lib/pkcs11_int.h

   1 /*
   2  * GnuTLS PKCS#11 support
   3  * Copyright (C) 2010-2012 Free Software Foundation, Inc.
   4  *
   5  * Authors: Nikos Mavrogiannopoulos, Stef Walter
   6  *
   7  * The GnuTLS is free software; you can redistribute it and/or
   8  * modify it under the terms of the GNU Lesser General Public License
   9  * as published by the Free Software Foundation; either version 3 of
  10  * the License, or (at your option) any later version.
  11  *
  12  * This library is distributed in the hope that it will be useful, but
  13  * WITHOUT ANY WARRANTY; without even the implied warranty of
  14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  15  * Lesser General Public License for more details.
  16  *
  17  * You should have received a copy of the GNU Lesser General Public License
  18  * along with this program.  If not, see <http://www.gnu.org/licenses/>
  19  */
  20
  21 #ifndef PKCS11_INT_H
  22 #define PKCS11_INT_H
  23
  24 #ifdef ENABLE_PKCS11
  25
  26 #define CRYPTOKI_GNU
  27 #include <p11-kit/pkcs11.h>
  28 #include <gnutls/pkcs11.h>
  29 #include <x509/x509_int.h>
  30
  31 #define PKCS11_ID_SIZE 128
  32 #define PKCS11_LABEL_SIZE 128
  33
  34 #include <p11-kit/uri.h>
  35 typedef unsigned char ck_bool_t;
  36
  37 struct token_info
  38 {
  39   struct ck_token_info tinfo;
  40   struct ck_slot_info sinfo;
  41   ck_slot_id_t sid;
  42   struct gnutls_pkcs11_provider_s *prov;
  43 };
  44
  45 struct gnutls_pkcs11_obj_st
  46 {
  47   gnutls_datum_t raw;
  48   gnutls_pkcs11_obj_type_t type;
  49   struct p11_kit_uri *info;
  50
  51   /* only when pubkey */
  52   gnutls_datum_t pubkey[MAX_PUBLIC_PARAMS_SIZE];
  53   gnutls_pk_algorithm_t pk_algorithm;
  54   unsigned int key_usage;
  55 };
  56
  57 /* thus function is called for every token in the traverse_tokens
  58  * function. Once everything is traversed it is called with NULL tinfo.
  59  * It should return 0 if found what it was looking for.
  60  */
  61 typedef int (*find_func_t) (struct ck_function_list *module,
  62                             ck_session_handle_t pks,
  63                             struct token_info * tinfo, struct ck_info *,
  64                             void *input);
  65
  66 int pkcs11_rv_to_err (ck_rv_t rv);
  67 int pkcs11_url_to_info (const char *url, struct p11_kit_uri **info);
  68 int
  69 pkcs11_find_slot (struct ck_function_list ** module, ck_slot_id_t * slot,
  70                   struct p11_kit_uri *info, struct token_info *_tinfo);
  71
  72 int pkcs11_get_info (struct p11_kit_uri *info,
  73                      gnutls_pkcs11_obj_info_t itype, void *output,
  74                      size_t * output_size);
  75 int pkcs11_login (struct ck_function_list * module, ck_session_handle_t pks,
  76                   const struct token_info *tinfo, struct p11_kit_uri *info, int admin);
  77
  78 int pkcs11_call_token_func (struct p11_kit_uri *info, const unsigned retry);
  79
  80 extern gnutls_pkcs11_token_callback_t token_func;
  81 extern void *token_data;
  82
  83 void pkcs11_rescan_slots (void);
  84 int pkcs11_info_to_url (struct p11_kit_uri *info,
  85                         gnutls_pkcs11_url_type_t detailed, char **url);
  86
  87 #define SESSION_WRITE (1<<0)
  88 #define SESSION_LOGIN (1<<1)
  89 #define SESSION_SO (1<<2)       /* security officer session */
  90 int pkcs11_open_session (struct ck_function_list **_module, ck_session_handle_t * _pks,
  91                          struct p11_kit_uri *info, unsigned int flags);
  92 int _pkcs11_traverse_tokens (find_func_t find_func, void *input,
  93                              struct p11_kit_uri *info, unsigned int flags);
  94 ck_object_class_t pkcs11_strtype_to_class (const char *type);
  95
  96 int pkcs11_token_matches_info (struct p11_kit_uri *info,
  97                                struct ck_token_info *tinfo,
  98                                struct ck_info *lib_info);
  99
 100 /* flags are SESSION_* */
 101 int pkcs11_find_object (struct ck_function_list ** _module,
 102                         ck_session_handle_t * _pks,
 103                         ck_object_handle_t * _obj,
 104                         struct p11_kit_uri *info, unsigned int flags);
 105
 106 unsigned int pkcs11_obj_flags_to_int (unsigned int flags);
 107
 108 int
 109 _gnutls_pkcs11_privkey_sign_hash (gnutls_pkcs11_privkey_t key,
 110                                   const gnutls_datum_t * hash,
 111                                   gnutls_datum_t * signature);
 112
 113 int
 114 _gnutls_pkcs11_privkey_decrypt_data (gnutls_pkcs11_privkey_t key,
 115                                     unsigned int flags,
 116                                     const gnutls_datum_t * ciphertext,
 117                                     gnutls_datum_t * plaintext);
 118
 119 static inline int pk_to_mech(gnutls_pk_algorithm_t pk)
 120 {
 121   if (pk == GNUTLS_PK_DSA)
 122     return CKM_DSA;
 123   else if (pk == GNUTLS_PK_EC)
 124     return CKM_ECDSA;
 125   else
 126     return CKM_RSA_PKCS;
 127 }
 128
 129 static inline gnutls_pk_algorithm_t mech_to_pk(ck_key_type_t m)
 130 {
 131   if (m == CKK_RSA)
 132     return GNUTLS_PK_RSA;
 133   else if (m == CKK_DSA)
 134     return GNUTLS_PK_DSA;
 135   else  if (m == CKK_ECDSA)
 136     return GNUTLS_PK_EC;
 137   else return GNUTLS_PK_UNKNOWN;
 138 }
 139
 140 static inline int pk_to_genmech(gnutls_pk_algorithm_t pk)
 141 {
 142   if (pk == GNUTLS_PK_DSA)
 143     return CKM_DSA_KEY_PAIR_GEN;
 144   else if (pk == GNUTLS_PK_EC)
 145     return CKM_ECDSA_KEY_PAIR_GEN;
 146   else
 147     return CKM_RSA_PKCS_KEY_PAIR_GEN;
 148 }
 149
 150 ck_rv_t
 151 pkcs11_generate_key_pair (struct ck_function_list *module,
 152              ck_session_handle_t sess,
 153              struct ck_mechanism *mechanism,
 154              struct ck_attribute *pub_templ,
 155              unsigned long pub_templ_count,
 156              struct ck_attribute *priv_templ,
 157              unsigned long priv_templ_count,
 158              ck_object_handle_t *pub,
 159              ck_object_handle_t *priv);
 160
 161 ck_rv_t
 162 pkcs11_get_slot_list (struct ck_function_list * module,
 163                       unsigned char token_present,
 164                       ck_slot_id_t *slot_list,
 165                       unsigned long *count);
 166
 167 ck_rv_t
 168 pkcs11_get_module_info (struct ck_function_list * module,
 169                         struct ck_info * info);
 170
 171 ck_rv_t
 172 pkcs11_get_slot_info(struct ck_function_list * module,
 173                      ck_slot_id_t slot_id,
 174                      struct ck_slot_info *info);
 175
 176 ck_rv_t
 177 pkcs11_get_token_info (struct ck_function_list * module,
 178                        ck_slot_id_t slot_id,
 179                        struct ck_token_info *info);
 180
 181 ck_rv_t
 182 pkcs11_find_objects_init (struct ck_function_list *module,
 183                           ck_session_handle_t sess,
 184                           struct ck_attribute *templ,
 185                           unsigned long count);
 186
 187 ck_rv_t
 188 pkcs11_find_objects (struct ck_function_list *module,
 189                        ck_session_handle_t sess,
 190                        ck_object_handle_t *objects,
 191                        unsigned long max_object_count,
 192                        unsigned long *object_count);
 193
 194 ck_rv_t
 195 pkcs11_find_objects_final (struct ck_function_list *module,
 196                            ck_session_handle_t sess);
 197
 198 ck_rv_t
 199 pkcs11_close_session (struct ck_function_list *module,
 200                       ck_session_handle_t sess);
 201
 202 ck_rv_t
 203 pkcs11_get_attribute_value(struct ck_function_list *module,
 204                            ck_session_handle_t sess,
 205                            ck_object_handle_t object,
 206                            struct ck_attribute *templ,
 207                            unsigned long count);
 208
 209 ck_rv_t
 210 pkcs11_get_mechanism_list (struct ck_function_list *module,
 211                            ck_slot_id_t slot_id,
 212                            ck_mechanism_type_t *mechanism_list,
 213                            unsigned long *count);
 214
 215 ck_rv_t
 216 pkcs11_sign_init (struct ck_function_list *module,
 217                   ck_session_handle_t sess,
 218                   struct ck_mechanism *mechanism,
 219                   ck_object_handle_t key);
 220
 221 ck_rv_t
 222 pkcs11_sign (struct ck_function_list *module,
 223              ck_session_handle_t sess,
 224              unsigned char *data,
 225              unsigned long data_len,
 226              unsigned char *signature,
 227              unsigned long *signature_len);
 228
 229 ck_rv_t
 230 pkcs11_decrypt_init (struct ck_function_list *module,
 231                      ck_session_handle_t sess,
 232                      struct ck_mechanism *mechanism,
 233                      ck_object_handle_t key);
 234
 235 ck_rv_t
 236 pkcs11_decrypt (struct ck_function_list *module,
 237                 ck_session_handle_t sess,
 238                 unsigned char *encrypted_data,
 239                 unsigned long encrypted_data_len,
 240                 unsigned char *data, unsigned long *data_len);
 241
 242 ck_rv_t
 243 pkcs11_create_object (struct ck_function_list *module,
 244                       ck_session_handle_t sess,
 245                       struct ck_attribute *templ,
 246                       unsigned long count,
 247                       ck_object_handle_t *object);
 248
 249 ck_rv_t
 250 pkcs11_destroy_object (struct ck_function_list *module,
 251                        ck_session_handle_t sess,
 252                        ck_object_handle_t object);
 253
 254 ck_rv_t
 255 pkcs11_init_token (struct ck_function_list *module,
 256                    ck_slot_id_t slot_id, unsigned char *pin,
 257                    unsigned long pin_len, unsigned char *label);
 258
 259 ck_rv_t
 260 pkcs11_init_pin (struct ck_function_list *module,
 261                  ck_session_handle_t sess,
 262                  unsigned char *pin,
 263                  unsigned long pin_len);
 264
 265 ck_rv_t
 266 pkcs11_set_pin (struct ck_function_list *module,
 267                 ck_session_handle_t sess,
 268                 const char *old_pin,
 269                 unsigned long old_len,
 270                 const char *new_pin,
 271                 unsigned long new_len);
 272
 273 const char *
 274 pkcs11_strerror (ck_rv_t rv);
 275
 276 #endif /* ENABLE_PKCS11 */
 277
 278 #endif