4 #include <pakchois/pakchois.h>
5 #include <gnutls/pkcs11.h>
7 #define PKCS11_ID_SIZE 128
8 #define PKCS11_LABEL_SIZE 128
10 typedef unsigned char ck_bool_t
;
14 struct ck_token_info tinfo
;
15 struct ck_slot_info sinfo
;
17 struct gnutls_pkcs11_provider_s
*prov
;
20 struct pkcs11_url_info
22 /* everything here is null terminated strings */
23 opaque id
[PKCS11_ID_SIZE
* 3 + 1]; /* hex with delimiters */
24 opaque type
[16]; /* cert/key etc. */
26 opaque lib_manufacturer
[sizeof
27 (((struct ck_info
*) NULL
)->manufacturer_id
) + 1];
28 opaque lib_desc
[sizeof
29 (((struct ck_info
*) NULL
)->library_description
) + 1];
30 opaque lib_version
[12];
32 opaque manufacturer
[sizeof
33 (((struct ck_token_info
*) NULL
)->manufacturer_id
) + 1];
34 opaque token
[sizeof (((struct ck_token_info
*) NULL
)->label
) + 1];
35 opaque serial
[sizeof (((struct ck_token_info
*) NULL
)->serial_number
) + 1];
36 opaque model
[sizeof (((struct ck_token_info
*) NULL
)->model
) + 1];
37 opaque label
[PKCS11_LABEL_SIZE
+ 1];
39 opaque certid_raw
[PKCS11_ID_SIZE
]; /* same as ID but raw */
40 size_t certid_raw_size
;
43 struct gnutls_pkcs11_obj_st
46 gnutls_pkcs11_obj_type_t type
;
47 struct pkcs11_url_info info
;
49 /* only when pubkey */
50 gnutls_datum_t pubkey
[MAX_PUBLIC_PARAMS_SIZE
];
51 gnutls_pk_algorithm pk_algorithm
;
52 unsigned int key_usage
;
55 /* thus function is called for every token in the traverse_tokens
56 * function. Once everything is traversed it is called with NULL tinfo.
57 * It should return 0 if found what it was looking for.
59 typedef int (*find_func_t
) (pakchois_session_t
* pks
,
60 struct token_info
* tinfo
, struct ck_info
*,
63 int pkcs11_rv_to_err (ck_rv_t rv
);
64 int pkcs11_url_to_info (const char *url
, struct pkcs11_url_info
*info
);
66 pkcs11_find_slot (pakchois_module_t
** module
, ck_slot_id_t
* slot
,
67 struct pkcs11_url_info
*info
, struct token_info
*_tinfo
);
69 int pkcs11_get_info (struct pkcs11_url_info
*info
,
70 gnutls_pkcs11_obj_info_t itype
, void *output
,
71 size_t * output_size
);
72 int pkcs11_login (pakchois_session_t
* pks
,
73 const struct token_info
*info
, int admin
);
75 extern gnutls_pkcs11_token_callback_t token_func
;
76 extern void *token_data
;
78 void pkcs11_rescan_slots (void);
79 int pkcs11_info_to_url (const struct pkcs11_url_info
*info
,
80 gnutls_pkcs11_url_type_t detailed
, char **url
);
82 #define SESSION_WRITE (1<<0)
83 #define SESSION_LOGIN (1<<1)
84 #define SESSION_SO (1<<2) /* security officer session */
85 int pkcs11_open_session (pakchois_session_t
** _pks
,
86 struct pkcs11_url_info
*info
, unsigned int flags
);
87 int _pkcs11_traverse_tokens (find_func_t find_func
, void *input
,
89 ck_object_class_t
pkcs11_strtype_to_class (const char *type
);
91 int pkcs11_token_matches_info (struct pkcs11_url_info
*info
,
92 struct ck_token_info
*tinfo
,
93 struct ck_info
*lib_info
);
95 /* flags are SESSION_* */
96 int pkcs11_find_object (pakchois_session_t
** _pks
,
97 ck_object_handle_t
* _obj
,
98 struct pkcs11_url_info
*info
, unsigned int flags
);
100 unsigned int pkcs11_obj_flags_to_int (unsigned int flags
);
103 _gnutls_pkcs11_privkey_sign_hash (gnutls_pkcs11_privkey_t key
,
104 const gnutls_datum_t
* hash
,
105 gnutls_datum_t
* signature
);
108 _gnutls_pkcs11_privkey_decrypt_data (gnutls_pkcs11_privkey_t key
,
110 const gnutls_datum_t
* ciphertext
,
111 gnutls_datum_t
* plaintext
);
