lib/pkcs11_int.h

   1 /*
   2  * GnuTLS PKCS#11 support
   3  * Copyright (C) 2010-2012 Free Software Foundation, Inc.
   4  *
   5  * Authors: Nikos Mavrogiannopoulos, Stef Walter
   6  *
   7  * The GnuTLS is free software; you can redistribute it and/or
   8  * modify it under the terms of the GNU Lesser General Public License
   9  * as published by the Free Software Foundation; either version 3 of
  10  * the License, or (at your option) any later version.
  11  *
  12  * This library is distributed in the hope that it will be useful, but
  13  * WITHOUT ANY WARRANTY; without even the implied warranty of
  14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  15  * Lesser General Public License for more details.
  16  *
  17  * You should have received a copy of the GNU Lesser General Public License
  18  * along with this program.  If not, see <http://www.gnu.org/licenses/>
  19  */
  20
  21 #ifndef PKCS11_INT_H
  22 #define PKCS11_INT_H
  23
  24 #ifdef ENABLE_PKCS11
  25
  26 #define CRYPTOKI_GNU
  27 #include <p11-kit/pkcs11.h>
  28 #include <gnutls/pkcs11.h>
  29 #include <x509/x509_int.h>
  30
  31 #define PKCS11_ID_SIZE 128
  32 #define PKCS11_LABEL_SIZE 128
  33
  34 #include <p11-kit/uri.h>
  35 typedef unsigned char ck_bool_t;
  36
  37
  38 struct pkcs11_session_info {
  39   struct ck_function_list * module;
  40   struct ck_token_info tinfo;
  41   ck_session_handle_t pks;
  42   unsigned int init;
  43 };
  44
  45 struct token_info
  46 {
  47   struct ck_token_info tinfo;
  48   struct ck_slot_info sinfo;
  49   ck_slot_id_t sid;
  50   struct gnutls_pkcs11_provider_s *prov;
  51 };
  52
  53 struct gnutls_pkcs11_obj_st
  54 {
  55   gnutls_datum_t raw;
  56   gnutls_pkcs11_obj_type_t type;
  57   struct p11_kit_uri *info;
  58
  59   /* only when pubkey */
  60   gnutls_datum_t pubkey[MAX_PUBLIC_PARAMS_SIZE];
  61   gnutls_pk_algorithm_t pk_algorithm;
  62   unsigned int key_usage;
  63
  64   struct pin_info_st pin;
  65 };
  66
  67 /* thus function is called for every token in the traverse_tokens
  68  * function. Once everything is traversed it is called with NULL tinfo.
  69  * It should return 0 if found what it was looking for.
  70  */
  71 typedef int (*find_func_t) (struct pkcs11_session_info*,
  72                             struct token_info * tinfo, struct ck_info *,
  73                             void *input);
  74
  75 int pkcs11_rv_to_err (ck_rv_t rv);
  76 int pkcs11_url_to_info (const char *url, struct p11_kit_uri **info);
  77 int
  78 pkcs11_find_slot (struct ck_function_list ** module, ck_slot_id_t * slot,
  79                   struct p11_kit_uri *info, struct token_info *_tinfo);
  80
  81 int pkcs11_get_info (struct p11_kit_uri *info,
  82                      gnutls_pkcs11_obj_info_t itype, void *output,
  83                      size_t * output_size);
  84 int pkcs11_login (struct pkcs11_session_info * sinfo, struct pin_info_st* pin_info,
  85                   const struct token_info *tokinfo, struct p11_kit_uri *info, int so);
  86
  87 int pkcs11_call_token_func (struct p11_kit_uri *info, const unsigned retry);
  88
  89 extern gnutls_pkcs11_token_callback_t _gnutls_token_func;
  90 extern void *_gnutls_token_data;
  91
  92 void pkcs11_rescan_slots (void);
  93 int pkcs11_info_to_url (struct p11_kit_uri *info,
  94                         gnutls_pkcs11_url_type_t detailed, char **url);
  95
  96 #define SESSION_WRITE (1<<0)
  97 #define SESSION_LOGIN (1<<1)
  98 #define SESSION_SO (1<<2)       /* security officer session */
  99 int pkcs11_open_session (struct pkcs11_session_info* sinfo,
 100                          struct pin_info_st* pin_info,
 101                          struct p11_kit_uri *info, unsigned int flags);
 102 int _pkcs11_traverse_tokens (find_func_t find_func, void *input,
 103                              struct p11_kit_uri *info,
 104                              struct pin_info_st* pin_info,
 105                              unsigned int flags);
 106 ck_object_class_t pkcs11_strtype_to_class (const char *type);
 107
 108 int pkcs11_token_matches_info (struct p11_kit_uri *info,
 109                                struct ck_token_info *tinfo,
 110                                struct ck_info *lib_info);
 111
 112 /* flags are SESSION_* */
 113 int pkcs11_find_object (struct pkcs11_session_info* sinfo,
 114                         struct pin_info_st* pin_info,
 115                         ck_object_handle_t * _obj,
 116                         struct p11_kit_uri *info, unsigned int flags);
 117
 118 unsigned int pkcs11_obj_flags_to_int (unsigned int flags);
 119
 120 int
 121 _gnutls_pkcs11_privkey_sign_hash (gnutls_pkcs11_privkey_t key,
 122                                   const gnutls_datum_t * hash,
 123                                   gnutls_datum_t * signature);
 124
 125 int
 126 _gnutls_pkcs11_privkey_decrypt_data (gnutls_pkcs11_privkey_t key,
 127                                     unsigned int flags,
 128                                     const gnutls_datum_t * ciphertext,
 129                                     gnutls_datum_t * plaintext);
 130
 131 static inline int pk_to_mech(gnutls_pk_algorithm_t pk)
 132 {
 133   if (pk == GNUTLS_PK_DSA)
 134     return CKM_DSA;
 135   else if (pk == GNUTLS_PK_EC)
 136     return CKM_ECDSA;
 137   else
 138     return CKM_RSA_PKCS;
 139 }
 140
 141 static inline gnutls_pk_algorithm_t mech_to_pk(ck_key_type_t m)
 142 {
 143   if (m == CKK_RSA)
 144     return GNUTLS_PK_RSA;
 145   else if (m == CKK_DSA)
 146     return GNUTLS_PK_DSA;
 147   else  if (m == CKK_ECDSA)
 148     return GNUTLS_PK_EC;
 149   else return GNUTLS_PK_UNKNOWN;
 150 }
 151
 152 static inline int pk_to_genmech(gnutls_pk_algorithm_t pk)
 153 {
 154   if (pk == GNUTLS_PK_DSA)
 155     return CKM_DSA_KEY_PAIR_GEN;
 156   else if (pk == GNUTLS_PK_EC)
 157     return CKM_ECDSA_KEY_PAIR_GEN;
 158   else
 159     return CKM_RSA_PKCS_KEY_PAIR_GEN;
 160 }
 161
 162 ck_rv_t
 163 pkcs11_generate_key_pair (struct ck_function_list *module,
 164              ck_session_handle_t sess,
 165              struct ck_mechanism *mechanism,
 166              struct ck_attribute *pub_templ,
 167              unsigned long pub_templ_count,
 168              struct ck_attribute *priv_templ,
 169              unsigned long priv_templ_count,
 170              ck_object_handle_t *pub,
 171              ck_object_handle_t *priv);
 172
 173 ck_rv_t
 174 pkcs11_get_slot_list (struct ck_function_list * module,
 175                       unsigned char token_present,
 176                       ck_slot_id_t *slot_list,
 177                       unsigned long *count);
 178
 179 ck_rv_t
 180 pkcs11_get_module_info (struct ck_function_list * module,
 181                         struct ck_info * info);
 182
 183 ck_rv_t
 184 pkcs11_get_slot_info(struct ck_function_list * module,
 185                      ck_slot_id_t slot_id,
 186                      struct ck_slot_info *info);
 187
 188 ck_rv_t
 189 pkcs11_get_token_info (struct ck_function_list * module,
 190                        ck_slot_id_t slot_id,
 191                        struct ck_token_info *info);
 192
 193 ck_rv_t
 194 pkcs11_find_objects_init (struct ck_function_list *module,
 195                           ck_session_handle_t sess,
 196                           struct ck_attribute *templ,
 197                           unsigned long count);
 198
 199 ck_rv_t
 200 pkcs11_find_objects (struct ck_function_list *module,
 201                        ck_session_handle_t sess,
 202                        ck_object_handle_t *objects,
 203                        unsigned long max_object_count,
 204                        unsigned long *object_count);
 205
 206 ck_rv_t
 207 pkcs11_find_objects_final (struct pkcs11_session_info*);
 208
 209 ck_rv_t
 210 pkcs11_close_session (struct pkcs11_session_info *);
 211
 212 ck_rv_t
 213 pkcs11_get_attribute_value(struct ck_function_list *module,
 214                            ck_session_handle_t sess,
 215                            ck_object_handle_t object,
 216                            struct ck_attribute *templ,
 217                            unsigned long count);
 218
 219 ck_rv_t
 220 pkcs11_get_mechanism_list (struct ck_function_list *module,
 221                            ck_slot_id_t slot_id,
 222                            ck_mechanism_type_t *mechanism_list,
 223                            unsigned long *count);
 224
 225 ck_rv_t
 226 pkcs11_sign_init (struct ck_function_list *module,
 227                   ck_session_handle_t sess,
 228                   struct ck_mechanism *mechanism,
 229                   ck_object_handle_t key);
 230
 231 ck_rv_t
 232 pkcs11_sign (struct ck_function_list *module,
 233              ck_session_handle_t sess,
 234              unsigned char *data,
 235              unsigned long data_len,
 236              unsigned char *signature,
 237              unsigned long *signature_len);
 238
 239 ck_rv_t
 240 pkcs11_decrypt_init (struct ck_function_list *module,
 241                      ck_session_handle_t sess,
 242                      struct ck_mechanism *mechanism,
 243                      ck_object_handle_t key);
 244
 245 ck_rv_t
 246 pkcs11_decrypt (struct ck_function_list *module,
 247                 ck_session_handle_t sess,
 248                 unsigned char *encrypted_data,
 249                 unsigned long encrypted_data_len,
 250                 unsigned char *data, unsigned long *data_len);
 251
 252 ck_rv_t
 253 pkcs11_create_object (struct ck_function_list *module,
 254                       ck_session_handle_t sess,
 255                       struct ck_attribute *templ,
 256                       unsigned long count,
 257                       ck_object_handle_t *object);
 258
 259 ck_rv_t
 260 pkcs11_destroy_object (struct ck_function_list *module,
 261                        ck_session_handle_t sess,
 262                        ck_object_handle_t object);
 263
 264 ck_rv_t
 265 pkcs11_init_token (struct ck_function_list *module,
 266                    ck_slot_id_t slot_id, unsigned char *pin,
 267                    unsigned long pin_len, unsigned char *label);
 268
 269 ck_rv_t
 270 pkcs11_init_pin (struct ck_function_list *module,
 271                  ck_session_handle_t sess,
 272                  unsigned char *pin,
 273                  unsigned long pin_len);
 274
 275 ck_rv_t
 276 pkcs11_set_pin (struct ck_function_list *module,
 277                 ck_session_handle_t sess,
 278                 const char *old_pin,
 279                 unsigned long old_len,
 280                 const char *new_pin,
 281                 unsigned long new_len);
 282
 283 const char *
 284 pkcs11_strerror (ck_rv_t rv);
 285
 286 #endif /* ENABLE_PKCS11 */
 287
 288 #endif