4 #include <pakchois/pakchois.h>
5 #include <gnutls/pkcs11.h>
7 #define PKCS11_ID_SIZE 128
8 #define PKCS11_LABEL_SIZE 128
12 struct ck_token_info tinfo
;
13 struct ck_slot_info sinfo
;
15 struct gnutls_pkcs11_provider_s
*prov
;
18 struct pkcs11_url_info
20 /* everything here is null terminated strings */
21 opaque id
[PKCS11_ID_SIZE
* 3 + 1]; /* hex with delimiters */
22 opaque type
[16]; /* cert/key etc. */
24 opaque lib_manufacturer
[sizeof
25 (((struct ck_info
*) NULL
)->manufacturer_id
) + 1];
26 opaque lib_desc
[sizeof
27 (((struct ck_info
*) NULL
)->library_description
) + 1];
28 opaque lib_version
[12];
30 opaque manufacturer
[sizeof
31 (((struct ck_token_info
*) NULL
)->manufacturer_id
) + 1];
32 opaque token
[sizeof (((struct ck_token_info
*) NULL
)->label
) + 1];
33 opaque serial
[sizeof (((struct ck_token_info
*) NULL
)->serial_number
) + 1];
34 opaque model
[sizeof (((struct ck_token_info
*) NULL
)->model
) + 1];
35 opaque label
[PKCS11_LABEL_SIZE
+ 1];
37 opaque certid_raw
[PKCS11_ID_SIZE
]; /* same as ID but raw */
38 size_t certid_raw_size
;
41 struct gnutls_pkcs11_obj_st
44 gnutls_pkcs11_obj_type_t type
;
45 struct pkcs11_url_info info
;
47 /* only when pubkey */
48 gnutls_datum_t pubkey
[MAX_PUBLIC_PARAMS_SIZE
];
49 gnutls_pk_algorithm pk_algorithm
;
50 unsigned int key_usage
;
53 /* thus function is called for every token in the traverse_tokens
54 * function. Once everything is traversed it is called with NULL tinfo.
55 * It should return 0 if found what it was looking for.
57 typedef int (*find_func_t
) (pakchois_session_t
* pks
,
58 struct token_info
* tinfo
, struct ck_info
*,
61 int pkcs11_rv_to_err (ck_rv_t rv
);
62 int pkcs11_url_to_info (const char *url
, struct pkcs11_url_info
*info
);
64 pkcs11_find_slot (pakchois_module_t
** module
, ck_slot_id_t
* slot
,
65 struct pkcs11_url_info
*info
, struct token_info
*_tinfo
);
67 int pkcs11_get_info (struct pkcs11_url_info
*info
,
68 gnutls_pkcs11_obj_info_t itype
, void *output
,
69 size_t * output_size
);
70 int pkcs11_login (pakchois_session_t
* pks
,
71 const struct token_info
*info
, int admin
);
73 extern gnutls_pkcs11_token_callback_t token_func
;
74 extern void *token_data
;
76 void pkcs11_rescan_slots (void);
77 int pkcs11_info_to_url (const struct pkcs11_url_info
*info
,
78 gnutls_pkcs11_url_type_t detailed
, char **url
);
80 #define SESSION_WRITE (1<<0)
81 #define SESSION_LOGIN (1<<1)
82 #define SESSION_SO (1<<2) /* security officer session */
83 int pkcs11_open_session (pakchois_session_t
** _pks
,
84 struct pkcs11_url_info
*info
, unsigned int flags
);
85 int _pkcs11_traverse_tokens (find_func_t find_func
, void *input
,
87 ck_object_class_t
pkcs11_strtype_to_class (const char *type
);
89 int pkcs11_token_matches_info (struct pkcs11_url_info
*info
,
90 struct ck_token_info
*tinfo
,
91 struct ck_info
*lib_info
);
93 /* flags are SESSION_* */
94 int pkcs11_find_object (pakchois_session_t
** _pks
,
95 ck_object_handle_t
* _obj
,
96 struct pkcs11_url_info
*info
, unsigned int flags
);
98 unsigned int pkcs11_obj_flags_to_int (unsigned int flags
);
101 _gnutls_pkcs11_privkey_sign_hash (gnutls_pkcs11_privkey_t key
,
102 const gnutls_datum_t
* hash
,
103 gnutls_datum_t
* signature
);
106 _gnutls_pkcs11_privkey_decrypt_data (gnutls_pkcs11_privkey_t key
,
108 const gnutls_datum_t
* ciphertext
,
109 gnutls_datum_t
* plaintext
);