|
Packit |
549fdc |
/*
|
|
Packit |
549fdc |
* GnuTLS PKCS#11 support
|
|
Packit |
549fdc |
* Copyright (C) 2010-2012 Free Software Foundation, Inc.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* Authors: Nikos Mavrogiannopoulos, Stef Walter
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* The GnuTLS is free software; you can redistribute it and/or
|
|
Packit |
549fdc |
* modify it under the terms of the GNU Lesser General Public License
|
|
Packit |
549fdc |
* as published by the Free Software Foundation; either version 2.1 of
|
|
Packit |
549fdc |
* the License, or (at your option) any later version.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* This library is distributed in the hope that it will be useful, but
|
|
Packit |
549fdc |
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
549fdc |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
549fdc |
* Lesser General Public License for more details.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* You should have received a copy of the GNU Lesser General Public License
|
|
Packit |
549fdc |
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#ifndef PKCS11_INT_H
|
|
Packit |
549fdc |
#define PKCS11_INT_H
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#ifdef ENABLE_PKCS11
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#define CRYPTOKI_GNU
|
|
Packit |
549fdc |
#include <p11-kit/pkcs11.h>
|
|
Packit |
549fdc |
#include <gnutls/pkcs11.h>
|
|
Packit |
549fdc |
#include <x509/x509_int.h>
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#define PKCS11_ID_SIZE 128
|
|
Packit |
549fdc |
#define PKCS11_LABEL_SIZE 128
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#include <p11-kit/uri.h>
|
|
Packit |
549fdc |
typedef unsigned char ck_bool_t;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
struct pkcs11_session_info {
|
|
Packit |
549fdc |
struct ck_function_list *module;
|
|
Packit |
549fdc |
struct ck_token_info tinfo;
|
|
Packit |
549fdc |
struct ck_slot_info slot_info;
|
|
Packit |
549fdc |
ck_session_handle_t pks;
|
|
Packit |
549fdc |
ck_slot_id_t sid;
|
|
Packit |
549fdc |
unsigned int init;
|
|
Packit |
549fdc |
unsigned int trusted; /* whether module is marked as trusted */
|
|
Packit |
549fdc |
};
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
struct gnutls_pkcs11_obj_st {
|
|
Packit |
549fdc |
gnutls_datum_t raw;
|
|
Packit |
549fdc |
gnutls_pkcs11_obj_type_t type;
|
|
Packit |
549fdc |
ck_object_class_t class;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
unsigned int flags;
|
|
Packit |
549fdc |
struct p11_kit_uri *info;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* only when pubkey */
|
|
Packit |
549fdc |
gnutls_datum_t pubkey[MAX_PUBLIC_PARAMS_SIZE];
|
|
Packit |
549fdc |
unsigned pubkey_size;
|
|
Packit |
549fdc |
gnutls_pk_algorithm_t pk_algorithm;
|
|
Packit |
549fdc |
unsigned int key_usage;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
struct pin_info_st pin;
|
|
Packit |
549fdc |
};
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
struct gnutls_pkcs11_privkey_st {
|
|
Packit |
549fdc |
gnutls_pk_algorithm_t pk_algorithm;
|
|
Packit |
549fdc |
unsigned int rsa_pss_ok; /* if it is an RSA key, it can do RSA-PSS */
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
unsigned int flags;
|
|
Packit |
549fdc |
struct p11_kit_uri *uinfo;
|
|
Packit |
549fdc |
char *url;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
struct pkcs11_session_info sinfo;
|
|
Packit |
549fdc |
ck_object_handle_t ref; /* the key in the session */
|
|
Packit |
549fdc |
unsigned reauth; /* whether we need to login on each operation */
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
void *mutex; /* lock for operations requiring co-ordination */
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
struct pin_info_st pin;
|
|
Packit |
549fdc |
};
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* This must be called on every function that uses a PKCS #11 function
|
|
Packit |
549fdc |
* directly. It can be provided a callback function to run when a reinitialization
|
|
Packit |
549fdc |
* occurs. */
|
|
Packit |
549fdc |
typedef int (*pkcs11_reinit_function)(void *priv);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
typedef enum init_level_t {
|
|
Packit |
549fdc |
PROV_UNINITIALIZED = 0,
|
|
Packit |
549fdc |
PROV_INIT_MANUAL,
|
|
Packit |
549fdc |
PROV_INIT_MANUAL_TRUSTED,
|
|
Packit |
549fdc |
PROV_INIT_TRUSTED,
|
|
Packit |
549fdc |
PROV_INIT_ALL
|
|
Packit |
549fdc |
} init_level_t;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* See _gnutls_pkcs11_check_init() for possible Transitions.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
int _gnutls_pkcs11_check_init(init_level_t req_level, void *priv, pkcs11_reinit_function cb);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#define FIX_KEY_USAGE(pk, usage) \
|
|
Packit |
549fdc |
if (usage == 0) { \
|
|
Packit |
549fdc |
if (pk == GNUTLS_PK_RSA) \
|
|
Packit |
549fdc |
usage = GNUTLS_KEY_DECIPHER_ONLY|GNUTLS_KEY_DIGITAL_SIGNATURE; \
|
|
Packit |
549fdc |
else \
|
|
Packit |
549fdc |
usage = GNUTLS_KEY_DIGITAL_SIGNATURE; \
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#define PKCS11_CHECK_INIT \
|
|
Packit |
549fdc |
ret = _gnutls_pkcs11_check_init(PROV_INIT_ALL, NULL, NULL); \
|
|
Packit |
549fdc |
if (ret < 0) \
|
|
Packit |
549fdc |
return gnutls_assert_val(ret)
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#define PKCS11_CHECK_INIT_RET(x) \
|
|
Packit |
549fdc |
ret = _gnutls_pkcs11_check_init(PROV_INIT_ALL, NULL, NULL); \
|
|
Packit |
549fdc |
if (ret < 0) \
|
|
Packit |
549fdc |
return gnutls_assert_val(x)
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#define PKCS11_CHECK_INIT_FLAGS(f) \
|
|
Packit |
549fdc |
ret = _gnutls_pkcs11_check_init((f & GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE)?PROV_INIT_TRUSTED:PROV_INIT_ALL, NULL, NULL); \
|
|
Packit |
549fdc |
if (ret < 0) \
|
|
Packit |
549fdc |
return gnutls_assert_val(ret)
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#define PKCS11_CHECK_INIT_FLAGS_RET(f, x) \
|
|
Packit |
549fdc |
ret = _gnutls_pkcs11_check_init((f & GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE)?PROV_INIT_TRUSTED:PROV_INIT_ALL, NULL, NULL); \
|
|
Packit |
549fdc |
if (ret < 0) \
|
|
Packit |
549fdc |
return gnutls_assert_val(x)
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* thus function is called for every token in the traverse_tokens
|
|
Packit |
549fdc |
* function. Once everything is traversed it is called with NULL tinfo.
|
|
Packit |
549fdc |
* It should return 0 if found what it was looking for.
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
typedef int (*find_func_t) (struct ck_function_list *, struct pkcs11_session_info *,
|
|
Packit |
549fdc |
struct ck_token_info * tinfo, struct ck_info *,
|
|
Packit |
549fdc |
void *input);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
int pkcs11_rv_to_err(ck_rv_t rv);
|
|
Packit |
549fdc |
int pkcs11_url_to_info(const char *url, struct p11_kit_uri **info, unsigned flags);
|
|
Packit |
549fdc |
int
|
|
Packit |
549fdc |
pkcs11_find_slot(struct ck_function_list **module, ck_slot_id_t * slot,
|
|
Packit |
549fdc |
struct p11_kit_uri *info, struct ck_token_info *_tinfo,
|
|
Packit |
549fdc |
struct ck_slot_info *_slot_info, unsigned int *trusted);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
int pkcs11_read_pubkey(struct ck_function_list *module,
|
|
Packit |
549fdc |
ck_session_handle_t pks, ck_object_handle_t obj,
|
|
Packit |
549fdc |
ck_key_type_t key_type, gnutls_pkcs11_obj_t pobj);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
int pkcs11_override_cert_exts(struct pkcs11_session_info *sinfo, gnutls_datum_t *spki, gnutls_datum_t *der);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
int pkcs11_get_info(struct p11_kit_uri *info,
|
|
Packit |
549fdc |
gnutls_pkcs11_obj_info_t itype, void *output,
|
|
Packit |
549fdc |
size_t * output_size);
|
|
Packit |
549fdc |
int pkcs11_login(struct pkcs11_session_info *sinfo,
|
|
Packit |
549fdc |
struct pin_info_st *pin_info,
|
|
Packit |
549fdc |
struct p11_kit_uri *info, unsigned flags);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
int pkcs11_call_token_func(struct p11_kit_uri *info, const unsigned retry);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
extern gnutls_pkcs11_token_callback_t _gnutls_token_func;
|
|
Packit |
549fdc |
extern void *_gnutls_token_data;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
void pkcs11_rescan_slots(void);
|
|
Packit |
549fdc |
int pkcs11_info_to_url(struct p11_kit_uri *info,
|
|
Packit |
549fdc |
gnutls_pkcs11_url_type_t detailed, char **url);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
int
|
|
Packit |
549fdc |
_gnutls_x509_crt_import_pkcs11_url(gnutls_x509_crt_t crt,
|
|
Packit |
549fdc |
const char *url, unsigned int flags);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#define SESSION_WRITE (1<<0)
|
|
Packit |
549fdc |
#define SESSION_LOGIN (1<<1)
|
|
Packit |
549fdc |
#define SESSION_SO (1<<2) /* security officer session */
|
|
Packit |
549fdc |
#define SESSION_TRUSTED (1<<3) /* session on a marked as trusted (p11-kit) module */
|
|
Packit |
549fdc |
#define SESSION_FORCE_LOGIN (1<<4) /* force login even when CFK_LOGIN_REQUIRED is not set */
|
|
Packit |
549fdc |
#define SESSION_CONTEXT_SPECIFIC (1<<5)
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
int pkcs11_open_session(struct pkcs11_session_info *sinfo,
|
|
Packit |
549fdc |
struct pin_info_st *pin_info,
|
|
Packit |
549fdc |
struct p11_kit_uri *info, unsigned int flags);
|
|
Packit |
549fdc |
int _pkcs11_traverse_tokens(find_func_t find_func, void *input,
|
|
Packit |
549fdc |
struct p11_kit_uri *info,
|
|
Packit |
549fdc |
struct pin_info_st *pin_info,
|
|
Packit |
549fdc |
unsigned int flags);
|
|
Packit |
549fdc |
ck_object_class_t pkcs11_strtype_to_class(const char *type);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* Additional internal flags for gnutls_pkcs11_obj_flags */
|
|
Packit |
549fdc |
/* @GNUTLS_PKCS11_OBJ_FLAG_EXPECT_CERT: When importing an object, provide a hint on the type, to allow incomplete URLs
|
|
Packit |
549fdc |
* @GNUTLS_PKCS11_OBJ_FLAG_EXPECT_PRIVKEY: Hint for private key */
|
|
Packit |
549fdc |
#define GNUTLS_PKCS11_OBJ_FLAG_EXPECT_CERT (1<<29)
|
|
Packit |
549fdc |
#define GNUTLS_PKCS11_OBJ_FLAG_EXPECT_PRIVKEY (1<<30)
|
|
Packit |
549fdc |
#define GNUTLS_PKCS11_OBJ_FLAG_EXPECT_PUBKEY ((unsigned int)1<<31)
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
int pkcs11_token_matches_info(struct p11_kit_uri *info,
|
|
Packit |
549fdc |
struct ck_token_info *tinfo,
|
|
Packit |
549fdc |
struct ck_info *lib_info);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
unsigned int pkcs11_obj_flags_to_int(unsigned int flags);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
int
|
|
Packit |
549fdc |
_gnutls_pkcs11_privkey_sign(gnutls_pkcs11_privkey_t key,
|
|
Packit |
549fdc |
const gnutls_sign_entry_st *se,
|
|
Packit |
549fdc |
const gnutls_datum_t * hash,
|
|
Packit |
549fdc |
gnutls_datum_t * signature,
|
|
Packit |
549fdc |
gnutls_x509_spki_st *spki_params);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
int
|
|
Packit |
549fdc |
_gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key,
|
|
Packit |
549fdc |
unsigned int flags,
|
|
Packit |
549fdc |
const gnutls_datum_t * ciphertext,
|
|
Packit |
549fdc |
gnutls_datum_t * plaintext);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
int
|
|
Packit |
549fdc |
_pkcs11_privkey_get_pubkey (gnutls_pkcs11_privkey_t pkey, gnutls_pubkey_t *pub, unsigned flags);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
static inline int pk_to_mech(gnutls_pk_algorithm_t pk)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
if (pk == GNUTLS_PK_DSA)
|
|
Packit |
549fdc |
return CKM_DSA;
|
|
Packit |
549fdc |
else if (pk == GNUTLS_PK_EC)
|
|
Packit |
549fdc |
return CKM_ECDSA;
|
|
Packit |
549fdc |
else if (pk == GNUTLS_PK_RSA)
|
|
Packit |
549fdc |
return CKM_RSA_PKCS;
|
|
Packit |
549fdc |
else if (pk == GNUTLS_PK_RSA_PSS)
|
|
Packit |
549fdc |
return CKM_RSA_PKCS_PSS;
|
|
Packit |
549fdc |
else
|
|
Packit |
549fdc |
return -1;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
static inline int pk_to_key_type(gnutls_pk_algorithm_t pk)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
if (pk == GNUTLS_PK_DSA)
|
|
Packit |
549fdc |
return CKK_DSA;
|
|
Packit |
549fdc |
else if (pk == GNUTLS_PK_EC)
|
|
Packit |
549fdc |
return CKK_ECDSA;
|
|
Packit |
549fdc |
else if (pk == GNUTLS_PK_RSA_PSS || pk == GNUTLS_PK_RSA)
|
|
Packit |
549fdc |
return CKK_RSA;
|
|
Packit |
549fdc |
else
|
|
Packit |
549fdc |
return -1;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
static inline gnutls_pk_algorithm_t key_type_to_pk(ck_key_type_t m)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
if (m == CKK_RSA)
|
|
Packit |
549fdc |
return GNUTLS_PK_RSA;
|
|
Packit |
549fdc |
else if (m == CKK_DSA)
|
|
Packit |
549fdc |
return GNUTLS_PK_DSA;
|
|
Packit |
549fdc |
else if (m == CKK_ECDSA)
|
|
Packit |
549fdc |
return GNUTLS_PK_EC;
|
|
Packit |
549fdc |
else
|
|
Packit |
549fdc |
return GNUTLS_PK_UNKNOWN;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
static inline int pk_to_genmech(gnutls_pk_algorithm_t pk, ck_key_type_t *type)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
if (pk == GNUTLS_PK_DSA) {
|
|
Packit |
549fdc |
*type = CKK_DSA;
|
|
Packit |
549fdc |
return CKM_DSA_KEY_PAIR_GEN;
|
|
Packit |
549fdc |
} else if (pk == GNUTLS_PK_EC) {
|
|
Packit |
549fdc |
*type = CKK_ECDSA;
|
|
Packit |
549fdc |
return CKM_ECDSA_KEY_PAIR_GEN;
|
|
Packit |
549fdc |
} else if (pk == GNUTLS_PK_RSA_PSS || pk == GNUTLS_PK_RSA) {
|
|
Packit |
549fdc |
*type = CKK_RSA;
|
|
Packit |
549fdc |
return CKM_RSA_PKCS_KEY_PAIR_GEN;
|
|
Packit |
549fdc |
} else {
|
|
Packit |
549fdc |
*type = -1;
|
|
Packit |
549fdc |
return -1;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ck_object_class_t pkcs11_type_to_class(gnutls_pkcs11_obj_type_t type);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ck_rv_t
|
|
Packit |
549fdc |
pkcs11_generate_key(struct ck_function_list * module,
|
|
Packit |
549fdc |
ck_session_handle_t sess,
|
|
Packit |
549fdc |
struct ck_mechanism * mechanism,
|
|
Packit |
549fdc |
struct ck_attribute * templ,
|
|
Packit |
549fdc |
unsigned long count,
|
|
Packit |
549fdc |
ck_object_handle_t * key);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ck_rv_t
|
|
Packit |
549fdc |
pkcs11_generate_key_pair(struct ck_function_list * module,
|
|
Packit |
549fdc |
ck_session_handle_t sess,
|
|
Packit |
549fdc |
struct ck_mechanism * mechanism,
|
|
Packit |
549fdc |
struct ck_attribute * pub_templ,
|
|
Packit |
549fdc |
unsigned long pub_templ_count,
|
|
Packit |
549fdc |
struct ck_attribute * priv_templ,
|
|
Packit |
549fdc |
unsigned long priv_templ_count,
|
|
Packit |
549fdc |
ck_object_handle_t * pub,
|
|
Packit |
549fdc |
ck_object_handle_t * priv);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ck_rv_t
|
|
Packit |
549fdc |
pkcs11_get_slot_list(struct ck_function_list *module,
|
|
Packit |
549fdc |
unsigned char token_present,
|
|
Packit |
549fdc |
ck_slot_id_t * slot_list, unsigned long *count);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ck_rv_t
|
|
Packit |
549fdc |
pkcs11_get_module_info(struct ck_function_list *module,
|
|
Packit |
549fdc |
struct ck_info *info);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ck_rv_t
|
|
Packit |
549fdc |
pkcs11_get_slot_info(struct ck_function_list *module,
|
|
Packit |
549fdc |
ck_slot_id_t slot_id, struct ck_slot_info *info);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ck_rv_t
|
|
Packit |
549fdc |
pkcs11_get_token_info(struct ck_function_list *module,
|
|
Packit |
549fdc |
ck_slot_id_t slot_id, struct ck_token_info *info);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ck_rv_t
|
|
Packit |
549fdc |
pkcs11_find_objects_init(struct ck_function_list *module,
|
|
Packit |
549fdc |
ck_session_handle_t sess,
|
|
Packit |
549fdc |
struct ck_attribute *templ, unsigned long count);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ck_rv_t
|
|
Packit |
549fdc |
pkcs11_find_objects(struct ck_function_list *module,
|
|
Packit |
549fdc |
ck_session_handle_t sess,
|
|
Packit |
549fdc |
ck_object_handle_t * objects,
|
|
Packit |
549fdc |
unsigned long max_object_count,
|
|
Packit |
549fdc |
unsigned long *object_count);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ck_rv_t pkcs11_find_objects_final(struct pkcs11_session_info *);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ck_rv_t pkcs11_close_session(struct pkcs11_session_info *);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ck_rv_t
|
|
Packit |
549fdc |
pkcs11_set_attribute_value(struct ck_function_list * module,
|
|
Packit |
549fdc |
ck_session_handle_t sess,
|
|
Packit |
549fdc |
ck_object_handle_t object,
|
|
Packit |
549fdc |
struct ck_attribute * templ,
|
|
Packit |
549fdc |
unsigned long count);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ck_rv_t
|
|
Packit |
549fdc |
pkcs11_get_attribute_value(struct ck_function_list *module,
|
|
Packit |
549fdc |
ck_session_handle_t sess,
|
|
Packit |
549fdc |
ck_object_handle_t object,
|
|
Packit |
549fdc |
struct ck_attribute *templ,
|
|
Packit |
549fdc |
unsigned long count);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ck_rv_t
|
|
Packit |
549fdc |
pkcs11_get_attribute_avalue(struct ck_function_list * module,
|
|
Packit |
549fdc |
ck_session_handle_t sess,
|
|
Packit |
549fdc |
ck_object_handle_t object,
|
|
Packit |
549fdc |
ck_attribute_type_t type,
|
|
Packit |
549fdc |
gnutls_datum_t *res);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ck_rv_t
|
|
Packit |
549fdc |
pkcs11_get_mechanism_list(struct ck_function_list *module,
|
|
Packit |
549fdc |
ck_slot_id_t slot_id,
|
|
Packit |
549fdc |
ck_mechanism_type_t * mechanism_list,
|
|
Packit |
549fdc |
unsigned long *count);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ck_rv_t
|
|
Packit |
549fdc |
pkcs11_get_mechanism_info(struct ck_function_list *module,
|
|
Packit |
549fdc |
ck_slot_id_t slot_id,
|
|
Packit |
549fdc |
ck_mechanism_type_t mechanism,
|
|
Packit |
549fdc |
struct ck_mechanism_info *ptr);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ck_rv_t
|
|
Packit |
549fdc |
pkcs11_sign_init(struct ck_function_list *module,
|
|
Packit |
549fdc |
ck_session_handle_t sess,
|
|
Packit |
549fdc |
struct ck_mechanism *mechanism, ck_object_handle_t key);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ck_rv_t
|
|
Packit |
549fdc |
pkcs11_sign(struct ck_function_list *module,
|
|
Packit |
549fdc |
ck_session_handle_t sess,
|
|
Packit |
549fdc |
unsigned char *data,
|
|
Packit |
549fdc |
unsigned long data_len,
|
|
Packit |
549fdc |
unsigned char *signature, unsigned long *signature_len);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ck_rv_t
|
|
Packit |
549fdc |
pkcs11_decrypt_init(struct ck_function_list *module,
|
|
Packit |
549fdc |
ck_session_handle_t sess,
|
|
Packit |
549fdc |
struct ck_mechanism *mechanism,
|
|
Packit |
549fdc |
ck_object_handle_t key);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ck_rv_t
|
|
Packit |
549fdc |
pkcs11_decrypt(struct ck_function_list *module,
|
|
Packit |
549fdc |
ck_session_handle_t sess,
|
|
Packit |
549fdc |
unsigned char *encrypted_data,
|
|
Packit |
549fdc |
unsigned long encrypted_data_len,
|
|
Packit |
549fdc |
unsigned char *data, unsigned long *data_len);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ck_rv_t
|
|
Packit |
549fdc |
pkcs11_create_object(struct ck_function_list *module,
|
|
Packit |
549fdc |
ck_session_handle_t sess,
|
|
Packit |
549fdc |
struct ck_attribute *templ,
|
|
Packit |
549fdc |
unsigned long count, ck_object_handle_t * object);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ck_rv_t
|
|
Packit |
549fdc |
pkcs11_destroy_object(struct ck_function_list *module,
|
|
Packit |
549fdc |
ck_session_handle_t sess, ck_object_handle_t object);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ck_rv_t
|
|
Packit |
549fdc |
pkcs11_init_token(struct ck_function_list *module,
|
|
Packit |
549fdc |
ck_slot_id_t slot_id, unsigned char *pin,
|
|
Packit |
549fdc |
unsigned long pin_len, unsigned char *label);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ck_rv_t
|
|
Packit |
549fdc |
pkcs11_init_pin(struct ck_function_list *module,
|
|
Packit |
549fdc |
ck_session_handle_t sess,
|
|
Packit |
549fdc |
unsigned char *pin, unsigned long pin_len);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ck_rv_t
|
|
Packit |
549fdc |
pkcs11_set_pin(struct ck_function_list *module,
|
|
Packit |
549fdc |
ck_session_handle_t sess,
|
|
Packit |
549fdc |
const char *old_pin,
|
|
Packit |
549fdc |
unsigned long old_len,
|
|
Packit |
549fdc |
const char *new_pin, unsigned long new_len);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
ck_rv_t
|
|
Packit |
549fdc |
_gnutls_pkcs11_get_random(struct ck_function_list *module,
|
|
Packit |
549fdc |
ck_session_handle_t sess, void *data, size_t len);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
const char *pkcs11_strerror(ck_rv_t rv);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* Returns 1 if the provided URL is an object, rather than
|
|
Packit |
549fdc |
* a token. */
|
|
Packit |
549fdc |
inline static bool is_pkcs11_url_object(const char *url)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
if (strstr(url, "id=") != 0 || strstr(url, "object=") != 0)
|
|
Packit |
549fdc |
return 1;
|
|
Packit |
549fdc |
return 0;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#endif /* ENABLE_PKCS11 */
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#endif
|