error.
2024 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2025 * At least the following PKCS#11 return values may be returned:
2026 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2027 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2028 * \li FunctionFailed \li GeneralError \li HostMemory
2029 * \li OK \li OperationNotInitialized \li SessionClosed
2030 * \li SessionHandleInvalid
2031 * @return true on success, false otherwise
2032 */
2033 bool C_DigestUpdate(SessionHandle session,
2034 Byte* part_ptr,
2035 Ulong part_len,
2036 ReturnValue* return_value = ThrowException) const;
2037
2038 /**
2039 * C_DigestKey continues a multi-part message-digesting operation, by digesting the value of a secret key as part of the data already digested.
2040 * @param session the session's handle
2041 * @param key secret key to digest
2042 * @param return_value default value (`ThrowException`): throw exception on error.
2043 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2044 * At least the following PKCS#11 return values may be returned:
2045 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
2046 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2047 * \li GeneralError \li HostMemory \li KeyHandleInvalid
2048 * \li KeyIndigestible \li KeySizeRange \li OK
2049 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2050 * @return true on success, false otherwise
2051 */
2052 bool C_DigestKey(SessionHandle session, ObjectHandle key, ReturnValue* return_value = ThrowException) const;
2053
2054 /**
2055 * C_DigestFinal finishes a multiple-part message-digesting operation.
2056 * @param session the session's handle
2057 * @param digest_ptr gets the message digest
2058 * @param digest_len_ptr gets uint8_t count of digest
2059 * @param return_value default value (`ThrowException`): throw exception on error.
2060 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2061 * At least the following PKCS#11 return values may be returned:
2062 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2063 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2064 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2065 * \li HostMemory \li OK \li OperationNotInitialized
2066 * \li SessionClosed \li SessionHandleInvalid
2067 * @return true on success, false otherwise
2068 */
2069 bool C_DigestFinal(SessionHandle session,
2070 Byte* digest_ptr,
2071 Ulong* digest_len_ptr,
2072 ReturnValue* return_value = ThrowException) const;
2073
2074 /****************************** Signing and MACing functions ******************************/
2075
2076 /**
2077 * C_SignInit initializes a signature (private key encryption) operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2078 * @param session the session's handle
2079 * @param mechanism_ptr the signature mechanism
2080 * @param key handle of signature key
2081 * @param return_value default value (`ThrowException`): throw exception on error.
2082 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2083 * At least the following PKCS#11 return values may be returned:
2084 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2085 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2086 * \li FunctionFailed \li GeneralError \li HostMemory
2087 * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
2088 * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
2089 * \li OK \li OperationActive \li PinExpired
2090 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2091 * @return true on success, false otherwise
2092 */
2093 bool C_SignInit(SessionHandle session,
2094 Mechanism* mechanism_ptr,
2095 ObjectHandle key,
2096 ReturnValue* return_value = ThrowException) const;
2097
2098 /**
2099 * C_Sign signs (encrypts with private key) data in a single part, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2100 * @param session the session's handle
2101 * @param data_ptr the data to sign
2102 * @param data_len count of bytes to sign
2103 * @param signature_ptr gets the signature
2104 * @param signature_len_ptr gets signature length
2105 * @param return_value default value (`ThrowException`): throw exception on error.
2106 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2107 * At least the following PKCS#11 return values may be returned:
2108 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2109 * \li DataInvalid \li DataLenRange \li DeviceError
2110 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2111 * \li FunctionFailed \li GeneralError \li HostMemory
2112 * \li OK \li OperationNotInitialized \li SessionClosed
2113 * \li SessionHandleInvalid \li UserNotLoggedIn \li FunctionRejected
2114 * @return true on success, false otherwise
2115 */
2116 bool C_Sign(SessionHandle session,
2117 const Byte* data_ptr,
2118 Ulong data_len,
2119 Byte* signature_ptr,
2120 Ulong* signature_len_ptr,
2121 ReturnValue* return_value = ThrowException) const;
2122
2123 /**
2124 * C_Sign signs (encrypts with private key) data in a single part, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2125 * @param session the session's handle
2126 * @param data the data to sign
2127 * @param signature gets the signature
2128 * @param return_value default value (`ThrowException`): throw exception on error.
2129 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2130 * At least the following PKCS#11 return values may be returned:
2131 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2132 * \li DataInvalid \li DataLenRange \li DeviceError
2133 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2134 * \li FunctionFailed \li GeneralError \li HostMemory
2135 * \li OK \li OperationNotInitialized \li SessionClosed
2136 * \li SessionHandleInvalid \li UserNotLoggedIn \li FunctionRejected
2137 * @return true on success, false otherwise
2138 */
2139 template <typename TAllocA, typename TAllocB>
2140 bool C_Sign(SessionHandle session,
2141 const std::vector<uint8_t, TAllocA>& data,
2142 std::vector<uint8_t, TAllocB>& signature,
2143 ReturnValue* return_value = ThrowException) const {
2144 Ulong signature_size = 0;
2145 if(!C_Sign(session, data.data(), static_cast<Ulong>(data.size()), nullptr, &signature_size, return_value)) {
2146 return false;
2147 }
2148
2149 signature.resize(signature_size);
2150 if(!C_Sign(session,
2151 data.data(),
2152 static_cast<Ulong>(data.size()),
2153 signature.data(),
2154 &signature_size,
2155 return_value)) {
2156 return false;
2157 }
2158 signature.resize(signature_size);
2159 return true;
2160 }
2161
2162 /**
2163 * C_SignUpdate continues a multiple-part signature operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2164 * @param session the session's handle
2165 * @param part_ptr the data to sign
2166 * @param part_len count of bytes to sign
2167 * @param return_value default value (`ThrowException`): throw exception on error.
2168 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2169 * At least the following PKCS#11 return values may be returned:
2170 * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2171 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2172 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2173 * \li HostMemory \li OK \li OperationNotInitialized
2174 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2175 * @return true on success, false otherwise
2176 */
2177 bool C_SignUpdate(SessionHandle session,
2178 const Byte* part_ptr,
2179 Ulong part_len,
2180 ReturnValue* return_value = ThrowException) const;
2181
2182 /**
2183 * C_SignUpdate continues a multiple-part signature operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2184 * @param session the session's handle
2185 * @param part the data to sign
2186 * @param return_value default value (`ThrowException`): throw exception on error.
2187 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2188 * At least the following PKCS#11 return values may be returned:
2189 * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2190 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2191 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2192 * \li HostMemory \li OK \li OperationNotInitialized
2193 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2194 * @return true on success, false otherwise
2195 */
2196 template <typename TAlloc>
2198 const std::vector<uint8_t, TAlloc>& part,
2199 ReturnValue* return_value = ThrowException) const {
2200 return C_SignUpdate(session, part.data(), static_cast<Ulong>(part.size()), return_value);
2201 }
2202
2203 /**
2204 * C_SignFinal finishes a multiple-part signature operation, returning the signature.
2205 * @param session the session's handle
2206 * @param signature_ptr gets the signature
2207 * @param signature_len_ptr gets signature length
2208 * @param return_value default value (`ThrowException`): throw exception on error.
2209 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2210 * At least the following PKCS#11 return values may be returned:
2211 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2212 * \li DataLenRange \li DeviceError \li DeviceMemory
2213 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2214 * \li GeneralError \li HostMemory \li OK
2215 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2216 * \li UserNotLoggedIn \li FunctionRejected
2217 * @return true on success, false otherwise
2218 */
2219 bool C_SignFinal(SessionHandle session,
2220 Byte* signature_ptr,
2221 Ulong* signature_len_ptr,
2222 ReturnValue* return_value = ThrowException) const;
2223
2224 /**
2225 * C_SignFinal finishes a multiple-part signature operation, returning the signature.
2226 * @param session the session's handle
2227 * @param signature gets the signature
2228 * @param return_value default value (`ThrowException`): throw exception on error.
2229 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2230 * At least the following PKCS#11 return values may be returned:
2231 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2232 * \li DataLenRange \li DeviceError \li DeviceMemory
2233 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2234 * \li GeneralError \li HostMemory \li OK
2235 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2236 * \li UserNotLoggedIn \li FunctionRejected
2237 * @return true on success, false otherwise
2238 */
2239 template <typename TAlloc>
2241 std::vector<uint8_t, TAlloc>& signature,
2242 ReturnValue* return_value = ThrowException) const {
2243 Ulong signature_size = 0;
2244 if(!C_SignFinal(session, nullptr, &signature_size, return_value)) {
2245 return false;
2246 }
2247
2248 signature.resize(signature_size);
2249 if(!C_SignFinal(session, signature.data(), &signature_size, return_value)) {
2250 return false;
2251 }
2252 signature.resize(signature_size);
2253 return true;
2254 }
2255
2256 /**
2257 * C_SignRecoverInit initializes a signature operation, where the data can be recovered from the signature.
2258 * @param session the session's handle
2259 * @param mechanism_ptr the signature mechanism
2260 * @param key handle of the signature key
2261 * @param return_value default value (`ThrowException`): throw exception on error.
2262 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2263 * At least the following PKCS#11 return values may be returned:
2264 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2265 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2266 * \li FunctionFailed \li GeneralError \li HostMemory
2267 * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
2268 * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
2269 * \li OK \li OperationActive \li PinExpired
2270 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2271 * @return true on success, false otherwise
2272 */
2273 bool C_SignRecoverInit(SessionHandle session,
2274 Mechanism* mechanism_ptr,
2275 ObjectHandle key,
2276 ReturnValue* return_value = ThrowException) const;
2277
2278 /**
2279 * C_SignRecover signs data in a single operation, where the data can be recovered from the signature.
2280 * @param session the session's handle
2281 * @param data_ptr the data to sign
2282 * @param data_len count of bytes to sign
2283 * @param signature_ptr gets the signature
2284 * @param signature_len_ptr gets signature length
2285 * @param return_value default value (`ThrowException`): throw exception on error.
2286 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2287 * At least the following PKCS#11 return values may be returned:
2288 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2289 * \li DataInvalid \li DataLenRange \li DeviceError
2290 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2291 * \li FunctionFailed \li GeneralError \li HostMemory
2292 * \li OK \li OperationNotInitialized \li SessionClosed
2293 * \li SessionHandleInvalid \li UserNotLoggedIn
2294 * @return true on success, false otherwise
2295 */
2296 bool C_SignRecover(SessionHandle session,
2297 Byte* data_ptr,
2298 Ulong data_len,
2299 Byte* signature_ptr,
2300 Ulong* signature_len_ptr,
2301 ReturnValue* return_value = ThrowException) const;
2302
2303 /****************************** Functions for verifying signatures and MACs ******************************/
2304
2305 /**
2306 * C_VerifyInit initializes a verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature (e.g. DSA).
2307 * @param session the session's handle
2308 * @param mechanism_ptr the verification mechanism
2309 * @param key verification key
2310 * @param return_value default value (`ThrowException`): throw exception on error.
2311 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2312 * At least the following PKCS#11 return values may be returned:
2313 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2314 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2315 * \li FunctionFailed \li GeneralError \li HostMemory
2316 * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
2317 * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
2318 * \li OK \li OperationActive \li PinExpired
2319 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2320 * @return true on success, false otherwise
2321 */
2322 bool C_VerifyInit(SessionHandle session,
2323 Mechanism* mechanism_ptr,
2324 ObjectHandle key,
2325 ReturnValue* return_value = ThrowException) const;
2326
2327 /**
2328 * C_Verify verifies a signature in a single-part operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
2329 * @param session the session's handle
2330 * @param data_ptr signed data
2331 * @param data_len length of signed data
2332 * @param signature_ptr signature
2333 * @param signature_len signature length
2334 * @param return_value default value (`ThrowException`): throw exception on error.
2335 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2336 * At least the following PKCS#11 return values may be returned:
2337 * \li ArgumentsBad \li CryptokiNotInitialized \li DataInvalid
2338 * \li DataLenRange \li DeviceError \li DeviceMemory
2339 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2340 * \li GeneralError \li HostMemory \li OK
2341 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2342 * \li SignatureInvalid \li SignatureLenRange
2343 * @return true on success, false otherwise
2344 */
2345 bool C_Verify(SessionHandle session,
2346 const Byte* data_ptr,
2347 Ulong data_len,
2348 const Byte* signature_ptr,
2349 Ulong signature_len,
2350 ReturnValue* return_value = ThrowException) const;
2351
2352 /**
2353 * C_Verify verifies a signature in a single-part operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
2354 * @param session the session's handle
2355 * @param data signed data
2356 * @param signature signature
2357 * @param return_value default value (`ThrowException`): throw exception on error.
2358 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2359 * At least the following PKCS#11 return values may be returned:
2360 * \li ArgumentsBad \li CryptokiNotInitialized \li DataInvalid
2361 * \li DataLenRange \li DeviceError \li DeviceMemory
2362 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2363 * \li GeneralError \li HostMemory \li OK
2364 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2365 * \li SignatureInvalid \li SignatureLenRange
2366 * @return true on success, false otherwise
2367 */
2368 template <typename TAllocA, typename TAllocB>
2370 const std::vector<uint8_t, TAllocA>& data,
2371 std::vector<uint8_t, TAllocB>& signature,
2372 ReturnValue* return_value = ThrowException) const {
2373 return C_Verify(session,
2374 data.data(),
2375 static_cast<Ulong>(data.size()),
2376 signature.data(),
2377 static_cast<Ulong>(signature.size()),
2378 return_value);
2379 }
2380
2381 /**
2382 * C_VerifyUpdate continues a multiple-part verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
2383 * @param session the session's handle
2384 * @param part_ptr signed data
2385 * @param part_len length of signed data
2386 * @param return_value default value (`ThrowException`): throw exception on error.
2387 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2388 * At least the following PKCS#11 return values may be returned:
2389 * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2390 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2391 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2392 * \li HostMemory \li OK \li OperationNotInitialized
2393 * \li SessionClosed \li SessionHandleInvalid
2394 * @return true on success, false otherwise
2395 */
2396 bool C_VerifyUpdate(SessionHandle session,
2397 const Byte* part_ptr,
2398 Ulong part_len,
2399 ReturnValue* return_value = ThrowException) const;
2400
2401 /**
2402 * C_VerifyUpdate continues a multiple-part verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
2403 * @param session the session's handle
2404 * @param part signed data
2405 * @param return_value default value (`ThrowException`): throw exception on error.
2406 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2407 * At least the following PKCS#11 return values may be returned:
2408 * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2409 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2410 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2411 * \li HostMemory \li OK \li OperationNotInitialized
2412 * \li SessionClosed \li SessionHandleInvalid
2413 * @return true on success, false otherwise
2414 */
2415 template <typename TAlloc>
2417 std::vector<uint8_t, TAlloc> part,
2418 ReturnValue* return_value = ThrowException) const {
2419 return C_VerifyUpdate(session, part.data(), static_cast<Ulong>(part.size()), return_value);
2420 }
2421
2422 /**
2423 * C_VerifyFinal finishes a multiple-part verification operation, checking the signature.
2424 * @param session the session's handle
2425 * @param signature_ptr signature to verify
2426 * @param signature_len signature length
2427 * @param return_value default value (`ThrowException`): throw exception on error.
2428 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2429 * At least the following PKCS#11 return values may be returned:
2430 * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2431 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2432 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2433 * \li HostMemory \li OK \li OperationNotInitialized
2434 * \li SessionClosed \li SessionHandleInvalid \li SignatureInvalid
2435 * \li SignatureLenRange
2436 * @return true on success, false otherwise
2437 */
2438 bool C_VerifyFinal(SessionHandle session,
2439 const Byte* signature_ptr,
2440 Ulong signature_len,
2441 ReturnValue* return_value = ThrowException) const;
2442
2443 /**
2444 * C_VerifyRecoverInit initializes a signature verification operation, where the data is recovered from the signature.
2445 * @param session the session's handle
2446 * @param mechanism_ptr the verification mechanism
2447 * @param key verification key
2448 * @param return_value default value (`ThrowException`): throw exception on error.
2449 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2450 * At least the following PKCS#11 return values may be returned:
2451 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2452 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2453 * \li FunctionFailed \li GeneralError \li HostMemory
2454 * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
2455 * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
2456 * \li OK \li OperationActive \li PinExpired
2457 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2458 * @return true on success, false otherwise
2459 */
2460 bool C_VerifyRecoverInit(SessionHandle session,
2461 Mechanism* mechanism_ptr,
2462 ObjectHandle key,
2463 ReturnValue* return_value = ThrowException) const;
2464
2465 /**
2466 * C_VerifyRecover verifies a signature in a single-part operation, where the data is recovered from the signature.
2467 * @param session the session's handle
2468 * @param signature_ptr signature to verify
2469 * @param signature_len signature length
2470 * @param data_ptr gets signed data
2471 * @param data_len_ptr gets signed data len
2472 * @param return_value default value (`ThrowException`): throw exception on error.
2473 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2474 * At least the following PKCS#11 return values may be returned:
2475 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2476 * \li DataInvalid \li DataLenRange \li DeviceError
2477 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2478 * \li FunctionFailed \li GeneralError \li HostMemory
2479 * \li OK \li OperationNotInitialized \li SessionClosed
2480 * \li SessionHandleInvalid \li SignatureLenRange \li SignatureInvalid
2481 * @return true on success, false otherwise
2482 */
2483 bool C_VerifyRecover(SessionHandle session,
2484 Byte* signature_ptr,
2485 Ulong signature_len,
2486 Byte* data_ptr,
2487 Ulong* data_len_ptr,
2488 ReturnValue* return_value = ThrowException) const;
2489
2490 /****************************** Dual-purpose cryptographic functions ******************************/
2491
2492 /**
2493 * C_DigestEncryptUpdate continues a multiple-part digesting and encryption operation.
2494 * @param session session's handle
2495 * @param part_ptr the plaintext data
2496 * @param part_len plaintext length
2497 * @param encrypted_part_ptr gets ciphertext
2498 * @param encrypted_part_len_ptr gets c-text length
2499 * @param return_value default value (`ThrowException`): throw exception on error.
2500 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2501 * At least the following PKCS#11 return values may be returned:
2502 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2503 * \li DataLenRange \li DeviceError \li DeviceMemory
2504 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2505 * \li GeneralError \li HostMemory \li OK
2506 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2507 * @return true on success, false otherwise
2508 */
2509 bool C_DigestEncryptUpdate(SessionHandle session,
2510 Byte* part_ptr,
2511 Ulong part_len,
2512 Byte* encrypted_part_ptr,
2513 Ulong* encrypted_part_len_ptr,
2514 ReturnValue* return_value = ThrowException) const;
2515
2516 /**
2517 * C_DecryptDigestUpdate continues a multiple-part decryption and digesting operation.
2518 * @param session session's handle
2519 * @param encrypted_part_ptr ciphertext
2520 * @param encrypted_part_len ciphertext length
2521 * @param part_ptr gets plaintext
2522 * @param part_len_ptr gets plaintext len
2523 * @param return_value default value (`ThrowException`): throw exception on error.
2524 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2525 * At least the following PKCS#11 return values may be returned:
2526 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2527 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2528 * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
2529 * \li FunctionFailed \li GeneralError \li HostMemory
2530 * \li OK \li OperationNotInitialized \li SessionClosed
2531 * \li SessionHandleInvalid
2532 * @return true on success, false otherwise
2533 */
2534 bool C_DecryptDigestUpdate(SessionHandle session,
2535 Byte* encrypted_part_ptr,
2536 Ulong encrypted_part_len,
2537 Byte* part_ptr,
2538 Ulong* part_len_ptr,
2539 ReturnValue* return_value = ThrowException) const;
2540
2541 /**
2542 * C_SignEncryptUpdate continues a multiple-part signing and encryption operation.
2543 * @param session session's handle
2544 * @param part_ptr the plaintext data
2545 * @param part_len plaintext length
2546 * @param encrypted_part_ptr gets ciphertext
2547 * @param encrypted_part_len_ptr gets c-text length
2548 * @param return_value default value (`ThrowException`): throw exception on error.
2549 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2550 * At least the following PKCS#11 return values may be returned:
2551 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2552 * \li DataLenRange \li DeviceError \li DeviceMemory
2553 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2554 * \li GeneralError \li HostMemory \li OK
2555 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2556 * \li UserNotLoggedIn
2557 * @return true on success, false otherwise
2558 */
2559 bool C_SignEncryptUpdate(SessionHandle session,
2560 Byte* part_ptr,
2561 Ulong part_len,
2562 Byte* encrypted_part_ptr,
2563 Ulong* encrypted_part_len_ptr,
2564 ReturnValue* return_value = ThrowException) const;
2565
2566 /**
2567 * C_DecryptVerifyUpdate continues a multiple-part decryption and verify operation.
2568 * @param session session's handle
2569 * @param encrypted_part_ptr ciphertext
2570 * @param encrypted_part_len ciphertext length
2571 * @param part_ptr gets plaintext
2572 * @param part_len_ptr gets p-text length
2573 * @param return_value default value (`ThrowException`): throw exception on error.
2574 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2575 * At least the following PKCS#11 return values may be returned:
2576 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2577 * \li DataLenRange \li DeviceError \li DeviceMemory
2578 * \li DeviceRemoved \li EncryptedDataInvalid \li EncryptedDataLenRange
2579 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2580 * \li HostMemory \li OK \li OperationNotInitialized
2581 * \li SessionClosed \li SessionHandleInvalid
2582 * @return true on success, false otherwise
2583 */
2584 bool C_DecryptVerifyUpdate(SessionHandle session,
2585 Byte* encrypted_part_ptr,
2586 Ulong encrypted_part_len,
2587 Byte* part_ptr,
2588 Ulong* part_len_ptr,
2589 ReturnValue* return_value = ThrowException) const;
2590
2591 /****************************** Key management functions ******************************/
2592
2593 /**
2594 * C_GenerateKey generates a secret key, creating a new key object.
2595 * @param session the session's handle
2596 * @param mechanism_ptr key generation mech.
2597 * @param attribute_template_ptr template for new key
2598 * @param count # of attrs in template
2599 * @param key_ptr gets handle of new key
2600 * @param return_value default value (`ThrowException`): throw exception on error.
2601 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2602 * At least the following PKCS#11 return values may be returned:
2603 * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
2604 * \li AttributeValueInvalid \li CryptokiNotInitialized \li CurveNotSupported
2605 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2606 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2607 * \li HostMemory \li MechanismInvalid \li MechanismParamInvalid
2608 * \li OK \li OperationActive \li PinExpired
2609 * \li SessionClosed \li SessionHandleInvalid \li SessionReadOnly
2610 * \li TemplateIncomplete \li TemplateInconsistent \li TokenWriteProtected
2611 * \li UserNotLoggedIn
2612 * @return true on success, false otherwise
2613 */
2614 bool C_GenerateKey(SessionHandle session,
2615 Mechanism* mechanism_ptr,
2616 Attribute* attribute_template_ptr,
2617 Ulong count,
2618 ObjectHandle* key_ptr,
2619 ReturnValue* return_value = ThrowException) const;
2620
2621 /**
2622 * C_GenerateKeyPair generates a public-key/private-key pair, creating new key objects.
2623 * @param session session handle
2624 * @param mechanism_ptr key-gen mech.
2625 * @param public_key_template_ptr template for pub. key
2626 * @param public_key_attribute_count # pub. attrs.
2627 * @param private_key_template_ptr template for priv. key
2628 * @param private_key_attribute_count # priv. attrs.
2629 * @param public_key_ptr gets pub. key handle
2630 * @param private_key_ptr gets priv. key handle
2631 * @param return_value default value (`ThrowException`): throw exception on error.
2632 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2633 * At least the following PKCS#11 return values may be returned:
2634 * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
2635 * \li AttributeValueInvalid \li CryptokiNotInitialized \li CurveNotSupported
2636 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2637 * \li DomainParamsInvalid \li FunctionCanceled \li FunctionFailed
2638 * \li GeneralError \li HostMemory \li MechanismInvalid
2639 * \li MechanismParamInvalid \li OK \li OperationActive
2640 * \li PinExpired \li SessionClosed \li SessionHandleInvalid
2641 * \li SessionReadOnly \li TemplateIncomplete \li TemplateInconsistent
2642 * \li TokenWriteProtected \li UserNotLoggedIn
2643 * @return true on success, false otherwise
2644 */
2645 bool C_GenerateKeyPair(SessionHandle session,
2646 Mechanism* mechanism_ptr,
2647 Attribute* public_key_template_ptr,
2648 Ulong public_key_attribute_count,
2649 Attribute* private_key_template_ptr,
2650 Ulong private_key_attribute_count,
2651 ObjectHandle* public_key_ptr,
2652 ObjectHandle* private_key_ptr,
2653 ReturnValue* return_value = ThrowException) const;
2654
2655 /**
2656 * C_WrapKey wraps (i.e., encrypts) a key.
2657 * @param session the session's handle
2658 * @param mechanism_ptr the wrapping mechanism
2659 * @param wrapping_key wrapping key
2660 * @param key key to be wrapped
2661 * @param wrapped_key_ptr gets wrapped key
2662 * @param wrapped_key_len_ptr gets wrapped key size
2663 * @param return_value default value (`ThrowException`): throw exception on error.
2664 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2665 * At least the following PKCS#11 return values may be returned:
2666 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2667 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2668 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2669 * \li HostMemory \li KeyHandleInvalid \li KeyNotWrappable
2670 * \li KeySizeRange \li KeyUnextractable \li MechanismInvalid
2671 * \li MechanismParamInvalid \li OK \li OperationActive
2672 * \li PinExpired \li SessionClosed \li SessionHandleInvalid
2673 * \li UserNotLoggedIn \li WrappingKeyHandleInvalid \li WrappingKeySizeRange
2674 * \li WrappingKeyTypeInconsistent
2675 * @return true on success, false otherwise
2676 */
2677 bool C_WrapKey(SessionHandle session,
2678 Mechanism* mechanism_ptr,
2679 ObjectHandle wrapping_key,
2680 ObjectHandle key,
2681 Byte* wrapped_key_ptr,
2682 Ulong* wrapped_key_len_ptr,
2683 ReturnValue* return_value = ThrowException) const;
2684
2685 /**
2686 * C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new key object.
2687 * @param session session's handle
2688 * @param mechanism_ptr unwrapping mech.
2689 * @param unwrapping_key unwrapping key
2690 * @param wrapped_key_ptr the wrapped key
2691 * @param wrapped_key_len wrapped key len
2692 * @param attribute_template_ptr new key template
2693 * @param attribute_count template length
2694 * @param key_ptr gets new handle
2695 * @param return_value default value (`ThrowException`): throw exception on error.
2696 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2697 * At least the following PKCS#11 return values may be returned:
2698 * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
2699 * \li AttributeValueInvalid \li BufferTooSmall \li CryptokiNotInitialized
2700 * \li CurveNotSupported \li DeviceError \li DeviceMemory
2701 * \li DeviceRemoved \li DomainParamsInvalid \li FunctionCanceled
2702 * \li FunctionFailed \li GeneralError \li HostMemory
2703 * \li MechanismInvalid \li MechanismParamInvalid \li OK
2704 * \li OperationActive \li PinExpired \li SessionClosed
2705 * \li SessionHandleInvalid \li SessionReadOnly \li TemplateIncomplete
2706 * \li TemplateInconsistent \li TokenWriteProtected \li UnwrappingKeyHandleInvalid
2707 * \li UnwrappingKeySizeRange \li UnwrappingKeyTypeInconsistent \li UserNotLoggedIn
2708 * \li WrappedKeyInvalid \li WrappedKeyLenRange
2709 * @return true on success, false otherwise
2710 */
2711 bool C_UnwrapKey(SessionHandle session,
2712 Mechanism* mechanism_ptr,
2713 ObjectHandle unwrapping_key,
2714 Byte* wrapped_key_ptr,
2715 Ulong wrapped_key_len,
2716 Attribute* attribute_template_ptr,
2717 Ulong attribute_count,
2718 ObjectHandle* key_ptr,
2719 ReturnValue* return_value = ThrowException) const;
2720
2721 /**
2722 * C_DeriveKey derives a key from a base key, creating a new key object.
2723 * @param session session's handle
2724 * @param mechanism_ptr key deriv. mech.
2725 * @param base_key base key
2726 * @param attribute_template_ptr new key template
2727 * @param attribute_count template length
2728 * @param key_ptr gets new handle
2729 * @param return_value default value (`ThrowException`): throw exception on error.
2730 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2731 * At least the following PKCS#11 return values may be returned:
2732 * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
2733 * \li AttributeValueInvalid \li CryptokiNotInitialized \li CurveNotSupported
2734 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2735 * \li DomainParamsInvalid \li FunctionCanceled \li FunctionFailed
2736 * \li GeneralError \li HostMemory \li KeyHandleInvalid
2737 * \li KeySizeRange \li KeyTypeInconsistent \li MechanismInvalid
2738 * \li MechanismParamInvalid \li OK \li OperationActive
2739 * \li PinExpired \li SessionClosed \li SessionHandleInvalid
2740 * \li SessionReadOnly \li TemplateIncomplete \li TemplateInconsistent
2741 * \li TokenWriteProtected \li UserNotLoggedIn
2742 * @return true on success, false otherwise
2743 */
2744 bool C_DeriveKey(SessionHandle session,
2745 Mechanism* mechanism_ptr,
2746 ObjectHandle base_key,
2747 Attribute* attribute_template_ptr,
2748 Ulong attribute_count,
2749 ObjectHandle* key_ptr,
2750 ReturnValue* return_value = ThrowException) const;
2751
2752 /****************************** Random number generation functions ******************************/
2753
2754 /**
2755 * C_SeedRandom mixes additional seed material into the token's random number generator.
2756 * @param session the session's handle
2757 * @param seed_ptr the seed material
2758 * @param seed_len length of seed material
2759 * @param return_value default value (`ThrowException`): throw exception on error.
2760 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2761 * At least the following PKCS#11 return values may be returned:
2762 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2763 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2764 * \li FunctionFailed \li GeneralError \li HostMemory
2765 * \li OK \li OperationActive \li RandomSeedNotSupported
2766 * \li RandomNoRng \li SessionClosed \li SessionHandleInvalid
2767 * \li UserNotLoggedIn
2768 * @return true on success, false otherwise
2769 */
2770 bool C_SeedRandom(SessionHandle session,
2771 const Byte* seed_ptr,
2772 Ulong seed_len,
2773 ReturnValue* return_value = ThrowException) const;
2774
2775 /**
2776 * C_GenerateRandom generates random data.
2777 * @param session the session's handle
2778 * @param random_data_ptr receives the random data
2779 * @param random_len # of bytes to generate
2780 * @param return_value default value (`ThrowException`): throw exception on error.
2781 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2782 * At least the following PKCS#11 return values may be returned:
2783 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2784 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2785 * \li FunctionFailed \li GeneralError \li HostMemory
2786 * \li OK \li OperationActive \li RandomNoRng
2787 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2788 * @return true on success, false otherwise
2789 */
2790 bool C_GenerateRandom(SessionHandle session,
2791 Byte* random_data_ptr,
2792 Ulong random_len,
2793 ReturnValue* return_value = ThrowException) const;
2794
2795 /****************************** Parallel function management functions ******************************/
2796
2797 /**
2798 * C_GetFunctionStatus is a legacy function; it obtains an updated status of a function running in parallel with an application.
2799 * @param session the session's handle
2800 * @param return_value default value (`ThrowException`): throw exception on error.
2801 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2802 * At least the following PKCS#11 return values may be returned:
2803 * \li CryptokiNotInitialized \li FunctionFailed \li FunctionNotParallel
2804 * \li GeneralError \li HostMemory \li SessionHandleInvalid
2805 * \li SessionClosed
2806 * @return true on success, false otherwise
2807 */
2808 bool C_GetFunctionStatus(SessionHandle session, ReturnValue* return_value = ThrowException) const;
2809
2810 /**
2811 * C_CancelFunction is a legacy function; it cancels a function running in parallel.
2812 * @param session the session's handle
2813 * @param return_value default value (`ThrowException`): throw exception on error.
2814 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2815 * At least the following PKCS#11 return values may be returned:
2816 * \li CryptokiNotInitialized \li FunctionFailed \li FunctionNotParallel
2817 * \li GeneralError \li HostMemory \li SessionHandleInvalid
2818 * \li SessionClosed
2819 * @return true on success, false otherwise
2820 */
2821 bool C_CancelFunction(SessionHandle session, ReturnValue* return_value = ThrowException) const;
2822
2823 /**
2824 * Return the PKCS11 function list that this LowLevel class contains.
2825 *
2826 * This is primarily useful when invoking vendor specific extension
2827 * functions which are not supported directly by LowLevel or the higher
2828 * level PKCS11 API.
2829 */
2830 FunctionListPtr get_functions() const { return m_func_list_ptr; }
2831
2832 protected:
2833 /**
2834 * A helper for error handling. This is exposed as a protected member so that
2835 * it is possible for an application to inherit from LowLevel in order to
2836 * implement wrappers for vendor specific extensions using the same error
2837 * handling mechanisms as the rest of the library.
2838 */
2839 static bool handle_return_value(CK_RV function_result, ReturnValue* return_value);
2840
2841 private:
2842 const FunctionListPtr m_func_list_ptr;
2843};
2844
2846 public:
2847 explicit PKCS11_Error(std::string_view what) : Exception("PKCS11 error", what) {}
2848
2849 ErrorType error_type() const noexcept override { return ErrorType::Pkcs11Error; }
2850};
2851
2853 public:
2854 explicit PKCS11_ReturnError(ReturnValue return_val) :
2855 PKCS11_Error(std::to_string(static_cast<uint32_t>(return_val))), m_return_val(return_val) {}
2856
2857 inline ReturnValue get_return_value() const { return m_return_val; }
2858
2859 int error_code() const noexcept override { return static_cast<int>(m_return_val); }
2860
2861 private:
2862 const ReturnValue m_return_val;
2863};
2864
2865} // namespace PKCS11
2866
2867} // namespace Botan
2868
2869#endif
Provides access to all PKCS#11 functions.
Definition p11.h:878
bool C_InitPIN(SessionHandle session, const std::vector< uint8_t, TAlloc > &pin, ReturnValue *return_value=ThrowException) const
Definition p11.h:1171
bool C_SetAttributeValue(SessionHandle session, ObjectHandle object, std::map< AttributeType, std::vector< uint8_t, TAlloc > > &attribute_values, ReturnValue *return_value=ThrowException) const
Definition p11.h:1623
bool C_Sign(SessionHandle session, const std::vector< uint8_t, TAllocA > &data, std::vector< uint8_t, TAllocB > &signature, ReturnValue *return_value=ThrowException) const
Definition p11.h:2140
bool C_SetPIN(SessionHandle session, const std::vector< uint8_t, TAlloc > &old_pin, const std::vector< uint8_t, TAlloc > &new_pin, ReturnValue *return_value=ThrowException) const
Definition p11.h:1222
bool C_SignUpdate(SessionHandle session, const std::vector< uint8_t, TAlloc > &part, ReturnValue *return_value=ThrowException) const
Definition p11.h:2197
bool C_InitToken(SlotId slot_id, const std::vector< uint8_t, TAlloc > &so_pin, std::string_view label, ReturnValue *return_value=ThrowException) const
Definition p11.h:1118
bool C_Login(SessionHandle session, UserType user_type, const std::vector< uint8_t, TAlloc > &pin, ReturnValue *return_value=ThrowException) const
Definition p11.h:1392
bool C_Encrypt(SessionHandle session, const std::vector< uint8_t, TAllocA > &plaintext_data, std::vector< uint8_t, TAllocB > &encrypted_data, ReturnValue *return_value=ThrowException) const
Definition p11.h:1763
bool C_Verify(SessionHandle session, const std::vector< uint8_t, TAllocA > &data, std::vector< uint8_t, TAllocB > &signature, ReturnValue *return_value=ThrowException) const
Definition p11.h:2369
bool C_Decrypt(SessionHandle session, const std::vector< uint8_t, TAllocA > &encrypted_data, std::vector< uint8_t, TAllocB > &decrypted_data, ReturnValue *return_value=ThrowException) const
Definition p11.h:1900
bool C_VerifyUpdate(SessionHandle session, std::vector< uint8_t, TAlloc > part, ReturnValue *return_value=ThrowException) const
Definition p11.h:2416
bool C_SignFinal(SessionHandle session, std::vector< uint8_t, TAlloc > &signature, ReturnValue *return_value=ThrowException) const
Definition p11.h:2240
FunctionListPtr get_functions() const
Definition p11.h:2830
bool C_GetAttributeValue(SessionHandle session, ObjectHandle object, std::map< AttributeType, std::vector< uint8_t, TAlloc > > &attribute_values, ReturnValue *return_value=ThrowException) const
Definition p11.h:1546
ErrorType error_type() const noexcept override
Definition p11.h:2849
PKCS11_Error(std::string_view what)
Definition p11.h:2847
int error_code() const noexcept override
Definition p11.h:2859
ReturnValue get_return_value() const
Definition p11.h:2857
PKCS11_ReturnError(ReturnValue return_val)
Definition p11.h:2854
int(* final)(unsigned char *, CTX *)
#define BOTAN_PUBLIC_API(maj, min)
Definition compiler.h:31
CK_SLOT_ID SlotId
Definition p11.h:813
CK_DESTROYMUTEX DestroyMutex
Definition p11.h:807
ReturnValue * ThrowException
Definition p11.cpp:21
CK_CREATEMUTEX CreateMutex
Definition p11.h:806
PublicPointEncoding
Definition p11.h:801
secure_vector< uint8_t > secure_string
Definition p11.h:59
AttributeType
Definition p11.h:61
CK_NOTIFY Notify
Definition p11.h:820
CertificateType
Definition p11.h:172
void change_pin(Slot &slot, const secure_string &old_pin, const secure_string &new_pin)
Definition p11.cpp:46
CK_OBJECT_HANDLE ObjectHandle
Definition p11.h:824
void change_so_pin(Slot &slot, const secure_string &old_so_pin, const secure_string &new_so_pin)
Definition p11.cpp:52
CK_UNLOCKMUTEX UnlockMutex
Definition p11.h:809
CK_FUNCTION_LIST_PTR FunctionListPtr
Definition p11.h:803
CK_BYTE Byte
Definition p11.h:825
CK_VOID_PTR VoidPtr
Definition p11.h:804
CK_FLAGS Flags
Definition p11.h:810
Flag operator|(Flag a, Flag b)
Definition p11.h:258
const Bbool True
Definition p11.h:833
CK_UTF8CHAR Utf8Char
Definition p11.h:819
CK_ULONG Ulong
Definition p11.h:814
const Bbool False
Definition p11.h:834
CK_BBOOL Bbool
Definition p11.h:812
void set_pin(Slot &slot, const secure_string &so_pin, const secure_string &pin)
Definition p11.cpp:58
CertificateCategory
Definition p11.h:181
Flags flags(Flag flags)
Definition p11.h:836
void initialize_token(Slot &slot, std::string_view label, const secure_string &so_pin, const secure_string &pin)
Definition p11.cpp:41
CK_LOCKMUTEX LockMutex
Definition p11.h:808
CK_SESSION_HANDLE SessionHandle
Definition p11.h:821
ErrorType
Definition exceptn.h:20
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61
#define CKD_NULL
Definition pkcs11t.h:1290
#define CKA_NEVER_EXTRACTABLE
Definition pkcs11t.h:496
struct CK_DATE CK_DATE
#define CKM_SEED_KEY_GEN
Definition pkcs11t.h:856
#define CKM_TLS_MASTER_KEY_DERIVE
Definition pkcs11t.h:775
#define CKD_SHA1_KDF
Definition pkcs11t.h:1291
#define CKD_SHA256_KDF
Definition pkcs11t.h:1297
#define CKR_NEXT_OTP
Definition pkcs11t.h:1148
#define CKK_DES3
Definition pkcs11t.h:351
#define CKM_DSA_PARAMETER_GEN
Definition pkcs11t.h:957
#define CKR_SESSION_COUNT
Definition pkcs11t.h:1097
#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE
Definition pkcs11t.h:816
#define CKM_CONCATENATE_BASE_AND_DATA
Definition pkcs11t.h:765
#define CKM_PKCS5_PBKD2
Definition pkcs11t.h:807
#define CKM_AES_GMAC
Definition pkcs11t.h:928
#define CKM_KIP_DERIVE
Definition pkcs11t.h:833
#define CKR_DEVICE_MEMORY
Definition pkcs11t.h:1061
#define CKA_JAVA_MIDP_SECURITY_DOMAIN
Definition pkcs11t.h:452
#define CKM_SSL3_SHA1_MAC
Definition pkcs11t.h:782
#define CKA_OTP_TIME_INTERVAL
Definition pkcs11t.h:522
#define CKK_RC4
Definition pkcs11t.h:348
#define CKA_TOKEN
Definition pkcs11t.h:438
#define CKA_SECONDARY_AUTH
Definition pkcs11t.h:510
#define CKR_GENERAL_ERROR
Definition pkcs11t.h:1043
#define CKR_MECHANISM_INVALID
Definition pkcs11t.h:1083
#define CKR_SLOT_ID_INVALID
Definition pkcs11t.h:1041
#define CKC_VENDOR_DEFINED
Definition pkcs11t.h:410
#define CKG_MGF1_SHA256
Definition pkcs11t.h:1247
#define CKM_SSL3_MASTER_KEY_DERIVE
Definition pkcs11t.h:770
#define CKM_RSA_PKCS
Definition pkcs11t.h:587
#define CKM_ECDSA_SHA1
Definition pkcs11t.h:892
#define CKR_KEY_CHANGED
Definition pkcs11t.h:1076
#define CKK_SHA224_HMAC
Definition pkcs11t.h:378
#define CKM_IDEA_ECB
Definition pkcs11t.h:758
#define CKD_SHA512_KDF
Definition pkcs11t.h:1299
#define CKA_START_DATE
Definition pkcs11t.h:472
#define CKK_DH
Definition pkcs11t.h:341
#define CKK_RC5
Definition pkcs11t.h:356
#define CKR_ATTRIBUTE_TYPE_INVALID
Definition pkcs11t.h:1053
#define CKA_OTP_SERVICE_IDENTIFIER
Definition pkcs11t.h:531
CK_BYTE CK_UTF8CHAR
Definition pkcs11t.h:42
#define CKM_GOSTR3411_HMAC
Definition pkcs11t.h:950
#define CKM_WTLS_PRE_MASTER_KEY_GEN
Definition pkcs11t.h:811
#define CKA_AUTH_PIN_FLAGS
Definition pkcs11t.h:511
#define CKM_DES3_CMAC
Definition pkcs11t.h:672
#define CKM_RC2_MAC
Definition pkcs11t.h:648
#define CKM_SHA256_KEY_DERIVATION
Definition pkcs11t.h:787
#define CKA_SERIAL_NUMBER
Definition pkcs11t.h:446
#define CKK_DES2
Definition pkcs11t.h:350
#define CKM_CAST5_MAC_GENERAL
Definition pkcs11t.h:747
#define CKF_LOGIN_REQUIRED
Definition pkcs11t.h:157
#define CKF_HW_SLOT
Definition pkcs11t.h:124
#define CKO_PUBLIC_KEY
Definition pkcs11t.h:312
#define CKF_EC_UNCOMPRESS
Definition pkcs11t.h:1026
#define CKA_SUB_PRIME_BITS
Definition pkcs11t.h:490
#define CKM_RSA_X_509
Definition pkcs11t.h:589
#define CKF_LIBRARY_CANT_CREATE_OS_THREADS
Definition pkcs11t.h:1225
#define CKM_SEED_MAC_GENERAL
Definition pkcs11t.h:860
#define CKF_PROTECTED_AUTHENTICATION_PATH
Definition pkcs11t.h:177
#define CKA_ISSUER
Definition pkcs11t.h:445
#define CKM_ARIA_KEY_GEN
Definition pkcs11t.h:847
#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY
Definition pkcs11t.h:454
#define CKR_FUNCTION_CANCELED
Definition pkcs11t.h:1065
#define CKM_DSA_PROBABLISTIC_PARAMETER_GEN
Definition pkcs11t.h:960
#define CKM_AES_CTR
Definition pkcs11t.h:919
#define CKM_TLS12_MAC
Definition pkcs11t.h:820
#define CKM_DES3_CBC
Definition pkcs11t.h:666
#define CKM_TWOFISH_CBC_PAD
Definition pkcs11t.h:935
#define CKM_AES_CMAC
Definition pkcs11t.h:923
#define CKM_SKIPJACK_CFB8
Definition pkcs11t.h:872
#define CKM_RSA_X9_31_KEY_PAIR_GEN
Definition pkcs11t.h:599
#define CKR_KEY_UNEXTRACTABLE
Definition pkcs11t.h:1081
#define CKR_DATA_INVALID
Definition pkcs11t.h:1058
#define CKR_UNWRAPPING_KEY_HANDLE_INVALID
Definition pkcs11t.h:1113
#define CKM_CONCATENATE_BASE_AND_KEY
Definition pkcs11t.h:764
#define CKR_NEED_TO_CREATE_THREADS
Definition pkcs11t.h:1048
#define CKK_SHA256_HMAC
Definition pkcs11t.h:375
#define CKM_SHA512_256
Definition pkcs11t.h:635
#define CKM_SEED_ECB_ENCRYPT_DATA
Definition pkcs11t.h:862
#define CKR_WRAPPING_KEY_SIZE_RANGE
Definition pkcs11t.h:1127
#define CKM_FORTEZZA_TIMESTAMP
Definition pkcs11t.h:879
#define CKS_RW_PUBLIC_SESSION
Definition pkcs11t.h:274
#define CKR_MECHANISM_PARAM_INVALID
Definition pkcs11t.h:1084
#define CKA_SUPPORTED_CMS_ATTRIBUTES
Definition pkcs11t.h:556
#define CKF_TOKEN_INITIALIZED
Definition pkcs11t.h:193
#define CKR_TOKEN_NOT_RECOGNIZED
Definition pkcs11t.h:1111
#define CKM_MD5
Definition pkcs11t.h:690
#define CKM_SHA512_HMAC_GENERAL
Definition pkcs11t.h:718
#define CKM_CAST3_ECB
Definition pkcs11t.h:733
#define CKM_SKIPJACK_CFB64
Definition pkcs11t.h:869
#define CKM_DES_CBC_ENCRYPT_DATA
Definition pkcs11t.h:938
#define CK_FALSE
Definition pkcs11t.h:24
#define CKC_WTLS
Definition pkcs11t.h:409
#define CKM_SHA_1_HMAC
Definition pkcs11t.h:697
#define CKD_SHA1_KDF_ASN1
Definition pkcs11t.h:1294
#define CKR_ATTRIBUTE_SENSITIVE
Definition pkcs11t.h:1052
#define CKG_MGF1_SHA512
Definition pkcs11t.h:1249
#define CKM_CAMELLIA_MAC
Definition pkcs11t.h:840
#define CKM_IDEA_KEY_GEN
Definition pkcs11t.h:757
#define CKM_ECDH1_COFACTOR_DERIVE
Definition pkcs11t.h:899
#define CKR_RANDOM_NO_RNG
Definition pkcs11t.h:1131
#define CKM_ARIA_CBC_ENCRYPT_DATA
Definition pkcs11t.h:854
#define CKM_CAMELLIA_KEY_GEN
Definition pkcs11t.h:837
#define CKR_PIN_LEN_RANGE
Definition pkcs11t.h:1091
#define CKC_X_509
Definition pkcs11t.h:407
#define CKF_DIGEST
Definition pkcs11t.h:1008
#define CKF_USER_PIN_FINAL_TRY
Definition pkcs11t.h:210
#define CKM_ECDSA_SHA224
Definition pkcs11t.h:893
#define CKF_DERIVE
Definition pkcs11t.h:1017
#define CKM_BATON_KEY_GEN
Definition pkcs11t.h:880
#define CKR_DEVICE_ERROR
Definition pkcs11t.h:1060
#define CKA_PRIVATE_EXPONENT
Definition pkcs11t.h:477
#define CKR_RANDOM_SEED_NOT_SUPPORTED
Definition pkcs11t.h:1129
#define CKA_RESOLUTION
Definition pkcs11t.h:545
#define CKR_SESSION_PARALLEL_NOT_SUPPORTED
Definition pkcs11t.h:1099
#define CKM_MD2
Definition pkcs11t.h:685
#define CKM_BATON_CBC128
Definition pkcs11t.h:883
#define CKM_DSA
Definition pkcs11t.h:606
#define CKA_ID
Definition pkcs11t.h:461
#define CKA_OBJECT_ID
Definition pkcs11t.h:443
#define CKM_AES_CFB8
Definition pkcs11t.h:965
#define CKM_CMS_SIG
Definition pkcs11t.h:832
#define CKA_APPLICATION
Definition pkcs11t.h:441
#define CKM_RIPEMD128
Definition pkcs11t.h:700
#define CKF_VERIFY
Definition pkcs11t.h:1011
#define CKM_AES_CBC_PAD
Definition pkcs11t.h:918
#define CKG_MGF1_SHA224
Definition pkcs11t.h:1250
#define CKM_CAST3_CBC
Definition pkcs11t.h:734
#define CKM_ECDH1_DERIVE
Definition pkcs11t.h:898
#define CKM_VENDOR_DEFINED
Definition pkcs11t.h:975
#define CKR_ATTRIBUTE_READ_ONLY
Definition pkcs11t.h:1051
#define CKR_KEY_FUNCTION_NOT_PERMITTED
Definition pkcs11t.h:1079
#define CKA_HW_FEATURE_TYPE
Definition pkcs11t.h:539
#define CKM_TWOFISH_KEY_GEN
Definition pkcs11t.h:932
#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT
Definition pkcs11t.h:1128
#define CKN_SURRENDER
Definition pkcs11t.h:101
#define CKK_CAST128
Definition pkcs11t.h:355
#define CKA_VERIFY_RECOVER
Definition pkcs11t.h:470
#define CKK_CAST5
Definition pkcs11t.h:354
#define CKM_SHA512_224_HMAC_GENERAL
Definition pkcs11t.h:633
#define CKM_SKIPJACK_RELAYX
Definition pkcs11t.h:875
CK_ULONG CK_RV
Definition pkcs11t.h:1036
#define CKM_SHA512_224_HMAC
Definition pkcs11t.h:632
#define CKR_SESSION_EXISTS
Definition pkcs11t.h:1101
#define CKM_MD5_HMAC_GENERAL
Definition pkcs11t.h:693
#define CKM_MD2_RSA_PKCS
Definition pkcs11t.h:591
#define CKR_FUNCTION_REJECTED
Definition pkcs11t.h:1156
#define CKM_SHA_1_HMAC_GENERAL
Definition pkcs11t.h:698
#define CKM_TLS10_MAC_CLIENT
Definition pkcs11t.h:819
unsigned long int CK_ULONG
Definition pkcs11t.h:48
#define CKO_SECRET_KEY
Definition pkcs11t.h:314
#define CKK_RSA
Definition pkcs11t.h:339
#define CKM_JUNIPER_ECB128
Definition pkcs11t.h:906
#define CKA_PUBLIC_EXPONENT
Definition pkcs11t.h:476
#define CKM_SKIPJACK_CBC64
Definition pkcs11t.h:867
#define CKM_DES_ECB
Definition pkcs11t.h:656
#define CKM_CAST_CBC
Definition pkcs11t.h:728
#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE
Definition pkcs11t.h:815
#define CKM_PBE_SHA1_DES2_EDE_CBC
Definition pkcs11t.h:803
#define CKM_X9_42_DH_KEY_PAIR_GEN
Definition pkcs11t.h:616
#define CKK_CAMELLIA
Definition pkcs11t.h:368
#define CKA_MODIFIABLE
Definition pkcs11t.h:500
#define CRYPTOKI_VERSION_MINOR
Definition pkcs11t.h:20
#define CKK_SEED
Definition pkcs11t.h:380
#define CKM_RC5_MAC
Definition pkcs11t.h:754
#define CKM_RSA_PKCS_KEY_PAIR_GEN
Definition pkcs11t.h:586
#define CKR_SESSION_READ_ONLY
Definition pkcs11t.h:1100
#define CKK_KEA
Definition pkcs11t.h:345
#define CKM_RC2_CBC
Definition pkcs11t.h:647
#define CKA_OTP_TIME_REQUIREMENT
Definition pkcs11t.h:525
#define CKM_PBE_MD5_CAST5_CBC
Definition pkcs11t.h:796
#define CKM_KEA_KEY_DERIVE
Definition pkcs11t.h:877
#define CKC_X_509_ATTR_CERT
Definition pkcs11t.h:408
#define CKM_JUNIPER_KEY_GEN
Definition pkcs11t.h:905
#define CKM_RC5_CBC
Definition pkcs11t.h:753
#define CKM_ARIA_CBC_PAD
Definition pkcs11t.h:852
#define CKR_ENCRYPTED_DATA_LEN_RANGE
Definition pkcs11t.h:1064
#define CKM_SHA512_KEY_DERIVATION
Definition pkcs11t.h:789
#define CKA_BITS_PER_PIXEL
Definition pkcs11t.h:549
#define CKR_SIGNATURE_INVALID
Definition pkcs11t.h:1106
#define CKA_AC_ISSUER
Definition pkcs11t.h:447
#define CKM_TLS_KDF
Definition pkcs11t.h:827
#define CKM_AES_MAC_GENERAL
Definition pkcs11t.h:917
#define CKM_CAST128_CBC_PAD
Definition pkcs11t.h:750
#define CKM_BATON_ECB128
Definition pkcs11t.h:881
#define CKA_OTP_USER_IDENTIFIER
Definition pkcs11t.h:530
#define CKM_BLOWFISH_CBC
Definition pkcs11t.h:931
#define CKM_FASTHASH
Definition pkcs11t.h:911
#define CKR_SESSION_HANDLE_INVALID
Definition pkcs11t.h:1098
#define CKF_EC_F_2M
Definition pkcs11t.h:1023
#define CKM_ARIA_ECB
Definition pkcs11t.h:848
#define CK_CERTIFICATE_CATEGORY_OTHER_ENTITY
Definition pkcs11t.h:398
#define CKO_CERTIFICATE
Definition pkcs11t.h:311
#define CKA_CHECK_VALUE
Definition pkcs11t.h:457
#define CKM_DES_CBC
Definition pkcs11t.h:657
#define CKF_USER_PIN_INITIALIZED
Definition pkcs11t.h:158
CK_ULONG CK_NOTIFICATION
Definition pkcs11t.h:100
#define CKM_CAST5_MAC
Definition pkcs11t.h:745
struct CK_INFO CK_INFO
#define CKA_PUBLIC_KEY_INFO
Definition pkcs11t.h:483
#define CKA_OTP_USER_FRIENDLY_MODE
Definition pkcs11t.h:523
#define CKM_SHA384_HMAC_GENERAL
Definition pkcs11t.h:715
#define CKF_RW_SESSION
Definition pkcs11t.h:289
#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN
Definition pkcs11t.h:1121
#define CKM_SECURID_KEY_GEN
Definition pkcs11t.h:719
#define CKM_IDEA_MAC_GENERAL
Definition pkcs11t.h:761
#define CKS_RO_USER_FUNCTIONS
Definition pkcs11t.h:273
struct CK_SLOT_INFO CK_SLOT_INFO
#define CKM_TLS_KEY_AND_MAC_DERIVE
Definition pkcs11t.h:776
#define CKM_GOST28147_ECB
Definition pkcs11t.h:952
#define CKA_PRIME
Definition pkcs11t.h:484
#define CKR_ARGUMENTS_BAD
Definition pkcs11t.h:1046
struct CK_TOKEN_INFO CK_TOKEN_INFO
#define CKM_SECURID
Definition pkcs11t.h:720
#define CKM_AES_CCM
Definition pkcs11t.h:921
#define CKR_CANCEL
Definition pkcs11t.h:1039
#define CKM_SHA512_224_KEY_DERIVATION
Definition pkcs11t.h:634
#define CKM_SHA256
Definition pkcs11t.h:707
#define CKM_IDEA_CBC_PAD
Definition pkcs11t.h:762
#define CKM_SHA512_T_HMAC_GENERAL
Definition pkcs11t.h:642
#define CKK_BLOWFISH
Definition pkcs11t.h:363
#define CKM_CDMF_CBC_PAD
Definition pkcs11t.h:678
#define CKU_USER
Definition pkcs11t.h:266
#define CKR_PIN_TOO_WEAK
Definition pkcs11t.h:1153
#define CKA_MODULUS
Definition pkcs11t.h:474
unsigned char CK_BYTE
Definition pkcs11t.h:36
#define CKM_AES_CFB64
Definition pkcs11t.h:964
#define CKM_TLS_MASTER_KEY_DERIVE_DH
Definition pkcs11t.h:777
#define CKA_PRIVATE
Definition pkcs11t.h:439
#define CKM_DES_KEY_GEN
Definition pkcs11t.h:655
CK_ULONG CK_SLOT_ID
Definition pkcs11t.h:104
CK_ULONG CK_FLAGS
Definition pkcs11t.h:54
#define CKR_PIN_EXPIRED
Definition pkcs11t.h:1093
#define CKM_CAST3_MAC_GENERAL
Definition pkcs11t.h:736
CK_ULONG CK_OBJECT_CLASS
Definition pkcs11t.h:307
#define CKM_CAST5_CBC_PAD
Definition pkcs11t.h:749
#define CKM_PBE_SHA1_RC2_128_CBC
Definition pkcs11t.h:804
#define CKG_MGF1_SHA384
Definition pkcs11t.h:1248
#define CKR_PIN_LOCKED
Definition pkcs11t.h:1094
#define CKA_PRIME_1
Definition pkcs11t.h:478
#define CKA_NAME_HASH_ALGORITHM
Definition pkcs11t.h:456
#define CKM_DSA_SHA512
Definition pkcs11t.h:611
#define CKM_SSL3_PRE_MASTER_KEY_GEN
Definition pkcs11t.h:769
struct CK_ATTRIBUTE CK_ATTRIBUTE
#define CKM_SSL3_MASTER_KEY_DERIVE_DH
Definition pkcs11t.h:773
#define CKM_IDEA_MAC
Definition pkcs11t.h:760
#define CKR_LIBRARY_LOAD_FAILED
Definition pkcs11t.h:1152
#define CKM_MD5_RSA_PKCS
Definition pkcs11t.h:592
#define CKM_DSA_SHA384
Definition pkcs11t.h:610
#define CKM_RIPEMD128_HMAC_GENERAL
Definition pkcs11t.h:702
#define CKF_WRAP
Definition pkcs11t.h:1015
#define CKK_DES
Definition pkcs11t.h:349
#define CKM_PBA_SHA1_WITH_SHA1_HMAC
Definition pkcs11t.h:809
#define CKA_OTP_SERVICE_LOGO_TYPE
Definition pkcs11t.h:533
CK_ULONG CK_SESSION_HANDLE
Definition pkcs11t.h:256
#define CKA_OTP_CHALLENGE_REQUIREMENT
Definition pkcs11t.h:524
#define CKK_ACTI
Definition pkcs11t.h:367
#define CKR_CANT_LOCK
Definition pkcs11t.h:1049
#define CKM_DES_CBC_PAD
Definition pkcs11t.h:661
#define CKR_TOKEN_NOT_PRESENT
Definition pkcs11t.h:1110
#define CKA_OTP_FORMAT
Definition pkcs11t.h:520
#define CKF_EXTENSION
Definition pkcs11t.h:1029
#define CKM_SHA512_T
Definition pkcs11t.h:640
#define CKM_DES3_CBC_PAD
Definition pkcs11t.h:670
#define CKM_SHA512_T_KEY_DERIVATION
Definition pkcs11t.h:643
#define CKA_EC_POINT
Definition pkcs11t.h:508
#define CKR_CRYPTOKI_NOT_INITIALIZED
Definition pkcs11t.h:1142
#define CKM_KEA_DERIVE
Definition pkcs11t.h:878
#define CKM_DH_PKCS_DERIVE
Definition pkcs11t.h:614
#define CKM_CAMELLIA_MAC_GENERAL
Definition pkcs11t.h:841
#define CKA_SENSITIVE
Definition pkcs11t.h:462
#define CKM_MD2_HMAC_GENERAL
Definition pkcs11t.h:688
#define CKF_EC_F_P
Definition pkcs11t.h:1022
#define CKM_SEED_CBC_ENCRYPT_DATA
Definition pkcs11t.h:863
#define CKM_DES3_CMAC_GENERAL
Definition pkcs11t.h:671
#define CKR_PIN_INCORRECT
Definition pkcs11t.h:1089
#define CKM_CAST128_MAC_GENERAL
Definition pkcs11t.h:748
#define CKM_ARIA_CBC
Definition pkcs11t.h:849
#define CK_CERTIFICATE_CATEGORY_TOKEN_USER
Definition pkcs11t.h:396
#define CKM_CAMELLIA_CTR
Definition pkcs11t.h:845
#define CKM_PBE_SHA1_RC4_40
Definition pkcs11t.h:801
#define CKM_PBE_SHA1_CAST5_CBC
Definition pkcs11t.h:798
#define CKM_TLS10_MAC_SERVER
Definition pkcs11t.h:818
#define CKM_X9_42_DH_DERIVE
Definition pkcs11t.h:617
#define CKF_GENERATE_KEY_PAIR
Definition pkcs11t.h:1014
#define CKM_AES_KEY_WRAP
Definition pkcs11t.h:969
#define CKM_SKIPJACK_PRIVATE_WRAP
Definition pkcs11t.h:874
#define CKF_SIGN_RECOVER
Definition pkcs11t.h:1010
#define CKA_SIGN_RECOVER
Definition pkcs11t.h:468
#define CKM_KEY_WRAP_LYNKS
Definition pkcs11t.h:829
#define CKM_SHA512_RSA_PKCS_PSS
Definition pkcs11t.h:626
#define CKM_CAST5_KEY_GEN
Definition pkcs11t.h:739
#define CKF_REMOVABLE_DEVICE
Definition pkcs11t.h:123
#define CKP_PKCS5_PBKD2_HMAC_SHA512_256
Definition pkcs11t.h:1726
#define CKM_CAMELLIA_CBC
Definition pkcs11t.h:839
#define CKM_ECDSA_SHA512
Definition pkcs11t.h:896
#define CKM_RSA_PKCS_OAEP
Definition pkcs11t.h:597
#define CKM_DES_OFB64
Definition pkcs11t.h:680
#define CKR_WRAPPED_KEY_INVALID
Definition pkcs11t.h:1124
#define CKF_SECONDARY_AUTHENTICATION
Definition pkcs11t.h:199
#define CKO_OTP_KEY
Definition pkcs11t.h:318
#define CKM_PBE_SHA1_RC4_128
Definition pkcs11t.h:800
#define CKM_CDMF_MAC
Definition pkcs11t.h:676
#define CKM_RSA_PKCS_OAEP_TPM_1_1
Definition pkcs11t.h:973
#define CKM_SHA512_RSA_PKCS
Definition pkcs11t.h:623
#define CKA_EXPONENT_1
Definition pkcs11t.h:480
#define CKM_DES3_MAC_GENERAL
Definition pkcs11t.h:669
#define CKM_CAST_CBC_PAD
Definition pkcs11t.h:731
#define CKP_PKCS5_PBKD2_HMAC_SHA224
Definition pkcs11t.h:1721
struct CK_MECHANISM_INFO CK_MECHANISM_INFO
#define CKM_SHA224_HMAC
Definition pkcs11t.h:711
#define CKM_CAST5_CBC
Definition pkcs11t.h:743
#define CKM_SSL3_MD5_MAC
Definition pkcs11t.h:781
#define CKM_EXTRACT_KEY_FROM_KEY
Definition pkcs11t.h:768
#define CKM_SKIPJACK_CFB32
Definition pkcs11t.h:870
#define CKM_ECMQV_DERIVE
Definition pkcs11t.h:900
#define CKA_SIGN
Definition pkcs11t.h:467
#define CKM_AES_KEY_GEN
Definition pkcs11t.h:913
#define CKF_USER_FRIENDLY_OTP
Definition pkcs11t.h:1814
#define CKR_WRAPPING_KEY_HANDLE_INVALID
Definition pkcs11t.h:1126
#define CKR_MUTEX_NOT_LOCKED
Definition pkcs11t.h:1145
#define CKR_USER_TOO_MANY_TYPES
Definition pkcs11t.h:1122
#define CKM_CAST_MAC_GENERAL
Definition pkcs11t.h:730
CK_ULONG CK_USER_TYPE
Definition pkcs11t.h:262
#define CKF_USER_PIN_COUNT_LOW
Definition pkcs11t.h:205