« back to all changes in this revision
Viewing changes to pkcs11-helper.h
- browse files at revision 15
- compare with another revision
- download diff
- download tarball
- view history from revision 15
- Committer: Bazaar Package Importer
- Author(s): Chuck Short
- Date: 2008-02-12 07:48:51 UTC
- mfrom: (1.1.8 upstream)
- Revision ID: james.westby@ubuntu.com-20080212074851-afz17m450vq8fuwd
Tags: 2.1~rc7-1ubuntu1
* New upstream version (LP: #157144).
* Disable creation of tun, let udev handle it.
* Disable creation of tun, let udev handle it.
- files added:
- domake-win
- images
- files removed:
- cryptoki-win32.h
- pkcs11-headers
- files modified:
- COPYING
added
removed
pkcs11-helper.h
1
/*
2
* Copyright (c) 2005-2006 Alon Bar-Lev <alon.barlev@gmail.com>
3
* All rights reserved.
4
*
5
* This software is available to you under a choice of one of two
6
* licenses. You may choose to be licensed under the terms of the GNU
7
* General Public License (GPL) Version 2, or the OpenIB.org BSD license.
8
*
9
* GNU General Public License (GPL) Version 2
10
* ===========================================
11
* This program is free software; you can redistribute it and/or modify
12
* it under the terms of the GNU General Public License version 2
13
* as published by the Free Software Foundation.
14
*
15
* This program is distributed in the hope that it will be useful,
16
* but WITHOUT ANY WARRANTY; without even the implied warranty of
17
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18
* GNU General Public License for more details.
19
*
20
* You should have received a copy of the GNU General Public License
21
* along with this program (see the file COPYING[.GPL2] included with this
22
* distribution); if not, write to the Free Software Foundation, Inc.,
23
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
24
*
25
* OpenIB.org BSD license
26
* =======================
27
* Redistribution and use in source and binary forms, with or without modifi-
28
* cation, are permitted provided that the following conditions are met:
29
*
30
* o Redistributions of source code must retain the above copyright notice,
31
* this list of conditions and the following disclaimer.
32
*
33
* o Redistributions in binary form must reproduce the above copyright no-
34
* tice, this list of conditions and the following disclaimer in the do-
35
* cumentation and/or other materials provided with the distribution.
36
*
37
* o The names of the contributors may not be used to endorse or promote
38
* products derived from this software without specific prior written
39
* permission.
40
*
41
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
42
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
43
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
44
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LI-
45
* ABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUEN-
46
* TIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEV-
48
* ER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABI-
49
* LITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
50
* THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
51
*/
52
53
/*
54
* The routines in this file deal with providing private key cryptography
55
* using RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki).
56
*
57
*/
58
59
#ifndef __PKCS11H_HELPER_H
60
#define __PKCS11H_HELPER_H
61
62
#if defined(__cplusplus)
63
extern "C" {
64
#endif
65
66
#include "pkcs11-helper-config.h"
67
68
#if defined(ENABLE_PKCS11H_SLOTEVENT) && !defined(ENABLE_PKCS11H_THREADING)
69
#error PKCS#11: ENABLE_PKCS11H_SLOTEVENT requires ENABLE_PKCS11H_THREADING
70
#endif
71
#if defined(ENABLE_PKCS11H_OPENSSL) && !defined(ENABLE_PKCS11H_CERTIFICATE)
72
#error PKCS#11: ENABLE_PKCS11H_OPENSSL requires ENABLE_PKCS11H_CERTIFICATE
73
#endif
74
75
#define PKCS11H_LOG_DEBUG2 5
76
#define PKCS11H_LOG_DEBUG1 4
77
#define PKCS11H_LOG_INFO 3
78
#define PKCS11H_LOG_WARN 2
79
#define PKCS11H_LOG_ERROR 1
80
#define PKCS11H_LOG_QUITE 0
81
82
#define PKCS11H_PIN_CACHE_INFINITE -1
83
84
#define PKCS11H_SIGNMODE_MASK_SIGN (1<<0)
85
#define PKCS11H_SIGNMODE_MASK_RECOVER (1<<1)
86
87
#define PKCS11H_PROMPT_MASK_ALLOW_PIN_PROMPT (1<<0)
88
#define PKCS11H_PROMPT_MAST_ALLOW_CARD_PROMPT (1<<1)
89
90
#define PKCS11H_SLOTEVENT_METHOD_AUTO 0
91
#define PKCS11H_SLOTEVENT_METHOD_TRIGGER 1
92
#define PKCS11H_SLOTEVENT_METHOD_POLL 2
93
94
#define PKCS11H_ENUM_METHOD_CACHE 0
95
#define PKCS11H_ENUM_METHOD_CACHE_EXIST 1
96
#define PKCS11H_ENUM_METHOD_RELOAD 2
97
98
typedef void (*pkcs11h_output_print_t)(
99
IN const void *pData,
100
IN const char * const szFormat,
101
IN ...
102
)
103
#if __GNUC__ > 2
104
__attribute__ ((format (printf, 2, 3)))
105
#endif
106
;
107
108
struct pkcs11h_token_id_s;
109
typedef struct pkcs11h_token_id_s *pkcs11h_token_id_t;
110
111
#if defined(ENABLE_PKCS11H_CERTIFICATE)
112
113
struct pkcs11h_certificate_id_s;
114
struct pkcs11h_certificate_s;
115
typedef struct pkcs11h_certificate_id_s *pkcs11h_certificate_id_t;
116
typedef struct pkcs11h_certificate_s *pkcs11h_certificate_t;
117
118
#endif /* ENABLE_PKCS11H_CERTIFICATE */
119
120
#if defined(ENABLE_PKCS11H_ENUM)
121
122
struct pkcs11h_token_id_list_s;
123
typedef struct pkcs11h_token_id_list_s *pkcs11h_token_id_list_t;
124
125
#if defined(ENABLE_PKCS11H_DATA)
126
127
struct pkcs11h_data_id_list_s;
128
typedef struct pkcs11h_data_id_list_s *pkcs11h_data_id_list_t;
129
130
#endif /* ENABLE_PKCS11H_DATA */
131
132
#if defined(ENABLE_PKCS11H_CERTIFICATE)
133
134
struct pkcs11h_certificate_id_list_s;
135
typedef struct pkcs11h_certificate_id_list_s *pkcs11h_certificate_id_list_t;
136
137
#endif /* ENABLE_PKCS11H_CERTIFICATE */
138
139
#endif /* ENABLE_PKCS11H_ENUM */
140
141
typedef void (*pkcs11h_hook_log_t)(
142
IN const void *pData,
143
IN const unsigned flags,
144
IN const char * const szFormat,
145
IN va_list args
146
);
147
148
typedef void (*pkcs11h_hook_slotevent_t)(
149
IN const void *pData
150
);
151
152
typedef PKCS11H_BOOL (*pkcs11h_hook_token_prompt_t)(
153
IN const void *pData,
154
IN const pkcs11h_token_id_t token,
155
IN const unsigned retry
156
);
157
158
typedef PKCS11H_BOOL (*pkcs11h_hook_pin_prompt_t)(
159
IN const void *pData,
160
IN const pkcs11h_token_id_t token,
161
IN const unsigned retry,
162
OUT char * const szPIN,
163
IN const size_t nMaxPIN
164
);
165
166
struct pkcs11h_token_id_s {
167
char label[1024];
168
char manufacturerID[sizeof (((CK_TOKEN_INFO *)NULL)->manufacturerID)+1];
169
char model[sizeof (((CK_TOKEN_INFO *)NULL)->model)+1];
170
char serialNumber[sizeof (((CK_TOKEN_INFO *)NULL)->serialNumber)+1];
171
};
172
173
#if defined(ENABLE_PKCS11H_CERTIFICATE)
174
175
struct pkcs11h_certificate_id_s {
176
pkcs11h_token_id_t token_id;
177
178
char displayName[1024];
179
CK_BYTE_PTR attrCKA_ID;
180
size_t attrCKA_ID_size;
181
182
unsigned char *certificate_blob;
183
size_t certificate_blob_size;
184
};
185
186
#endif
187
188
#if defined(ENABLE_PKCS11H_ENUM)
189
190
struct pkcs11h_token_id_list_s {
191
pkcs11h_token_id_list_t next;
192
pkcs11h_token_id_t token_id;
193
};
194
195
#if defined(ENABLE_PKCS11H_DATA)
196
197
struct pkcs11h_data_id_list_s {
198
pkcs11h_data_id_list_t next;
199
200
char *application;
201
char *label;
202
};
203
204
#endif /* ENABLE_PKCS11H_DATA */
205
206
#if defined(ENABLE_PKCS11H_CERTIFICATE)
207
208
struct pkcs11h_certificate_id_list_s {
209
pkcs11h_certificate_id_list_t next;
210
pkcs11h_certificate_id_t certificate_id;
211
};
212
213
#endif /* ENABLE_PKCS11H_CERTIFICATE */
214
215
#endif /* ENABLE_PKCS11H_CERTIFICATE */
216
217
#if defined(ENABLE_PKCS11H_OPENSSL)
218
219
struct pkcs11h_openssl_session_s;
220
typedef struct pkcs11h_openssl_session_s *pkcs11h_openssl_session_t;
221
222
#endif /* ENABLE_PKCS11H_OPENSSL */
223
224
/*
225
* pkcs11h_getMessage - Get message by return value.
226
*
227
* Parameters:
228
* rv - Return value.
229
*/
230
char *
231
pkcs11h_getMessage (
232
IN const int rv
233
);
234
235
/*
236
* pkcs11h_initialize - Inititalize helper interface.
237
*
238
* Must be called once, from main thread.
239
* Defaults:
240
* Protected authentication enabled.
241
* PIN cached is infinite.
242
*/
243
CK_RV
244
pkcs11h_initialize ();
245
246
/*
247
* pkcs11h_terminate - Terminate helper interface.
248
*
249
* Must be called once, from main thread, after all
250
* related resources freed.
251
*/
252
CK_RV
253
pkcs11h_terminate ();
254
255
/*
256
* pkcs11h_setLogLevel - Set current log level of the helper.
257
*
258
* Parameters:
259
* flags - current log level.
260
*
261
* The log level can be set to maximum, but setting it to lower
262
* level will improve performance.
263
*/
264
void
265
pkcs11h_setLogLevel (
266
IN const unsigned flags
267
);
268
269
/*
270
* pkcs11h_getLogLevel - Get current log level.
271
*/
272
unsigned
273
pkcs11h_getLogLevel ();
274
275
/*
276
* pkcs11h_setLogHook - Set a log callback.
277
*
278
* Parameters:
279
* hook - Callback.
280
* pData - Data to send to callback.
281
*/
282
CK_RV
283
pkcs11h_setLogHook (
284
IN const pkcs11h_hook_log_t hook,
285
IN void * const pData
286
);
287
288
/*
289
* pkcs11h_setSlotEventHook - Set a slot event callback.
290
*
291
* Parameters:
292
* hook - Callback.
293
* pData - Data to send to callback.
294
*
295
* Calling this function initialize slot event notifications, these
296
* notifications can be started, but never terminate due to PKCS#11 limitation.
297
*
298
* In order to use slot events you must have threading enabled.
299
*/
300
CK_RV
301
pkcs11h_setSlotEventHook (
302
IN const pkcs11h_hook_slotevent_t hook,
303
IN void * const pData
304
);
305
306
/*
307
* pkcs11h_setTokenPromptHook - Set a token prompt callback.
308
*
309
* Parameters:
310
* hook - Callback.
311
* pData - Data to send to callback.
312
*/
313
CK_RV
314
pkcs11h_setTokenPromptHook (
315
IN const pkcs11h_hook_token_prompt_t hook,
316
IN void * const pData
317
);
318
319
/*
320
* pkcs11h_setPINPromptHook - Set a pin prompt callback.
321
*
322
* Parameters:
323
* hook - Callback.
324
* pData - Data to send to callback.
325
*/
326
CK_RV
327
pkcs11h_setPINPromptHook (
328
IN const pkcs11h_hook_pin_prompt_t hook,
329
IN void * const pData
330
);
331
332
/*
333
* pkcs11h_setProtectedAuthentication - Set global protected authentication mode.
334
*
335
* Parameters:
336
* fProtectedAuthentication - Allow protected authentication if enabled by token.
337
*/
338
CK_RV
339
pkcs11h_setProtectedAuthentication (
340
IN const PKCS11H_BOOL fProtectedAuthentication
341
);
342
343
/*
344
* pkcs11h_setPINCachePeriod - Set global PIN cache timeout.
345
*
346
* Parameters:
347
* nPINCachePeriod - Cache period in seconds, or PKCS11H_PIN_CACHE_INFINITE.
348
*/
349
CK_RV
350
pkcs11h_setPINCachePeriod (
351
IN const int nPINCachePeriod
352
);
353
354
/*
355
* pkcs11h_setMaxLoginRetries - Set global login retries attempts.
356
*
357
* Parameters:
358
* nMaxLoginRetries - Login retries handled by the helper.
359
*/
360
CK_RV
361
pkcs11h_setMaxLoginRetries (
362
IN const unsigned nMaxLoginRetries
363
);
364
365
/*
366
* pkcs11h_addProvider - Add a PKCS#11 provider.
367
*
368
* Parameters:
369
* szReferenceName - Reference name for this provider.
370
* szProvider - Provider library location.
371
* fProtectedAuthentication - Allow this provider to use protected authentication.
372
* maskSignMode - Provider signmode override.
373
* nSlotEventMethod - Provider slot event method.
374
* nSlotEventPollInterval - Slot event poll interval (If in polling mode).
375
* fCertIsPrivate - Provider's certificate access should be done after login.
376
*
377
* This function must be called from the main thread.
378
*
379
* The global fProtectedAuthentication must be enabled in order to allow provider specific.
380
* The maskSignMode can be 0 in order to automatically detect key sign mode.
381
*/
382
CK_RV
383
pkcs11h_addProvider (
384
IN const char * const szReferenceName,
385
IN const char * const szProvider,
386
IN const PKCS11H_BOOL fProtectedAuthentication,
387
IN const unsigned maskSignMode,
388
IN const int nSlotEventMethod,
389
IN const int nSlotEventPollInterval,
390
IN const PKCS11H_BOOL fCertIsPrivate
391
);
392
393
/*
394
* pkcs11h_delProvider - Delete a PKCS#11 provider.
395
*
396
* Parameters:
397
* szReferenceName - Reference name for this provider.
398
*
399
* This function must be called from the main thread.
400
*/
401
CK_RV
402
pkcs11h_removeProvider (
403
IN const char * const szReferenceName
404
);
405
406
/*
407
* pkcs11h_forkFixup - Handle special case of Unix fork()
408
*
409
* This function should be called after fork is called. This is required
410
* due to a limitation of the PKCS#11 standard.
411
*
412
* This function must be called from the main thread.
413
*
414
* The helper library handles fork automatically if ENABLE_PKCS11H_THREADING
415
* is set on configuration file, by use of pthread_atfork.
416
*/
417
CK_RV
418
pkcs11h_forkFixup ();
419
420
/*
421
* pkcs11h_plugAndPlay - Handle slot rescan.
422
*
423
* This function must be called from the main thread.
424
*
425
* PKCS#11 providers do not allow plug&play, plug&play can be established by
426
* finalizing all providers and initializing them again.
427
*
428
* The cost of this process is invalidating all sessions, and require user
429
* login at the next access.
430
*/
431
CK_RV
432
pkcs11h_plugAndPlay ();
433
434
/*
435
* pkcs11h_freeTokenId - Free token_id object.
436
*/
437
CK_RV
438
pkcs11h_freeTokenId (
439
IN pkcs11h_token_id_t certificate_id
440
);
441
442
/*
443
* pkcs11h_duplicateTokenId - Duplicate token_id object.
444
*/
445
CK_RV
446
pkcs11h_duplicateTokenId (
447
OUT pkcs11h_token_id_t * const to,
448
IN const pkcs11h_token_id_t from
449
);
450
451
/*
452
* pkcs11h_sameTokenId - Returns TRUE if same token id
453
*/
454
PKCS11H_BOOL
455
pkcs11h_sameTokenId (
456
IN const pkcs11h_token_id_t a,
457
IN const pkcs11h_token_id_t b
458
);
459
460
#if defined(ENABLE_PKCS11H_TOKEN)
461
462
/*
463
* pkcs11h_token_ensureAccess - Ensure token is accessible.
464
*
465
* Parameters:
466
* token_id - Token id object.
467
* maskPrompt - Allow prompt.
468
*/
469
CK_RV
470
pkcs11h_token_ensureAccess (
471
IN const pkcs11h_token_id_t token_id,
472
IN const unsigned maskPrompt
473
);
474
475
#endif /* ENABLE_PKCS11H_TOKEN */
476
477
#if defined(ENABLE_PKCS11H_DATA)
478
479
CK_RV
480
pkcs11h_data_get (
481
IN const pkcs11h_token_id_t token_id,
482
IN const PKCS11H_BOOL fPublic,
483
IN const char * const szApplication,
484
IN const char * const szLabel,
485
OUT char * const blob,
486
IN OUT size_t * const p_blob_size
487
);
488
489
CK_RV
490
pkcs11h_data_put (
491
IN const pkcs11h_token_id_t token_id,
492
IN const PKCS11H_BOOL fPublic,
493
IN const char * const szApplication,
494
IN const char * const szLabel,
495
OUT char * const blob,
496
IN const size_t blob_size
497
);
498
499
CK_RV
500
pkcs11h_data_del (
501
IN const pkcs11h_token_id_t token_id,
502
IN const PKCS11H_BOOL fPublic,
503
IN const char * const szApplication,
504
IN const char * const szLabel
505
);
506
507
#endif /* ENABLE_PKCS11H_DATA */
508
509
#if defined(ENABLE_PKCS11H_CERTIFICATE)
510
/*======================================================================*
511
* CERTIFICATE INTERFACE
512
*======================================================================*/
513
514
/*
515
* pkcs11h_freeCertificateId - Free certificate_id object.
516
*/
517
CK_RV
518
pkcs11h_freeCertificateId (
519
IN pkcs11h_certificate_id_t certificate_id
520
);
521
522
/*
523
* pkcs11h_duplicateCertificateId - Duplicate certificate_id object.
524
*/
525
CK_RV
526
pkcs11h_duplicateCertificateId (
527
OUT pkcs11h_certificate_id_t * const to,
528
IN const pkcs11h_certificate_id_t from
529
);
530
531
/*
532
* pkcs11h_freeCertificate - Free certificate object.
533
*/
534
CK_RV
535
pkcs11h_freeCertificate (
536
IN pkcs11h_certificate_t certificate
537
);
538
539
/*
540
* pkcs11h_certificate_create - Create a certificate object out of certificate_id.
541
*
542
* Parameters:
543
* certificate_id - Certificate id object to be based on.
544
* nPINCachePeriod - Session specific cache period.
545
* p_certificate - Receives certificate object.
546
*
547
* The certificate id object may not specify the full certificate.
548
* The certificate object must be freed by caller.
549
*/
550
CK_RV
551
pkcs11h_certificate_create (
552
IN const pkcs11h_certificate_id_t certificate_id,
553
IN const int nPINCachePeriod,
554
OUT pkcs11h_certificate_t * const p_certificate
555
);
556
557
/*
558
* pkcs11h_certificate_getCertificateId - Get certifiate id object out of a certifiate
559
*
560
* Parameters:
561
* certificate - Certificate object.
562
* p_certificate_id - Certificate id object pointer.
563
*
564
* The certificate id must be freed by caller.
565
*/
566
CK_RV
567
pkcs11h_certificate_getCertificateId (
568
IN const pkcs11h_certificate_t certificate,
569
OUT pkcs11h_certificate_id_t * const p_certificate_id
570
);
571
572
/*
573
* pkcs11h_certificate_getCertificateBlob - Get the certificate blob out of the certificate object.
574
*
575
* ParametersL
576
* certificate - Certificate object.
577
* certificate_blob - Buffer.
578
* certificate_blob_size - Buffer size.
579
*
580
* Buffer may be NULL in order to get size.
581
*/
582
CK_RV
583
pkcs11h_certificate_getCertificateBlob (
584
IN const pkcs11h_certificate_t certificate,
585
OUT unsigned char * const certificate_blob,
586
IN OUT size_t * const p_certificate_blob_size
587
);
588
589
/*
590
* pkcs11h_certificate_ensureCertificateAccess - Ensure certificate is accessible.
591
*
592
* Parameters:
593
* certificate - Certificate object.
594
* maskPrompt - Allow prompt.
595
*/
596
CK_RV
597
pkcs11h_certificate_ensureCertificateAccess (
598
IN const pkcs11h_certificate_t certificate,
599
IN const unsigned maskPrompt
600
);
601
602
/*
603
* pkcs11h_certificate_ensureKeyAccess - Ensure key is accessible.
604
*
605
* Parameters:
606
* certificate - Certificate object.
607
* maskPrompt - Allow prompt.
608
*/
609
CK_RV
610
pkcs11h_certificate_ensureKeyAccess (
611
IN const pkcs11h_certificate_t certificate,
612
IN const unsigned maskPrompt
613
);
614
615
/*
616
* pkcs11h_certificate_sign - Sign data.
617
*
618
* Parameters:
619
* certificate - Certificate object.
620
* mech_type - PKCS#11 mechanism.
621
* source - Buffer to sign.
622
* source_size - Buffer size.
623
* target - Target buffer, can be NULL to get size.
624
* target_size - Target buffer size.
625
*/
626
CK_RV
627
pkcs11h_certificate_sign (
628
IN const pkcs11h_certificate_t certificate,
629
IN const CK_MECHANISM_TYPE mech_type,
630
IN const unsigned char * const source,
631
IN const size_t source_size,
632
OUT unsigned char * const target,
633
IN OUT size_t * const p_target_size
634
);
635
636
/*
637
* pkcs11h_certificate_signRecover - Sign data.
638
*
639
* Parameters:
640
* certificate - Certificate object.
641
* mech_type - PKCS#11 mechanism.
642
* source - Buffer to sign.
643
* source_size - Buffer size.
644
* target - Target buffer, can be NULL to get size.
645
* target_size - Target buffer size.
646
*/
647
CK_RV
648
pkcs11h_certificate_signRecover (
649
IN const pkcs11h_certificate_t certificate,
650
IN const CK_MECHANISM_TYPE mech_type,
651
IN const unsigned char * const source,
652
IN const size_t source_size,
653
OUT unsigned char * const target,
654
IN OUT size_t * const p_target_size
655
);
656
657
/*
658
* pkcs11h_certificate_signAny - Sign data mechanism determined by key attributes.
659
*
660
* Parameters:
661
* certificate - Certificate object.
662
* mech_type - PKCS#11 mechanism.
663
* source - Buffer to sign.
664
* source_size - Buffer size.
665
* target - Target buffer, can be NULL to get size.
666
* target_size - Target buffer size.
667
*/
668
CK_RV
669
pkcs11h_certificate_signAny (
670
IN const pkcs11h_certificate_t certificate,
671
IN const CK_MECHANISM_TYPE mech_type,
672
IN const unsigned char * const source,
673
IN const size_t source_size,
674
OUT unsigned char * const target,
675
IN OUT size_t * const p_target_size
676
);
677
678
/*
679
* pkcs11h_certificate_decrypt - Decrypt data.
680
*
681
* Parameters:
682
* certificate - Certificate object.
683
* mech_type - PKCS#11 mechanism.
684
* source - Buffer to sign.
685
* source_size - Buffer size.
686
* target - Target buffer, can be NULL to get size.
687
* target_size - Target buffer size.
688
*/
689
CK_RV
690
pkcs11h_certificate_decrypt (
691
IN const pkcs11h_certificate_t certificate,
692
IN const CK_MECHANISM_TYPE mech_type,
693
IN const unsigned char * const source,
694
IN const size_t source_size,
695
OUT unsigned char * const target,
696
IN OUT size_t * const p_target_size
697
);
698
699
#endif /* ENABLE_PKCS11H_CERTIFICATE */
700
701
#if defined(ENABLE_PKCS11H_LOCATE)
702
/*======================================================================*
703
* LOCATE INTERFACE
704
*======================================================================*/
705
706
#if defined(ENABLE_PKCS11H_TOKEN) || defined(ENABLE_PKCS11H_CERTIFICATE)
707
708
/*
709
* pkcs11h_locate_token - Locate token based on atributes.
710
*
711
* Parameters:
712
* szSlotType - How to locate slot.
713
* szSlot - Slot name.
714
* p_token_id - Token object.
715
*
716
* Slot:
717
* id - Slot number.
718
* name - Slot name.
719
* label - Available token label.
720
*
721
* Caller must free token id.
722
*/
723
CK_RV
724
pkcs11h_locate_token (
725
IN const char * const szSlotType,
726
IN const char * const szSlot,
727
OUT pkcs11h_token_id_t * const p_token_id
728
);
729
730
#endif /* ENABLE_PKCS11H_TOKEN || ENABLE_PKCS11H_CERTIFICATE */
731
732
#if defined(ENABLE_PKCS11H_CERTIFICATE)
733
734
/*
735
* pkcs11h_locate_certificate - Locate certificate based on atributes.
736
*
737
* Parameters:
738
* szSlotType - How to locate slot.
739
* szSlot - Slot name.
740
* szIdType - How to locate object.
741
* szId - Object name.
742
* p_certificate_id - Certificate object.
743
*
744
* Slot:
745
* Same as pkcs11h_locate_token.
746
*
747
* Object:
748
* id - Certificate CKA_ID (hex string) (Fastest).
749
* label - Certificate CKA_LABEL (string).
750
* subject - Certificate subject (OpenSSL DN).
751
*
752
* Caller must free certificate id.
753
*/
754
CK_RV
755
pkcs11h_locate_certificate (
756
IN const char * const szSlotType,
757
IN const char * const szSlot,
758
IN const char * const szIdType,
759
IN const char * const szId,
760
OUT pkcs11h_certificate_id_t * const p_certificate_id
761
);
762
763
#endif /* ENABLE_PKCS11H_CERTIFICATE */
764
765
#endif /* ENABLE_PKCS11H_LOCATE */
766
767
#if defined(ENABLE_PKCS11H_ENUM)
768
/*======================================================================*
769
* ENUM INTERFACE
770
*======================================================================*/
771
772
#if defined(ENABLE_PKCS11H_TOKEN)
773
774
/*
775
* pkcs11h_freeCertificateIdList - Free certificate_id list.
776
*/
777
CK_RV
778
pkcs11h_freeTokenIdList (
779
IN const pkcs11h_token_id_list_t token_id_list
780
);
781
782
/*
783
* pkcs11h_enum_getTokenIds - Enumerate available tokens
784
*
785
* Parameters:
786
* p_token_id_list - A list of token ids.
787
*
788
* Caller must free the list.
789
*/
790
CK_RV
791
pkcs11h_enum_getTokenIds (
792
IN const int method,
793
OUT pkcs11h_token_id_list_t * const p_token_id_list
794
);
795
796
#endif /* ENABLE_PKCS11H_TOKEN */
797
798
#if defined(ENABLE_PKCS11H_DATA)
799
800
CK_RV
801
pkcs11h_freeDataIdList (
802
IN const pkcs11h_data_id_list_t data_id_list
803
);
804
805
CK_RV
806
pkcs11h_enumDataObjects (
807
IN const pkcs11h_token_id_t token_id,
808
IN const PKCS11H_BOOL fPublic,
809
OUT pkcs11h_data_id_list_t * const p_data_id_list
810
);
811
812
#endif /* ENABLE_PKCS11H_DATA */
813
814
#if defined(ENABLE_PKCS11H_CERTIFICATE)
815
816
/*
817
* pkcs11h_freeCertificateIdList - Free certificate_id list.
818
*/
819
CK_RV
820
pkcs11h_freeCertificateIdList (
821
IN const pkcs11h_certificate_id_list_t cert_id_list
822
);
823
824
/*
825
* pkcs11h_enum_getTokenCertificateIds - Enumerate available certificates on specific token
826
*
827
* Parameters:
828
* token_id - Token id to enum.
829
* method - How to fetch certificates.
830
* p_cert_id_issuers_list - Receives issues list, can be NULL.
831
* p_cert_id_end_list - Receives end certificates list.
832
*
833
* This function will likely take long time.
834
*
835
* Method can be one of the following:
836
* PKCS11H_ENUM_METHOD_CACHE
837
* Return available certificates, even if token was once detected and
838
* was removed.
839
* PKCS11H_ENUM_METHOD_CACHE_EXIST
840
* Return available certificates for available tokens only, don't
841
* read the contents of the token if already read, even if this token
842
* removed and inserted.
843
* PKCS11H_ENUM_METHOD_RELOAD
844
* Clear all caches and then enum.
845
*
846
* Caller must free the lists.
847
*/
848
CK_RV
849
pkcs11h_enum_getTokenCertificateIds (
850
IN const pkcs11h_token_id_t token_id,
851
IN const int method,
852
OUT pkcs11h_certificate_id_list_t * const p_cert_id_issuers_list,
853
OUT pkcs11h_certificate_id_list_t * const p_cert_id_end_list
854
);
855
856
/*
857
* pkcs11h_enum_getCertificateIds - Enumerate available certificates.
858
*
859
* Parameters:
860
* method - How to fetch certificates.
861
* p_cert_id_issuers_list - Receives issues list, can be NULL.
862
* p_cert_id_end_list - Receives end certificates list.
863
*
864
* This function will likely take long time.
865
*
866
* Method can be one of the following:
867
* PKCS11H_ENUM_METHOD_CACHE
868
* Return available certificates, even if token was once detected and
869
* was removed.
870
* PKCS11H_ENUM_METHOD_CACHE_EXIST
871
* Return available certificates for available tokens only, don't
872
* read the contents of the token if already read, even if this token
873
* removed and inserted.
874
* PKCS11H_ENUM_METHOD_RELOAD
875
* Clear all caches and then enum.
876
*
877
* Caller must free lists.
878
*/
879
CK_RV
880
pkcs11h_enum_getCertificateIds (
881
IN const int method,
882
OUT pkcs11h_certificate_id_list_t * const p_cert_id_issuers_list,
883
OUT pkcs11h_certificate_id_list_t * const p_cert_id_end_list
884
);
885
886
#endif /* ENABLE_PKCS11H_CERTIFICATE */
887
888
#endif /* ENABLE_PKCS11H_ENUM */
889
890
#if defined(ENABLE_PKCS11H_OPENSSL)
891
/*======================================================================*
892
* OPENSSL INTERFACE
893
*======================================================================*/
894
895
/*
896
* pkcs11h_openssl_createSession - Create OpenSSL session based on a certificate object.
897
*
898
* Parameters:
899
* certificate - Certificate object.
900
*
901
* The certificate object will be freed by the OpenSSL interface on session end.
902
*/
903
pkcs11h_openssl_session_t
904
pkcs11h_openssl_createSession (
905
IN const pkcs11h_certificate_t certificate
906
);
907
908
/*
909
* pkcs11h_openssl_freeSession - Free OpenSSL session.
910
*
911
* Parameters:
912
* openssl_session - Session to free.
913
*
914
* The openssl_session object has a reference count just like other OpenSSL objects.
915
*/
916
void
917
pkcs11h_openssl_freeSession (
918
IN const pkcs11h_openssl_session_t openssl_session
919
);
920
921
/*
922
* pkcs11h_openssl_getRSA - Returns an RSA object out of the openssl_session object.
923
*
924
* Parameters:
925
* openssl_session - Session.
926
*/
927
RSA *
928
pkcs11h_openssl_getRSA (
929
IN const pkcs11h_openssl_session_t openssl_session
930
);
931
932
/*
933
* pkcs11h_openssl_getX509 - Returns an X509 object out of the openssl_session object.
934
*
935
* Parameters:
936
* openssl_session - Session.
937
*/
938
X509 *
939
pkcs11h_openssl_getX509 (
940
IN const pkcs11h_openssl_session_t openssl_session
941
);
942
943
#endif /* ENABLE_PKCS11H_OPENSSL */
944
945
#if defined(ENABLE_PKCS11H_STANDALONE)
946
/*======================================================================*
947
* STANDALONE INTERFACE
948
*======================================================================*/
949
950
void
951
pkcs11h_standalone_dump_slots (
952
IN const pkcs11h_output_print_t my_output,
953
IN const void *pData,
954
IN const char * const provider
955
);
956
957
void
958
pkcs11h_standalone_dump_objects (
959
IN const pkcs11h_output_print_t my_output,
960
IN const void *pData,
961
IN const char * const provider,
962
IN const char * const slot,
963
IN const char * const pin
964
);
965
966
#endif /* ENABLE_PKCS11H_STANDALONE */
967
968
#ifdef __cplusplus
969
}
970
#endif
971
972
#endif /* __PKCS11H_HELPER_H */
Loggerhead is a web-based interface for Breezy
Version: 2.0.1