1 /*
2 * PKCS#11
3 * (C) 2016 Daniel Neus, Sirrix AG
4 * (C) 2016 Philipp Weber, Sirrix AG
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 */
8
9 #ifndef BOTAN_P11_H_
10 #define BOTAN_P11_H_
11
12 #include <botan/secmem.h>
13 #include <botan/exceptn.h>
14
15 #include <vector>
16 #include <string>
17 #include <map>
18
19 #define CK_PTR *
20
21 #if defined(_MSC_VER)
22 #define CK_DECLARE_FUNCTION(returnType, name) \
23 returnType __declspec(dllimport) name
24 #else
25 #define CK_DECLARE_FUNCTION(returnType, name) \
26 returnType name
27 #endif
28
29 #if defined(_MSC_VER)
30 #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
31 returnType __declspec(dllimport) (* name)
32 #else
33 #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
34 returnType (* name)
35 #endif
36
37 #define CK_CALLBACK_FUNCTION(returnType, name) \
38 returnType (* name)
39
40 #ifndef NULL_PTR
41 #define NULL_PTR nullptr
42 #endif
43
44 #if defined(_MSC_VER)
45 #pragma pack(push, cryptoki, 1)
46 #endif
47
48 #include "pkcs11.h"
49
50 #if defined(_MSC_VER)
51 #pragma pack(pop, cryptoki)
52 #endif
53
54 static_assert(CRYPTOKI_VERSION_MAJOR == 2 && CRYPTOKI_VERSION_MINOR == 40,
55 "The Botan PKCS#11 module was implemented against PKCS#11 v2.40. Please use the correct PKCS#11 headers.");
56
57 namespace Botan {
58
59 class Dynamically_Loaded_Library;
60
61 namespace PKCS11 {
62
63 using secure_string = secure_vector<uint8_t>;
64
65 enum class AttributeType : CK_ATTRIBUTE_TYPE
66 {
67 Class = CKA_CLASS,
68 Token = CKA_TOKEN,
69 Private = CKA_PRIVATE,
70 Label = CKA_LABEL,
71 Application = CKA_APPLICATION,
72 Value = CKA_VALUE,
73 ObjectId = CKA_OBJECT_ID,
74 CertificateType = CKA_CERTIFICATE_TYPE,
75 Issuer = CKA_ISSUER,
76 SerialNumber = CKA_SERIAL_NUMBER,
77 AcIssuer = CKA_AC_ISSUER,
78 Owner = CKA_OWNER,
79 AttrTypes = CKA_ATTR_TYPES,
80 Trusted = CKA_TRUSTED,
81 CertificateCategory = CKA_CERTIFICATE_CATEGORY,
82 JavaMidpSecurityDomain = CKA_JAVA_MIDP_SECURITY_DOMAIN,
83 Url = CKA_URL,
84 HashOfSubjectPublicKey = CKA_HASH_OF_SUBJECT_PUBLIC_KEY,
85 HashOfIssuerPublicKey = CKA_HASH_OF_ISSUER_PUBLIC_KEY,
86 NameHashAlgorithm = CKA_NAME_HASH_ALGORITHM,
87 CheckValue = CKA_CHECK_VALUE,
88 KeyType = CKA_KEY_TYPE,
89 Subject = CKA_SUBJECT,
90 Id = CKA_ID,
91 Sensitive = CKA_SENSITIVE,
92 Encrypt = CKA_ENCRYPT,
93 Decrypt = CKA_DECRYPT,
94 Wrap = CKA_WRAP,
95 Unwrap = CKA_UNWRAP,
96 Sign = CKA_SIGN,
97 SignRecover = CKA_SIGN_RECOVER,
98 Verify = CKA_VERIFY,
99 VerifyRecover = CKA_VERIFY_RECOVER,
100 Derive = CKA_DERIVE,
101 StartDate = CKA_START_DATE,
102 EndDate = CKA_END_DATE,
103 Modulus = CKA_MODULUS,
104 ModulusBits = CKA_MODULUS_BITS,
105 PublicExponent = CKA_PUBLIC_EXPONENT,
106 PrivateExponent = CKA_PRIVATE_EXPONENT,
107 Prime1 = CKA_PRIME_1,
108 Prime2 = CKA_PRIME_2,
109 Exponent1 = CKA_EXPONENT_1,
110 Exponent2 = CKA_EXPONENT_2,
111 Coefficient = CKA_COEFFICIENT,
112 PublicKeyInfo = CKA_PUBLIC_KEY_INFO,
113 Prime = CKA_PRIME,
114 Subprime = CKA_SUBPRIME,
115 Base = CKA_BASE,
116 PrimeBits = CKA_PRIME_BITS,
117 SubprimeBits = CKA_SUBPRIME_BITS,
118 SubPrimeBits = CKA_SUB_PRIME_BITS,
119 ValueBits = CKA_VALUE_BITS,
120 ValueLen = CKA_VALUE_LEN,
121 Extractable = CKA_EXTRACTABLE,
122 Local = CKA_LOCAL,
123 NeverExtractable = CKA_NEVER_EXTRACTABLE,
124 AlwaysSensitive = CKA_ALWAYS_SENSITIVE,
125 KeyGenMechanism = CKA_KEY_GEN_MECHANISM,
126 Modifiable = CKA_MODIFIABLE,
127 Copyable = CKA_COPYABLE,
128 Destroyable = CKA_DESTROYABLE,
129 EcdsaParams = CKA_ECDSA_PARAMS,
130 EcParams = CKA_EC_PARAMS,
131 EcPoint = CKA_EC_POINT,
132 SecondaryAuth = CKA_SECONDARY_AUTH,
133 AuthPinFlags = CKA_AUTH_PIN_FLAGS,
134 AlwaysAuthenticate = CKA_ALWAYS_AUTHENTICATE,
135 WrapWithTrusted = CKA_WRAP_WITH_TRUSTED,
136 WrapTemplate = CKA_WRAP_TEMPLATE,
137 UnwrapTemplate = CKA_UNWRAP_TEMPLATE,
138 DeriveTemplate = CKA_DERIVE_TEMPLATE,
139 OtpFormat = CKA_OTP_FORMAT,
140 OtpLength = CKA_OTP_LENGTH,
141 OtpTimeInterval = CKA_OTP_TIME_INTERVAL,
142 OtpUserFriendlyMode = CKA_OTP_USER_FRIENDLY_MODE,
143 OtpChallengeRequirement = CKA_OTP_CHALLENGE_REQUIREMENT,
144 OtpTimeRequirement = CKA_OTP_TIME_REQUIREMENT,
145 OtpCounterRequirement = CKA_OTP_COUNTER_REQUIREMENT,
146 OtpPinRequirement = CKA_OTP_PIN_REQUIREMENT,
147 OtpCounter = CKA_OTP_COUNTER,
148 OtpTime = CKA_OTP_TIME,
149 OtpUserIdentifier = CKA_OTP_USER_IDENTIFIER,
150 OtpServiceIdentifier = CKA_OTP_SERVICE_IDENTIFIER,
151 OtpServiceLogo = CKA_OTP_SERVICE_LOGO,
152 OtpServiceLogoType = CKA_OTP_SERVICE_LOGO_TYPE,
153 Gostr3410Params = CKA_GOSTR3410_PARAMS,
154 Gostr3411Params = CKA_GOSTR3411_PARAMS,
155 Gost28147Params = CKA_GOST28147_PARAMS,
156 HwFeatureType = CKA_HW_FEATURE_TYPE,
157 ResetOnInit = CKA_RESET_ON_INIT,
158 HasReset = CKA_HAS_RESET,
159 PixelX = CKA_PIXEL_X,
160 PixelY = CKA_PIXEL_Y,
161 Resolution = CKA_RESOLUTION,
162 CharRows = CKA_CHAR_ROWS,
163 CharColumns = CKA_CHAR_COLUMNS,
164 Color = CKA_COLOR,
165 BitsPerPixel = CKA_BITS_PER_PIXEL,
166 CharSets = CKA_CHAR_SETS,
167 EncodingMethods = CKA_ENCODING_METHODS,
168 MimeTypes = CKA_MIME_TYPES,
169 MechanismType = CKA_MECHANISM_TYPE,
170 RequiredCmsAttributes = CKA_REQUIRED_CMS_ATTRIBUTES,
171 DefaultCmsAttributes = CKA_DEFAULT_CMS_ATTRIBUTES,
172 SupportedCmsAttributes = CKA_SUPPORTED_CMS_ATTRIBUTES,
173 AllowedMechanisms = CKA_ALLOWED_MECHANISMS,
174 VendorDefined = CKA_VENDOR_DEFINED,
175 };
176
177 enum class CertificateType : CK_CERTIFICATE_TYPE
178 {
179 X509 = CKC_X_509,
180 X509AttrCert = CKC_X_509_ATTR_CERT,
181 Wtls = CKC_WTLS,
182 VendorDefined = CKC_VENDOR_DEFINED,
183 };
184
185 /// Indicates if a stored certificate is a user certificate for which the corresponding private key is available
186 /// on the token ("token user"), a CA certificate ("authority"), or another end-entity certificate ("other entity").
187 enum class CertificateCategory : CK_ULONG
188 {
189 Unspecified = CK_CERTIFICATE_CATEGORY_UNSPECIFIED,
190 TokenUser = CK_CERTIFICATE_CATEGORY_TOKEN_USER,
191 Authority = CK_CERTIFICATE_CATEGORY_AUTHORITY,
192 OtherEntity = CK_CERTIFICATE_CATEGORY_OTHER_ENTITY
193 };
194
195 enum class KeyDerivation : CK_ULONG
196 {
197 Null = CKD_NULL,
198 Sha1Kdf = CKD_SHA1_KDF,
199 Sha1KdfAsn1 = CKD_SHA1_KDF_ASN1,
200 Sha1KdfConcatenate = CKD_SHA1_KDF_CONCATENATE,
201 Sha224Kdf = CKD_SHA224_KDF,
202 Sha256Kdf = CKD_SHA256_KDF,
203 Sha384Kdf = CKD_SHA384_KDF,
204 Sha512Kdf = CKD_SHA512_KDF,
205 CpdiversifyKdf = CKD_CPDIVERSIFY_KDF,
206 };
207
208 enum class Flag : CK_FLAGS
209 {
210 None = 0,
211 TokenPresent = CKF_TOKEN_PRESENT,
212 RemovableDevice = CKF_REMOVABLE_DEVICE,
213 HwSlot = CKF_HW_SLOT,
214 Rng = CKF_RNG,
215 WriteProtected = CKF_WRITE_PROTECTED,
216 LoginRequired = CKF_LOGIN_REQUIRED,
217 UserPinInitialized = CKF_USER_PIN_INITIALIZED,
218 RestoreKeyNotNeeded = CKF_RESTORE_KEY_NOT_NEEDED,
219 ClockOnToken = CKF_CLOCK_ON_TOKEN,
220 ProtectedAuthenticationPath = CKF_PROTECTED_AUTHENTICATION_PATH,
221 DualCryptoOperations = CKF_DUAL_CRYPTO_OPERATIONS,
222 TokenInitialized = CKF_TOKEN_INITIALIZED,
223 SecondaryAuthentication = CKF_SECONDARY_AUTHENTICATION,
224 UserPinCountLow = CKF_USER_PIN_COUNT_LOW,
225 UserPinFinalTry = CKF_USER_PIN_FINAL_TRY,
226 UserPinLocked = CKF_USER_PIN_LOCKED,
227 UserPinToBeChanged = CKF_USER_PIN_TO_BE_CHANGED,
228 SoPinCountLow = CKF_SO_PIN_COUNT_LOW,
229 SoPinFinalTry = CKF_SO_PIN_FINAL_TRY,
230 SoPinLocked = CKF_SO_PIN_LOCKED,
231 SoPinToBeChanged = CKF_SO_PIN_TO_BE_CHANGED,
232 ErrorState = CKF_ERROR_STATE,
233 RwSession = CKF_RW_SESSION,
234 SerialSession = CKF_SERIAL_SESSION,
235 ArrayAttribute = CKF_ARRAY_ATTRIBUTE,
236 Hw = CKF_HW,
237 Encrypt = CKF_ENCRYPT,
238 Decrypt = CKF_DECRYPT,
239 Digest = CKF_DIGEST,
240 Sign = CKF_SIGN,
241 SignRecover = CKF_SIGN_RECOVER,
242 Verify = CKF_VERIFY,
243 VerifyRecover = CKF_VERIFY_RECOVER,
244 Generate = CKF_GENERATE,
245 GenerateKeyPair = CKF_GENERATE_KEY_PAIR,
246 Wrap = CKF_WRAP,
247 Unwrap = CKF_UNWRAP,
248 Derive = CKF_DERIVE,
249 EcFP = CKF_EC_F_P,
250 EcF2m = CKF_EC_F_2M,
251 EcEcparameters = CKF_EC_ECPARAMETERS,
252 EcNamedcurve = CKF_EC_NAMEDCURVE,
253 EcUncompress = CKF_EC_UNCOMPRESS,
254 EcCompress = CKF_EC_COMPRESS,
255 Extension = CKF_EXTENSION,
256 LibraryCantCreateOsThreads = CKF_LIBRARY_CANT_CREATE_OS_THREADS,
257 OsLockingOk = CKF_OS_LOCKING_OK,
258 DontBlock = CKF_DONT_BLOCK,
259 NextOtp = CKF_NEXT_OTP,
260 ExcludeTime = CKF_EXCLUDE_TIME,
261 ExcludeCounter = CKF_EXCLUDE_COUNTER,
262 ExcludeChallenge = CKF_EXCLUDE_CHALLENGE,
263 ExcludePin = CKF_EXCLUDE_PIN,
264 UserFriendlyOtp = CKF_USER_FRIENDLY_OTP,
265 };
266
267 inline Flag operator | (Flag a, Flag b)
268 {
269 return static_cast< Flag >(static_cast< CK_FLAGS >(a) | static_cast< CK_FLAGS >(b));
270 }
271
272 enum class MGF : CK_RSA_PKCS_MGF_TYPE
273 {
274 Mgf1Sha1 = CKG_MGF1_SHA1,
275 Mgf1Sha256 = CKG_MGF1_SHA256,
276 Mgf1Sha384 = CKG_MGF1_SHA384,
277 Mgf1Sha512 = CKG_MGF1_SHA512,
278 Mgf1Sha224 = CKG_MGF1_SHA224,
279 };
280
281 enum class HardwareType : CK_HW_FEATURE_TYPE
282 {
283 MonotonicCounter = CKH_MONOTONIC_COUNTER,
284 Clock = CKH_CLOCK,
285 UserInterface = CKH_USER_INTERFACE,
286 VendorDefined = CKH_VENDOR_DEFINED,
287 };
288
289 enum class KeyType : CK_KEY_TYPE
290 {
291 Rsa = CKK_RSA,
292 Dsa = CKK_DSA,
293 Dh = CKK_DH,
294 Ecdsa = CKK_ECDSA,
295 Ec = CKK_EC,
296 X942Dh = CKK_X9_42_DH,
297 Kea = CKK_KEA,
298 GenericSecret = CKK_GENERIC_SECRET,
299 Rc2 = CKK_RC2,
300 Rc4 = CKK_RC4,
301 Des = CKK_DES,
302 Des2 = CKK_DES2,
303 Des3 = CKK_DES3,
304 Cast = CKK_CAST,
305 Cast3 = CKK_CAST3,
306 Cast5 = CKK_CAST5,
307 Cast128 = CKK_CAST128,
308 Rc5 = CKK_RC5,
309 Idea = CKK_IDEA,
310 Skipjack = CKK_SKIPJACK,
311 Baton = CKK_BATON,
312 Juniper = CKK_JUNIPER,
313 Cdmf = CKK_CDMF,
314 Aes = CKK_AES,
315 Blowfish = CKK_BLOWFISH,
316 Twofish = CKK_TWOFISH,
317 Securid = CKK_SECURID,
318 Hotp = CKK_HOTP,
319 Acti = CKK_ACTI,
320 Camellia = CKK_CAMELLIA,
321 Aria = CKK_ARIA,
322 Md5Hmac = CKK_MD5_HMAC,
323 Sha1Hmac = CKK_SHA_1_HMAC,
324 Ripemd128Hmac = CKK_RIPEMD128_HMAC,
325 Ripemd160Hmac = CKK_RIPEMD160_HMAC,
326 Sha256Hmac = CKK_SHA256_HMAC,
327 Sha384Hmac = CKK_SHA384_HMAC,
328 Sha512Hmac = CKK_SHA512_HMAC,
329 Sha224Hmac = CKK_SHA224_HMAC,
330 Seed = CKK_SEED,
331 Gostr3410 = CKK_GOSTR3410,
332 Gostr3411 = CKK_GOSTR3411,
333 Gost28147 = CKK_GOST28147,
334 VendorDefined = CKK_VENDOR_DEFINED,
335 };
336
337 enum class MechanismType : CK_MECHANISM_TYPE
338 {
339 RsaPkcsKeyPairGen = CKM_RSA_PKCS_KEY_PAIR_GEN,
340 RsaPkcs = CKM_RSA_PKCS,
341 Rsa9796 = CKM_RSA_9796,
342 RsaX509 = CKM_RSA_X_509,
343 Md2RsaPkcs = CKM_MD2_RSA_PKCS,
344 Md5RsaPkcs = CKM_MD5_RSA_PKCS,
345 Sha1RsaPkcs = CKM_SHA1_RSA_PKCS,
346 Ripemd128RsaPkcs = CKM_RIPEMD128_RSA_PKCS,
347 Ripemd160RsaPkcs = CKM_RIPEMD160_RSA_PKCS,
348 RsaPkcsOaep = CKM_RSA_PKCS_OAEP,
349 RsaX931KeyPairGen = CKM_RSA_X9_31_KEY_PAIR_GEN,
350 RsaX931 = CKM_RSA_X9_31,
351 Sha1RsaX931 = CKM_SHA1_RSA_X9_31,
352 RsaPkcsPss = CKM_RSA_PKCS_PSS,
353 Sha1RsaPkcsPss = CKM_SHA1_RSA_PKCS_PSS,
354 DsaKeyPairGen = CKM_DSA_KEY_PAIR_GEN,
355 Dsa = CKM_DSA,
356 DsaSha1 = CKM_DSA_SHA1,
357 DsaSha224 = CKM_DSA_SHA224,
358 DsaSha256 = CKM_DSA_SHA256,
359 DsaSha384 = CKM_DSA_SHA384,
360 DsaSha512 = CKM_DSA_SHA512,
361 DhPkcsKeyPairGen = CKM_DH_PKCS_KEY_PAIR_GEN,
362 DhPkcsDerive = CKM_DH_PKCS_DERIVE,
363 X942DhKeyPairGen = CKM_X9_42_DH_KEY_PAIR_GEN,
364 X942DhDerive = CKM_X9_42_DH_DERIVE,
365 X942DhHybridDerive = CKM_X9_42_DH_HYBRID_DERIVE,
366 X942MqvDerive = CKM_X9_42_MQV_DERIVE,
367 Sha256RsaPkcs = CKM_SHA256_RSA_PKCS,
368 Sha384RsaPkcs = CKM_SHA384_RSA_PKCS,
369 Sha512RsaPkcs = CKM_SHA512_RSA_PKCS,
370 Sha256RsaPkcsPss = CKM_SHA256_RSA_PKCS_PSS,
371 Sha384RsaPkcsPss = CKM_SHA384_RSA_PKCS_PSS,
372 Sha512RsaPkcsPss = CKM_SHA512_RSA_PKCS_PSS,
373 Sha224RsaPkcs = CKM_SHA224_RSA_PKCS,
374 Sha224RsaPkcsPss = CKM_SHA224_RSA_PKCS_PSS,
375 Sha512224 = CKM_SHA512_224,
376 Sha512224Hmac = CKM_SHA512_224_HMAC,
377 Sha512224HmacGeneral = CKM_SHA512_224_HMAC_GENERAL,
378 Sha512224KeyDerivation = CKM_SHA512_224_KEY_DERIVATION,
379 Sha512256 = CKM_SHA512_256,
380 Sha512256Hmac = CKM_SHA512_256_HMAC,
381 Sha512256HmacGeneral = CKM_SHA512_256_HMAC_GENERAL,
382 Sha512256KeyDerivation = CKM_SHA512_256_KEY_DERIVATION,
383 Sha512T = CKM_SHA512_T,
384 Sha512THmac = CKM_SHA512_T_HMAC,
385 Sha512THmacGeneral = CKM_SHA512_T_HMAC_GENERAL,
386 Sha512TKeyDerivation = CKM_SHA512_T_KEY_DERIVATION,
387 Rc2KeyGen = CKM_RC2_KEY_GEN,
388 Rc2Ecb = CKM_RC2_ECB,
389 Rc2Cbc = CKM_RC2_CBC,
390 Rc2Mac = CKM_RC2_MAC,
391 Rc2MacGeneral = CKM_RC2_MAC_GENERAL,
392 Rc2CbcPad = CKM_RC2_CBC_PAD,
393 Rc4KeyGen = CKM_RC4_KEY_GEN,
394 Rc4 = CKM_RC4,
395 DesKeyGen = CKM_DES_KEY_GEN,
396 DesEcb = CKM_DES_ECB,
397 DesCbc = CKM_DES_CBC,
398 DesMac = CKM_DES_MAC,
399 DesMacGeneral = CKM_DES_MAC_GENERAL,
400 DesCbcPad = CKM_DES_CBC_PAD,
401 Des2KeyGen = CKM_DES2_KEY_GEN,
402 Des3KeyGen = CKM_DES3_KEY_GEN,
403 Des3Ecb = CKM_DES3_ECB,
404 Des3Cbc = CKM_DES3_CBC,
405 Des3Mac = CKM_DES3_MAC,
406 Des3MacGeneral = CKM_DES3_MAC_GENERAL,
407 Des3CbcPad = CKM_DES3_CBC_PAD,
408 Des3CmacGeneral = CKM_DES3_CMAC_GENERAL,
409 Des3Cmac = CKM_DES3_CMAC,
410 CdmfKeyGen = CKM_CDMF_KEY_GEN,
411 CdmfEcb = CKM_CDMF_ECB,
412 CdmfCbc = CKM_CDMF_CBC,
413 CdmfMac = CKM_CDMF_MAC,
414 CdmfMacGeneral = CKM_CDMF_MAC_GENERAL,
415 CdmfCbcPad = CKM_CDMF_CBC_PAD,
416 DesOfb64 = CKM_DES_OFB64,
417 DesOfb8 = CKM_DES_OFB8,
418 DesCfb64 = CKM_DES_CFB64,
419 DesCfb8 = CKM_DES_CFB8,
420 Md2 = CKM_MD2,
421 Md2Hmac = CKM_MD2_HMAC,
422 Md2HmacGeneral = CKM_MD2_HMAC_GENERAL,
423 Md5 = CKM_MD5,
424 Md5Hmac = CKM_MD5_HMAC,
425 Md5HmacGeneral = CKM_MD5_HMAC_GENERAL,
426 Sha1 = CKM_SHA_1,
427 Sha1Hmac = CKM_SHA_1_HMAC,
428 Sha1HmacGeneral = CKM_SHA_1_HMAC_GENERAL,
429 Ripemd128 = CKM_RIPEMD128,
430 Ripemd128Hmac = CKM_RIPEMD128_HMAC,
431 Ripemd128HmacGeneral = CKM_RIPEMD128_HMAC_GENERAL,
432 Ripemd160 = CKM_RIPEMD160,
433 Ripemd160Hmac = CKM_RIPEMD160_HMAC,
434 Ripemd160HmacGeneral = CKM_RIPEMD160_HMAC_GENERAL,
435 Sha256 = CKM_SHA256,
436 Sha256Hmac = CKM_SHA256_HMAC,
437 Sha256HmacGeneral = CKM_SHA256_HMAC_GENERAL,
438 Sha224 = CKM_SHA224,
439 Sha224Hmac = CKM_SHA224_HMAC,
440 Sha224HmacGeneral = CKM_SHA224_HMAC_GENERAL,
441 Sha384 = CKM_SHA384,
442 Sha384Hmac = CKM_SHA384_HMAC,
443 Sha384HmacGeneral = CKM_SHA384_HMAC_GENERAL,
444 Sha512 = CKM_SHA512,
445 Sha512Hmac = CKM_SHA512_HMAC,
446 Sha512HmacGeneral = CKM_SHA512_HMAC_GENERAL,
447 SecuridKeyGen = CKM_SECURID_KEY_GEN,
448 Securid = CKM_SECURID,
449 HotpKeyGen = CKM_HOTP_KEY_GEN,
450 Hotp = CKM_HOTP,
451 Acti = CKM_ACTI,
452 ActiKeyGen = CKM_ACTI_KEY_GEN,
453 CastKeyGen = CKM_CAST_KEY_GEN,
454 CastEcb = CKM_CAST_ECB,
455 CastCbc = CKM_CAST_CBC,
456 CastMac = CKM_CAST_MAC,
457 CastMacGeneral = CKM_CAST_MAC_GENERAL,
458 CastCbcPad = CKM_CAST_CBC_PAD,
459 Cast3KeyGen = CKM_CAST3_KEY_GEN,
460 Cast3Ecb = CKM_CAST3_ECB,
461 Cast3Cbc = CKM_CAST3_CBC,
462 Cast3Mac = CKM_CAST3_MAC,
463 Cast3MacGeneral = CKM_CAST3_MAC_GENERAL,
464 Cast3CbcPad = CKM_CAST3_CBC_PAD,
465 Cast5KeyGen = CKM_CAST5_KEY_GEN,
466 Cast128KeyGen = CKM_CAST128_KEY_GEN,
467 Cast5Ecb = CKM_CAST5_ECB,
468 Cast128Ecb = CKM_CAST128_ECB,
469 Cast5Cbc = CKM_CAST5_CBC,
470 Cast128Cbc = CKM_CAST128_CBC,
471 Cast5Mac = CKM_CAST5_MAC,
472 Cast128Mac = CKM_CAST128_MAC,
473 Cast5MacGeneral = CKM_CAST5_MAC_GENERAL,
474 Cast128MacGeneral = CKM_CAST128_MAC_GENERAL,
475 Cast5CbcPad = CKM_CAST5_CBC_PAD,
476 Cast128CbcPad = CKM_CAST128_CBC_PAD,
477 Rc5KeyGen = CKM_RC5_KEY_GEN,
478 Rc5Ecb = CKM_RC5_ECB,
479 Rc5Cbc = CKM_RC5_CBC,
480 Rc5Mac = CKM_RC5_MAC,
481 Rc5MacGeneral = CKM_RC5_MAC_GENERAL,
482 Rc5CbcPad = CKM_RC5_CBC_PAD,
483 IdeaKeyGen = CKM_IDEA_KEY_GEN,
484 IdeaEcb = CKM_IDEA_ECB,
485 IdeaCbc = CKM_IDEA_CBC,
486 IdeaMac = CKM_IDEA_MAC,
487 IdeaMacGeneral = CKM_IDEA_MAC_GENERAL,
488 IdeaCbcPad = CKM_IDEA_CBC_PAD,
489 GenericSecretKeyGen = CKM_GENERIC_SECRET_KEY_GEN,
490 ConcatenateBaseAndKey = CKM_CONCATENATE_BASE_AND_KEY,
491 ConcatenateBaseAndData = CKM_CONCATENATE_BASE_AND_DATA,
492 ConcatenateDataAndBase = CKM_CONCATENATE_DATA_AND_BASE,
493 XorBaseAndData = CKM_XOR_BASE_AND_DATA,
494 ExtractKeyFromKey = CKM_EXTRACT_KEY_FROM_KEY,
495 Ssl3PreMasterKeyGen = CKM_SSL3_PRE_MASTER_KEY_GEN,
496 Ssl3MasterKeyDerive = CKM_SSL3_MASTER_KEY_DERIVE,
497 Ssl3KeyAndMacDerive = CKM_SSL3_KEY_AND_MAC_DERIVE,
498 Ssl3MasterKeyDeriveDh = CKM_SSL3_MASTER_KEY_DERIVE_DH,
499 TlsPreMasterKeyGen = CKM_TLS_PRE_MASTER_KEY_GEN,
500 TlsMasterKeyDerive = CKM_TLS_MASTER_KEY_DERIVE,
501 TlsKeyAndMacDerive = CKM_TLS_KEY_AND_MAC_DERIVE,
502 TlsMasterKeyDeriveDh = CKM_TLS_MASTER_KEY_DERIVE_DH,
503 TlsPrf = CKM_TLS_PRF,
504 Ssl3Md5Mac = CKM_SSL3_MD5_MAC,
505 Ssl3Sha1Mac = CKM_SSL3_SHA1_MAC,
506 Md5KeyDerivation = CKM_MD5_KEY_DERIVATION,
507 Md2KeyDerivation = CKM_MD2_KEY_DERIVATION,
508 Sha1KeyDerivation = CKM_SHA1_KEY_DERIVATION,
509 Sha256KeyDerivation = CKM_SHA256_KEY_DERIVATION,
510 Sha384KeyDerivation = CKM_SHA384_KEY_DERIVATION,
511 Sha512KeyDerivation = CKM_SHA512_KEY_DERIVATION,
512 Sha224KeyDerivation = CKM_SHA224_KEY_DERIVATION,
513 PbeMd2DesCbc = CKM_PBE_MD2_DES_CBC,
514 PbeMd5DesCbc = CKM_PBE_MD5_DES_CBC,
515 PbeMd5CastCbc = CKM_PBE_MD5_CAST_CBC,
516 PbeMd5Cast3Cbc = CKM_PBE_MD5_CAST3_CBC,
517 PbeMd5Cast5Cbc = CKM_PBE_MD5_CAST5_CBC,
518 PbeMd5Cast128Cbc = CKM_PBE_MD5_CAST128_CBC,
519 PbeSha1Cast5Cbc = CKM_PBE_SHA1_CAST5_CBC,
520 PbeSha1Cast128Cbc = CKM_PBE_SHA1_CAST128_CBC,
521 PbeSha1Rc4128 = CKM_PBE_SHA1_RC4_128,
522 PbeSha1Rc440 = CKM_PBE_SHA1_RC4_40,
523 PbeSha1Des3EdeCbc = CKM_PBE_SHA1_DES3_EDE_CBC,
524 PbeSha1Des2EdeCbc = CKM_PBE_SHA1_DES2_EDE_CBC,
525 PbeSha1Rc2128Cbc = CKM_PBE_SHA1_RC2_128_CBC,
526 PbeSha1Rc240Cbc = CKM_PBE_SHA1_RC2_40_CBC,
527 Pkcs5Pbkd2 = CKM_PKCS5_PBKD2,
528 PbaSha1WithSha1Hmac = CKM_PBA_SHA1_WITH_SHA1_HMAC,
529 WtlsPreMasterKeyGen = CKM_WTLS_PRE_MASTER_KEY_GEN,
530 WtlsMasterKeyDerive = CKM_WTLS_MASTER_KEY_DERIVE,
531 WtlsMasterKeyDeriveDhEcc = CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC,
532 WtlsPrf = CKM_WTLS_PRF,
533 WtlsServerKeyAndMacDerive = CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE,
534 WtlsClientKeyAndMacDerive = CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE,
535 Tls10MacServer = CKM_TLS10_MAC_SERVER,
536 Tls10MacClient = CKM_TLS10_MAC_CLIENT,
537 Tls12Mac = CKM_TLS12_MAC,
538 Tls12Kdf = CKM_TLS12_KDF,
539 Tls12MasterKeyDerive = CKM_TLS12_MASTER_KEY_DERIVE,
540 Tls12KeyAndMacDerive = CKM_TLS12_KEY_AND_MAC_DERIVE,
541 Tls12MasterKeyDeriveDh = CKM_TLS12_MASTER_KEY_DERIVE_DH,
542 Tls12KeySafeDerive = CKM_TLS12_KEY_SAFE_DERIVE,
543 TlsMac = CKM_TLS_MAC,
544 TlsKdf = CKM_TLS_KDF,
545 KeyWrapLynks = CKM_KEY_WRAP_LYNKS,
546 KeyWrapSetOaep = CKM_KEY_WRAP_SET_OAEP,
547 CmsSig = CKM_CMS_SIG,
548 KipDerive = CKM_KIP_DERIVE,
549 KipWrap = CKM_KIP_WRAP,
550 KipMac = CKM_KIP_MAC,
551 CamelliaKeyGen = CKM_CAMELLIA_KEY_GEN,
552 CamelliaEcb = CKM_CAMELLIA_ECB,
553 CamelliaCbc = CKM_CAMELLIA_CBC,
554 CamelliaMac = CKM_CAMELLIA_MAC,
555 CamelliaMacGeneral = CKM_CAMELLIA_MAC_GENERAL,
556 CamelliaCbcPad = CKM_CAMELLIA_CBC_PAD,
557 CamelliaEcbEncryptData = CKM_CAMELLIA_ECB_ENCRYPT_DATA,
558 CamelliaCbcEncryptData = CKM_CAMELLIA_CBC_ENCRYPT_DATA,
559 CamelliaCtr = CKM_CAMELLIA_CTR,
560 AriaKeyGen = CKM_ARIA_KEY_GEN,
561 AriaEcb = CKM_ARIA_ECB,
562 AriaCbc = CKM_ARIA_CBC,
563 AriaMac = CKM_ARIA_MAC,
564 AriaMacGeneral = CKM_ARIA_MAC_GENERAL,
565 AriaCbcPad = CKM_ARIA_CBC_PAD,
566 AriaEcbEncryptData = CKM_ARIA_ECB_ENCRYPT_DATA,
567 AriaCbcEncryptData = CKM_ARIA_CBC_ENCRYPT_DATA,
568 SeedKeyGen = CKM_SEED_KEY_GEN,
569 SeedEcb = CKM_SEED_ECB,
570 SeedCbc = CKM_SEED_CBC,
571 SeedMac = CKM_SEED_MAC,
572 SeedMacGeneral = CKM_SEED_MAC_GENERAL,
573 SeedCbcPad = CKM_SEED_CBC_PAD,
574 SeedEcbEncryptData = CKM_SEED_ECB_ENCRYPT_DATA,
575 SeedCbcEncryptData = CKM_SEED_CBC_ENCRYPT_DATA,
576 SkipjackKeyGen = CKM_SKIPJACK_KEY_GEN,
577 SkipjackEcb64 = CKM_SKIPJACK_ECB64,
578 SkipjackCbc64 = CKM_SKIPJACK_CBC64,
579 SkipjackOfb64 = CKM_SKIPJACK_OFB64,
580 SkipjackCfb64 = CKM_SKIPJACK_CFB64,
581 SkipjackCfb32 = CKM_SKIPJACK_CFB32,
582 SkipjackCfb16 = CKM_SKIPJACK_CFB16,
583 SkipjackCfb8 = CKM_SKIPJACK_CFB8,
584 SkipjackWrap = CKM_SKIPJACK_WRAP,
585 SkipjackPrivateWrap = CKM_SKIPJACK_PRIVATE_WRAP,
586 SkipjackRelayx = CKM_SKIPJACK_RELAYX,
587 KeaKeyPairGen = CKM_KEA_KEY_PAIR_GEN,
588 KeaKeyDerive = CKM_KEA_KEY_DERIVE,
589 KeaDerive = CKM_KEA_DERIVE,
590 FortezzaTimestamp = CKM_FORTEZZA_TIMESTAMP,
591 BatonKeyGen = CKM_BATON_KEY_GEN,
592 BatonEcb128 = CKM_BATON_ECB128,
593 BatonEcb96 = CKM_BATON_ECB96,
594 BatonCbc128 = CKM_BATON_CBC128,
595 BatonCounter = CKM_BATON_COUNTER,
596 BatonShuffle = CKM_BATON_SHUFFLE,
597 BatonWrap = CKM_BATON_WRAP,
598 EcdsaKeyPairGen = CKM_ECDSA_KEY_PAIR_GEN,
599 EcKeyPairGen = CKM_EC_KEY_PAIR_GEN,
600 Ecdsa = CKM_ECDSA,
601 EcdsaSha1 = CKM_ECDSA_SHA1,
602 EcdsaSha224 = CKM_ECDSA_SHA224,
603 EcdsaSha256 = CKM_ECDSA_SHA256,
604 EcdsaSha384 = CKM_ECDSA_SHA384,
605 EcdsaSha512 = CKM_ECDSA_SHA512,
606 Ecdh1Derive = CKM_ECDH1_DERIVE,
607 Ecdh1CofactorDerive = CKM_ECDH1_COFACTOR_DERIVE,
608 EcmqvDerive = CKM_ECMQV_DERIVE,
609 EcdhAesKeyWrap = CKM_ECDH_AES_KEY_WRAP,
610 RsaAesKeyWrap = CKM_RSA_AES_KEY_WRAP,
611 JuniperKeyGen = CKM_JUNIPER_KEY_GEN,
612 JuniperEcb128 = CKM_JUNIPER_ECB128,
613 JuniperCbc128 = CKM_JUNIPER_CBC128,
614 JuniperCounter = CKM_JUNIPER_COUNTER,
615 JuniperShuffle = CKM_JUNIPER_SHUFFLE,
616 JuniperWrap = CKM_JUNIPER_WRAP,
617 Fasthash = CKM_FASTHASH,
618 AesKeyGen = CKM_AES_KEY_GEN,
619 AesEcb = CKM_AES_ECB,
620 AesCbc = CKM_AES_CBC,
621 AesMac = CKM_AES_MAC,
622 AesMacGeneral = CKM_AES_MAC_GENERAL,
623 AesCbcPad = CKM_AES_CBC_PAD,
624 AesCtr = CKM_AES_CTR,
625 AesGcm = CKM_AES_GCM,
626 AesCcm = CKM_AES_CCM,
627 AesCts = CKM_AES_CTS,
628 AesCmac = CKM_AES_CMAC,
629 AesCmacGeneral = CKM_AES_CMAC_GENERAL,
630 AesXcbcMac = CKM_AES_XCBC_MAC,
631 AesXcbcMac96 = CKM_AES_XCBC_MAC_96,
632 AesGmac = CKM_AES_GMAC,
633 BlowfishKeyGen = CKM_BLOWFISH_KEY_GEN,
634 BlowfishCbc = CKM_BLOWFISH_CBC,
635 TwofishKeyGen = CKM_TWOFISH_KEY_GEN,
636 TwofishCbc = CKM_TWOFISH_CBC,
637 BlowfishCbcPad = CKM_BLOWFISH_CBC_PAD,
638 TwofishCbcPad = CKM_TWOFISH_CBC_PAD,
639 DesEcbEncryptData = CKM_DES_ECB_ENCRYPT_DATA,
640 DesCbcEncryptData = CKM_DES_CBC_ENCRYPT_DATA,
641 Des3EcbEncryptData = CKM_DES3_ECB_ENCRYPT_DATA,
642 Des3CbcEncryptData = CKM_DES3_CBC_ENCRYPT_DATA,
643 AesEcbEncryptData = CKM_AES_ECB_ENCRYPT_DATA,
644 AesCbcEncryptData = CKM_AES_CBC_ENCRYPT_DATA,
645 Gostr3410KeyPairGen = CKM_GOSTR3410_KEY_PAIR_GEN,
646 Gostr3410 = CKM_GOSTR3410,
647 Gostr3410WithGostr3411 = CKM_GOSTR3410_WITH_GOSTR3411,
648 Gostr3410KeyWrap = CKM_GOSTR3410_KEY_WRAP,
649 Gostr3410Derive = CKM_GOSTR3410_DERIVE,
650 Gostr3411 = CKM_GOSTR3411,
651 Gostr3411Hmac = CKM_GOSTR3411_HMAC,
652 Gost28147KeyGen = CKM_GOST28147_KEY_GEN,
653 Gost28147Ecb = CKM_GOST28147_ECB,
654 Gost28147 = CKM_GOST28147,
655 Gost28147Mac = CKM_GOST28147_MAC,
656 Gost28147KeyWrap = CKM_GOST28147_KEY_WRAP,
657 DsaParameterGen = CKM_DSA_PARAMETER_GEN,
658 DhPkcsParameterGen = CKM_DH_PKCS_PARAMETER_GEN,
659 X942DhParameterGen = CKM_X9_42_DH_PARAMETER_GEN,
660 DsaProbablisticParameterGen = CKM_DSA_PROBABLISTIC_PARAMETER_GEN,
661 DsaShaweTaylorParameterGen = CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN,
662 AesOfb = CKM_AES_OFB,
663 AesCfb64 = CKM_AES_CFB64,
664 AesCfb8 = CKM_AES_CFB8,
665 AesCfb128 = CKM_AES_CFB128,
666 AesCfb1 = CKM_AES_CFB1,
667 AesKeyWrap = CKM_AES_KEY_WRAP,
668 AesKeyWrapPad = CKM_AES_KEY_WRAP_PAD,
669 RsaPkcsTpm11 = CKM_RSA_PKCS_TPM_1_1,
670 RsaPkcsOaepTpm11 = CKM_RSA_PKCS_OAEP_TPM_1_1,
671 VendorDefined = CKM_VENDOR_DEFINED,
672 };
673
674 enum class Notification : CK_NOTIFICATION
675 {
676 Surrender = CKN_SURRENDER,
677 OtpChanged = CKN_OTP_CHANGED,
678 };
679
680 enum class ObjectClass : CK_OBJECT_CLASS
681 {
682 Data = CKO_DATA,
683 Certificate = CKO_CERTIFICATE,
684 PublicKey = CKO_PUBLIC_KEY,
685 PrivateKey = CKO_PRIVATE_KEY,
686 SecretKey = CKO_SECRET_KEY,
687 HwFeature = CKO_HW_FEATURE,
688 DomainParameters = CKO_DOMAIN_PARAMETERS,
689 Mechanism = CKO_MECHANISM,
690 OtpKey = CKO_OTP_KEY,
691 VendorDefined = CKO_VENDOR_DEFINED,
692 };
693
694 enum class PseudoRandom : CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE
695 {
696 Pkcs5Pbkd2HmacSha1 = CKP_PKCS5_PBKD2_HMAC_SHA1,
697 Pkcs5Pbkd2HmacGostr3411 = CKP_PKCS5_PBKD2_HMAC_GOSTR3411,
698 Pkcs5Pbkd2HmacSha224 = CKP_PKCS5_PBKD2_HMAC_SHA224,
699 Pkcs5Pbkd2HmacSha256 = CKP_PKCS5_PBKD2_HMAC_SHA256,
700 Pkcs5Pbkd2HmacSha384 = CKP_PKCS5_PBKD2_HMAC_SHA384,
701 Pkcs5Pbkd2HmacSha512 = CKP_PKCS5_PBKD2_HMAC_SHA512,
702 Pkcs5Pbkd2HmacSha512224 = CKP_PKCS5_PBKD2_HMAC_SHA512_224,
703 Pkcs5Pbkd2HmacSha512256 = CKP_PKCS5_PBKD2_HMAC_SHA512_256,
704 };
705
706 enum class SessionState : CK_STATE
707 {
708 RoPublicSession = CKS_RO_PUBLIC_SESSION,
709 RoUserFunctions = CKS_RO_USER_FUNCTIONS,
710 RwPublicSession = CKS_RW_PUBLIC_SESSION,
711 RwUserFunctions = CKS_RW_USER_FUNCTIONS,
712 RwSoFunctions = CKS_RW_SO_FUNCTIONS,
713 };
714
715 enum class ReturnValue : CK_RV
716 {
717 OK = CKR_OK,
718 Cancel = CKR_CANCEL,
719 HostMemory = CKR_HOST_MEMORY,
720 SlotIdInvalid = CKR_SLOT_ID_INVALID,
721 GeneralError = CKR_GENERAL_ERROR,
722 FunctionFailed = CKR_FUNCTION_FAILED,
723 ArgumentsBad = CKR_ARGUMENTS_BAD,
724 NoEvent = CKR_NO_EVENT,
725 NeedToCreateThreads = CKR_NEED_TO_CREATE_THREADS,
726 CantLock = CKR_CANT_LOCK,
727 AttributeReadOnly = CKR_ATTRIBUTE_READ_ONLY,
728 AttributeSensitive = CKR_ATTRIBUTE_SENSITIVE,
729 AttributeTypeInvalid = CKR_ATTRIBUTE_TYPE_INVALID,
730 AttributeValueInvalid = CKR_ATTRIBUTE_VALUE_INVALID,
731 ActionProhibited = CKR_ACTION_PROHIBITED,
732 DataInvalid = CKR_DATA_INVALID,
733 DataLenRange = CKR_DATA_LEN_RANGE,
734 DeviceError = CKR_DEVICE_ERROR,
735 DeviceMemory = CKR_DEVICE_MEMORY,
736 DeviceRemoved = CKR_DEVICE_REMOVED,
737 EncryptedDataInvalid = CKR_ENCRYPTED_DATA_INVALID,
738 EncryptedDataLenRange = CKR_ENCRYPTED_DATA_LEN_RANGE,
739 FunctionCanceled = CKR_FUNCTION_CANCELED,
740 FunctionNotParallel = CKR_FUNCTION_NOT_PARALLEL,
741 FunctionNotSupported = CKR_FUNCTION_NOT_SUPPORTED,
742 KeyHandleInvalid = CKR_KEY_HANDLE_INVALID,
743 KeySizeRange = CKR_KEY_SIZE_RANGE,
744 KeyTypeInconsistent = CKR_KEY_TYPE_INCONSISTENT,
745 KeyNotNeeded = CKR_KEY_NOT_NEEDED,
746 KeyChanged = CKR_KEY_CHANGED,
747 KeyNeeded = CKR_KEY_NEEDED,
748 KeyIndigestible = CKR_KEY_INDIGESTIBLE,
749 KeyFunctionNotPermitted = CKR_KEY_FUNCTION_NOT_PERMITTED,
750 KeyNotWrappable = CKR_KEY_NOT_WRAPPABLE,
751 KeyUnextractable = CKR_KEY_UNEXTRACTABLE,
752 MechanismInvalid = CKR_MECHANISM_INVALID,
753 MechanismParamInvalid = CKR_MECHANISM_PARAM_INVALID,
754 ObjectHandleInvalid = CKR_OBJECT_HANDLE_INVALID,
755 OperationActive = CKR_OPERATION_ACTIVE,
756 OperationNotInitialized = CKR_OPERATION_NOT_INITIALIZED,
757 PinIncorrect = CKR_PIN_INCORRECT,
758 PinInvalid = CKR_PIN_INVALID,
759 PinLenRange = CKR_PIN_LEN_RANGE,
760 PinExpired = CKR_PIN_EXPIRED,
761 PinLocked = CKR_PIN_LOCKED,
762 SessionClosed = CKR_SESSION_CLOSED,
763 SessionCount = CKR_SESSION_COUNT,
764 SessionHandleInvalid = CKR_SESSION_HANDLE_INVALID,
765 SessionParallelNotSupported = CKR_SESSION_PARALLEL_NOT_SUPPORTED,
766 SessionReadOnly = CKR_SESSION_READ_ONLY,
767 SessionExists = CKR_SESSION_EXISTS,
768 SessionReadOnlyExists = CKR_SESSION_READ_ONLY_EXISTS,
769 SessionReadWriteSoExists = CKR_SESSION_READ_WRITE_SO_EXISTS,
770 SignatureInvalid = CKR_SIGNATURE_INVALID,
771 SignatureLenRange = CKR_SIGNATURE_LEN_RANGE,
772 TemplateIncomplete = CKR_TEMPLATE_INCOMPLETE,
773 TemplateInconsistent = CKR_TEMPLATE_INCONSISTENT,
774 TokenNotPresent = CKR_TOKEN_NOT_PRESENT,
775 TokenNotRecognized = CKR_TOKEN_NOT_RECOGNIZED,
776 TokenWriteProtected = CKR_TOKEN_WRITE_PROTECTED,
777 UnwrappingKeyHandleInvalid = CKR_UNWRAPPING_KEY_HANDLE_INVALID,
778 UnwrappingKeySizeRange = CKR_UNWRAPPING_KEY_SIZE_RANGE,
779 UnwrappingKeyTypeInconsistent = CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT,
780 UserAlreadyLoggedIn = CKR_USER_ALREADY_LOGGED_IN,
781 UserNotLoggedIn = CKR_USER_NOT_LOGGED_IN,
782 UserPinNotInitialized = CKR_USER_PIN_NOT_INITIALIZED,
783 UserTypeInvalid = CKR_USER_TYPE_INVALID,
784 UserAnotherAlreadyLoggedIn = CKR_USER_ANOTHER_ALREADY_LOGGED_IN,
785 UserTooManyTypes = CKR_USER_TOO_MANY_TYPES,
786 WrappedKeyInvalid = CKR_WRAPPED_KEY_INVALID,
787 WrappedKeyLenRange = CKR_WRAPPED_KEY_LEN_RANGE,
788 WrappingKeyHandleInvalid = CKR_WRAPPING_KEY_HANDLE_INVALID,
789 WrappingKeySizeRange = CKR_WRAPPING_KEY_SIZE_RANGE,
790 WrappingKeyTypeInconsistent = CKR_WRAPPING_KEY_TYPE_INCONSISTENT,
791 RandomSeedNotSupported = CKR_RANDOM_SEED_NOT_SUPPORTED,
792 RandomNoRng = CKR_RANDOM_NO_RNG,
793 DomainParamsInvalid = CKR_DOMAIN_PARAMS_INVALID,
794 CurveNotSupported = CKR_CURVE_NOT_SUPPORTED,
795 BufferTooSmall = CKR_BUFFER_TOO_SMALL,
796 SavedStateInvalid = CKR_SAVED_STATE_INVALID,
797 InformationSensitive = CKR_INFORMATION_SENSITIVE,
798 StateUnsaveable = CKR_STATE_UNSAVEABLE,
799 CryptokiNotInitialized = CKR_CRYPTOKI_NOT_INITIALIZED,
800 CryptokiAlreadyInitialized = CKR_CRYPTOKI_ALREADY_INITIALIZED,
801 MutexBad = CKR_MUTEX_BAD,
802 MutexNotLocked = CKR_MUTEX_NOT_LOCKED,
803 NewPinMode = CKR_NEW_PIN_MODE,
804 NextOtp = CKR_NEXT_OTP,
805 ExceededMaxIterations = CKR_EXCEEDED_MAX_ITERATIONS,
806 FipsSelfTestFailed = CKR_FIPS_SELF_TEST_FAILED,
807 LibraryLoadFailed = CKR_LIBRARY_LOAD_FAILED,
808 PinTooWeak = CKR_PIN_TOO_WEAK,
809 PublicKeyInvalid = CKR_PUBLIC_KEY_INVALID,
810 FunctionRejected = CKR_FUNCTION_REJECTED,
811 VendorDefined = CKR_VENDOR_DEFINED,
812 };
813
814 enum class UserType : CK_USER_TYPE
815 {
816 SO = CKU_SO,
817 User = CKU_USER,
818 ContextSpecific = CKU_CONTEXT_SPECIFIC,
819 };
820
821 enum class PublicPointEncoding : uint32_t
822 {
823 Raw,
824 Der
825 };
826
827 using FunctionListPtr = CK_FUNCTION_LIST_PTR;
828 using VoidPtr = CK_VOID_PTR;
829 using C_InitializeArgs = CK_C_INITIALIZE_ARGS;
830 using CreateMutex = CK_CREATEMUTEX;
831 using DestroyMutex = CK_DESTROYMUTEX;
832 using LockMutex = CK_LOCKMUTEX;
833 using UnlockMutex = CK_UNLOCKMUTEX;
834 using Flags = CK_FLAGS;
835 using Info = CK_INFO;
836 using Bbool = CK_BBOOL;
837 using SlotId = CK_SLOT_ID;
838 using Ulong = CK_ULONG;
839 using SlotInfo = CK_SLOT_INFO;
840 using TokenInfo = CK_TOKEN_INFO;
841 using Mechanism = CK_MECHANISM;
842 using MechanismInfo = CK_MECHANISM_INFO;
843 using Utf8Char = CK_UTF8CHAR;
844 using Notify = CK_NOTIFY;
845 using SessionHandle = CK_SESSION_HANDLE;
846 using SessionInfo = CK_SESSION_INFO;
847 using Attribute = CK_ATTRIBUTE;
848 using ObjectHandle = CK_OBJECT_HANDLE;
849 using Byte = CK_BYTE;
850 using RsaPkcsOaepParams = CK_RSA_PKCS_OAEP_PARAMS;
851 using RsaPkcsPssParams = CK_RSA_PKCS_PSS_PARAMS;
852 using Ecdh1DeriveParams = CK_ECDH1_DERIVE_PARAMS;
853 using Date = CK_DATE;
854
855 BOTAN_PUBLIC_API(2,0) extern ReturnValue* ThrowException;
856
857 const Bbool True = CK_TRUE;
858 const Bbool False = CK_FALSE;
859
flags(Flag flags)860 inline Flags flags(Flag flags)
861 {
862 return static_cast<Flags>(flags);
863 }
864
865 class Slot;
866
867 /**
868 * Initializes a token
869 * @param slot The slot with the attached token that should be initialized
870 * @param label The token label
871 * @param so_pin PIN of the security officer. Will be set if the token is uninitialized other this has to be the current SO_PIN
872 * @param pin The user PIN that will be set
873 */
874 BOTAN_PUBLIC_API(2,0) void initialize_token(Slot& slot, const std::string& label, const secure_string& so_pin,
875 const secure_string& pin);
876
877 /**
878 * Change PIN with old PIN to new PIN
879 * @param slot The slot with the attached token
880 * @param old_pin The old user PIN
881 * @param new_pin The new user PIN
882 */
883
884 BOTAN_PUBLIC_API(2,0) void change_pin(Slot& slot, const secure_string& old_pin, const secure_string& new_pin);
885
886 /**
887 * Change SO_PIN with old SO_PIN to new SO_PIN
888 * @param slot The slot with the attached token
889 * @param old_so_pin The old SO_PIN
890 * @param new_so_pin The new SO_PIN
891 */
892 BOTAN_PUBLIC_API(2,0) void change_so_pin(Slot& slot, const secure_string& old_so_pin, const secure_string& new_so_pin);
893
894 /**
895 * Sets user PIN with SO_PIN
896 * @param slot The slot with the attached token
897 * @param so_pin PIN of the security officer
898 * @param pin The user PIN that should be set
899 */
900 BOTAN_PUBLIC_API(2,0) void set_pin(Slot& slot, const secure_string& so_pin, const secure_string& pin);
901
902 /// Provides access to all PKCS#11 functions
903 class BOTAN_PUBLIC_API(2,0) LowLevel
904 {
905 public:
906 /// @param ptr the functon list pointer to use. Can be retrieved via `LowLevel::C_GetFunctionList`
907 explicit LowLevel(FunctionListPtr ptr);
908
909 /****************************** General purpose functions ******************************/
910
911 /**
912 * C_Initialize initializes the Cryptoki library.
913 * @param init_args if this is not nullptr, it gets cast to (`C_InitializeArgs`) and dereferenced
914 * @param return_value default value (`ThrowException`): throw exception on error.
915 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
916 * At least the following PKCS#11 return values may be returned:
917 * \li ArgumentsBad \li CantLock \li CryptokiAlreadyInitialized
918 * \li FunctionFailed \li GeneralError \li HostMemory
919 * \li NeedToCreateThreads \li OK
920 * @return true on success, false otherwise
921 */
922 bool C_Initialize(VoidPtr init_args,
923 ReturnValue* return_value = ThrowException) const;
924
925 /**
926 * C_Finalize indicates that an application is done with the Cryptoki library.
927 * @param reserved reserved. Should be nullptr
928 * @param return_value default value (`ThrowException`): throw exception on error.
929 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
930 * At least the following PKCS#11 return values may be returned:
931 * \li ArgumentsBad \li CryptokiNotInitialized \li FunctionFailed
932 * \li GeneralError \li HostMemory \li OK
933 * @return true on success, false otherwise
934 */
935 bool C_Finalize(VoidPtr reserved,
936 ReturnValue* return_value = ThrowException) const;
937
938 /**
939 * C_GetInfo returns general information about Cryptoki.
940 * @param info_ptr location that receives information
941 * @param return_value default value (`ThrowException`): throw exception on error.
942 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
943 * At least the following PKCS#11 return values may be returned:
944 * \li ArgumentsBad \li CryptokiNotInitialized \li FunctionFailed
945 * \li GeneralError \li HostMemory \li OK
946 * @return true on success, false otherwise
947 */
948 bool C_GetInfo(Info* info_ptr,
949 ReturnValue* return_value = ThrowException) const;
950
951 /**
952 * C_GetFunctionList returns the function list.
953 * @param pkcs11_module The PKCS#11 module
954 * @param function_list_ptr_ptr receives pointer to function list
955 * @param return_value default value (`ThrowException`): throw exception on error.
956 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
957 * At least the following PKCS#11 return values may be returned:
958 * \li ArgumentsBad \li FunctionFailed \li GeneralError
959 * \li HostMemory \li OK
960 * @return true on success, false otherwise
961 */
962 static bool C_GetFunctionList(Dynamically_Loaded_Library& pkcs11_module, FunctionListPtr* function_list_ptr_ptr,
963 ReturnValue* return_value = ThrowException);
964
965 /****************************** Slot and token management functions ******************************/
966
967 /**
968 * C_GetSlotList obtains a list of slots in the system.
969 * @param token_present only slots with tokens
970 * @param slot_list_ptr receives array of slot IDs
971 * @param count_ptr receives number of slots
972 * @param return_value default value (`ThrowException`): throw exception on error.
973 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
974 * At least the following PKCS#11 return values may be returned:
975 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
976 * \li FunctionFailed \li GeneralError \li HostMemory
977 * \li OK
978 * @return true on success, false otherwise
979 */
980 bool C_GetSlotList(Bbool token_present,
981 SlotId* slot_list_ptr,
982 Ulong* count_ptr,
983 ReturnValue* return_value = ThrowException) const;
984
985 /**
986 * C_GetSlotList obtains a list of slots in the system.
987 * @param token_present only slots with tokens
988 * @param slot_ids receives vector of slot IDs
989 * @param return_value default value (`ThrowException`): throw exception on error.
990 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
991 * At least the following PKCS#11 return values may be returned:
992 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
993 * \li FunctionFailed \li GeneralError \li HostMemory
994 * \li OK
995 * @return true on success, false otherwise
996 */
997 bool C_GetSlotList(bool token_present,
998 std::vector<SlotId>& slot_ids,
999 ReturnValue* return_value = ThrowException) const;
1000
1001 /**
1002 * C_GetSlotInfo obtains information about a particular slot in the system.
1003 * @param slot_id the ID of the slot
1004 * @param info_ptr receives the slot information
1005 * @param return_value default value (`ThrowException`): throw exception on error.
1006 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1007 * At least the following PKCS#11 return values may be returned:
1008 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1009 * \li FunctionFailed \li GeneralError \li HostMemory
1010 * \li OK \li SlotIdInvalid
1011 * @return true on success, false otherwise
1012 */
1013 bool C_GetSlotInfo(SlotId slot_id,
1014 SlotInfo* info_ptr,
1015 ReturnValue* return_value = ThrowException) const;
1016
1017 /**
1018 * C_GetTokenInfo obtains information about a particular token in the system.
1019 * @param slot_id ID of the token's slot
1020 * @param info_ptr receives the token information
1021 * @param return_value default value (`ThrowException`): throw exception on error.
1022 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1023 * At least the following PKCS#11 return values may be returned:
1024 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1025 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1026 * \li HostMemory \li OK \li SlotIdInvalid
1027 * \li TokenNotPresent \li TokenNotRecognized \li ArgumentsBad
1028 * @return true on success, false otherwise
1029 */
1030 bool C_GetTokenInfo(SlotId slot_id,
1031 TokenInfo* info_ptr,
1032 ReturnValue* return_value = ThrowException) const;
1033
1034 /**
1035 * C_WaitForSlotEvent waits for a slot event (token insertion, removal, etc.) to occur.
1036 * @param flags blocking/nonblocking flag
1037 * @param slot_ptr location that receives the slot ID
1038 * @param reserved reserved. Should be NULL_PTR
1039 * @param return_value default value (`ThrowException`): throw exception on error.
1040 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1041 * At least the following PKCS#11 return values may be returned:
1042 * \li ArgumentsBad \li CryptokiNotInitialized \li FunctionFailed
1043 * \li GeneralError \li HostMemory \li NoEvent
1044 * \li OK
1045 * @return true on success, false otherwise
1046 */
1047 bool C_WaitForSlotEvent(Flags flags,
1048 SlotId* slot_ptr,
1049 VoidPtr reserved,
1050 ReturnValue* return_value = ThrowException) const;
1051
1052 /**
1053 * C_GetMechanismList obtains a list of mechanism types supported by a token.
1054 * @param slot_id ID of token's slot
1055 * @param mechanism_list_ptr gets mech. array
1056 * @param count_ptr gets # of mechs.
1057 * @param return_value default value (`ThrowException`): throw exception on error.
1058 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1059 * At least the following PKCS#11 return values may be returned:
1060 * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1061 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1062 * \li GeneralError \li HostMemory \li OK
1063 * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1064 * \li ArgumentsBad
1065 * @return true on success, false otherwise
1066 */
1067 bool C_GetMechanismList(SlotId slot_id,
1068 MechanismType* mechanism_list_ptr,
1069 Ulong* count_ptr,
1070 ReturnValue* return_value = ThrowException) const;
1071
1072 /**
1073 * C_GetMechanismList obtains a list of mechanism types supported by a token.
1074 * @param slot_id ID of token's slot
1075 * @param mechanisms receives vector of supported mechanisms
1076 * @param return_value default value (`ThrowException`): throw exception on error.
1077 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1078 * At least the following PKCS#11 return values may be returned:
1079 * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1080 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1081 * \li GeneralError \li HostMemory \li OK
1082 * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1083 * \li ArgumentsBad
1084 * @return true on success, false otherwise
1085 */
1086 bool C_GetMechanismList(SlotId slot_id,
1087 std::vector<MechanismType>& mechanisms,
1088 ReturnValue* return_value = ThrowException) const;
1089
1090 /**
1091 * C_GetMechanismInfo obtains information about a particular mechanism possibly supported by a token.
1092 * @param slot_id ID of the token's slot
1093 * @param type type of mechanism
1094 * @param info_ptr receives mechanism info
1095 * @param return_value default value (`ThrowException`): throw exception on error.
1096 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1097 * At least the following PKCS#11 return values may be returned:
1098 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1099 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1100 * \li HostMemory \li MechanismInvalid \li OK
1101 * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1102 * \li ArgumentsBad
1103 * @return true on success, false otherwise
1104 */
1105 bool C_GetMechanismInfo(SlotId slot_id,
1106 MechanismType type,
1107 MechanismInfo* info_ptr,
1108 ReturnValue* return_value = ThrowException) const;
1109
1110 /**
1111 * C_InitToken initializes a token.
1112 * @param slot_id ID of the token's slot
1113 * @param so_pin_ptr the SO's initial PIN
1114 * @param so_pin_len length in bytes of the SO_PIN
1115 * @param label_ptr 32-byte token label (blank padded)
1116 * @param return_value default value (`ThrowException`): throw exception on error.
1117 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1118 * At least the following PKCS#11 return values may be returned:
1119 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1120 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1121 * \li GeneralError \li HostMemory \li OK
1122 * \li PinIncorrect \li PinLocked \li SessionExists
1123 * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1124 * \li TokenWriteProtected \li ArgumentsBad
1125 * @return true on success, false otherwise
1126 */
1127 bool C_InitToken(SlotId slot_id,
1128 Utf8Char* so_pin_ptr,
1129 Ulong so_pin_len,
1130 Utf8Char* label_ptr,
1131 ReturnValue* return_value = ThrowException) const;
1132
1133 /**
1134 * C_InitToken initializes a token.
1135 * @param slot_id ID of the token's slot
1136 * @param so_pin the SO's initial PIN
1137 * @param label token label (at max 32 bytes long)
1138 * @param return_value default value (`ThrowException`): throw exception on error.
1139 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1140 * At least the following PKCS#11 return values may be returned:
1141 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1142 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1143 * \li GeneralError \li HostMemory \li OK
1144 * \li PinIncorrect \li PinLocked \li SessionExists
1145 * \li SlotIdInvalid \li TokenNotPresent \li TokenNotRecognized
1146 * \li TokenWriteProtected \li ArgumentsBad
1147 * @return true on success, false otherwise
1148 */
1149 template<typename TAlloc>
1150 bool C_InitToken(SlotId slot_id,
1151 const std::vector<uint8_t, TAlloc>& so_pin,
1152 const std::string& label,
1153 ReturnValue* return_value = ThrowException) const
1154 {
1155 std::string padded_label = label;
1156 if(label.size() < 32)
1157 {
1158 padded_label.insert(padded_label.end(), 32 - label.size(), ' ');
1159 }
1160
1161 return C_InitToken(slot_id,
1162 reinterpret_cast< Utf8Char* >(const_cast< uint8_t* >(so_pin.data())),
1163 static_cast<Ulong>(so_pin.size()),
1164 reinterpret_cast< Utf8Char* >(const_cast< char* >(padded_label.c_str())),
1165 return_value);
1166 }
1167
1168 /**
1169 * C_InitPIN initializes the normal user's PIN.
1170 * @param session the session's handle
1171 * @param pin_ptr the normal user's PIN
1172 * @param pin_len length in bytes of the PIN
1173 * @param return_value default value (`ThrowException`): throw exception on error.
1174 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1175 * At least the following PKCS#11 return values may be returned:
1176 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1177 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1178 * \li GeneralError \li HostMemory \li OK
1179 * \li PinInvalid \li PinLenRange \li SessionClosed
1180 * \li SessionReadOnly \li SessionHandleInvalid \li TokenWriteProtected
1181 * \li UserNotLoggedIn \li ArgumentsBad
1182 * @return true on success, false otherwise
1183 */
1184 bool C_InitPIN(SessionHandle session,
1185 Utf8Char* pin_ptr,
1186 Ulong pin_len,
1187 ReturnValue* return_value = ThrowException) const;
1188
1189 /**
1190 * C_InitPIN initializes the normal user's PIN.
1191 * @param session the session's handle
1192 * @param pin the normal user's PIN
1193 * @param return_value default value (`ThrowException`): throw exception on error.
1194 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1195 * At least the following PKCS#11 return values may be returned:
1196 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1197 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1198 * \li GeneralError \li HostMemory \li OK
1199 * \li PinInvalid \li PinLenRange \li SessionClosed
1200 * \li SessionReadOnly \li SessionHandleInvalid \li TokenWriteProtected
1201 * \li UserNotLoggedIn \li ArgumentsBad
1202 * @return true on success, false otherwise
1203 */
1204 template<typename TAlloc>
1205 bool C_InitPIN(SessionHandle session,
1206 const std::vector<uint8_t, TAlloc>& pin,
1207 ReturnValue* return_value = ThrowException) const
1208 {
1209 return C_InitPIN(session,
1210 reinterpret_cast< Utf8Char* >(const_cast< uint8_t* >(pin.data())),
1211 static_cast<Ulong>(pin.size()),
1212 return_value);
1213 }
1214
1215 /**
1216 * C_SetPIN modifies the PIN of the user who is logged in.
1217 * @param session the session's handle
1218 * @param old_pin_ptr the old PIN
1219 * @param old_len length of the old PIN
1220 * @param new_pin_ptr the new PIN
1221 * @param new_len length of the new PIN
1222 * @param return_value default value (`ThrowException`): throw exception on error.
1223 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1224 * At least the following PKCS#11 return values may be returned:
1225 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1226 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1227 * \li GeneralError \li HostMemory \li OK
1228 * \li PinIncorrect \li PinInvalid \li PinLenRange
1229 * \li PinLocked \li SessionClosed \li SessionHandleInvalid
1230 * \li SessionReadOnly \li TokenWriteProtected \li ArgumentsBad
1231 * @return true on success, false otherwise
1232 */
1233 bool C_SetPIN(SessionHandle session,
1234 Utf8Char* old_pin_ptr,
1235 Ulong old_len,
1236 Utf8Char* new_pin_ptr,
1237 Ulong new_len,
1238 ReturnValue* return_value = ThrowException) const;
1239
1240 /**
1241 * C_SetPIN modifies the PIN of the user who is logged in.
1242 * @param session the session's handle
1243 * @param old_pin the old PIN
1244 * @param new_pin the new PIN
1245 * @param return_value default value (`ThrowException`): throw exception on error.
1246 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1247 * At least the following PKCS#11 return values may be returned:
1248 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1249 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1250 * \li GeneralError \li HostMemory \li OK
1251 * \li PinIncorrect \li PinInvalid \li PinLenRange
1252 * \li PinLocked \li SessionClosed \li SessionHandleInvalid
1253 * \li SessionReadOnly \li TokenWriteProtected \li ArgumentsBad
1254 * @return true on success, false otherwise
1255 */
1256 template<typename TAlloc>
1257 bool C_SetPIN(SessionHandle session,
1258 const std::vector<uint8_t, TAlloc>& old_pin,
1259 const std::vector<uint8_t, TAlloc>& new_pin,
1260 ReturnValue* return_value = ThrowException) const
1261 {
1262 return C_SetPIN(session,
1263 reinterpret_cast< Utf8Char* >(const_cast< uint8_t* >(old_pin.data())),
1264 static_cast<Ulong>(old_pin.size()),
1265 reinterpret_cast< Utf8Char* >(const_cast< uint8_t* >(new_pin.data())),
1266 static_cast<Ulong>(new_pin.size()),
1267 return_value);
1268 }
1269
1270
1271 /****************************** Session management ******************************/
1272
1273 /**
1274 * C_OpenSession opens a session between an application and a token.
1275 * @param slot_id the slot's ID
1276 * @param flags from CK_SESSION_INFO
1277 * @param application passed to callback
1278 * @param notify callback function
1279 * @param session_ptr gets session handle
1280 * @param return_value default value (`ThrowException`): throw exception on error.
1281 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1282 * At least the following PKCS#11 return values may be returned:
1283 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1284 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1285 * \li HostMemory \li OK \li SessionCount
1286 * \li SessionParallelNotSupported \li SessionReadWriteSoExists \li SlotIdInvalid
1287 * \li TokenNotPresent \li TokenNotRecognized \li TokenWriteProtected
1288 * \li ArgumentsBad
1289 * @return true on success, false otherwise
1290 */
1291 bool C_OpenSession(SlotId slot_id,
1292 Flags flags,
1293 VoidPtr application,
1294 Notify notify,
1295 SessionHandle* session_ptr,
1296 ReturnValue* return_value = ThrowException) const;
1297
1298 /**
1299 * C_CloseSession closes a session between an application and a token.
1300 * @param session the session's handle
1301 * @param return_value default value (`ThrowException`): throw exception on error.
1302 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1303 * At least the following PKCS#11 return values may be returned:
1304 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1305 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1306 * \li HostMemory \li OK \li SessionClosed
1307 * \li SessionHandleInvalid
1308 * @return true on success, false otherwise
1309 */
1310 bool C_CloseSession(SessionHandle session,
1311 ReturnValue* return_value = ThrowException) const;
1312
1313 /**
1314 * C_CloseAllSessions closes all sessions with a token.
1315 * @param slot_id the token's slot
1316 * @param return_value default value (`ThrowException`): throw exception on error.
1317 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1318 * At least the following PKCS#11 return values may be returned:
1319 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1320 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1321 * \li HostMemory \li OK \li SlotIdInvalid
1322 * \li TokenNotPresent
1323 * @return true on success, false otherwise
1324 */
1325 bool C_CloseAllSessions(SlotId slot_id,
1326 ReturnValue* return_value = ThrowException) const;
1327
1328 /**
1329 * C_GetSessionInfo obtains information about the session.
1330 * @param session the session's handle
1331 * @param info_ptr receives session info
1332 * @param return_value default value (`ThrowException`): throw exception on error.
1333 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1334 * At least the following PKCS#11 return values may be returned:
1335 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1336 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1337 * \li HostMemory \li OK \li SessionClosed
1338 * \li SessionHandleInvalid \li ArgumentsBad
1339 * @return true on success, false otherwise
1340 */
1341 bool C_GetSessionInfo(SessionHandle session,
1342 SessionInfo* info_ptr,
1343 ReturnValue* return_value = ThrowException) const;
1344
1345 /**
1346 * C_GetOperationState obtains the state of the cryptographic operation in a session.
1347 * @param session session's handle
1348 * @param operation_state_ptr gets state
1349 * @param operation_state_len_ptr gets state length
1350 * @param return_value default value (`ThrowException`): throw exception on error.
1351 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1352 * At least the following PKCS#11 return values may be returned:
1353 * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1354 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1355 * \li GeneralError \li HostMemory \li OK
1356 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
1357 * \li StateUnsaveable \li ArgumentsBad
1358 * @return true on success, false otherwise
1359 */
1360 bool C_GetOperationState(SessionHandle session,
1361 Byte* operation_state_ptr,
1362 Ulong* operation_state_len_ptr,
1363 ReturnValue* return_value = ThrowException) const;
1364
1365 /**
1366 * C_SetOperationState restores the state of the cryptographic operation in a session.
1367 * @param session session's handle
1368 * @param operation_state_ptr holds state
1369 * @param operation_state_len holds state length
1370 * @param encryption_key en/decryption key
1371 * @param authentication_key sign/verify key
1372 * @param return_value default value (`ThrowException`): throw exception on error.
1373 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1374 * At least the following PKCS#11 return values may be returned:
1375 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1376 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1377 * \li HostMemory \li KeyChanged \li KeyNeeded
1378 * \li KeyNotNeeded \li OK \li SavedStateInvalid
1379 * \li SessionClosed \li SessionHandleInvalid \li ArgumentsBad
1380 * @return true on success, false otherwise
1381 */
1382 bool C_SetOperationState(SessionHandle session,
1383 Byte* operation_state_ptr,
1384 Ulong operation_state_len,
1385 ObjectHandle encryption_key,
1386 ObjectHandle authentication_key,
1387 ReturnValue* return_value = ThrowException) const;
1388
1389 /**
1390 * C_Login logs a user into a token.
1391 * @param session the session's handle
1392 * @param user_type the user type
1393 * @param pin_ptr the user's PIN
1394 * @param pin_len the length of the PIN
1395 * @param return_value default value (`ThrowException`): throw exception on error.
1396 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1397 * At least the following PKCS#11 return values may be returned:
1398 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1399 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1400 * \li FunctionFailed \li GeneralError \li HostMemory
1401 * \li OK \li OperationNotInitialized \li PinIncorrect
1402 * \li PinLocked \li SessionClosed \li SessionHandleInvalid
1403 * \li SessionReadOnlyExists \li UserAlreadyLoggedIn \li UserAnotherAlreadyLoggedIn
1404 * \li UserPinNotInitialized \li UserTooManyTypes \li UserTypeInvalid
1405 * @return true on success, false otherwise
1406 */
1407 bool C_Login(SessionHandle session,
1408 UserType user_type,
1409 Utf8Char* pin_ptr,
1410 Ulong pin_len,
1411 ReturnValue* return_value = ThrowException) const;
1412
1413 /**
1414 * C_Login logs a user into a token.
1415 * @param session the session's handle
1416 * @param user_type the user type
1417 * @param pin the user or security officer's PIN
1418 * @param return_value default value (`ThrowException`): throw exception on error.
1419 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1420 * At least the following PKCS#11 return values may be returned:
1421 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1422 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1423 * \li FunctionFailed \li GeneralError \li HostMemory
1424 * \li OK \li OperationNotInitialized \li PinIncorrect
1425 * \li PinLocked \li SessionClosed \li SessionHandleInvalid
1426 * \li SessionReadOnlyExists \li UserAlreadyLoggedIn \li UserAnotherAlreadyLoggedIn
1427 * \li UserPinNotInitialized \li UserTooManyTypes \li UserTypeInvalid
1428 * @return true on success, false otherwise
1429 */
1430 template<typename TAlloc>
1431 bool C_Login(SessionHandle session,
1432 UserType user_type,
1433 const std::vector<uint8_t, TAlloc>& pin,
1434 ReturnValue* return_value = ThrowException) const
1435 {
1436 return C_Login(session, user_type,
1437 reinterpret_cast< Utf8Char* >(const_cast< uint8_t* >(pin.data())),
1438 static_cast<Ulong>(pin.size()),
1439 return_value);
1440 }
1441
1442 /**
1443 * C_Logout logs a user out from a token.
1444 * @param session the session's handle
1445 * @param return_value default value (`ThrowException`): throw exception on error.
1446 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1447 * At least the following PKCS#11 return values may be returned:
1448 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1449 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1450 * \li HostMemory \li OK \li SessionClosed
1451 * \li SessionHandleInvalid \li UserNotLoggedIn
1452 * @return true on success, false otherwise
1453 */
1454 bool C_Logout(SessionHandle session,
1455 ReturnValue* return_value = ThrowException) const;
1456
1457 /****************************** Object management functions ******************************/
1458
1459 /**
1460 * C_CreateObject creates a new object.
1461 * @param session the session's handle
1462 * @param attribute_template_ptr the object's template
1463 * @param count attributes in template
1464 * @param object_ptr gets new object's handle.
1465 * @param return_value default value (`ThrowException`): throw exception on error.
1466 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1467 * At least the following PKCS#11 return values may be returned:
1468 * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
1469 * \li AttributeValueInvalid \li CryptokiNotInitialized \li CurveNotSupported
1470 * \li DeviceError \li DeviceMemory \li DeviceRemoved
1471 * \li DomainParamsInvalid \li FunctionFailed \li GeneralError
1472 * \li HostMemory \li OK \li PinExpired
1473 * \li SessionClosed \li SessionHandleInvalid \li SessionReadOnly
1474 * \li TemplateIncomplete \li TemplateInconsistent \li TokenWriteProtected
1475 * \li UserNotLoggedIn
1476 * @return true on success, false otherwise
1477 */
1478 bool C_CreateObject(SessionHandle session,
1479 Attribute* attribute_template_ptr,
1480 Ulong count,
1481 ObjectHandle* object_ptr,
1482 ReturnValue* return_value = ThrowException) const;
1483
1484 /**
1485 * C_CopyObject copies an object, creating a new object for the copy.
1486 * @param session the session's handle
1487 * @param object the object's handle
1488 * @param attribute_template_ptr template for new object
1489 * @param count attributes in template
1490 * @param new_object_ptr receives handle of copy
1491 * @param return_value default value (`ThrowException`): throw exception on error.
1492 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1493 * At least the following PKCS#11 return values may be returned:
1494 * \li ActionProhibited \li ArgumentsBad \li AttributeReadOnly
1495 * \li AttributeTypeInvalid \li AttributeValueInvalid \li CryptokiNotInitialized
1496 * \li DeviceError \li DeviceMemory \li DeviceRemoved
1497 * \li FunctionFailed \li GeneralError \li HostMemory
1498 * \li ObjectHandleInvalid \li OK \li PinExpired
1499 * \li SessionClosed \li SessionHandleInvalid \li SessionReadOnly
1500 * \li TemplateInconsistent \li TokenWriteProtected \li UserNotLoggedIn
1501 * @return true on success, false otherwise
1502 */
1503 bool C_CopyObject(SessionHandle session,
1504 ObjectHandle object,
1505 Attribute* attribute_template_ptr,
1506 Ulong count,
1507 ObjectHandle* new_object_ptr,
1508 ReturnValue* return_value = ThrowException) const;
1509
1510 /**
1511 * C_DestroyObject destroys an object.
1512 * @param session the session's handle
1513 * @param object the object's handle
1514 * @param return_value default value (`ThrowException`): throw exception on error.
1515 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1516 * At least the following PKCS#11 return values may be returned:
1517 * \li ActionProhibited \li CryptokiNotInitialized \li DeviceError
1518 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1519 * \li GeneralError \li HostMemory \li ObjectHandleInvalid
1520 * \li OK \li PinExpired \li SessionClosed
1521 * \li SessionHandleInvalid \li SessionReadOnly \li TokenWriteProtected
1522 * @return true on success, false otherwise
1523 */
1524 bool C_DestroyObject(SessionHandle session,
1525 ObjectHandle object,
1526 ReturnValue* return_value = ThrowException) const;
1527
1528 /**
1529 * C_GetObjectSize gets the size of an object in bytes.
1530 * @param session the session's handle
1531 * @param object the object's handle
1532 * @param size_ptr receives size of object
1533 * @param return_value default value (`ThrowException`): throw exception on error.
1534 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1535 * At least the following PKCS#11 return values may be returned:
1536 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1537 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1538 * \li GeneralError \li HostMemory \li InformationSensitive
1539 * \li ObjectHandleInvalid \li OK \li SessionClosed
1540 * \li SessionHandleInvalid
1541 * @return true on success, false otherwise
1542 */
1543 bool C_GetObjectSize(SessionHandle session,
1544 ObjectHandle object,
1545 Ulong* size_ptr,
1546 ReturnValue* return_value = ThrowException) const;
1547
1548 /**
1549 * C_GetAttributeValue obtains the value of one or more object attributes.
1550 * @param session the session's handle
1551 * @param object the object's handle
1552 * @param attribute_template_ptr specifies attrs; gets vals
1553 * @param count attributes in template
1554 * @param return_value default value (`ThrowException`): throw exception on error.
1555 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1556 * At least the following PKCS#11 return values may be returned:
1557 * \li ArgumentsBad \li AttributeSensitive \li AttributeTypeInvalid
1558 * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1559 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1560 * \li GeneralError \li HostMemory \li ObjectHandleInvalid
1561 * \li OK \li SessionClosed \li SessionHandleInvalid
1562 * @return true on success, false otherwise
1563 */
1564 bool C_GetAttributeValue(SessionHandle session,
1565 ObjectHandle object,
1566 Attribute* attribute_template_ptr,
1567 Ulong count,
1568 ReturnValue* return_value = ThrowException) const;
1569
1570 /**
1571 * C_GetAttributeValue obtains the value of one or more object attributes.
1572 * @param session the session's handle
1573 * @param object the object's handle
1574 * @param attribute_values specifies attrs; gets vals
1575 * @param return_value default value (`ThrowException`): throw exception on error.
1576 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1577 * At least the following PKCS#11 return values may be returned:
1578 * \li ArgumentsBad \li AttributeSensitive \li AttributeTypeInvalid
1579 * \li BufferTooSmall \li CryptokiNotInitialized \li DeviceError
1580 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1581 * \li GeneralError \li HostMemory \li ObjectHandleInvalid
1582 * \li OK \li SessionClosed \li SessionHandleInvalid
1583 * @return true on success, false otherwise
1584 */
1585 template<typename TAlloc>
1586 bool C_GetAttributeValue(SessionHandle session,
1587 ObjectHandle object,
1588 std::map<AttributeType, std::vector<uint8_t, TAlloc>>& attribute_values,
1589 ReturnValue* return_value = ThrowException) const
1590 {
1591 std::vector<Attribute> getter_template;
1592
1593 for(const auto& entry : attribute_values)
1594 {
1595 getter_template.emplace_back(Attribute{ static_cast< CK_ATTRIBUTE_TYPE >(entry.first), nullptr, 0 });
1596 }
1597
1598 bool success = C_GetAttributeValue(session,
1599 object,
1600 const_cast< Attribute* >(getter_template.data()),
1601 static_cast<Ulong>(getter_template.size()),
1602 return_value);
1603
1604 if(!success)
1605 {
1606 return success;
1607 }
1608
1609 size_t i = 0;
1610 for(auto& entry : attribute_values)
1611 {
1612 entry.second.clear();
1613 entry.second.resize(getter_template.at(i).ulValueLen);
1614 getter_template.at(i).pValue = const_cast< uint8_t* >(entry.second.data());
1615 i++;
1616 }
1617
1618 return C_GetAttributeValue(session, object,
1619 const_cast< Attribute* >(getter_template.data()),
1620 static_cast<Ulong>(getter_template.size()),
1621 return_value);
1622 }
1623
1624 /**
1625 * C_SetAttributeValue modifies the value of one or more object attributes.
1626 * @param session the session's handle
1627 * @param object the object's handle
1628 * @param attribute_template_ptr specifies attrs and values
1629 * @param count attributes in template
1630 * @param return_value default value (`ThrowException`): throw exception on error.
1631 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1632 * At least the following PKCS#11 return values may be returned:
1633 * \li ActionProhibited \li ArgumentsBad \li AttributeReadOnly
1634 * \li AttributeTypeInvalid \li AttributeValueInvalid \li CryptokiNotInitialized
1635 * \li DeviceError \li DeviceMemory \li DeviceRemoved
1636 * \li FunctionFailed \li GeneralError \li HostMemory
1637 * \li ObjectHandleInvalid \li OK \li SessionClosed
1638 * \li SessionHandleInvalid \li SessionReadOnly \li TemplateInconsistent
1639 * \li TokenWriteProtected \li UserNotLoggedIn
1640 * @return true on success, false otherwise
1641 */
1642 bool C_SetAttributeValue(SessionHandle session,
1643 ObjectHandle object,
1644 Attribute* attribute_template_ptr,
1645 Ulong count,
1646 ReturnValue* return_value = ThrowException) const;
1647
1648 /**
1649 * C_SetAttributeValue modifies the value of one or more object attributes.
1650 * @param session the session's handle
1651 * @param object the object's handle
1652 * @param attribute_values specifies attrs and values
1653 * @param return_value default value (`ThrowException`): throw exception on error.
1654 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1655 * At least the following PKCS#11 return values may be returned:
1656 * \li ActionProhibited \li ArgumentsBad \li AttributeReadOnly
1657 * \li AttributeTypeInvalid \li AttributeValueInvalid \li CryptokiNotInitialized
1658 * \li DeviceError \li DeviceMemory \li DeviceRemoved
1659 * \li FunctionFailed \li GeneralError \li HostMemory
1660 * \li ObjectHandleInvalid \li OK \li SessionClosed
1661 * \li SessionHandleInvalid \li SessionReadOnly \li TemplateInconsistent
1662 * \li TokenWriteProtected \li UserNotLoggedIn
1663 * @return true on success, false otherwise
1664 */
1665 template<typename TAlloc>
1666 bool C_SetAttributeValue(SessionHandle session,
1667 ObjectHandle object,
1668 std::map<AttributeType, std::vector<uint8_t, TAlloc>>& attribute_values,
1669 ReturnValue* return_value = ThrowException) const
1670 {
1671 std::vector<Attribute> setter_template;
1672
1673 for(auto& entry : attribute_values)
1674 {
1675 setter_template.emplace_back(Attribute{ static_cast< CK_ATTRIBUTE_TYPE >(entry.first), entry.second.data(), static_cast<CK_ULONG>(entry.second.size()) });
1676 }
1677
1678 return C_SetAttributeValue(session, object,
1679 const_cast< Attribute* >(setter_template.data()),
1680 static_cast<Ulong>(setter_template.size()),
1681 return_value);
1682 }
1683
1684 /**
1685 * C_FindObjectsInit initializes a search for token and session objects that match a template.
1686 * @param session the session's handle
1687 * @param attribute_template_ptr attribute values to match
1688 * @param count attrs in search template
1689 * @param return_value default value (`ThrowException`): throw exception on error.
1690 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1691 * At least the following PKCS#11 return values may be returned:
1692 * \li ArgumentsBad \li AttributeTypeInvalid \li AttributeValueInvalid
1693 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1694 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1695 * \li HostMemory \li OK \li OperationActive
1696 * \li PinExpired \li SessionClosed \li SessionHandleInvalid
1697 * @return true on success, false otherwise
1698 */
1699 bool C_FindObjectsInit(SessionHandle session,
1700 Attribute* attribute_template_ptr,
1701 Ulong count,
1702 ReturnValue* return_value = ThrowException) const;
1703
1704 /**
1705 * C_FindObjects continues a search for token and session objects that match a template, obtaining additional object handles.
1706 * @param session session's handle
1707 * @param object_ptr gets obj. handles
1708 * @param max_object_count max handles to get
1709 * @param object_count_ptr actual # returned
1710 * @param return_value default value (`ThrowException`): throw exception on error.
1711 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1712 * At least the following PKCS#11 return values may be returned:
1713 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1714 * \li DeviceMemory \li DeviceRemoved \li FunctionFailed
1715 * \li GeneralError \li HostMemory \li OK
1716 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
1717 * @return true on success, false otherwise
1718 */
1719 bool C_FindObjects(SessionHandle session,
1720 ObjectHandle* object_ptr,
1721 Ulong max_object_count,
1722 Ulong* object_count_ptr,
1723 ReturnValue* return_value = ThrowException) const;
1724
1725 /**
1726 * C_FindObjectsFinal finishes a search for token and session objects.
1727 * @param session the session's handle
1728 * @param return_value default value (`ThrowException`): throw exception on error.
1729 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1730 * At least the following PKCS#11 return values may be returned:
1731 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1732 * \li DeviceRemoved \li FunctionFailed \li GeneralError
1733 * \li HostMemory \li OK \li OperationNotInitialized
1734 * \li SessionClosed \li SessionHandleInvalid
1735 * @return true on success, false otherwise
1736 */
1737 bool C_FindObjectsFinal(SessionHandle session,
1738 ReturnValue* return_value = ThrowException) const;
1739
1740 /****************************** Encryption functions ******************************/
1741
1742 /**
1743 * C_EncryptInit initializes an encryption operation.
1744 * @param session the session's handle
1745 * @param mechanism_ptr the encryption mechanism
1746 * @param key handle of encryption key
1747 * @param return_value default value (`ThrowException`): throw exception on error.
1748 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1749 * At least the following PKCS#11 return values may be returned:
1750 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
1751 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1752 * \li GeneralError \li HostMemory \li KeyFunctionNotPermitted
1753 * \li KeyHandleInvalid \li KeySizeRange \li KeyTypeInconsistent
1754 * \li MechanismInvalid \li MechanismParamInvalid \li OK
1755 * \li OperationActive \li PinExpired \li SessionClosed
1756 * \li SessionHandleInvalid \li UserNotLoggedIn
1757 * @return true on success, false otherwise
1758 */
1759 bool C_EncryptInit(SessionHandle session,
1760 Mechanism* mechanism_ptr,
1761 ObjectHandle key,
1762 ReturnValue* return_value = ThrowException) const;
1763
1764 /**
1765 * C_Encrypt encrypts single-part data.
1766 * @param session session's handle
1767 * @param data_ptr the plaintext data
1768 * @param data_len size of plaintext data in bytes
1769 * @param encrypted_data gets ciphertext
1770 * @param encrypted_data_len_ptr gets c-text size
1771 * @param return_value default value (`ThrowException`): throw exception on error.
1772 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1773 * At least the following PKCS#11 return values may be returned:
1774 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1775 * \li DataInvalid \li DataLenRange \li DeviceError
1776 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1777 * \li FunctionFailed \li GeneralError \li HostMemory
1778 * \li OK \li OperationNotInitialized \li SessionClosed
1779 * \li SessionHandleInvalid
1780 * @return true on success, false otherwise
1781 */
1782 bool C_Encrypt(SessionHandle session,
1783 Byte* data_ptr,
1784 Ulong data_len,
1785 Byte* encrypted_data,
1786 Ulong* encrypted_data_len_ptr,
1787 ReturnValue* return_value = ThrowException) const;
1788
1789 /**
1790 * C_Encrypt encrypts single-part data.
1791 * @param session session's handle
1792 * @param plaintext_data the plaintext data
1793 * @param encrypted_data gets ciphertext
1794 * @param return_value default value (`ThrowException`): throw exception on error.
1795 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1796 * At least the following PKCS#11 return values may be returned:
1797 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1798 * \li DataInvalid \li DataLenRange \li DeviceError
1799 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1800 * \li FunctionFailed \li GeneralError \li HostMemory
1801 * \li OK \li OperationNotInitialized \li SessionClosed
1802 * \li SessionHandleInvalid
1803 * @return true on success, false otherwise
1804 */
1805 template<typename TAllocA, typename TAllocB>
1806 bool C_Encrypt(SessionHandle session,
1807 const std::vector<uint8_t, TAllocA>& plaintext_data,
1808 std::vector<uint8_t, TAllocB>& encrypted_data,
1809 ReturnValue* return_value = ThrowException) const
1810 {
1811 Ulong encrypted_size = 0;
1812 if(!C_Encrypt(session,
1813 const_cast<Byte*>((plaintext_data.data())),
1814 static_cast<Ulong>(plaintext_data.size()),
1815 nullptr, &encrypted_size,
1816 return_value))
1817 {
1818 return false;
1819 }
1820
1821 encrypted_data.resize(encrypted_size);
1822 if (!C_Encrypt(session,
1823 const_cast<Byte*>(plaintext_data.data()),
1824 static_cast<Ulong>(plaintext_data.size()),
1825 encrypted_data.data(),
1826 &encrypted_size, return_value))
1827 {
1828 return false;
1829 }
1830 encrypted_data.resize(encrypted_size);
1831 return true;
1832 }
1833
1834 /**
1835 * C_EncryptUpdate continues a multiple-part encryption operation.
1836 * @param session session's handle
1837 * @param part_ptr the plaintext data
1838 * @param part_len plaintext data len
1839 * @param encrypted_part_ptr gets ciphertext
1840 * @param encrypted_part_len_ptr gets c-text size
1841 * @param return_value default value (`ThrowException`): throw exception on error.
1842 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1843 * At least the following PKCS#11 return values may be returned:
1844 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1845 * \li DataLenRange \li DeviceError \li DeviceMemory
1846 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1847 * \li GeneralError \li HostMemory \li OK
1848 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
1849 * @return true on success, false otherwise
1850 */
1851 bool C_EncryptUpdate(SessionHandle session,
1852 Byte* part_ptr,
1853 Ulong part_len,
1854 Byte* encrypted_part_ptr,
1855 Ulong* encrypted_part_len_ptr,
1856 ReturnValue* return_value = ThrowException) const;
1857
1858 /**
1859 * C_EncryptFinal finishes a multiple-part encryption operation.
1860 * @param session session handle
1861 * @param last_encrypted_part_ptr last c-text
1862 * @param last_encrypted_part_len_ptr gets last size
1863 * @param return_value default value (`ThrowException`): throw exception on error.
1864 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1865 * At least the following PKCS#11 return values may be returned:
1866 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1867 * \li DataLenRange \li DeviceError \li DeviceMemory
1868 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
1869 * \li GeneralError \li HostMemory \li OK
1870 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
1871 * @return true on success, false otherwise
1872 */
1873 bool C_EncryptFinal(SessionHandle session,
1874 Byte* last_encrypted_part_ptr,
1875 Ulong* last_encrypted_part_len_ptr,
1876 ReturnValue* return_value = ThrowException) const;
1877
1878 /****************************** Decryption functions ******************************/
1879
1880 /**
1881 * C_DecryptInit initializes a decryption operation.
1882 * @param session the session's handle
1883 * @param mechanism_ptr the decryption mechanism
1884 * @param key handle of decryption key
1885 * @param return_value default value (`ThrowException`): throw exception on error.
1886 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1887 * At least the following PKCS#11 return values may be returned:
1888 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
1889 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
1890 * \li FunctionFailed \li GeneralError \li HostMemory
1891 * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
1892 * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
1893 * \li OK \li OperationActive \li PinExpired
1894 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
1895 * @return true on success, false otherwise
1896 */
1897 bool C_DecryptInit(SessionHandle session,
1898 Mechanism* mechanism_ptr,
1899 ObjectHandle key,
1900 ReturnValue* return_value = ThrowException) const;
1901
1902 /**
1903 * C_Decrypt decrypts encrypted data in a single part.
1904 * @param session session's handle
1905 * @param encrypted_data_ptr ciphertext
1906 * @param encrypted_data_len ciphertext length
1907 * @param data_ptr gets plaintext
1908 * @param data_len_ptr gets p-text size
1909 * @param return_value default value (`ThrowException`): throw exception on error.
1910 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1911 * At least the following PKCS#11 return values may be returned:
1912 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1913 * \li DeviceError \li DeviceMemory \li DeviceRemoved
1914 * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
1915 * \li FunctionFailed \li GeneralError \li HostMemory
1916 * \li OK \li OperationNotInitialized \li SessionClosed
1917 * \li SessionHandleInvalid \li UserNotLoggedIn
1918 * @return true on success, false otherwise
1919 */
1920 bool C_Decrypt(SessionHandle session,
1921 Byte* encrypted_data_ptr,
1922 Ulong encrypted_data_len,
1923 Byte* data_ptr,
1924 Ulong* data_len_ptr,
1925 ReturnValue* return_value = ThrowException) const;
1926
1927 /**
1928 * C_Decrypt decrypts encrypted data in a single part.
1929 * @param session session's handle
1930 * @param encrypted_data ciphertext
1931 * @param decrypted_data gets plaintext
1932 * @param return_value default value (`ThrowException`): throw exception on error.
1933 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1934 * At least the following PKCS#11 return values may be returned:
1935 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1936 * \li DeviceError \li DeviceMemory \li DeviceRemoved
1937 * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
1938 * \li FunctionFailed \li GeneralError \li HostMemory
1939 * \li OK \li OperationNotInitialized \li SessionClosed
1940 * \li SessionHandleInvalid \li UserNotLoggedIn
1941 * @return true on success, false otherwise
1942 */
1943 template<typename TAllocA, typename TAllocB>
1944 bool C_Decrypt(SessionHandle session,
1945 const std::vector<uint8_t, TAllocA>& encrypted_data,
1946 std::vector<uint8_t, TAllocB>& decrypted_data,
1947 ReturnValue* return_value = ThrowException) const
1948 {
1949 Ulong decrypted_size = 0;
1950 if(!C_Decrypt(session,
1951 const_cast<Byte*>((encrypted_data.data())),
1952 static_cast<Ulong>(encrypted_data.size()),
1953 nullptr, &decrypted_size,
1954 return_value))
1955 {
1956 return false;
1957 }
1958
1959 decrypted_data.resize(decrypted_size);
1960 if(!C_Decrypt(session,
1961 const_cast<Byte*>(encrypted_data.data()),
1962 static_cast<Ulong>(encrypted_data.size()),
1963 decrypted_data.data(),
1964 &decrypted_size, return_value))
1965 {
1966 return false;
1967 }
1968 decrypted_data.resize(decrypted_size);
1969 return true;
1970 }
1971
1972 /**
1973 * C_DecryptUpdate continues a multiple-part decryption operation.
1974 * @param session session's handle
1975 * @param encrypted_part_ptr encrypted data
1976 * @param encrypted_part_len input length
1977 * @param part_ptr gets plaintext
1978 * @param part_len_ptr p-text size
1979 * @param return_value default value (`ThrowException`): throw exception on error.
1980 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
1981 * At least the following PKCS#11 return values may be returned:
1982 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
1983 * \li DeviceError \li DeviceMemory \li DeviceRemoved
1984 * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
1985 * \li FunctionFailed \li GeneralError \li HostMemory
1986 * \li OK \li OperationNotInitialized \li SessionClosed
1987 * \li SessionHandleInvalid \li UserNotLoggedIn
1988 * @return true on success, false otherwise
1989 */
1990 bool C_DecryptUpdate(SessionHandle session,
1991 Byte* encrypted_part_ptr,
1992 Ulong encrypted_part_len,
1993 Byte* part_ptr,
1994 Ulong* part_len_ptr,
1995 ReturnValue* return_value = ThrowException) const;
1996
1997 /**
1998 * C_DecryptFinal finishes a multiple-part decryption operation.
1999 * @param session the session's handle
2000 * @param last_part_ptr gets plaintext
2001 * @param last_part_len_ptr p-text size
2002 * @param return_value default value (`ThrowException`): throw exception on error.
2003 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2004 * At least the following PKCS#11 return values may be returned:
2005 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2006 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2007 * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
2008 * \li FunctionFailed \li GeneralError \li HostMemory
2009 * \li OK \li OperationNotInitialized \li SessionClosed
2010 * \li SessionHandleInvalid \li UserNotLoggedIn
2011 * @return true on success, false otherwise
2012 */
2013 bool C_DecryptFinal(SessionHandle session,
2014 Byte* last_part_ptr,
2015 Ulong* last_part_len_ptr,
2016 ReturnValue* return_value = ThrowException) const;
2017
2018 /****************************** Message digesting functions ******************************/
2019
2020 /**
2021 * C_DigestInit initializes a message-digesting operation.
2022 * @param session the session's handle
2023 * @param mechanism_ptr the digesting mechanism
2024 * @param return_value default value (`ThrowException`): throw exception on error.
2025 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2026 * At least the following PKCS#11 return values may be returned:
2027 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2028 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2029 * \li FunctionFailed \li GeneralError \li HostMemory
2030 * \li MechanismInvalid \li MechanismParamInvalid \li OK
2031 * \li OperationActive \li PinExpired \li SessionClosed
2032 * \li SessionHandleInvalid \li UserNotLoggedIn
2033 * @return true on success, false otherwise
2034 */
2035 bool C_DigestInit(SessionHandle session,
2036 Mechanism* mechanism_ptr,
2037 ReturnValue* return_value = ThrowException) const;
2038
2039 /**
2040 * C_Digest digests data in a single part.
2041 * @param session the session's handle
2042 * @param data_ptr data to be digested
2043 * @param data_len bytes of data to digest
2044 * @param digest_ptr gets the message digest
2045 * @param digest_len_ptr gets digest length
2046 * @param return_value default value (`ThrowException`): throw exception on error.
2047 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2048 * At least the following PKCS#11 return values may be returned:
2049 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2050 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2051 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2052 * \li HostMemory \li OK \li OperationNotInitialized
2053 * \li SessionClosed \li SessionHandleInvalid
2054 * @return true on success, false otherwise
2055 */
2056 bool C_Digest(SessionHandle session,
2057 Byte* data_ptr,
2058 Ulong data_len,
2059 Byte* digest_ptr,
2060 Ulong* digest_len_ptr,
2061 ReturnValue* return_value = ThrowException) const;
2062
2063 /**
2064 * C_DigestUpdate continues a multiple-part message-digesting operation.
2065 * @param session the session's handle
2066 * @param part_ptr data to be digested
2067 * @param part_len bytes of data to be digested
2068 * @param return_value default value (`ThrowException`): throw exception on error.
2069 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2070 * At least the following PKCS#11 return values may be returned:
2071 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2072 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2073 * \li FunctionFailed \li GeneralError \li HostMemory
2074 * \li OK \li OperationNotInitialized \li SessionClosed
2075 * \li SessionHandleInvalid
2076 * @return true on success, false otherwise
2077 */
2078 bool C_DigestUpdate(SessionHandle session,
2079 Byte* part_ptr,
2080 Ulong part_len,
2081 ReturnValue* return_value = ThrowException) const;
2082
2083 /**
2084 * C_DigestKey continues a multi-part message-digesting operation, by digesting the value of a secret key as part of the data already digested.
2085 * @param session the session's handle
2086 * @param key secret key to digest
2087 * @param return_value default value (`ThrowException`): throw exception on error.
2088 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2089 * At least the following PKCS#11 return values may be returned:
2090 * \li CryptokiNotInitialized \li DeviceError \li DeviceMemory
2091 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2092 * \li GeneralError \li HostMemory \li KeyHandleInvalid
2093 * \li KeyIndigestible \li KeySizeRange \li OK
2094 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2095 * @return true on success, false otherwise
2096 */
2097 bool C_DigestKey(SessionHandle session,
2098 ObjectHandle key,
2099 ReturnValue* return_value = ThrowException) const;
2100
2101 /**
2102 * C_DigestFinal finishes a multiple-part message-digesting operation.
2103 * @param session the session's handle
2104 * @param digest_ptr gets the message digest
2105 * @param digest_len_ptr gets uint8_t count of digest
2106 * @param return_value default value (`ThrowException`): throw exception on error.
2107 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2108 * At least the following PKCS#11 return values may be returned:
2109 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2110 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2111 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2112 * \li HostMemory \li OK \li OperationNotInitialized
2113 * \li SessionClosed \li SessionHandleInvalid
2114 * @return true on success, false otherwise
2115 */
2116 bool C_DigestFinal(SessionHandle session,
2117 Byte* digest_ptr,
2118 Ulong* digest_len_ptr,
2119 ReturnValue* return_value = ThrowException) const;
2120
2121 /****************************** Signing and MACing functions ******************************/
2122
2123 /**
2124 * C_SignInit initializes a signature (private key encryption) operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2125 * @param session the session's handle
2126 * @param mechanism_ptr the signature mechanism
2127 * @param key handle of signature key
2128 * @param return_value default value (`ThrowException`): throw exception on error.
2129 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2130 * At least the following PKCS#11 return values may be returned:
2131 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2132 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2133 * \li FunctionFailed \li GeneralError \li HostMemory
2134 * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
2135 * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
2136 * \li OK \li OperationActive \li PinExpired
2137 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2138 * @return true on success, false otherwise
2139 */
2140 bool C_SignInit(SessionHandle session,
2141 Mechanism* mechanism_ptr,
2142 ObjectHandle key,
2143 ReturnValue* return_value = ThrowException) const;
2144
2145 /**
2146 * C_Sign signs (encrypts with private key) data in a single part, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2147 * @param session the session's handle
2148 * @param data_ptr the data to sign
2149 * @param data_len count of bytes to sign
2150 * @param signature_ptr gets the signature
2151 * @param signature_len_ptr gets signature length
2152 * @param return_value default value (`ThrowException`): throw exception on error.
2153 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2154 * At least the following PKCS#11 return values may be returned:
2155 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2156 * \li DataInvalid \li DataLenRange \li DeviceError
2157 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2158 * \li FunctionFailed \li GeneralError \li HostMemory
2159 * \li OK \li OperationNotInitialized \li SessionClosed
2160 * \li SessionHandleInvalid \li UserNotLoggedIn \li FunctionRejected
2161 * @return true on success, false otherwise
2162 */
2163 bool C_Sign(SessionHandle session,
2164 Byte* data_ptr,
2165 Ulong data_len,
2166 Byte* signature_ptr,
2167 Ulong* signature_len_ptr,
2168 ReturnValue* return_value = ThrowException) const;
2169
2170 /**
2171 * C_Sign signs (encrypts with private key) data in a single part, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2172 * @param session the session's handle
2173 * @param data the data to sign
2174 * @param signature gets the signature
2175 * @param return_value default value (`ThrowException`): throw exception on error.
2176 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2177 * At least the following PKCS#11 return values may be returned:
2178 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2179 * \li DataInvalid \li DataLenRange \li DeviceError
2180 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2181 * \li FunctionFailed \li GeneralError \li HostMemory
2182 * \li OK \li OperationNotInitialized \li SessionClosed
2183 * \li SessionHandleInvalid \li UserNotLoggedIn \li FunctionRejected
2184 * @return true on success, false otherwise
2185 */
2186 template<typename TAllocA, typename TAllocB>
2187 bool C_Sign(SessionHandle session,
2188 const std::vector<uint8_t, TAllocA>& data,
2189 std::vector<uint8_t, TAllocB>& signature,
2190 ReturnValue* return_value = ThrowException) const
2191 {
2192 Ulong signature_size = 0;
2193 if(!C_Sign(session,
2194 const_cast<Byte*>((data.data())),
2195 static_cast<Ulong>(data.size()),
2196 nullptr,
2197 &signature_size,
2198 return_value))
2199 {
2200 return false;
2201 }
2202
2203 signature.resize(signature_size);
2204 if (!C_Sign(session,
2205 const_cast<Byte*>(data.data()),
2206 static_cast<Ulong>(data.size()),
2207 signature.data(),
2208 &signature_size,
2209 return_value))
2210 {
2211 return false;
2212 }
2213 signature.resize(signature_size);
2214 return true;
2215 }
2216
2217 /**
2218 * C_SignUpdate continues a multiple-part signature operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2219 * @param session the session's handle
2220 * @param part_ptr the data to sign
2221 * @param part_len count of bytes to sign
2222 * @param return_value default value (`ThrowException`): throw exception on error.
2223 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2224 * At least the following PKCS#11 return values may be returned:
2225 * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2226 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2227 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2228 * \li HostMemory \li OK \li OperationNotInitialized
2229 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2230 * @return true on success, false otherwise
2231 */
2232 bool C_SignUpdate(SessionHandle session,
2233 Byte* part_ptr,
2234 Ulong part_len,
2235 ReturnValue* return_value = ThrowException) const;
2236
2237 /**
2238 * C_SignUpdate continues a multiple-part signature operation, where the signature is (will be) an appendix to the data, and plaintext cannot be recovered from the signature.
2239 * @param session the session's handle
2240 * @param part the data to sign
2241 * @param return_value default value (`ThrowException`): throw exception on error.
2242 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2243 * At least the following PKCS#11 return values may be returned:
2244 * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2245 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2246 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2247 * \li HostMemory \li OK \li OperationNotInitialized
2248 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2249 * @return true on success, false otherwise
2250 */
2251 template<typename TAlloc>
2252 bool C_SignUpdate(SessionHandle session,
2253 const std::vector<uint8_t, TAlloc>& part,
2254 ReturnValue* return_value = ThrowException) const
2255 {
2256 return C_SignUpdate(session,
2257 const_cast<Byte*>(part.data()),
2258 static_cast<Ulong>(part.size()),
2259 return_value);
2260 }
2261
2262 /**
2263 * C_SignFinal finishes a multiple-part signature operation, returning the signature.
2264 * @param session the session's handle
2265 * @param signature_ptr gets the signature
2266 * @param signature_len_ptr gets signature length
2267 * @param return_value default value (`ThrowException`): throw exception on error.
2268 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2269 * At least the following PKCS#11 return values may be returned:
2270 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2271 * \li DataLenRange \li DeviceError \li DeviceMemory
2272 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2273 * \li GeneralError \li HostMemory \li OK
2274 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2275 * \li UserNotLoggedIn \li FunctionRejected
2276 * @return true on success, false otherwise
2277 */
2278 bool C_SignFinal(SessionHandle session,
2279 Byte* signature_ptr,
2280 Ulong* signature_len_ptr,
2281 ReturnValue* return_value = ThrowException) const;
2282
2283 /**
2284 * C_SignFinal finishes a multiple-part signature operation, returning the signature.
2285 * @param session the session's handle
2286 * @param signature gets the signature
2287 * @param return_value default value (`ThrowException`): throw exception on error.
2288 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2289 * At least the following PKCS#11 return values may be returned:
2290 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2291 * \li DataLenRange \li DeviceError \li DeviceMemory
2292 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2293 * \li GeneralError \li HostMemory \li OK
2294 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2295 * \li UserNotLoggedIn \li FunctionRejected
2296 * @return true on success, false otherwise
2297 */
2298 template<typename TAlloc>
2299 bool C_SignFinal(SessionHandle session,
2300 std::vector<uint8_t, TAlloc>& signature,
2301 ReturnValue* return_value = ThrowException) const
2302 {
2303 Ulong signature_size = 0;
2304 if(!C_SignFinal(session, nullptr, &signature_size, return_value))
2305 {
2306 return false;
2307 }
2308
2309 signature.resize(signature_size);
2310 if (!C_SignFinal(session, signature.data(), &signature_size, return_value))
2311 {
2312 return false;
2313 }
2314 signature.resize(signature_size);
2315 return true;
2316 }
2317
2318 /**
2319 * C_SignRecoverInit initializes a signature operation, where the data can be recovered from the signature.
2320 * @param session the session's handle
2321 * @param mechanism_ptr the signature mechanism
2322 * @param key handle of the signature key
2323 * @param return_value default value (`ThrowException`): throw exception on error.
2324 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2325 * At least the following PKCS#11 return values may be returned:
2326 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2327 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2328 * \li FunctionFailed \li GeneralError \li HostMemory
2329 * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
2330 * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
2331 * \li OK \li OperationActive \li PinExpired
2332 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2333 * @return true on success, false otherwise
2334 */
2335 bool C_SignRecoverInit(SessionHandle session,
2336 Mechanism* mechanism_ptr,
2337 ObjectHandle key,
2338 ReturnValue* return_value = ThrowException) const;
2339
2340 /**
2341 * C_SignRecover signs data in a single operation, where the data can be recovered from the signature.
2342 * @param session the session's handle
2343 * @param data_ptr the data to sign
2344 * @param data_len count of bytes to sign
2345 * @param signature_ptr gets the signature
2346 * @param signature_len_ptr gets signature length
2347 * @param return_value default value (`ThrowException`): throw exception on error.
2348 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2349 * At least the following PKCS#11 return values may be returned:
2350 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2351 * \li DataInvalid \li DataLenRange \li DeviceError
2352 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2353 * \li FunctionFailed \li GeneralError \li HostMemory
2354 * \li OK \li OperationNotInitialized \li SessionClosed
2355 * \li SessionHandleInvalid \li UserNotLoggedIn
2356 * @return true on success, false otherwise
2357 */
2358 bool C_SignRecover(SessionHandle session,
2359 Byte* data_ptr,
2360 Ulong data_len,
2361 Byte* signature_ptr,
2362 Ulong* signature_len_ptr,
2363 ReturnValue* return_value = ThrowException) const;
2364
2365 /****************************** Functions for verifying signatures and MACs ******************************/
2366
2367 /**
2368 * C_VerifyInit initializes a verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature (e.g. DSA).
2369 * @param session the session's handle
2370 * @param mechanism_ptr the verification mechanism
2371 * @param key verification key
2372 * @param return_value default value (`ThrowException`): throw exception on error.
2373 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2374 * At least the following PKCS#11 return values may be returned:
2375 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2376 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2377 * \li FunctionFailed \li GeneralError \li HostMemory
2378 * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
2379 * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
2380 * \li OK \li OperationActive \li PinExpired
2381 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2382 * @return true on success, false otherwise
2383 */
2384 bool C_VerifyInit(SessionHandle session,
2385 Mechanism* mechanism_ptr,
2386 ObjectHandle key,
2387 ReturnValue* return_value = ThrowException) const;
2388
2389 /**
2390 * C_Verify verifies a signature in a single-part operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
2391 * @param session the session's handle
2392 * @param data_ptr signed data
2393 * @param data_len length of signed data
2394 * @param signature_ptr signature
2395 * @param signature_len signature length
2396 * @param return_value default value (`ThrowException`): throw exception on error.
2397 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2398 * At least the following PKCS#11 return values may be returned:
2399 * \li ArgumentsBad \li CryptokiNotInitialized \li DataInvalid
2400 * \li DataLenRange \li DeviceError \li DeviceMemory
2401 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2402 * \li GeneralError \li HostMemory \li OK
2403 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2404 * \li SignatureInvalid \li SignatureLenRange
2405 * @return true on success, false otherwise
2406 */
2407 bool C_Verify(SessionHandle session,
2408 Byte* data_ptr,
2409 Ulong data_len,
2410 Byte* signature_ptr,
2411 Ulong signature_len,
2412 ReturnValue* return_value = ThrowException) const;
2413
2414 /**
2415 * C_Verify verifies a signature in a single-part operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
2416 * @param session the session's handle
2417 * @param data signed data
2418 * @param signature signature
2419 * @param return_value default value (`ThrowException`): throw exception on error.
2420 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2421 * At least the following PKCS#11 return values may be returned:
2422 * \li ArgumentsBad \li CryptokiNotInitialized \li DataInvalid
2423 * \li DataLenRange \li DeviceError \li DeviceMemory
2424 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2425 * \li GeneralError \li HostMemory \li OK
2426 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2427 * \li SignatureInvalid \li SignatureLenRange
2428 * @return true on success, false otherwise
2429 */
2430 template<typename TAllocA, typename TAllocB>
2431 bool C_Verify(SessionHandle session,
2432 const std::vector<uint8_t, TAllocA>& data,
2433 std::vector<uint8_t, TAllocB>& signature,
2434 ReturnValue* return_value = ThrowException) const
2435 {
2436 return C_Verify(session,
2437 const_cast<Byte*>(data.data()),
2438 static_cast<Ulong>(data.size()),
2439 signature.data(),
2440 static_cast<Ulong>(signature.size()),
2441 return_value);
2442 }
2443
2444 /**
2445 * C_VerifyUpdate continues a multiple-part verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
2446 * @param session the session's handle
2447 * @param part_ptr signed data
2448 * @param part_len length of signed data
2449 * @param return_value default value (`ThrowException`): throw exception on error.
2450 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2451 * At least the following PKCS#11 return values may be returned:
2452 * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2453 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2454 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2455 * \li HostMemory \li OK \li OperationNotInitialized
2456 * \li SessionClosed \li SessionHandleInvalid
2457 * @return true on success, false otherwise
2458 */
2459 bool C_VerifyUpdate(SessionHandle session,
2460 Byte* part_ptr,
2461 Ulong part_len,
2462 ReturnValue* return_value = ThrowException) const;
2463
2464 /**
2465 * C_VerifyUpdate continues a multiple-part verification operation, where the signature is an appendix to the data, and plaintext cannot be recovered from the signature.
2466 * @param session the session's handle
2467 * @param part signed data
2468 * @param return_value default value (`ThrowException`): throw exception on error.
2469 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2470 * At least the following PKCS#11 return values may be returned:
2471 * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2472 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2473 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2474 * \li HostMemory \li OK \li OperationNotInitialized
2475 * \li SessionClosed \li SessionHandleInvalid
2476 * @return true on success, false otherwise
2477 */
2478 template<typename TAlloc>
2479 bool C_VerifyUpdate(SessionHandle session,
2480 std::vector<uint8_t, TAlloc> part,
2481 ReturnValue* return_value = ThrowException) const
2482 {
2483 return C_VerifyUpdate(session, part.data(), static_cast<Ulong>(part.size()), return_value);
2484 }
2485
2486 /**
2487 * C_VerifyFinal finishes a multiple-part verification operation, checking the signature.
2488 * @param session the session's handle
2489 * @param signature_ptr signature to verify
2490 * @param signature_len signature length
2491 * @param return_value default value (`ThrowException`): throw exception on error.
2492 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2493 * At least the following PKCS#11 return values may be returned:
2494 * \li ArgumentsBad \li CryptokiNotInitialized \li DataLenRange
2495 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2496 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2497 * \li HostMemory \li OK \li OperationNotInitialized
2498 * \li SessionClosed \li SessionHandleInvalid \li SignatureInvalid
2499 * \li SignatureLenRange
2500 * @return true on success, false otherwise
2501 */
2502 bool C_VerifyFinal(SessionHandle session,
2503 Byte* signature_ptr,
2504 Ulong signature_len,
2505 ReturnValue* return_value = ThrowException) const;
2506
2507 /**
2508 * C_VerifyRecoverInit initializes a signature verification operation, where the data is recovered from the signature.
2509 * @param session the session's handle
2510 * @param mechanism_ptr the verification mechanism
2511 * @param key verification key
2512 * @param return_value default value (`ThrowException`): throw exception on error.
2513 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2514 * At least the following PKCS#11 return values may be returned:
2515 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2516 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2517 * \li FunctionFailed \li GeneralError \li HostMemory
2518 * \li KeyFunctionNotPermitted \li KeyHandleInvalid \li KeySizeRange
2519 * \li KeyTypeInconsistent \li MechanismInvalid \li MechanismParamInvalid
2520 * \li OK \li OperationActive \li PinExpired
2521 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2522 * @return true on success, false otherwise
2523 */
2524 bool C_VerifyRecoverInit(SessionHandle session,
2525 Mechanism* mechanism_ptr,
2526 ObjectHandle key,
2527 ReturnValue* return_value = ThrowException) const;
2528
2529 /**
2530 * C_VerifyRecover verifies a signature in a single-part operation, where the data is recovered from the signature.
2531 * @param session the session's handle
2532 * @param signature_ptr signature to verify
2533 * @param signature_len signature length
2534 * @param data_ptr gets signed data
2535 * @param data_len_ptr gets signed data len
2536 * @param return_value default value (`ThrowException`): throw exception on error.
2537 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2538 * At least the following PKCS#11 return values may be returned:
2539 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2540 * \li DataInvalid \li DataLenRange \li DeviceError
2541 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2542 * \li FunctionFailed \li GeneralError \li HostMemory
2543 * \li OK \li OperationNotInitialized \li SessionClosed
2544 * \li SessionHandleInvalid \li SignatureLenRange \li SignatureInvalid
2545 * @return true on success, false otherwise
2546 */
2547 bool C_VerifyRecover(SessionHandle session,
2548 Byte* signature_ptr,
2549 Ulong signature_len,
2550 Byte* data_ptr,
2551 Ulong* data_len_ptr,
2552 ReturnValue* return_value = ThrowException) const;
2553
2554 /****************************** Dual-purpose cryptographic functions ******************************/
2555
2556 /**
2557 * C_DigestEncryptUpdate continues a multiple-part digesting and encryption operation.
2558 * @param session session's handle
2559 * @param part_ptr the plaintext data
2560 * @param part_len plaintext length
2561 * @param encrypted_part_ptr gets ciphertext
2562 * @param encrypted_part_len_ptr gets c-text length
2563 * @param return_value default value (`ThrowException`): throw exception on error.
2564 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2565 * At least the following PKCS#11 return values may be returned:
2566 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2567 * \li DataLenRange \li DeviceError \li DeviceMemory
2568 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2569 * \li GeneralError \li HostMemory \li OK
2570 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2571 * @return true on success, false otherwise
2572 */
2573 bool C_DigestEncryptUpdate(SessionHandle session,
2574 Byte* part_ptr,
2575 Ulong part_len,
2576 Byte* encrypted_part_ptr,
2577 Ulong* encrypted_part_len_ptr,
2578 ReturnValue* return_value = ThrowException) const ;
2579
2580 /**
2581 * C_DecryptDigestUpdate continues a multiple-part decryption and digesting operation.
2582 * @param session session's handle
2583 * @param encrypted_part_ptr ciphertext
2584 * @param encrypted_part_len ciphertext length
2585 * @param part_ptr gets plaintext
2586 * @param part_len_ptr gets plaintext len
2587 * @param return_value default value (`ThrowException`): throw exception on error.
2588 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2589 * At least the following PKCS#11 return values may be returned:
2590 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2591 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2592 * \li EncryptedDataInvalid \li EncryptedDataLenRange \li FunctionCanceled
2593 * \li FunctionFailed \li GeneralError \li HostMemory
2594 * \li OK \li OperationNotInitialized \li SessionClosed
2595 * \li SessionHandleInvalid
2596 * @return true on success, false otherwise
2597 */
2598 bool C_DecryptDigestUpdate(SessionHandle session,
2599 Byte* encrypted_part_ptr,
2600 Ulong encrypted_part_len,
2601 Byte* part_ptr,
2602 Ulong* part_len_ptr,
2603 ReturnValue* return_value = ThrowException) const;
2604
2605 /**
2606 * C_SignEncryptUpdate continues a multiple-part signing and encryption operation.
2607 * @param session session's handle
2608 * @param part_ptr the plaintext data
2609 * @param part_len plaintext length
2610 * @param encrypted_part_ptr gets ciphertext
2611 * @param encrypted_part_len_ptr gets c-text length
2612 * @param return_value default value (`ThrowException`): throw exception on error.
2613 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2614 * At least the following PKCS#11 return values may be returned:
2615 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2616 * \li DataLenRange \li DeviceError \li DeviceMemory
2617 * \li DeviceRemoved \li FunctionCanceled \li FunctionFailed
2618 * \li GeneralError \li HostMemory \li OK
2619 * \li OperationNotInitialized \li SessionClosed \li SessionHandleInvalid
2620 * \li UserNotLoggedIn
2621 * @return true on success, false otherwise
2622 */
2623 bool C_SignEncryptUpdate(SessionHandle session,
2624 Byte* part_ptr,
2625 Ulong part_len,
2626 Byte* encrypted_part_ptr,
2627 Ulong* encrypted_part_len_ptr,
2628 ReturnValue* return_value = ThrowException) const;
2629
2630 /**
2631 * C_DecryptVerifyUpdate continues a multiple-part decryption and verify operation.
2632 * @param session session's handle
2633 * @param encrypted_part_ptr ciphertext
2634 * @param encrypted_part_len ciphertext length
2635 * @param part_ptr gets plaintext
2636 * @param part_len_ptr gets p-text length
2637 * @param return_value default value (`ThrowException`): throw exception on error.
2638 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2639 * At least the following PKCS#11 return values may be returned:
2640 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2641 * \li DataLenRange \li DeviceError \li DeviceMemory
2642 * \li DeviceRemoved \li EncryptedDataInvalid \li EncryptedDataLenRange
2643 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2644 * \li HostMemory \li OK \li OperationNotInitialized
2645 * \li SessionClosed \li SessionHandleInvalid
2646 * @return true on success, false otherwise
2647 */
2648 bool C_DecryptVerifyUpdate(SessionHandle session,
2649 Byte* encrypted_part_ptr,
2650 Ulong encrypted_part_len,
2651 Byte* part_ptr,
2652 Ulong* part_len_ptr,
2653 ReturnValue* return_value = ThrowException) const;
2654
2655 /****************************** Key management functions ******************************/
2656
2657 /**
2658 * C_GenerateKey generates a secret key, creating a new key object.
2659 * @param session the session's handle
2660 * @param mechanism_ptr key generation mech.
2661 * @param attribute_template_ptr template for new key
2662 * @param count # of attrs in template
2663 * @param key_ptr gets handle of new key
2664 * @param return_value default value (`ThrowException`): throw exception on error.
2665 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2666 * At least the following PKCS#11 return values may be returned:
2667 * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
2668 * \li AttributeValueInvalid \li CryptokiNotInitialized \li CurveNotSupported
2669 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2670 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2671 * \li HostMemory \li MechanismInvalid \li MechanismParamInvalid
2672 * \li OK \li OperationActive \li PinExpired
2673 * \li SessionClosed \li SessionHandleInvalid \li SessionReadOnly
2674 * \li TemplateIncomplete \li TemplateInconsistent \li TokenWriteProtected
2675 * \li UserNotLoggedIn
2676 * @return true on success, false otherwise
2677 */
2678 bool C_GenerateKey(SessionHandle session,
2679 Mechanism* mechanism_ptr,
2680 Attribute* attribute_template_ptr,
2681 Ulong count,
2682 ObjectHandle* key_ptr,
2683 ReturnValue* return_value = ThrowException) const;
2684
2685 /**
2686 * C_GenerateKeyPair generates a public-key/private-key pair, creating new key objects.
2687 * @param session session handle
2688 * @param mechanism_ptr key-gen mech.
2689 * @param public_key_template_ptr template for pub. key
2690 * @param public_key_attribute_count # pub. attrs.
2691 * @param private_key_template_ptr template for priv. key
2692 * @param private_key_attribute_count # priv. attrs.
2693 * @param public_key_ptr gets pub. key handle
2694 * @param private_key_ptr gets priv. key handle
2695 * @param return_value default value (`ThrowException`): throw exception on error.
2696 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2697 * At least the following PKCS#11 return values may be returned:
2698 * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
2699 * \li AttributeValueInvalid \li CryptokiNotInitialized \li CurveNotSupported
2700 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2701 * \li DomainParamsInvalid \li FunctionCanceled \li FunctionFailed
2702 * \li GeneralError \li HostMemory \li MechanismInvalid
2703 * \li MechanismParamInvalid \li OK \li OperationActive
2704 * \li PinExpired \li SessionClosed \li SessionHandleInvalid
2705 * \li SessionReadOnly \li TemplateIncomplete \li TemplateInconsistent
2706 * \li TokenWriteProtected \li UserNotLoggedIn
2707 * @return true on success, false otherwise
2708 */
2709 bool C_GenerateKeyPair(SessionHandle session,
2710 Mechanism* mechanism_ptr,
2711 Attribute* public_key_template_ptr,
2712 Ulong public_key_attribute_count,
2713 Attribute* private_key_template_ptr,
2714 Ulong private_key_attribute_count,
2715 ObjectHandle* public_key_ptr,
2716 ObjectHandle* private_key_ptr,
2717 ReturnValue* return_value = ThrowException) const;
2718
2719 /**
2720 * C_WrapKey wraps (i.e., encrypts) a key.
2721 * @param session the session's handle
2722 * @param mechanism_ptr the wrapping mechanism
2723 * @param wrapping_key wrapping key
2724 * @param key key to be wrapped
2725 * @param wrapped_key_ptr gets wrapped key
2726 * @param wrapped_key_len_ptr gets wrapped key size
2727 * @param return_value default value (`ThrowException`): throw exception on error.
2728 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2729 * At least the following PKCS#11 return values may be returned:
2730 * \li ArgumentsBad \li BufferTooSmall \li CryptokiNotInitialized
2731 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2732 * \li FunctionCanceled \li FunctionFailed \li GeneralError
2733 * \li HostMemory \li KeyHandleInvalid \li KeyNotWrappable
2734 * \li KeySizeRange \li KeyUnextractable \li MechanismInvalid
2735 * \li MechanismParamInvalid \li OK \li OperationActive
2736 * \li PinExpired \li SessionClosed \li SessionHandleInvalid
2737 * \li UserNotLoggedIn \li WrappingKeyHandleInvalid \li WrappingKeySizeRange
2738 * \li WrappingKeyTypeInconsistent
2739 * @return true on success, false otherwise
2740 */
2741 bool C_WrapKey(SessionHandle session,
2742 Mechanism* mechanism_ptr,
2743 ObjectHandle wrapping_key,
2744 ObjectHandle key,
2745 Byte* wrapped_key_ptr,
2746 Ulong* wrapped_key_len_ptr,
2747 ReturnValue* return_value = ThrowException) const;
2748
2749 /**
2750 * C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new key object.
2751 * @param session session's handle
2752 * @param mechanism_ptr unwrapping mech.
2753 * @param unwrapping_key unwrapping key
2754 * @param wrapped_key_ptr the wrapped key
2755 * @param wrapped_key_len wrapped key len
2756 * @param attribute_template_ptr new key template
2757 * @param attribute_count template length
2758 * @param key_ptr gets new handle
2759 * @param return_value default value (`ThrowException`): throw exception on error.
2760 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2761 * At least the following PKCS#11 return values may be returned:
2762 * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
2763 * \li AttributeValueInvalid \li BufferTooSmall \li CryptokiNotInitialized
2764 * \li CurveNotSupported \li DeviceError \li DeviceMemory
2765 * \li DeviceRemoved \li DomainParamsInvalid \li FunctionCanceled
2766 * \li FunctionFailed \li GeneralError \li HostMemory
2767 * \li MechanismInvalid \li MechanismParamInvalid \li OK
2768 * \li OperationActive \li PinExpired \li SessionClosed
2769 * \li SessionHandleInvalid \li SessionReadOnly \li TemplateIncomplete
2770 * \li TemplateInconsistent \li TokenWriteProtected \li UnwrappingKeyHandleInvalid
2771 * \li UnwrappingKeySizeRange \li UnwrappingKeyTypeInconsistent \li UserNotLoggedIn
2772 * \li WrappedKeyInvalid \li WrappedKeyLenRange
2773 * @return true on success, false otherwise
2774 */
2775 bool C_UnwrapKey(SessionHandle session,
2776 Mechanism* mechanism_ptr,
2777 ObjectHandle unwrapping_key,
2778 Byte* wrapped_key_ptr,
2779 Ulong wrapped_key_len,
2780 Attribute* attribute_template_ptr,
2781 Ulong attribute_count,
2782 ObjectHandle* key_ptr,
2783 ReturnValue* return_value = ThrowException) const;
2784
2785 /**
2786 * C_DeriveKey derives a key from a base key, creating a new key object.
2787 * @param session session's handle
2788 * @param mechanism_ptr key deriv. mech.
2789 * @param base_key base key
2790 * @param attribute_template_ptr new key template
2791 * @param attribute_count template length
2792 * @param key_ptr gets new handle
2793 * @param return_value default value (`ThrowException`): throw exception on error.
2794 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2795 * At least the following PKCS#11 return values may be returned:
2796 * \li ArgumentsBad \li AttributeReadOnly \li AttributeTypeInvalid
2797 * \li AttributeValueInvalid \li CryptokiNotInitialized \li CurveNotSupported
2798 * \li DeviceError \li DeviceMemory \li DeviceRemoved
2799 * \li DomainParamsInvalid \li FunctionCanceled \li FunctionFailed
2800 * \li GeneralError \li HostMemory \li KeyHandleInvalid
2801 * \li KeySizeRange \li KeyTypeInconsistent \li MechanismInvalid
2802 * \li MechanismParamInvalid \li OK \li OperationActive
2803 * \li PinExpired \li SessionClosed \li SessionHandleInvalid
2804 * \li SessionReadOnly \li TemplateIncomplete \li TemplateInconsistent
2805 * \li TokenWriteProtected \li UserNotLoggedIn
2806 * @return true on success, false otherwise
2807 */
2808 bool C_DeriveKey(SessionHandle session,
2809 Mechanism* mechanism_ptr,
2810 ObjectHandle base_key,
2811 Attribute* attribute_template_ptr,
2812 Ulong attribute_count,
2813 ObjectHandle* key_ptr,
2814 ReturnValue* return_value = ThrowException) const;
2815
2816 /****************************** Random number generation functions ******************************/
2817
2818 /**
2819 * C_SeedRandom mixes additional seed material into the token's random number generator.
2820 * @param session the session's handle
2821 * @param seed_ptr the seed material
2822 * @param seed_len length of seed material
2823 * @param return_value default value (`ThrowException`): throw exception on error.
2824 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2825 * At least the following PKCS#11 return values may be returned:
2826 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2827 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2828 * \li FunctionFailed \li GeneralError \li HostMemory
2829 * \li OK \li OperationActive \li RandomSeedNotSupported
2830 * \li RandomNoRng \li SessionClosed \li SessionHandleInvalid
2831 * \li UserNotLoggedIn
2832 * @return true on success, false otherwise
2833 */
2834 bool C_SeedRandom(SessionHandle session,
2835 Byte* seed_ptr,
2836 Ulong seed_len,
2837 ReturnValue* return_value = ThrowException) const;
2838
2839 /**
2840 * C_GenerateRandom generates random data.
2841 * @param session the session's handle
2842 * @param random_data_ptr receives the random data
2843 * @param random_len # of bytes to generate
2844 * @param return_value default value (`ThrowException`): throw exception on error.
2845 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2846 * At least the following PKCS#11 return values may be returned:
2847 * \li ArgumentsBad \li CryptokiNotInitialized \li DeviceError
2848 * \li DeviceMemory \li DeviceRemoved \li FunctionCanceled
2849 * \li FunctionFailed \li GeneralError \li HostMemory
2850 * \li OK \li OperationActive \li RandomNoRng
2851 * \li SessionClosed \li SessionHandleInvalid \li UserNotLoggedIn
2852 * @return true on success, false otherwise
2853 */
2854 bool C_GenerateRandom(SessionHandle session,
2855 Byte* random_data_ptr,
2856 Ulong random_len,
2857 ReturnValue* return_value = ThrowException) const;
2858
2859 /****************************** Parallel function management functions ******************************/
2860
2861 /**
2862 * C_GetFunctionStatus is a legacy function; it obtains an updated status of a function running in parallel with an application.
2863 * @param session the session's handle
2864 * @param return_value default value (`ThrowException`): throw exception on error.
2865 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2866 * At least the following PKCS#11 return values may be returned:
2867 * \li CryptokiNotInitialized \li FunctionFailed \li FunctionNotParallel
2868 * \li GeneralError \li HostMemory \li SessionHandleInvalid
2869 * \li SessionClosed
2870 * @return true on success, false otherwise
2871 */
2872 bool C_GetFunctionStatus(SessionHandle session,
2873 ReturnValue* return_value = ThrowException) const;
2874
2875 /**
2876 * C_CancelFunction is a legacy function; it cancels a function running in parallel.
2877 * @param session the session's handle
2878 * @param return_value default value (`ThrowException`): throw exception on error.
2879 * if a non-NULL pointer is passed: return_value receives the return value of the PKCS#11 function and no exception is thrown.
2880 * At least the following PKCS#11 return values may be returned:
2881 * \li CryptokiNotInitialized \li FunctionFailed \li FunctionNotParallel
2882 * \li GeneralError \li HostMemory \li SessionHandleInvalid
2883 * \li SessionClosed
2884 * @return true on success, false otherwise
2885 */
2886 bool C_CancelFunction(SessionHandle session,
2887 ReturnValue* return_value = ThrowException) const;
2888
2889 private:
2890 const FunctionListPtr m_func_list_ptr;
2891 };
2892
2893 class BOTAN_PUBLIC_API(2,0) PKCS11_Error : public Exception
2894 {
2895 public:
PKCS11_Error(const std::string & what)2896 explicit PKCS11_Error(const std::string& what) :
2897 Exception("PKCS11 error", what)
2898 {
2899 }
2900
error_type()2901 ErrorType error_type() const noexcept override { return ErrorType::Pkcs11Error; }
2902 };
2903
2904 class BOTAN_PUBLIC_API(2,0) PKCS11_ReturnError final : public PKCS11_Error
2905 {
2906 public:
PKCS11_ReturnError(ReturnValue return_val)2907 explicit PKCS11_ReturnError(ReturnValue return_val) :
2908 PKCS11_Error(std::to_string(static_cast< uint32_t >(return_val))),
2909 m_return_val(return_val)
2910 {}
2911
get_return_value()2912 inline ReturnValue get_return_value() const
2913 {
2914 return m_return_val;
2915 }
2916
error_code()2917 int error_code() const noexcept override
2918 {
2919 return static_cast<int>(m_return_val);
2920 }
2921
2922 private:
2923 const ReturnValue m_return_val;
2924 };
2925
2926 }
2927
2928 }
2929
2930 #endif
2931