# ifndef CRYPTOKI_HXX
# define CRYPTOKI_HXX
/*! @file
@ id $ Id $
*/
// 1 2 3 4 5 6 7 8
// 45678901234567890123456789012345678901234567890123456789012345678901234567890
// interface
# include <openssl.hxx>
# ifndef WIN32
# include <pkcs11.h>
# else
# include <cryptoki.h>
# endif
# include <string>
# include <vector>
# include <map>
# include <set>
# include <mrw/checkcxx11.hxx>
# include <memory>
// for inline implementations only
# include <cryptaux.hxx>
# include <sstream>
# include <cstdlib> // malloc/free
# include <cstring> // memset
# include <cassert> // assert
# include <iomanip>
/*! @defgroup gcryptoki C++ Wrapper around Cryptoki API
Wrapper to abstract the ugly PKCS # 11 C - API with nice C + + features ,
such as exception handling , memory management , etc .
The cryptoky library loads a dynamic library that is responsible
for translating the card specific commands . The library is passed
in the constructor of cryptoki : : Library . Then method
cryptoki : : Library : : slotList returns all slots found on the
computer . */
//@{
/*! @defgroup cryptokilib Cryptoki C++ Library */
/*! @defgroup cryptokitypes Cryptoki C++ Types and Auxiliary */
/*! @defgroup cryptokiexceptions Cryptoki Exceptions */
/** @example cryptoki-demo.cxx */
/** @example cryptoki-sign-demo.cxx */
//@}
/// @addtogroup cryptokitypes
//@{
# ifndef CRYPTOKI_FN_LOG
# include <iostream>
# if __GNUC__ >= 2
//! Cryptoki Error Message Formatting
/*! If you want to change cryptoki error formatting, just
redefine your own CRYPTOKY_FN_LOG macro before < code > \ # include
& lt ; cryptoki . hxx & gt ; < / code > .
# return std::String * /
# define CRYPTOKI_FN_LOG(X) (std::string(X " failed in ") \
+ std : : string ( __PRETTY_FUNCTION__ ) )
# else
# define CRYPTOKI_QUOTE(X) CRYPTOKI_QUOTE2(X)
# define CRYPTOKI_QUOTE2(X) #X
//! Cryptoki Error Message Formatting
/*! If you want to change cryptoki error formatting, just
redefine your own CRYPTOKY_FN_LOG macro before < code > \ # include
& lt ; cryptoki . hxx & gt ; < / code > .
@ return string */
# define CRYPTOKI_FN_LOG(X) X " failed in \
" __FILE__ " : " CRYPTOKI_QUOTE(__LINE__)
# endif
# endif
//@}
//! @ref gcryptoki @copydoc gcryptoki
namespace cryptoki {
//! @addtogroup cryptokitypes
//@{
/// Map cryptoki number to a string, care about unavailable and infinite
/** Cryptoky knows illegal values (unavailable information), which
is mapped to @ c - and infinite values which are mapped to @ c ∞
when converted to string . All other numbers just show the number
as numeric string . */
inline std : : string string ( CK_ULONG num ) {
switch ( num ) {
case CK_UNAVAILABLE_INFORMATION : return " - " ;
case CK_EFFECTIVELY_INFINITE : return " ∞ " ;
default : {
std : : stringstream ss ;
ss < < num ;
return ss . str ( ) ;
}
}
}
/// Convert any kind of array (buffer) to an std::vector.
template < typename TYPE > std : : vector < TYPE > toVector ( TYPE in [ ] ) {
return std : : vector < TYPE > ( in , in + sizeof ( in ) / sizeof ( in [ 0 ] ) ) ;
}
//@}
//============================================================================
/*! @addtogroup cryptokiexceptions */
//@{
//----------------------------------------------------------------------------
class exception : public std : : exception {
public :
exception ( const std : : string & reason ) throw ( ) :
_what ( " cryptoki: " + reason ) {
CRYPTOLOG ( " ERROR: " < < what ( ) ) ;
}
~ exception ( ) throw ( ) { }
const char * what ( ) const throw ( ) {
return _what . c_str ( ) ;
}
private :
std : : string _what ;
} ;
//----------------------------------------------------------------------------
class not_implemented : public exception {
public :
not_implemented ( const std : : string & reason ) throw ( ) :
exception ( " feature is not implemented: " + reason ) { }
} ;
//----------------------------------------------------------------------------
class access_error : public exception {
public :
access_error ( const std : : string & reason ) throw ( ) :
exception ( " smardcard access error: " + reason ) { }
} ;
//----------------------------------------------------------------------------
class wrong_pin : public access_error {
public :
wrong_pin ( const std : : string & reason ) throw ( ) :
access_error ( " wrong pin: " + reason ) { }
} ;
//@}
/*! @addtogroup cryptokitypes */
//@{
class Slot ;
typedef std : : vector < Slot > SlotList ;
class Object ;
typedef std : : vector < Object > ObjectList ;
typedef std : : vector < CK_ATTRIBUTE_TYPE > AttributeTypeList ;
/// Represents a cryproki attribute and maps to C++ types.
class Attribute {
public :
Attribute ( CK_ATTRIBUTE_TYPE t = - 1 ) : type ( t ) { }
Attribute ( CK_ATTRIBUTE_TYPE t , const std : : string & v ) : type ( t ) , value ( v ) { }
Attribute ( CK_ATTRIBUTE & attr ) :
type ( attr . type ) , value ( ( char * ) attr . pValue , attr . ulValueLen ) {
free ( attr . pValue ) ;
attr . pValue = 0 ;
}
Attribute & operator = ( const std : : string & v ) {
value = v ;
return * this ;
}
bool operator = = ( const Attribute & o ) const {
return type = = o . type & & value = = o . value ;
}
bool operator ! = ( const Attribute & o ) const {
return type ! = o . type | | value ! = o . value ;
}
//! Convert to a @c CK_ATTRIBUTE.
/*! @note @c pValue points to the internal buffer of this
element and must therefore not be changed . Also this object
must not be destructed before the returned @ c
CK_ATTRIBUTE . */
operator CK_ATTRIBUTE ( ) const {
CK_ATTRIBUTE a ;
a . type = type ;
a . pValue = const_cast < char * > ( & value [ 0 ] ) ;
a . ulValueLen = value . size ( ) ;
return a ;
}
/// Textual name of the attribute.
std : : string name ( ) const {
switch ( type ) {
case CKA_CLASS : return " CLASS " ;
case CKA_TOKEN : return " TOKEN " ;
case CKA_PRIVATE : return " PRIVATE " ;
case CKA_LABEL : return " LABEL " ;
case CKA_APPLICATION : return " APPLICATION " ;
case CKA_VALUE : return " VALUE " ;
case CKA_OBJECT_ID : return " OBJECT_ID " ;
case CKA_CERTIFICATE_TYPE : return " CERTIFICATE_TYPE " ;
case CKA_ISSUER : return " ISSUER " ;
case CKA_SERIAL_NUMBER : return " SERIAL_NUMBER " ;
case CKA_AC_ISSUER : return " AC_ISSUER " ;
case CKA_OWNER : return " OWNER " ;
case CKA_ATTR_TYPES : return " ATTR_TYPES " ;
case CKA_TRUSTED : return " TRUSTED " ;
case CKA_KEY_TYPE : return " KEY_TYPE " ;
case CKA_SUBJECT : return " SUBJECT " ;
case CKA_ID : return " ID " ;
case CKA_SENSITIVE : return " SENSITIVE " ;
case CKA_ENCRYPT : return " ENCRYPT " ;
case CKA_DECRYPT : return " DECRYPT " ;
case CKA_WRAP : return " WRAP " ;
case CKA_UNWRAP : return " UNWRAP " ;
case CKA_SIGN : return " SIGN " ;
case CKA_SIGN_RECOVER : return " SIGN_RECOVER " ;
case CKA_VERIFY : return " VERIFY " ;
case CKA_VERIFY_RECOVER : return " VERIFY_RECOVER " ;
case CKA_DERIVE : return " DERIVE " ;
case CKA_START_DATE : return " START_DATE " ;
case CKA_END_DATE : return " END_DATE " ;
case CKA_MODULUS : return " MODULUS " ;
case CKA_MODULUS_BITS : return " MODULUS_BITS " ;
case CKA_PUBLIC_EXPONENT : return " PUBLIC_EXPONENT " ;
case CKA_PRIVATE_EXPONENT : return " PRIVATE_EXPONENT " ;
case CKA_PRIME_1 : return " PRIME_1 " ;
case CKA_PRIME_2 : return " PRIME_2 " ;
case CKA_EXPONENT_1 : return " EXPONENT_1 " ;
case CKA_EXPONENT_2 : return " EXPONENT_2 " ;
case CKA_COEFFICIENT : return " COEFFICIENT " ;
case CKA_PRIME : return " PRIME " ;
case CKA_SUBPRIME : return " SUBPRIME " ;
case CKA_BASE : return " BASE " ;
case CKA_PRIME_BITS : return " PRIME_BITS " ;
//case CKA_SUBPRIME_BITS: return "SUBPRIME_BITS";
case CKA_VALUE_BITS : return " VALUE_BITS " ;
case CKA_VALUE_LEN : return " VALUE_LEN " ;
case CKA_EXTRACTABLE : return " EXTRACTABLE " ;
case CKA_LOCAL : return " LOCAL " ;
case CKA_NEVER_EXTRACTABLE : return " NEVER_EXTRACTABLE " ;
case CKA_ALWAYS_SENSITIVE : return " ALWAYS_SENSITIVE " ;
case CKA_KEY_GEN_MECHANISM : return " KEY_GEN_MECHANISM " ;
case CKA_MODIFIABLE : return " MODIFIABLE " ;
//case CKA_ECDSA_PARAMS: return "ECDSA_PARAMS";
case CKA_EC_PARAMS : return " ECDSA_PARAMS or EC_PARAMS " ;
case CKA_EC_POINT : return " EC_POINT " ;
case CKA_SECONDARY_AUTH : return " SECONDARY_AUTH " ;
case CKA_AUTH_PIN_FLAGS : return " AUTH_PIN_FLAGS " ;
case CKA_HW_FEATURE_TYPE : return " HW_FEATURE_TYPE " ;
case CKA_RESET_ON_INIT : return " RESET_ON_INIT " ;
case CKA_HAS_RESET : return " HAS_RESET " ;
case CKA_VENDOR_DEFINED : return " VENDOR_DEFINED " ;
//case CKA_IBM_OPAQUE: return "IBM_OPAQUE";
default : return " UNKNOWN " ;
}
}
/// Textual representation of the value.
std : : string readableValue ( std : : string : : size_type len = 20 ,
std : : string : : size_type indent = 0 ) const {
std : : string res ( indent , ' ' ) ;
switch ( type ) {
case CKA_CLASS :
switch ( * ( ( const CK_OBJECT_CLASS * ) & value [ 0 ] ) ) {
case CKO_DATA : return res + " DATA " ;
case CKO_CERTIFICATE : return res + " CERTIFICATE " ;
case CKO_PUBLIC_KEY : return res + " PUBLIC_KEY " ;
case CKO_PRIVATE_KEY : return res + " PRIVATE_KEY " ;
case CKO_SECRET_KEY : return res + " SECRET_KEY " ;
case CKO_HW_FEATURE : return res + " HW_FEATURE " ;
case CKO_DOMAIN_PARAMETERS : return res + " DOMAIN_PARAMETERS " ;
case CKO_VENDOR_DEFINED : return res + " VENDOR_DEFINED " ;
default : return res + " UNKNOWN " ;
}
default : return crypto : : readable ( value , len , indent ) ;
}
}
/// Initialize from a given type.
/** To use this method, you must know what type the attribute
represents . */
template < typename TYPE > Attribute & from ( const TYPE & v ) {
value = std : : string ( ( const char * ) & v , sizeof ( TYPE ) ) ;
return * this ;
}
/// Convert to a given type.
/** To use this method, you must know what type the attribute
represents . */
template < typename TYPE > TYPE to ( ) const {
assert ( sizeof ( TYPE ) = = value . size ( ) ) ;
return * reinterpret_cast < const TYPE * > ( & value [ 0 ] ) ;
}
CK_ATTRIBUTE_TYPE type ;
std : : string value ;
} ;
typedef std : : map < CK_ATTRIBUTE_TYPE , Attribute > AttributeMap ;
typedef std : : vector < Attribute > AttributeList ;
/// String with fixed length.
/** FixString represents a string with a fix with spaces and can be
converted from and to a std : : string by adding and removing the
fill - spaces . */
template < std : : string : : size_type SIZE >
class FixString : public std : : string {
public :
FixString ( ) { }
FixString ( const char * const cStr ) {
* this = std : : string ( cStr , SIZE ) ;
size_type pos ( find_last_not_of ( " " ) ) ;
if ( pos ! = npos ) resize ( pos + 1 ) ; else resize ( 0 ) ;
}
FixString ( const unsigned char * const cStr ) {
* this = std : : string ( ( const char * ) cStr , SIZE ) ;
size_type pos ( find_last_not_of ( " " ) ) ;
if ( pos ! = npos ) resize ( pos + 1 ) ; else resize ( 0 ) ;
}
FixString & operator = ( const std : : string & other ) {
std : : string : : operator = ( other ) ;
return * this ;
}
FixString & operator = ( const char * const cStr ) {
* this = std : : string ( cStr , SIZE ) ;
size_type pos ( find_last_not_of ( " " ) ) ;
if ( pos ! = npos ) resize ( pos + 1 ) ; else resize ( 0 ) ;
return * this ;
}
FixString & operator = ( const unsigned char * const cStr ) {
* this = std : : string ( ( const char * ) cStr , SIZE ) ;
size_type pos ( find_last_not_of ( " " ) ) ;
if ( pos ! = npos ) resize ( pos + 1 ) ; else resize ( 0 ) ;
return * this ;
}
operator unsigned char * ( ) {
return ( unsigned char * ) begin ( ) . operator - > ( ) ;
}
FixString fix ( ) {
FixString cpy ( * this ) ;
cpy . resize ( SIZE , ' ' ) ;
return cpy ;
}
} ;
/// C++ representation of mechanism information.
struct MechanismInfo {
CK_MECHANISM_TYPE id ;
std : : string name ;
CK_ULONG minKeySize ;
CK_ULONG maxKeySize ;
CK_FLAGS flags ;
/// Construct from type with undefined infos. Use assigment later.
MechanismInfo ( CK_MECHANISM_TYPE type ) :
minKeySize ( 0 ) , maxKeySize ( 0 ) , flags ( 0 ) {
* this = type ;
}
/// Fully construct from type and infos.
MechanismInfo ( CK_MECHANISM_TYPE type , const CK_MECHANISM_INFO & info ) {
* this = type ;
* this = info ;
}
/// Set name and id from CK_MECHANISM_TYPE.
MechanismInfo & operator = ( CK_MECHANISM_TYPE type ) {
id = type ;
switch ( id ) {
# ifdef CKM_RSA_PKCS_KEY_PAIR_GEN
case CKM_RSA_PKCS_KEY_PAIR_GEN : name = " RSA_PKCS_KEY_PAIR_GEN " ; break ;
# endif
# ifdef CKM_RSA_PKCS
case CKM_RSA_PKCS : name = " RSA_PKCS " ; break ;
# endif
# ifdef CKM_RSA_9796
case CKM_RSA_9796 : name = " RSA_9796 " ; break ;
# endif
# ifdef CKM_RSA_X_509
case CKM_RSA_X_509 : name = " RSA_X_509 " ; break ;
# endif
# ifdef CKM_MD2_RSA_PKCS
case CKM_MD2_RSA_PKCS : name = " MD2_RSA_PKCS " ; break ;
# endif
# ifdef CKM_MD5_RSA_PKCS
case CKM_MD5_RSA_PKCS : name = " MD5_RSA_PKCS " ; break ;
# endif
# ifdef CKM_SHA1_RSA_PKCS
case CKM_SHA1_RSA_PKCS : name = " SHA1_RSA_PKCS " ; break ;
# endif
# ifdef CKM_RIPEMD128_RSA_PKCS
case CKM_RIPEMD128_RSA_PKCS : name = " RIPEMD128_RSA_PKCS " ; break ;
# endif
# ifdef CKM_RIPEMD160_RSA_PKCS
case CKM_RIPEMD160_RSA_PKCS : name = " RIPEMD160_RSA_PKCS " ; break ;
# endif
# ifdef CKM_RSA_PKCS_OAEP
case CKM_RSA_PKCS_OAEP : name = " RSA_PKCS_OAEP " ; break ;
# endif
# ifdef CKM_RSA_X9_31_KEY_PAIR_GEN
case CKM_RSA_X9_31_KEY_PAIR_GEN : name = " RSA_X9_31_KEY_PAIR_GEN " ; break ;
# endif
# ifdef CKM_RSA_X9_31
case CKM_RSA_X9_31 : name = " RSA_X9_31 " ; break ;
# endif
# ifdef CKM_SHA1_RSA_X9_31
case CKM_SHA1_RSA_X9_31 : name = " SHA1_RSA_X9_31 " ; break ;
# endif
# ifdef CKM_RSA_PKCS_PSS
case CKM_RSA_PKCS_PSS : name = " RSA_PKCS_PSS " ; break ;
# endif
# ifdef CKM_SHA1_RSA_PKCS_PSS
case CKM_SHA1_RSA_PKCS_PSS : name = " SHA1_RSA_PKCS_PSS " ; break ;
# endif
# ifdef CKM_DSA_KEY_PAIR_GEN
case CKM_DSA_KEY_PAIR_GEN : name = " DSA_KEY_PAIR_GEN " ; break ;
# endif
# ifdef CKM_DSA
case CKM_DSA : name = " DSA " ; break ;
# endif
# ifdef CKM_DSA_SHA1
case CKM_DSA_SHA1 : name = " DSA_SHA1 " ; break ;
# endif
# ifdef CKM_DH_PKCS_KEY_PAIR_GEN
case CKM_DH_PKCS_KEY_PAIR_GEN : name = " DH_PKCS_KEY_PAIR_GEN " ; break ;
# endif
# ifdef CKM_DH_PKCS_DERIVE
case CKM_DH_PKCS_DERIVE : name = " DH_PKCS_DERIVE " ; break ;
# endif
# ifdef CKM_X9_42_DH_KEY_PAIR_GEN
case CKM_X9_42_DH_KEY_PAIR_GEN : name = " X9_42_DH_KEY_PAIR_GEN " ; break ;
# endif
# ifdef CKM_X9_42_DH_DERIVE
case CKM_X9_42_DH_DERIVE : name = " X9_42_DH_DERIVE " ; break ;
# endif
# ifdef CKM_X9_42_DH_HYBRID_DERIVE
case CKM_X9_42_DH_HYBRID_DERIVE : name = " X9_42_DH_HYBRID_DERIVE " ; break ;
# endif
# ifdef CKM_X9_42_MQV_DERIVE
case CKM_X9_42_MQV_DERIVE : name = " X9_42_MQV_DERIVE " ; break ;
# endif
# ifdef CKM_SHA256_RSA_PKCS
case CKM_SHA256_RSA_PKCS : name = " SHA256_RSA_PKCS " ; break ;
# endif
# ifdef CKM_RC2_KEY_GEN
case CKM_RC2_KEY_GEN : name = " RC2_KEY_GEN " ; break ;
# endif
# ifdef CKM_RC2_ECB
case CKM_RC2_ECB : name = " RC2_ECB " ; break ;
# endif
# ifdef CKM_RC2_CBC
case CKM_RC2_CBC : name = " RC2_CBC " ; break ;
# endif
# ifdef CKM_RC2_MAC
case CKM_RC2_MAC : name = " RC2_MAC " ; break ;
# endif
# ifdef CKM_RC2_MAC_GENERAL
case CKM_RC2_MAC_GENERAL : name = " RC2_MAC_GENERAL " ; break ;
# endif
# ifdef CKM_RC2_CBC_PAD
case CKM_RC2_CBC_PAD : name = " RC2_CBC_PAD " ; break ;
# endif
# ifdef CKM_RC4_KEY_GEN
case CKM_RC4_KEY_GEN : name = " RC4_KEY_GEN " ; break ;
# endif
# ifdef CKM_RC4
case CKM_RC4 : name = " RC4 " ; break ;
# endif
# ifdef CKM_DES_KEY_GEN
case CKM_DES_KEY_GEN : name = " DES_KEY_GEN " ; break ;
# endif
# ifdef CKM_DES_ECB
case CKM_DES_ECB : name = " DES_ECB " ; break ;
# endif
# ifdef CKM_DES_CBC
case CKM_DES_CBC : name = " DES_CBC " ; break ;
# endif
# ifdef CKM_DES_MAC
case CKM_DES_MAC : name = " DES_MAC " ; break ;
# endif
# ifdef CKM_DES_MAC_GENERAL
case CKM_DES_MAC_GENERAL : name = " DES_MAC_GENERAL " ; break ;
# endif
# ifdef CKM_DES_CBC_PAD
case CKM_DES_CBC_PAD : name = " DES_CBC_PAD " ; break ;
# endif
# ifdef CKM_DES2_KEY_GEN
case CKM_DES2_KEY_GEN : name = " DES2_KEY_GEN " ; break ;
# endif
# ifdef CKM_DES3_KEY_GEN
case CKM_DES3_KEY_GEN : name = " DES3_KEY_GEN " ; break ;
# endif
# ifdef CKM_DES3_ECB
case CKM_DES3_ECB : name = " DES3_ECB " ; break ;
# endif
# ifdef CKM_DES3_CBC
case CKM_DES3_CBC : name = " DES3_CBC " ; break ;
# endif
# ifdef CKM_DES3_MAC
case CKM_DES3_MAC : name = " DES3_MAC " ; break ;
# endif
# ifdef CKM_DES3_MAC_GENERAL
case CKM_DES3_MAC_GENERAL : name = " DES3_MAC_GENERAL " ; break ;
# endif
# ifdef CKM_DES3_CBC_PAD
case CKM_DES3_CBC_PAD : name = " DES3_CBC_PAD " ; break ;
# endif
# ifdef CKM_CDMF_KEY_GEN
case CKM_CDMF_KEY_GEN : name = " CDMF_KEY_GEN " ; break ;
# endif
# ifdef CKM_CDMF_ECB
case CKM_CDMF_ECB : name = " CDMF_ECB " ; break ;
# endif
# ifdef CKM_CDMF_CBC
case CKM_CDMF_CBC : name = " CDMF_CBC " ; break ;
# endif
# ifdef CKM_CDMF_MAC
case CKM_CDMF_MAC : name = " CDMF_MAC " ; break ;
# endif
# ifdef CKM_CDMF_MAC_GENERAL
case CKM_CDMF_MAC_GENERAL : name = " CDMF_MAC_GENERAL " ; break ;
# endif
# ifdef CKM_CDMF_CBC_PAD
case CKM_CDMF_CBC_PAD : name = " CDMF_CBC_PAD " ; break ;
# endif
# ifdef CKM_MD2
case CKM_MD2 : name = " MD2 " ; break ;
# endif
# ifdef CKM_MD2_HMAC
case CKM_MD2_HMAC : name = " MD2_HMAC " ; break ;
# endif
# ifdef CKM_MD2_HMAC_GENERAL
case CKM_MD2_HMAC_GENERAL : name = " MD2_HMAC_GENERAL " ; break ;
# endif
# ifdef CKM_MD5
case CKM_MD5 : name = " MD5 " ; break ;
# endif
# ifdef CKM_MD5_HMAC
case CKM_MD5_HMAC : name = " MD5_HMAC " ; break ;
# endif
# ifdef CKM_MD5_HMAC_GENERAL
case CKM_MD5_HMAC_GENERAL : name = " MD5_HMAC_GENERAL " ; break ;
# endif
# ifdef CKM_SHA_1
case CKM_SHA_1 : name = " SHA_1 " ; break ;
# endif
# ifdef CKM_SHA_1_HMAC
case CKM_SHA_1_HMAC : name = " SHA_1_HMAC " ; break ;
# endif
# ifdef CKM_SHA_1_HMAC_GENERAL
case CKM_SHA_1_HMAC_GENERAL : name = " SHA_1_HMAC_GENERAL " ; break ;
# endif
# ifdef CKM_RIPEMD128
case CKM_RIPEMD128 : name = " RIPEMD128 " ; break ;
# endif
# ifdef CKM_RIPEMD128_HMAC
case CKM_RIPEMD128_HMAC : name = " RIPEMD128_HMAC " ; break ;
# endif
# ifdef CKM_RIPEMD128_HMAC_GENERAL
case CKM_RIPEMD128_HMAC_GENERAL : name = " RIPEMD128_HMAC_GENERAL " ; break ;
# endif
# ifdef CKM_RIPEMD160
case CKM_RIPEMD160 : name = " RIPEMD160 " ; break ;
# endif
# ifdef CKM_RIPEMD160_HMAC
case CKM_RIPEMD160_HMAC : name = " RIPEMD160_HMAC " ; break ;
# endif
# ifdef CKM_RIPEMD160_HMAC_GENERAL
case CKM_RIPEMD160_HMAC_GENERAL : name = " RIPEMD160_HMAC_GENERAL " ; break ;
# endif
# ifdef CKM_SHA256
case CKM_SHA256 : name = " SHA256 " ; break ;
# endif
# ifdef CKM_SHA256_HMAC
case CKM_SHA256_HMAC : name = " SHA256_HMAC " ; break ;
# endif
# ifdef CKM_SHA256_HMAC_GENERAL
case CKM_SHA256_HMAC_GENERAL : name = " SHA256_HMAC_GENERAL " ; break ;
# endif
# ifdef CKM_SHA384
case CKM_SHA384 : name = " SHA384 " ; break ;
# endif
# ifdef CKM_SHA384_HMAC
case CKM_SHA384_HMAC : name = " SHA384_HMAC " ; break ;
# endif
# ifdef CKM_SHA384_HMAC_GENERAL
case CKM_SHA384_HMAC_GENERAL : name = " SHA384_HMAC_GENERAL " ; break ;
# endif
# ifdef CKM_SHA512
case CKM_SHA512 : name = " SHA512 " ; break ;
# endif
# ifdef CKM_SHA512_HMAC
case CKM_SHA512_HMAC : name = " SHA512_HMAC " ; break ;
# endif
# ifdef CKM_SHA512_HMAC_GENERAL
case CKM_SHA512_HMAC_GENERAL : name = " SHA512_HMAC_GENERAL " ; break ;
# endif
# ifdef CKM_CAST_KEY_GEN
case CKM_CAST_KEY_GEN : name = " CAST_KEY_GEN " ; break ;
# endif
# ifdef CKM_CAST_ECB
case CKM_CAST_ECB : name = " CAST_ECB " ; break ;
# endif
# ifdef CKM_CAST_CBC
case CKM_CAST_CBC : name = " CAST_CBC " ; break ;
# endif
# ifdef CKM_CAST_MAC
case CKM_CAST_MAC : name = " CAST_MAC " ; break ;
# endif
# ifdef CKM_CAST_MAC_GENERAL
case CKM_CAST_MAC_GENERAL : name = " CAST_MAC_GENERAL " ; break ;
# endif
# ifdef CKM_CAST_CBC_PAD
case CKM_CAST_CBC_PAD : name = " CAST_CBC_PAD " ; break ;
# endif
# ifdef CKM_CAST3_KEY_GEN
case CKM_CAST3_KEY_GEN : name = " CAST3_KEY_GEN " ; break ;
# endif
# ifdef CKM_CAST3_ECB
case CKM_CAST3_ECB : name = " CAST3_ECB " ; break ;
# endif
# ifdef CKM_CAST3_CBC
case CKM_CAST3_CBC : name = " CAST3_CBC " ; break ;
# endif
# ifdef CKM_CAST3_MAC
case CKM_CAST3_MAC : name = " CAST3_MAC " ; break ;
# endif
# ifdef CKM_CAST3_MAC_GENERAL
case CKM_CAST3_MAC_GENERAL : name = " CAST3_MAC_GENERAL " ; break ;
# endif
# ifdef CKM_CAST3_CBC_PAD
case CKM_CAST3_CBC_PAD : name = " CAST3_CBC_PAD " ; break ;
# endif
# ifdef CKM_CAST5_KEY_GEN
case CKM_CAST5_KEY_GEN : name = " CAST5_KEY_GEN " ; break ;
# endif
# ifdef CKM_CAST128_KEY_GEN
//case CKM_CAST128_KEY_GEN: name="CAST5_KEY_GEN or
//CAST128_KEY_GEN"; break;
# endif
# ifdef CKM_CAST5_ECB
case CKM_CAST5_ECB : name = " CAST5_ECB " ; break ;
# endif
# ifdef CKM_CAST128_ECB
//case CKM_CAST128_ECB: name="CAST5_ECB or CAST128_ECB"; break;
# endif
# ifdef CKM_CAST5_CBC
case CKM_CAST5_CBC : name = " CAST5_CBC " ; break ;
# endif
# ifdef CKM_CAST128_CBC
//case CKM_CAST128_CBC: name="CAST5_CBC or CAST128_CBC"; break;
# endif
# ifdef CKM_CAST5_MAC
case CKM_CAST5_MAC : name = " CAST5_MAC " ; break ;
# endif
# ifdef CKM_CAST128_MAC
//case CKM_CAST128_MAC: name="CAST5_MAC or CAST128_MAC"; break;
# endif
# ifdef CKM_CAST5_MAC_GENERAL
case CKM_CAST5_MAC_GENERAL : name = " CAST5_MAC_GENERAL " ; break ;
# endif
# ifdef CKM_CAST128_MAC_GENERAL
//case CKM_CAST128_MAC_GENERAL: name="CAST5_MAC_GENERAL or
//CAST128_MAC_GENERAL"; break;
# endif
# ifdef CKM_CAST5_CBC_PAD
case CKM_CAST5_CBC_PAD : name = " CAST5_CBC_PAD " ; break ;
# endif
# ifdef CKM_CAST128_CBC_PAD
//case CKM_CAST128_CBC_PAD: name="CAST5_CBC_PAD or
//CAST128_CBC_PAD"; break;
# endif
# ifdef CKM_RC5_KEY_GEN
case CKM_RC5_KEY_GEN : name = " RC5_KEY_GEN " ; break ;
# endif
# ifdef CKM_RC5_ECB
case CKM_RC5_ECB : name = " RC5_ECB " ; break ;
# endif
# ifdef CKM_RC5_CBC
case CKM_RC5_CBC : name = " RC5_CBC " ; break ;
# endif
# ifdef CKM_RC5_MAC
case CKM_RC5_MAC : name = " RC5_MAC " ; break ;
# endif
# ifdef CKM_RC5_MAC_GENERAL
case CKM_RC5_MAC_GENERAL : name = " RC5_MAC_GENERAL " ; break ;
# endif
# ifdef CKM_RC5_CBC_PAD
case CKM_RC5_CBC_PAD : name = " RC5_CBC_PAD " ; break ;
# endif
# ifdef CKM_IDEA_KEY_GEN
case CKM_IDEA_KEY_GEN : name = " IDEA_KEY_GEN " ; break ;
# endif
# ifdef CKM_IDEA_ECB
case CKM_IDEA_ECB : name = " IDEA_ECB " ; break ;
# endif
# ifdef CKM_IDEA_CBC
case CKM_IDEA_CBC : name = " IDEA_CBC " ; break ;
# endif
# ifdef CKM_IDEA_MAC
case CKM_IDEA_MAC : name = " IDEA_MAC " ; break ;
# endif
# ifdef CKM_IDEA_MAC_GENERAL
case CKM_IDEA_MAC_GENERAL : name = " IDEA_MAC_GENERAL " ; break ;
# endif
# ifdef CKM_IDEA_CBC_PAD
case CKM_IDEA_CBC_PAD : name = " IDEA_CBC_PAD " ; break ;
# endif
# ifdef CKM_GENERIC_SECRET_KEY_GEN
case CKM_GENERIC_SECRET_KEY_GEN : name = " GENERIC_SECRET_KEY_GEN " ; break ;
# endif
# ifdef CKM_CONCATENATE_BASE_AND_KEY
case CKM_CONCATENATE_BASE_AND_KEY :
name = " CONCATENATE_BASE_AND_KEY " ; break ;
# endif
# ifdef CKM_CONCATENATE_BASE_AND_DATA
case CKM_CONCATENATE_BASE_AND_DATA :
name = " CONCATENATE_BASE_AND_DATA " ; break ;
# endif
# ifdef CKM_CONCATENATE_DATA_AND_BASE
case CKM_CONCATENATE_DATA_AND_BASE :
name = " CONCATENATE_DATA_AND_BASE " ; break ;
# endif
# ifdef CKM_XOR_BASE_AND_DATA
case CKM_XOR_BASE_AND_DATA : name = " XOR_BASE_AND_DATA " ; break ;
# endif
# ifdef CKM_EXTRACT_KEY_FROM_KEY
case CKM_EXTRACT_KEY_FROM_KEY : name = " EXTRACT_KEY_FROM_KEY " ; break ;
# endif
# ifdef CKM_SSL3_PRE_MASTER_KEY_GEN
case CKM_SSL3_PRE_MASTER_KEY_GEN :
name = " SSL3_PRE_MASTER_KEY_GEN " ; break ;
# endif
# ifdef CKM_SSL3_MASTER_KEY_DERIVE
case CKM_SSL3_MASTER_KEY_DERIVE : name = " SSL3_MASTER_KEY_DERIVE " ; break ;
# endif
# ifdef CKM_SSL3_KEY_AND_MAC_DERIVE
case CKM_SSL3_KEY_AND_MAC_DERIVE :
name = " SSL3_KEY_AND_MAC_DERIVE " ; break ;
# endif
# ifdef CKM_SSL3_MASTER_KEY_DERIVE_DH
case CKM_SSL3_MASTER_KEY_DERIVE_DH :
name = " SSL3_MASTER_KEY_DERIVE_DH " ; break ;
# endif
# ifdef CKM_TLS_PRE_MASTER_KEY_GEN
case CKM_TLS_PRE_MASTER_KEY_GEN : name = " TLS_PRE_MASTER_KEY_GEN " ; break ;
# endif
# ifdef CKM_TLS_MASTER_KEY_DERIVE
case CKM_TLS_MASTER_KEY_DERIVE : name = " TLS_MASTER_KEY_DERIVE " ; break ;
# endif
# ifdef CKM_TLS_KEY_AND_MAC_DERIVE
case CKM_TLS_KEY_AND_MAC_DERIVE : name = " TLS_KEY_AND_MAC_DERIVE " ; break ;
# endif
# ifdef CKM_TLS_MASTER_KEY_DERIVE_DH
case CKM_TLS_MASTER_KEY_DERIVE_DH :
name = " TLS_MASTER_KEY_DERIVE_DH " ; break ;
# endif
# ifdef CKM_SSL3_MD5_MAC
case CKM_SSL3_MD5_MAC : name = " SSL3_MD5_MAC " ; break ;
# endif
# ifdef CKM_SSL3_SHA1_MAC
case CKM_SSL3_SHA1_MAC : name = " SSL3_SHA1_MAC " ; break ;
# endif
# ifdef CKM_MD5_KEY_DERIVATION
case CKM_MD5_KEY_DERIVATION : name = " MD5_KEY_DERIVATION " ; break ;
# endif
# ifdef CKM_MD2_KEY_DERIVATION
case CKM_MD2_KEY_DERIVATION : name = " MD2_KEY_DERIVATION " ; break ;
# endif
# ifdef CKM_SHA1_KEY_DERIVATION
case CKM_SHA1_KEY_DERIVATION : name = " SHA1_KEY_DERIVATION " ; break ;
# endif
# ifdef CKM_SHA256_KEY_DERIVATION
case CKM_SHA256_KEY_DERIVATION : name = " SHA256_KEY_DERIVATION " ; break ;
# endif
# ifdef CKM_PBE_MD2_DES_CBC
case CKM_PBE_MD2_DES_CBC : name = " PBE_MD2_DES_CBC " ; break ;
# endif
# ifdef CKM_PBE_MD5_DES_CBC
case CKM_PBE_MD5_DES_CBC : name = " PBE_MD5_DES_CBC " ; break ;
# endif
# ifdef CKM_PBE_MD5_CAST_CBC
case CKM_PBE_MD5_CAST_CBC : name = " PBE_MD5_CAST_CBC " ; break ;
# endif
# ifdef CKM_PBE_MD5_CAST3_CBC
case CKM_PBE_MD5_CAST3_CBC : name = " PBE_MD5_CAST3_CBC " ; break ;
# endif
# ifdef CKM_PBE_MD5_CAST5_CBC
case CKM_PBE_MD5_CAST5_CBC : name = " PBE_MD5_CAST5_CBC " ; break ;
# endif
# ifdef CKM_PBE_MD5_CAST128_CBC
//case CKM_PBE_MD5_CAST128_CBC: name="PBE_MD5_CAST5_CBC or
//PBE_MD5_CAST128_CBC"; break;
# endif
# ifdef CKM_PBE_SHA1_CAST5_CBC
case CKM_PBE_SHA1_CAST5_CBC : name = " PBE_SHA1_CAST5_CBC " ; break ;
# endif
# ifdef CKM_PBE_SHA1_CAST128_CBC
//case CKM_PBE_SHA1_CAST128_CBC: name="PBE_SHA1_CAST5_CBC or
//PBE_SHA1_CAST128_CBC"; break;
# endif
# ifdef CKM_PBE_SHA1_RC4_128
case CKM_PBE_SHA1_RC4_128 : name = " PBE_SHA1_RC4_128 " ; break ;
# endif
# ifdef CKM_PBE_SHA1_RC4_40
case CKM_PBE_SHA1_RC4_40 : name = " PBE_SHA1_RC4_40 " ; break ;
# endif
# ifdef CKM_PBE_SHA1_DES3_EDE_CBC
case CKM_PBE_SHA1_DES3_EDE_CBC : name = " PBE_SHA1_DES3_EDE_CBC " ; break ;
# endif
# ifdef CKM_PBE_SHA1_DES2_EDE_CBC
case CKM_PBE_SHA1_DES2_EDE_CBC : name = " PBE_SHA1_DES2_EDE_CBC " ; break ;
# endif
# ifdef CKM_PBE_SHA1_RC2_128_CBC
case CKM_PBE_SHA1_RC2_128_CBC : name = " PBE_SHA1_RC2_128_CBC " ; break ;
# endif
# ifdef CKM_PBE_SHA1_RC2_40_CBC
case CKM_PBE_SHA1_RC2_40_CBC : name = " PBE_SHA1_RC2_40_CBC " ; break ;
# endif
# ifdef CKM_PKCS5_PBKD2
case CKM_PKCS5_PBKD2 : name = " PKCS5_PBKD2 " ; break ;
# endif
# ifdef CKM_PBA_SHA1_WITH_SHA1_HMAC
case CKM_PBA_SHA1_WITH_SHA1_HMAC :
name = " PBA_SHA1_WITH_SHA1_HMAC " ; break ;
# endif
# ifdef CKM_KEY_WRAP_LYNKS
case CKM_KEY_WRAP_LYNKS : name = " KEY_WRAP_LYNKS " ; break ;
# endif
# ifdef CKM_KEY_WRAP_SET_OAEP
case CKM_KEY_WRAP_SET_OAEP : name = " KEY_WRAP_SET_OAEP " ; break ;
# endif
# ifdef CKM_SKIPJACK_KEY_GEN
case CKM_SKIPJACK_KEY_GEN : name = " SKIPJACK_KEY_GEN " ; break ;
# endif
# ifdef CKM_SKIPJACK_ECB64
case CKM_SKIPJACK_ECB64 : name = " SKIPJACK_ECB64 " ; break ;
# endif
# ifdef CKM_SKIPJACK_CBC64
case CKM_SKIPJACK_CBC64 : name = " SKIPJACK_CBC64 " ; break ;
# endif
# ifdef CKM_SKIPJACK_OFB64
case CKM_SKIPJACK_OFB64 : name = " SKIPJACK_OFB64 " ; break ;
# endif
# ifdef CKM_SKIPJACK_CFB64
case CKM_SKIPJACK_CFB64 : name = " SKIPJACK_CFB64 " ; break ;
# endif
# ifdef CKM_SKIPJACK_CFB32
case CKM_SKIPJACK_CFB32 : name = " SKIPJACK_CFB32 " ; break ;
# endif
# ifdef CKM_SKIPJACK_CFB16
case CKM_SKIPJACK_CFB16 : name = " SKIPJACK_CFB16 " ; break ;
# endif
# ifdef CKM_SKIPJACK_CFB8
case CKM_SKIPJACK_CFB8 : name = " SKIPJACK_CFB8 " ; break ;
# endif
# ifdef CKM_SKIPJACK_WRAP
case CKM_SKIPJACK_WRAP : name = " SKIPJACK_WRAP " ; break ;
# endif
# ifdef CKM_SKIPJACK_PRIVATE_WRAP
case CKM_SKIPJACK_PRIVATE_WRAP : name = " SKIPJACK_PRIVATE_WRAP " ; break ;
# endif
# ifdef CKM_SKIPJACK_RELAYX
case CKM_SKIPJACK_RELAYX : name = " SKIPJACK_RELAYX " ; break ;
# endif
# ifdef CKM_KEA_KEY_PAIR_GEN
case CKM_KEA_KEY_PAIR_GEN : name = " KEA_KEY_PAIR_GEN " ; break ;
# endif
# ifdef CKM_KEA_KEY_DERIVE
case CKM_KEA_KEY_DERIVE : name = " KEA_KEY_DERIVE " ; break ;
# endif
# ifdef CKM_FORTEZZA_TIMESTAMP
case CKM_FORTEZZA_TIMESTAMP : name = " FORTEZZA_TIMESTAMP " ; break ;
# endif
# ifdef CKM_BATON_KEY_GEN
case CKM_BATON_KEY_GEN : name = " BATON_KEY_GEN " ; break ;
# endif
# ifdef CKM_BATON_ECB128
case CKM_BATON_ECB128 : name = " BATON_ECB128 " ; break ;
# endif
# ifdef CKM_BATON_ECB96
case CKM_BATON_ECB96 : name = " BATON_ECB96 " ; break ;
# endif
# ifdef CKM_BATON_CBC128
case CKM_BATON_CBC128 : name = " BATON_CBC128 " ; break ;
# endif
# ifdef CKM_BATON_COUNTER
case CKM_BATON_COUNTER : name = " BATON_COUNTER " ; break ;
# endif
# ifdef CKM_BATON_SHUFFLE
case CKM_BATON_SHUFFLE : name = " BATON_SHUFFLE " ; break ;
# endif
# ifdef CKM_BATON_WRAP
case CKM_BATON_WRAP : name = " BATON_WRAP " ; break ;
# endif
# ifdef CKM_ECDSA_KEY_PAIR_GEN
case CKM_ECDSA_KEY_PAIR_GEN : name = " ECDSA_KEY_PAIR_GEN " ; break ;
# endif
# ifdef CKM_EC_KEY_PAIR_GEN
//case CKM_EC_KEY_PAIR_GEN: name="ECDSA_KEY_PAIR_GEN or
//EC_KEY_PAIR_GEN"; break;
# endif
# ifdef CKM_ECDSA
case CKM_ECDSA : name = " ECDSA " ; break ;
# endif
# ifdef CKM_ECDSA_SHA1
case CKM_ECDSA_SHA1 : name = " ECDSA_SHA1 " ; break ;
# endif
# ifdef CKM_ECDH1_DERIVE
case CKM_ECDH1_DERIVE : name = " ECDH1_DERIVE " ; break ;
# endif
# ifdef CKM_ECDH1_COFACTOR_DERIVE
case CKM_ECDH1_COFACTOR_DERIVE : name = " ECDH1_COFACTOR_DERIVE " ; break ;
# endif
# ifdef CKM_ECMQV_DERIVE
case CKM_ECMQV_DERIVE : name = " ECMQV_DERIVE " ; break ;
# endif
# ifdef CKM_JUNIPER_KEY_GEN
case CKM_JUNIPER_KEY_GEN : name = " JUNIPER_KEY_GEN " ; break ;
# endif
# ifdef CKM_JUNIPER_ECB128
case CKM_JUNIPER_ECB128 : name = " JUNIPER_ECB128 " ; break ;
# endif
# ifdef CKM_JUNIPER_CBC128
case CKM_JUNIPER_CBC128 : name = " JUNIPER_CBC128 " ; break ;
# endif
# ifdef CKM_JUNIPER_COUNTER
case CKM_JUNIPER_COUNTER : name = " JUNIPER_COUNTER " ; break ;
# endif
# ifdef CKM_JUNIPER_SHUFFLE
case CKM_JUNIPER_SHUFFLE : name = " JUNIPER_SHUFFLE " ; break ;
# endif
# ifdef CKM_JUNIPER_WRAP
case CKM_JUNIPER_WRAP : name = " JUNIPER_WRAP " ; break ;
# endif
# ifdef CKM_FASTHASH
case CKM_FASTHASH : name = " FASTHASH " ; break ;
# endif
# ifdef CKM_AES_KEY_GEN
case CKM_AES_KEY_GEN : name = " AES_KEY_GEN " ; break ;
# endif
# ifdef CKM_AES_ECB
case CKM_AES_ECB : name = " AES_ECB " ; break ;
# endif
# ifdef CKM_AES_CBC
case CKM_AES_CBC : name = " AES_CBC " ; break ;
# endif
# ifdef CKM_AES_MAC
case CKM_AES_MAC : name = " AES_MAC " ; break ;
# endif
# ifdef CKM_AES_MAC_GENERAL
case CKM_AES_MAC_GENERAL : name = " AES_MAC_GENERAL " ; break ;
# endif
# ifdef CKM_AES_CBC_PAD
case CKM_AES_CBC_PAD : name = " AES_CBC_PAD " ; break ;
# endif
# ifdef CKM_DSA_PARAMETER_GEN
case CKM_DSA_PARAMETER_GEN : name = " DSA_PARAMETER_GEN " ; break ;
# endif
# ifdef CKM_DH_PKCS_PARAMETER_GEN
case CKM_DH_PKCS_PARAMETER_GEN : name = " DH_PKCS_PARAMETER_GEN " ; break ;
# endif
# ifdef CKM_X9_42_DH_PARAMETER_GEN
case CKM_X9_42_DH_PARAMETER_GEN : name = " X9_42_DH_PARAMETER_GEN " ; break ;
# endif
# ifdef CKM_VENDOR_DEFINED
case CKM_VENDOR_DEFINED : name = " VENDOR_DEFINED " ; break ;
# endif
default : {
std : : stringstream ss ;
ss < < id ;
name = ss . str ( ) ;
}
}
return * this ;
}
/// Assign information.
MechanismInfo & operator = ( const CK_MECHANISM_INFO & info ) {
minKeySize = info . ulMinKeySize ;
maxKeySize = info . ulMaxKeySize ;
flags = info . flags ;
return * this ;
}
bool operator < ( const MechanismInfo & o ) const {
return id < o . id ;
}
} ;
typedef std : : set < MechanismInfo > MechanismList ;
/// Handle slot information.
struct SlotInfo {
FixString < 64 > slotDescription ;
FixString < 32 > manufacturerID ;
CK_FLAGS flags ;
CK_VERSION hardwareVersion ;
CK_VERSION firmwareVersion ;
SlotInfo ( ) {
}
//! Convert C-Structure of Slot Information Into C++
SlotInfo ( const CK_SLOT_INFO & cInfo ) :
slotDescription ( cInfo . slotDescription ) ,
manufacturerID ( cInfo . manufacturerID ) ,
flags ( cInfo . flags ) ,
hardwareVersion ( cInfo . hardwareVersion ) ,
firmwareVersion ( cInfo . firmwareVersion ) {
}
} ;
struct TokenInfo ; // forward declaration
inline std : : ostream & operator < < ( std : : ostream & out , const TokenInfo & ti ) ;
/// Handle token information.
struct TokenInfo {
FixString < 32 > label ;
FixString < 32 > manufacturerID ;
FixString < 16 > model ;
FixString < 16 > serialNumber ;
CK_FLAGS flags ;
CK_ULONG maxSessionCount ;
CK_ULONG sessionCount ;
CK_ULONG maxRwSessionCount ;
CK_ULONG rwSessionCount ;
CK_ULONG maxPinLen ;
CK_ULONG minPinLen ;
CK_ULONG totalPublicMemory ;
CK_ULONG freePublicMemory ;
CK_ULONG totalPrivateMemory ;
CK_ULONG freePrivateMemory ;
CK_VERSION hardwareVersion ;
CK_VERSION firmwareVersion ;
FixString < 16 > utcTime ;
TokenInfo ( ) {
CRYPTOLOG ( " log " ) ;
}
//! Convert C-Structure of Token Information Into C++
TokenInfo ( const CK_TOKEN_INFO & cInfo ) :
label ( cInfo . label ) ,
manufacturerID ( cInfo . manufacturerID ) ,
model ( cInfo . model ) ,
serialNumber ( cInfo . serialNumber ) ,
flags ( cInfo . flags ) ,
maxSessionCount ( cInfo . ulMaxSessionCount ) ,
sessionCount ( cInfo . ulSessionCount ) ,
maxRwSessionCount ( cInfo . ulMaxRwSessionCount ) ,
rwSessionCount ( cInfo . ulRwSessionCount ) ,
maxPinLen ( cInfo . ulMaxPinLen ) ,
minPinLen ( cInfo . ulMinPinLen ) ,
totalPublicMemory ( cInfo . ulTotalPublicMemory ) ,
freePublicMemory ( cInfo . ulFreePublicMemory ) ,
totalPrivateMemory ( cInfo . ulTotalPrivateMemory ) ,
freePrivateMemory ( cInfo . ulFreePrivateMemory ) ,
hardwareVersion ( cInfo . hardwareVersion ) ,
firmwareVersion ( cInfo . firmwareVersion ) ,
utcTime ( cInfo . utcTime ) {
CRYPTOLOG ( " log *this={ " < < * this < < ' } ' ) ;
}
} ;
/// Textual representation for token information.
inline std : : ostream & operator < < ( std : : ostream & out , const TokenInfo & ti ) {
return out
< < " label= " < < ti . label < < std : : endl
< < " manufacturerID= " < < ti . manufacturerID < < std : : endl
< < " model= " < < ti . model < < std : : endl
< < " serialNumber= " < < ti . serialNumber < < std : : endl
< < " flags= " < < ti . flags < < std : : endl
< < " maxSessionCount= " < < ti . maxSessionCount < < std : : endl
< < " sessionCount= " < < ti . sessionCount < < std : : endl
< < " maxRwSessionCount= " < < ti . maxRwSessionCount < < std : : endl
< < " rwSessionCount= " < < ti . rwSessionCount < < std : : endl
< < " maxPinLen= " < < ti . maxPinLen < < std : : endl
< < " minPinLen= " < < ti . minPinLen < < std : : endl
< < " totalPublicMemory= " < < ti . totalPublicMemory < < std : : endl
< < " freePublicMemory= " < < ti . freePublicMemory < < std : : endl
< < " totalPrivateMemory= " < < ti . totalPrivateMemory < < std : : endl
< < " freePrivateMemory= " < < ti . freePrivateMemory < < std : : endl
< < " hardwareVersion= " < < ti . hardwareVersion . major < < ' . '
< < ti . hardwareVersion . minor < < std : : endl
< < " firmwareVersion= " < < ti . firmwareVersion . major < < ' . '
< < ti . firmwareVersion . minor < < std : : endl
< < " utcTime= " < < ti . utcTime ;
}
/// Handle library information.
struct Info {
CK_VERSION cryptokiVersion ;
FixString < 32 > manufacturerID ;
CK_FLAGS flags ;
FixString < 32 > libraryDescription ;
CK_VERSION libraryVersion ;
} ;
//@}
/*! @addtogroup cryptokilib */
//@{
/// Load Cryptoki Library for use with Smart Card.
/** This is your starting point when accessing tokens through
PKCS # 11. Get an instance using Library : : Library . */
class Library {
friend class Slot ;
public :
//! Initialize for a given library
/*! @note Do not instanciate more than one Library instance per
shared library . Normally you need only one instance .
@ param library name of the shared library that supports pkcs # 11
@ param exceptions whether exceptions should be thrown */
Library ( const std : : string & library , bool exceptions = true ) :
_init ( new Init ( library , exceptions ) ) {
CRYPTOLOG ( " log " ) ;
}
protected :
Library ( ) {
CRYPTOLOG ( " log " ) ;
}
private :
/// Initiatlize the library: load and unload the shared object.
class Init {
private :
friend class Library ;
bool _exc ;
CK_RV _res ;
CK_FUNCTION_LIST * _fn ;
# ifndef WIN32
void * _lib ;
# else
HINSTANCE _lib ;
# endif
//! Initialize Funcion List for this Instance
bool functionList ( const std : : string & library ) ;
bool check ( CK_RV result , const std : : string & context = " " ) ;
/*! @return error text of last cryptoki call */
std : : string error ( CK_RV res ) ;
public :
/// Called from Library::Library
Init ( const std : : string & library = " opensc-pkcs11.so " , bool exc = true ) ;
~ Init ( ) ;
Init & reset ( ) {
check ( _fn - > C_Finalize ( 0 ) , CRYPTOKI_FN_LOG ( " C_Finalize " ) ) ;
check ( _fn - > C_Initialize ( 0 ) , CRYPTOKI_FN_LOG ( " C_Initialize " ) ) ;
return * this ;
}
CK_FUNCTION_LIST * fn ( ) {
return _fn ;
}
/*! @name C Like Error Handling
You are strongly recommended not to disable exception
handling . If you disable it , you must check after every
operation whether it was successful or not . These methods
provide all you need for that . */
//@{
/*! @return @c true if last cryptoki on this object call was
successful */
operator bool ( ) ;
/*! @return error text of last cryptoki call */
std : : string error ( ) ;
//@}
} ;
public :
/// Get pointer to cryptoki API functions.
/** Used internally, normally you shouldn't use this directly. */
CK_FUNCTION_LIST * operator - > ( ) {
return _init - > fn ( ) ;
}
/*! @name C Like Error Handling
You are strongly recommended not to disable exception
handling . If you disable it , you must check after every
operation whether it was successful or not . These methods
provide all you need for that . */
//@{
/// @return true if exceptions are thrown in case of error
bool exc ( ) {
return _init - > _exc ;
}
/*! @return @c true if last cryptoki on this object call was successful */
operator bool ( ) {
return * _init ;
}
/*! @return error text of last cryptoki call */
std : : string error ( ) {
return _init - > error ( ) ;
}
/// Convert @c CK_RV return code to a human readable text.
std : : string error ( CK_RV res ) {
return _init - > error ( res ) ;
}
//@}
/// Get cryptoki library informartion.
Info info ( ) {
CRYPTOLOG ( " log " ) ;
Info inf ;
CK_INFO cInf ;
//! calls @c C_GetInfo
if ( ! _init - > check ( _init - > fn ( )
- > C_GetInfo ( & cInf ) , CRYPTOKI_FN_LOG ( " C_GetInfo " ) ) )
return inf ;
inf . cryptokiVersion = cInf . cryptokiVersion ;
inf . manufacturerID = cInf . manufacturerID ;
inf . flags = cInf . flags ;
inf . libraryDescription = cInf . libraryDescription ;
inf . libraryVersion = cInf . libraryVersion ;
return inf ;
}
//! Get a list of available slots
/*! @param tokenPresent whether a token must be inserted into the
reader
@ param name if given , only return slots with a given name
@ return list of matching slots */
SlotList slotList ( bool tokenPresent = true ,
std : : string name = std : : string ( ) ) ;
private :
std : : shared_ptr < Init > _init ;
} ;
//! Slot and Token Management
class Slot {
private :
friend class Library ;
friend class Session ;
friend class Object ;
Library _library ;
CK_SLOT_ID _slot ;
CK_RV _res ;
public :
Slot ( const Slot & o ) :
_library ( o . _library ) , _slot ( o . _slot ) , _res ( o . _res ) {
CRYPTOLOG ( " ID= " < < _slot ) ;
}
/// Slots are created from Library::slotList.
/** @note Empty constructor needs immediate assignment. This
constructor is public only to be inserted to STL
containers . */
Slot ( ) : _slot ( 0 ) , _res ( - 1 ) {
CRYPTOLOG ( " ID= " < < _slot ) ;
}
Slot & operator = ( const Slot & o ) {
_library = o . _library ;
_slot = o . _slot ;
_res = o . _res ;
CRYPTOLOG ( " ID= " < < _slot ) ;
return * this ;
}
private :
/// Slots are created from Library::slotList.
Slot ( const Library & lib , CK_SLOT_ID slot ) :
_library ( lib ) , _slot ( slot ) , _res ( CKR_OK ) {
CRYPTOLOG ( " ID= " < < _slot ) ;
}
bool check ( CK_RV result , const std : : string & context = " " ) {
_res = result ;
if ( _library . exc ( ) & & ! * this ) {
if ( ! context . empty ( ) ) {
throw access_error ( context + " : " + error ( ) ) ;
} else {
throw access_error ( error ( ) ) ;
}
}
return _res = = CKR_OK ;
}
public :
/*! @name C Like Error Handling
You are strongly recommended not to disable exception
handling . If you disable it , you must check after every
operation whether it was successful or not . These methods
provide all you need for that . */
//@{
/*! @return @c true if last cryptoki on this object call was successful */
operator bool ( ) {
return _res = = CKR_OK ;
}
/*! @return error text of last cryptoki call */
std : : string error ( ) {
return _library . error ( _res ) ;
}
//@}
/// Access to the Library.
Library & library ( ) {
return _library ;
}
/// Get the Slot's MechanismInfo given a @c CK_MECHANISM_TYPE
/** Used internally by mechanismlist(). */
MechanismInfo mechanisminfo ( CK_MECHANISM_TYPE mechanism ) {
CRYPTOLOG ( " log " ) ;
CK_MECHANISM_INFO info ;
//! calls @c C_GetMechanismInfo
check ( _library - > C_GetMechanismInfo ( _slot , mechanism , & info ) ,
CRYPTOKI_FN_LOG ( " C_GetMechanismInfo " ) ) ;
return MechanismInfo ( mechanism , info ) ;
}
/// Get a list of the Slot's mechanisms.
MechanismList mechanismlist ( ) {
CRYPTOLOG ( " log " ) ;
MechanismList res ;
CK_ULONG count ( 0 ) ;
//! calls @c C_GetMechanismList
if ( ! check ( _library - > C_GetMechanismList ( _slot , 0 , & count ) ,
CRYPTOKI_FN_LOG ( " C_GetMechanismList " ) ) | | ! count ) return res ;
CK_MECHANISM_TYPE * mechanisms = 0 ;
try {
mechanisms = new CK_MECHANISM_TYPE [ count ] ;
if ( ! check ( _library - > C_GetMechanismList ( _slot , mechanisms , & count ) ,
CRYPTOKI_FN_LOG ( " C_GetMechanismList " ) ) ) {
delete [ ] mechanisms ;
return res ;
}
for ( CK_ULONG i ( 0 ) ; i < count ; + + i )
res . insert ( mechanisminfo ( mechanisms [ i ] ) ) ;
} catch ( . . . ) {
delete [ ] mechanisms ;
throw ;
}
delete [ ] mechanisms ;
return res ;
}
//! Read Slot Information
SlotInfo slotinfo ( ) {
CRYPTOLOG ( " log " ) ;
CK_SLOT_INFO cInfo ;
//! calls @c C_GetSlotInfo
if ( ! check ( _library - > C_GetSlotInfo ( _slot , & cInfo ) ,
CRYPTOKI_FN_LOG ( " C_GetSlotInfo " ) ) )
return SlotInfo ( ) ;
return SlotInfo ( cInfo ) ;
}
//! Read Token Information
TokenInfo tokeninfo ( ) {
CRYPTOLOG ( " log " ) ;
//! calls @c C_GetTokenInfo
CK_TOKEN_INFO cInfo ;
if ( ! check ( _library - > C_GetTokenInfo ( _slot , & cInfo ) ,
CRYPTOKI_FN_LOG ( " C_GetTokenInfo " ) ) )
return TokenInfo ( ) ;
return TokenInfo ( cInfo ) ;
}
/// Initialize a token.
/** If the token has not been initialized (i.e. new from the
factory ) , then the @ c pin parameter becomes the initial value
of the SO PIN . If the token is being reinitialized , the @ c pin
parameter is checked against the existing SO PIN to
authorize the initialization operation . In both cases , the
SO PIN is the value @ c pin after the function completes
successfully . If the SO PIN is lost , then the card must be
reinitialized using a mechanism outside the scope of this
standard . The CKF_TOKEN_INITIALIZED flag in the
CK_TOKEN_INFO structure indicates the action that will
result from calling C_InitToken . If set , the token will be
reinitialized , and the client must supply the existing SO
password in @ c pin .
When a token is initialized , all objects that can be
destroyed are destroyed ( i . e . , all except for
“ indestructible ” objects such as keys built into the
token ) . Also , access by the normal user is disabled until
the SO sets the normal user ’ s PIN . Depending on the token ,
some “ default ” objects may be created , and attributes of
some objects may be set to default values .
If the token has a “ protected authentication path ” , as
indicated by the CKF_PROTECTED_AUTHENTICATION_PATH flag in
its CK_TOKEN_INFO being set , then that means that there is
some way for a user to be authenticated to the token without
having the application send a PIN through the Cryptoki
library . One such possibility is that the user enters a PIN
on a PINpad on the token itself , or on the slot device . To
initialize a token with such a protected authentication
path , the @ c pin parameter to C_InitToken should be empty .
During the execution of C_InitToken , the SO ’ s PIN will be
entered through the protected authentication path .
If the token has a protected authentication path other than
a PINpad , then it is token - dependent whether or not
C_InitToken can be used to initialize the token .
A token cannot be initialized if Cryptoki detects that any
application has an open session with it ; when a call to
C_InitToken is made under such circumstances , the call fails
with error CKR_SESSION_EXISTS . Unfortunately , it may happen
when C_InitToken is called that some other application does
have an open session with the token , but Cryptoki cannot
detect this , because it cannot detect anything about other
applications using the token . If this is the case , then the
consequences of the C_InitToken call are undefined .
The C_InitToken function may not be sufficient to properly
initialize complex tokens . In these situations , an
initialization mechanism outside the scope of Cryptoki must
be employed . The definition of “ complex token ” is product
specific .
@ param pin SO ' s initial PIN
@ param label label of the token */
bool inittoken ( std : : string pin , FixString < 32 > label ) {
CRYPTOLOG ( " log " ) ;
//! calls @c C_InitToken
std : : string in ( label ) ;
in . resize ( 32 , ' ' ) ;
if ( pin . size ( ) )
return check ( _library - > C_InitToken
( _slot ,
( unsigned char * ) & pin [ 0 ] , pin . size ( ) ,
( unsigned char * ) & in [ 0 ] ) ,
CRYPTOKI_FN_LOG ( " C_InitToken " ) ) ;
else
return check ( _library - > C_InitToken
( _slot ,
0 , 0 , // pin from external pin pad
( unsigned char * ) & in [ 0 ] ) ,
CRYPTOKI_FN_LOG ( " C_InitToken " ) ) ;
}
/*! @todo Not implemented:
@ code
class SlotEventListener {
public : virtual void slotEvent ( ) = 0 ;
}
bool registerforslotevent ( SlotEventListener & ) {
CRYPTOLOG ( " log " ) ;
//! calls @c C_WaitForSlotEvent
return check ( _library - > C_WaitForSlotEvent ( CK_FLAGS , & _slot , 0 ) ,
CRYPTOKI_FN_LOG ( " C_WaitForSlotEvent " ) ) ;
}
@ endcode */
} ;
/// Session Management
/** @note Not implemented: CK_RV C_CloseAllSessions(CK_SLOT_ID); */
class Session {
private :
friend class Login ;
friend class Object ;
typedef std : : multimap < CK_SLOT_ID , CK_SESSION_HANDLE > Slots ;
Slot _slot ;
CK_SESSION_HANDLE _session ;
CK_RV _res ;
static Slots & slots ( ) {
static Slots _slots ;
return _slots ;
}
Session ( ) ; // forbidden
bool check ( CK_RV result , const std : : string & context = " " ) {
_res = result ;
if ( _slot . library ( ) . exc ( ) & & ! * this ) {
if ( ! context . empty ( ) ) {
throw access_error ( context + " : " + error ( ) ) ;
} else {
throw access_error ( error ( ) ) ;
}
}
return _res = = CKR_OK ;
}
//! calls @c C_OpenSession if it's the first session
void open ( bool rw = false ) {
CRYPTOLOG ( " references: " < < slots ( ) . count ( _slot . _slot ) ) ;
if ( slots ( ) . count ( _slot . _slot ) = = 0 ) {
check ( _slot . library ( ) - > C_OpenSession
( _slot . _slot , CKF_SERIAL_SESSION | ( rw ? CKF_RW_SESSION : 0 ) ,
0 , 0 , & _session ) ,
CRYPTOKI_FN_LOG ( " C_OpenSession " ) ) ;
} else {
_session = slots ( ) . find ( _slot . _slot ) - > second ;
}
slots ( ) . insert ( std : : make_pair ( _slot . _slot , _session ) ) ;
}
//! calls @c C_CloseSession if it's the last session
void close ( ) {
CRYPTOLOG ( " references: " < < slots ( ) . count ( _slot . _slot ) ) ;
if ( slots ( ) . count ( _slot . _slot ) = = 1 ) {
slots ( ) . erase ( slots ( ) . find ( _slot . _slot ) ) ;
check ( _slot . library ( ) - > C_CloseSession ( _session ) ,
CRYPTOKI_FN_LOG ( " C_CloseSession " ) ) ;
} else {
slots ( ) . erase ( slots ( ) . find ( _slot . _slot ) ) ;
}
_session = 0 ;
}
public :
//! Opens a new session.
/*! @param slot slot to open a session on
@ param rw whether session is read / write or read only */
Session ( const Slot & slot , bool rw = false ) :
_slot ( slot ) , _session ( 0 ) , _res ( CKR_OK ) {
CRYPTOLOG ( " log " ) ;
open ( rw ) ;
//! @todo pass parameter
}
//! Copy session.
Session ( const Session & o ) :
_slot ( o . _slot ) , _session ( o . _session ) , _res ( CKR_OK ) {
CRYPTOLOG ( " log " ) ;
slots ( ) . insert ( std : : make_pair ( _slot . _slot , _session ) ) ;
//! @todo pass parameter
}
~ Session ( ) try {
CRYPTOLOG ( " log " < < ( std : : uncaught_exception ( ) ? " IN EXCEPTION " : " " ) ) ;
try {
logout ( ) ;
} catch ( const std : : exception & x ) {
CRYPTOLOG ( " caught: " < < x . what ( ) ) ;
close ( ) ;
if ( ! std : : uncaught_exception ( ) ) throw ;
} catch ( . . . ) {
CRYPTOLOG ( " caught " ) ;
close ( ) ;
if ( ! std : : uncaught_exception ( ) ) throw ;
}
close ( ) ;
} catch ( const std : : exception & x ) {
CRYPTOLOG ( " caught: " < < x . what ( ) ) ;
if ( ! std : : uncaught_exception ( ) ) throw ;
} catch ( . . . ) {
CRYPTOLOG ( " caught " ) ;
if ( ! std : : uncaught_exception ( ) ) throw ;
}
/*! @name Comfortable Access
Use these methods in favour of the Low Level Cryptoki
Functions . They provide a higher level simpler access . */
//@{
//! Get a list of matching objects.
ObjectList find ( const AttributeList & attrs = AttributeList ( ) ) ;
//! Get a list of matching objects.
ObjectList find ( const Attribute & a ) ;
//! Get a list of matching objects.
ObjectList find ( const Attribute & a1 , const Attribute & a2 ) ;
//! Create a new Certificate Object.
Object create ( const std : : string & label , const openssl : : X509 & cert ) ;
//! Create a new PrivateKey Object.
Object create ( const std : : string & label , const openssl : : PrivateKey & key ,
const openssl : : X509 & cert ) ;
//@}
/*! @name C Like Error Handling
You are strongly recommended not to disable exception
handling . If you disable it , you must check after every
operation whether it was successful or not . These methods
provide all you need for that . */
//@{
/*! @return @c true if last cryptoki on this object call was successful */
operator bool ( ) {
return _res = = CKR_OK ;
}
/*! @return error text of last cryptoki call */
std : : string error ( ) {
return _slot . library ( ) . error ( _res ) ;
}
//@}
/*! @name Low Level Cryptoki Functions
Direct access to the low level cryptoki API . Better use the
comfort methods . */
//@{
bool cancel ( ) {
CRYPTOLOG ( " log " ) ;
//! calls @c C_CancelFunction
return check ( _slot . library ( ) - > C_CancelFunction ( _session ) ,
CRYPTOKI_FN_LOG ( " C_CancelFunction " ) ) ;
}
//! Create a new object.
Object create ( const AttributeList & attrs ) ;
std : : string digest ( std : : string in ) {
CRYPTOLOG ( " log " ) ;
std : : string res ;
res . resize ( in . size ( ) ) ;
CK_ULONG size ( res . size ( ) ) ; //! @todo check if size is ok
//! calls @c C_Digest
check ( _slot . library ( ) - > C_Digest
( _session ,
( unsigned char * ) & in [ 0 ] , in . size ( ) ,
( unsigned char * ) & res [ 0 ] , & size ) ,
CRYPTOKI_FN_LOG ( " C_Digest " ) ) ;
res . resize ( size ) ;
return res ;
}
std : : string digestencryptupdate ( std : : string in ) {
CRYPTOLOG ( " log " ) ;
std : : string res ;
res . resize ( in . size ( ) ) ;
CK_ULONG size ( res . size ( ) ) ; //! @todo check if size is ok
//! calls @c C_DigestEncryptUpdate
check ( _slot . library ( ) - > C_DigestEncryptUpdate
( _session ,
( unsigned char * ) & in [ 0 ] , in . size ( ) ,
( unsigned char * ) & res [ 0 ] , & size ) ,
CRYPTOKI_FN_LOG ( " C_DigestEncryptUpdate " ) ) ;
res . resize ( size ) ;
return res ;
}
/*! @todo Not implemented:
@ code
bool digestfinal ( ) {
CRYPTOLOG ( " log " ) ;
//! calls @c C_DigestFinal
return check ( _slot . library ( ) - > C_DigestFinal ( _session , CK_BYTE_PTR , CK_ULONG_PTR ) ,
CRYPTOKI_FN_LOG ( " C_DigestFinal " ) ) ;
}
@ endcode */
/*! @todo Not implemented:
@ code
bool digestinit ( ) {
CRYPTOLOG ( " log " ) ;
//! calls @c C_DigestInit
return check ( _slot . library ( ) - > C_DigestInit ( _session , CK_MECHANISM_PTR ) ,
CRYPTOKI_FN_LOG ( " C_DigestInit " ) ) ;
}
@ endcode */
/*! @todo Not implemented:
@ code
bool digestupdate ( ) {
CRYPTOLOG ( " log " ) ;
//! calls @c C_DigestUpdate
return check ( _slot . library ( ) - > C_DigestUpdate ( _session , CK_BYTE_PTR , CK_ULONG ) ,
CRYPTOKI_FN_LOG ( " C_DigestUpdate " ) ) ;
}
@ endcode */
/*! @todo Not implemented:
@ code
bool findobjectsfinal ( ) {
CRYPTOLOG ( " log " ) ;
//! calls @c C_FindObjectsFinal
return check ( _slot . library ( ) - > C_FindObjectsFinal ( _session ) ,
CRYPTOKI_FN_LOG ( " C_FindObjectsFinal " ) ) ;
}
@ endcode */
/*! @todo Not implemented:
@ code
bool findobjectsinit ( ) {
CRYPTOLOG ( " log " ) ;
//! calls @c C_FindObjectsInit
return check ( _slot . library ( ) - > C_FindObjectsInit ( _session , CK_ATTRIBUTE_PTR , CK_ULONG ) ,
CRYPTOKI_FN_LOG ( " C_FindObjectsInit " ) ) ;
}
@ endcode */
/*! @todo Not implemented:
@ code
bool findobjects ( ) {
CRYPTOLOG ( " log " ) ;
//! calls @c C_FindObjects
return check ( _session - > _slot . library ( ) - > C_FindObjects ( _session , CK_OBJECT_HANDLE_PTR , CK_ULONG ,
CK_ULONG_PTR ) ,
CRYPTOKI_FN_LOG ( " C_FindObjects " ) ) ;
}
@ endcode */
/*! @todo Not implemented:
@ code
bool generaterandom ( ) {
CRYPTOLOG ( " log " ) ;
//! calls @c C_GenerateRandom
return check ( _slot . library ( ) - > C_GenerateRandom ( _session , CK_BYTE_PTR , CK_ULONG ) ,
CRYPTOKI_FN_LOG ( " C_GenerateRandom " ) ) ;
}
@ endcode */
/*! @todo Not implemented:
@ code
bool getfunctionstatus ( ) {
CRYPTOLOG ( " log " ) ;
//! calls @c C_GetFunctionStatus
return check ( _slot . library ( ) - > C_GetFunctionStatus ( _session ) ,
CRYPTOKI_FN_LOG ( " C_GetFunctionStatus " ) ) ;
}
@ endcode */
/*! @todo Not implemented:
@ code
bool getoperationstate ( ) {
CRYPTOLOG ( " log " ) ;
//! calls @c C_GetOperationState
return check ( _slot . library ( ) - > C_GetOperationState ( _session , CK_BYTE_PTR , CK_ULONG_PTR ) ,
CRYPTOKI_FN_LOG ( " C_GetOperationState " ) ) ;
}
@ endcode */
/** definition of session info:
@ code
struct CK_SESSION_INFO {
CK_SLOT_ID slotID ;
CK_STATE state ;
CK_FLAGS flags ;
CK_ULONG ulDeviceError ;
} ;
@ endcode
where :
- @ c slotID ID of the slot that interfaces with the token
- @ c state The state of the session
- @ c 0 @ c CKS_RO_PUBLIC_SESSION
- @ c 1 @ c CKS_RO_USER_FUNCTIONS
- @ c 2 @ c CKS_RW_PUBLIC_SESSION
- @ c 3 @ c CKS_RW_USER_FUNCTIONS
- @ c 4 @ c CKS_RW_SO_FUNCTIONS
- @ c flags Bit flags that define the type of session ; the
flags are defined as :
- @ c CKF_RW_SESSION
- True if the session is read / write .
- False if the session is read only .
- @ c CKF_SERIAL_SESSION Deprecated , always true .
- @ c ulDeviceError An error code defined by the
cryptographic device . Used for errors not covered by
Cryptoki . */
struct Info : public CK_SESSION_INFO {
Info ( const CK_SESSION_INFO & si ) : CK_SESSION_INFO ( si ) {
}
bool readonly ( ) {
return ! readwrite ( ) ;
}
bool readwrite ( ) {
return flags | CKF_RW_SESSION ;
}
std : : string stateString ( ) {
switch ( state ) {
case 0 : return " CKS_RO_PUBLIC_SESSION " ;
case 1 : return " CKS_RO_USER_FUNCTIONS " ;
case 2 : return " CKS_RW_PUBLIC_SESSION " ;
case 3 : return " CKS_RW_USER_FUNCTIONS " ;
case 4 : return " CKS_RW_SO_FUNCTIONS " ;
default : return " <UNKNOWN> " ;
}
}
} ;
/** @return session information */
Info getsessioninfo ( ) {
CRYPTOLOG ( " log " ) ;
CK_SESSION_INFO info ;
//! calls @c C_GetSessionInfo
check ( _slot . library ( ) - > C_GetSessionInfo ( _session , & info ) ,
CRYPTOKI_FN_LOG ( " C_GetSessionInfo " ) ) ;
return info ;
}
/*! @todo Not implemented:
@ code
bool seedrandom ( ) {
CRYPTOLOG ( " log " ) ;
//! calls @c C_SeedRandom
return check ( _slot . library ( ) - > C_SeedRandom ( _session , CK_BYTE_PTR , CK_ULONG ) ,
CRYPTOKI_FN_LOG ( " C_SeedRandom " ) ) ;
}
@ endcode */
/*! @todo Not implemented:
@ code
bool setpin ( ) {
CRYPTOLOG ( " log " ) ;
//! calls @c C_SetPIN
return check ( _slot . library ( ) - > C_SetPIN ( _session , CK_CHAR_PTR , CK_ULONG , CK_CHAR_PTR , CK_ULONG ) ,
CRYPTOKI_FN_LOG ( " C_SetPIN " ) ) ;
}
@ endcode */
/*! @todo Not implemented:
@ code
bool initpin ( ) {
CRYPTOLOG ( " log " ) ;
//! calls @c C_InitPIN
return check ( _slot . library ( ) - > C_InitPIN ( _session , CK_CHAR_PTR , CK_ULONG ) ,
CRYPTOKI_FN_LOG ( " C_InitPIN " ) ) ;
}
@ endcode */
//@}
/** @name login with pin
Unlock access with pin ( login ) and unlock after use ( logout ) . */
//@{
private :
class Login {
public :
Login ( Session & session ,
const std : : string & pin ,
CK_USER_TYPE userType = CKU_USER ) : _session ( session ) {
CRYPTOLOG ( " log " ) ;
//! calls @c C_Login
_session . check ( _session . _slot . library ( ) - > C_Login
( _session . _session , userType ,
const_cast < CK_CHAR * > ( ( const CK_CHAR * ) pin . c_str ( ) ) ,
( int ) pin . size ( ) ) ,
CRYPTOKI_FN_LOG ( " C_Login " ) ) ;
}
~ Login ( ) {
try {
//! calls @c C_Logout
_session . check ( _session . _slot . library ( ) - > C_Logout
( _session . _session ) ,
CRYPTOKI_FN_LOG ( " C_Logout " ) ) ;
} catch ( const std : : exception & x ) {
if ( ! std : : uncaught_exception ( ) ) throw ;
CRYPTOLOG ( " ERROR during error cleanup: " < < x . what ( ) ) ;
} catch ( . . . ) {
if ( ! std : : uncaught_exception ( ) ) throw ;
CRYPTOLOG ( " ERROR during error cleanup. " ) ;
}
}
private :
Session & _session ;
} ;
public :
/// Login to card
/** @param pin to unlock card
@ param userType user type */
void login ( const std : : string & pin ,
CK_USER_TYPE userType = CKU_USER ) {
CRYPTOLOG ( " log " ) ;
_login = std : : shared_ptr < Login > ( new Login ( * this , pin , userType ) ) ;
}
/// Logout from card
/** Undo the last login. */
void logout ( ) {
CRYPTOLOG ( " log " ) ;
_login . reset ( ) ;
}
std : : shared_ptr < Login > _login ;
//@}
} ;
class Object {
private :
friend class Session ;
CK_OBJECT_HANDLE _object ;
Session _session ;
CK_RV _res ;
bool check ( CK_RV result , const std : : string & context = " " ) {
_res = result ;
if ( _session . _slot . library ( ) . exc ( ) & & ! * this ) {
if ( ! context . empty ( ) ) {
throw access_error ( context + " : " + error ( ) ) ;
} else {
throw access_error ( error ( ) ) ;
}
}
return _res = = CKR_OK ;
}
Object ( ) ; // forbidden
Object ( const Session & session , CK_OBJECT_HANDLE obj ) :
_object ( obj ) , _session ( session ) , _res ( CKR_OK ) {
CRYPTOLOG ( " log " ) ;
}
public :
/*! @name Comfortable Access
Use these methods in favour of the Low Level Cryptoki
Functions . They provide a higher level simpler access . */
//@{
std : : string encrypt ( const std : : string & data , CK_MECHANISM_TYPE type ,
const std : : string & param = std : : string ( ) ) {
CRYPTOLOG ( " log " ) ;
CRYPTOLOG ( " encryptinit " ) ;
encryptinit ( type , param ) ;
CRYPTOLOG ( " encrypt " ) ;
return encrypt ( data ) ;
//! @todo don't call encryptfinal()?
}
std : : string decrypt ( const std : : string & data , CK_MECHANISM_TYPE type ,
const std : : string & param = std : : string ( ) ) {
CRYPTOLOG ( " log " ) ;
CRYPTOLOG ( " decryptinit " ) ;
decryptinit ( type , param ) ;
CRYPTOLOG ( " decrypt " ) ;
return decrypt ( data ) ;
//! @todo don't call decryptfinal()?
}
std : : string sign ( const std : : string & data , CK_MECHANISM_TYPE type ,
const std : : string & param = std : : string ( ) ) {
CRYPTOLOG ( " log " ) ;
CRYPTOLOG ( " signinit " ) ;
signinit ( type , param ) ;
CRYPTOLOG ( " sign " ) ;
return sign ( data ) ;
//! @todo don't call signfinal()?
}
bool verify ( const std : : string & data , const std : : string & signature ,
CK_MECHANISM_TYPE type ,
const std : : string & param = std : : string ( ) ) {
CRYPTOLOG ( " log " ) ;
CRYPTOLOG ( " verifyinit " ) ;
verifyinit ( type , param ) ;
CRYPTOLOG ( " verify " ) ;
return verify ( data , signature ) ;
//! @todo don't call verifyfinal()?
}
bool destroy ( ) {
CRYPTOLOG ( " log " ) ;
//! calls @c C_DestroyObject
return check ( _session . _slot . library ( ) - > C_DestroyObject
( _session . _session , _object ) ,
CRYPTOKI_FN_LOG ( " C_DestroyObject " ) ) ;
}
//! Get a Single Attribute
Attribute operator [ ] ( CK_ATTRIBUTE_TYPE a ) {
CRYPTOLOG ( " log " ) ;
return attribute ( a ) ;
}
//! Get a Single Attribute
Attribute attribute ( CK_ATTRIBUTE_TYPE a ) {
CRYPTOLOG ( " log " ) ;
Attribute res ;
CK_ATTRIBUTE attr ;
attr . type = a ;
attr . pValue = 0 ;
attr . ulValueLen = 0 ;
//! calls @c C_GetAttributeValue
if ( ! check ( _session . _slot . library ( ) - > C_GetAttributeValue
( _session . _session , _object , & attr , 1 ) ,
CRYPTOKI_FN_LOG ( " C_GetAttributeValue " ) )
| | ! ( long ) attr . ulValueLen > 0l )
//! Without exception handling, size and type must be checked too.
return res ;
try {
attr . pValue = malloc ( attr . ulValueLen ) ;
attr . pValue = memset ( attr . pValue , 0 , attr . ulValueLen ) ;
if ( check ( _session . _slot . library ( ) - > C_GetAttributeValue
( _session . _session , _object , & attr , 1 ) ,
CRYPTOKI_FN_LOG ( " C_GetAttributeValue " ) ) )
/*! @todo There's no @c CKA_WRAP_TEMPLATE in Open
Cryptoki . From the Specs : « In the special case
of an attribute whose value is an array of
attributes , for example CKA_WRAP_TEMPLATE , where
it is passed in with pValue not NULL , then if
the pValue of elements within the array is
NULL_PTR then the ulValueLen of elements within
the array will be set to the required length . If
the pValue of elements within the array is not
NULL_PTR , then the ulValueLen element of
attributes within the array must reflect the
space that the corresponding pValue points to ,
and pValue is filled in if there is sufficient
room . Therefore it is important to initialize
the contents of a buffer before calling
C_GetAttributeValue to get such an array
value . If any ulValueLen within the array isn ' t
large enough , it will be set to - 1 and the
function will return CKR_BUFFER_TOO_SMALL , as it
does if an attribute in the pTemplate argument
has ulValueLen too small . Note that any
attribute whose value is an array of attributes
is identifiable by virtue of the attribute type
having the CKF_ARRAY_ATTRIBUTE bit set . » */
res = Attribute ( attr ) ;
else
free ( attr . pValue ) ;
} catch ( . . . ) {
free ( attr . pValue ) ;
throw ;
}
return res ;
}
//! Get a List of Attributes.
/*! If @c attrs is empty, all available attributes are
returned . Attributes that cannot be accessed or that are not
available in this Object won ' t be in the result map . There
is no exception in this case . */
AttributeMap attributes ( AttributeTypeList attrs
= AttributeTypeList ( ) ) {
CRYPTOLOG ( " log " ) ;
AttributeMap res ;
//! Gets all attributes, if @c attrs is empty
if ( attrs . empty ( ) ) {
attrs . push_back ( CKA_CLASS ) ;
attrs . push_back ( CKA_TOKEN ) ;
attrs . push_back ( CKA_PRIVATE ) ;
attrs . push_back ( CKA_LABEL ) ;
attrs . push_back ( CKA_APPLICATION ) ;
attrs . push_back ( CKA_VALUE ) ;
attrs . push_back ( CKA_OBJECT_ID ) ;
attrs . push_back ( CKA_CERTIFICATE_TYPE ) ;
attrs . push_back ( CKA_ISSUER ) ;
attrs . push_back ( CKA_SERIAL_NUMBER ) ;
attrs . push_back ( CKA_AC_ISSUER ) ;
attrs . push_back ( CKA_OWNER ) ;
attrs . push_back ( CKA_ATTR_TYPES ) ;
attrs . push_back ( CKA_TRUSTED ) ;
attrs . push_back ( CKA_KEY_TYPE ) ;
attrs . push_back ( CKA_SUBJECT ) ;
attrs . push_back ( CKA_ID ) ;
attrs . push_back ( CKA_SENSITIVE ) ;
attrs . push_back ( CKA_ENCRYPT ) ;
attrs . push_back ( CKA_DECRYPT ) ;
attrs . push_back ( CKA_WRAP ) ;
attrs . push_back ( CKA_UNWRAP ) ;
attrs . push_back ( CKA_SIGN ) ;
attrs . push_back ( CKA_SIGN_RECOVER ) ;
attrs . push_back ( CKA_VERIFY ) ;
attrs . push_back ( CKA_VERIFY_RECOVER ) ;
attrs . push_back ( CKA_DERIVE ) ;
attrs . push_back ( CKA_START_DATE ) ;
attrs . push_back ( CKA_END_DATE ) ;
attrs . push_back ( CKA_MODULUS ) ;
attrs . push_back ( CKA_MODULUS_BITS ) ;
attrs . push_back ( CKA_PUBLIC_EXPONENT ) ;
attrs . push_back ( CKA_PRIVATE_EXPONENT ) ;
attrs . push_back ( CKA_PRIME_1 ) ;
attrs . push_back ( CKA_PRIME_2 ) ;
attrs . push_back ( CKA_EXPONENT_1 ) ;
attrs . push_back ( CKA_EXPONENT_2 ) ;
attrs . push_back ( CKA_COEFFICIENT ) ;
attrs . push_back ( CKA_PRIME ) ;
attrs . push_back ( CKA_SUBPRIME ) ;
attrs . push_back ( CKA_BASE ) ;
attrs . push_back ( CKA_PRIME_BITS ) ;
//attrs.push_back(CKA_SUBPRIME_BITS);
attrs . push_back ( CKA_VALUE_BITS ) ;
attrs . push_back ( CKA_VALUE_LEN ) ;
attrs . push_back ( CKA_EXTRACTABLE ) ;
attrs . push_back ( CKA_LOCAL ) ;
attrs . push_back ( CKA_NEVER_EXTRACTABLE ) ;
attrs . push_back ( CKA_ALWAYS_SENSITIVE ) ;
attrs . push_back ( CKA_KEY_GEN_MECHANISM ) ;
attrs . push_back ( CKA_MODIFIABLE ) ;
attrs . push_back ( CKA_ECDSA_PARAMS ) ;
attrs . push_back ( CKA_EC_PARAMS ) ;
attrs . push_back ( CKA_EC_POINT ) ;
attrs . push_back ( CKA_SECONDARY_AUTH ) ;
attrs . push_back ( CKA_AUTH_PIN_FLAGS ) ;
attrs . push_back ( CKA_HW_FEATURE_TYPE ) ;
attrs . push_back ( CKA_RESET_ON_INIT ) ;
attrs . push_back ( CKA_HAS_RESET ) ;
attrs . push_back ( CKA_VENDOR_DEFINED ) ;
//attrs.push_back(CKA_IBM_OPAQUE);
}
for ( AttributeTypeList : : const_iterator it ( attrs . begin ( ) ) ;
it ! = attrs . end ( ) ; + + it ) {
CK_ATTRIBUTE attr ;
attr . type = * it ;
attr . pValue = 0 ;
attr . ulValueLen = 0 ;
try {
//! calls @c C_GetAttributeValue
if ( _session . _slot . library ( ) - > C_GetAttributeValue
( _session . _session , _object , & attr , 1 )
= = CKR_ATTRIBUTE_TYPE_INVALID
| | _res = = CKR_ATTRIBUTE_SENSITIVE ) {
continue ; //! Ignores unsupported Attributes.
} else {
check ( _res , CRYPTOKI_FN_LOG ( " C_GetAttributeValue " ) ) ;
if ( ( long ) attr . ulValueLen > 0l ) {
attr . pValue = malloc ( attr . ulValueLen ) ;
attr . pValue = memset ( attr . pValue , 0 , attr . ulValueLen ) ;
if ( check ( _session . _slot . library ( ) - > C_GetAttributeValue
( _session . _session , _object , & attr , 1 ) ,
CRYPTOKI_FN_LOG ( " C_GetAttributeValue " ) ) )
/*! @todo There's no @c CKA_WRAP_TEMPLATE in Open
Cryptoki . From the Specs : « In the special
case of an attribute whose value is an
array of attributes , for example
CKA_WRAP_TEMPLATE , where it is passed in
with pValue not NULL , then if the pValue
of elements within the array is NULL_PTR
then the ulValueLen of elements within the
array will be set to the required
length . If the pValue of elements within
the array is not NULL_PTR , then the
ulValueLen element of attributes within
the array must reflect the space that the
corresponding pValue points to , and pValue
is filled in if there is sufficient
room . Therefore it is important to
initialize the contents of a buffer before
calling C_GetAttributeValue to get such an
array value . If any ulValueLen within the
array isn ' t large enough , it will be set
to - 1 and the function will return
CKR_BUFFER_TOO_SMALL , as it does if an
attribute in the pTemplate argument has
ulValueLen too small . Note that any
attribute whose value is an array of
attributes is identifiable by virtue of
the attribute type having the
CKF_ARRAY_ATTRIBUTE bit set . » */
res . insert ( std : : make_pair ( attr . type , Attribute ( attr ) ) ) ;
else
free ( attr . pValue ) ;
} else if ( * it = = CKA_MODULUS & & attr . ulValueLen = = 0 ) {
/*! @bug This is a bug in opensc-pkcs11.so: If
@ c CKA_MODULUS has a size of 0 bytes , the
following query to @ c CKA_MODULUS_BITS ends
in a segmentation fault .
@ note @ c CKA_MODULUS @ b must immediately be
followed by @ c CKA_MODULUS_BITS in the
attribute list , because if the size of @ c
CKA_MODULUS is 0 Bytes , the following
attribute query is skipped as a work around
to this bug . */
if ( + + it = = attrs . end ( ) ) break ;
}
}
} catch ( . . . ) {
free ( attr . pValue ) ;
throw ;
}
}
return res ;
}
//@}
/*! @name C Like Error Handling
You are strongly recommended not to disable exception
handling . If you disable it , you must check after every
operation whether it was successful or not . These methods
provide all you need for that . */
//@{
/*! @return @c true if last cryptoki on this object call was successful */
operator bool ( ) {
return _res = = CKR_OK ;
}
/*! @return error text of last cryptoki call */
std : : string error ( ) {
return _session . _slot . library ( ) . error ( _res ) ;
}
//@}
/*! @name Low Level Cryptoki Functions
Direct access to the low level cryptoki API . Better use the
comfort methods . */
//@{
/*! @todo Not implemented:
@ code
bool copyobject ( ) {
CRYPTOLOG ( " log " ) ;
//! calls @c C_CopyObject
return check ( _session . _slot . library ( ) - > C_CopyObject ( _session . _session , CK_OBJECT_HANDLE ,
CK_ATTRIBUTE_PTR , CK_ULONG , CK_OBJECT_HANDLE_PTR ) ,
CRYPTOKI_FN_LOG ( " C_CopyObject " ) ) ;
}
@ endcode */
bool decryptinit ( CK_MECHANISM_TYPE type , std : : string param ) {
CRYPTOLOG ( " log " ) ;
CK_MECHANISM mech = {
type , param . size ( ) ? & param [ 0 ] : 0 , ( CK_ULONG ) param . size ( )
} ;
CRYPTOLOG ( " decryptinit: type= " < < type < < " ; mech=( " < < mech . mechanism
< < " , " < < mech . pParameter < < " , " < < mech . ulParameterLen < < ' ) ' ) ;
//! calls @c C_DecryptInit
return check ( _session . _slot . library ( ) - > C_DecryptInit
( _session . _session , & mech , _object ) ,
CRYPTOKI_FN_LOG ( " C_DecryptInit " ) ) ;
}
//! requires decryptinit to be called before
std : : string decrypt ( const std : : string & in ) {
CRYPTOLOG ( " log " ) ;
std : : string res ;
CK_ULONG size ( 0 ) ; // two calls, first to get minimum buffer length
CRYPTOLOG ( " get size " ) ;
//! calls @c C_Decrypt
check ( _session . _slot . library ( ) - > C_Decrypt
( _session . _session ,
const_cast < CK_BYTE_PTR > ( ( const unsigned char * ) & in [ 0 ] ) ,
in . size ( ) , 0 , & size ) ,
CRYPTOKI_FN_LOG ( " C_Decrypt " ) ) ;
CRYPTOLOG ( " maximum size is " < < size < < " Bytes " ) ;
res . resize ( size , 0 ) ;
check ( _session . _slot . library ( ) - > C_Decrypt
( _session . _session ,
const_cast < CK_BYTE_PTR > ( ( const unsigned char * ) & in [ 0 ] ) ,
in . size ( ) ,
( unsigned char * ) & res [ 0 ] , & size ) ,
CRYPTOKI_FN_LOG ( " C_Decrypt " ) ) ;
CRYPTOLOG ( " exact size is " < < size < < " Bytes " ) ;
res . resize ( size ) ;
return res ;
}
std : : string decryptdigestupdate ( std : : string in ) {
CRYPTOLOG ( " log " ) ;
std : : string res ;
res . resize ( in . size ( ) ) ;
CK_ULONG size ( res . size ( ) ) ; //! @todo check if size is ok
//! calls @c C_DecryptDigestUpdate
check ( _session . _slot . library ( ) - > C_DecryptDigestUpdate
( _session . _session ,
const_cast < CK_BYTE_PTR > ( ( const unsigned char * ) & in [ 0 ] ) , in . size ( ) ,
( unsigned char * ) & res [ 0 ] , & size ) ,
CRYPTOKI_FN_LOG ( " C_DecryptDigestUpdate " ) ) ;
res . resize ( size ) ;
return res ;
}
bool decryptfinal ( ) {
CRYPTOLOG ( " log " ) ;
//! calls @c C_DecryptFinal
return check ( _session . _slot . library ( ) - > C_DecryptFinal
( _session . _session , 0 , 0 ) ,
CRYPTOKI_FN_LOG ( " C_DecryptFinal " ) ) ;
//! @todo does this work?
}
std : : string decryptupdate ( std : : string in ) {
CRYPTOLOG ( " log " ) ;
std : : string res ;
res . resize ( in . size ( ) ) ;
CK_ULONG size ( res . size ( ) ) ; //! @todo check if size is ok
//! calls @c C_DecryptUpdate
check ( _session . _slot . library ( ) - > C_DecryptUpdate
( _session . _session ,
( unsigned char * ) & in [ 0 ] , in . size ( ) ,
( unsigned char * ) & res [ 0 ] , & size ) ,
CRYPTOKI_FN_LOG ( " C_DecryptUpdate " ) ) ;
res . resize ( size ) ;
return res ;
}
std : : string decryptverifyupdate ( std : : string in ) {
CRYPTOLOG ( " log " ) ;
std : : string res ;
res . resize ( in . size ( ) ) ;
CK_ULONG size ( res . size ( ) ) ; //! @todo check if size is ok
//! calls @c C_DecryptVerifyUpdate
check ( _session . _slot . library ( ) - > C_DecryptVerifyUpdate
( _session . _session ,
( unsigned char * ) & in [ 0 ] , in . size ( ) ,
( unsigned char * ) & res [ 0 ] , & size ) ,
CRYPTOKI_FN_LOG ( " C_DecryptVerifyUpdate " ) ) ;
res . resize ( size ) ;
return res ;
}
std : : string sign ( std : : string in ) {
CRYPTOLOG ( " log " ) ;
std : : string res ;
CK_ULONG size ( 0 ) ;
check ( _session . _slot . library ( ) - > C_Sign
( _session . _session ,
( unsigned char * ) & in [ 0 ] , in . size ( ) , 0 , & size ) ,
CRYPTOKI_FN_LOG ( " C_Sign " ) ) ;
CRYPTOLOG ( " maximum size is " < < size < < " Bytes " ) ;
res . resize ( size , 0 ) ;
//! calls @c C_Sign
check ( _session . _slot . library ( ) - > C_Sign
( _session . _session ,
( unsigned char * ) & in [ 0 ] , in . size ( ) ,
( unsigned char * ) & res [ 0 ] , & size ) ,
CRYPTOKI_FN_LOG ( " C_Sign " ) ) ;
CRYPTOLOG ( " exact size is " < < size < < " Bytes " ) ;
res . resize ( size ) ;
return res ;
}
std : : string signencryptupdate ( std : : string in ) {
CRYPTOLOG ( " log " ) ;
std : : string res ;
res . resize ( in . size ( ) ) ;
CK_ULONG size ( res . size ( ) ) ; //! @todo check if size is ok
//! calls @c C_SignEncryptUpdate
check ( _session . _slot . library ( ) - > C_SignEncryptUpdate
( _session . _session ,
( unsigned char * ) & in [ 0 ] , in . size ( ) ,
( unsigned char * ) & res [ 0 ] , & size ) ,
CRYPTOKI_FN_LOG ( " C_SignEncryptUpdate " ) ) ;
res . resize ( size ) ;
return res ;
}
/*! @todo Not implemented:
@ code
bool signfinal ( ) {
CRYPTOLOG ( " log " ) ;
//! calls @c C_SignFinal
return check ( _slot . library ( ) - > C_SignFinal ( _session , CK_BYTE_PTR , CK_ULONG_PTR ) ,
CRYPTOKI_FN_LOG ( " C_SignFinal " ) ) ;
}
@ endcode */
std : : string signrecover ( std : : string in ) {
CRYPTOLOG ( " log " ) ;
std : : string res ;
res . resize ( in . size ( ) ) ;
CK_ULONG size ( res . size ( ) ) ; //! @todo check if size is ok
//! calls @c C_SignRecover
check ( _session . _slot . library ( ) - > C_SignRecover
( _session . _session ,
( unsigned char * ) & in [ 0 ] , in . size ( ) ,
( unsigned char * ) & res [ 0 ] , & size ) ,
CRYPTOKI_FN_LOG ( " C_SignRecover " ) ) ;
res . resize ( size ) ;
return res ;
}
/*! @todo Not implemented:
@ code
bool signupdate ( ) {
CRYPTOLOG ( " log " ) ;
//! calls @c C_SignUpdate
return check ( _session . _slot . library ( ) - > C_SignUpdate ( _session . _session , CK_BYTE_PTR , CK_ULONG ) ,
CRYPTOKI_FN_LOG ( " C_SignUpdate " ) ) ;
}
@ endcode */
bool verify ( std : : string data , std : : string signature ) {
CRYPTOLOG ( " log " ) ;
//! calls @c C_Verify
return check ( _session . _slot . library ( ) - > C_Verify
( _session . _session ,
( unsigned char * ) & data [ 0 ] , data . size ( ) ,
( unsigned char * ) & signature [ 0 ] , signature . size ( ) ) ,
CRYPTOKI_FN_LOG ( " C_Verify " ) ) ;
}
/*! @todo Not implemented:
@ code
bool verifyfinal ( ) {
CRYPTOLOG ( " log " ) ;
//! calls @c C_VerifyFinal
return check ( _session . _slot . library ( ) - > C_VerifyFinal ( _session . _session , CK_BYTE_PTR , CK_ULONG ) ,
CRYPTOKI_FN_LOG ( " C_VerifyFinal " ) ) ;
}
@ endcode */
std : : string verifyrecover ( std : : string in ) {
CRYPTOLOG ( " log " ) ;
std : : string res ;
res . resize ( in . size ( ) ) ;
CK_ULONG size ( res . size ( ) ) ; //! @todo check if size is ok
//! calls @c C_VerifyRecover
check ( _session . _slot . library ( ) - > C_VerifyRecover
( _session . _session ,
( unsigned char * ) & in [ 0 ] , in . size ( ) ,
( unsigned char * ) & res [ 0 ] , & size ) ,
CRYPTOKI_FN_LOG ( " C_VerifyRecover " ) ) ;
res . resize ( size ) ;
return res ;
}
/*! @todo Not implemented:
@ code
bool verifyupdate ( ) {
CRYPTOLOG ( " log " ) ;
//! calls @c C_VerifyUpdate
return check ( _session . _slot . library ( ) - > C_VerifyUpdate ( _session . _session , CK_BYTE_PTR , CK_ULONG ) ,
CRYPTOKI_FN_LOG ( " C_VerifyUpdate " ) ) ;
}
@ endcode */
/*! @todo Not implemented:
@ code
bool derivekey ( ) {
CRYPTOLOG ( " log " ) ;
//! calls @c C_DeriveKey
return check ( _session . _slot . library ( ) - > C_DeriveKey ( _session . _session , CK_MECHANISM_PTR , CK_OBJECT_HANDLE ,
CK_ATTRIBUTE_PTR , CK_ULONG , CK_OBJECT_HANDLE_PTR ) ,
CRYPTOKI_FN_LOG ( " C_DeriveKey " ) ) ;
}
@ endcode */
/*! @todo Not implemented:
@ code
bool digestkey ( ) {
CRYPTOLOG ( " log " ) ;
//! calls @c C_DigestKey
return check ( _session . _slot . library ( ) - > C_DigestKey ( _session . _session , CK_OBJECT_HANDLE ) ,
CRYPTOKI_FN_LOG ( " C_DigestKey " ) ) ;
}
@ endcode */
bool encryptinit ( CK_MECHANISM_TYPE type , const std : : string & param ) {
CRYPTOLOG ( " log " ) ;
CK_MECHANISM mech = {
type , param . size ( ) ? const_cast < CK_VOID_PTR > ( ( const void * ) & param [ 0 ] ) : 0 ,
( CK_ULONG ) param . size ( )
} ;
CRYPTOLOG ( " encryptinit: type= " < < type < < " ; mech=( " < < mech . mechanism
< < " , " < < mech . pParameter < < " , " < < mech . ulParameterLen < < ' ) ' ) ;
//! calls @c C_EncryptInit
return check ( _session . _slot . library ( ) - > C_EncryptInit
( _session . _session , & mech , _object ) ,
CRYPTOKI_FN_LOG ( " C_EncryptInit " ) ) ;
}
std : : string encrypt ( const std : : string & in ) {
CRYPTOLOG ( " log " ) ;
std : : string res ;
CK_ULONG size ( 0 ) ; // two calls, first to get minimum buffer length
CRYPTOLOG ( " get size " ) ;
//! calls @c C_Encrypt
check ( _session . _slot . library ( ) - > C_Encrypt
( _session . _session ,
const_cast < CK_BYTE_PTR > ( ( const unsigned char * ) & in [ 0 ] ) ,
in . size ( ) , 0 , & size ) ,
CRYPTOKI_FN_LOG ( " C_Decrypt " ) ) ;
CRYPTOLOG ( " maximum size is " < < size < < " Bytes " ) ;
res . resize ( size , 0 ) ;
check ( _session . _slot . library ( ) - > C_Encrypt
( _session . _session ,
const_cast < CK_BYTE_PTR > ( ( const unsigned char * ) & in [ 0 ] ) , in . size ( ) ,
( unsigned char * ) & res [ 0 ] , & size ) ,
CRYPTOKI_FN_LOG ( " C_Encrypt " ) ) ;
res . resize ( size ) ;
return res ;
}
/*! @todo Not implemented:
@ code
bool encryptfinal ( ) {
CRYPTOLOG ( " log " ) ;
//! calls @c C_EncryptFinal
return check ( _session . _slot . library ( ) - > C_EncryptFinal ( _session . _session , CK_BYTE_PTR , CK_ULONG_PTR ) ,
CRYPTOKI_FN_LOG ( " C_EncryptFinal " ) ) ;
}
@ endcode */
std : : string encryptupdate ( std : : string in ) {
CRYPTOLOG ( " log " ) ;
std : : string res ;
res . resize ( in . size ( ) ) ;
CK_ULONG size ( res . size ( ) ) ; //! @todo check if size is ok
//! calls @c C_EncryptUpdate
check ( _session . _slot . library ( ) - > C_EncryptUpdate
( _session . _session ,
( unsigned char * ) & in [ 0 ] , in . size ( ) ,
( unsigned char * ) & res [ 0 ] , & size ) ,
CRYPTOKI_FN_LOG ( " C_EncryptUpdate " ) ) ;
res . resize ( size ) ;
return res ;
}
/*! @todo Not implemented:
@ code
bool generatekey ( ) {
CRYPTOLOG ( " log " ) ;
//! calls @c C_GenerateKey
return check ( _session . _slot . library ( ) - > C_GenerateKey ( _session . _session , CK_MECHANISM_PTR , CK_ATTRIBUTE_PTR ,
CK_ULONG , CK_OBJECT_HANDLE_PTR ) ,
CRYPTOKI_FN_LOG ( " C_GenerateKey " ) ) ;
}
@ endcode */
/*! @todo Not implemented:
@ code
bool generatekeypair ( ) {
CRYPTOLOG ( " log " ) ;
//! calls @c C_GenerateKeyPair
return check ( _session . _slot . library ( ) - > C_GenerateKeyPair ( _session . _session , CK_MECHANISM_PTR , CK_ATTRIBUTE_PTR ,
CK_ULONG , CK_ATTRIBUTE_PTR , CK_ULONG ,
CK_OBJECT_HANDLE_PTR , CK_OBJECT_HANDLE_PTR ) ,
CRYPTOKI_FN_LOG ( " C_GenerateKeyPair " ) ) ;
}
@ endcode */
/*! @todo Not implemented:
@ code
bool getobjectsize ( ) {
CRYPTOLOG ( " log " ) ;
//! calls @c C_GetObjectSize
return check ( _session . _slot . library ( ) - > C_GetObjectSize ( _session . _session , CK_OBJECT_HANDLE , CK_ULONG_PTR ) ,
CRYPTOKI_FN_LOG ( " C_GetObjectSize " ) ) ;
}
@ endcode */
/*! @todo Not implemented:
@ code
bool setattributevalue ( ) {
CRYPTOLOG ( " log " ) ;
//! calls @c C_SetAttributeValue
return check ( _session . _slot . library ( ) - > C_SetAttributeValue ( _session . _session , CK_OBJECT_HANDLE ,
CK_ATTRIBUTE_PTR , CK_ULONG ) ,
CRYPTOKI_FN_LOG ( " C_SetAttributeValue " ) ) ;
}
@ endcode */
/*! @todo Not implemented:
@ code
bool setoperationstate ( ) {
CRYPTOLOG ( " log " ) ;
//! calls @c C_SetOperationState
return check ( _session . _slot . library ( ) - > C_SetOperationState ( _session . _session , CK_BYTE_PTR , CK_ULONG ,
CK_OBJECT_HANDLE , CK_OBJECT_HANDLE ) ,
CRYPTOKI_FN_LOG ( " C_SetOperationState " ) ) ;
}
@ endcode */
bool signinit ( CK_MECHANISM_TYPE type , std : : string param ) {
CRYPTOLOG ( " log " ) ;
CK_MECHANISM mech = {
type , param . size ( ) ? & param [ 0 ] : 0 , ( CK_ULONG ) param . size ( )
} ;
CRYPTOLOG ( " signinit: type= " < < type < < " ; mech=( " < < mech . mechanism
< < " , " < < mech . pParameter < < " , " < < mech . ulParameterLen < < ' ) ' ) ;
//! calls @c C_SignInit
return check ( _session . _slot . library ( ) - > C_SignInit
( _session . _session , & mech , _object ) ,
CRYPTOKI_FN_LOG ( " C_SignInit " ) ) ;
}
/*! @todo Not implemented:
@ code
bool signrecoverinit ( ) {
CRYPTOLOG ( " log " ) ;
//! calls @c C_SignRecoverInit
return check ( _session . _slot . library ( ) - > C_SignRecoverInit ( _session . _session , CK_MECHANISM_PTR , CK_OBJECT_HANDLE ) ,
CRYPTOKI_FN_LOG ( " C_SignRecoverInit " ) ) ;
}
@ endcode */
/*! @todo Not implemented:
@ code
bool unwrapkey ( ) {
CRYPTOLOG ( " log " ) ;
//! calls @c C_UnwrapKey
return check ( _session . _slot . library ( ) - > C_UnwrapKey ( _session . _session , CK_MECHANISM_PTR , CK_OBJECT_HANDLE ,
CK_BYTE_PTR , CK_ULONG , CK_ATTRIBUTE_PTR , CK_ULONG ,
CK_OBJECT_HANDLE_PTR ) ,
CRYPTOKI_FN_LOG ( " C_UnwrapKey " ) ) ;
}
@ endcode */
bool verifyinit ( CK_MECHANISM_TYPE type , std : : string param ) {
CRYPTOLOG ( " log " ) ;
CK_MECHANISM mech = {
type , param . size ( ) ? & param [ 0 ] : 0 , ( CK_ULONG ) param . size ( )
} ;
CRYPTOLOG ( " verifyinit: type= " < < type < < " ; mech=( " < < mech . mechanism
< < " , " < < mech . pParameter < < " , " < < mech . ulParameterLen < < ' ) ' ) ;
//! calls @c C_VerifyInit
return check ( _session . _slot . library ( ) - > C_VerifyInit
( _session . _session , & mech , _object ) ,
CRYPTOKI_FN_LOG ( " C_VerifyInit " ) ) ;
}
/*! @todo Not implemented:
@ code
bool verifyrecoverinit ( ) {
CRYPTOLOG ( " log " ) ;
//! calls @c C_VerifyRecoverInit
return check ( _session . _slot . library ( ) - > C_VerifyRecoverInit ( _session . _session , CK_MECHANISM_PTR , CK_OBJECT_HANDLE ) ,
CRYPTOKI_FN_LOG ( " C_VerifyRecoverInit " ) ) ;
}
@ endcode */
/*! @todo Not implemented:
@ code
bool wrapkey ( ) {
CRYPTOLOG ( " log " ) ;
//! calls @c C_WrapKey
return check ( _session . _slot . library ( ) - > C_WrapKey ( _session . _session , CK_MECHANISM_PTR , CK_OBJECT_HANDLE ,
CK_OBJECT_HANDLE , CK_BYTE_PTR , CK_ULONG_PTR ) ,
CRYPTOKI_FN_LOG ( " C_WrapKey " ) ) ;
}
@ endcode */
//@}
} ;
//@}
}
//! @addtogroup cryptokitypes
//@{
/// Append a cryptoki::Attribute to a cryptoki::AttributeList.
inline cryptoki : : AttributeList & operator < < ( cryptoki : : AttributeList & list ,
const cryptoki : : Attribute & attr ) {
CRYPTOLOG ( " log " ) ;
list . push_back ( attr ) ;
return list ;
}
/// Append a cryptoki::Attribute to a new copy of a cryptoki::AttributeList.
inline cryptoki : : AttributeList operator < < ( const cryptoki : : AttributeList & list ,
const cryptoki : : Attribute & attr ) {
CRYPTOLOG ( " log " ) ;
cryptoki : : AttributeList res ( list ) ;
res . push_back ( attr ) ;
return res ;
}
//@}
# endif
