|
Packit |
6b81fa |
/* libp11, a simple layer on to of PKCS#11 API
|
|
Packit |
6b81fa |
* Copyright (C) 2005 Olaf Kirch <okir@lst.de>
|
|
Packit |
6b81fa |
* Copyright (C) 2015-2018 MichaĆ Trojnara <Michal.Trojnara@stunnel.org>
|
|
Packit |
6b81fa |
*
|
|
Packit |
6b81fa |
* This library is free software; you can redistribute it and/or
|
|
Packit |
6b81fa |
* modify it under the terms of the GNU Lesser General Public
|
|
Packit |
6b81fa |
* License as published by the Free Software Foundation; either
|
|
Packit |
6b81fa |
* version 2.1 of the License, or (at your option) any later version.
|
|
Packit |
6b81fa |
*
|
|
Packit |
6b81fa |
* This library is distributed in the hope that it will be useful,
|
|
Packit |
6b81fa |
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
6b81fa |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
6b81fa |
* Lesser General Public License for more details.
|
|
Packit |
6b81fa |
*
|
|
Packit |
6b81fa |
* You should have received a copy of the GNU Lesser General Public
|
|
Packit |
6b81fa |
* License along with this library; if not, write to the Free Software
|
|
Packit |
6b81fa |
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
Packit |
6b81fa |
*/
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
#ifndef _LIBP11_INT_H
|
|
Packit |
6b81fa |
#define _LIBP11_INT_H
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
#ifndef _WIN32
|
|
Packit |
6b81fa |
#include "config.h"
|
|
Packit |
6b81fa |
#endif
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
#include "libp11.h"
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
#define CRYPTOKI_EXPORTS
|
|
Packit |
6b81fa |
#include "pkcs11.h"
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
#if OPENSSL_VERSION_NUMBER < 0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
|
|
Packit |
6b81fa |
typedef int PKCS11_RWLOCK;
|
|
Packit |
6b81fa |
#else
|
|
Packit |
6b81fa |
typedef CRYPTO_RWLOCK *PKCS11_RWLOCK;
|
|
Packit |
6b81fa |
#endif
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* get private implementations of PKCS11 structures */
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/*
|
|
Packit |
6b81fa |
* PKCS11_CTX: context for a PKCS11 implementation
|
|
Packit |
6b81fa |
*/
|
|
Packit |
6b81fa |
typedef struct pkcs11_ctx_private {
|
|
Packit |
6b81fa |
CK_FUNCTION_LIST_PTR method;
|
|
Packit |
6b81fa |
void *handle;
|
|
Packit |
6b81fa |
char *init_args;
|
|
Packit |
6b81fa |
UI_METHOD *ui_method; /* UI_METHOD for CKU_CONTEXT_SPECIFIC PINs */
|
|
Packit |
6b81fa |
void *ui_user_data;
|
|
Packit |
6b81fa |
unsigned int forkid;
|
|
Packit |
6b81fa |
PKCS11_RWLOCK rwlock;
|
|
Packit |
6b81fa |
int sign_initialized;
|
|
Packit |
6b81fa |
int decrypt_initialized;
|
|
Packit |
6b81fa |
} PKCS11_CTX_private;
|
|
Packit |
6b81fa |
#define PRIVCTX(ctx) ((PKCS11_CTX_private *) ((ctx)->_private))
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
typedef struct pkcs11_slot_private {
|
|
Packit |
6b81fa |
PKCS11_CTX *parent;
|
|
Packit |
6b81fa |
unsigned char haveSession, loggedIn;
|
|
Packit |
6b81fa |
CK_SLOT_ID id;
|
|
Packit |
6b81fa |
CK_SESSION_HANDLE session;
|
|
Packit |
6b81fa |
unsigned int forkid;
|
|
Packit |
6b81fa |
int prev_rw; /* the rw status the session was open */
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* options used in last PKCS11_login */
|
|
Packit |
6b81fa |
char *prev_pin;
|
|
Packit |
6b81fa |
int prev_so;
|
|
Packit |
6b81fa |
} PKCS11_SLOT_private;
|
|
Packit |
6b81fa |
#define PRIVSLOT(slot) ((PKCS11_SLOT_private *) ((slot)->_private))
|
|
Packit |
6b81fa |
#define SLOT2CTX(slot) (PRIVSLOT(slot)->parent)
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
typedef struct pkcs11_keys {
|
|
Packit |
6b81fa |
int num;
|
|
Packit |
6b81fa |
PKCS11_KEY *keys;
|
|
Packit |
6b81fa |
} PKCS11_keys;
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
typedef struct pkcs11_token_private {
|
|
Packit |
6b81fa |
PKCS11_SLOT *parent;
|
|
Packit |
6b81fa |
PKCS11_keys prv, pub;
|
|
Packit |
6b81fa |
int ncerts;
|
|
Packit |
6b81fa |
PKCS11_CERT *certs;
|
|
Packit |
6b81fa |
} PKCS11_TOKEN_private;
|
|
Packit |
6b81fa |
#define PRIVTOKEN(token) ((PKCS11_TOKEN_private *) ((token)->_private))
|
|
Packit |
6b81fa |
#define TOKEN2SLOT(token) (PRIVTOKEN(token)->parent)
|
|
Packit |
6b81fa |
#define TOKEN2CTX(token) SLOT2CTX(TOKEN2SLOT(token))
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
typedef struct pkcs11_key_ops {
|
|
Packit |
6b81fa |
int type; /* EVP_PKEY_xxx */
|
|
Packit |
6b81fa |
EVP_PKEY *(*get_evp_key) (PKCS11_KEY *);
|
|
Packit |
6b81fa |
void (*update_ex_data) (PKCS11_KEY *);
|
|
Packit |
6b81fa |
} PKCS11_KEY_ops;
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
typedef struct pkcs11_key_private {
|
|
Packit |
6b81fa |
PKCS11_TOKEN *parent;
|
|
Packit |
6b81fa |
CK_OBJECT_HANDLE object;
|
|
Packit |
6b81fa |
CK_BBOOL always_authenticate;
|
|
Packit |
6b81fa |
unsigned char id[255];
|
|
Packit |
6b81fa |
size_t id_len;
|
|
Packit |
6b81fa |
PKCS11_KEY_ops *ops;
|
|
Packit |
6b81fa |
unsigned int forkid;
|
|
Packit |
6b81fa |
} PKCS11_KEY_private;
|
|
Packit |
6b81fa |
#define PRIVKEY(key) ((PKCS11_KEY_private *) (key)->_private)
|
|
Packit |
6b81fa |
#define KEY2SLOT(key) TOKEN2SLOT(KEY2TOKEN(key))
|
|
Packit |
6b81fa |
#define KEY2TOKEN(key) (PRIVKEY(key)->parent)
|
|
Packit |
6b81fa |
#define KEY2CTX(key) TOKEN2CTX(KEY2TOKEN(key))
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
typedef struct pkcs11_cert_private {
|
|
Packit |
6b81fa |
PKCS11_TOKEN *parent;
|
|
Packit |
6b81fa |
CK_OBJECT_HANDLE object;
|
|
Packit |
6b81fa |
unsigned char id[255];
|
|
Packit |
6b81fa |
size_t id_len;
|
|
Packit |
6b81fa |
} PKCS11_CERT_private;
|
|
Packit |
6b81fa |
#define PRIVCERT(cert) ((PKCS11_CERT_private *) (cert)->_private)
|
|
Packit |
6b81fa |
#define CERT2SLOT(cert) TOKEN2SLOT(CERT2TOKEN(cert))
|
|
Packit |
6b81fa |
#define CERT2TOKEN(cert) (PRIVCERT(cert)->parent)
|
|
Packit |
6b81fa |
#define CERT2CTX(cert) TOKEN2CTX(CERT2TOKEN(cert))
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
extern PKCS11_KEY_ops pkcs11_rsa_ops;
|
|
Packit |
6b81fa |
extern PKCS11_KEY_ops *pkcs11_ec_ops;
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/*
|
|
Packit |
6b81fa |
* Internal functions
|
|
Packit |
6b81fa |
*/
|
|
Packit |
6b81fa |
#define CRYPTOKI_checkerr(f, rv) \
|
|
Packit |
6b81fa |
do { \
|
|
Packit |
6b81fa |
if (rv) { \
|
|
Packit |
6b81fa |
CKRerr(f, rv); \
|
|
Packit |
6b81fa |
return -1; \
|
|
Packit |
6b81fa |
} \
|
|
Packit |
6b81fa |
ERR_clear_error(); \
|
|
Packit |
6b81fa |
} while (0)
|
|
Packit |
6b81fa |
#define CRYPTOKI_call(ctx, func_and_args) \
|
|
Packit |
6b81fa |
PRIVCTX(ctx)->method->func_and_args
|
|
Packit |
6b81fa |
extern int ERR_load_CKR_strings(void);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Memory allocation */
|
|
Packit |
6b81fa |
#define PKCS11_DUP(s) \
|
|
Packit |
6b81fa |
pkcs11_strdup((char *) s, sizeof(s))
|
|
Packit |
6b81fa |
extern char *pkcs11_strdup(char *, size_t);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Emulate the OpenSSL 1.1 locking API for older OpenSSL versions */
|
|
Packit |
6b81fa |
#if OPENSSL_VERSION_NUMBER < 0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
|
|
Packit |
6b81fa |
int CRYPTO_THREAD_lock_new();
|
|
Packit |
6b81fa |
void CRYPTO_THREAD_lock_free(int);
|
|
Packit |
6b81fa |
#define CRYPTO_THREAD_write_lock(type) \
|
|
Packit |
6b81fa |
if(type) CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
|
|
Packit |
6b81fa |
#define CRYPTO_THREAD_unlock(type) \
|
|
Packit |
6b81fa |
if(type) CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
|
|
Packit |
6b81fa |
#define CRYPTO_THREAD_read_lock(type) \
|
|
Packit |
6b81fa |
if(type) CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
|
|
Packit |
6b81fa |
#define CRYPTO_THREAD_read_unlock(type) \
|
|
Packit |
6b81fa |
if(type) CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
|
|
Packit |
6b81fa |
#endif
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Emulate the OpenSSL 1.1 getters */
|
|
Packit |
6b81fa |
#if OPENSSL_VERSION_NUMBER < 0x10100003L || defined(LIBRESSL_VERSION_NUMBER)
|
|
Packit |
6b81fa |
#define EVP_PKEY_get0_RSA(key) ((key)->pkey.rsa)
|
|
Packit |
6b81fa |
#define EVP_PKEY_get0_EC_KEY(key) ((key)->pkey.ec)
|
|
Packit |
6b81fa |
#endif
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Reinitializing the module afer fork (if detected) */
|
|
Packit |
6b81fa |
extern unsigned int get_forkid();
|
|
Packit |
6b81fa |
extern int check_fork(PKCS11_CTX *ctx);
|
|
Packit |
6b81fa |
extern int check_slot_fork(PKCS11_SLOT *slot);
|
|
Packit |
6b81fa |
extern int check_token_fork(PKCS11_TOKEN *token);
|
|
Packit |
6b81fa |
extern int check_key_fork(PKCS11_KEY *key);
|
|
Packit |
6b81fa |
extern int check_cert_fork(PKCS11_CERT *cert);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Other internal functions */
|
|
Packit |
6b81fa |
extern void *C_LoadModule(const char *name, CK_FUNCTION_LIST_PTR_PTR);
|
|
Packit |
6b81fa |
extern CK_RV C_UnloadModule(void *module);
|
|
Packit |
6b81fa |
extern void pkcs11_destroy_keys(PKCS11_TOKEN *, unsigned int);
|
|
Packit |
6b81fa |
extern void pkcs11_destroy_certs(PKCS11_TOKEN *);
|
|
Packit |
6b81fa |
extern int pkcs11_reload_key(PKCS11_KEY *);
|
|
Packit |
6b81fa |
extern int pkcs11_reopen_session(PKCS11_SLOT * slot);
|
|
Packit |
6b81fa |
extern int pkcs11_relogin(PKCS11_SLOT * slot);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Managing object attributes */
|
|
Packit |
6b81fa |
extern int pkcs11_getattr_var(PKCS11_TOKEN *, CK_OBJECT_HANDLE,
|
|
Packit |
6b81fa |
unsigned int, CK_BYTE *, size_t *);
|
|
Packit |
6b81fa |
extern int pkcs11_getattr_val(PKCS11_TOKEN *, CK_OBJECT_HANDLE,
|
|
Packit |
6b81fa |
unsigned int, void *, size_t);
|
|
Packit |
6b81fa |
extern int pkcs11_getattr_alloc(PKCS11_TOKEN *, CK_OBJECT_HANDLE,
|
|
Packit |
6b81fa |
unsigned int, CK_BYTE **, size_t *);
|
|
Packit |
6b81fa |
/*
|
|
Packit |
6b81fa |
* Caution: the BIGNUM ** shall reference either a NULL pointer or a
|
|
Packit |
6b81fa |
* pointer to a valid BIGNUM.
|
|
Packit |
6b81fa |
*/
|
|
Packit |
6b81fa |
extern int pkcs11_getattr_bn(PKCS11_TOKEN *, CK_OBJECT_HANDLE,
|
|
Packit |
6b81fa |
unsigned int, BIGNUM **);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
#define key_getattr_var(key, t, p, s) \
|
|
Packit |
6b81fa |
pkcs11_getattr_var(KEY2TOKEN((key)), PRIVKEY((key))->object, (t), (p), (s))
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
#define key_getattr_val(key, t, p, s) \
|
|
Packit |
6b81fa |
pkcs11_getattr_val(KEY2TOKEN((key)), PRIVKEY((key))->object, (t), (p), (s))
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
#define key_getattr_alloc(key, t, p, s) \
|
|
Packit |
6b81fa |
pkcs11_getattr_alloc(KEY2TOKEN((key)), PRIVKEY((key))->object, (t), (p), (s))
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/*
|
|
Packit |
6b81fa |
* Caution: bn shall reference either a NULL pointer or a pointer to
|
|
Packit |
6b81fa |
* a valid BIGNUM.
|
|
Packit |
6b81fa |
*/
|
|
Packit |
6b81fa |
#define key_getattr_bn(key, t, bn) \
|
|
Packit |
6b81fa |
pkcs11_getattr_bn(KEY2TOKEN((key)), PRIVKEY((key))->object, (t), (bn))
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
typedef int (*pkcs11_i2d_fn) (void *, unsigned char **);
|
|
Packit |
6b81fa |
extern void pkcs11_addattr(CK_ATTRIBUTE_PTR, int, const void *, size_t);
|
|
Packit |
6b81fa |
extern void pkcs11_addattr_int(CK_ATTRIBUTE_PTR, int, unsigned long);
|
|
Packit |
6b81fa |
extern void pkcs11_addattr_bool(CK_ATTRIBUTE_PTR, int, int);
|
|
Packit |
6b81fa |
extern void pkcs11_addattr_s(CK_ATTRIBUTE_PTR, int, const char *);
|
|
Packit |
6b81fa |
extern void pkcs11_addattr_bn(CK_ATTRIBUTE_PTR, int, const BIGNUM *);
|
|
Packit |
6b81fa |
extern void pkcs11_addattr_obj(CK_ATTRIBUTE_PTR, int, pkcs11_i2d_fn, void *);
|
|
Packit |
6b81fa |
extern void pkcs11_zap_attrs(CK_ATTRIBUTE_PTR, unsigned int);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Internal implementation of current features */
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Allocate the context */
|
|
Packit |
6b81fa |
extern PKCS11_CTX *pkcs11_CTX_new(void);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Specify any private PKCS#11 module initialization args, if necessary */
|
|
Packit |
6b81fa |
extern void pkcs11_CTX_init_args(PKCS11_CTX * ctx, const char * init_args);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Load a PKCS#11 module */
|
|
Packit |
6b81fa |
extern int pkcs11_CTX_load(PKCS11_CTX * ctx, const char * ident);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Reinitialize a PKCS#11 module (after a fork) */
|
|
Packit |
6b81fa |
extern int pkcs11_CTX_reload(PKCS11_CTX * ctx);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Unload a PKCS#11 module */
|
|
Packit |
6b81fa |
extern void pkcs11_CTX_unload(PKCS11_CTX * ctx);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Free a libp11 context */
|
|
Packit |
6b81fa |
extern void pkcs11_CTX_free(PKCS11_CTX * ctx);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Open a session in RO or RW mode */
|
|
Packit |
6b81fa |
extern int pkcs11_open_session(PKCS11_SLOT * slot, int rw, int relogin);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Get a list of all slots */
|
|
Packit |
6b81fa |
extern int pkcs11_enumerate_slots(PKCS11_CTX * ctx,
|
|
Packit |
6b81fa |
PKCS11_SLOT **slotsp, unsigned int *nslotsp);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Get the slot_id from a slot as it is stored in private */
|
|
Packit |
6b81fa |
extern unsigned long pkcs11_get_slotid_from_slot(PKCS11_SLOT *slot);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Free the list of slots allocated by PKCS11_enumerate_slots() */
|
|
Packit |
6b81fa |
extern void pkcs11_release_all_slots(PKCS11_CTX * ctx,
|
|
Packit |
6b81fa |
PKCS11_SLOT *slots, unsigned int nslots);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Find the first slot with a token */
|
|
Packit |
6b81fa |
extern PKCS11_SLOT *pkcs11_find_token(PKCS11_CTX * ctx,
|
|
Packit |
6b81fa |
PKCS11_SLOT *slots, unsigned int nslots);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Find the next slot with a token */
|
|
Packit |
6b81fa |
extern PKCS11_SLOT *pkcs11_find_next_token(PKCS11_CTX * ctx,
|
|
Packit |
6b81fa |
PKCS11_SLOT *slots, unsigned int nslots,
|
|
Packit |
6b81fa |
PKCS11_SLOT *current);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Check if user is already authenticated to a card */
|
|
Packit |
6b81fa |
extern int pkcs11_is_logged_in(PKCS11_SLOT * slot, int so, int * res);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Authenticate to the card */
|
|
Packit |
6b81fa |
extern int pkcs11_login(PKCS11_SLOT * slot, int so, const char *pin, int relogin);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* De-authenticate from the card */
|
|
Packit |
6b81fa |
extern int pkcs11_logout(PKCS11_SLOT * slot);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Authenticate a private the key operation if needed */
|
|
Packit |
6b81fa |
int pkcs11_authenticate(PKCS11_KEY *key);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Get a list of keys associated with this token */
|
|
Packit |
6b81fa |
extern int pkcs11_enumerate_keys(PKCS11_TOKEN *token, unsigned int type,
|
|
Packit |
6b81fa |
PKCS11_KEY **keys, unsigned int *nkeys);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Remove a key from the token */
|
|
Packit |
6b81fa |
extern int pkcs11_remove_key(PKCS11_KEY *key);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Get the key type (as EVP_PKEY_XXX) */
|
|
Packit |
6b81fa |
extern int pkcs11_get_key_type(PKCS11_KEY *key);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Returns a EVP_PKEY object with the private or public key */
|
|
Packit |
6b81fa |
extern EVP_PKEY *pkcs11_get_key(PKCS11_KEY *key, int isPrivate);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Find the corresponding certificate (if any) */
|
|
Packit |
6b81fa |
extern PKCS11_CERT *pkcs11_find_certificate(PKCS11_KEY *key);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Find the corresponding key (if any) */
|
|
Packit |
6b81fa |
extern PKCS11_KEY *pkcs11_find_key(PKCS11_CERT *cert);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Find the corresponding key (if any) pub <-> priv base on ID */
|
|
Packit |
6b81fa |
extern PKCS11_KEY *pkcs11_find_key_from_key(PKCS11_KEY *key);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Get a list of all certificates associated with this token */
|
|
Packit |
6b81fa |
extern int pkcs11_enumerate_certs(PKCS11_TOKEN *token,
|
|
Packit |
6b81fa |
PKCS11_CERT **certs, unsigned int *ncerts);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Remove a certificate from the token */
|
|
Packit |
6b81fa |
extern int pkcs11_remove_certificate(PKCS11_CERT *key);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Set UI method to allow retrieving CKU_CONTEXT_SPECIFIC PINs interactively */
|
|
Packit |
6b81fa |
extern int pkcs11_set_ui_method(PKCS11_CTX *ctx,
|
|
Packit |
6b81fa |
UI_METHOD *ui_method, void *ui_user_data);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Initialize a token */
|
|
Packit |
6b81fa |
extern int pkcs11_init_token(PKCS11_TOKEN * token, const char *pin,
|
|
Packit |
6b81fa |
const char *label);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Initialize the user PIN on a token */
|
|
Packit |
6b81fa |
extern int pkcs11_init_pin(PKCS11_TOKEN * token, const char *pin);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Change the user PIN on a token */
|
|
Packit |
6b81fa |
extern int pkcs11_change_pin(PKCS11_SLOT * slot,
|
|
Packit |
6b81fa |
const char *old_pin, const char *new_pin);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Store private key on a token */
|
|
Packit |
6b81fa |
extern int pkcs11_store_private_key(PKCS11_TOKEN * token,
|
|
Packit |
6b81fa |
EVP_PKEY * pk, char *label, unsigned char *id, size_t id_len);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Store public key on a token */
|
|
Packit |
6b81fa |
extern int pkcs11_store_public_key(PKCS11_TOKEN * token,
|
|
Packit |
6b81fa |
EVP_PKEY * pk, char *label, unsigned char *id, size_t id_len);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Store certificate on a token */
|
|
Packit |
6b81fa |
extern int pkcs11_store_certificate(PKCS11_TOKEN * token, X509 * x509,
|
|
Packit |
6b81fa |
char *label, unsigned char *id, size_t id_len,
|
|
Packit |
6b81fa |
PKCS11_CERT **ret_cert);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Access the random number generator */
|
|
Packit |
6b81fa |
extern int pkcs11_seed_random(PKCS11_SLOT *, const unsigned char *s, unsigned int s_len);
|
|
Packit |
6b81fa |
extern int pkcs11_generate_random(PKCS11_SLOT *, unsigned char *r, unsigned int r_len);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Internal implementation of deprecated features */
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Generate and store a private key on the token */
|
|
Packit |
6b81fa |
extern int pkcs11_generate_key(PKCS11_TOKEN * token,
|
|
Packit |
6b81fa |
int algorithm, unsigned int bits,
|
|
Packit |
6b81fa |
char *label, unsigned char* id, size_t id_len);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Get the RSA key modulus size (in bytes) */
|
|
Packit |
6b81fa |
extern int pkcs11_get_key_size(PKCS11_KEY *);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Get the RSA key modules as BIGNUM */
|
|
Packit |
6b81fa |
extern int pkcs11_get_key_modulus(PKCS11_KEY *, BIGNUM **);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Get the RSA key public exponent as BIGNUM */
|
|
Packit |
6b81fa |
extern int pkcs11_get_key_exponent(PKCS11_KEY *, BIGNUM **);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Sign with the RSA private key */
|
|
Packit |
6b81fa |
extern int pkcs11_sign(int type,
|
|
Packit |
6b81fa |
const unsigned char *m, unsigned int m_len,
|
|
Packit |
6b81fa |
unsigned char *sigret, unsigned int *siglen, PKCS11_KEY * key);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* This function has never been implemented */
|
|
Packit |
6b81fa |
extern int pkcs11_verify(int type,
|
|
Packit |
6b81fa |
const unsigned char *m, unsigned int m_len,
|
|
Packit |
6b81fa |
unsigned char *signature, unsigned int siglen, PKCS11_KEY * key);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Encrypts data using the private key */
|
|
Packit |
6b81fa |
extern int pkcs11_private_encrypt(
|
|
Packit |
6b81fa |
int flen, const unsigned char *from,
|
|
Packit |
6b81fa |
unsigned char *to, PKCS11_KEY * rsa, int padding);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Decrypts data using the private key */
|
|
Packit |
6b81fa |
extern int pkcs11_private_decrypt(
|
|
Packit |
6b81fa |
int flen, const unsigned char *from,
|
|
Packit |
6b81fa |
unsigned char *to, PKCS11_KEY * key, int padding);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Retrieve PKCS11_KEY from an RSA key */
|
|
Packit |
6b81fa |
extern PKCS11_KEY *pkcs11_get_ex_data_rsa(const RSA *rsa);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* Retrieve PKCS11_KEY from an EC_KEY */
|
|
Packit |
6b81fa |
extern PKCS11_KEY *pkcs11_get_ex_data_ec(const EC_KEY *ec);
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
#endif
|
|
Packit |
6b81fa |
|
|
Packit |
6b81fa |
/* vim: set noexpandtab: */
|