lib/pkcs11_int.h

   1 /*
   2  * GnuTLS PKCS#11 support
   3  * Copyright (C) 2010-2012 Free Software Foundation, Inc.
   4  *
   5  * Authors: Nikos Mavrogiannopoulos, Stef Walter
   6  *
   7  * The GnuTLS is free software; you can redistribute it and/or
   8  * modify it under the terms of the GNU Lesser General Public License
   9  * as published by the Free Software Foundation; either version 3 of
  10  * the License, or (at your option) any later version.
  11  *
  12  * This library is distributed in the hope that it will be useful, but
  13  * WITHOUT ANY WARRANTY; without even the implied warranty of
  14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  15  * Lesser General Public License for more details.
  16  *
  17  * You should have received a copy of the GNU Lesser General Public License
  18  * along with this program.  If not, see <http://www.gnu.org/licenses/>
  19  */
  20
  21 #ifndef PKCS11_INT_H
  22 #define PKCS11_INT_H
  23
  24 #ifdef ENABLE_PKCS11
  25
  26 #define CRYPTOKI_GNU
  27 #include <p11-kit/pkcs11.h>
  28 #include <gnutls/pkcs11.h>
  29 #include <x509/x509_int.h>
  30
  31 #define PKCS11_ID_SIZE 128
  32 #define PKCS11_LABEL_SIZE 128
  33
  34 #include <p11-kit/uri.h>
  35 typedef unsigned char ck_bool_t;
  36
  37
  38 struct pkcs11_session_info {
  39   struct ck_function_list * module;
  40   struct ck_token_info tinfo;
  41   ck_session_handle_t pks;
  42   unsigned int init;
  43 };
  44
  45 struct token_info
  46 {
  47   struct ck_token_info tinfo;
  48   struct ck_slot_info sinfo;
  49   ck_slot_id_t sid;
  50   struct gnutls_pkcs11_provider_s *prov;
  51 };
  52
  53 struct gnutls_pkcs11_obj_st
  54 {
  55   gnutls_datum_t raw;
  56   gnutls_pkcs11_obj_type_t type;
  57   struct p11_kit_uri *info;
  58
  59   /* only when pubkey */
  60   gnutls_datum_t pubkey[MAX_PUBLIC_PARAMS_SIZE];
  61   gnutls_pk_algorithm_t pk_algorithm;
  62   unsigned int key_usage;
  63
  64   struct pin_info_st pin;
  65 };
  66
  67 /* thus function is called for every token in the traverse_tokens
  68  * function. Once everything is traversed it is called with NULL tinfo.
  69  * It should return 0 if found what it was looking for.
  70  */
  71 typedef int (*find_func_t) (struct pkcs11_session_info*,
  72                             struct token_info * tinfo, struct ck_info *,
  73                             void *input);
  74
  75 int pkcs11_rv_to_err (ck_rv_t rv);
  76 int pkcs11_url_to_info (const char *url, struct p11_kit_uri **info);
  77 int
  78 pkcs11_find_slot (struct ck_function_list ** module, ck_slot_id_t * slot,
  79                   struct p11_kit_uri *info, struct token_info *_tinfo);
  80
  81 int pkcs11_read_pubkey(struct ck_function_list *module,
  82                               ck_session_handle_t pks, ck_object_handle_t obj,
  83                               ck_key_type_t key_type, gnutls_datum_t * pubkey);
  84
  85 int pkcs11_get_info (struct p11_kit_uri *info,
  86                      gnutls_pkcs11_obj_info_t itype, void *output,
  87                      size_t * output_size);
  88 int pkcs11_login (struct pkcs11_session_info * sinfo, struct pin_info_st* pin_info,
  89                   const struct token_info *tokinfo, struct p11_kit_uri *info, int so);
  90
  91 int pkcs11_call_token_func (struct p11_kit_uri *info, const unsigned retry);
  92
  93 extern gnutls_pkcs11_token_callback_t _gnutls_token_func;
  94 extern void *_gnutls_token_data;
  95
  96 void pkcs11_rescan_slots (void);
  97 int pkcs11_info_to_url (struct p11_kit_uri *info,
  98                         gnutls_pkcs11_url_type_t detailed, char **url);
  99
 100 #define SESSION_WRITE (1<<0)
 101 #define SESSION_LOGIN (1<<1)
 102 #define SESSION_SO (1<<2)       /* security officer session */
 103 int pkcs11_open_session (struct pkcs11_session_info* sinfo,
 104                          struct pin_info_st* pin_info,
 105                          struct p11_kit_uri *info, unsigned int flags);
 106 int _pkcs11_traverse_tokens (find_func_t find_func, void *input,
 107                              struct p11_kit_uri *info,
 108                              struct pin_info_st* pin_info,
 109                              unsigned int flags);
 110 ck_object_class_t pkcs11_strtype_to_class (const char *type);
 111
 112 int pkcs11_token_matches_info (struct p11_kit_uri *info,
 113                                struct ck_token_info *tinfo,
 114                                struct ck_info *lib_info);
 115
 116 unsigned int pkcs11_obj_flags_to_int (unsigned int flags);
 117
 118 int
 119 _gnutls_pkcs11_privkey_sign_hash (gnutls_pkcs11_privkey_t key,
 120                                   const gnutls_datum_t * hash,
 121                                   gnutls_datum_t * signature);
 122
 123 int
 124 _gnutls_pkcs11_privkey_decrypt_data (gnutls_pkcs11_privkey_t key,
 125                                     unsigned int flags,
 126                                     const gnutls_datum_t * ciphertext,
 127                                     gnutls_datum_t * plaintext);
 128
 129 static inline int pk_to_mech(gnutls_pk_algorithm_t pk)
 130 {
 131   if (pk == GNUTLS_PK_DSA)
 132     return CKM_DSA;
 133   else if (pk == GNUTLS_PK_EC)
 134     return CKM_ECDSA;
 135   else
 136     return CKM_RSA_PKCS;
 137 }
 138
 139 static inline gnutls_pk_algorithm_t mech_to_pk(ck_key_type_t m)
 140 {
 141   if (m == CKK_RSA)
 142     return GNUTLS_PK_RSA;
 143   else if (m == CKK_DSA)
 144     return GNUTLS_PK_DSA;
 145   else  if (m == CKK_ECDSA)
 146     return GNUTLS_PK_EC;
 147   else return GNUTLS_PK_UNKNOWN;
 148 }
 149
 150 static inline int pk_to_genmech(gnutls_pk_algorithm_t pk)
 151 {
 152   if (pk == GNUTLS_PK_DSA)
 153     return CKM_DSA_KEY_PAIR_GEN;
 154   else if (pk == GNUTLS_PK_EC)
 155     return CKM_ECDSA_KEY_PAIR_GEN;
 156   else
 157     return CKM_RSA_PKCS_KEY_PAIR_GEN;
 158 }
 159
 160 ck_rv_t
 161 pkcs11_generate_key_pair (struct ck_function_list *module,
 162              ck_session_handle_t sess,
 163              struct ck_mechanism *mechanism,
 164              struct ck_attribute *pub_templ,
 165              unsigned long pub_templ_count,
 166              struct ck_attribute *priv_templ,
 167              unsigned long priv_templ_count,
 168              ck_object_handle_t *pub,
 169              ck_object_handle_t *priv);
 170
 171 ck_rv_t
 172 pkcs11_get_slot_list (struct ck_function_list * module,
 173                       unsigned char token_present,
 174                       ck_slot_id_t *slot_list,
 175                       unsigned long *count);
 176
 177 ck_rv_t
 178 pkcs11_get_module_info (struct ck_function_list * module,
 179                         struct ck_info * info);
 180
 181 ck_rv_t
 182 pkcs11_get_slot_info(struct ck_function_list * module,
 183                      ck_slot_id_t slot_id,
 184                      struct ck_slot_info *info);
 185
 186 ck_rv_t
 187 pkcs11_get_token_info (struct ck_function_list * module,
 188                        ck_slot_id_t slot_id,
 189                        struct ck_token_info *info);
 190
 191 ck_rv_t
 192 pkcs11_find_objects_init (struct ck_function_list *module,
 193                           ck_session_handle_t sess,
 194                           struct ck_attribute *templ,
 195                           unsigned long count);
 196
 197 ck_rv_t
 198 pkcs11_find_objects (struct ck_function_list *module,
 199                        ck_session_handle_t sess,
 200                        ck_object_handle_t *objects,
 201                        unsigned long max_object_count,
 202                        unsigned long *object_count);
 203
 204 ck_rv_t
 205 pkcs11_find_objects_final (struct pkcs11_session_info*);
 206
 207 ck_rv_t
 208 pkcs11_close_session (struct pkcs11_session_info *);
 209
 210 ck_rv_t
 211 pkcs11_get_attribute_value(struct ck_function_list *module,
 212                            ck_session_handle_t sess,
 213                            ck_object_handle_t object,
 214                            struct ck_attribute *templ,
 215                            unsigned long count);
 216
 217 ck_rv_t
 218 pkcs11_get_mechanism_list (struct ck_function_list *module,
 219                            ck_slot_id_t slot_id,
 220                            ck_mechanism_type_t *mechanism_list,
 221                            unsigned long *count);
 222
 223 ck_rv_t
 224 pkcs11_sign_init (struct ck_function_list *module,
 225                   ck_session_handle_t sess,
 226                   struct ck_mechanism *mechanism,
 227                   ck_object_handle_t key);
 228
 229 ck_rv_t
 230 pkcs11_sign (struct ck_function_list *module,
 231              ck_session_handle_t sess,
 232              unsigned char *data,
 233              unsigned long data_len,
 234              unsigned char *signature,
 235              unsigned long *signature_len);
 236
 237 ck_rv_t
 238 pkcs11_decrypt_init (struct ck_function_list *module,
 239                      ck_session_handle_t sess,
 240                      struct ck_mechanism *mechanism,
 241                      ck_object_handle_t key);
 242
 243 ck_rv_t
 244 pkcs11_decrypt (struct ck_function_list *module,
 245                 ck_session_handle_t sess,
 246                 unsigned char *encrypted_data,
 247                 unsigned long encrypted_data_len,
 248                 unsigned char *data, unsigned long *data_len);
 249
 250 ck_rv_t
 251 pkcs11_create_object (struct ck_function_list *module,
 252                       ck_session_handle_t sess,
 253                       struct ck_attribute *templ,
 254                       unsigned long count,
 255                       ck_object_handle_t *object);
 256
 257 ck_rv_t
 258 pkcs11_destroy_object (struct ck_function_list *module,
 259                        ck_session_handle_t sess,
 260                        ck_object_handle_t object);
 261
 262 ck_rv_t
 263 pkcs11_init_token (struct ck_function_list *module,
 264                    ck_slot_id_t slot_id, unsigned char *pin,
 265                    unsigned long pin_len, unsigned char *label);
 266
 267 ck_rv_t
 268 pkcs11_init_pin (struct ck_function_list *module,
 269                  ck_session_handle_t sess,
 270                  unsigned char *pin,
 271                  unsigned long pin_len);
 272
 273 ck_rv_t
 274 pkcs11_set_pin (struct ck_function_list *module,
 275                 ck_session_handle_t sess,
 276                 const char *old_pin,
 277                 unsigned long old_len,
 278                 const char *new_pin,
 279                 unsigned long new_len);
 280
 281 const char *
 282 pkcs11_strerror (ck_rv_t rv);
 283
 284 #endif /* ENABLE_PKCS11 */
 285
 286 #endif