Botan  2.19.1
Crypto and TLS for C++11
p11.h
Go to the documentation of this file.
1 /*
2 * PKCS#11
3 * (C) 2016 Daniel Neus, Sirrix AG
4 * (C) 2016 Philipp Weber, Sirrix AG
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8 
9 #ifndef BOTAN_P11_H_
10 #define BOTAN_P11_H_
11 
12 #include <botan/secmem.h>
13 #include <botan/exceptn.h>
14 
15 #include <vector>
16 #include <string>
17 #include <map>
18 
19 #define CK_PTR *
20 
21 #if defined(_MSC_VER)
22 #define CK_DECLARE_FUNCTION(returnType, name) \
23  returnType __declspec(dllimport) name
24 #else
25 #define CK_DECLARE_FUNCTION(returnType, name) \
26  returnType name
27 #endif
28 
29 #if defined(_MSC_VER)
30 #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
31  returnType __declspec(dllimport) (* name)
32 #else
33 #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
34  returnType (* name)
35 #endif
36 
37 #define CK_CALLBACK_FUNCTION(returnType, name) \
38  returnType (* name)
39 
40 #ifndef NULL_PTR
41  #define NULL_PTR nullptr
42 #endif
43 
44 #if defined(_MSC_VER)
45  #pragma pack(push, cryptoki, 1)
46 #endif
47 
48 #include "pkcs11.h"
49 
50 #if defined(_MSC_VER)
51  #pragma pack(pop, cryptoki)
52 #endif
53 
54 static_assert(CRYPTOKI_VERSION_MAJOR == 2 && CRYPTOKI_VERSION_MINOR == 40,
55  "The Botan PKCS#11 module was implemented against PKCS#11 v2.40. Please use the correct PKCS#11 headers.");
56 
57 namespace Botan {
58 
59 class Dynamically_Loaded_Library;
60 
61 namespace PKCS11 {
62 
64 
66  {
67  Class = CKA_CLASS,
68  Token = CKA_TOKEN,
70  Label = CKA_LABEL,
72  Value = CKA_VALUE,
78  Owner = CKA_OWNER,
83  Url = CKA_URL,
90  Id = CKA_ID,
94  Wrap = CKA_WRAP,
96  Sign = CKA_SIGN,
100  Derive = CKA_DERIVE,
113  Prime = CKA_PRIME,
115  Base = CKA_BASE,
122  Local = CKA_LOCAL,
164  Color = CKA_COLOR,
175  };
176 
178  {
179  X509 = CKC_X_509,
181  Wtls = CKC_WTLS,
183  };
184 
185 /// Indicates if a stored certificate is a user certificate for which the corresponding private key is available
186 /// on the token ("token user"), a CA certificate ("authority"), or another end-entity certificate ("other entity").
188  {
193  };
194 
196  {
197  Null = CKD_NULL,
206  };
207 
208 enum class Flag : CK_FLAGS
209  {
210  None = 0,
214  Rng = CKF_RNG,
236  Hw = CKF_HW,
239  Digest = CKF_DIGEST,
240  Sign = CKF_SIGN,
242  Verify = CKF_VERIFY,
246  Wrap = CKF_WRAP,
247  Unwrap = CKF_UNWRAP,
248  Derive = CKF_DERIVE,
249  EcFP = CKF_EC_F_P,
250  EcF2m = CKF_EC_F_2M,
265  };
266 
267 inline Flag operator | (Flag a, Flag b)
268  {
269  return static_cast< Flag >(static_cast< CK_FLAGS >(a) | static_cast< CK_FLAGS >(b));
270  }
271 
273  {
279  };
280 
282  {
284  Clock = CKH_CLOCK,
287  };
288 
289 enum class KeyType : CK_KEY_TYPE
290  {
291  Rsa = CKK_RSA,
292  Dsa = CKK_DSA,
293  Dh = CKK_DH,
294  Ecdsa = CKK_ECDSA,
295  Ec = CKK_EC,
297  Kea = CKK_KEA,
299  Rc2 = CKK_RC2,
300  Rc4 = CKK_RC4,
301  Des = CKK_DES,
302  Des2 = CKK_DES2,
303  Des3 = CKK_DES3,
304  Cast = CKK_CAST,
305  Cast3 = CKK_CAST3,
306  Cast5 = CKK_CAST5,
308  Rc5 = CKK_RC5,
309  Idea = CKK_IDEA,
311  Baton = CKK_BATON,
313  Cdmf = CKK_CDMF,
314  Aes = CKK_AES,
318  Hotp = CKK_HOTP,
319  Acti = CKK_ACTI,
321  Aria = CKK_ARIA,
330  Seed = CKK_SEED,
335  };
336 
338  {
355  Dsa = CKM_DSA,
394  Rc4 = CKM_RC4,
420  Md2 = CKM_MD2,
423  Md5 = CKM_MD5,
426  Sha1 = CKM_SHA_1,
435  Sha256 = CKM_SHA256,
438  Sha224 = CKM_SHA224,
441  Sha384 = CKM_SHA384,
444  Sha512 = CKM_SHA512,
450  Hotp = CKM_HOTP,
451  Acti = CKM_ACTI,
600  Ecdsa = CKM_ECDSA,
672  };
673 
675  {
678  };
679 
681  {
682  Data = CKO_DATA,
692  };
693 
695  {
704  };
705 
706 enum class SessionState : CK_STATE
707  {
713  };
714 
715 enum class ReturnValue : CK_RV
716  {
717  OK = CKR_OK,
718  Cancel = CKR_CANCEL,
812  };
813 
814 enum class UserType : CK_USER_TYPE
815  {
816  SO = CKU_SO,
817  User = CKU_USER,
819  };
820 
821 enum class PublicPointEncoding : uint32_t
822  {
823  Raw,
824  Der
825  };
826 
830 using CreateMutex = CK_CREATEMUTEX;
831 using DestroyMutex = CK_DESTROYMUTEX;
832 using LockMutex = CK_LOCKMUTEX;
833 using UnlockMutex = CK_UNLOCKMUTEX;
834 using Flags = CK_FLAGS;
835 using Info = CK_INFO;
836 using Bbool = CK_BBOOL;
838 using Ulong = CK_ULONG;
844 using Notify = CK_NOTIFY;
849 using Byte = CK_BYTE;
853 using Date = CK_DATE;
854 
856 
859 
861  {
862  return static_cast<Flags>(flags);
863  }
864 
865 class Slot;
866 
867 /**
868 * Initializes a token
869 * @param slot The slot with the attached token that should be initialized
870 * @param label The token label
871 * @param so_pin PIN of the security officer. Will be set if the token is uninitialized other this has to be the current SO_PIN
872 * @param pin The user PIN that will be set
873 */
874 BOTAN_PUBLIC_API(2,0) void initialize_token(Slot& slot, const std::string& label, const secure_string& so_pin,
875  const secure_string& pin);
876 
877 /**
878 * Change PIN with old PIN to new PIN
879 * @param slot The slot with the attached token
880 * @param old_pin The old user PIN
881 * @param new_pin The new user PIN
882 */
883 
884 BOTAN_PUBLIC_API(2,0) void change_pin(Slot& slot, const secure_string& old_pin, const secure_string& new_pin);
885 
886 /**
887 * Change SO_PIN with old SO_PIN to new SO_PIN
888 * @param slot The slot with the attached token
889 * @param old_so_pin The old SO_PIN
890 * @param new_so_pin The new SO_PIN
891 */
892 BOTAN_PUBLIC_API(2,0) void change_so_pin(Slot& slot, const secure_string& old_so_pin, const secure_string& new_so_pin);
893 
894 /**
895 * Sets user PIN with SO_PIN
896 * @param slot The slot with the attached token
897 * @param so_pin PIN of the security officer
898 * @param pin The user PIN that should be set
899 */
900 BOTAN_PUBLIC_API(2,0) void set_pin(Slot& slot, const secure_string& so_pin, const secure_string& pin);
901 
902 /// Provides access to all PKCS#11 functions
904  {
905  public:
906  /// @param ptr the functon list pointer to use. Can be retrieved via `LowLevel::C_GetFunctionList`
907  explicit LowLevel(FunctionListPtr ptr);
908 
909  /****************************** General purpose functions ******************************/
910 
911  /**
912  * C_Initialize initializes the Cryptoki library.
913  * @param init_args if this is not nullptr, it gets cast to (`C_InitializeArgs`) and dereferenced
914  * @param return_value default value (`ThrowException`): throw exception on error.
915  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
916  * At least the following PKCS#11 return values may be returned:
917  * \li ArgumentsBad \li CantLock \li CryptokiAlreadyInitialized
918  * \li FunctionFailed \li GeneralError \li HostMemory
919  * \li NeedToCreateThreads \li OK
920  * @return true on success, false otherwise
921  */
922  bool C_Initialize(VoidPtr init_args,
923  ReturnValue* return_value = ThrowException) const;
924 
925  /**
926  * C_Finalize indicates that an application is done with the Cryptoki library.
927  * @param reserved reserved. Should be nullptr
928  * @param return_value default value (`ThrowException`): throw exception on error.
929  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
930  * At least the following PKCS#11 return values may be returned:
931  * \li ArgumentsBad \li CryptokiNotInitialized \li FunctionFailed
932  * \li GeneralError \li HostMemory \li OK
933  * @return true on success, false otherwise
934  */
935  bool C_Finalize(VoidPtr reserved,
936  ReturnValue* return_value = ThrowException) const;
937 
938  /**
939  * C_GetInfo returns general information about Cryptoki.
940  * @param info_ptr location that receives information
941  * @param return_value default value (`ThrowException`): throw exception on error.
942  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
943  * At least the following PKCS#11 return values may be returned:
944  * \li ArgumentsBad \li CryptokiNotInitialized \li FunctionFailed
945  * \li GeneralError \li HostMemory \li OK
946  * @return true on success, false otherwise
947  */
948  bool C_GetInfo(Info* info_ptr,
949  ReturnValue* return_value = ThrowException) const;
950 
951  /**
952  * C_GetFunctionList returns the function list.
953  * @param pkcs11_module The PKCS#11 module
954  * @param function_list_ptr_ptr receives pointer to function list
955  * @param return_value default value (`ThrowException`): throw exception on error.
956  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
957  * At least the following PKCS#11 return values may be returned:
958  * \li ArgumentsBad \li FunctionFailed \li GeneralError
959  * \li HostMemory \li OK
960  * @return true on success, false otherwise
961  */
962  static bool C_GetFunctionList(Dynamically_Loaded_Library& pkcs11_module, FunctionListPtr* function_list_ptr_ptr,
963  ReturnValue* return_value = ThrowException);
964 
965  /****************************** Slot and token management functions ******************************/
966 
967  /**
968  * C_GetSlotList obtains a list of slots in the system.
969  * @param token_present only slots with tokens
970  * @param slot_list_ptr receives array of slot IDs
971  * @param count_ptr receives number of slots
972  * @param return_value default value (`ThrowException`): throw exception on error.
973  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
974  * At least the following PKCS#11 return values may be returned:
975  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
976  * \li FunctionFailed \li GeneralError \li HostMemory
977  * \li OK
978  * @return true on success, false otherwise
979  */
980  bool C_GetSlotList(Bbool token_present,
981  SlotId* slot_list_ptr,
982  Ulong* count_ptr,
983  ReturnValue* return_value = ThrowException) const;
984 
985  /**
986  * C_GetSlotList obtains a list of slots in the system.
987  * @param token_present only slots with tokens
988  * @param slot_ids receives vector of slot IDs
989  * @param return_value default value (`ThrowException`): throw exception on error.
990  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
991  * At least the following PKCS#11 return values may be returned:
992  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
993  * \li FunctionFailed \li GeneralError \li HostMemory
994  * \li OK
995  * @return true on success, false otherwise
996  */
997  bool C_GetSlotList(bool token_present,
998  std::vector<SlotId>& slot_ids,
999  ReturnValue* return_value = ThrowException) const;
1000 
1001  /**
1002  * C_GetSlotInfo obtains information about a particular slot in the system.
1003  * @param slot_id the ID of the slot
1004  * @param info_ptr receives the slot information
1005  * @param return_value default value (`ThrowException`): throw exception on error.
1006  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1007  * At least the following PKCS#11 return values may be returned:
1008  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1009  * \li FunctionFailed \li GeneralError \li HostMemory
1010  * \li OK \li SlotIdInvalid
1011  * @return true on success, false otherwise
1012  */
1013  bool C_GetSlotInfo(SlotId slot_id,
1014  SlotInfo* info_ptr,
1015  ReturnValue* return_value = ThrowException) const;
1016 
1017  /**
1018  * C_GetTokenInfo obtains information about a particular token in the system.
1019  * @param slot_id ID of the token's slot
1020  * @param info_ptr receives the token information
1021  * @param return_value default value (`ThrowException`): throw exception on error.
1022  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1023  * At least the following PKCS#11 return values may be returned:
1024  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1025  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1026  * \li HostMemory \li OK \li SlotIdInvalid
1027  * \li TokenNotPresent \li TokenNotRecognized \li ArgumentsBad
1028  * @return true on success, false otherwise
1029  */
1030  bool C_GetTokenInfo(SlotId slot_id,
1031  TokenInfo* info_ptr,
1032  ReturnValue* return_value = ThrowException) const;
1033 
1034  /**
1035  * C_WaitForSlotEvent waits for a slot event (token insertion, removal, etc.) to occur.
1036  * @param flags blocking/nonblocking flag
1037  * @param slot_ptr location that receives the slot ID
1038  * @param reserved reserved. Should be NULL_PTR
1039  * @param return_value default value (`ThrowException`): throw exception on error.
1040  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1041  * At least the following PKCS#11 return values may be returned:
1042  * \li ArgumentsBad \li CryptokiNotInitialized \li FunctionFailed
1043  * \li GeneralError \li HostMemory \li NoEvent
1044  * \li OK
1045  * @return true on success, false otherwise
1046  */
1047  bool C_WaitForSlotEvent(Flags flags,
1048  SlotId* slot_ptr,
1049  VoidPtr reserved,
1050  ReturnValue* return_value = ThrowException) const;
1051 
1052  /**
1053  * C_GetMechanismList obtains a list of mechanism types supported by a token.
1054  * @param slot_id ID of token's slot
1055  * @param mechanism_list_ptr gets mech. array
1056  * @param count_ptr gets # of mechs.
1057  * @param return_value default value (`ThrowException`): throw exception on error.
1058  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1059  * At least the following PKCS#11 return values may be returned:
1060  * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1061  * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1062  * \li GeneralError \li HostMemory \li OK
1063  * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1064  * \li ArgumentsBad
1065  * @return true on success, false otherwise
1066  */
1067  bool C_GetMechanismList(SlotId slot_id,
1068  MechanismType* mechanism_list_ptr,
1069  Ulong* count_ptr,
1070  ReturnValue* return_value = ThrowException) const;
1071 
1072  /**
1073  * C_GetMechanismList obtains a list of mechanism types supported by a token.
1074  * @param slot_id ID of token's slot
1075  * @param mechanisms receives vector of supported mechanisms
1076  * @param return_value default value (`ThrowException`): throw exception on error.
1077  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1078  * At least the following PKCS#11 return values may be returned:
1079  * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1080  * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1081  * \li GeneralError \li HostMemory \li OK
1082  * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1083  * \li ArgumentsBad
1084  * @return true on success, false otherwise
1085  */
1086  bool C_GetMechanismList(SlotId slot_id,
1087  std::vector<MechanismType>& mechanisms,
1088  ReturnValue* return_value = ThrowException) const;
1089 
1090  /**
1091  * C_GetMechanismInfo obtains information about a particular mechanism possibly supported by a token.
1092  * @param slot_id ID of the token's slot
1093  * @param type type of mechanism
1094  * @param info_ptr receives mechanism info
1095  * @param return_value default value (`ThrowException`): throw exception on error.
1096  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1097  * At least the following PKCS#11 return values may be returned:
1098  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1099  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1100  * \li HostMemory \li MechanismInvalid \li OK
1101  * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1102  * \li ArgumentsBad
1103  * @return true on success, false otherwise
1104  */
1105  bool C_GetMechanismInfo(SlotId slot_id,
1107  MechanismInfo* info_ptr,
1108  ReturnValue* return_value = ThrowException) const;
1109 
1110  /**
1111  * C_InitToken initializes a token.
1112  * @param slot_id ID of the token's slot
1113  * @param so_pin_ptr the SO's initial PIN
1114  * @param so_pin_len length in bytes of the SO_PIN
1115  * @param label_ptr 32-byte token label (blank padded)
1116  * @param return_value default value (`ThrowException`): throw exception on error.
1117  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1118  * At least the following PKCS#11 return values may be returned:
1119  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1120  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1121  * \li GeneralError \li HostMemory \li OK
1122  * \li PinIncorrect \li PinLocked \li SessionExists
1123  * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1124  * \li TokenWriteProtected \li ArgumentsBad
1125  * @return true on success, false otherwise
1126  */
1127  bool C_InitToken(SlotId slot_id,
1128  Utf8Char* so_pin_ptr,
1129  Ulong so_pin_len,
1130  Utf8Char* label_ptr,
1131  ReturnValue* return_value = ThrowException) const;
1132 
1133  /**
1134  * C_InitToken initializes a token.
1135  * @param slot_id ID of the token's slot
1136  * @param so_pin the SO's initial PIN
1137  * @param label token label (at max 32 bytes long)
1138  * @param return_value default value (`ThrowException`): throw exception on error.
1139  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1140  * At least the following PKCS#11 return values may be returned:
1141  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1142  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1143  * \li GeneralError \li HostMemory \li OK
1144  * \li PinIncorrect \li PinLocked \li SessionExists
1145  * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1146  * \li TokenWriteProtected \li ArgumentsBad
1147  * @return true on success, false otherwise
1148  */
1149  template<typename TAlloc>
1150  bool C_InitToken(SlotId slot_id,
1151  const std::vector<uint8_t, TAlloc>& so_pin,
1152  const std::string& label,
1153  ReturnValue* return_value = ThrowException) const
1154  {
1155  std::string padded_label = label;
1156  if(label.size() < 32)
1157  {
1158  padded_label.insert(padded_label.end(), 32 - label.size(), ' ');
1159  }
1160 
1161  return C_InitToken(slot_id,
1162  reinterpret_cast< Utf8Char* >(const_cast< uint8_t* >(so_pin.data())),
1163  static_cast<Ulong>(so_pin.size()),
1164  reinterpret_cast< Utf8Char* >(const_cast< char* >(padded_label.c_str())),
1165  return_value);
1166  }
1167 
1168  /**
1169  * C_InitPIN initializes the normal user's PIN.
1170  * @param session the session's handle
1171  * @param pin_ptr the normal user's PIN
1172  * @param pin_len length in bytes of the PIN
1173  * @param return_value default value (`ThrowException`): throw exception on error.
1174  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1175  * At least the following PKCS#11 return values may be returned:
1176  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1177  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1178  * \li GeneralError \li HostMemory \li OK
1179  * \li PinInvalid \li PinLenRange \li SessionClosed
1180  * \li SessionReadOnly \li SessionHandleInvalid \li TokenWriteProtected
1181  * \li UserNotLoggedIn \li ArgumentsBad
1182  * @return true on success, false otherwise
1183  */
1184  bool C_InitPIN(SessionHandle session,
1185  Utf8Char* pin_ptr,
1186  Ulong pin_len,
1187  ReturnValue* return_value = ThrowException) const;
1188 
1189  /**
1190  * C_InitPIN initializes the normal user's PIN.
1191  * @param session the session's handle
1192  * @param pin the normal user's PIN
1193  * @param return_value default value (`ThrowException`): throw exception on error.
1194  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1195  * At least the following PKCS#11 return values may be returned:
1196  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1197  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1198  * \li GeneralError \li HostMemory \li OK
1199  * \li PinInvalid \li PinLenRange \li SessionClosed
1200  * \li SessionReadOnly \li SessionHandleInvalid \li TokenWriteProtected
1201  * \li UserNotLoggedIn \li ArgumentsBad
1202  * @return true on success, false otherwise
1203  */
1204  template<typename TAlloc>
1205  bool C_InitPIN(SessionHandle session,
1206  const std::vector<uint8_t, TAlloc>& pin,
1207  ReturnValue* return_value = ThrowException) const
1208  {
1209  return C_InitPIN(session,
1210  reinterpret_cast< Utf8Char* >(const_cast< uint8_t* >(pin.data())),
1211  static_cast<Ulong>(pin.size()),
1212  return_value);
1213  }
1214 
1215  /**
1216  * C_SetPIN modifies the PIN of the user who is logged in.
1217  * @param session the session's handle
1218  * @param old_pin_ptr the old PIN
1219  * @param old_len length of the old PIN
1220  * @param new_pin_ptr the new PIN
1221  * @param new_len length of the new PIN
1222  * @param return_value default value (`ThrowException`): throw exception on error.
1223  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1224  * At least the following PKCS#11 return values may be returned:
1225  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1226  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1227  * \li GeneralError \li HostMemory \li OK
1228  * \li PinIncorrect \li PinInvalid \li PinLenRange
1229  * \li PinLocked \li SessionClosed \li SessionHandleInvalid
1230  * \li SessionReadOnly \li TokenWriteProtected \li ArgumentsBad
1231  * @return true on success, false otherwise
1232  */
1233  bool C_SetPIN(SessionHandle session,
1234  Utf8Char* old_pin_ptr,
1235  Ulong old_len,
1236  Utf8Char* new_pin_ptr,
1237  Ulong new_len,
1238  ReturnValue* return_value = ThrowException) const;
1239 
1240  /**
1241  * C_SetPIN modifies the PIN of the user who is logged in.
1242  * @param session the session's handle
1243  * @param old_pin the old PIN
1244  * @param new_pin the new PIN
1245  * @param return_value default value (`ThrowException`): throw exception on error.
1246  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1247  * At least the following PKCS#11 return values may be returned:
1248  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1249  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1250  * \li GeneralError \li HostMemory \li OK
1251  * \li PinIncorrect \li PinInvalid \li PinLenRange
1252  * \li PinLocked \li SessionClosed \li SessionHandleInvalid
1253  * \li SessionReadOnly \li TokenWriteProtected \li ArgumentsBad
1254  * @return true on success, false otherwise
1255  */
1256  template<typename TAlloc>
1257  bool C_SetPIN(SessionHandle session,
1258  const std::vector<uint8_t, TAlloc>& old_pin,
1259  const std::vector<uint8_t, TAlloc>& new_pin,
1260  ReturnValue* return_value = ThrowException) const
1261  {
1262  return C_SetPIN(session,
1263  reinterpret_cast< Utf8Char* >(const_cast< uint8_t* >(old_pin.data())),
1264  static_cast<Ulong>(old_pin.size()),
1265  reinterpret_cast< Utf8Char* >(const_cast< uint8_t* >(new_pin.data())),
1266  static_cast<Ulong>(new_pin.size()),
1267  return_value);
1268  }
1269 
1270 
1271  /****************************** Session management ******************************/
1272 
1273  /**
1274  * C_OpenSession opens a session between an application and a token.
1275  * @param slot_id the slot's ID
1276  * @param flags from CK_SESSION_INFO
1277  * @param application passed to callback
1278  * @param notify callback function
1279  * @param session_ptr gets session handle
1280  * @param return_value default value (`ThrowException`): throw exception on error.
1281  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1282  * At least the following PKCS#11 return values may be returned:
1283  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1284  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1285  * \li HostMemory \li OK \li SessionCount
1286  * \li SessionParallelNotSupported \li SessionReadWriteSoExists \li SlotIdInvalid
1287  * \li TokenNotPresent \li TokenNotRecognized \li TokenWriteProtected
1288  * \li ArgumentsBad
1289  * @return true on success, false otherwise
1290  */
1291  bool C_OpenSession(SlotId slot_id,
1292  Flags flags,
1293  VoidPtr application,
1294  Notify notify,
1295  SessionHandle* session_ptr,
1296  ReturnValue* return_value = ThrowException) const;
1297 
1298  /**
1299  * C_CloseSession closes a session between an application and a token.
1300  * @param session the session's handle
1301  * @param return_value default value (`ThrowException`): throw exception on error.
1302  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1303  * At least the following PKCS#11 return values may be returned:
1304  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1305  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1306  * \li HostMemory \li OK \li SessionClosed
1307  * \li SessionHandleInvalid
1308  * @return true on success, false otherwise
1309  */
1310  bool C_CloseSession(SessionHandle session,
1311  ReturnValue* return_value = ThrowException) const;
1312 
1313  /**
1314  * C_CloseAllSessions closes all sessions with a token.
1315  * @param slot_id the token's slot
1316  * @param return_value default value (`ThrowException`): throw exception on error.
1317  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1318  * At least the following PKCS#11 return values may be returned:
1319  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1320  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1321  * \li HostMemory \li OK \li SlotIdInvalid
1322  * \li TokenNotPresent
1323  * @return true on success, false otherwise
1324  */
1325  bool C_CloseAllSessions(SlotId slot_id,
1326  ReturnValue* return_value = ThrowException) const;
1327 
1328  /**
1329  * C_GetSessionInfo obtains information about the session.
1330  * @param session the session's handle
1331  * @param info_ptr receives session info
1332  * @param return_value default value (`ThrowException`): throw exception on error.
1333  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1334  * At least the following PKCS#11 return values may be returned:
1335  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1336  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1337  * \li HostMemory \li OK \li SessionClosed
1338  * \li SessionHandleInvalid \li ArgumentsBad
1339  * @return true on success, false otherwise
1340  */
1341  bool C_GetSessionInfo(SessionHandle session,
1342  SessionInfo* info_ptr,
1343  ReturnValue* return_value = ThrowException) const;
1344 
1345  /**
1346  * C_GetOperationState obtains the state of the cryptographic operation in a session.
1347  * @param session session's handle
1348  * @param operation_state_ptr gets state
1349  * @param operation_state_len_ptr gets state length
1350  * @param return_value default value (`ThrowException`): throw exception on error.
1351  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1352  * At least the following PKCS#11 return values may be returned:
1353  * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1354  * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1355  * \li GeneralError \li HostMemory \li OK
1356  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
1357  * \li StateUnsaveable \li ArgumentsBad
1358  * @return true on success, false otherwise
1359  */
1360  bool C_GetOperationState(SessionHandle session,
1361  Byte* operation_state_ptr,
1362  Ulong* operation_state_len_ptr,
1363  ReturnValue* return_value = ThrowException) const;
1364 
1365  /**
1366  * C_SetOperationState restores the state of the cryptographic operation in a session.
1367  * @param session session's handle
1368  * @param operation_state_ptr holds state
1369  * @param operation_state_len holds state length
1370  * @param encryption_key en/decryption key
1371  * @param authentication_key sign/verify key
1372  * @param return_value default value (`ThrowException`): throw exception on error.
1373  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1374  * At least the following PKCS#11 return values may be returned:
1375  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1376  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1377  * \li HostMemory \li KeyChanged \li KeyNeeded
1378  * \li KeyNotNeeded \li OK \li SavedStateInvalid
1379  * \li SessionClosed \li SessionHandleInvalid \li ArgumentsBad
1380  * @return true on success, false otherwise
1381  */
1382  bool C_SetOperationState(SessionHandle session,
1383  Byte* operation_state_ptr,
1384  Ulong operation_state_len,
1385  ObjectHandle encryption_key,
1386  ObjectHandle authentication_key,
1387  ReturnValue* return_value = ThrowException) const;
1388 
1389  /**
1390  * C_Login logs a user into a token.
1391  * @param session the session's handle
1392  * @param user_type the user type
1393  * @param pin_ptr the user's PIN
1394  * @param pin_len the length of the PIN
1395  * @param return_value default value (`ThrowException`): throw exception on error.
1396  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1397  * At least the following PKCS#11 return values may be returned:
1398  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1399  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1400  * \li FunctionFailed \li GeneralError \li HostMemory
1401  * \li OK \li OperationNotInitialized \li PinIncorrect
1402  * \li PinLocked \li SessionClosed \li SessionHandleInvalid
1403  * \li SessionReadOnlyExists \li UserAlreadyLoggedIn \li UserAnotherAlreadyLoggedIn
1404  * \li UserPinNotInitialized \li UserTooManyTypes \li UserTypeInvalid
1405  * @return true on success, false otherwise
1406  */
1407  bool C_Login(SessionHandle session,
1408  UserType user_type,
1409  Utf8Char* pin_ptr,
1410  Ulong pin_len,
1411  ReturnValue* return_value = ThrowException) const;
1412 
1413  /**
1414  * C_Login logs a user into a token.
1415  * @param session the session's handle
1416  * @param user_type the user type
1417  * @param pin the user or security officer's PIN
1418  * @param return_value default value (`ThrowException`): throw exception on error.
1419  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1420  * At least the following PKCS#11 return values may be returned:
1421  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1422  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1423  * \li FunctionFailed \li GeneralError \li HostMemory
1424  * \li OK \li OperationNotInitialized \li PinIncorrect
1425  * \li PinLocked \li SessionClosed \li SessionHandleInvalid
1426  * \li SessionReadOnlyExists \li UserAlreadyLoggedIn \li UserAnotherAlreadyLoggedIn
1427  * \li UserPinNotInitialized \li UserTooManyTypes \li UserTypeInvalid
1428  * @return true on success, false otherwise
1429  */
1430  template<typename TAlloc>
1431  bool C_Login(SessionHandle session,
1432  UserType user_type,
1433  const std::vector<uint8_t, TAlloc>& pin,
1434  ReturnValue* return_value = ThrowException) const
1435  {
1436  return C_Login(session, user_type,
1437  reinterpret_cast< Utf8Char* >(const_cast< uint8_t* >(pin.data())),
1438  static_cast<Ulong>(pin.size()),
1439  return_value);
1440  }
1441 
1442  /**
1443  * C_Logout logs a user out from a token.
1444  * @param session the session's handle
1445  * @param return_value default value (`ThrowException`): throw exception on error.
1446  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1447  * At least the following PKCS#11 return values may be returned:
1448  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1449  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1450  * \li HostMemory \li OK \li SessionClosed
1451  * \li SessionHandleInvalid \li UserNotLoggedIn
1452  * @return true on success, false otherwise
1453  */
1454  bool C_Logout(SessionHandle session,
1455  ReturnValue* return_value = ThrowException) const;
1456 
1457  /****************************** Object management functions ******************************/
1458 
1459  /**
1460  * C_CreateObject creates a new object.
1461  * @param session the session's handle
1462  * @param attribute_template_ptr the object's template
1463  * @param count attributes in template
1464  * @param object_ptr gets new object's handle.
1465  * @param return_value default value (`ThrowException`): throw exception on error.
1466  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1467  * At least the following PKCS#11 return values may be returned:
1468  * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
1469  * \li AttributeValueInvalid \li CryptokiNotInitialized \li CurveNotSupported
1470  * \li DeviceError \li DeviceMemory \li DeviceRemoved
1471  * \li DomainParamsInvalid \li FunctionFailed \li GeneralError
1472  * \li HostMemory \li OK \li PinExpired
1473  * \li SessionClosed \li SessionHandleInvalid \li SessionReadOnly
1474  * \li TemplateIncomplete \li TemplateInconsistent \li TokenWriteProtected
1475  * \li UserNotLoggedIn
1476  * @return true on success, false otherwise
1477  */
1478  bool C_CreateObject(SessionHandle session,
1479  Attribute* attribute_template_ptr,
1480  Ulong count,
1481  ObjectHandle* object_ptr,
1482  ReturnValue* return_value = ThrowException) const;
1483 
1484  /**
1485  * C_CopyObject copies an object, creating a new object for the copy.
1486  * @param session the session's handle
1487  * @param object the object's handle
1488  * @param attribute_template_ptr template for new object
1489  * @param count attributes in template
1490  * @param new_object_ptr receives handle of copy
1491  * @param return_value default value (`ThrowException`): throw exception on error.
1492  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1493  * At least the following PKCS#11 return values may be returned:
1494  * \li ActionProhibited \li ArgumentsBad \li AttributeReadOnly
1495  * \li AttributeTypeInvalid \li AttributeValueInvalid \li CryptokiNotInitialized
1496  * \li DeviceError \li DeviceMemory \li DeviceRemoved
1497  * \li FunctionFailed \li GeneralError \li HostMemory
1498  * \li ObjectHandleInvalid \li OK \li PinExpired
1499  * \li SessionClosed \li SessionHandleInvalid \li SessionReadOnly
1500  * \li TemplateInconsistent \li TokenWriteProtected \li UserNotLoggedIn
1501  * @return true on success, false otherwise
1502  */
1503  bool C_CopyObject(SessionHandle session,
1504  ObjectHandle object,
1505  Attribute* attribute_template_ptr,
1506  Ulong count,
1507  ObjectHandle* new_object_ptr,
1508  ReturnValue* return_value = ThrowException) const;
1509 
1510  /**
1511  * C_DestroyObject destroys an object.
1512  * @param session the session's handle
1513  * @param object the object's handle
1514  * @param return_value default value (`ThrowException`): throw exception on error.
1515  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1516  * At least the following PKCS#11 return values may be returned:
1517  * \li ActionProhibited \li CryptokiNotInitialized \li DeviceError
1518  * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1519  * \li GeneralError \li HostMemory \li ObjectHandleInvalid
1520  * \li OK \li PinExpired \li SessionClosed
1521  * \li SessionHandleInvalid \li SessionReadOnly \li TokenWriteProtected
1522  * @return true on success, false otherwise
1523  */
1524  bool C_DestroyObject(SessionHandle session,
1525  ObjectHandle object,
1526  ReturnValue* return_value = ThrowException) const;
1527 
1528  /**
1529  * C_GetObjectSize gets the size of an object in bytes.
1530  * @param session the session's handle
1531  * @param object the object's handle
1532  * @param size_ptr receives size of object
1533  * @param return_value default value (`ThrowException`): throw exception on error.
1534  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1535  * At least the following PKCS#11 return values may be returned:
1536  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1537  * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1538  * \li GeneralError \li HostMemory \li InformationSensitive
1539  * \li ObjectHandleInvalid \li OK \li SessionClosed
1540  * \li SessionHandleInvalid
1541  * @return true on success, false otherwise
1542  */
1543  bool C_GetObjectSize(SessionHandle session,
1544  ObjectHandle object,
1545  Ulong* size_ptr,
1546  ReturnValue* return_value = ThrowException) const;
1547 
1548  /**
1549  * C_GetAttributeValue obtains the value of one or more object attributes.
1550  * @param session the session's handle
1551  * @param object the object's handle
1552  * @param attribute_template_ptr specifies attrs; gets vals
1553  * @param count attributes in template
1554  * @param return_value default value (`ThrowException`): throw exception on error.
1555  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1556  * At least the following PKCS#11 return values may be returned:
1557  * \li ArgumentsBad \li AttributeSensitive \li AttributeTypeInvalid
1558  * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1559  * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1560  * \li GeneralError \li HostMemory \li ObjectHandleInvalid
1561  * \li OK \li SessionClosed \li SessionHandleInvalid
1562  * @return true on success, false otherwise
1563  */
1564  bool C_GetAttributeValue(SessionHandle session,
1565  ObjectHandle object,
1566  Attribute* attribute_template_ptr,
1567  Ulong count,
1568  ReturnValue* return_value = ThrowException) const;
1569 
1570  /**
1571  * C_GetAttributeValue obtains the value of one or more object attributes.
1572  * @param session the session's handle
1573  * @param object the object's handle
1574  * @param attribute_values specifies attrs; gets vals
1575  * @param return_value default value (`ThrowException`): throw exception on error.
1576  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1577  * At least the following PKCS#11 return values may be returned:
1578  * \li ArgumentsBad \li AttributeSensitive \li AttributeTypeInvalid
1579  * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1580  * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1581  * \li GeneralError \li HostMemory \li ObjectHandleInvalid
1582  * \li OK \li SessionClosed \li SessionHandleInvalid
1583  * @return true on success, false otherwise
1584  */
1585  template<typename TAlloc>
1587  ObjectHandle object,
1588  std::map<AttributeType, std::vector<uint8_t, TAlloc>>& attribute_values,
1589  ReturnValue* return_value = ThrowException) const
1590  {
1591  std::vector<Attribute> getter_template;
1592 
1593  for(const auto& entry : attribute_values)
1594  {
1595  getter_template.emplace_back(Attribute{ static_cast< CK_ATTRIBUTE_TYPE >(entry.first), nullptr, 0 });
1596  }
1597 
1598  bool success = C_GetAttributeValue(session,
1599  object,
1600  const_cast< Attribute* >(getter_template.data()),
1601  static_cast<Ulong>(getter_template.size()),
1602  return_value);
1603 
1604  if(!success)
1605  {
1606  return success;
1607  }
1608 
1609  size_t i = 0;
1610  for(auto& entry : attribute_values)
1611  {
1612  entry.second.clear();
1613  entry.second.resize(getter_template.at(i).ulValueLen);
1614  getter_template.at(i).pValue = const_cast< uint8_t* >(entry.second.data());
1615  i++;
1616  }
1617 
1618  return C_GetAttributeValue(session, object,
1619  const_cast< Attribute* >(getter_template.data()),
1620  static_cast<Ulong>(getter_template.size()),
1621  return_value);
1622  }
1623 
1624  /**
1625  * C_SetAttributeValue modifies the value of one or more object attributes.
1626  * @param session the session's handle
1627  * @param object the object's handle
1628  * @param attribute_template_ptr specifies attrs and values
1629  * @param count attributes in template
1630  * @param return_value default value (`ThrowException`): throw exception on error.
1631  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1632  * At least the following PKCS#11 return values may be returned:
1633  * \li ActionProhibited \li ArgumentsBad \li AttributeReadOnly
1634  * \li AttributeTypeInvalid \li AttributeValueInvalid \li CryptokiNotInitialized
1635  * \li DeviceError \li DeviceMemory \li DeviceRemoved
1636  * \li FunctionFailed \li GeneralError \li HostMemory
1637  * \li ObjectHandleInvalid \li OK \li SessionClosed
1638  * \li SessionHandleInvalid \li SessionReadOnly \li TemplateInconsistent
1639  * \li TokenWriteProtected \li UserNotLoggedIn
1640  * @return true on success, false otherwise
1641  */
1642  bool C_SetAttributeValue(SessionHandle session,
1643  ObjectHandle object,
1644  Attribute* attribute_template_ptr,
1645  Ulong count,
1646  ReturnValue* return_value = ThrowException) const;
1647 
1648  /**
1649  * C_SetAttributeValue modifies the value of one or more object attributes.
1650  * @param session the session's handle
1651  * @param object the object's handle
1652  * @param attribute_values specifies attrs and values
1653  * @param return_value default value (`ThrowException`): throw exception on error.
1654  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1655  * At least the following PKCS#11 return values may be returned:
1656  * \li ActionProhibited \li ArgumentsBad \li AttributeReadOnly
1657  * \li AttributeTypeInvalid \li AttributeValueInvalid \li CryptokiNotInitialized
1658  * \li DeviceError \li DeviceMemory \li DeviceRemoved
1659  * \li FunctionFailed \li GeneralError \li HostMemory
1660  * \li ObjectHandleInvalid \li OK \li SessionClosed
1661  * \li SessionHandleInvalid \li SessionReadOnly \li TemplateInconsistent
1662  * \li TokenWriteProtected \li UserNotLoggedIn
1663  * @return true on success, false otherwise
1664  */
1665  template<typename TAlloc>
1667  ObjectHandle object,
1668  std::map<AttributeType, std::vector<uint8_t, TAlloc>>& attribute_values,
1669  ReturnValue* return_value = ThrowException) const
1670  {
1671  std::vector<Attribute> setter_template;
1672 
1673  for(auto& entry : attribute_values)
1674  {
1675  setter_template.emplace_back(Attribute{ static_cast< CK_ATTRIBUTE_TYPE >(entry.first), entry.second.data(), static_cast<CK_ULONG>(entry.second.size()) });
1676  }
1677 
1678  return C_SetAttributeValue(session, object,
1679  const_cast< Attribute* >(setter_template.data()),
1680  static_cast<Ulong>(setter_template.size()),
1681  return_value);
1682  }
1683 
1684  /**
1685  * C_FindObjectsInit initializes a search for token and session objects that match a template.
1686  * @param session the session's handle
1687  * @param attribute_template_ptr attribute values to match
1688  * @param count attrs in search template
1689  * @param return_value default value (`ThrowException`): throw exception on error.
1690  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1691  * At least the following PKCS#11 return values may be returned:
1692  * \li ArgumentsBad \li AttributeTypeInvalid \li AttributeValueInvalid
1693  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1694  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1695  * \li HostMemory \li OK \li OperationActive
1696  * \li PinExpired \li SessionClosed \li SessionHandleInvalid
1697  * @return true on success, false otherwise
1698  */
1699  bool C_FindObjectsInit(SessionHandle session,
1700  Attribute* attribute_template_ptr,
1701  Ulong count,
1702  ReturnValue* return_value = ThrowException) const;
1703 
1704  /**
1705  * C_FindObjects continues a search for token and session objects that match a template, obtaining additional object handles.
1706  * @param session session's handle
1707  * @param object_ptr gets obj. handles
1708  * @param max_object_count max handles to get
1709  * @param object_count_ptr actual # returned
1710  * @param return_value default value (`ThrowException`): throw exception on error.
1711  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1712  * At least the following PKCS#11 return values may be returned:
1713  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1714  * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1715  * \li GeneralError \li HostMemory \li OK
1716  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
1717  * @return true on success, false otherwise
1718  */
1719  bool C_FindObjects(SessionHandle session,
1720  ObjectHandle* object_ptr,
1721  Ulong max_object_count,
1722  Ulong* object_count_ptr,
1723  ReturnValue* return_value = ThrowException) const;
1724 
1725  /**
1726  * C_FindObjectsFinal finishes a search for token and session objects.
1727  * @param session the session's handle
1728  * @param return_value default value (`ThrowException`): throw exception on error.
1729  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1730  * At least the following PKCS#11 return values may be returned:
1731  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1732  * \li DeviceRemoved \li FunctionFailed \li GeneralError
1733  * \li HostMemory \li OK \li OperationNotInitialized
1734  * \li SessionClosed \li SessionHandleInvalid
1735  * @return true on success, false otherwise
1736  */
1737  bool C_FindObjectsFinal(SessionHandle session,
1738  ReturnValue* return_value = ThrowException) const;
1739 
1740  /****************************** Encryption functions ******************************/
1741 
1742  /**
1743  * C_EncryptInit initializes an encryption operation.
1744  * @param session the session's handle
1745  * @param mechanism_ptr the encryption mechanism
1746  * @param key handle of encryption key
1747  * @param return_value default value (`ThrowException`): throw exception on error.
1748  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1749  * At least the following PKCS#11 return values may be returned:
1750  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1751  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1752  * \li GeneralError \li HostMemory \li KeyFunctionNotPermitted
1753  * \li KeyHandleInvalid \li KeySizeRange \li KeyTypeInconsistent
1754  * \li MechanismInvalid \li MechanismParamInvalid \li OK
1755  * \li OperationActive \li PinExpired \li SessionClosed
1756  * \li SessionHandleInvalid \li UserNotLoggedIn
1757  * @return true on success, false otherwise
1758  */
1759  bool C_EncryptInit(SessionHandle session,
1760  Mechanism* mechanism_ptr,
1761  ObjectHandle key,
1762  ReturnValue* return_value = ThrowException) const;
1763 
1764  /**
1765  * C_Encrypt encrypts single-part data.
1766  * @param session session's handle
1767  * @param data_ptr the plaintext data
1768  * @param data_len size of plaintext data in bytes
1769  * @param encrypted_data gets ciphertext
1770  * @param encrypted_data_len_ptr gets c-text size
1771  * @param return_value default value (`ThrowException`): throw exception on error.
1772  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1773  * At least the following PKCS#11 return values may be returned:
1774  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1775  * \li DataInvalid \li DataLenRange \li DeviceError
1776  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1777  * \li FunctionFailed \li GeneralError \li HostMemory
1778  * \li OK \li OperationNotInitialized \li SessionClosed
1779  * \li SessionHandleInvalid
1780  * @return true on success, false otherwise
1781  */
1782  bool C_Encrypt(SessionHandle session,
1783  Byte* data_ptr,
1784  Ulong data_len,
1785  Byte* encrypted_data,
1786  Ulong* encrypted_data_len_ptr,
1787  ReturnValue* return_value = ThrowException) const;
1788 
1789  /**
1790  * C_Encrypt encrypts single-part data.
1791  * @param session session's handle
1792  * @param plaintext_data the plaintext data
1793  * @param encrypted_data gets ciphertext
1794  * @param return_value default value (`ThrowException`): throw exception on error.
1795  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1796  * At least the following PKCS#11 return values may be returned:
1797  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1798  * \li DataInvalid \li DataLenRange \li DeviceError
1799  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1800  * \li FunctionFailed \li GeneralError \li HostMemory
1801  * \li OK \li OperationNotInitialized \li SessionClosed
1802  * \li SessionHandleInvalid
1803  * @return true on success, false otherwise
1804  */
1805  template<typename TAllocA, typename TAllocB>
1806  bool C_Encrypt(SessionHandle session,
1807  const std::vector<uint8_t, TAllocA>& plaintext_data,
1808  std::vector<uint8_t, TAllocB>& encrypted_data,
1809  ReturnValue* return_value = ThrowException) const
1810  {
1811  Ulong encrypted_size = 0;
1812  if(!C_Encrypt(session,
1813  const_cast<Byte*>((plaintext_data.data())),
1814  static_cast<Ulong>(plaintext_data.size()),
1815  nullptr, &encrypted_size,
1816  return_value))
1817  {
1818  return false;
1819  }
1820 
1821  encrypted_data.resize(encrypted_size);
1822  if (!C_Encrypt(session,
1823  const_cast<Byte*>(plaintext_data.data()),
1824  static_cast<Ulong>(plaintext_data.size()),
1825  encrypted_data.data(),
1826  &encrypted_size, return_value))
1827  {
1828  return false;
1829  }
1830  encrypted_data.resize(encrypted_size);
1831  return true;
1832  }
1833 
1834  /**
1835  * C_EncryptUpdate continues a multiple-part encryption operation.
1836  * @param session session's handle
1837  * @param part_ptr the plaintext data
1838  * @param part_len plaintext data len
1839  * @param encrypted_part_ptr gets ciphertext
1840  * @param encrypted_part_len_ptr gets c-text size
1841  * @param return_value default value (`ThrowException`): throw exception on error.
1842  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1843  * At least the following PKCS#11 return values may be returned:
1844  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1845  * \li DataLenRange \li DeviceError \li DeviceMemory
1846  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1847  * \li GeneralError \li HostMemory \li OK
1848  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
1849  * @return true on success, false otherwise
1850  */
1851  bool C_EncryptUpdate(SessionHandle session,
1852  Byte* part_ptr,
1853  Ulong part_len,
1854  Byte* encrypted_part_ptr,
1855  Ulong* encrypted_part_len_ptr,
1856  ReturnValue* return_value = ThrowException) const;
1857 
1858  /**
1859  * C_EncryptFinal finishes a multiple-part encryption operation.
1860  * @param session session handle
1861  * @param last_encrypted_part_ptr last c-text
1862  * @param last_encrypted_part_len_ptr gets last size
1863  * @param return_value default value (`ThrowException`): throw exception on error.
1864  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1865  * At least the following PKCS#11 return values may be returned:
1866  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1867  * \li DataLenRange \li DeviceError \li DeviceMemory
1868  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1869  * \li GeneralError \li HostMemory \li OK
1870  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
1871  * @return true on success, false otherwise
1872  */
1873  bool C_EncryptFinal(SessionHandle session,
1874  Byte* last_encrypted_part_ptr,
1875  Ulong* last_encrypted_part_len_ptr,
1876  ReturnValue* return_value = ThrowException) const;
1877 
1878  /****************************** Decryption functions ******************************/
1879 
1880  /**
1881  * C_DecryptInit initializes a decryption operation.
1882  * @param session the session's handle
1883  * @param mechanism_ptr the decryption mechanism
1884  * @param key handle of decryption key
1885  * @param return_value default value (`ThrowException`): throw exception on error.
1886  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1887  * At least the following PKCS#11 return values may be returned:
1888  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1889  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1890  * \li FunctionFailed \li GeneralError \li HostMemory
1891  * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
1892  * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
1893  * \li OK \li OperationActive \li PinExpired
1894  * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
1895  * @return true on success, false otherwise
1896  */
1897  bool C_DecryptInit(SessionHandle session,
1898  Mechanism* mechanism_ptr,
1899  ObjectHandle key,
1900  ReturnValue* return_value = ThrowException) const;
1901 
1902  /**
1903  * C_Decrypt decrypts encrypted data in a single part.
1904  * @param session session's handle
1905  * @param encrypted_data_ptr ciphertext
1906  * @param encrypted_data_len ciphertext length
1907  * @param data_ptr gets plaintext
1908  * @param data_len_ptr gets p-text size
1909  * @param return_value default value (`ThrowException`): throw exception on error.
1910  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1911  * At least the following PKCS#11 return values may be returned:
1912  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1913  * \li DeviceError \li DeviceMemory \li DeviceRemoved
1914  * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
1915  * \li FunctionFailed \li GeneralError \li HostMemory
1916  * \li OK \li OperationNotInitialized \li SessionClosed
1917  * \li SessionHandleInvalid \li UserNotLoggedIn
1918  * @return true on success, false otherwise
1919  */
1920  bool C_Decrypt(SessionHandle session,
1921  Byte* encrypted_data_ptr,
1922  Ulong encrypted_data_len,
1923  Byte* data_ptr,
1924  Ulong* data_len_ptr,
1925  ReturnValue* return_value = ThrowException) const;
1926 
1927  /**
1928  * C_Decrypt decrypts encrypted data in a single part.
1929  * @param session session's handle
1930  * @param encrypted_data ciphertext
1931  * @param decrypted_data gets plaintext
1932  * @param return_value default value (`ThrowException`): throw exception on error.
1933  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1934  * At least the following PKCS#11 return values may be returned:
1935  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1936  * \li DeviceError \li DeviceMemory \li DeviceRemoved
1937  * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
1938  * \li FunctionFailed \li GeneralError \li HostMemory
1939  * \li OK \li OperationNotInitialized \li SessionClosed
1940  * \li SessionHandleInvalid \li UserNotLoggedIn
1941  * @return true on success, false otherwise
1942  */
1943  template<typename TAllocA, typename TAllocB>
1944  bool C_Decrypt(SessionHandle session,
1945  const std::vector<uint8_t, TAllocA>& encrypted_data,
1946  std::vector<uint8_t, TAllocB>& decrypted_data,
1947  ReturnValue* return_value = ThrowException) const
1948  {
1949  Ulong decrypted_size = 0;
1950  if(!C_Decrypt(session,
1951  const_cast<Byte*>((encrypted_data.data())),
1952  static_cast<Ulong>(encrypted_data.size()),
1953  nullptr, &decrypted_size,
1954  return_value))
1955  {
1956  return false;
1957  }
1958 
1959  decrypted_data.resize(decrypted_size);
1960  if(!C_Decrypt(session,
1961  const_cast<Byte*>(encrypted_data.data()),
1962  static_cast<Ulong>(encrypted_data.size()),
1963  decrypted_data.data(),
1964  &decrypted_size, return_value))
1965  {
1966  return false;
1967  }
1968  decrypted_data.resize(decrypted_size);
1969  return true;
1970  }
1971 
1972  /**
1973  * C_DecryptUpdate continues a multiple-part decryption operation.
1974  * @param session session's handle
1975  * @param encrypted_part_ptr encrypted data
1976  * @param encrypted_part_len input length
1977  * @param part_ptr gets plaintext
1978  * @param part_len_ptr p-text size
1979  * @param return_value default value (`ThrowException`): throw exception on error.
1980  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1981  * At least the following PKCS#11 return values may be returned:
1982  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1983  * \li DeviceError \li DeviceMemory \li DeviceRemoved
1984  * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
1985  * \li FunctionFailed \li GeneralError \li HostMemory
1986  * \li OK \li OperationNotInitialized \li SessionClosed
1987  * \li SessionHandleInvalid \li UserNotLoggedIn
1988  * @return true on success, false otherwise
1989  */
1990  bool C_DecryptUpdate(SessionHandle session,
1991  Byte* encrypted_part_ptr,
1992  Ulong encrypted_part_len,
1993  Byte* part_ptr,
1994  Ulong* part_len_ptr,
1995  ReturnValue* return_value = ThrowException) const;
1996 
1997  /**
1998  * C_DecryptFinal finishes a multiple-part decryption operation.
1999  * @param session the session's handle
2000  * @param last_part_ptr gets plaintext
2001  * @param last_part_len_ptr p-text size
2002  * @param return_value default value (`ThrowException`): throw exception on error.
2003  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2004  * At least the following PKCS#11 return values may be returned:
2005  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2006  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2007  * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
2008  * \li FunctionFailed \li GeneralError \li HostMemory
2009  * \li OK \li OperationNotInitialized \li SessionClosed
2010  * \li SessionHandleInvalid \li UserNotLoggedIn
2011  * @return true on success, false otherwise
2012  */
2013  bool C_DecryptFinal(SessionHandle session,
2014  Byte* last_part_ptr,
2015  Ulong* last_part_len_ptr,
2016  ReturnValue* return_value = ThrowException) const;
2017 
2018  /****************************** Message digesting functions ******************************/
2019 
2020  /**
2021  * C_DigestInit initializes a message-digesting operation.
2022  * @param session the session's handle
2023  * @param mechanism_ptr the digesting mechanism
2024  * @param return_value default value (`ThrowException`): throw exception on error.
2025  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2026  * At least the following PKCS#11 return values may be returned:
2027  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2028  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2029  * \li FunctionFailed \li GeneralError \li HostMemory
2030  * \li MechanismInvalid \li MechanismParamInvalid \li OK
2031  * \li OperationActive \li PinExpired \li SessionClosed
2032  * \li SessionHandleInvalid \li UserNotLoggedIn
2033  * @return true on success, false otherwise
2034  */
2035  bool C_DigestInit(SessionHandle session,
2036  Mechanism* mechanism_ptr,
2037  ReturnValue* return_value = ThrowException) const;
2038 
2039  /**
2040  * C_Digest digests data in a single part.
2041  * @param session the session's handle
2042  * @param data_ptr data to be digested
2043  * @param data_len bytes of data to digest
2044  * @param digest_ptr gets the message digest
2045  * @param digest_len_ptr gets digest length
2046  * @param return_value default value (`ThrowException`): throw exception on error.
2047  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2048  * At least the following PKCS#11 return values may be returned:
2049  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2050  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2051  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2052  * \li HostMemory \li OK \li OperationNotInitialized
2053  * \li SessionClosed \li SessionHandleInvalid
2054  * @return true on success, false otherwise
2055  */
2056  bool C_Digest(SessionHandle session,
2057  Byte* data_ptr,
2058  Ulong data_len,
2059  Byte* digest_ptr,
2060  Ulong* digest_len_ptr,
2061  ReturnValue* return_value = ThrowException) const;
2062 
2063  /**
2064  * C_DigestUpdate continues a multiple-part message-digesting operation.
2065  * @param session the session's handle
2066  * @param part_ptr data to be digested
2067  * @param part_len bytes of data to be digested
2068  * @param return_value default value (`ThrowException`): throw exception on error.
2069  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2070  * At least the following PKCS#11 return values may be returned:
2071  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2072  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2073  * \li FunctionFailed \li GeneralError \li HostMemory
2074  * \li OK \li OperationNotInitialized \li SessionClosed
2075  * \li SessionHandleInvalid
2076  * @return true on success, false otherwise
2077  */
2078  bool C_DigestUpdate(SessionHandle session,
2079  Byte* part_ptr,
2080  Ulong part_len,
2081  ReturnValue* return_value = ThrowException) const;
2082 
2083  /**
2084  * C_DigestKey continues a multi-part message-digesting operation, by digesting the value of a secret key as part of the data already digested.
2085  * @param session the session's handle
2086  * @param key secret key to digest
2087  * @param return_value default value (`ThrowException`): throw exception on error.
2088  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2089  * At least the following PKCS#11 return values may be returned:
2090  * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
2091  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2092  * \li GeneralError \li HostMemory \li KeyHandleInvalid
2093  * \li KeyIndigestible \li KeySizeRange \li OK
2094  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2095  * @return true on success, false otherwise
2096  */
2097  bool C_DigestKey(SessionHandle session,
2098  ObjectHandle key,
2099  ReturnValue* return_value = ThrowException) const;
2100 
2101  /**
2102  * C_DigestFinal finishes a multiple-part message-digesting operation.
2103  * @param session the session's handle
2104  * @param digest_ptr gets the message digest
2105  * @param digest_len_ptr gets uint8_t count of digest
2106  * @param return_value default value (`ThrowException`): throw exception on error.
2107  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2108  * At least the following PKCS#11 return values may be returned:
2109  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2110  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2111  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2112  * \li HostMemory \li OK \li OperationNotInitialized
2113  * \li SessionClosed \li SessionHandleInvalid
2114  * @return true on success, false otherwise
2115  */
2116  bool C_DigestFinal(SessionHandle session,
2117  Byte* digest_ptr,
2118  Ulong* digest_len_ptr,
2119  ReturnValue* return_value = ThrowException) const;
2120 
2121  /****************************** Signing and MACing functions ******************************/
2122 
2123  /**
2124  * C_SignInit initializes a signature (private key encryption) operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2125  * @param session the session's handle
2126  * @param mechanism_ptr the signature mechanism
2127  * @param key handle of signature key
2128  * @param return_value default value (`ThrowException`): throw exception on error.
2129  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2130  * At least the following PKCS#11 return values may be returned:
2131  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2132  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2133  * \li FunctionFailed \li GeneralError \li HostMemory
2134  * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
2135  * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
2136  * \li OK \li OperationActive \li PinExpired
2137  * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2138  * @return true on success, false otherwise
2139  */
2140  bool C_SignInit(SessionHandle session,
2141  Mechanism* mechanism_ptr,
2142  ObjectHandle key,
2143  ReturnValue* return_value = ThrowException) const;
2144 
2145  /**
2146  * C_Sign signs (encrypts with private key) data in a single part, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2147  * @param session the session's handle
2148  * @param data_ptr the data to sign
2149  * @param data_len count of bytes to sign
2150  * @param signature_ptr gets the signature
2151  * @param signature_len_ptr gets signature length
2152  * @param return_value default value (`ThrowException`): throw exception on error.
2153  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2154  * At least the following PKCS#11 return values may be returned:
2155  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2156  * \li DataInvalid \li DataLenRange \li DeviceError
2157  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2158  * \li FunctionFailed \li GeneralError \li HostMemory
2159  * \li OK \li OperationNotInitialized \li SessionClosed
2160  * \li SessionHandleInvalid \li UserNotLoggedIn \li FunctionRejected
2161  * @return true on success, false otherwise
2162  */
2163  bool C_Sign(SessionHandle session,
2164  Byte* data_ptr,
2165  Ulong data_len,
2166  Byte* signature_ptr,
2167  Ulong* signature_len_ptr,
2168  ReturnValue* return_value = ThrowException) const;
2169 
2170  /**
2171  * C_Sign signs (encrypts with private key) data in a single part, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2172  * @param session the session's handle
2173  * @param data the data to sign
2174  * @param signature gets the signature
2175  * @param return_value default value (`ThrowException`): throw exception on error.
2176  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2177  * At least the following PKCS#11 return values may be returned:
2178  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2179  * \li DataInvalid \li DataLenRange \li DeviceError
2180  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2181  * \li FunctionFailed \li GeneralError \li HostMemory
2182  * \li OK \li OperationNotInitialized \li SessionClosed
2183  * \li SessionHandleInvalid \li UserNotLoggedIn \li FunctionRejected
2184  * @return true on success, false otherwise
2185  */
2186  template<typename TAllocA, typename TAllocB>
2187  bool C_Sign(SessionHandle session,
2188  const std::vector<uint8_t, TAllocA>& data,
2189  std::vector<uint8_t, TAllocB>& signature,
2190  ReturnValue* return_value = ThrowException) const
2191  {
2192  Ulong signature_size = 0;
2193  if(!C_Sign(session,
2194  const_cast<Byte*>((data.data())),
2195  static_cast<Ulong>(data.size()),
2196  nullptr,
2197  &signature_size,
2198  return_value))
2199  {
2200  return false;
2201  }
2202 
2203  signature.resize(signature_size);
2204  if (!C_Sign(session,
2205  const_cast<Byte*>(data.data()),
2206  static_cast<Ulong>(data.size()),
2207  signature.data(),
2208  &signature_size,
2209  return_value))
2210  {
2211  return false;
2212  }
2213  signature.resize(signature_size);
2214  return true;
2215  }
2216 
2217  /**
2218  * C_SignUpdate continues a multiple-part signature operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2219  * @param session the session's handle
2220  * @param part_ptr the data to sign
2221  * @param part_len count of bytes to sign
2222  * @param return_value default value (`ThrowException`): throw exception on error.
2223  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2224  * At least the following PKCS#11 return values may be returned:
2225  * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2226  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2227  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2228  * \li HostMemory \li OK \li OperationNotInitialized
2229  * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2230  * @return true on success, false otherwise
2231  */
2232  bool C_SignUpdate(SessionHandle session,
2233  Byte* part_ptr,
2234  Ulong part_len,
2235  ReturnValue* return_value = ThrowException) const;
2236 
2237  /**
2238  * C_SignUpdate continues a multiple-part signature operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2239  * @param session the session's handle
2240  * @param part the data to sign
2241  * @param return_value default value (`ThrowException`): throw exception on error.
2242  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2243  * At least the following PKCS#11 return values may be returned:
2244  * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2245  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2246  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2247  * \li HostMemory \li OK \li OperationNotInitialized
2248  * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2249  * @return true on success, false otherwise
2250  */
2251  template<typename TAlloc>
2253  const std::vector<uint8_t, TAlloc>& part,
2254  ReturnValue* return_value = ThrowException) const
2255  {
2256  return C_SignUpdate(session,
2257  const_cast<Byte*>(part.data()),
2258  static_cast<Ulong>(part.size()),
2259  return_value);
2260  }
2261 
2262  /**
2263  * C_SignFinal finishes a multiple-part signature operation, returning the signature.
2264  * @param session the session's handle
2265  * @param signature_ptr gets the signature
2266  * @param signature_len_ptr gets signature length
2267  * @param return_value default value (`ThrowException`): throw exception on error.
2268  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2269  * At least the following PKCS#11 return values may be returned:
2270  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2271  * \li DataLenRange \li DeviceError \li DeviceMemory
2272  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2273  * \li GeneralError \li HostMemory \li OK
2274  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2275  * \li UserNotLoggedIn \li FunctionRejected
2276  * @return true on success, false otherwise
2277  */
2278  bool C_SignFinal(SessionHandle session,
2279  Byte* signature_ptr,
2280  Ulong* signature_len_ptr,
2281  ReturnValue* return_value = ThrowException) const;
2282 
2283  /**
2284  * C_SignFinal finishes a multiple-part signature operation, returning the signature.
2285  * @param session the session's handle
2286  * @param signature gets the signature
2287  * @param return_value default value (`ThrowException`): throw exception on error.
2288  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2289  * At least the following PKCS#11 return values may be returned:
2290  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2291  * \li DataLenRange \li DeviceError \li DeviceMemory
2292  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2293  * \li GeneralError \li HostMemory \li OK
2294  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2295  * \li UserNotLoggedIn \li FunctionRejected
2296  * @return true on success, false otherwise
2297  */
2298  template<typename TAlloc>
2300  std::vector<uint8_t, TAlloc>& signature,
2301  ReturnValue* return_value = ThrowException) const
2302  {
2303  Ulong signature_size = 0;
2304  if(!C_SignFinal(session, nullptr, &signature_size, return_value))
2305  {
2306  return false;
2307  }
2308 
2309  signature.resize(signature_size);
2310  if (!C_SignFinal(session, signature.data(), &signature_size, return_value))
2311  {
2312  return false;
2313  }
2314  signature.resize(signature_size);
2315  return true;
2316  }
2317 
2318  /**
2319  * C_SignRecoverInit initializes a signature operation, where the data can be recovered from the signature.
2320  * @param session the session's handle
2321  * @param mechanism_ptr the signature mechanism
2322  * @param key handle of the signature key
2323  * @param return_value default value (`ThrowException`): throw exception on error.
2324  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2325  * At least the following PKCS#11 return values may be returned:
2326  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2327  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2328  * \li FunctionFailed \li GeneralError \li HostMemory
2329  * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
2330  * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
2331  * \li OK \li OperationActive \li PinExpired
2332  * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2333  * @return true on success, false otherwise
2334  */
2335  bool C_SignRecoverInit(SessionHandle session,
2336  Mechanism* mechanism_ptr,
2337  ObjectHandle key,
2338  ReturnValue* return_value = ThrowException) const;
2339 
2340  /**
2341  * C_SignRecover signs data in a single operation, where the data can be recovered from the signature.
2342  * @param session the session's handle
2343  * @param data_ptr the data to sign
2344  * @param data_len count of bytes to sign
2345  * @param signature_ptr gets the signature
2346  * @param signature_len_ptr gets signature length
2347  * @param return_value default value (`ThrowException`): throw exception on error.
2348  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2349  * At least the following PKCS#11 return values may be returned:
2350  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2351  * \li DataInvalid \li DataLenRange \li DeviceError
2352  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2353  * \li FunctionFailed \li GeneralError \li HostMemory
2354  * \li OK \li OperationNotInitialized \li SessionClosed
2355  * \li SessionHandleInvalid \li UserNotLoggedIn
2356  * @return true on success, false otherwise
2357  */
2358  bool C_SignRecover(SessionHandle session,
2359  Byte* data_ptr,
2360  Ulong data_len,
2361  Byte* signature_ptr,
2362  Ulong* signature_len_ptr,
2363  ReturnValue* return_value = ThrowException) const;
2364 
2365  /****************************** Functions for verifying signatures and MACs ******************************/
2366 
2367  /**
2368  * C_VerifyInit initializes a verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature (e.g. DSA).
2369  * @param session the session's handle
2370  * @param mechanism_ptr the verification mechanism
2371  * @param key verification key
2372  * @param return_value default value (`ThrowException`): throw exception on error.
2373  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2374  * At least the following PKCS#11 return values may be returned:
2375  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2376  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2377  * \li FunctionFailed \li GeneralError \li HostMemory
2378  * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
2379  * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
2380  * \li OK \li OperationActive \li PinExpired
2381  * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2382  * @return true on success, false otherwise
2383  */
2384  bool C_VerifyInit(SessionHandle session,
2385  Mechanism* mechanism_ptr,
2386  ObjectHandle key,
2387  ReturnValue* return_value = ThrowException) const;
2388 
2389  /**
2390  * C_Verify verifies a signature in a single-part operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
2391  * @param session the session's handle
2392  * @param data_ptr signed data
2393  * @param data_len length of signed data
2394  * @param signature_ptr signature
2395  * @param signature_len signature length
2396  * @param return_value default value (`ThrowException`): throw exception on error.
2397  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2398  * At least the following PKCS#11 return values may be returned:
2399  * \li ArgumentsBad \li CryptokiNotInitialized \li DataInvalid
2400  * \li DataLenRange \li DeviceError \li DeviceMemory
2401  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2402  * \li GeneralError \li HostMemory \li OK
2403  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2404  * \li SignatureInvalid \li SignatureLenRange
2405  * @return true on success, false otherwise
2406  */
2407  bool C_Verify(SessionHandle session,
2408  Byte* data_ptr,
2409  Ulong data_len,
2410  Byte* signature_ptr,
2411  Ulong signature_len,
2412  ReturnValue* return_value = ThrowException) const;
2413 
2414  /**
2415  * C_Verify verifies a signature in a single-part operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
2416  * @param session the session's handle
2417  * @param data signed data
2418  * @param signature signature
2419  * @param return_value default value (`ThrowException`): throw exception on error.
2420  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2421  * At least the following PKCS#11 return values may be returned:
2422  * \li ArgumentsBad \li CryptokiNotInitialized \li DataInvalid
2423  * \li DataLenRange \li DeviceError \li DeviceMemory
2424  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2425  * \li GeneralError \li HostMemory \li OK
2426  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2427  * \li SignatureInvalid \li SignatureLenRange
2428  * @return true on success, false otherwise
2429  */
2430  template<typename TAllocA, typename TAllocB>
2431  bool C_Verify(SessionHandle session,
2432  const std::vector<uint8_t, TAllocA>& data,
2433  std::vector<uint8_t, TAllocB>& signature,
2434  ReturnValue* return_value = ThrowException) const
2435  {
2436  return C_Verify(session,
2437  const_cast<Byte*>(data.data()),
2438  static_cast<Ulong>(data.size()),
2439  signature.data(),
2440  static_cast<Ulong>(signature.size()),
2441  return_value);
2442  }
2443 
2444  /**
2445  * C_VerifyUpdate continues a multiple-part verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
2446  * @param session the session's handle
2447  * @param part_ptr signed data
2448  * @param part_len length of signed data
2449  * @param return_value default value (`ThrowException`): throw exception on error.
2450  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2451  * At least the following PKCS#11 return values may be returned:
2452  * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2453  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2454  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2455  * \li HostMemory \li OK \li OperationNotInitialized
2456  * \li SessionClosed \li SessionHandleInvalid
2457  * @return true on success, false otherwise
2458  */
2459  bool C_VerifyUpdate(SessionHandle session,
2460  Byte* part_ptr,
2461  Ulong part_len,
2462  ReturnValue* return_value = ThrowException) const;
2463 
2464  /**
2465  * C_VerifyUpdate continues a multiple-part verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
2466  * @param session the session's handle
2467  * @param part signed data
2468  * @param return_value default value (`ThrowException`): throw exception on error.
2469  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2470  * At least the following PKCS#11 return values may be returned:
2471  * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2472  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2473  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2474  * \li HostMemory \li OK \li OperationNotInitialized
2475  * \li SessionClosed \li SessionHandleInvalid
2476  * @return true on success, false otherwise
2477  */
2478  template<typename TAlloc>
2480  std::vector<uint8_t, TAlloc> part,
2481  ReturnValue* return_value = ThrowException) const
2482  {
2483  return C_VerifyUpdate(session, part.data(), static_cast<Ulong>(part.size()), return_value);
2484  }
2485 
2486  /**
2487  * C_VerifyFinal finishes a multiple-part verification operation, checking the signature.
2488  * @param session the session's handle
2489  * @param signature_ptr signature to verify
2490  * @param signature_len signature length
2491  * @param return_value default value (`ThrowException`): throw exception on error.
2492  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2493  * At least the following PKCS#11 return values may be returned:
2494  * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2495  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2496  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2497  * \li HostMemory \li OK \li OperationNotInitialized
2498  * \li SessionClosed \li SessionHandleInvalid \li SignatureInvalid
2499  * \li SignatureLenRange
2500  * @return true on success, false otherwise
2501  */
2502  bool C_VerifyFinal(SessionHandle session,
2503  Byte* signature_ptr,
2504  Ulong signature_len,
2505  ReturnValue* return_value = ThrowException) const;
2506 
2507  /**
2508  * C_VerifyRecoverInit initializes a signature verification operation, where the data is recovered from the signature.
2509  * @param session the session's handle
2510  * @param mechanism_ptr the verification mechanism
2511  * @param key verification key
2512  * @param return_value default value (`ThrowException`): throw exception on error.
2513  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2514  * At least the following PKCS#11 return values may be returned:
2515  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2516  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2517  * \li FunctionFailed \li GeneralError \li HostMemory
2518  * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
2519  * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
2520  * \li OK \li OperationActive \li PinExpired
2521  * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2522  * @return true on success, false otherwise
2523  */
2524  bool C_VerifyRecoverInit(SessionHandle session,
2525  Mechanism* mechanism_ptr,
2526  ObjectHandle key,
2527  ReturnValue* return_value = ThrowException) const;
2528 
2529  /**
2530  * C_VerifyRecover verifies a signature in a single-part operation, where the data is recovered from the signature.
2531  * @param session the session's handle
2532  * @param signature_ptr signature to verify
2533  * @param signature_len signature length
2534  * @param data_ptr gets signed data
2535  * @param data_len_ptr gets signed data len
2536  * @param return_value default value (`ThrowException`): throw exception on error.
2537  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2538  * At least the following PKCS#11 return values may be returned:
2539  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2540  * \li DataInvalid \li DataLenRange \li DeviceError
2541  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2542  * \li FunctionFailed \li GeneralError \li HostMemory
2543  * \li OK \li OperationNotInitialized \li SessionClosed
2544  * \li SessionHandleInvalid \li SignatureLenRange \li SignatureInvalid
2545  * @return true on success, false otherwise
2546  */
2547  bool C_VerifyRecover(SessionHandle session,
2548  Byte* signature_ptr,
2549  Ulong signature_len,
2550  Byte* data_ptr,
2551  Ulong* data_len_ptr,
2552  ReturnValue* return_value = ThrowException) const;
2553 
2554  /****************************** Dual-purpose cryptographic functions ******************************/
2555 
2556  /**
2557  * C_DigestEncryptUpdate continues a multiple-part digesting and encryption operation.
2558  * @param session session's handle
2559  * @param part_ptr the plaintext data
2560  * @param part_len plaintext length
2561  * @param encrypted_part_ptr gets ciphertext
2562  * @param encrypted_part_len_ptr gets c-text length
2563  * @param return_value default value (`ThrowException`): throw exception on error.
2564  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2565  * At least the following PKCS#11 return values may be returned:
2566  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2567  * \li DataLenRange \li DeviceError \li DeviceMemory
2568  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2569  * \li GeneralError \li HostMemory \li OK
2570  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2571  * @return true on success, false otherwise
2572  */
2573  bool C_DigestEncryptUpdate(SessionHandle session,
2574  Byte* part_ptr,
2575  Ulong part_len,
2576  Byte* encrypted_part_ptr,
2577  Ulong* encrypted_part_len_ptr,
2578  ReturnValue* return_value = ThrowException) const ;
2579 
2580  /**
2581  * C_DecryptDigestUpdate continues a multiple-part decryption and digesting operation.
2582  * @param session session's handle
2583  * @param encrypted_part_ptr ciphertext
2584  * @param encrypted_part_len ciphertext length
2585  * @param part_ptr gets plaintext
2586  * @param part_len_ptr gets plaintext len
2587  * @param return_value default value (`ThrowException`): throw exception on error.
2588  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2589  * At least the following PKCS#11 return values may be returned:
2590  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2591  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2592  * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
2593  * \li FunctionFailed \li GeneralError \li HostMemory
2594  * \li OK \li OperationNotInitialized \li SessionClosed
2595  * \li SessionHandleInvalid
2596  * @return true on success, false otherwise
2597  */
2598  bool C_DecryptDigestUpdate(SessionHandle session,
2599  Byte* encrypted_part_ptr,
2600  Ulong encrypted_part_len,
2601  Byte* part_ptr,
2602  Ulong* part_len_ptr,
2603  ReturnValue* return_value = ThrowException) const;
2604 
2605  /**
2606  * C_SignEncryptUpdate continues a multiple-part signing and encryption operation.
2607  * @param session session's handle
2608  * @param part_ptr the plaintext data
2609  * @param part_len plaintext length
2610  * @param encrypted_part_ptr gets ciphertext
2611  * @param encrypted_part_len_ptr gets c-text length
2612  * @param return_value default value (`ThrowException`): throw exception on error.
2613  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2614  * At least the following PKCS#11 return values may be returned:
2615  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2616  * \li DataLenRange \li DeviceError \li DeviceMemory
2617  * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2618  * \li GeneralError \li HostMemory \li OK
2619  * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2620  * \li UserNotLoggedIn
2621  * @return true on success, false otherwise
2622  */
2623  bool C_SignEncryptUpdate(SessionHandle session,
2624  Byte* part_ptr,
2625  Ulong part_len,
2626  Byte* encrypted_part_ptr,
2627  Ulong* encrypted_part_len_ptr,
2628  ReturnValue* return_value = ThrowException) const;
2629 
2630  /**
2631  * C_DecryptVerifyUpdate continues a multiple-part decryption and verify operation.
2632  * @param session session's handle
2633  * @param encrypted_part_ptr ciphertext
2634  * @param encrypted_part_len ciphertext length
2635  * @param part_ptr gets plaintext
2636  * @param part_len_ptr gets p-text length
2637  * @param return_value default value (`ThrowException`): throw exception on error.
2638  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2639  * At least the following PKCS#11 return values may be returned:
2640  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2641  * \li DataLenRange \li DeviceError \li DeviceMemory
2642  * \li DeviceRemoved \li EncryptedDataInvalid \li EncryptedDataLenRange
2643  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2644  * \li HostMemory \li OK \li OperationNotInitialized
2645  * \li SessionClosed \li SessionHandleInvalid
2646  * @return true on success, false otherwise
2647  */
2648  bool C_DecryptVerifyUpdate(SessionHandle session,
2649  Byte* encrypted_part_ptr,
2650  Ulong encrypted_part_len,
2651  Byte* part_ptr,
2652  Ulong* part_len_ptr,
2653  ReturnValue* return_value = ThrowException) const;
2654 
2655  /****************************** Key management functions ******************************/
2656 
2657  /**
2658  * C_GenerateKey generates a secret key, creating a new key object.
2659  * @param session the session's handle
2660  * @param mechanism_ptr key generation mech.
2661  * @param attribute_template_ptr template for new key
2662  * @param count # of attrs in template
2663  * @param key_ptr gets handle of new key
2664  * @param return_value default value (`ThrowException`): throw exception on error.
2665  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2666  * At least the following PKCS#11 return values may be returned:
2667  * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
2668  * \li AttributeValueInvalid \li CryptokiNotInitialized \li CurveNotSupported
2669  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2670  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2671  * \li HostMemory \li MechanismInvalid \li MechanismParamInvalid
2672  * \li OK \li OperationActive \li PinExpired
2673  * \li SessionClosed \li SessionHandleInvalid \li SessionReadOnly
2674  * \li TemplateIncomplete \li TemplateInconsistent \li TokenWriteProtected
2675  * \li UserNotLoggedIn
2676  * @return true on success, false otherwise
2677  */
2678  bool C_GenerateKey(SessionHandle session,
2679  Mechanism* mechanism_ptr,
2680  Attribute* attribute_template_ptr,
2681  Ulong count,
2682  ObjectHandle* key_ptr,
2683  ReturnValue* return_value = ThrowException) const;
2684 
2685  /**
2686  * C_GenerateKeyPair generates a public-key/private-key pair, creating new key objects.
2687  * @param session session handle
2688  * @param mechanism_ptr key-gen mech.
2689  * @param public_key_template_ptr template for pub. key
2690  * @param public_key_attribute_count # pub. attrs.
2691  * @param private_key_template_ptr template for priv. key
2692  * @param private_key_attribute_count # priv. attrs.
2693  * @param public_key_ptr gets pub. key handle
2694  * @param private_key_ptr gets priv. key handle
2695  * @param return_value default value (`ThrowException`): throw exception on error.
2696  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2697  * At least the following PKCS#11 return values may be returned:
2698  * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
2699  * \li AttributeValueInvalid \li CryptokiNotInitialized \li CurveNotSupported
2700  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2701  * \li DomainParamsInvalid \li FunctionCanceled \li FunctionFailed
2702  * \li GeneralError \li HostMemory \li MechanismInvalid
2703  * \li MechanismParamInvalid \li OK \li OperationActive
2704  * \li PinExpired \li SessionClosed \li SessionHandleInvalid
2705  * \li SessionReadOnly \li TemplateIncomplete \li TemplateInconsistent
2706  * \li TokenWriteProtected \li UserNotLoggedIn
2707  * @return true on success, false otherwise
2708  */
2709  bool C_GenerateKeyPair(SessionHandle session,
2710  Mechanism* mechanism_ptr,
2711  Attribute* public_key_template_ptr,
2712  Ulong public_key_attribute_count,
2713  Attribute* private_key_template_ptr,
2714  Ulong private_key_attribute_count,
2715  ObjectHandle* public_key_ptr,
2716  ObjectHandle* private_key_ptr,
2717  ReturnValue* return_value = ThrowException) const;
2718 
2719  /**
2720  * C_WrapKey wraps (i.e., encrypts) a key.
2721  * @param session the session's handle
2722  * @param mechanism_ptr the wrapping mechanism
2723  * @param wrapping_key wrapping key
2724  * @param key key to be wrapped
2725  * @param wrapped_key_ptr gets wrapped key
2726  * @param wrapped_key_len_ptr gets wrapped key size
2727  * @param return_value default value (`ThrowException`): throw exception on error.
2728  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2729  * At least the following PKCS#11 return values may be returned:
2730  * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2731  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2732  * \li FunctionCanceled \li FunctionFailed \li GeneralError
2733  * \li HostMemory \li KeyHandleInvalid \li KeyNotWrappable
2734  * \li KeySizeRange \li KeyUnextractable \li MechanismInvalid
2735  * \li MechanismParamInvalid \li OK \li OperationActive
2736  * \li PinExpired \li SessionClosed \li SessionHandleInvalid
2737  * \li UserNotLoggedIn \li WrappingKeyHandleInvalid \li WrappingKeySizeRange
2738  * \li WrappingKeyTypeInconsistent
2739  * @return true on success, false otherwise
2740  */
2741  bool C_WrapKey(SessionHandle session,
2742  Mechanism* mechanism_ptr,
2743  ObjectHandle wrapping_key,
2744  ObjectHandle key,
2745  Byte* wrapped_key_ptr,
2746  Ulong* wrapped_key_len_ptr,
2747  ReturnValue* return_value = ThrowException) const;
2748 
2749  /**
2750  * C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new key object.
2751  * @param session session's handle
2752  * @param mechanism_ptr unwrapping mech.
2753  * @param unwrapping_key unwrapping key
2754  * @param wrapped_key_ptr the wrapped key
2755  * @param wrapped_key_len wrapped key len
2756  * @param attribute_template_ptr new key template
2757  * @param attribute_count template length
2758  * @param key_ptr gets new handle
2759  * @param return_value default value (`ThrowException`): throw exception on error.
2760  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2761  * At least the following PKCS#11 return values may be returned:
2762  * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
2763  * \li AttributeValueInvalid \li BufferTooSmall \li CryptokiNotInitialized
2764  * \li CurveNotSupported \li DeviceError \li DeviceMemory
2765  * \li DeviceRemoved \li DomainParamsInvalid \li FunctionCanceled
2766  * \li FunctionFailed \li GeneralError \li HostMemory
2767  * \li MechanismInvalid \li MechanismParamInvalid \li OK
2768  * \li OperationActive \li PinExpired \li SessionClosed
2769  * \li SessionHandleInvalid \li SessionReadOnly \li TemplateIncomplete
2770  * \li TemplateInconsistent \li TokenWriteProtected \li UnwrappingKeyHandleInvalid
2771  * \li UnwrappingKeySizeRange \li UnwrappingKeyTypeInconsistent \li UserNotLoggedIn
2772  * \li WrappedKeyInvalid \li WrappedKeyLenRange
2773  * @return true on success, false otherwise
2774  */
2775  bool C_UnwrapKey(SessionHandle session,
2776  Mechanism* mechanism_ptr,
2777  ObjectHandle unwrapping_key,
2778  Byte* wrapped_key_ptr,
2779  Ulong wrapped_key_len,
2780  Attribute* attribute_template_ptr,
2781  Ulong attribute_count,
2782  ObjectHandle* key_ptr,
2783  ReturnValue* return_value = ThrowException) const;
2784 
2785  /**
2786  * C_DeriveKey derives a key from a base key, creating a new key object.
2787  * @param session session's handle
2788  * @param mechanism_ptr key deriv. mech.
2789  * @param base_key base key
2790  * @param attribute_template_ptr new key template
2791  * @param attribute_count template length
2792  * @param key_ptr gets new handle
2793  * @param return_value default value (`ThrowException`): throw exception on error.
2794  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2795  * At least the following PKCS#11 return values may be returned:
2796  * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
2797  * \li AttributeValueInvalid \li CryptokiNotInitialized \li CurveNotSupported
2798  * \li DeviceError \li DeviceMemory \li DeviceRemoved
2799  * \li DomainParamsInvalid \li FunctionCanceled \li FunctionFailed
2800  * \li GeneralError \li HostMemory \li KeyHandleInvalid
2801  * \li KeySizeRange \li KeyTypeInconsistent \li MechanismInvalid
2802  * \li MechanismParamInvalid \li OK \li OperationActive
2803  * \li PinExpired \li SessionClosed \li SessionHandleInvalid
2804  * \li SessionReadOnly \li TemplateIncomplete \li TemplateInconsistent
2805  * \li TokenWriteProtected \li UserNotLoggedIn
2806  * @return true on success, false otherwise
2807  */
2808  bool C_DeriveKey(SessionHandle session,
2809  Mechanism* mechanism_ptr,
2810  ObjectHandle base_key,
2811  Attribute* attribute_template_ptr,
2812  Ulong attribute_count,
2813  ObjectHandle* key_ptr,
2814  ReturnValue* return_value = ThrowException) const;
2815 
2816  /****************************** Random number generation functions ******************************/
2817 
2818  /**
2819  * C_SeedRandom mixes additional seed material into the token's random number generator.
2820  * @param session the session's handle
2821  * @param seed_ptr the seed material
2822  * @param seed_len length of seed material
2823  * @param return_value default value (`ThrowException`): throw exception on error.
2824  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2825  * At least the following PKCS#11 return values may be returned:
2826  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2827  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2828  * \li FunctionFailed \li GeneralError \li HostMemory
2829  * \li OK \li OperationActive \li RandomSeedNotSupported
2830  * \li RandomNoRng \li SessionClosed \li SessionHandleInvalid
2831  * \li UserNotLoggedIn
2832  * @return true on success, false otherwise
2833  */
2834  bool C_SeedRandom(SessionHandle session,
2835  Byte* seed_ptr,
2836  Ulong seed_len,
2837  ReturnValue* return_value = ThrowException) const;
2838 
2839  /**
2840  * C_GenerateRandom generates random data.
2841  * @param session the session's handle
2842  * @param random_data_ptr receives the random data
2843  * @param random_len # of bytes to generate
2844  * @param return_value default value (`ThrowException`): throw exception on error.
2845  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2846  * At least the following PKCS#11 return values may be returned:
2847  * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2848  * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2849  * \li FunctionFailed \li GeneralError \li HostMemory
2850  * \li OK \li OperationActive \li RandomNoRng
2851  * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2852  * @return true on success, false otherwise
2853  */
2854  bool C_GenerateRandom(SessionHandle session,
2855  Byte* random_data_ptr,
2856  Ulong random_len,
2857  ReturnValue* return_value = ThrowException) const;
2858 
2859  /****************************** Parallel function management functions ******************************/
2860 
2861  /**
2862  * C_GetFunctionStatus is a legacy function; it obtains an updated status of a function running in parallel with an application.
2863  * @param session the session's handle
2864  * @param return_value default value (`ThrowException`): throw exception on error.
2865  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2866  * At least the following PKCS#11 return values may be returned:
2867  * \li CryptokiNotInitialized \li FunctionFailed \li FunctionNotParallel
2868  * \li GeneralError \li HostMemory \li SessionHandleInvalid
2869  * \li SessionClosed
2870  * @return true on success, false otherwise
2871  */
2872  bool C_GetFunctionStatus(SessionHandle session,
2873  ReturnValue* return_value = ThrowException) const;
2874 
2875  /**
2876  * C_CancelFunction is a legacy function; it cancels a function running in parallel.
2877  * @param session the session's handle
2878  * @param return_value default value (`ThrowException`): throw exception on error.
2879  * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2880  * At least the following PKCS#11 return values may be returned:
2881  * \li CryptokiNotInitialized \li FunctionFailed \li FunctionNotParallel
2882  * \li GeneralError \li HostMemory \li SessionHandleInvalid
2883  * \li SessionClosed
2884  * @return true on success, false otherwise
2885  */
2886  bool C_CancelFunction(SessionHandle session,
2887  ReturnValue* return_value = ThrowException) const;
2888 
2889  private:
2890  const FunctionListPtr m_func_list_ptr;
2891  };
2892 
2893 class BOTAN_PUBLIC_API(2,0) PKCS11_Error : public Exception
2894  {
2895  public:
2896  explicit PKCS11_Error(const std::string& what) :
2897  Exception("PKCS11 error", what)
2898  {
2899  }
2900 
2901  ErrorType error_type() const noexcept override { return ErrorType::Pkcs11Error; }
2902  };
2903 
2904 class BOTAN_PUBLIC_API(2,0) PKCS11_ReturnError final : public PKCS11_Error
2905  {
2906  public:
2907  explicit PKCS11_ReturnError(ReturnValue return_val) :
2908  PKCS11_Error(std::to_string(static_cast< uint32_t >(return_val))),
2909  m_return_val(return_val)
2910  {}
2911 
2913  {
2914  return m_return_val;
2915  }
2916 
2917  int error_code() const noexcept override
2918  {
2919  return static_cast<int>(m_return_val);
2920  }
2921 
2922  private:
2923  const ReturnValue m_return_val;
2924  };
2925 
2926 }
2927 
2928 }
2929 
2930 #endif
#define CKF_EXCLUDE_COUNTER
Definition: pkcs11t.h:1811
#define CKA_CHAR_ROWS
Definition: pkcs11t.h:546
#define CKM_DES3_CBC_ENCRYPT_DATA
Definition: pkcs11t.h:940
#define CKK_RC2
Definition: pkcs11t.h:347
struct CK_RSA_PKCS_OAEP_PARAMS CK_RSA_PKCS_OAEP_PARAMS
#define CKP_PKCS5_PBKD2_HMAC_SHA512
Definition: pkcs11t.h:1724
#define CKF_EC_NAMEDCURVE
Definition: pkcs11t.h:1025
CK_UTF8CHAR Utf8Char
Definition: p11.h:843
#define CKM_HOTP_KEY_GEN
Definition: pkcs11t.h:721
#define CKM_AES_CFB64
Definition: pkcs11t.h:964
#define CKM_CAST128_CBC
Definition: pkcs11t.h:744
#define CKM_SHA512_RSA_PKCS_PSS
Definition: pkcs11t.h:626
#define CKR_RANDOM_SEED_NOT_SUPPORTED
Definition: pkcs11t.h:1129
CK_NOTIFY Notify
Definition: p11.h:844
#define CKR_DEVICE_REMOVED
Definition: pkcs11t.h:1062
#define CKM_DSA_PARAMETER_GEN
Definition: pkcs11t.h:957
#define CKM_AES_CMAC_GENERAL
Definition: pkcs11t.h:924
#define CKM_SHA_1_HMAC_GENERAL
Definition: pkcs11t.h:698
#define CKR_FIPS_SELF_TEST_FAILED
Definition: pkcs11t.h:1151
#define CKM_XOR_BASE_AND_DATA
Definition: pkcs11t.h:767
void change_pin(Slot &slot, const secure_string &old_pin, const secure_string &new_pin)
Definition: p11.cpp:53
#define CKF_USER_PIN_INITIALIZED
Definition: pkcs11t.h:158
#define CKA_HW_FEATURE_TYPE
Definition: pkcs11t.h:539
#define CKM_SHA384_KEY_DERIVATION
Definition: pkcs11t.h:788
#define CKF_SIGN
Definition: pkcs11t.h:1009
#define CKM_KEA_DERIVE
Definition: pkcs11t.h:878
CK_ULONG CK_SLOT_ID
Definition: pkcs11t.h:104
#define CKM_TLS_PRE_MASTER_KEY_GEN
Definition: pkcs11t.h:774
Flag operator|(Flag a, Flag b)
Definition: p11.h:267
#define CKA_TRUSTED
Definition: pkcs11t.h:450
#define CKM_RIPEMD128_HMAC_GENERAL
Definition: pkcs11t.h:702
#define CKR_ENCRYPTED_DATA_INVALID
Definition: pkcs11t.h:1063
#define CKM_PBE_MD5_CAST_CBC
Definition: pkcs11t.h:794
#define CKR_PIN_EXPIRED
Definition: pkcs11t.h:1093
#define CKH_MONOTONIC_COUNTER
Definition: pkcs11t.h:330
#define CKM_RSA_X_509
Definition: pkcs11t.h:589
#define CKA_ENCODING_METHODS
Definition: pkcs11t.h:551
#define CKM_DES_CFB8
Definition: pkcs11t.h:683
#define CKH_USER_INTERFACE
Definition: pkcs11t.h:332
#define CKA_PRIME_1
Definition: pkcs11t.h:478
#define CKG_MGF1_SHA256
Definition: pkcs11t.h:1247
#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC
Definition: pkcs11t.h:813
#define CKR_KEY_NEEDED
Definition: pkcs11t.h:1077
#define CKA_WRAP_WITH_TRUSTED
Definition: pkcs11t.h:515
#define CKR_SAVED_STATE_INVALID
Definition: pkcs11t.h:1138
#define CKM_KEY_WRAP_LYNKS
Definition: pkcs11t.h:829
#define CKA_PRIVATE_EXPONENT
Definition: pkcs11t.h:477
#define CKM_CAST_KEY_GEN
Definition: pkcs11t.h:726
#define CKK_CAST128
Definition: pkcs11t.h:355
#define CKM_SHA512_RSA_PKCS
Definition: pkcs11t.h:623
#define CKM_IDEA_KEY_GEN
Definition: pkcs11t.h:757
#define CKM_SHA224_RSA_PKCS
Definition: pkcs11t.h:628
#define CKM_SEED_CBC_ENCRYPT_DATA
Definition: pkcs11t.h:863
#define CKF_TOKEN_PRESENT
Definition: pkcs11t.h:122
#define CKM_GOSTR3410_WITH_GOSTR3411
Definition: pkcs11t.h:946
#define CKM_SHA256_HMAC
Definition: pkcs11t.h:708
CK_UNLOCKMUTEX UnlockMutex
Definition: p11.h:833
#define CKM_CAMELLIA_MAC_GENERAL
Definition: pkcs11t.h:841
#define CKR_CANCEL
Definition: pkcs11t.h:1039
#define CKM_PBE_SHA1_RC2_128_CBC
Definition: pkcs11t.h:804
#define CKA_UNWRAP_TEMPLATE
Definition: pkcs11t.h:517
#define CKA_SUBJECT
Definition: pkcs11t.h:460
#define CKA_EC_PARAMS
Definition: pkcs11t.h:506
#define CKA_OTP_SERVICE_LOGO_TYPE
Definition: pkcs11t.h:533
#define CKF_EC_ECPARAMETERS
Definition: pkcs11t.h:1024
#define CKM_DES3_CMAC_GENERAL
Definition: pkcs11t.h:671
#define CKM_CDMF_CBC
Definition: pkcs11t.h:675
#define CKM_CAST5_CBC
Definition: pkcs11t.h:743
#define CKD_SHA1_KDF_CONCATENATE
Definition: pkcs11t.h:1295
#define CKF_PROTECTED_AUTHENTICATION_PATH
Definition: pkcs11t.h:177
#define CKM_RC2_ECB
Definition: pkcs11t.h:646
#define CKK_VENDOR_DEFINED
Definition: pkcs11t.h:387
#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT
Definition: pkcs11t.h:1115
#define CKM_SHA512_HMAC
Definition: pkcs11t.h:717
#define CKM_TLS_KDF
Definition: pkcs11t.h:827
#define CKF_GENERATE_KEY_PAIR
Definition: pkcs11t.h:1014
#define CKK_SHA224_HMAC
Definition: pkcs11t.h:378
CK_ULONG CK_MECHANISM_TYPE
Definition: pkcs11t.h:583
#define CKM_ARIA_ECB_ENCRYPT_DATA
Definition: pkcs11t.h:853
#define CKM_PBE_MD5_CAST5_CBC
Definition: pkcs11t.h:796
#define CKA_CHAR_COLUMNS
Definition: pkcs11t.h:547
#define CKU_CONTEXT_SPECIFIC
Definition: pkcs11t.h:268
#define CKA_LABEL
Definition: pkcs11t.h:440
#define CKA_ISSUER
Definition: pkcs11t.h:445
CK_ULONG CK_NOTIFICATION
Definition: pkcs11t.h:100
#define CKM_BATON_WRAP
Definition: pkcs11t.h:886
#define CKS_RW_USER_FUNCTIONS
Definition: pkcs11t.h:275
#define CKM_SEED_ECB_ENCRYPT_DATA
Definition: pkcs11t.h:862
#define CKM_SKIPJACK_CFB8
Definition: pkcs11t.h:872
#define CKM_ECDSA_SHA256
Definition: pkcs11t.h:894
#define CKM_ECDSA_SHA224
Definition: pkcs11t.h:893
#define CKA_ATTR_TYPES
Definition: pkcs11t.h:449
#define CKA_MIME_TYPES
Definition: pkcs11t.h:552
CK_BYTE CK_BBOOL
Definition: pkcs11t.h:45
CertificateType
Definition: p11.h:177
#define CKA_OTP_COUNTER_REQUIREMENT
Definition: pkcs11t.h:526
#define CKA_REQUIRED_CMS_ATTRIBUTES
Definition: pkcs11t.h:554
#define CKA_EXTRACTABLE
Definition: pkcs11t.h:494
#define CKR_DEVICE_ERROR
Definition: pkcs11t.h:1060
#define CKR_SIGNATURE_INVALID
Definition: pkcs11t.h:1106
#define CKK_ARIA
Definition: pkcs11t.h:369
#define CKR_FUNCTION_CANCELED
Definition: pkcs11t.h:1065
#define CKM_PBA_SHA1_WITH_SHA1_HMAC
Definition: pkcs11t.h:809
#define CK_CERTIFICATE_CATEGORY_OTHER_ENTITY
Definition: pkcs11t.h:398
#define CKM_JUNIPER_COUNTER
Definition: pkcs11t.h:908
#define CKM_DSA_SHA512
Definition: pkcs11t.h:611
#define CKF_LIBRARY_CANT_CREATE_OS_THREADS
Definition: pkcs11t.h:1225
#define CKA_EC_POINT
Definition: pkcs11t.h:508
#define CKM_CAMELLIA_CBC_ENCRYPT_DATA
Definition: pkcs11t.h:844
bool C_Sign(SessionHandle session, const std::vector< uint8_t, TAllocA > &data, std::vector< uint8_t, TAllocB > &signature, ReturnValue *return_value=ThrowException) const
Definition: p11.h:2187
#define CKM_CAST5_ECB
Definition: pkcs11t.h:741
#define CKD_SHA384_KDF
Definition: pkcs11t.h:1298
#define CKM_CAST3_KEY_GEN
Definition: pkcs11t.h:732
#define CKK_HOTP
Definition: pkcs11t.h:366
struct CK_TOKEN_INFO CK_TOKEN_INFO
#define CKK_SHA256_HMAC
Definition: pkcs11t.h:375
#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE
Definition: pkcs11t.h:815
#define CKM_CDMF_CBC_PAD
Definition: pkcs11t.h:678
#define CKM_DES3_CMAC
Definition: pkcs11t.h:672
#define CKM_SKIPJACK_WRAP
Definition: pkcs11t.h:873
#define CKA_COEFFICIENT
Definition: pkcs11t.h:482
#define CKM_RC2_KEY_GEN
Definition: pkcs11t.h:645
#define CKM_RSA_PKCS_TPM_1_1
Definition: pkcs11t.h:972
#define CKC_WTLS
Definition: pkcs11t.h:409
#define CKM_RSA_PKCS
Definition: pkcs11t.h:587
#define CKK_CAST
Definition: pkcs11t.h:352
AttributeType
Definition: p11.h:65
#define CK_CERTIFICATE_CATEGORY_AUTHORITY
Definition: pkcs11t.h:397
#define CKM_CDMF_MAC
Definition: pkcs11t.h:676
#define CKR_ATTRIBUTE_SENSITIVE
Definition: pkcs11t.h:1052
#define CKM_RSA_PKCS_KEY_PAIR_GEN
Definition: pkcs11t.h:586
#define CKM_SKIPJACK_KEY_GEN
Definition: pkcs11t.h:865
#define CKR_NO_EVENT
Definition: pkcs11t.h:1047
bool C_SignUpdate(SessionHandle session, const std::vector< uint8_t, TAlloc > &part, ReturnValue *return_value=ThrowException) const
Definition: p11.h:2252
#define CKM_CAMELLIA_ECB_ENCRYPT_DATA
Definition: pkcs11t.h:843
#define CKM_AES_KEY_WRAP
Definition: pkcs11t.h:969
#define CRYPTOKI_VERSION_MINOR
Definition: pkcs11t.h:20
#define CKM_CAST_MAC_GENERAL
Definition: pkcs11t.h:730
#define CKA_SERIAL_NUMBER
Definition: pkcs11t.h:446
#define CKM_RC5_CBC_PAD
Definition: pkcs11t.h:756
#define CKM_IDEA_CBC
Definition: pkcs11t.h:759
#define CKF_ERROR_STATE
Definition: pkcs11t.h:248
#define CKM_MD5_RSA_PKCS
Definition: pkcs11t.h:592
#define CKM_SHA512_224_KEY_DERIVATION
Definition: pkcs11t.h:634
#define CKM_SKIPJACK_CFB32
Definition: pkcs11t.h:870
#define CKG_MGF1_SHA384
Definition: pkcs11t.h:1248
#define CKM_SHA512_HMAC_GENERAL
Definition: pkcs11t.h:718
#define CKM_AES_CFB128
Definition: pkcs11t.h:966
#define CKR_GENERAL_ERROR
Definition: pkcs11t.h:1043
void set_pin(Slot &slot, const secure_string &so_pin, const secure_string &pin)
Definition: p11.cpp:67
#define CKM_CAMELLIA_CBC_PAD
Definition: pkcs11t.h:842
#define CKD_NULL
Definition: pkcs11t.h:1290
#define CKM_DES3_CBC
Definition: pkcs11t.h:666
#define CKA_PUBLIC_KEY_INFO
Definition: pkcs11t.h:483
#define CKR_OK
Definition: pkcs11t.h:1038
#define CKK_EC
Definition: pkcs11t.h:343
#define CKR_WRAPPING_KEY_SIZE_RANGE
Definition: pkcs11t.h:1127
#define CKM_DES_CFB64
Definition: pkcs11t.h:682
#define CKA_VALUE
Definition: pkcs11t.h:442
#define CKA_KEY_TYPE
Definition: pkcs11t.h:459
#define CKA_ID
Definition: pkcs11t.h:461
#define CKA_OTP_COUNTER
Definition: pkcs11t.h:528
#define CKM_TLS12_MAC
Definition: pkcs11t.h:820
#define CKM_SSL3_MASTER_KEY_DERIVE
Definition: pkcs11t.h:770
#define CKM_AES_KEY_GEN
Definition: pkcs11t.h:913
CK_ULONG CK_OBJECT_HANDLE
Definition: pkcs11t.h:298
#define CKF_SO_PIN_COUNT_LOW
Definition: pkcs11t.h:229
#define CKM_CONCATENATE_BASE_AND_DATA
Definition: pkcs11t.h:765
#define CKF_GENERATE
Definition: pkcs11t.h:1013
struct CK_INFO CK_INFO
#define CKM_CAST128_MAC_GENERAL
Definition: pkcs11t.h:748
#define CKM_KEA_KEY_DERIVE
Definition: pkcs11t.h:877
#define CKA_OBJECT_ID
Definition: pkcs11t.h:443
int(* final)(unsigned char *, CTX *)
#define CKM_TLS10_MAC_CLIENT
Definition: pkcs11t.h:819
#define CKM_PBE_SHA1_RC4_40
Definition: pkcs11t.h:801
#define CKA_WRAP
Definition: pkcs11t.h:465
#define CKF_WRITE_PROTECTED
Definition: pkcs11t.h:156
#define CKM_CAST3_CBC_PAD
Definition: pkcs11t.h:737
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31
#define CKM_RIPEMD128_RSA_PKCS
Definition: pkcs11t.h:595
#define CKM_RC2_CBC
Definition: pkcs11t.h:647
#define CKR_OBJECT_HANDLE_INVALID
Definition: pkcs11t.h:1086
#define CKK_CAMELLIA
Definition: pkcs11t.h:368
#define CKF_USER_FRIENDLY_OTP
Definition: pkcs11t.h:1814
#define CKO_CERTIFICATE
Definition: pkcs11t.h:311
#define CKK_SEED
Definition: pkcs11t.h:380
#define CKM_TLS_MASTER_KEY_DERIVE_DH
Definition: pkcs11t.h:777
#define CKM_TWOFISH_CBC_PAD
Definition: pkcs11t.h:935
#define CKA_GOST28147_PARAMS
Definition: pkcs11t.h:537
#define CKM_KIP_WRAP
Definition: pkcs11t.h:834
#define CKM_SSL3_MD5_MAC
Definition: pkcs11t.h:781
#define CKM_BATON_COUNTER
Definition: pkcs11t.h:884
#define CKM_BATON_ECB96
Definition: pkcs11t.h:882
Flags flags(Flag flags)
Definition: p11.h:860
#define CK_TRUE
Definition: pkcs11t.h:23
#define CKM_GOSTR3410
Definition: pkcs11t.h:945
Definition: bigint.h:1143
#define CKM_PBE_SHA1_DES3_EDE_CBC
Definition: pkcs11t.h:802
#define CKH_CLOCK
Definition: pkcs11t.h:331
#define CKR_MUTEX_BAD
Definition: pkcs11t.h:1144
#define CKR_RANDOM_NO_RNG
Definition: pkcs11t.h:1131
PseudoRandom
Definition: p11.h:694
#define CKP_PKCS5_PBKD2_HMAC_SHA512_224
Definition: pkcs11t.h:1725
#define CKM_SHA512_224
Definition: pkcs11t.h:631
PKCS11_Error(const std::string &what)
Definition: p11.h:2896
#define CKM_TWOFISH_KEY_GEN
Definition: pkcs11t.h:932
#define CKA_PIXEL_X
Definition: pkcs11t.h:543
#define CKG_MGF1_SHA1
Definition: pkcs11t.h:1246
#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT
Definition: pkcs11t.h:1128
CK_ULONG Ulong
Definition: p11.h:838
#define CKM_SHA224
Definition: pkcs11t.h:710
#define CKS_RO_PUBLIC_SESSION
Definition: pkcs11t.h:272
#define CKO_SECRET_KEY
Definition: pkcs11t.h:314
#define CKR_ATTRIBUTE_READ_ONLY
Definition: pkcs11t.h:1051
#define CKM_RC5_MAC_GENERAL
Definition: pkcs11t.h:755
#define CKR_SESSION_EXISTS
Definition: pkcs11t.h:1101
CK_VOID_PTR VoidPtr
Definition: p11.h:828
#define CKM_BLOWFISH_KEY_GEN
Definition: pkcs11t.h:930
#define CKF_HW_SLOT
Definition: pkcs11t.h:124
#define CKR_MUTEX_NOT_LOCKED
Definition: pkcs11t.h:1145
unsigned char CK_BYTE
Definition: pkcs11t.h:36
#define CKM_SEED_MAC
Definition: pkcs11t.h:859
#define CKR_NEXT_OTP
Definition: pkcs11t.h:1148
#define CKM_RSA_9796
Definition: pkcs11t.h:588
unsigned long int CK_ULONG
Definition: pkcs11t.h:48
#define CKM_PBE_SHA1_RC2_40_CBC
Definition: pkcs11t.h:805
#define CKA_ALWAYS_AUTHENTICATE
Definition: pkcs11t.h:513
#define CKA_DERIVE
Definition: pkcs11t.h:471
#define CKK_X9_42_DH
Definition: pkcs11t.h:344
#define CKA_OTP_FORMAT
Definition: pkcs11t.h:520
#define CKF_REMOVABLE_DEVICE
Definition: pkcs11t.h:123
#define CKA_OTP_TIME_REQUIREMENT
Definition: pkcs11t.h:525
#define CKR_TOKEN_WRITE_PROTECTED
Definition: pkcs11t.h:1112
#define CKM_DES3_CBC_PAD
Definition: pkcs11t.h:670
#define CKR_DEVICE_MEMORY
Definition: pkcs11t.h:1061
struct CK_MECHANISM CK_MECHANISM
#define CKM_RC4
Definition: pkcs11t.h:654
#define CKR_INFORMATION_SENSITIVE
Definition: pkcs11t.h:1139
#define CKC_X_509
Definition: pkcs11t.h:407
#define CKM_DES_OFB64
Definition: pkcs11t.h:680
#define CKR_EXCEEDED_MAX_ITERATIONS
Definition: pkcs11t.h:1150
CK_ULONG CK_ATTRIBUTE_TYPE
Definition: pkcs11t.h:416
MechanismType type
#define CKP_PKCS5_PBKD2_HMAC_GOSTR3411
Definition: pkcs11t.h:1720
#define CKM_AES_CTR
Definition: pkcs11t.h:919
#define CKA_PRIVATE
Definition: pkcs11t.h:439
#define CKK_MD5_HMAC
Definition: pkcs11t.h:371
#define CKA_OTP_PIN_REQUIREMENT
Definition: pkcs11t.h:527
#define CKA_ALWAYS_SENSITIVE
Definition: pkcs11t.h:497
#define CKR_PIN_INVALID
Definition: pkcs11t.h:1090
#define CKA_END_DATE
Definition: pkcs11t.h:473
#define CKM_ECDSA_SHA1
Definition: pkcs11t.h:892
#define CKU_SO
Definition: pkcs11t.h:264
#define CKA_OTP_LENGTH
Definition: pkcs11t.h:521
#define CKM_CAST128_ECB
Definition: pkcs11t.h:742
CK_ULONG CK_HW_FEATURE_TYPE
Definition: pkcs11t.h:327
#define CKR_LIBRARY_LOAD_FAILED
Definition: pkcs11t.h:1152
#define CKR_PIN_TOO_WEAK
Definition: pkcs11t.h:1153
#define CKM_SSL3_PRE_MASTER_KEY_GEN
Definition: pkcs11t.h:769
CK_BYTE Byte
Definition: p11.h:849
#define CKM_SHA512_T_HMAC_GENERAL
Definition: pkcs11t.h:642
#define CKA_SIGN
Definition: pkcs11t.h:467
#define CKR_DATA_INVALID
Definition: pkcs11t.h:1058
#define CKM_MD2_HMAC
Definition: pkcs11t.h:687
#define CKM_AES_ECB_ENCRYPT_DATA
Definition: pkcs11t.h:941
#define CKR_ATTRIBUTE_TYPE_INVALID
Definition: pkcs11t.h:1053
#define CKA_VENDOR_DEFINED
Definition: pkcs11t.h:559
#define CKM_AES_XCBC_MAC_96
Definition: pkcs11t.h:927
#define CKM_ACTI_KEY_GEN
Definition: pkcs11t.h:724
#define CKM_SHA1_RSA_X9_31
Definition: pkcs11t.h:601
#define CKK_DES2
Definition: pkcs11t.h:350
#define CKM_AES_CCM
Definition: pkcs11t.h:921
#define CKK_RC5
Definition: pkcs11t.h:356
#define CKA_ECDSA_PARAMS
Definition: pkcs11t.h:505
#define CKF_WRAP
Definition: pkcs11t.h:1015
#define CKM_TLS12_KDF
Definition: pkcs11t.h:821
#define CKR_PIN_INCORRECT
Definition: pkcs11t.h:1089
#define CKM_DH_PKCS_PARAMETER_GEN
Definition: pkcs11t.h:958
#define CKA_CERTIFICATE_CATEGORY
Definition: pkcs11t.h:451
#define CKA_LOCAL
Definition: pkcs11t.h:495
#define CKM_SHA1_RSA_PKCS_PSS
Definition: pkcs11t.h:603
#define CKA_EXPONENT_1
Definition: pkcs11t.h:480
#define CKM_TLS10_MAC_SERVER
Definition: pkcs11t.h:818
#define CKR_PUBLIC_KEY_INVALID
Definition: pkcs11t.h:1154
#define CKK_ACTI
Definition: pkcs11t.h:367
#define CKF_LOGIN_REQUIRED
Definition: pkcs11t.h:157
#define CKM_VENDOR_DEFINED
Definition: pkcs11t.h:975
CK_ULONG CK_OBJECT_CLASS
Definition: pkcs11t.h:307
#define CKA_HAS_RESET
Definition: pkcs11t.h:541
#define CKR_STATE_UNSAVEABLE
Definition: pkcs11t.h:1140
#define CKM_PBE_SHA1_DES2_EDE_CBC
Definition: pkcs11t.h:803
#define CKR_KEY_INDIGESTIBLE
Definition: pkcs11t.h:1078
#define CKM_PBE_MD5_DES_CBC
Definition: pkcs11t.h:793
#define CKF_NEXT_OTP
Definition: pkcs11t.h:1809
#define CKA_OTP_SERVICE_LOGO
Definition: pkcs11t.h:532
#define CKD_SHA512_KDF
Definition: pkcs11t.h:1299
#define CKF_VERIFY_RECOVER
Definition: pkcs11t.h:1012
struct CK_C_INITIALIZE_ARGS CK_C_INITIALIZE_ARGS
std::string to_string(ErrorType type)
Convert an ErrorType to string.
Definition: exceptn.cpp:11
#define CKF_EXTENSION
Definition: pkcs11t.h:1029
#define CKK_GOSTR3410
Definition: pkcs11t.h:381
CK_FUNCTION_LIST_PTR FunctionListPtr
Definition: p11.h:827
#define CKR_ACTION_PROHIBITED
Definition: pkcs11t.h:1056
#define CKM_SHA256
Definition: pkcs11t.h:707
#define CKF_HW
Definition: pkcs11t.h:1003
#define CKF_EC_UNCOMPRESS
Definition: pkcs11t.h:1026
#define CKF_OS_LOCKING_OK
Definition: pkcs11t.h:1226
#define CKF_DERIVE
Definition: pkcs11t.h:1017
#define CKR_USER_TOO_MANY_TYPES
Definition: pkcs11t.h:1122
#define CKM_RC2_MAC
Definition: pkcs11t.h:648
#define CKM_TLS_PRF
Definition: pkcs11t.h:779
#define CKM_X9_42_MQV_DERIVE
Definition: pkcs11t.h:619
#define CKA_SECONDARY_AUTH
Definition: pkcs11t.h:510
#define CKF_EC_F_P
Definition: pkcs11t.h:1022
#define CKM_RIPEMD128
Definition: pkcs11t.h:700
#define CKM_MD5_KEY_DERIVATION
Definition: pkcs11t.h:783
#define CKM_ECDSA_SHA384
Definition: pkcs11t.h:895
#define CKM_SHA1_KEY_DERIVATION
Definition: pkcs11t.h:785
CK_CREATEMUTEX CreateMutex
Definition: p11.h:830
#define CKM_DSA_SHA224
Definition: pkcs11t.h:608
#define CKM_SHA1_RSA_PKCS
Definition: pkcs11t.h:593
#define CKM_AES_CFB1
Definition: pkcs11t.h:968
CK_SESSION_HANDLE SessionHandle
Definition: p11.h:845
#define CKA_CHAR_SETS
Definition: pkcs11t.h:550
#define CKM_MD2_KEY_DERIVATION
Definition: pkcs11t.h:784
#define CKA_ALLOWED_MECHANISMS
Definition: pkcs11t.h:557
#define CKM_DES_CBC
Definition: pkcs11t.h:657
#define CKF_UNWRAP
Definition: pkcs11t.h:1016
bool C_Login(SessionHandle session, UserType user_type, const std::vector< uint8_t, TAlloc > &pin, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1431
#define CKK_GENERIC_SECRET
Definition: pkcs11t.h:346
#define CKM_SHA384_HMAC
Definition: pkcs11t.h:714
#define CKF_RESTORE_KEY_NOT_NEEDED
Definition: pkcs11t.h:165
#define CKR_OPERATION_ACTIVE
Definition: pkcs11t.h:1087
#define CKM_SHA512_224_HMAC_GENERAL
Definition: pkcs11t.h:633
#define CKM_DES_CBC_PAD
Definition: pkcs11t.h:661
#define CKM_RSA_AES_KEY_WRAP
Definition: pkcs11t.h:903
#define CKA_ENCRYPT
Definition: pkcs11t.h:463
#define CKM_FASTHASH
Definition: pkcs11t.h:911
#define CKM_CONCATENATE_BASE_AND_KEY
Definition: pkcs11t.h:764
#define CKM_ECDSA
Definition: pkcs11t.h:891
#define CKM_BATON_ECB128
Definition: pkcs11t.h:881
CK_ULONG CK_SESSION_HANDLE
Definition: pkcs11t.h:256
#define CKR_KEY_NOT_WRAPPABLE
Definition: pkcs11t.h:1080
#define CKA_MODULUS
Definition: pkcs11t.h:474
#define CKM_SHA512_T_KEY_DERIVATION
Definition: pkcs11t.h:643
#define CKS_RO_USER_FUNCTIONS
Definition: pkcs11t.h:273
#define CKM_AES_CBC_PAD
Definition: pkcs11t.h:918
#define CKF_CLOCK_ON_TOKEN
Definition: pkcs11t.h:171
#define CKA_OTP_USER_IDENTIFIER
Definition: pkcs11t.h:530
#define CKM_ARIA_ECB
Definition: pkcs11t.h:848
#define CKK_KEA
Definition: pkcs11t.h:345
#define CKR_FUNCTION_NOT_SUPPORTED
Definition: pkcs11t.h:1068
#define CKM_AES_GCM
Definition: pkcs11t.h:920
#define CKM_KEY_WRAP_SET_OAEP
Definition: pkcs11t.h:830
void change_so_pin(Slot &slot, const secure_string &old_so_pin, const secure_string &new_so_pin)
Definition: p11.cpp:60
#define CKM_SEED_MAC_GENERAL
Definition: pkcs11t.h:860
std::vector< T, secure_allocator< T >> secure_vector
Definition: secmem.h:65
#define CKR_PIN_LOCKED
Definition: pkcs11t.h:1094
#define CK_CERTIFICATE_CATEGORY_UNSPECIFIED
Definition: pkcs11t.h:395
#define CKM_AES_CMAC
Definition: pkcs11t.h:923
#define CKM_FORTEZZA_TIMESTAMP
Definition: pkcs11t.h:879
#define CKM_JUNIPER_KEY_GEN
Definition: pkcs11t.h:905
#define CKR_FUNCTION_FAILED
Definition: pkcs11t.h:1044
#define CKR_TEMPLATE_INCONSISTENT
Definition: pkcs11t.h:1109
#define CKA_SENSITIVE
Definition: pkcs11t.h:462
#define CKA_PUBLIC_EXPONENT
Definition: pkcs11t.h:476
struct CK_RSA_PKCS_PSS_PARAMS CK_RSA_PKCS_PSS_PARAMS
#define CKK_CDMF
Definition: pkcs11t.h:361
#define CKM_SHA384_RSA_PKCS
Definition: pkcs11t.h:622
#define CKM_SEED_CBC
Definition: pkcs11t.h:858
#define CKM_AES_OFB
Definition: pkcs11t.h:963
#define CKF_EC_COMPRESS
Definition: pkcs11t.h:1027
#define CKM_GOST28147_KEY_GEN
Definition: pkcs11t.h:951
#define CKP_PKCS5_PBKD2_HMAC_SHA1
Definition: pkcs11t.h:1719
#define CKM_ECDSA_SHA512
Definition: pkcs11t.h:896
#define CKM_AES_MAC
Definition: pkcs11t.h:916
CK_ULONG CK_KEY_TYPE
Definition: pkcs11t.h:336
#define CKM_AES_MAC_GENERAL
Definition: pkcs11t.h:917
#define CKD_SHA224_KDF
Definition: pkcs11t.h:1296
#define CKR_ARGUMENTS_BAD
Definition: pkcs11t.h:1046
#define CKA_OWNER
Definition: pkcs11t.h:448
#define CRYPTOKI_VERSION_MAJOR
Definition: pkcs11t.h:19
#define CKF_SECONDARY_AUTHENTICATION
Definition: pkcs11t.h:199
#define CKA_COPYABLE
Definition: pkcs11t.h:501
#define CKP_PKCS5_PBKD2_HMAC_SHA256
Definition: pkcs11t.h:1722
#define CKM_GENERIC_SECRET_KEY_GEN
Definition: pkcs11t.h:763
#define CKM_SHA256_HMAC_GENERAL
Definition: pkcs11t.h:709
#define CKM_BATON_SHUFFLE
Definition: pkcs11t.h:885
#define CKR_BUFFER_TOO_SMALL
Definition: pkcs11t.h:1137
#define CKR_USER_NOT_LOGGED_IN
Definition: pkcs11t.h:1117
#define CKA_PRIME
Definition: pkcs11t.h:484
#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN
Definition: pkcs11t.h:1121
#define CKM_DSA_PROBABLISTIC_PARAMETER_GEN
Definition: pkcs11t.h:960
#define CKR_FUNCTION_NOT_PARALLEL
Definition: pkcs11t.h:1066
#define CKK_SECURID
Definition: pkcs11t.h:365
CK_ULONG CK_RV
Definition: pkcs11t.h:1036
#define CKM_DES_ECB_ENCRYPT_DATA
Definition: pkcs11t.h:937
#define CKM_BATON_KEY_GEN
Definition: pkcs11t.h:880
#define CKM_TLS12_KEY_AND_MAC_DERIVE
Definition: pkcs11t.h:823
#define CKM_GOSTR3410_KEY_PAIR_GEN
Definition: pkcs11t.h:944
#define CKM_RIPEMD128_HMAC
Definition: pkcs11t.h:701
#define CKM_X9_42_DH_HYBRID_DERIVE
Definition: pkcs11t.h:618
#define CKM_JUNIPER_ECB128
Definition: pkcs11t.h:906
#define CKK_AES
Definition: pkcs11t.h:362
#define CKF_DUAL_CRYPTO_OPERATIONS
Definition: pkcs11t.h:185
#define CKM_PBE_SHA1_CAST128_CBC
Definition: pkcs11t.h:799
#define CKA_GOSTR3410_PARAMS
Definition: pkcs11t.h:535
struct CK_DATE CK_DATE
#define CKM_DES3_ECB
Definition: pkcs11t.h:665
#define CKM_GOSTR3411
Definition: pkcs11t.h:949
#define CKM_SECURID_KEY_GEN
Definition: pkcs11t.h:719
#define CKM_ARIA_MAC
Definition: pkcs11t.h:850
#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE
Definition: pkcs11t.h:816
ErrorType error_type() const noexceptoverride
Definition: p11.h:2901
#define CKM_MD5_HMAC
Definition: pkcs11t.h:692
#define CKM_CAST_CBC
Definition: pkcs11t.h:728
#define CKO_OTP_KEY
Definition: pkcs11t.h:318
#define CKN_OTP_CHANGED
Definition: pkcs11t.h:102
#define CKM_PBE_SHA1_CAST5_CBC
Definition: pkcs11t.h:798
#define CK_FALSE
Definition: pkcs11t.h:24
ErrorType
Definition: exceptn.h:20
#define CKR_KEY_TYPE_INCONSISTENT
Definition: pkcs11t.h:1073
#define CKM_KIP_MAC
Definition: pkcs11t.h:835
#define CKO_PUBLIC_KEY
Definition: pkcs11t.h:312
#define CKR_SLOT_ID_INVALID
Definition: pkcs11t.h:1041
#define CKR_CANT_LOCK
Definition: pkcs11t.h:1049
#define CKM_SHA384_HMAC_GENERAL
Definition: pkcs11t.h:715
#define CKF_SO_PIN_LOCKED
Definition: pkcs11t.h:239
bool C_InitToken(SlotId slot_id, const std::vector< uint8_t, TAlloc > &so_pin, const std::string &label, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1150
#define CKK_JUNIPER
Definition: pkcs11t.h:360
#define CKM_SHA512_KEY_DERIVATION
Definition: pkcs11t.h:789
#define CKK_SKIPJACK
Definition: pkcs11t.h:358
bool C_SetPIN(SessionHandle session, const std::vector< uint8_t, TAlloc > &old_pin, const std::vector< uint8_t, TAlloc > &new_pin, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1257
CK_ULONG CK_USER_TYPE
Definition: pkcs11t.h:262
#define CKR_KEY_NOT_NEEDED
Definition: pkcs11t.h:1075
#define CKM_IDEA_ECB
Definition: pkcs11t.h:758
#define CKR_ATTRIBUTE_VALUE_INVALID
Definition: pkcs11t.h:1054
#define CKM_ECDSA_KEY_PAIR_GEN
Definition: pkcs11t.h:888
#define CKM_TLS12_KEY_SAFE_DERIVE
Definition: pkcs11t.h:825
#define CKC_VENDOR_DEFINED
Definition: pkcs11t.h:410
#define CKM_RC5_CBC
Definition: pkcs11t.h:753
#define CKR_SIGNATURE_LEN_RANGE
Definition: pkcs11t.h:1107
#define CKM_ECDH1_DERIVE
Definition: pkcs11t.h:898
#define CKA_NAME_HASH_ALGORITHM
Definition: pkcs11t.h:456
#define CKM_DES_ECB
Definition: pkcs11t.h:656
#define CKM_DES3_KEY_GEN
Definition: pkcs11t.h:664
bool C_SetAttributeValue(SessionHandle session, ObjectHandle object, std::map< AttributeType, std::vector< uint8_t, TAlloc >> &attribute_values, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1666
#define CKM_CAST3_CBC
Definition: pkcs11t.h:734
#define CKF_USER_PIN_LOCKED
Definition: pkcs11t.h:216
#define CKR_KEY_SIZE_RANGE
Definition: pkcs11t.h:1072
#define CKM_AES_CTS
Definition: pkcs11t.h:922
#define CKK_ECDSA
Definition: pkcs11t.h:342
#define CKA_MECHANISM_TYPE
Definition: pkcs11t.h:553
#define CKM_AES_CFB8
Definition: pkcs11t.h:965
#define CKM_MD5
Definition: pkcs11t.h:690
#define CKM_CAMELLIA_ECB
Definition: pkcs11t.h:838
#define CKM_EC_KEY_PAIR_GEN
Definition: pkcs11t.h:889
#define CKM_RC5_KEY_GEN
Definition: pkcs11t.h:751
#define CKG_MGF1_SHA512
Definition: pkcs11t.h:1249
#define CKA_SUBPRIME_BITS
Definition: pkcs11t.h:489
#define CKA_DERIVE_TEMPLATE
Definition: pkcs11t.h:518
#define CKU_USER
Definition: pkcs11t.h:266
#define CKM_MD5_HMAC_GENERAL
Definition: pkcs11t.h:693
#define CKR_CRYPTOKI_ALREADY_INITIALIZED
Definition: pkcs11t.h:1143
HardwareType
Definition: p11.h:281
#define CKK_GOST28147
Definition: pkcs11t.h:383
#define CKF_USER_PIN_COUNT_LOW
Definition: pkcs11t.h:205
#define CKF_RW_SESSION
Definition: pkcs11t.h:289
#define CKM_GOST28147
Definition: pkcs11t.h:953
#define CKM_CONCATENATE_DATA_AND_BASE
Definition: pkcs11t.h:766
#define CKF_SO_PIN_TO_BE_CHANGED
Definition: pkcs11t.h:246
#define CKM_SKIPJACK_RELAYX
Definition: pkcs11t.h:875
#define CKM_WTLS_MASTER_KEY_DERIVE
Definition: pkcs11t.h:812
#define CKM_SHA512
Definition: pkcs11t.h:716
#define CKM_JUNIPER_CBC128
Definition: pkcs11t.h:907
#define CKM_CAMELLIA_CTR
Definition: pkcs11t.h:845
#define CKK_RIPEMD160_HMAC
Definition: pkcs11t.h:374
#define CKM_SHA512_256
Definition: pkcs11t.h:635
#define CKR_NEED_TO_CREATE_THREADS
Definition: pkcs11t.h:1048
#define CKA_PIXEL_Y
Definition: pkcs11t.h:544
Provides access to all PKCS#11 functions.
Definition: p11.h:903
const Bbool False
Definition: p11.h:858
#define CKM_GOSTR3410_DERIVE
Definition: pkcs11t.h:948
#define CKM_MD2_RSA_PKCS
Definition: pkcs11t.h:591
#define CKM_RSA_PKCS_PSS
Definition: pkcs11t.h:602
Definition: alg_id.cpp:13
CK_OBJECT_HANDLE ObjectHandle
Definition: p11.h:848
struct CK_SESSION_INFO CK_SESSION_INFO
#define CKA_TOKEN
Definition: pkcs11t.h:438
#define CKM_CMS_SIG
Definition: pkcs11t.h:832
#define CKR_CRYPTOKI_NOT_INITIALIZED
Definition: pkcs11t.h:1142
#define CKF_VERIFY
Definition: pkcs11t.h:1011
#define CKR_WRAPPING_KEY_HANDLE_INVALID
Definition: pkcs11t.h:1126
#define CKK_RSA
Definition: pkcs11t.h:339
#define CKM_MD2_HMAC_GENERAL
Definition: pkcs11t.h:688
#define CKM_SHA384_RSA_PKCS_PSS
Definition: pkcs11t.h:625
#define CKR_TOKEN_NOT_PRESENT
Definition: pkcs11t.h:1110
#define CKF_SIGN_RECOVER
Definition: pkcs11t.h:1010
#define CKM_DES_CBC_ENCRYPT_DATA
Definition: pkcs11t.h:938
#define CKM_DES_KEY_GEN
Definition: pkcs11t.h:655
#define CKM_TLS_MASTER_KEY_DERIVE
Definition: pkcs11t.h:775
#define CKK_RC4
Definition: pkcs11t.h:348
#define CKR_UNWRAPPING_KEY_HANDLE_INVALID
Definition: pkcs11t.h:1113
#define CKM_WTLS_PRF
Definition: pkcs11t.h:814
CK_LOCKMUTEX LockMutex
Definition: p11.h:832
#define CKM_AES_ECB
Definition: pkcs11t.h:914
#define CKF_DECRYPT
Definition: pkcs11t.h:1007
#define CKO_DATA
Definition: pkcs11t.h:310
#define CKM_CAST3_MAC
Definition: pkcs11t.h:735
#define CKM_JUNIPER_SHUFFLE
Definition: pkcs11t.h:909
#define CKR_FUNCTION_REJECTED
Definition: pkcs11t.h:1156
#define CKA_GOSTR3411_PARAMS
Definition: pkcs11t.h:536
#define CKM_RIPEMD160_HMAC
Definition: pkcs11t.h:704
CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR
Definition: pkcs11t.h:1175
#define CKM_SKIPJACK_OFB64
Definition: pkcs11t.h:868
#define CKO_MECHANISM
Definition: pkcs11t.h:317
#define CKM_CAST_ECB
Definition: pkcs11t.h:727
#define CKA_APPLICATION
Definition: pkcs11t.h:441
#define CKA_OTP_USER_FRIENDLY_MODE
Definition: pkcs11t.h:523
#define CKA_SUPPORTED_CMS_ATTRIBUTES
Definition: pkcs11t.h:556
void initialize_token(Slot &slot, const std::string &label, const secure_string &so_pin, const secure_string &pin)
Definition: p11.cpp:47
#define CKO_HW_FEATURE
Definition: pkcs11t.h:315
#define CKF_SO_PIN_FINAL_TRY
Definition: pkcs11t.h:234
#define CKF_DONT_BLOCK
Definition: pkcs11t.h:1234
#define CKK_DES3
Definition: pkcs11t.h:351
CK_BYTE CK_UTF8CHAR
Definition: pkcs11t.h:42
CK_ULONG CK_STATE
Definition: pkcs11t.h:271
#define CKP_PKCS5_PBKD2_HMAC_SHA224
Definition: pkcs11t.h:1721
#define CKM_SKIPJACK_CBC64
Definition: pkcs11t.h:867
#define CKK_TWOFISH
Definition: pkcs11t.h:364
CK_FLAGS Flags
Definition: p11.h:834
#define CKM_RC5_MAC
Definition: pkcs11t.h:754
#define CKO_VENDOR_DEFINED
Definition: pkcs11t.h:320
#define CKM_CAST5_CBC_PAD
Definition: pkcs11t.h:749
#define CKR_TOKEN_NOT_RECOGNIZED
Definition: pkcs11t.h:1111
#define CKM_CAST5_MAC_GENERAL
Definition: pkcs11t.h:747
#define CKA_URL
Definition: pkcs11t.h:453
const Bbool True
Definition: p11.h:857
#define CKR_SESSION_PARALLEL_NOT_SUPPORTED
Definition: pkcs11t.h:1099
#define CKM_ECDH1_COFACTOR_DERIVE
Definition: pkcs11t.h:899
CK_ULONG CK_FLAGS
Definition: pkcs11t.h:54
#define CKA_NEVER_EXTRACTABLE
Definition: pkcs11t.h:496
#define CKK_SHA_1_HMAC
Definition: pkcs11t.h:372
bool C_GetAttributeValue(SessionHandle session, ObjectHandle object, std::map< AttributeType, std::vector< uint8_t, TAlloc >> &attribute_values, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1586
#define CKF_DIGEST
Definition: pkcs11t.h:1008
#define CKM_CDMF_KEY_GEN
Definition: pkcs11t.h:673
#define CKK_CAST5
Definition: pkcs11t.h:354
#define CKA_CLASS
Definition: pkcs11t.h:437
#define CKM_CAMELLIA_CBC
Definition: pkcs11t.h:839
#define CKM_SHA224_HMAC_GENERAL
Definition: pkcs11t.h:712
#define CKD_SHA256_KDF
Definition: pkcs11t.h:1297
#define CKA_AC_ISSUER
Definition: pkcs11t.h:447
#define CKA_CHECK_VALUE
Definition: pkcs11t.h:457
CK_ULONG CK_CERTIFICATE_TYPE
Definition: pkcs11t.h:393
#define CKG_MGF1_SHA224
Definition: pkcs11t.h:1250
#define CKM_JUNIPER_WRAP
Definition: pkcs11t.h:910
#define CKM_SHA512_256_HMAC_GENERAL
Definition: pkcs11t.h:637
#define CKM_AES_KEY_WRAP_PAD
Definition: pkcs11t.h:970
#define CKM_TLS12_MASTER_KEY_DERIVE_DH
Definition: pkcs11t.h:824
#define CKM_CAST128_MAC
Definition: pkcs11t.h:746
CK_SLOT_ID SlotId
Definition: p11.h:837
#define CKA_VERIFY_RECOVER
Definition: pkcs11t.h:470
#define CKA_RESET_ON_INIT
Definition: pkcs11t.h:540
#define CKM_CAST_MAC
Definition: pkcs11t.h:729
#define CKM_DES3_MAC_GENERAL
Definition: pkcs11t.h:669
#define CKR_USER_TYPE_INVALID
Definition: pkcs11t.h:1119
#define CKA_BASE
Definition: pkcs11t.h:486
bool C_VerifyUpdate(SessionHandle session, std::vector< uint8_t, TAlloc > part, ReturnValue *return_value=ThrowException) const
Definition: p11.h:2479
#define CKM_PKCS5_PBKD2
Definition: pkcs11t.h:807
#define CKA_OTP_TIME
Definition: pkcs11t.h:529
#define CKO_PRIVATE_KEY
Definition: pkcs11t.h:313
#define CKA_VERIFY
Definition: pkcs11t.h:469
#define CKM_X9_42_DH_PARAMETER_GEN
Definition: pkcs11t.h:959
#define CKF_ENCRYPT
Definition: pkcs11t.h:1006
#define CKH_VENDOR_DEFINED
Definition: pkcs11t.h:333
#define CKM_KIP_DERIVE
Definition: pkcs11t.h:833
#define CKM_AES_XCBC_MAC
Definition: pkcs11t.h:926
#define CKR_UNWRAPPING_KEY_SIZE_RANGE
Definition: pkcs11t.h:1114
#define CKR_SESSION_HANDLE_INVALID
Definition: pkcs11t.h:1098
#define CKM_RIPEMD160_HMAC_GENERAL
Definition: pkcs11t.h:705
#define CKA_BITS_PER_PIXEL
Definition: pkcs11t.h:549
#define CKF_RNG
Definition: pkcs11t.h:155
#define CKA_SUBPRIME
Definition: pkcs11t.h:485
#define CKR_USER_ALREADY_LOGGED_IN
Definition: pkcs11t.h:1116
#define CKM_SKIPJACK_ECB64
Definition: pkcs11t.h:866
#define CKM_SSL3_KEY_AND_MAC_DERIVE
Definition: pkcs11t.h:771
bool C_Encrypt(SessionHandle session, const std::vector< uint8_t, TAllocA > &plaintext_data, std::vector< uint8_t, TAllocB > &encrypted_data, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1806
MechanismType
Definition: p11.h:337
#define CKM_RC2_CBC_PAD
Definition: pkcs11t.h:651
#define CKM_ARIA_MAC_GENERAL
Definition: pkcs11t.h:851
#define CKA_COLOR
Definition: pkcs11t.h:548
#define CKM_EXTRACT_KEY_FROM_KEY
Definition: pkcs11t.h:768
#define CKR_PIN_LEN_RANGE
Definition: pkcs11t.h:1091
#define CKC_X_509_ATTR_CERT
Definition: pkcs11t.h:408
#define CKA_SIGN_RECOVER
Definition: pkcs11t.h:468
#define CKM_BATON_CBC128
Definition: pkcs11t.h:883
#define CKM_RSA_PKCS_OAEP_TPM_1_1
Definition: pkcs11t.h:973
#define CKA_DEFAULT_CMS_ATTRIBUTES
Definition: pkcs11t.h:555
#define CKO_DOMAIN_PARAMETERS
Definition: pkcs11t.h:316
#define CKR_KEY_UNEXTRACTABLE
Definition: pkcs11t.h:1081
#define CKN_SURRENDER
Definition: pkcs11t.h:101
#define CKM_CAST3_ECB
Definition: pkcs11t.h:733
#define CKM_IDEA_MAC
Definition: pkcs11t.h:760
#define CKM_KEA_KEY_PAIR_GEN
Definition: pkcs11t.h:876
#define CKM_GOST28147_KEY_WRAP
Definition: pkcs11t.h:955
#define CKM_TLS_MAC
Definition: pkcs11t.h:826
int error_code() const noexceptoverride
Definition: p11.h:2917
#define CKM_AES_CBC
Definition: pkcs11t.h:915
#define CKR_SESSION_READ_ONLY_EXISTS
Definition: pkcs11t.h:1103
#define CKM_DES_OFB8
Definition: pkcs11t.h:681
struct CK_SLOT_INFO CK_SLOT_INFO
#define CKK_BLOWFISH
Definition: pkcs11t.h:363
#define CKR_WRAPPED_KEY_LEN_RANGE
Definition: pkcs11t.h:1125
KeyDerivation
Definition: p11.h:195
#define CKF_SERIAL_SESSION
Definition: pkcs11t.h:290
#define CKA_KEY_GEN_MECHANISM
Definition: pkcs11t.h:498
struct CK_ECDH1_DERIVE_PARAMS CK_ECDH1_DERIVE_PARAMS
void CK_PTR CK_VOID_PTR
Definition: pkcs11t.h:66
ReturnValue get_return_value() const
Definition: p11.h:2912
#define CKR_MECHANISM_INVALID
Definition: pkcs11t.h:1083
#define CKM_PBE_MD2_DES_CBC
Definition: pkcs11t.h:792
#define CKM_CDMF_ECB
Definition: pkcs11t.h:674
#define CKM_SHA512_T
Definition: pkcs11t.h:640
#define CKR_KEY_FUNCTION_NOT_PERMITTED
Definition: pkcs11t.h:1079
#define CKM_DSA_KEY_PAIR_GEN
Definition: pkcs11t.h:605
#define CKK_SHA384_HMAC
Definition: pkcs11t.h:376
#define CKF_USER_PIN_TO_BE_CHANGED
Definition: pkcs11t.h:223
#define CKR_VENDOR_DEFINED
Definition: pkcs11t.h:1158
#define CKA_DECRYPT
Definition: pkcs11t.h:464
#define CKA_OTP_TIME_INTERVAL
Definition: pkcs11t.h:522
#define CKM_ARIA_CBC_ENCRYPT_DATA
Definition: pkcs11t.h:854
#define CKP_PKCS5_PBKD2_HMAC_SHA512_256
Definition: pkcs11t.h:1726
#define CKM_DES3_MAC
Definition: pkcs11t.h:667
#define CKK_DES
Definition: pkcs11t.h:349
#define CKR_SESSION_READ_ONLY
Definition: pkcs11t.h:1100
#define CKK_CAST3
Definition: pkcs11t.h:353
#define CKF_EXCLUDE_TIME
Definition: pkcs11t.h:1810
#define CKM_DSA_SHA1
Definition: pkcs11t.h:607
#define CKM_GOST28147_MAC
Definition: pkcs11t.h:954
secure_vector< uint8_t > secure_string
Definition: p11.h:63
#define CKR_MECHANISM_PARAM_INVALID
Definition: pkcs11t.h:1084
#define CKM_WTLS_PRE_MASTER_KEY_GEN
Definition: pkcs11t.h:811
#define CKF_TOKEN_INITIALIZED
Definition: pkcs11t.h:193
#define CKK_SHA512_HMAC
Definition: pkcs11t.h:377
#define CKM_GOSTR3411_HMAC
Definition: pkcs11t.h:950
#define CKM_DES3_ECB_ENCRYPT_DATA
Definition: pkcs11t.h:939
CK_ULONG CK_RSA_PKCS_MGF_TYPE
Definition: pkcs11t.h:1241
#define CKM_ECDH_AES_KEY_WRAP
Definition: pkcs11t.h:902
#define CKM_PBE_SHA1_RC4_128
Definition: pkcs11t.h:800
#define CKA_EXPONENT_2
Definition: pkcs11t.h:481
#define CKP_PKCS5_PBKD2_HMAC_SHA384
Definition: pkcs11t.h:1723
PKCS11_ReturnError(ReturnValue return_val)
Definition: p11.h:2907
#define CKM_SHA224_KEY_DERIVATION
Definition: pkcs11t.h:790
#define CKM_CAST3_MAC_GENERAL
Definition: pkcs11t.h:736
#define CKA_VALUE_BITS
Definition: pkcs11t.h:492
#define CKK_DH
Definition: pkcs11t.h:341
#define CKR_KEY_HANDLE_INVALID
Definition: pkcs11t.h:1070
#define CKM_GOSTR3410_KEY_WRAP
Definition: pkcs11t.h:947
#define CKM_AES_GMAC
Definition: pkcs11t.h:928
#define CKA_DESTROYABLE
Definition: pkcs11t.h:503
struct CK_MECHANISM_INFO CK_MECHANISM_INFO
#define CKM_RIPEMD160
Definition: pkcs11t.h:703
#define CKR_NEW_PIN_MODE
Definition: pkcs11t.h:1147
#define CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN
Definition: pkcs11t.h:961
#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY
Definition: pkcs11t.h:454
#define CKM_CAST_CBC_PAD
Definition: pkcs11t.h:731
bool C_Decrypt(SessionHandle session, const std::vector< uint8_t, TAllocA > &encrypted_data, std::vector< uint8_t, TAllocB > &decrypted_data, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1944
#define CKS_RW_PUBLIC_SESSION
Definition: pkcs11t.h:274
#define CKR_KEY_CHANGED
Definition: pkcs11t.h:1076
#define CKM_SHA512_256_HMAC
Definition: pkcs11t.h:636
CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE
Definition: pkcs11t.h:1714
#define CKM_PBE_MD5_CAST3_CBC
Definition: pkcs11t.h:795
#define CKM_SHA512_256_KEY_DERIVATION
Definition: pkcs11t.h:638
#define CKR_DOMAIN_PARAMS_INVALID
Definition: pkcs11t.h:1133
#define CKA_PRIME_2
Definition: pkcs11t.h:479
#define CKM_SKIPJACK_PRIVATE_WRAP
Definition: pkcs11t.h:874
#define CKA_MODIFIABLE
Definition: pkcs11t.h:500
#define CKM_RC4_KEY_GEN
Definition: pkcs11t.h:653
bool C_InitPIN(SessionHandle session, const std::vector< uint8_t, TAlloc > &pin, ReturnValue *return_value=ThrowException) const
Definition: p11.h:1205
#define CKM_ACTI
Definition: pkcs11t.h:723
#define CKM_SHA224_HMAC
Definition: pkcs11t.h:711
#define CKR_USER_PIN_NOT_INITIALIZED
Definition: pkcs11t.h:1118
#define CKM_SEED_KEY_GEN
Definition: pkcs11t.h:856
#define CKM_RSA_PKCS_OAEP
Definition: pkcs11t.h:597
#define CKM_SEED_ECB
Definition: pkcs11t.h:857
#define CKM_ARIA_KEY_GEN
Definition: pkcs11t.h:847
Notification
Definition: p11.h:674
#define CKD_SHA1_KDF
Definition: pkcs11t.h:1291
#define CKA_WRAP_TEMPLATE
Definition: pkcs11t.h:516
#define CKF_EXCLUDE_PIN
Definition: pkcs11t.h:1813
#define CKM_CAMELLIA_KEY_GEN
Definition: pkcs11t.h:837
#define CK_CERTIFICATE_CATEGORY_TOKEN_USER
Definition: pkcs11t.h:396
PublicPointEncoding
Definition: p11.h:821
#define CKM_SHA512_T_HMAC
Definition: pkcs11t.h:641
bool C_Verify(SessionHandle session, const std::vector< uint8_t, TAllocA > &data, std::vector< uint8_t, TAllocB > &signature, ReturnValue *return_value=ThrowException) const
Definition: p11.h:2431
#define CKD_SHA1_KDF_ASN1
Definition: pkcs11t.h:1294
#define CKM_CAST5_MAC
Definition: pkcs11t.h:745
#define CKS_RW_SO_FUNCTIONS
Definition: pkcs11t.h:276
#define CKM_DH_PKCS_KEY_PAIR_GEN
Definition: pkcs11t.h:613
#define CKM_CAST128_CBC_PAD
Definition: pkcs11t.h:750
#define CKA_OTP_SERVICE_IDENTIFIER
Definition: pkcs11t.h:531
#define CKA_AUTH_PIN_FLAGS
Definition: pkcs11t.h:511
#define CKK_DSA
Definition: pkcs11t.h:340
CK_DESTROYMUTEX DestroyMutex
Definition: p11.h:831
struct CK_ATTRIBUTE CK_ATTRIBUTE
#define CKM_RIPEMD160_RSA_PKCS
Definition: pkcs11t.h:596
#define CKR_SESSION_CLOSED
Definition: pkcs11t.h:1096
#define CKA_PRIME_BITS
Definition: pkcs11t.h:488
#define CKM_CAMELLIA_MAC
Definition: pkcs11t.h:840
#define CKR_ENCRYPTED_DATA_LEN_RANGE
Definition: pkcs11t.h:1064
bool C_SignFinal(SessionHandle session, std::vector< uint8_t, TAlloc > &signature, ReturnValue *return_value=ThrowException) const
Definition: p11.h:2299
#define CKM_RC5_ECB
Definition: pkcs11t.h:752
#define CKM_DSA
Definition: pkcs11t.h:606
#define CKM_TWOFISH_CBC
Definition: pkcs11t.h:933
#define CKF_EC_F_2M
Definition: pkcs11t.h:1023
#define CKA_START_DATE
Definition: pkcs11t.h:472
#define CKM_RSA_X9_31
Definition: pkcs11t.h:600
#define CKR_WRAPPED_KEY_INVALID
Definition: pkcs11t.h:1124
#define CKM_SHA224_RSA_PKCS_PSS
Definition: pkcs11t.h:629
#define CKM_SHA512_224_HMAC
Definition: pkcs11t.h:632
#define CKM_SHA384
Definition: pkcs11t.h:713
#define CKM_SKIPJACK_CFB16
Definition: pkcs11t.h:871
#define CKM_DES2_KEY_GEN
Definition: pkcs11t.h:663
#define CKR_SESSION_COUNT
Definition: pkcs11t.h:1097
CertificateCategory
Definition: p11.h:187
#define CKM_AES_CBC_ENCRYPT_DATA
Definition: pkcs11t.h:942
#define CKA_OTP_CHALLENGE_REQUIREMENT
Definition: pkcs11t.h:524
#define CKM_SHA256_RSA_PKCS
Definition: pkcs11t.h:621
#define CKK_RIPEMD128_HMAC
Definition: pkcs11t.h:373
#define CKM_CDMF_MAC_GENERAL
Definition: pkcs11t.h:677
ReturnValue * ThrowException
Definition: p11.cpp:20
#define CKM_RSA_X9_31_KEY_PAIR_GEN
Definition: pkcs11t.h:599
#define CKM_MD2
Definition: pkcs11t.h:685
#define CKM_BLOWFISH_CBC
Definition: pkcs11t.h:931
#define CKM_DES_MAC
Definition: pkcs11t.h:658
#define CKA_VALUE_LEN
Definition: pkcs11t.h:493
#define CKM_ARIA_CBC_PAD
Definition: pkcs11t.h:852
#define CKF_ARRAY_ATTRIBUTE
Definition: pkcs11t.h:421
#define CKA_MODULUS_BITS
Definition: pkcs11t.h:475
#define CKM_SECURID
Definition: pkcs11t.h:720
#define CKM_ARIA_CBC
Definition: pkcs11t.h:849
#define CKM_SEED_CBC_PAD
Definition: pkcs11t.h:861
#define CKM_RC2_MAC_GENERAL
Definition: pkcs11t.h:650
#define CKM_X9_42_DH_DERIVE
Definition: pkcs11t.h:617
#define CKM_ECMQV_DERIVE
Definition: pkcs11t.h:900
#define CKK_IDEA
Definition: pkcs11t.h:357
#define CKA_SUB_PRIME_BITS
Definition: pkcs11t.h:490
#define CKM_SSL3_SHA1_MAC
Definition: pkcs11t.h:782
#define CKM_SHA256_KEY_DERIVATION
Definition: pkcs11t.h:787
#define CKM_DES_MAC_GENERAL
Definition: pkcs11t.h:660
#define CKK_GOSTR3411
Definition: pkcs11t.h:382
#define CKM_X9_42_DH_KEY_PAIR_GEN
Definition: pkcs11t.h:616
#define CKM_TLS_KEY_AND_MAC_DERIVE
Definition: pkcs11t.h:776
#define CKF_EXCLUDE_CHALLENGE
Definition: pkcs11t.h:1812
#define CKM_DSA_SHA256
Definition: pkcs11t.h:609
#define CKR_CURVE_NOT_SUPPORTED
Definition: pkcs11t.h:1135
#define CKM_DH_PKCS_DERIVE
Definition: pkcs11t.h:614
#define CKR_TEMPLATE_INCOMPLETE
Definition: pkcs11t.h:1108
#define CKM_TLS12_MASTER_KEY_DERIVE
Definition: pkcs11t.h:822
#define CKM_HOTP
Definition: pkcs11t.h:722
#define CKR_SESSION_READ_WRITE_SO_EXISTS
Definition: pkcs11t.h:1104
SessionState
Definition: p11.h:706
#define CKM_PBE_MD5_CAST128_CBC
Definition: pkcs11t.h:797
#define CKA_UNWRAP
Definition: pkcs11t.h:466
#define CKA_JAVA_MIDP_SECURITY_DOMAIN
Definition: pkcs11t.h:452
#define CKR_DATA_LEN_RANGE
Definition: pkcs11t.h:1059
#define CKM_IDEA_MAC_GENERAL
Definition: pkcs11t.h:761
#define CKM_BLOWFISH_CBC_PAD
Definition: pkcs11t.h:934
CK_BBOOL Bbool
Definition: p11.h:836
#define CKM_SHA_1_HMAC
Definition: pkcs11t.h:697
#define CKA_HASH_OF_ISSUER_PUBLIC_KEY
Definition: pkcs11t.h:455
#define CKR_OPERATION_NOT_INITIALIZED
Definition: pkcs11t.h:1088
#define CKM_SHA_1
Definition: pkcs11t.h:695
#define CKM_DSA_SHA384
Definition: pkcs11t.h:610
#define CKF_USER_PIN_FINAL_TRY
Definition: pkcs11t.h:210
#define CKM_SSL3_MASTER_KEY_DERIVE_DH
Definition: pkcs11t.h:773
#define CKD_CPDIVERSIFY_KDF
Definition: pkcs11t.h:1300
#define CKR_HOST_MEMORY
Definition: pkcs11t.h:1040
#define CKA_CERTIFICATE_TYPE
Definition: pkcs11t.h:444
#define CKK_BATON
Definition: pkcs11t.h:359
#define CKM_GOST28147_ECB
Definition: pkcs11t.h:952
#define CKA_RESOLUTION
Definition: pkcs11t.h:545
#define CKM_CAST128_KEY_GEN
Definition: pkcs11t.h:740
#define CKM_CAST5_KEY_GEN
Definition: pkcs11t.h:739
#define CKM_SKIPJACK_CFB64
Definition: pkcs11t.h:869
#define CKM_SHA256_RSA_PKCS_PSS
Definition: pkcs11t.h:624
#define CKM_IDEA_CBC_PAD
Definition: pkcs11t.h:762