An allocator used to allocate data for the attributes in this
[struct@Attributes] set.
This is a function that acts like g_realloc. Specifically it frees when length is
set to zero, it allocates when data is set to %NULL, and it reallocates when both
are valid.
The allocated memory, or %NULL when freeing.
Memory to allocate or deallocate.
New length of memory.
This structure represents a PKCS#11 `CK_ATTRIBUTE`. These attributes contain
information about a PKCS#11 object. Use [method@Object.get] or
[method@Object.set] to set and attributes on an object.
Although you are free to allocate a `GckAttribute` in your own code, no
functions in this library will operate on such an attribute.
The attribute type, such as `CKA_LABEL`.
The value of the attribute. May be %NULL.
The length of the attribute. May be [const@INVALID] if the
attribute is invalid.
Create a new PKCS#11 attribute. The value will be copied
into the new attribute.
the new attribute; when done with the attribute
use gck_attribute_free() to free it
the PKCS#11 attribute type to set on the attribute
the raw value of the attribute
the length of the attribute
Initialize a PKCS#11 attribute to boolean. This will result
in a CK_BBOOL attribute from the PKCS#11 specs.
the new attribute; when done with the attribute u
gck_attribute_free() to free it
the PKCS#11 attribute type to set on the attribute
the boolean value of the attribute
Initialize a PKCS#11 attribute to a date. This will result
in a CK_DATE attribute from the PKCS#11 specs.
the new attribute; when done with the attribute u
gck_attribute_free() to free it
the PKCS#11 attribute type to set on the attribute
the date value of the attribute
Create a new PKCS#11 attribute with empty data.
the new attribute; when done with the attribute
use gck_attribute_free() to free it
the PKCS#11 attribute type to set on the attribute
Create a new PKCS#11 attribute as 'invalid' or 'not found'
state. Specifically this sets the value length to (CK_ULONG)-1
as specified in the PKCS#11 specification.
the new attribute; when done with the attribute
use gck_attribute_free() to free it
the PKCS#11 attribute type to set on the attribute
Initialize a PKCS#11 attribute to a string. This will result
in an attribute containing the text, but not the null terminator.
The text in the attribute will be of the same encoding as you pass
to this function.
the new attribute; when done with the attribute u
gck_attribute_free() to free it
the PKCS#11 attribute type to set on the attribute
the null-terminated string value of the attribute
Initialize a PKCS#11 attribute to a unsigned long. This will result
in a `CK_ULONG` attribute from the PKCS#11 specs.
the new attribute; when done with the attribute u
gck_attribute_free() to free it
the PKCS#11 attribute type to set on the attribute
the ulong value of the attribute
Clear allocated memory held by a #GckAttribute.
This attribute must have been allocated by a Gck library function, or
the results of this method are undefined.
The type of the attribute will remain set.
Attribute to clear.
Dump the specified attribute using g_printerr().
The attribute
Duplicate the PKCS#11 attribute. All value memory is
also copied.
The @attr must have been allocated or initialized by a Gck function or
the results of this function are undefined.
the duplicated attribute; use gck_attribute_free()
to free it
the attribute to duplicate
Compare two attributes. Useful with <code>GHashTable</code>.
%TRUE if the attributes are equal.
first attribute to compare
second attribute to compare
Free an attribute and its allocated memory. These is usually
used with attributes that are allocated by [ctor@Attribute.new]
or a similar function.
attribute to free
Get the CK_BBOOL of a PKCS#11 attribute. No conversion
is performed. It is an error to pass an attribute to this
function unless you're know it's supposed to contain a
boolean value.
The boolean value of the attribute.
The attribute to retrieve value from.
Get the raw value in the attribute.
This is useful from scripting languages. C callers will generally
access the #GckAttribute struct directly.
This function will %NULL if the attribute contains empty or invalid
data. The returned data must not be modified and is only valid
as long as this @attribute.
the value data or %NULL
an attribute
the length of the returned data
Get the CK_DATE of a PKCS#11 attribute. No
conversion is performed. It is an error to pass an attribute
to this function unless you're know it's supposed to contain
a value of the right type.
The attribute to retrieve value from.
The date value to fill in with the parsed date.
Get the string value of a PKCS#11 attribute. No
conversion is performed. It is an error to pass an attribute
to this function unless you're know it's supposed to contain
a value of the right type.
a null terminated string, to be freed with
g_free(), or %NULL if the value was invalid
The attribute to retrieve value from.
Get the CK_ULONG value of a PKCS#11 attribute. No
conversion is performed. It is an error to pass an attribute
to this function unless you're know it's supposed to contain
a value of the right type.
The ulong value of the attribute.
The attribute to retrieve value from.
Hash an attribute for use in <code>GHashTable</code> keys.
the hash code
attribute to hash
Initialize a PKCS#11 attribute. This copies the value memory
into an internal buffer.
When done with the attribute you should use [method@Attribute.clear]
to free the internal memory.
an uninitialized attribute
the PKCS#11 attribute type to set on the attribute
The raw value of the attribute.
The length of the raw value.
Initialize a PKCS#11 attribute to boolean. This will result
in a CK_BBOOL attribute from the PKCS#11 specs.
When done with the attribute you should use [method@Attribute.clear]
to free the internal memory.
an uninitialized attribute
the PKCS#11 attribute type to set on the attribute
the boolean value of the attribute
Initialize a PKCS#11 attribute as a copy of another attribute.
This copies the value memory as well.
When done with the copied attribute you should use
[method@Attribute.clear] to free the internal memory.
An uninitialized attribute.
An attribute to copy.
Initialize a PKCS#11 attribute to a date. This will result
in a CK_DATE attribute from the PKCS#11 specs.
When done with the attribute you should use [method@Attribute.clear]
to free the internal memory.
an uninitialized attribute
the PKCS#11 attribute type to set on the attribute
the date value of the attribute
Initialize a PKCS#11 attribute to an empty state. The attribute
type will be set, but no data will be set.
When done with the attribute you should use [method@Attribute.clear]
to free the internal memory.
an uninitialized attribute
the PKCS#11 attribute type to set on the attribute
Initialize a PKCS#11 attribute to an 'invalid' or 'not found'
state. Specifically this sets the value length to (CK_ULONG)-1
as specified in the PKCS#11 specification.
When done with the attribute you should use [method@Attribute.clear]
to free the internal memory.
an uninitialized attribute
the PKCS#11 attribute type to set on the attribute
Initialize a PKCS#11 attribute to a string. This will result
in an attribute containing the text, but not the null terminator.
The text in the attribute will be of the same encoding as you pass
to this function.
When done with the attribute you should use [method@Attribute.clear]
to free the internal memory.
an uninitialized attribute
the PKCS#11 attribute type to set on the attribute
the null terminated string value of the attribute
Initialize a PKCS#11 attribute to a unsigned long. This will result
in a CK_ULONG attribute from the PKCS#11 specs.
When done with the attribute you should use [method@Attribute.clear]
to free the internal memory.
an uninitialized attribute
the PKCS#11 attribute type to set on the attribute
the ulong value of the attribute
Check if the PKCS#11 attribute represents 'invalid' or 'not found'
according to the PKCS#11 spec. That is, having length
of (CK_ULONG)-1.
Whether the attribute represents invalid or not.
The attribute to check.
A set of [struct@Attribute] structures.
These attributes contain information about a PKCS11 object. Use
[method@Object.get] or [method@Object.set] to set and retrieve attributes on
an object.
Create a new empty `GckAttributes` array.
The returned set of attributes is floating, and should either be passed to
another gck library function which consumes this floating reference, or if
you wish to keep these attributes around you should ref them with
gck_attributes_ref_sink() and unref them later with gck_attributes_unref().
a floating reference to the new attributes array;
when done with the array release it with gck_attributes_unref().
Should be set to always be [const@INVALID]
Creates an GckAttributes array with empty attributes
Terminate the argument list with [const@INVALID].
The returned set of attributes is floating, and should either be passed to
another gck library function which consumes this floating reference, or if
you wish to keep these attributes around you should ref them with
gck_attributes_ref_sink() and unref them later with gck_attributes_unref().
a floating reference to an empty set of attributes
the first empty attribute type
the other empty attribute types
Get attribute at the specified index in the attribute array.
Use [method@Attributes.count] to determine how many attributes are
in the array.
the specified attribute
The attributes array.
The attribute index to retrieve.
Check whether the attributes contain a certain attribute.
%TRUE if the attributes contain the attribute.
The attributes to check
The attribute to find
Get the number of attributes in this attribute array.
The number of contained attributes.
The attributes array to count.
Dump the attributes using g_printerr().
The attributes
Find an attribute with the specified type in the array.
the first attribute found with the specified type,
or %NULL
The attributes array to search.
The type of attribute to find.
Find an attribute with the specified type in the array.
The attribute (if found) must be of the right size to store
a boolean value (ie: CK_BBOOL). If the attribute is marked invalid
then it will be treated as not found.
Whether a value was found or not.
The attributes array to search.
The type of attribute to find.
The resulting gboolean value.
Find an attribute with the specified type in the array.
The attribute (if found) must be of the right size to store
a date value (ie: CK_DATE). If the attribute is marked invalid
then it will be treated as not found.
Whether a value was found or not.
The attributes array to search.
The type of attribute to find.
The resulting GDate value.
Find an attribute with the specified type in the array.
If the attribute is marked invalid then it will be treated as not found.
The resulting string will be null-terminated, and must be freed by the caller
using g_free().
Whether a value was found or not.
The attributes array to search.
The type of attribute to find.
The resulting string value.
Find an attribute with the specified type in the array.
The attribute (if found) must be of the right size to store
a unsigned long value (ie: CK_ULONG). If the attribute is marked invalid
then it will be treated as not found.
Whether a value was found or not.
The attributes array to search.
The type of attribute to find.
The resulting gulong value.
Reference this attributes array.
the attributes
An attribute array
#GckAttributes uses a floating reference count system. [method@Builder.end]
and [ctor@Attributes.new_empty] both return floating references.
Calling this function on a `GckAttributes` with a floating
reference will convert the floating reference into a full reference.
Calling this function on a non-floating `GckAttributes` results
in an additional normal reference being added.
In other words, if the @attrs is floating, then this call "assumes
ownership" of the floating reference, converting it to a normal
reference. If the @attrs is not floating, then this call adds a
new normal reference increasing the reference count by one.
All Gck library functions that assume ownership of floating references
are documented as such. Essentially any Gck function that performs
an operation using a #GckAttributes argument rather than operating on the
attributes themselves, will accept a floating reference.
the referenced attributes
an attribute array
Print out attributes to a string in aform that's useful for debugging
or logging.
The format of the string returned may change in the future.
a newly allocated string
the attributes
Unreference this attribute array.
When all outstanding references are gone, the array will be freed.
An attribute array
A builder for a set of attributes. Add attributes to a builder, and then use
[method@Builder.end] to get the completed [struct@Attributes].
The fields of #GckBuilder are private and not to be accessed directly.
Create a new `GckBuilder` not allocated on the stack, so it can be shared
across a single scope, and referenced / unreferenced.
Normally a `GckBuilder` is created on the stack, and simply initialized.
If the %GCK_BUILDER_SECURE_MEMORY flag is specified then non-pageable memory
will be used for the various values of the attributes in the builder
a new builder, to be freed with gck_builder_unref()
flags for the new builder
Add all the @attrs attributes to the builder. The attributes are added
uncondititionally whether or not attributes with the same types already
exist in the builder.
As an optimization, the attribute memory values are automatically shared
between the attributes and the builder.
the builder
the attributes to add
Add an attribute to the builder. The attribute is added unconditionally whether
or not an attribute with the same type already exists on the builder.
The @attr attribute must have been created or owned by the Gck library.
If you call this function on an arbitrary `GckAttribute` that is allocated on
the stack or elsewhere, then this will result in undefined behavior.
As an optimization, the attribute memory value is automatically shared
between the attribute and the builder.
the builder
the attribute to add
Add a new attribute to the builder for the boolean @value.
Unconditionally adds a new attribute, even if one with the same @attr_type
already exists.
the builder
the new attribute type
the attribute value
Add a new attribute to the builder with an arbitrary value. Unconditionally
adds a new attribute, even if one with the same @attr_type already exists.
The memory in @value is copied by the builder.
%NULL may be specified for the @value argument, in which case an empty
attribute is created. [const@INVALID] may be specified for the length, in
which case an invalid attribute is created in the PKCS#11 style.
the builder
the new attribute type
the new attribute memory
the length of the memory
Add a new attribute to the builder for the date @value.
Unconditionally adds a new attribute, even if one with the same @attr_type
already exists.
the builder
the new attribute type
the attribute value
Add a new attribute to the builder that is empty. Unconditionally
adds a new attribute, even if one with the same @attr_type already exists.
the builder
the new attribute type
Add the attributes in @attrs to the builder, with the exception of those
in the argument list. The attributes are added uncondititionally whether or
not attributes with the same types already exist in the builder.
The variable arguments must be unsigned longs.
```c
// Add all attributes in attrs except CKA_CLASS to the builder
gck_builder_add_except (builder, attrs, CKA_CLASS, GCK_INVALID);
```
As an optimization, the attribute memory values are automatically shared
between the attributes and the builder.
the builder
the attributes to add
the first type of attribute to to exclude
the remaining attribute types to exclude, ending with [const@INVALID]
Add the attributes in @attrs to the builder, with the exception of those
whose types are specified in @except_types. The attributes are added
uncondititionally whether or not attributes with the same types already
exist in the builder.
```c
// Add all attributes in attrs except CKA_CLASS to the builder
unsigned long except_types[] = { CKA_CLASS };
gck_builder_add_exceptv (builder, attrs, except_types, 1);
```
As an optimization, the attribute memory values are automatically shared
between the attributes and the builder.
the builder
the attributes to add
the except types
the number of except types
Add a new attribute to the builder that is invalid in the PKCS#11 sense.
Unconditionally adds a new attribute, even if one with the same @attr_type
already exists.
the builder
the new attribute type
Add the attributes specified in the argument list from @attrs to the
builder. The attributes are added uncondititionally whether or not
attributes with the same types already exist in the builder.
The variable arguments must be unsigned longs.
```c
// Add the CKA_ID and CKA_CLASS attributes from attrs to builder
gck_builder_add_only (builder, attrs, CKA_ID, CKA_CLASS, GCK_INVALID);
```
As an optimization, the attribute memory values are automatically shared
between the attributes and the builder.
the builder
the attributes to add
the first type of attribute to add
the remaining attribute types to add, ending with [const@INVALID]
Add the attributes with the types in @only_types from @attrs to the
builder. The attributes are added uncondititionally whether or not
attributes with the same types already exist in the builder.
```c
// Add the CKA_ID and CKA_CLASS attributes from attrs to builder
gulong only[] = { CKA_ID, CKA_CLASS };
gck_builder_add_onlyv (builder, attrs, only, 2);
```
As an optimization, the attribute memory values are automatically shared
between the attributes and the builder.
the builder
the attributes to add
the types of attributes to add
the number of attributes
Add a new attribute to the builder for the string @value or %NULL.
Unconditionally adds a new attribute, even if one with the same @attr_type
already exists.
the builder
the new attribute type
the attribute value
Add a new attribute to the builder for the unsigned long @value.
Unconditionally adds a new attribute, even if one with the same @attr_type
already exists.
the builder
the new attribute type
the attribute value
Clear the builder and release all allocated memory. The builder may be used
again to build another set of attributes after this function call.
If memory is shared between this builder and other attributes, then that
memory is only freed when both of them are cleared or unreferenced.
the builder
Make a copy of the builder and its state. The new builder is allocated
with [ctor@Builder.new] and should be freed with gck_builder_unref().
Attribute value memory is automatically shared between the two builders,
and is only freed when both are gone.
the builder copy, which should be freed with
gck_builder_unref().
the builder to copy
Complete the #GckBuilder, and return the attributes contained in the builder.
The #GckBuilder will be cleared after this function call, and it is no
longer necessary to use [method@Builder.clear] on it, although it is also
permitted. The builder may be used again to build another set of attributes
after this function call.
The returned set of attributes is floating, and should either be passed to
another gck library function which consumes this floating reference, or if
you wish to keep these attributes around you should ref them with
gck_attributes_ref_sink() and unref them later with gck_attributes_unref().
a floating reference to the attributes created
in the builder
the builder
Find an attribute in the builder. Both valid and invalid attributes (in
the PKCS#11 sense) are returned. If multiple attributes exist for the given
attribute type, then the first one is returned.
The returned [struct@Attribute] is owned by the builder and may not be
modified in any way. It is only valid until another attribute is added to or
set on the builder, or until the builder is cleared or unreferenced.
the attribute or %NULL if not found
the builder
the type of attribute to find
Find a boolean attribute in the builder that has the type @attr_type, is
of the correct boolean size, and is not invalid in the PKCS#11 sense.
If multiple attributes exist for the given attribute type, then the first\
one is returned.
whether a valid boolean attribute was found
the builder
the type of attribute to find
the location to place the found value
Find a date attribute in the builder that has the type @attr_type, is of
the correct date size, and is not invalid in the PKCS#11 sense.
If multiple attributes exist for the given attribute type, then the first
one is returned.
whether a valid date attribute was found
the builder
the type of attribute to find
the location to place the found value
Find a string attribute in the builder that has the type @attr_type, has a
non %NULL value pointer, and is not invalid in the PKCS#11 sense.
If multiple attributes exist for the given attribute type, then the first
one is returned.
whether a valid string attribute was found
the builder
the type of attribute to find
the location to place the found value
Find a unsigned long attribute in the builder that has the type @attr_type,
is of the correct unsigned long size, and is not invalid in the PKCS#11 sense.
If multiple attributes exist for the given attribute type, then the first
one is returned.
whether a valid unsigned long attribute was found
the builder
the type of attribute to find
the location to place the found value
Initialize a stack allocated builder, with the default flags.
This is equivalent to initializing a builder variable with the
%GCK_BUILDER_INIT constant, or setting it to zeroed memory.
```c
// Equivalent ways of initializing a GckBuilder
GckBuilder builder = GCK_BUILDER_INIT;
GckBuilder builder2;
GckBuilder builder3;
gck_builder_init (&builder2);
memset (&builder3, 0, sizeof (builder3));
```
the builder
Initialize a stack allocated builder, with the appropriate flags.
If the %GCK_BUILDER_SECURE_MEMORY flag is specified then non-pageable memory
will be used for the various values of the attributes in the builder
the builder
the flags for the new builder
Add a reference to a builder that was created with [ctor@Builder.new]. The
builder must later be unreferenced again with gck_builder_unref().
It is an error to use this function on builders that were allocated on the
stack.
the builder
the builder
Set all the @attrs attributes to the builder. If any attributes with the
same types are already present in the builder, then those attributes are
changed to the new values.
As an optimization, the attribute memory values are automatically shared
between the attributes and the builder.
the builder
the attributes to set
Set an attribute on the builder for the boolean @value.
If an attribute with @attr_type already exists in the builder then it is
changed to the new value, otherwise an attribute is added.
the builder
the new attribute type
the attribute value
Set a new attribute to the builder with an arbitrary value. If an attribute
with @attr_type already exists in the builder then it is changed to the new
value, otherwise an attribute is added.
The memory in @value is copied by the builder.
%NULL may be specified for the @value argument, in which case an empty
attribute is created. [const@INVALID] may be specified for the length, in
which case an invalid attribute is created in the PKCS#11 style.
the builder
the attribute type
the new attribute memory
the length of the memory
Set an attribute on the builder for the date @value.
If an attribute with @attr_type already exists in the builder then it is
changed to the new value, otherwise an attribute is added.
the builder
the new attribute type
the attribute value
Set an attribute on the builder that is empty. If an attribute
with @attr_type already exists in the builder then it is changed to the new
value, otherwise an attribute is added.
the builder
the attribute type
Set an attribute on the builder that is invalid in the PKCS#11 sense.
If an attribute with @attr_type already exists in the builder then it is
changed to the new value, otherwise an attribute is added.
the builder
the attribute type
Set an attribute on the builder for the string @value or %NULL.
If an attribute with @attr_type already exists in the builder then it is
changed to the new value, otherwise an attribute is added.
the builder
the new attribute type
the attribute value
Set an attribute on the builder for the unsigned long @value.
If an attribute with @attr_type already exists in the builder then it is
changed to the new value, otherwise an attribute is added.
the builder
the new attribute type
the attribute value
Take the attributes that have been built in the #GckBuilder. The builder
will no longer contain any attributes after this function call.
The returned set of attributes is a full reference, not floating.
the stolen attributes, which should be freed with
gck_attributes_unref()
the builder
Add a new attribute to the builder with an arbitrary value. Unconditionally
adds a new attribute, even if one with the same @attr_type already exists.
Ownership of the @value memory is taken by the builder, may be reallocated,
and is eventually freed with g_free(). The memory must have been allocated
using the standard GLib memory allocation routines.
%NULL may be specified for the @value argument, in which case an empty
attribute is created. [const@INVALID] may be specified for the length, in
which case an invalid attribute is created in the PKCS#11 style.
the builder
the new attribute type
the new
attribute memory
the length of the memory
Unreferences a builder. If this was the last reference then the builder
is freed.
It is an error to use this function on builders that were allocated on the
stack.
the builder
Flags to be used with a [method@Builder.init_full] and [ctor@Builder.new].
no special flags
use non-pageable memory for the values of the attributes
Checks the version of the Gck library that is being compiled
against.
```
#if !GCK_CHECK_VERSION (3, 0, 0)
#warning Old Gck version, disabling functionality
#endif
```
the major version to check for
the minor version to check for
the micro version to check for
Can be used to enumerate through PKCS#11 objects. It will automatically
create sessions as necessary.
Use [func@modules_enumerate_objects] or [func@modules_enumerate_uri] to
create an enumerator. To get the objects, use [method@Enumerator.next] or
[method@Enumerator.next_async] functions.
Get the enumerator that will be run after all objects from this one
are seen.
the chained enumerator or %NULL
the enumerator
Get the interaction used when a pin is needed
the interaction or %NULL
the enumerator
Get the type of objects created by this enumerator. The type will always
either be #GckObject or derived from it.
the type of objects created
an enumerator
Get the next object in the enumerator, or %NULL if there are no more objects.
%NULL is also returned if the function fails. Use the @error to determine
whether a failure occurred or not.
The next object, which must be released
using g_object_unref, or %NULL.
The enumerator
A #GCancellable or %NULL
Get the next set of objects from the enumerator. This operation completes
asynchronously.The maximum number of objects can be specified with
@max_objects. If -1 is specified, then all the remaining objects will be
enumerated.
An enumerator
The maximum number of objects to get
A #GCancellable or %NULL
Called when the result is ready
Data to pass to the callback
Complete an operation to enumerate next objects.
%NULL is also returned if the function fails. Use the @error to determine
whether a failure occurred or not.
The list of objects, which
should be freed with gck_list_unref_free()
An enumerator
The result passed to the callback
Get the next set of objects from the enumerator. The maximum number of
objects can be specified with @max_objects. If -1 is specified, then all
the remaining objects will be returned.
%NULL is also returned if the function fails. Use the @error to determine
whether a failure occurred or not.
A list of objects, which
should be freed using gck_list_unref_free().
An enumerator
The maximum amount of objects to enumerate
A #GCancellable or %NULL
Set a chained enumerator that will be run after all objects from this one
are seen.
the enumerator
the chained enumerator or %NULL
Set the interaction used when a pin is needed
the enumerator
the interaction or %NULL
Set the type of objects to be created by this enumerator. The type must
always be either #GckObject or derived from it.
If the #GckObjectCache interface is implemented on the derived class
and the default_types class field is set, then the enumerator will retrieve
attributes for each object.
an enumerator
the type of objects to create
Set the type of objects to be created by this enumerator. The type must
always be either #GckObject or derived from it.
If @attr_types and @attr_count are non-NULL and non-zero respectively,
then the #GckObjectCache interface is expected to be implemented on the
derived class, then the enumerator will retrieve attributes for each object.
an enumerator
the type of objects to create
types of attributes to retrieve for objects
the number of attributes to retrieve
Chained enumerator, which will be enumerated when this enumerator
has enumerated all its objects.
Interaction object used to ask the user for pins when opening
sessions. Used if the session_options of the enumerator have
%GCK_SESSION_LOGIN_USER
The type of objects that are created by the enumerator. Must be
GckObject or derived from it.
Various error codes. All the `CKR_XXX` error codes from PKCS#11 are also
relevant error codes.
Note that errors are returned as [struct@GLib.Error] structures. The `code`
member of the error then contains the raw PKCS#11 `CK_RV` result value.
a result code that signifies there was a problem
loading a PKCS#11 module, usually a shared library
Used as a terminator at the end of variable argument lists.
The major version number of the Gck library.
The micro version number of the Gck library.
The minor version number of the Gck library.
Represents a mechanism used with crypto operations.
The mechanism type
Mechanism specific data.
Length of mechanism specific data.
Represents information about a PKCS11 mechanism.
This is analogous to a CK_MECHANISM_INFO structure.
When you're done with this structure it should be released with
gck_mechanism_info_free().
The minimum key size that can be used with this mechanism.
The maximum key size that can be used with this mechanism.
Various PKCS11 flags that apply to this mechanism.
Make a copy of the mechanism info.
a newly allocated copy mechanism info
a mechanism info
Free the GckMechanismInfo and associated resources.
The mechanism info to free, or %NULL.
Holds a loaded PKCS#11 module. A PKCS#11 module is a shared library.
You can load and initialize a PKCS#11 module with the
[func@Module.initialize] call. If you already have a loaded and
initialized module that you'd like to use with the various Gck functions,
then you can use [ctor@Module.new].
Create a [class@Module] representing a PKCS#11 module. It is assumed that
this the module is already initialized. In addition it will not be
finalized when complete.
The new PKCS#11 module.
Initialized PKCS#11 function list pointer
Load and initialize a PKCS#11 module represented by a GckModule object.
The loaded PKCS#11 module or %NULL if failed.
The file system path to the PKCS#11 module to load.
optional cancellation object
Asynchronously load and initialize a PKCS#11 module represented by a
[class@Module] object.
the file system path to the PKCS#11 module to load
optional cancellation object
a callback which will be called when the operation completes
data to pass to the callback
Finishes the asynchronous initialize operation.
The initialized module, or %NULL
the asynchronous result
Checks equality of two modules. Two GckModule objects can point to the same
underlying PKCS#11 module.
%TRUE if module1 and module2 are equal.
%FALSE if either is not a GckModule.
a pointer to the first #GckModule
a pointer to the second #GckModule
Get the PKCS#11 function list for the module.
The function list, do not modify this structure.
The module for which to get the function list.
Get the info about a PKCS#11 module.
the module info; release this with gck_module_info_free()
The module to get info for.
Get the file path of this module. This may not be an absolute path, and
usually reflects the path passed to [func@Module.initialize].
The path, do not modify or free this value.
The module for which to get the path.
Get the GckSlot objects for a given module.
The possibly empty
list of slots. Release this with gck_list_unref_free().
The module for which to get the slots.
Whether to limit only to slots with a token present.
Create a hash value for the GckModule.
This function is intended for easily hashing a [class@Module] to add to
a [struct@GLib.HashTable] or similar data structure.
An integer that can be used as a hash value, or 0 if invalid.
a pointer to a #GckModule
Check whether the PKCS#11 URI matches the module
whether the URI matches or not
the module to match
the uri to match against the module
The raw PKCS#11 function list for the module.
This points to a CK_FUNCTION_LIST structure.
The PKCS#11 module file path.
This may be set to NULL if this object was created from an already
initialized module via the gck_module_new() function.
Use gck_session_set_interaction() instead of connecting to this signal.
Since 3.4
The object to be authenticated.
A displayable label which describes the object.
A gchar** where a password should be returned.
Use gck_session_set_interaction() instead of connecting to this signal.
Since 3.4
The slot to be authenticated.
A displayable label which describes the object.
A gchar** where a password should be returned.
Holds information about the PKCS#11 module.
This structure corresponds to `CK_MODULE_INFO` in the PKCS#11 standard. The
strings are %NULL terminated for easier use.
Use gck_module_info_free() to release this structure when done with it.
The major version of the module.
The minor version of the module.
The module manufacturer.
The module PKCS#11 flags.
The module description.
The major version of the library.
The minor version of the library.
Make a copy of the module info.
a newly allocated copy module info
a module info
Free a GckModuleInfo structure.
The module info to free, or %NULL.
Holds a handle to a PKCS11 object such as a key or certificate. Token
objects are stored on the token persistently. Others are transient and are
called session objects.
Initialize a GckObject from a raw PKCS#11 handle. Normally you would use
[method@Session.create_object] or [method@Session.find_objects] to access
objects.
The new object
The session through which this object is accessed or created.
The raw `CK_OBJECT_HANDLE` of the object.
Lookup attributes in the cache, or retrieve them from the object if necessary.
If @object is a #GckObjectCache then this will lookup the attributes there
first if available, otherwise will read them from the object and update
the cache.
If @object is not a #GckObjectCache, then the attributes will simply be
read from the object.
This may block, use the asynchronous version when this is not desirable
the attributes retrieved or %NULL on failure
the object
the types of attributes to update
the number of attribute types
optional cancellation object
Lookup attributes in the cache, or retrieve them from the object if necessary.
If @object is a #GckObjectCache then this will lookup the attributes there
first if available, otherwise will read them from the object and update
the cache.
If @object is not a #GckObjectCache, then the attributes will simply be
read from the object.
This will return immediately and complete asynchronously
the object
the types of attributes to update
the number of attribute types
optional cancellation object
called when the operation completes
data to pass to the callback
Complete an operation to lookup attributes in the cache or retrieve them
from the object if necessary.
the attributes retrieved or %NULL on failure
the object
the asynchrounous result passed to the callback
Destroy a PKCS#11 object, deleting it from storage or the session.
This call may block for an indefinite period.
Whether the call was successful or not.
The object to destroy.
Optional cancellable object, or %NULL to ignore.
Destroy a PKCS#11 object, deleting it from storage or the session.
This call will return immediately and complete asynchronously.
The object to destroy.
Optional cancellable object, or %NULL to ignore.
Callback which is called when operation completes.
Data to pass to the callback.
Get the status of the operation to destroy a PKCS#11 object, begun with
gck_object_destroy_async().
Whether the object was destroyed successfully or not.
The object being destroyed.
The result of the destory operation passed to the callback.
Checks equality of two objects. Two GckObject objects can point to the same
underlying PKCS#11 object.
%TRUE if object1 and object2 are equal.
%FALSE if either is not a GckObject.
a pointer to the first #GckObject
a pointer to the second #GckObject
Get the specified attributes from the object. This call may
block for an indefinite period.
the resulting PKCS#11 attributes, or %NULL if an
error occurred; the result must be unreffed when you're finished
with it
The object to get attributes from.
A #GCancellable or %NULL
A location to store an error.
The attribute types to get.
Get the specified attributes from the object. The attributes will be cleared
of their current values, and new attributes will be stored. The attributes
should not be accessed in any way except for referencing and unreferencing
them until gck_object_get_finish() is called.
This call returns immediately and completes asynchronously.
The object to get attributes from.
the types of the attributes to get
the number of attr_types
optional cancellation object, or %NULL
A callback which is called when the operation completes.
Data to be passed to the callback.
Get the data for the specified attribute from the object. For convenience
the returned data has a null terminator.
This call may block for an indefinite period.
the resulting PKCS#11
attribute data, or %NULL if an error occurred
The object to get attribute data from.
The attribute to get data for.
A #GCancellable or %NULL
The length of the resulting data.
Get the data for the specified attribute from the object.
This call will return immediately and complete asynchronously.
The object to get attribute data from.
The attribute to get data for.
An allocator with which to allocate memory for the data, or %NULL for default.
Optional cancellation object, or %NULL.
Called when the operation completes.
Data to be passed to the callback.
Get the result of an operation to get attribute data from
an object. For convenience the returned data has an extra null terminator,
not included in the returned length.
The PKCS#11 attribute data
or %NULL if an error occurred.
The object to get an attribute from.
The result passed to the callback.
The length of the resulting data.
Get the data for the specified attribute from the object. For convenience
the returned data has an extra null terminator, not included in the returned length.
This call may block for an indefinite period.
The resulting PKCS#11
attribute data, or %NULL if an error occurred.
The object to get attribute data from.
The attribute to get data for.
An allocator with which to allocate memory for the data, or %NULL for default.
Optional cancellation object, or %NULL.
The length of the resulting data.
Get the result of a get operation and return specified attributes from
the object.
No extra references are added to the returned attributes pointer.
The filled in attributes structure if successful or
%NULL if not successful.
The object to get attributes from.
The result passed to the callback.
Get the specified attributes from the object. This call may
block for an indefinite period.
No extra references are added to the returned attributes pointer.
During this call you may not access the attributes in any way.
a pointer to the filled in attributes if successful,
or %NULL if not
The object to get attributes from.
the types of the attributes to get
the number of attr_types
optional cancellation object, or %NULL
Get the raw PKCS#11 handle of a GckObject.
the raw CK_OBJECT_HANDLE object handle
The object.
Get the PKCS#11 module to which this object belongs.
the module, which should be unreffed after use
The object.
Get the PKCS#11 session assigned to make calls on when operating
on this object.
This will only return a session if it was set explitly on this
object. By default an object will open and close sessions
appropriate for its calls.
the assigned session, which must be unreffed after use
The object
Get an attribute template from the object. The attr_type must be for
an attribute which returns a template.
This call may block for an indefinite period.
the resulting PKCS#11 attribute template, or %NULL
if an error occurred
The object to get an attribute template from.
The template attribute type.
Optional cancellation object, or %NULL.
Get an attribute template from the object. The @attr_type must be for
an attribute which returns a template.
This call will return immediately and complete asynchronously.
The object to get an attribute template from.
The template attribute type.
Optional cancellation object, or %NULL.
Called when the operation completes.
Data to be passed to the callback.
Get the result of an operation to get attribute template from
an object.
the resulting PKCS#11 attribute template, or %NULL
if an error occurred
The object to get an attribute from.
The result passed to the callback.
Create a hash value for the GckObject.
This function is intended for easily hashing a GckObject to add to
a GHashTable or similar data structure.
An integer that can be used as a hash value, or 0 if invalid.
a pointer to a #GckObject
Set PKCS#11 attributes on an object. This call may block for an indefinite period.
If the @attrs #GckAttributes is floating, it is consumed.
Whether the call was successful or not.
The object to set attributes on.
The attributes to set on the object.
Optional cancellable object, or %NULL to ignore.
Set PKCS#11 attributes on an object. This call will return
immediately and completes asynchronously.
If the @attrs #GckAttributes is floating, it is consumed.
The object to set attributes on.
The attributes to set on the object.
Optional cancellable object, or %NULL to ignore.
Callback which is called when operation completes.
Data to pass to the callback.
Get the status of the operation to set attributes on a PKCS#11 object,
begun with gck_object_set_async().
Whether the attributes were successfully set on the object or not.
The object to set attributes on.
The result of the destory operation passed to the callback.
Set an attribute template on the object. The attr_type must be for
an attribute which contains a template.
If the @attrs #GckAttributes is floating, it is consumed.
This call may block for an indefinite period.
%TRUE if the operation succeeded.
The object to set an attribute template on.
The attribute template type.
The attribute template.
Optional cancellation object, or %NULL.
Set an attribute template on the object. The attr_type must be for
an attribute which contains a template.
If the @attrs #GckAttributes is floating, it is consumed.
This call will return immediately and complete asynchronously.
The object to set an attribute template on.
The attribute template type.
The attribute template.
Optional cancellation object, or %NULL.
Called when the operation completes.
Data to be passed to the callback.
Get the result of an operation to set attribute template on
an object.
%TRUE if the operation succeeded.
The object to set an attribute template on.
The result passed to the callback.
The raw PKCS11 handle for this object.
The GckModule that this object belongs to.
The PKCS11 session to make calls on when this object needs to
perform operations on itself.
If this is NULL then a new session is opened for each operation,
such as gck_object_get(), gck_object_set() or gck_object_destroy().
An interface implemented by derived classes of [class@Object] to indicate
which attributes they'd like an enumerator to retrieve.
These attributes are then cached on the object and can be retrieved through
the [property@ObjectCache:attributes] property.
Adds the attributes to the set cached on this object. If an attribute is
already present in the cache it will be overridden by this value.
This will be done in a thread-safe manner.
If the @attrs #GckAttributes is floating, it is consumed.
an object with the cache
the attributes to cache
Adds the attributes to the set cached on this object. If an attribute is
already present in the cache it will be overridden by this value.
This will be done in a thread-safe manner.
If the @attrs #GckAttributes is floating, it is consumed.
an object with the cache
the attributes to cache
Gets the attributes cached on this object.
the attributes
an object with an attribute cache
Sets the attributes cached on this object.
If the @attrs #GckAttributes is floating, it is consumed.
an object with an attribute cache
the attributes to set
Update the object cache with given attributes. If an attribute already
exists in the cache, it will be updated, and if it doesn't it will be added.
This may block, use the asynchronous version when this is not desirable
whether the cache update was successful
the object with the cache
the types of attributes to update
the number of attribute types
optional cancellation object
Update the object cache with given attributes. If an attribute already
exists in the cache, it will be updated, and if it doesn't it will be added.
This call will return immediately and complete asynchronously.
the object with the cache
the types of attributes to update
the number of attribute types
optional cancellation object
called when the operation completes
data to be passed to the callback
Complete an asynchronous operation to update the object cache with given
attributes.
whether the cache update was successful
the object with the cache
the asynchronous result passed to the callback
The attributes cached on this object.
Interface for [iface@ObjectCache]. If the @default_types field is
implemented by a implementing class, then that will be used by a
[class@Enumerator] which has been setup using
[method@Enumerator.set_object_type]
The implementation for @populate should add the attributes to the
cache. It must be thread safe.
parent interface
attribute types that an
enumerator should retrieve
number of attribute types to be retrieved
virtual method to add attributes to the cache
an object with the cache
the attributes to cache
The class for a [class@Object].
If the @attribute_types field is set by a derived class, then the a
#GckEnumerator which has been setup using [method@Enumerator.set_object_type]
with this derived type will retrieve these attributes when enumerating. In
this case the class must implement an 'attributes' property of boxed type
`GCK_TYPE_ATTRIBUTES`.
derived from this
Represents a password which is requested of the user.
This is used in conjuction with [class@Gio.TlsInteraction]. `GckPassword` is
a [class@Gio.TlsPassword] which contains additional information about which
PKCS#11 token or key the password is being requested for.
If the password request is to unlock a PKCS#11 key, then this is the
the object representing that key.
the password is for this key, or %NULL if not
being requested for a key; must be unreferenced after use
the password object
Get the PKCS#11 module that is requesting the password.
the module that is requesting the password, which
must be unreferenced after use
the password object
If the password request is to unlock a PKCS#11 token, then this is the
slot containing that token.
the slot that contains the token, or %NULL if not
being requested for a token; must be unreferenced after use
the password object
The PKCS#11 key that the password is being requested for. If this
is set then the GckPassword:token property will be %NULL
The PKCS#11 module that is requesting the password
The PKCS#11 token the password is for, if this is set then
the GckPassword:object property will be %NULL
The class struct for [class@Password].
parent class
Represents an open PKCS11 session.
Before performing any PKCS11 operations, a session must be opened. This is
analogous to an open database handle, or a file handle.
Initialize a session object from a raw PKCS#11 session handle.
Usually one would use the [method@Slot.open_session] function to
create a session.
the new GckSession object
The slot which the session belongs to.
the raw PKCS#11 handle of the session
Session options. Those which are used during opening a session have no effect.
Open a session on the slot. This call may block for an indefinite period.
the new session
the slot to open session on
session options
optional interaction for logins or object authentication
optional cancellation object
Open a session on the slot. This call will return immediately and complete
asynchronously.
the slot to open session on
session options
optional interaction for logins or object authentication
optional cancellation object
called when the operation completes
data to pass to callback
Get the result of an open session operation.
the new session
the result passed to the callback
Create a new PKCS#11 object. This call may block for an
indefinite period.
If the @attrs #GckAttributes is floating, it is consumed.
the newly created object or %NULL if an error occurred
The session to create the object on.
The attributes to create the object with.
Optional cancellation object, or %NULL.
Create a new PKCS#11 object. This call will return immediately
and complete asynchronously.
If @attrs is a floating reference, it is consumed.
The session to create the object on.
The attributes to create the object with.
Optional cancellation object or %NULL.
Called when the operation completes.
Data to pass to the callback.
Get the result of creating a new PKCS#11 object.
the newly created object or %NULL if an error occurred
The session to create the object on.
The result passed to the callback.
Decrypt data in a mechanism specific manner. This call may
block for an indefinite period.
the data that was decrypted,
or %NULL if an error occured
The session.
The key to decrypt with.
The mechanism type to use for decryption.
data to decrypt
length of the data to decrypt
location to store the length of the result data
Optional cancellation object, or %NULL
Decrypt data in a mechanism specific manner. This call will
return immediately and complete asynchronously.
The session.
The key to decrypt with.
The mechanism type and parameters to use for decryption.
data to decrypt
length of the data to decrypt
A GCancellable which can be used to cancel the operation.
Called when the operation completes.
A pointer to pass to the callback.
Get the result of an decryption operation.
the data that was decrypted,
or %NULL if an error occurred
The session.
The result object passed to the callback.
A location to store the length of the result data.
Decrypt data in a mechanism specific manner. This call may
block for an indefinite period.
the data that was decrypted,
or %NULL if an error occured
The session.
The key to decrypt with.
The mechanism type and parameters to use for decryption.
data to decrypt
length of the data to decrypt
location to store the length of the result data
A GCancellable which can be used to cancel the operation.
Derive a key from another key. This call may block for an
indefinite period.
If the @attrs #GckAttributes is floating, it is consumed.
the new derived key or %NULL if the operation
failed
The session to use.
The key to derive from.
The mechanism to use for derivation.
Additional attributes for the derived key.
Optional cancellation object, or %NULL.
Derive a key from another key. This call will
return immediately and complete asynchronously.
If the @attrs #GckAttributes is floating, it is consumed.
The session to use.
The key to derive from.
The mechanism to use for derivation.
Additional attributes for the derived key.
Optional cancellation object or %NULL.
Called when the operation completes.
Data to pass to the callback.
Get the result of a derive key operation.
the new derived key or %NULL if the operation
failed
The session to use.
The async result passed to the callback.
Derive a key from another key. This call may block for an
indefinite period.
If the @attrs #GckAttributes is floating, it is consumed.
the new derived key or %NULL if the operation
failed
The session to use.
The key to derive from.
The mechanism to use for derivation.
Additional attributes for the derived key.
Optional cancellation object, or %NULL.
Encrypt data in a mechanism specific manner. This call may
block for an indefinite period.
the data that was encrypted,
or %NULL if an error occured.
The session.
The key to encrypt with.
The mechanism type to use for encryption.
the data to encrypt
the length of the data to encrypt
location to store the length of the result data
Optional cancellation object, or %NULL
Encrypt data in a mechanism specific manner. This call will
return immediately and complete asynchronously.
The session.
The key to encrypt with.
The mechanism type and parameters to use for encryption.
the data to encrypt
length of the data to encrypt
A GCancellable which can be used to cancel the operation.
Called when the operation completes.
A pointer to pass to the callback.
Get the result of an encryption operation.
the data that was encrypted,
or %NULL if an error occurred.
The session.
The result object passed to the callback.
A location to store the length of the result data.
Encrypt data in a mechanism specific manner. This call may
block for an indefinite period.
the data that was encrypted,
or %NULL if an error occured
The session.
The key to encrypt with.
The mechanism type and parameters to use for encryption.
the data to encrypt
the length of the data to encrypt
location to store the length of the result data
A GCancellable which can be used to cancel the operation.
Setup an enumerator for listing matching objects available via this session.
If @match is a floating reference, it is consumed.
This call will not block but will return an enumerator immediately.
a new enumerator
session to enumerate objects on
attributes that the objects must match, or empty for all objects
Find the objects matching the passed attributes. This call may
block for an indefinite period.
If @match is a floating reference, it is consumed.
a list of
the matching objects, which may be empty
the session to find objects on
the attributes to match against objects
optional cancellation object or %NULL
location to return number of handles
Find the objects matching the passed attributes. This call will
return immediately and complete asynchronously.
If @match is a floating reference, it is consumed.
the session to find objects on
the attributes to match against the objects
optional cancellation object or %NULL
called when the operation completes
data to pass to the callback
Get the result of a find handles operation.
an array of
handles that matched, which may be empty, or %NULL on failure
the session
the asynchronous result
location to store number of handles returned
Find the objects matching the passed attributes. This call may
block for an indefinite period.
If @match is a floating reference, it is consumed.
a list of the matching
objects, which may be empty
The session to find objects on.
the attributes to match
Optional cancellation object or %NULL.
Find the objects matching the passed attributes. This call will
return immediately and complete asynchronously.
If the @match #GckAttributes is floating, it is consumed.
The session to find objects on.
The attributes to match.
Optional cancellation object or %NULL.
Called when the operation completes.
Data to pass to the callback.
Get the result of a find operation.
a list of the matching
objects, which may be empty
The session to find objects on.
The attributes to match.
Generate a new key pair of public and private keys. This call may block for
an indefinite period.
If @public_attrs and/or @private_attrs is a floating reference, it is
consumed.
%TRUE if the operation succeeded.
The session to use.
The mechanism type to use for key generation.
Additional attributes for the generated public key.
Additional attributes for the generated private key.
location to return the resulting public key
location to return the resulting private key.
Optional cancellation object, or %NULL.
Generate a new key pair of public and private keys. This call will
return immediately and complete asynchronously.
If @public_attrs and/or @private_attrs is a floating reference, it is
consumed.
The session to use.
The mechanism to use for key generation.
Additional attributes for the generated public key.
Additional attributes for the generated private key.
Optional cancellation object or %NULL.
Called when the operation completes.
Data to pass to the callback.
Get the result of a generate key pair operation.
%TRUE if the operation succeeded.
The session to use.
The async result passed to the callback.
a location to return the resulting public key
a location to return the resulting private key
Generate a new key pair of public and private keys. This call may block for an
indefinite period.
If @public_attrs and/or @private_attrs is a floating reference, it is
consumed.
%TRUE if the operation succeeded.
The session to use.
The mechanism to use for key generation.
Additional attributes for the generated public key.
Additional attributes for the generated private key.
a location to return the resulting public key
a location to return the resulting private key
Optional cancellation object, or %NULL.
Get the raw PKCS#11 session handle from a session object.
The raw session handle.
The session object.
Get information about the session.
the session info. Use the gck_session_info_free()
to release when done
The session object.
Get the interaction object set on this session, which is used to prompt
for pins and the like.
the interaction object, or %NULL
the session
Get the PKCS#11 module to which this session belongs.
the module, which should be unreffed after use
The session object.
Get the options this session was opened with.
The session options.
The session to get options from.
Get the PKCS#11 slot to which this session belongs.
The slot, which should be unreffed after use.
The session object.
Get the session state. The state is the various PKCS#11 CKS_XXX flags.
the session state
the session
Initialize the user's pin on this slot that this session is opened on.
According to the PKCS#11 standards, the session must be logged in with
the CKU_SO user type.
This call may block for an indefinite period.
Whether successful or not.
Initialize PIN for this session's slot.
the user's PIN, or %NULL for
protected authentication path
the length of the PIN
Optional cancellation object, or %NULL.
Initialize the user's pin on this slot that this session is opened on.
According to the PKCS#11 standards, the session must be logged in with
the `CKU_SO` user type.
This call will return immediately and completes asynchronously.
Initialize PIN for this session's slot.
the user's PIN, or %NULL for protected authentication path
the length of the PIN
Optional cancellation object, or %NULL.
Called when the operation completes.
Data to pass to the callback.
Get the result of initializing a user's PIN.
Whether the operation was successful or not.
The session.
The result passed to the callback.
Login the user on the session. This call may block for
an indefinite period.
Whether successful or not.
Log in to this session.
The type of login user.
the user's PIN, or %NULL for
protected authentication path
The length of the PIN.
Optional cancellation object, or %NULL.
Login the user on the session. This call will return
immediately and completes asynchronously.
Log in to this session.
The type of login user.
the user's PIN, or %NULL for
protected authentication path
The length of the PIN.
Optional cancellation object, or %NULL.
Called when the operation completes.
Data to pass to the callback.
Get the result of a login operation.
Whether the operation was successful or not.
The session logged into.
The result passed to the callback.
Login the user on the session requesting the password interactively
when necessary. This call may block for an indefinite period.
Whether successful or not.
session to use for login
the type of login user
interaction to request PIN when necessary
optional cancellation object, or %NULL
Login the user on the session prompting for passwords interactively when
necessary. This call will return immediately and completes asynchronously.
session to use for login
the type of login user
interaction to request PIN when necessary
optional cancellation object, or %NULL
called when the operation completes
data to pass to the callback
Get the result of a login operation.
Whether the operation was successful or not.
the session logged into
the result passed to the callback
Log out of the session. This call may block for an indefinite period.
Whether the logout was successful or not.
Logout of this session.
Optional cancellation object, or %NULL.
Log out of the session. This call returns immediately and completes
asynchronously.
Logout of this session.
Optional cancellation object, or %NULL.
Called when the operation completes.
Data to pass to the callback.
Get the result of logging out of a session.
Whether the logout was successful or not.
Logout of this session.
The result passed to the callback.
Set the interaction object on this session, which is used to prompt for
pins and the like.
the session
the interaction or %NULL
Change the user's pin on this slot that this session is opened on.
This call may block for an indefinite period.
Whether successful or not.
Change the PIN for this session's slot.
the user's old PIN, or %NULL
for protected authentication path.
The length of the PIN.
the user's new PIN, or %NULL
for protected authentication path
The length of the PIN.
Optional cancellation object, or %NULL.
Change the user's pin on this slot that this session is opened on.
This call will return immediately and completes asynchronously.
Change the PIN for this session's slot.
the user's old PIN, or %NULL
for protected authentication path
the length of the old PIN
the user's new PIN, or %NULL
for protected authentication path
the length of the new PIN
Optional cancellation object, or %NULL.
Called when the operation completes.
Data to pass to the callback.
Get the result of changing a user's PIN.
Whether the operation was successful or not.
The session.
The result passed to the callback.
Sign data in a mechanism specific manner. This call may
block for an indefinite period.
the data that was signed,
or %NULL if an error occured
The session.
The key to sign with.
The mechanism type to use for signing.
data to sign
length of the data to sign
location to store the length of the result data
Optional cancellation object, or %NULL
Sign data in a mechanism specific manner. This call will
return immediately and complete asynchronously.
The session.
The key to sign with.
The mechanism type and parameters to use for signing.
data to sign
length of the data to sign
A GCancellable which can be used to cancel the operation.
Called when the operation completes.
A pointer to pass to the callback.
Get the result of an signing operation.
the data that was signed,
or %NULL if an error occurred
The session.
The result object passed to the callback.
A location to store the length of the result data.
Sign data in a mechanism specific manner. This call may
block for an indefinite period.
The data that was signed, or %NULL if an error occured.
The session.
The key to sign with.
The mechanism type and parameters to use for signing.
data to sign
length of the data to sign
location to store the length of the result data
A GCancellable which can be used to cancel the operation.
Unwrap a key from a byte stream. This call may block for an
indefinite period.
If @attrs is a floating reference, it is consumed.
the new unwrapped key or %NULL if the
operation failed
The session to use.
The key to use for unwrapping.
The mechanism to use for unwrapping.
the wrapped data as a byte stream
The length of the wrapped data.
Additional attributes for the unwrapped key.
Optional cancellation object, or %NULL.
Unwrap a key from a byte stream. This call will
return immediately and complete asynchronously.
If @attrs is a floating reference, it is consumed.
The session to use.
The key to use for unwrapping.
The mechanism to use for unwrapping.
the wrapped data as a byte stream
The length of the wrapped data.
Additional attributes for the unwrapped key.
Optional cancellation object or %NULL.
Called when the operation completes.
Data to pass to the callback.
Get the result of a unwrap key operation.
the new unwrapped key or %NULL if the operation
failed.
The session to use.
The async result passed to the callback.
Unwrap a key from a byte stream. This call may block for an
indefinite period.
If @attrs is a floating reference, it is consumed.
the new unwrapped key or %NULL if the operation
failed
The session to use.
The key to use for unwrapping.
The mechanism to use for unwrapping.
the wrapped data as a byte stream
The length of the wrapped data.
Additional attributes for the unwrapped key.
Optional cancellation object, or %NULL.
Verify data in a mechanism specific manner. This call may
block for an indefinite period.
%TRUE if the data verified correctly, otherwise a failure or error occurred.
The session.
The key to verify with.
The mechanism type to use for verifying.
data to verify
length of the data to verify
the signature
length of the signature
Optional cancellation object, or %NULL
Verify data in a mechanism specific manner. This call returns
immediately and completes asynchronously.
The session.
The key to verify with.
The mechanism type and parameters to use for signing.
data to verify
the length of the data to verify
the signature
the length of the signature
A GCancellable which can be used to cancel the operation.
Called when the operation completes.
A pointer to pass to the callback.
Get the result of an verify operation.
%TRUE if the data verified correctly, otherwise a failure or error occurred.
The session.
The result object passed to the callback.
Verify data in a mechanism specific manner. This call may
block for an indefinite period.
%TRUE if the data verified correctly, otherwise a failure or error occurred.
The session.
The key to verify with.
The mechanism type and parameters to use for signing.
data to verify
the length of the data to verify
the signature
length of the signature
A GCancellable which can be used to cancel the operation.
Wrap a key into a byte stream. This call may block for an
indefinite period.
the wrapped data or %NULL
if the operation failed
The session to use.
The key to use for wrapping.
The mechanism type to use for wrapping.
The key to wrap.
A location in which to return the length of the wrapped data.
A #GCancellable or %NULL
Wrap a key into a byte stream. This call will
return immediately and complete asynchronously.
The session to use.
The key to use for wrapping.
The mechanism to use for wrapping.
The key to wrap.
Optional cancellation object or %NULL.
Called when the operation completes.
Data to pass to the callback.
Get the result of a wrap key operation.
the wrapped data or %NULL
if the operation failed
The session to use.
The async result passed to the callback.
A location in which to return the length of the wrapped data.
Wrap a key into a byte stream. This call may block for an
indefinite period.
the wrapped data or %NULL
if the operation failed
The session to use.
The key to use for wrapping.
The mechanism to use for wrapping.
The key to wrap.
A location in which to return the length of the wrapped data.
Optional cancellation object, or %NULL.
Raw PKCS#11 application data used to open the PKCS#11 session.
The raw CK_SESSION_HANDLE handle of this session.
Interaction object used to ask the user for pins when opening
sessions. Used if the session_options of the enumerator have
%GCK_SESSION_LOGIN_USER
The GckModule that this session is opened on.
Raw PKCS#11 flags used to open the PKCS#11 session.
The options this session was opened with.
The GckSlot this session is opened on.
When a GckSession is being disposed of it emits this signal to allow
a session pool to pick up the handle and keep it around.
If no signal handler claims the handle, then it is closed.
Whether or not this handle was claimed.
The handle being discarded.
Information about the session. This is analogous to a CK_SESSION_INFO structure.
When done with this structure, release it using gck_session_info_free().
The handle of the PKCS11 slot that this session is opened on.
The user login state of the session.
Various PKCS11 flags.
The last device error that occurred from an operation on this session.
Make a new copy of a session info structure.
a new copy of the session info
a session info structure
Free the GckSessionInfo structure and all associated memory.
Session info to free.
Options for creating sessions.
Open session as read only
Open sessions as read/write
Login as user on new sessions
Authenticate as necessary
Represents a PKCS#11 slot that can contain a token.
A PKCS#11 slot can contain a token. As an example, a slot might be a card
reader, and the token the card. If the PKCS#11 module is not a hardware
driver, often the slot and token are equivalent.
Create a new GckSlot object for a raw PKCS#11 handle.
The new GckSlot object.
The module that this slot is on.
The raw PKCS#11 handle or slot id of this slot.
Setup an enumerator for listing matching objects on the slot.
If the @match #GckAttributes is floating, it is consumed.
This call will not block but will return an enumerator immediately.
a new enumerator
a #GckSlot to enumerate objects on
attributes that the objects must match, or empty for all objects
options for opening a session
Checks equality of two slots. Two GckSlot objects can point to the same
underlying PKCS#11 slot.
%TRUE if slot1 and slot2 are equal.
%FALSE if either is not a GckSlot.
a pointer to the first #GckSlot
a pointer to the second #GckSlot
Get the raw PKCS#11 handle of a slot.
the raw CK_SLOT_ID handle
The slot to get the handle of.
Get the information for this slot.
the slot information, when done, use gck_slot_info_free()
to release it.
The slot to get info for.
Get information for the specified mechanism.
the mechanism information, or %NULL if failed; use
gck_mechanism_info_free() when done with it
The slot to get mechanism info from.
The mechanisms type to get info for.
Get the available mechanisms for this slot.
a list of the mechanisms
for this slot, which should be freed with g_array_free ()
The slot to get mechanisms for.
Get the module that this slot is on.
The module, you must unreference this after
you're done with it.
The slot to get the module for.
Get the token information for this slot.
the token information; when done, use gck_token_info_free()
to release it
The slot to get info for.
Check if the PKCS11 slot has the given flags.
Whether one or more flags exist.
The GckSlot object.
The flags to check.
Create a hash value for the GckSlot.
This function is intended for easily hashing a GckSlot to add to
a GHashTable or similar data structure.
An integer that can be used as a hash value, or 0 if invalid.
a pointer to a #GckSlot
Check whether the PKCS#11 URI matches the slot
whether the URI matches or not
the slot to match
the uri to match against the slot
Open a session on the slot. If the 'auto reuse' setting is set,
then this may be a recycled session with the same flags.
This call may block for an indefinite period.
a new session or %NULL if an error occurs
The slot ot open a session on.
The #GckSessionOptions to open a session with.
An optional cancellation object, or %NULL.
Open a session on the slot. If the 'auto reuse' setting is set,
then this may be a recycled session with the same flags.
This call will return immediately and complete asynchronously.
The slot to open a session on.
The options to open the new session with.
Optional cancellation object, or %NULL.
Called when the operation completes.
Data to pass to the callback.
Get the result of an open session operation. If the 'auto reuse' setting is set,
then this may be a recycled session with the same flags.
the new session or %NULL if an error occurs
The slot to open a session on.
The result passed to the callback.
Open a session on the slot. If the 'auto reuse' setting is set,
then this may be a recycled session with the same flags.
This call may block for an indefinite period.
a new session or %NULL if an error occurs
The slot to open a session on.
The options to open the new session with.
Additional raw PKCS#11 flags.
Application data for notification callback.
PKCS#11 notification callback.
Optional cancellation object, or %NULL.
Open a session on the slot. If the 'auto reuse' setting is set,
then this may be a recycled session with the same flags.
This call will return immediately and complete asynchronously.
The slot to open a session on.
Options to open the new session with.
Additional raw PKCS#11 flags.
Application data for notification callback.
PKCS#11 notification callback.
Optional cancellation object, or %NULL.
Called when the operation completes.
Data to pass to the callback.
The raw CK_SLOT_ID handle of this slot.
The PKCS11 object that this slot is a part of.
Represents information about a PKCS11 slot.
This is analogous to a CK_SLOT_INFO structure, but the
strings are far more usable.
When you're done with this structure it should be released with
gck_slot_info_free().
Description of the slot.
The manufacturer of this slot.
Various PKCS11 flags that apply to this slot.
The major version of the hardware.
The minor version of the hardware.
The major version of the firmware.
The minor version of the firmware.
Make a copy of the slot info.
a newly allocated copy slot info
a slot info
Free the GckSlotInfo and associated resources.
The slot info to free, or %NULL.
Represents information about a PKCS11 token.
This is analogous to a CK_TOKEN_INFO structure, but the
strings are far more usable.
When you're done with this structure it should be released with
gck_token_info_free().
The displayable token label.
The manufacturer of this slot.
The token model number as a string.
The token serial number as a string.
Various PKCS11 flags that apply to this token.
The maximum number of sessions allowed on this token.
The number of sessions open on this token.
The maximum number of read/write sessions allowed on this token.
The number of sessions open on this token.
The maximum length of a PIN for locking this token.
The minimum length of a PIN for locking this token.
The total amount of memory on this token for storing public objects.
The available amount of memory on this token for storing public objects.
The total amount of memory on this token for storing private objects.
The available amount of memory on this token for storing private objects.
The major version of the hardware.
The minor version of the hardware.
The major version of the firmware.
The minor version of the firmware.
If the token has a hardware clock, this is set to the number of seconds since the epoch.
Make a copy of the token info.
a newly allocated copy token info
a token info
Free the GckTokenInfo and associated resources.
The token info to free, or %NULL.
The URI will match specific version of modules. To be used as a GckUriFlags argument.
The URI will match objects on a specific token. To be used as a GckUriFlags argument.
The token inserted into a device with a specific module.
Information about the contents of a PKCS#11 URI. Various fields may be %NULL
depending on the context that the URI was parsed for.
Since PKCS#11 URIs represent a set which results from the intersections of
all of the URI parts, if @any_recognized is set to %TRUE then usually the URI
should be treated as not matching anything.
whether any parts of the PKCS#11 URI were unsupported or unrecognized.
information about the PKCS#11 modules matching the URI.
information about the PKCS#11 tokens matching the URI.
information about the PKCS#11 objects matching the URI.
Allocate a new GckUriData structure. None of the fields
will be set.
a newly allocated GckUriData, free with
gck_uri_data_free()
Copy a #GckUriData
newly allocated copy of the uri data
URI data to copy
Free a #GckUriData.
URI data to free.
Various error codes used with PKCS#11 URIs
invalid URI scheme
bad URI encoding
bad URI syntax
bad URI version component
piece of the URI was not found
Which parts of the PKCS#11 URI will be parsed or formatted. These can be
combined.
the URI will be used to match objects.
the URI will be used to match tokens.
the URI will be used to match modules.
the URI has specific version numbers for module and/or token
parse all recognized components of the URI.
Custom PKCS#11 errors that originate from the gck library, are
based at this error code.
Unreferences a builder. If this was the last reference then the builder
is freed.
It is an error to use this function on builders that were allocated on the
stack.
the builder
Copy a list of GObject based pointers. All objects
in the list will be reffed and the list will be copied.
the copied and
reffed list, when done, free it with gck_list_unref_free ()
list of GObject reference counted
objects
Free a list of GObject based pointers. All objects in the list
will be unreffed and then the list itself will be freed.
list of Gobject reference counted pointers
Get a specific mechanism in a the set.
A GckMechanisms set.
The index of a mechanism
Check whether all the mechanism types are in the list.
The arguments should be a list of CKM_XXX mechanism types. The last argument
should be GCK_INVALID.
Whether the mechanism is in the list or not.
A list of mechanisms, perhaps
retrieved from gck_slot_get_mechanisms().
A list of mechanism types followed by GCK_INVALID.
Get the number of GckMechanismInfo in the set.
A GckMechanisms set.
Get a message for a PKCS#11 return value or error code. Do not
pass `CKR_OK` or other non-errors to this function.
The user readable message.
The PKCS#11 return value to get a message for.
Setup an enumerator for listing matching objects on the modules.
This call will not block but will return an enumerator immediately.
If the @attrs [struct@Attributes] is floating, it is consumed.
A new enumerator, which should be released
with g_object_unref().
The modules
attributes that the objects must have, or empty for all objects
Options from GckSessionOptions
Enumerate objects that match a URI.
This call will not block. Use the [class@Enumerator] functions in order to
get at the actual objects that match.
A new #GckEnumerator, or %NULL if an error occurs.
The modules
The URI that the enumerator will match
Options from GckSessionOptions
Get a list of slots for across all of the modules.
A list of #GckSlot
objects, which should be freed with gck_list_unref_free().
The modules
Whether to only list slots with token present
Load and initialize all the registered modules.
A newly allocated list
of #GckModule objects, which should be released with gck_list_unref_free().
optional cancellation object
Load and initialize all the registered modules asynchronously.
optional cancellation object
a callback which will be called when the operation completes
data to pass to the callback
Finishes the asynchronous operation to initialize the registered
PKCS#11 modules.
a list of newly
initialized #GckModule objects
the asynchronous result
Find an object that matches a URI.
This call can block. Use [func@modules_enumerate_uri] for a non-blocking
version.
A new #GckObject which should be released with
g_object_unref(), or %NULL if no matching object was found.
The modules
The URI the objects must match
Options from GckSessionOptions
Find objects that match a URI.
This call can block. Use [func@modules_enumerate_uri] for a non-blocking
version.
A list of #GckObject which
should be released with gck_list_unref_free(), or %NULL if no matching object
was found.
The modules
The URI the objects must match
Options from GckSessionOptions
Lookup a token that matches the URI.
A newly allocated #GckSlot or %NULL if no such
token was found.
The modules
The URI that the token must match
Lookup a token that matches the URI.
A list of newly allocated
#GckSlot objects. Use gck_list_unref_free() to release the list once you're
done with it.
The modules
The URI that the token must match
Initialize a list of GckObject from raw PKCS#11 handles. The handles argument must contain
contiguous CK_OBJECT_HANDLE handles in an array.
The list of #GckObject
objects. You should use gck_list_unref_free() when done with this
list.
The session for these objects
The raw object handles.
The number of raw object handles.
Setup an enumerator for listing matching objects on the slots.
If the @match #GckAttributes is floating, it is consumed.
This call will not block but will return an enumerator immediately.
a new enumerator
a list of #GckSlot to enumerate objects on.
attributes that the objects must match, or empty for all objects
options for opening a session
Create a string from a set of PKCS#11 characters. This is
similar to [func@GLib.strndup], except for that it also strips trailing
spaces. These space padded strings are often used in PKCS#11
structures.
If the space padded string is filled with null characters then
this function will return %NULL.
The null terminated string.
The character data to turn into a null terminated string.
The maximum length of the charater data.
Create a space padded PKCS#11 string from a null terminated string.
The string must be shorter than the buffer or %FALSE will be
returned.
If a %NULL string is passed, then the space padded string will be
set to zero characters.
The null terminated string.
The character buffer to place string into.
The maximum length of the charater buffer.
The string to place in the buffer.
Build a PKCS#11 URI. The various parts relevant to the flags
specified will be used to build the URI.
a newly allocated string containing a PKCS#11 URI.
the info to build the URI from.
The context that the URI is for
Parse a PKCS#11 URI for use in a given context.
The result will contain the fields that are relevant for
the given context. See #GckUriData for more info.
Other fields will be set to %NULL.
a newly allocated #GckUriData; which should be
freed with gck_uri_data_free()
the URI to parse.
the context in which the URI will be used.
Convert `CK_BBOOL` type memory to a boolean.
Whether the conversion was successful.
memory to convert
length of memory
A location to store the result
Convert `CK_ULONG` type memory to a boolean.
Whether the conversion was successful.
memory to convert
length of memory
A location to store the result