2
* Copyright (c) 2005-2006 Alon Bar-Lev <alon.barlev@gmail.com>
5
* This software is available to you under a choice of one of two
6
* licenses. You may choose to be licensed under the terms of the GNU
7
* General Public License (GPL) Version 2, or the OpenIB.org BSD license.
9
* GNU General Public License (GPL) Version 2
10
* ===========================================
11
* This program is free software; you can redistribute it and/or modify
12
* it under the terms of the GNU General Public License version 2
13
* as published by the Free Software Foundation.
15
* This program is distributed in the hope that it will be useful,
16
* but WITHOUT ANY WARRANTY; without even the implied warranty of
17
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18
* GNU General Public License for more details.
20
* You should have received a copy of the GNU General Public License
21
* along with this program (see the file COPYING[.GPL2] included with this
22
* distribution); if not, write to the Free Software Foundation, Inc.,
23
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
25
* OpenIB.org BSD license
26
* =======================
27
* Redistribution and use in source and binary forms, with or without modifi-
28
* cation, are permitted provided that the following conditions are met:
30
* o Redistributions of source code must retain the above copyright notice,
31
* this list of conditions and the following disclaimer.
33
* o Redistributions in binary form must reproduce the above copyright no-
34
* tice, this list of conditions and the following disclaimer in the do-
35
* cumentation and/or other materials provided with the distribution.
37
* o The names of the contributors may not be used to endorse or promote
38
* products derived from this software without specific prior written
41
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
42
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
43
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
44
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LI-
45
* ABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUEN-
46
* TIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEV-
48
* ER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABI-
49
* LITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
50
* THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
54
* The routines in this file deal with providing private key cryptography
55
* using RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki).
59
#ifndef __PKCS11H_HELPER_H
60
#define __PKCS11H_HELPER_H
62
#if defined(__cplusplus)
66
#include "pkcs11-helper-config.h"
68
#if defined(ENABLE_PKCS11H_SLOTEVENT) && !defined(ENABLE_PKCS11H_THREADING)
69
#error PKCS#11: ENABLE_PKCS11H_SLOTEVENT requires ENABLE_PKCS11H_THREADING
71
#if defined(ENABLE_PKCS11H_OPENSSL) && !defined(ENABLE_PKCS11H_CERTIFICATE)
72
#error PKCS#11: ENABLE_PKCS11H_OPENSSL requires ENABLE_PKCS11H_CERTIFICATE
75
#define PKCS11H_LOG_DEBUG2 5
76
#define PKCS11H_LOG_DEBUG1 4
77
#define PKCS11H_LOG_INFO 3
78
#define PKCS11H_LOG_WARN 2
79
#define PKCS11H_LOG_ERROR 1
80
#define PKCS11H_LOG_QUITE 0
82
#define PKCS11H_PIN_CACHE_INFINITE -1
84
#define PKCS11H_SIGNMODE_MASK_SIGN (1<<0)
85
#define PKCS11H_SIGNMODE_MASK_RECOVER (1<<1)
87
#define PKCS11H_PROMPT_MASK_ALLOW_PIN_PROMPT (1<<0)
88
#define PKCS11H_PROMPT_MAST_ALLOW_CARD_PROMPT (1<<1)
90
#define PKCS11H_SLOTEVENT_METHOD_AUTO 0
91
#define PKCS11H_SLOTEVENT_METHOD_TRIGGER 1
92
#define PKCS11H_SLOTEVENT_METHOD_POLL 2
94
#define PKCS11H_ENUM_METHOD_CACHE 0
95
#define PKCS11H_ENUM_METHOD_CACHE_EXIST 1
96
#define PKCS11H_ENUM_METHOD_RELOAD 2
98
typedef void (*pkcs11h_output_print_t)(
100
IN const char * const szFormat,
104
__attribute__ ((format (printf, 2, 3)))
108
struct pkcs11h_token_id_s;
109
typedef struct pkcs11h_token_id_s *pkcs11h_token_id_t;
111
#if defined(ENABLE_PKCS11H_CERTIFICATE)
113
struct pkcs11h_certificate_id_s;
114
struct pkcs11h_certificate_s;
115
typedef struct pkcs11h_certificate_id_s *pkcs11h_certificate_id_t;
116
typedef struct pkcs11h_certificate_s *pkcs11h_certificate_t;
118
#endif /* ENABLE_PKCS11H_CERTIFICATE */
120
#if defined(ENABLE_PKCS11H_ENUM)
122
struct pkcs11h_token_id_list_s;
123
typedef struct pkcs11h_token_id_list_s *pkcs11h_token_id_list_t;
125
#if defined(ENABLE_PKCS11H_DATA)
127
struct pkcs11h_data_id_list_s;
128
typedef struct pkcs11h_data_id_list_s *pkcs11h_data_id_list_t;
130
#endif /* ENABLE_PKCS11H_DATA */
132
#if defined(ENABLE_PKCS11H_CERTIFICATE)
134
struct pkcs11h_certificate_id_list_s;
135
typedef struct pkcs11h_certificate_id_list_s *pkcs11h_certificate_id_list_t;
137
#endif /* ENABLE_PKCS11H_CERTIFICATE */
139
#endif /* ENABLE_PKCS11H_ENUM */
141
typedef void (*pkcs11h_hook_log_t)(
142
IN const void *pData,
143
IN const unsigned flags,
144
IN const char * const szFormat,
148
typedef void (*pkcs11h_hook_slotevent_t)(
152
typedef PKCS11H_BOOL (*pkcs11h_hook_token_prompt_t)(
153
IN const void *pData,
154
IN const pkcs11h_token_id_t token,
155
IN const unsigned retry
158
typedef PKCS11H_BOOL (*pkcs11h_hook_pin_prompt_t)(
159
IN const void *pData,
160
IN const pkcs11h_token_id_t token,
161
IN const unsigned retry,
162
OUT char * const szPIN,
163
IN const size_t nMaxPIN
166
struct pkcs11h_token_id_s {
168
char manufacturerID[sizeof (((CK_TOKEN_INFO *)NULL)->manufacturerID)+1];
169
char model[sizeof (((CK_TOKEN_INFO *)NULL)->model)+1];
170
char serialNumber[sizeof (((CK_TOKEN_INFO *)NULL)->serialNumber)+1];
173
#if defined(ENABLE_PKCS11H_CERTIFICATE)
175
struct pkcs11h_certificate_id_s {
176
pkcs11h_token_id_t token_id;
178
char displayName[1024];
179
CK_BYTE_PTR attrCKA_ID;
180
size_t attrCKA_ID_size;
182
unsigned char *certificate_blob;
183
size_t certificate_blob_size;
188
#if defined(ENABLE_PKCS11H_ENUM)
190
struct pkcs11h_token_id_list_s {
191
pkcs11h_token_id_list_t next;
192
pkcs11h_token_id_t token_id;
195
#if defined(ENABLE_PKCS11H_DATA)
197
struct pkcs11h_data_id_list_s {
198
pkcs11h_data_id_list_t next;
204
#endif /* ENABLE_PKCS11H_DATA */
206
#if defined(ENABLE_PKCS11H_CERTIFICATE)
208
struct pkcs11h_certificate_id_list_s {
209
pkcs11h_certificate_id_list_t next;
210
pkcs11h_certificate_id_t certificate_id;
213
#endif /* ENABLE_PKCS11H_CERTIFICATE */
215
#endif /* ENABLE_PKCS11H_CERTIFICATE */
217
#if defined(ENABLE_PKCS11H_OPENSSL)
219
struct pkcs11h_openssl_session_s;
220
typedef struct pkcs11h_openssl_session_s *pkcs11h_openssl_session_t;
222
#endif /* ENABLE_PKCS11H_OPENSSL */
225
* pkcs11h_getMessage - Get message by return value.
236
* pkcs11h_initialize - Inititalize helper interface.
238
* Must be called once, from main thread.
240
* Protected authentication enabled.
241
* PIN cached is infinite.
244
pkcs11h_initialize ();
247
* pkcs11h_terminate - Terminate helper interface.
249
* Must be called once, from main thread, after all
250
* related resources freed.
253
pkcs11h_terminate ();
256
* pkcs11h_setLogLevel - Set current log level of the helper.
259
* flags - current log level.
261
* The log level can be set to maximum, but setting it to lower
262
* level will improve performance.
265
pkcs11h_setLogLevel (
266
IN const unsigned flags
270
* pkcs11h_getLogLevel - Get current log level.
273
pkcs11h_getLogLevel ();
276
* pkcs11h_setLogHook - Set a log callback.
280
* pData - Data to send to callback.
284
IN const pkcs11h_hook_log_t hook,
285
IN void * const pData
289
* pkcs11h_setSlotEventHook - Set a slot event callback.
293
* pData - Data to send to callback.
295
* Calling this function initialize slot event notifications, these
296
* notifications can be started, but never terminate due to PKCS#11 limitation.
298
* In order to use slot events you must have threading enabled.
301
pkcs11h_setSlotEventHook (
302
IN const pkcs11h_hook_slotevent_t hook,
303
IN void * const pData
307
* pkcs11h_setTokenPromptHook - Set a token prompt callback.
311
* pData - Data to send to callback.
314
pkcs11h_setTokenPromptHook (
315
IN const pkcs11h_hook_token_prompt_t hook,
316
IN void * const pData
320
* pkcs11h_setPINPromptHook - Set a pin prompt callback.
324
* pData - Data to send to callback.
327
pkcs11h_setPINPromptHook (
328
IN const pkcs11h_hook_pin_prompt_t hook,
329
IN void * const pData
333
* pkcs11h_setProtectedAuthentication - Set global protected authentication mode.
336
* fProtectedAuthentication - Allow protected authentication if enabled by token.
339
pkcs11h_setProtectedAuthentication (
340
IN const PKCS11H_BOOL fProtectedAuthentication
344
* pkcs11h_setPINCachePeriod - Set global PIN cache timeout.
347
* nPINCachePeriod - Cache period in seconds, or PKCS11H_PIN_CACHE_INFINITE.
350
pkcs11h_setPINCachePeriod (
351
IN const int nPINCachePeriod
355
* pkcs11h_setMaxLoginRetries - Set global login retries attempts.
358
* nMaxLoginRetries - Login retries handled by the helper.
361
pkcs11h_setMaxLoginRetries (
362
IN const unsigned nMaxLoginRetries
366
* pkcs11h_addProvider - Add a PKCS#11 provider.
369
* szReferenceName - Reference name for this provider.
370
* szProvider - Provider library location.
371
* fProtectedAuthentication - Allow this provider to use protected authentication.
372
* maskSignMode - Provider signmode override.
373
* nSlotEventMethod - Provider slot event method.
374
* nSlotEventPollInterval - Slot event poll interval (If in polling mode).
375
* fCertIsPrivate - Provider's certificate access should be done after login.
377
* This function must be called from the main thread.
379
* The global fProtectedAuthentication must be enabled in order to allow provider specific.
380
* The maskSignMode can be 0 in order to automatically detect key sign mode.
383
pkcs11h_addProvider (
384
IN const char * const szReferenceName,
385
IN const char * const szProvider,
386
IN const PKCS11H_BOOL fProtectedAuthentication,
387
IN const unsigned maskSignMode,
388
IN const int nSlotEventMethod,
389
IN const int nSlotEventPollInterval,
390
IN const PKCS11H_BOOL fCertIsPrivate
394
* pkcs11h_delProvider - Delete a PKCS#11 provider.
397
* szReferenceName - Reference name for this provider.
399
* This function must be called from the main thread.
402
pkcs11h_removeProvider (
403
IN const char * const szReferenceName
407
* pkcs11h_forkFixup - Handle special case of Unix fork()
409
* This function should be called after fork is called. This is required
410
* due to a limitation of the PKCS#11 standard.
412
* This function must be called from the main thread.
414
* The helper library handles fork automatically if ENABLE_PKCS11H_THREADING
415
* is set on configuration file, by use of pthread_atfork.
418
pkcs11h_forkFixup ();
421
* pkcs11h_plugAndPlay - Handle slot rescan.
423
* This function must be called from the main thread.
425
* PKCS#11 providers do not allow plug&play, plug&play can be established by
426
* finalizing all providers and initializing them again.
428
* The cost of this process is invalidating all sessions, and require user
429
* login at the next access.
432
pkcs11h_plugAndPlay ();
435
* pkcs11h_freeTokenId - Free token_id object.
438
pkcs11h_freeTokenId (
439
IN pkcs11h_token_id_t certificate_id
443
* pkcs11h_duplicateTokenId - Duplicate token_id object.
446
pkcs11h_duplicateTokenId (
447
OUT pkcs11h_token_id_t * const to,
448
IN const pkcs11h_token_id_t from
452
* pkcs11h_sameTokenId - Returns TRUE if same token id
455
pkcs11h_sameTokenId (
456
IN const pkcs11h_token_id_t a,
457
IN const pkcs11h_token_id_t b
460
#if defined(ENABLE_PKCS11H_TOKEN)
463
* pkcs11h_token_ensureAccess - Ensure token is accessible.
466
* token_id - Token id object.
467
* maskPrompt - Allow prompt.
470
pkcs11h_token_ensureAccess (
471
IN const pkcs11h_token_id_t token_id,
472
IN const unsigned maskPrompt
475
#endif /* ENABLE_PKCS11H_TOKEN */
477
#if defined(ENABLE_PKCS11H_DATA)
481
IN const pkcs11h_token_id_t token_id,
482
IN const PKCS11H_BOOL fPublic,
483
IN const char * const szApplication,
484
IN const char * const szLabel,
485
OUT char * const blob,
486
IN OUT size_t * const p_blob_size
491
IN const pkcs11h_token_id_t token_id,
492
IN const PKCS11H_BOOL fPublic,
493
IN const char * const szApplication,
494
IN const char * const szLabel,
495
OUT char * const blob,
496
IN const size_t blob_size
501
IN const pkcs11h_token_id_t token_id,
502
IN const PKCS11H_BOOL fPublic,
503
IN const char * const szApplication,
504
IN const char * const szLabel
507
#endif /* ENABLE_PKCS11H_DATA */
509
#if defined(ENABLE_PKCS11H_CERTIFICATE)
510
/*======================================================================*
511
* CERTIFICATE INTERFACE
512
*======================================================================*/
515
* pkcs11h_freeCertificateId - Free certificate_id object.
518
pkcs11h_freeCertificateId (
519
IN pkcs11h_certificate_id_t certificate_id
523
* pkcs11h_duplicateCertificateId - Duplicate certificate_id object.
526
pkcs11h_duplicateCertificateId (
527
OUT pkcs11h_certificate_id_t * const to,
528
IN const pkcs11h_certificate_id_t from
532
* pkcs11h_freeCertificate - Free certificate object.
535
pkcs11h_freeCertificate (
536
IN pkcs11h_certificate_t certificate
540
* pkcs11h_certificate_create - Create a certificate object out of certificate_id.
543
* certificate_id - Certificate id object to be based on.
544
* nPINCachePeriod - Session specific cache period.
545
* p_certificate - Receives certificate object.
547
* The certificate id object may not specify the full certificate.
548
* The certificate object must be freed by caller.
551
pkcs11h_certificate_create (
552
IN const pkcs11h_certificate_id_t certificate_id,
553
IN const int nPINCachePeriod,
554
OUT pkcs11h_certificate_t * const p_certificate
558
* pkcs11h_certificate_getCertificateId - Get certifiate id object out of a certifiate
561
* certificate - Certificate object.
562
* p_certificate_id - Certificate id object pointer.
564
* The certificate id must be freed by caller.
567
pkcs11h_certificate_getCertificateId (
568
IN const pkcs11h_certificate_t certificate,
569
OUT pkcs11h_certificate_id_t * const p_certificate_id
573
* pkcs11h_certificate_getCertificateBlob - Get the certificate blob out of the certificate object.
576
* certificate - Certificate object.
577
* certificate_blob - Buffer.
578
* certificate_blob_size - Buffer size.
580
* Buffer may be NULL in order to get size.
583
pkcs11h_certificate_getCertificateBlob (
584
IN const pkcs11h_certificate_t certificate,
585
OUT unsigned char * const certificate_blob,
586
IN OUT size_t * const p_certificate_blob_size
590
* pkcs11h_certificate_ensureCertificateAccess - Ensure certificate is accessible.
593
* certificate - Certificate object.
594
* maskPrompt - Allow prompt.
597
pkcs11h_certificate_ensureCertificateAccess (
598
IN const pkcs11h_certificate_t certificate,
599
IN const unsigned maskPrompt
603
* pkcs11h_certificate_ensureKeyAccess - Ensure key is accessible.
606
* certificate - Certificate object.
607
* maskPrompt - Allow prompt.
610
pkcs11h_certificate_ensureKeyAccess (
611
IN const pkcs11h_certificate_t certificate,
612
IN const unsigned maskPrompt
616
* pkcs11h_certificate_sign - Sign data.
619
* certificate - Certificate object.
620
* mech_type - PKCS#11 mechanism.
621
* source - Buffer to sign.
622
* source_size - Buffer size.
623
* target - Target buffer, can be NULL to get size.
624
* target_size - Target buffer size.
627
pkcs11h_certificate_sign (
628
IN const pkcs11h_certificate_t certificate,
629
IN const CK_MECHANISM_TYPE mech_type,
630
IN const unsigned char * const source,
631
IN const size_t source_size,
632
OUT unsigned char * const target,
633
IN OUT size_t * const p_target_size
637
* pkcs11h_certificate_signRecover - Sign data.
640
* certificate - Certificate object.
641
* mech_type - PKCS#11 mechanism.
642
* source - Buffer to sign.
643
* source_size - Buffer size.
644
* target - Target buffer, can be NULL to get size.
645
* target_size - Target buffer size.
648
pkcs11h_certificate_signRecover (
649
IN const pkcs11h_certificate_t certificate,
650
IN const CK_MECHANISM_TYPE mech_type,
651
IN const unsigned char * const source,
652
IN const size_t source_size,
653
OUT unsigned char * const target,
654
IN OUT size_t * const p_target_size
658
* pkcs11h_certificate_signAny - Sign data mechanism determined by key attributes.
661
* certificate - Certificate object.
662
* mech_type - PKCS#11 mechanism.
663
* source - Buffer to sign.
664
* source_size - Buffer size.
665
* target - Target buffer, can be NULL to get size.
666
* target_size - Target buffer size.
669
pkcs11h_certificate_signAny (
670
IN const pkcs11h_certificate_t certificate,
671
IN const CK_MECHANISM_TYPE mech_type,
672
IN const unsigned char * const source,
673
IN const size_t source_size,
674
OUT unsigned char * const target,
675
IN OUT size_t * const p_target_size
679
* pkcs11h_certificate_decrypt - Decrypt data.
682
* certificate - Certificate object.
683
* mech_type - PKCS#11 mechanism.
684
* source - Buffer to sign.
685
* source_size - Buffer size.
686
* target - Target buffer, can be NULL to get size.
687
* target_size - Target buffer size.
690
pkcs11h_certificate_decrypt (
691
IN const pkcs11h_certificate_t certificate,
692
IN const CK_MECHANISM_TYPE mech_type,
693
IN const unsigned char * const source,
694
IN const size_t source_size,
695
OUT unsigned char * const target,
696
IN OUT size_t * const p_target_size
699
#endif /* ENABLE_PKCS11H_CERTIFICATE */
701
#if defined(ENABLE_PKCS11H_LOCATE)
702
/*======================================================================*
704
*======================================================================*/
706
#if defined(ENABLE_PKCS11H_TOKEN) || defined(ENABLE_PKCS11H_CERTIFICATE)
709
* pkcs11h_locate_token - Locate token based on atributes.
712
* szSlotType - How to locate slot.
713
* szSlot - Slot name.
714
* p_token_id - Token object.
719
* label - Available token label.
721
* Caller must free token id.
724
pkcs11h_locate_token (
725
IN const char * const szSlotType,
726
IN const char * const szSlot,
727
OUT pkcs11h_token_id_t * const p_token_id
730
#endif /* ENABLE_PKCS11H_TOKEN || ENABLE_PKCS11H_CERTIFICATE */
732
#if defined(ENABLE_PKCS11H_CERTIFICATE)
735
* pkcs11h_locate_certificate - Locate certificate based on atributes.
738
* szSlotType - How to locate slot.
739
* szSlot - Slot name.
740
* szIdType - How to locate object.
741
* szId - Object name.
742
* p_certificate_id - Certificate object.
745
* Same as pkcs11h_locate_token.
748
* id - Certificate CKA_ID (hex string) (Fastest).
749
* label - Certificate CKA_LABEL (string).
750
* subject - Certificate subject (OpenSSL DN).
752
* Caller must free certificate id.
755
pkcs11h_locate_certificate (
756
IN const char * const szSlotType,
757
IN const char * const szSlot,
758
IN const char * const szIdType,
759
IN const char * const szId,
760
OUT pkcs11h_certificate_id_t * const p_certificate_id
763
#endif /* ENABLE_PKCS11H_CERTIFICATE */
765
#endif /* ENABLE_PKCS11H_LOCATE */
767
#if defined(ENABLE_PKCS11H_ENUM)
768
/*======================================================================*
770
*======================================================================*/
772
#if defined(ENABLE_PKCS11H_TOKEN)
775
* pkcs11h_freeCertificateIdList - Free certificate_id list.
778
pkcs11h_freeTokenIdList (
779
IN const pkcs11h_token_id_list_t token_id_list
783
* pkcs11h_enum_getTokenIds - Enumerate available tokens
786
* p_token_id_list - A list of token ids.
788
* Caller must free the list.
791
pkcs11h_enum_getTokenIds (
793
OUT pkcs11h_token_id_list_t * const p_token_id_list
796
#endif /* ENABLE_PKCS11H_TOKEN */
798
#if defined(ENABLE_PKCS11H_DATA)
801
pkcs11h_freeDataIdList (
802
IN const pkcs11h_data_id_list_t data_id_list
806
pkcs11h_enumDataObjects (
807
IN const pkcs11h_token_id_t token_id,
808
IN const PKCS11H_BOOL fPublic,
809
OUT pkcs11h_data_id_list_t * const p_data_id_list
812
#endif /* ENABLE_PKCS11H_DATA */
814
#if defined(ENABLE_PKCS11H_CERTIFICATE)
817
* pkcs11h_freeCertificateIdList - Free certificate_id list.
820
pkcs11h_freeCertificateIdList (
821
IN const pkcs11h_certificate_id_list_t cert_id_list
825
* pkcs11h_enum_getTokenCertificateIds - Enumerate available certificates on specific token
828
* token_id - Token id to enum.
829
* method - How to fetch certificates.
830
* p_cert_id_issuers_list - Receives issues list, can be NULL.
831
* p_cert_id_end_list - Receives end certificates list.
833
* This function will likely take long time.
835
* Method can be one of the following:
836
* PKCS11H_ENUM_METHOD_CACHE
837
* Return available certificates, even if token was once detected and
839
* PKCS11H_ENUM_METHOD_CACHE_EXIST
840
* Return available certificates for available tokens only, don't
841
* read the contents of the token if already read, even if this token
842
* removed and inserted.
843
* PKCS11H_ENUM_METHOD_RELOAD
844
* Clear all caches and then enum.
846
* Caller must free the lists.
849
pkcs11h_enum_getTokenCertificateIds (
850
IN const pkcs11h_token_id_t token_id,
852
OUT pkcs11h_certificate_id_list_t * const p_cert_id_issuers_list,
853
OUT pkcs11h_certificate_id_list_t * const p_cert_id_end_list
857
* pkcs11h_enum_getCertificateIds - Enumerate available certificates.
860
* method - How to fetch certificates.
861
* p_cert_id_issuers_list - Receives issues list, can be NULL.
862
* p_cert_id_end_list - Receives end certificates list.
864
* This function will likely take long time.
866
* Method can be one of the following:
867
* PKCS11H_ENUM_METHOD_CACHE
868
* Return available certificates, even if token was once detected and
870
* PKCS11H_ENUM_METHOD_CACHE_EXIST
871
* Return available certificates for available tokens only, don't
872
* read the contents of the token if already read, even if this token
873
* removed and inserted.
874
* PKCS11H_ENUM_METHOD_RELOAD
875
* Clear all caches and then enum.
877
* Caller must free lists.
880
pkcs11h_enum_getCertificateIds (
882
OUT pkcs11h_certificate_id_list_t * const p_cert_id_issuers_list,
883
OUT pkcs11h_certificate_id_list_t * const p_cert_id_end_list
886
#endif /* ENABLE_PKCS11H_CERTIFICATE */
888
#endif /* ENABLE_PKCS11H_ENUM */
890
#if defined(ENABLE_PKCS11H_OPENSSL)
891
/*======================================================================*
893
*======================================================================*/
896
* pkcs11h_openssl_createSession - Create OpenSSL session based on a certificate object.
899
* certificate - Certificate object.
901
* The certificate object will be freed by the OpenSSL interface on session end.
903
pkcs11h_openssl_session_t
904
pkcs11h_openssl_createSession (
905
IN const pkcs11h_certificate_t certificate
909
* pkcs11h_openssl_freeSession - Free OpenSSL session.
912
* openssl_session - Session to free.
914
* The openssl_session object has a reference count just like other OpenSSL objects.
917
pkcs11h_openssl_freeSession (
918
IN const pkcs11h_openssl_session_t openssl_session
922
* pkcs11h_openssl_getRSA - Returns an RSA object out of the openssl_session object.
925
* openssl_session - Session.
928
pkcs11h_openssl_getRSA (
929
IN const pkcs11h_openssl_session_t openssl_session
933
* pkcs11h_openssl_getX509 - Returns an X509 object out of the openssl_session object.
936
* openssl_session - Session.
939
pkcs11h_openssl_getX509 (
940
IN const pkcs11h_openssl_session_t openssl_session
943
#endif /* ENABLE_PKCS11H_OPENSSL */
945
#if defined(ENABLE_PKCS11H_STANDALONE)
946
/*======================================================================*
947
* STANDALONE INTERFACE
948
*======================================================================*/
951
pkcs11h_standalone_dump_slots (
952
IN const pkcs11h_output_print_t my_output,
953
IN const void *pData,
954
IN const char * const provider
958
pkcs11h_standalone_dump_objects (
959
IN const pkcs11h_output_print_t my_output,
960
IN const void *pData,
961
IN const char * const provider,
962
IN const char * const slot,
963
IN const char * const pin
966
#endif /* ENABLE_PKCS11H_STANDALONE */
972
#endif /* __PKCS11H_HELPER_H */