aboutsummaryrefslogtreecommitdiff
path: root/pkcs11-helper.h
diff options
context:
space:
mode:
authorjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2007-10-22 20:06:14 +0000
committerjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2007-10-22 20:06:14 +0000
commit718526e0e9efbcf6f8aa5cfa411c06c21429011d (patch)
tree91ba9366ad8d733256e15eb61623384a48a9950f /pkcs11-helper.h
parentModified command line and config file parser to allow (diff)
downloadopenvpn-718526e0e9efbcf6f8aa5cfa411c06c21429011d.tar.xz
Use pkcs11-helper as external library, can be downloaded
from https://www.opensc-project.org/pkcs11-helper (Alon Bar-Lev). git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2418 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to '')
-rw-r--r--pkcs11-helper.h972
1 files changed, 0 insertions, 972 deletions
diff --git a/pkcs11-helper.h b/pkcs11-helper.h
deleted file mode 100644
index f6eb967..0000000
--- a/pkcs11-helper.h
+++ /dev/null
@@ -1,972 +0,0 @@
-/*
- * Copyright (c) 2005-2006 Alon Bar-Lev <alon.barlev@gmail.com>
- * All rights reserved.
- *
- * This software is available to you under a choice of one of two
- * licenses. You may choose to be licensed under the terms of the GNU
- * General Public License (GPL) Version 2, or the OpenIB.org BSD license.
- *
- * GNU General Public License (GPL) Version 2
- * ===========================================
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program (see the file COPYING[.GPL2] included with this
- * distribution); if not, write to the Free Software Foundation, Inc.,
- * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- * OpenIB.org BSD license
- * =======================
- * Redistribution and use in source and binary forms, with or without modifi-
- * cation, are permitted provided that the following conditions are met:
- *
- * o Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- *
- * o Redistributions in binary form must reproduce the above copyright no-
- * tice, this list of conditions and the following disclaimer in the do-
- * cumentation and/or other materials provided with the distribution.
- *
- * o The names of the contributors may not be used to endorse or promote
- * products derived from this software without specific prior written
- * permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
- * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LI-
- * ABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUEN-
- * TIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEV-
- * ER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABI-
- * LITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * The routines in this file deal with providing private key cryptography
- * using RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki).
- *
- */
-
-#ifndef __PKCS11H_HELPER_H
-#define __PKCS11H_HELPER_H
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-#include "pkcs11-helper-config.h"
-
-#if defined(ENABLE_PKCS11H_SLOTEVENT) && !defined(ENABLE_PKCS11H_THREADING)
-#error PKCS#11: ENABLE_PKCS11H_SLOTEVENT requires ENABLE_PKCS11H_THREADING
-#endif
-#if defined(ENABLE_PKCS11H_OPENSSL) && !defined(ENABLE_PKCS11H_CERTIFICATE)
-#error PKCS#11: ENABLE_PKCS11H_OPENSSL requires ENABLE_PKCS11H_CERTIFICATE
-#endif
-
-#define PKCS11H_LOG_DEBUG2 5
-#define PKCS11H_LOG_DEBUG1 4
-#define PKCS11H_LOG_INFO 3
-#define PKCS11H_LOG_WARN 2
-#define PKCS11H_LOG_ERROR 1
-#define PKCS11H_LOG_QUITE 0
-
-#define PKCS11H_PIN_CACHE_INFINITE -1
-
-#define PKCS11H_SIGNMODE_MASK_SIGN (1<<0)
-#define PKCS11H_SIGNMODE_MASK_RECOVER (1<<1)
-
-#define PKCS11H_PROMPT_MASK_ALLOW_PIN_PROMPT (1<<0)
-#define PKCS11H_PROMPT_MAST_ALLOW_CARD_PROMPT (1<<1)
-
-#define PKCS11H_SLOTEVENT_METHOD_AUTO 0
-#define PKCS11H_SLOTEVENT_METHOD_TRIGGER 1
-#define PKCS11H_SLOTEVENT_METHOD_POLL 2
-
-#define PKCS11H_ENUM_METHOD_CACHE 0
-#define PKCS11H_ENUM_METHOD_CACHE_EXIST 1
-#define PKCS11H_ENUM_METHOD_RELOAD 2
-
-typedef void (*pkcs11h_output_print_t)(
- IN const void *pData,
- IN const char * const szFormat,
- IN ...
-)
-#if __GNUC__ > 2
- __attribute__ ((format (printf, 2, 3)))
-#endif
- ;
-
-struct pkcs11h_token_id_s;
-typedef struct pkcs11h_token_id_s *pkcs11h_token_id_t;
-
-#if defined(ENABLE_PKCS11H_CERTIFICATE)
-
-struct pkcs11h_certificate_id_s;
-struct pkcs11h_certificate_s;
-typedef struct pkcs11h_certificate_id_s *pkcs11h_certificate_id_t;
-typedef struct pkcs11h_certificate_s *pkcs11h_certificate_t;
-
-#endif /* ENABLE_PKCS11H_CERTIFICATE */
-
-#if defined(ENABLE_PKCS11H_ENUM)
-
-struct pkcs11h_token_id_list_s;
-typedef struct pkcs11h_token_id_list_s *pkcs11h_token_id_list_t;
-
-#if defined(ENABLE_PKCS11H_DATA)
-
-struct pkcs11h_data_id_list_s;
-typedef struct pkcs11h_data_id_list_s *pkcs11h_data_id_list_t;
-
-#endif /* ENABLE_PKCS11H_DATA */
-
-#if defined(ENABLE_PKCS11H_CERTIFICATE)
-
-struct pkcs11h_certificate_id_list_s;
-typedef struct pkcs11h_certificate_id_list_s *pkcs11h_certificate_id_list_t;
-
-#endif /* ENABLE_PKCS11H_CERTIFICATE */
-
-#endif /* ENABLE_PKCS11H_ENUM */
-
-typedef void (*pkcs11h_hook_log_t)(
- IN const void *pData,
- IN const unsigned flags,
- IN const char * const szFormat,
- IN va_list args
-);
-
-typedef void (*pkcs11h_hook_slotevent_t)(
- IN const void *pData
-);
-
-typedef PKCS11H_BOOL (*pkcs11h_hook_token_prompt_t)(
- IN const void *pData,
- IN const pkcs11h_token_id_t token,
- IN const unsigned retry
-);
-
-typedef PKCS11H_BOOL (*pkcs11h_hook_pin_prompt_t)(
- IN const void *pData,
- IN const pkcs11h_token_id_t token,
- IN const unsigned retry,
- OUT char * const szPIN,
- IN const size_t nMaxPIN
-);
-
-struct pkcs11h_token_id_s {
- char label[1024];
- char manufacturerID[sizeof (((CK_TOKEN_INFO *)NULL)->manufacturerID)+1];
- char model[sizeof (((CK_TOKEN_INFO *)NULL)->model)+1];
- char serialNumber[sizeof (((CK_TOKEN_INFO *)NULL)->serialNumber)+1];
-};
-
-#if defined(ENABLE_PKCS11H_CERTIFICATE)
-
-struct pkcs11h_certificate_id_s {
- pkcs11h_token_id_t token_id;
-
- char displayName[1024];
- CK_BYTE_PTR attrCKA_ID;
- size_t attrCKA_ID_size;
-
- unsigned char *certificate_blob;
- size_t certificate_blob_size;
-};
-
-#endif
-
-#if defined(ENABLE_PKCS11H_ENUM)
-
-struct pkcs11h_token_id_list_s {
- pkcs11h_token_id_list_t next;
- pkcs11h_token_id_t token_id;
-};
-
-#if defined(ENABLE_PKCS11H_DATA)
-
-struct pkcs11h_data_id_list_s {
- pkcs11h_data_id_list_t next;
-
- char *application;
- char *label;
-};
-
-#endif /* ENABLE_PKCS11H_DATA */
-
-#if defined(ENABLE_PKCS11H_CERTIFICATE)
-
-struct pkcs11h_certificate_id_list_s {
- pkcs11h_certificate_id_list_t next;
- pkcs11h_certificate_id_t certificate_id;
-};
-
-#endif /* ENABLE_PKCS11H_CERTIFICATE */
-
-#endif /* ENABLE_PKCS11H_CERTIFICATE */
-
-#if defined(ENABLE_PKCS11H_OPENSSL)
-
-struct pkcs11h_openssl_session_s;
-typedef struct pkcs11h_openssl_session_s *pkcs11h_openssl_session_t;
-
-#endif /* ENABLE_PKCS11H_OPENSSL */
-
-/*
- * pkcs11h_getMessage - Get message by return value.
- *
- * Parameters:
- * rv - Return value.
- */
-char *
-pkcs11h_getMessage (
- IN const int rv
-);
-
-/*
- * pkcs11h_initialize - Inititalize helper interface.
- *
- * Must be called once, from main thread.
- * Defaults:
- * Protected authentication enabled.
- * PIN cached is infinite.
- */
-CK_RV
-pkcs11h_initialize ();
-
-/*
- * pkcs11h_terminate - Terminate helper interface.
- *
- * Must be called once, from main thread, after all
- * related resources freed.
- */
-CK_RV
-pkcs11h_terminate ();
-
-/*
- * pkcs11h_setLogLevel - Set current log level of the helper.
- *
- * Parameters:
- * flags - current log level.
- *
- * The log level can be set to maximum, but setting it to lower
- * level will improve performance.
- */
-void
-pkcs11h_setLogLevel (
- IN const unsigned flags
-);
-
-/*
- * pkcs11h_getLogLevel - Get current log level.
- */
-unsigned
-pkcs11h_getLogLevel ();
-
-/*
- * pkcs11h_setLogHook - Set a log callback.
- *
- * Parameters:
- * hook - Callback.
- * pData - Data to send to callback.
- */
-CK_RV
-pkcs11h_setLogHook (
- IN const pkcs11h_hook_log_t hook,
- IN void * const pData
-);
-
-/*
- * pkcs11h_setSlotEventHook - Set a slot event callback.
- *
- * Parameters:
- * hook - Callback.
- * pData - Data to send to callback.
- *
- * Calling this function initialize slot event notifications, these
- * notifications can be started, but never terminate due to PKCS#11 limitation.
- *
- * In order to use slot events you must have threading enabled.
- */
-CK_RV
-pkcs11h_setSlotEventHook (
- IN const pkcs11h_hook_slotevent_t hook,
- IN void * const pData
-);
-
-/*
- * pkcs11h_setTokenPromptHook - Set a token prompt callback.
- *
- * Parameters:
- * hook - Callback.
- * pData - Data to send to callback.
- */
-CK_RV
-pkcs11h_setTokenPromptHook (
- IN const pkcs11h_hook_token_prompt_t hook,
- IN void * const pData
-);
-
-/*
- * pkcs11h_setPINPromptHook - Set a pin prompt callback.
- *
- * Parameters:
- * hook - Callback.
- * pData - Data to send to callback.
- */
-CK_RV
-pkcs11h_setPINPromptHook (
- IN const pkcs11h_hook_pin_prompt_t hook,
- IN void * const pData
-);
-
-/*
- * pkcs11h_setProtectedAuthentication - Set global protected authentication mode.
- *
- * Parameters:
- * fProtectedAuthentication - Allow protected authentication if enabled by token.
- */
-CK_RV
-pkcs11h_setProtectedAuthentication (
- IN const PKCS11H_BOOL fProtectedAuthentication
-);
-
-/*
- * pkcs11h_setPINCachePeriod - Set global PIN cache timeout.
- *
- * Parameters:
- * nPINCachePeriod - Cache period in seconds, or PKCS11H_PIN_CACHE_INFINITE.
- */
-CK_RV
-pkcs11h_setPINCachePeriod (
- IN const int nPINCachePeriod
-);
-
-/*
- * pkcs11h_setMaxLoginRetries - Set global login retries attempts.
- *
- * Parameters:
- * nMaxLoginRetries - Login retries handled by the helper.
- */
-CK_RV
-pkcs11h_setMaxLoginRetries (
- IN const unsigned nMaxLoginRetries
-);
-
-/*
- * pkcs11h_addProvider - Add a PKCS#11 provider.
- *
- * Parameters:
- * szReferenceName - Reference name for this provider.
- * szProvider - Provider library location.
- * fProtectedAuthentication - Allow this provider to use protected authentication.
- * maskSignMode - Provider signmode override.
- * nSlotEventMethod - Provider slot event method.
- * nSlotEventPollInterval - Slot event poll interval (If in polling mode).
- * fCertIsPrivate - Provider's certificate access should be done after login.
- *
- * This function must be called from the main thread.
- *
- * The global fProtectedAuthentication must be enabled in order to allow provider specific.
- * The maskSignMode can be 0 in order to automatically detect key sign mode.
- */
-CK_RV
-pkcs11h_addProvider (
- IN const char * const szReferenceName,
- IN const char * const szProvider,
- IN const PKCS11H_BOOL fProtectedAuthentication,
- IN const unsigned maskSignMode,
- IN const int nSlotEventMethod,
- IN const int nSlotEventPollInterval,
- IN const PKCS11H_BOOL fCertIsPrivate
-);
-
-/*
- * pkcs11h_delProvider - Delete a PKCS#11 provider.
- *
- * Parameters:
- * szReferenceName - Reference name for this provider.
- *
- * This function must be called from the main thread.
- */
-CK_RV
-pkcs11h_removeProvider (
- IN const char * const szReferenceName
-);
-
-/*
- * pkcs11h_forkFixup - Handle special case of Unix fork()
- *
- * This function should be called after fork is called. This is required
- * due to a limitation of the PKCS#11 standard.
- *
- * This function must be called from the main thread.
- *
- * The helper library handles fork automatically if ENABLE_PKCS11H_THREADING
- * is set on configuration file, by use of pthread_atfork.
- */
-CK_RV
-pkcs11h_forkFixup ();
-
-/*
- * pkcs11h_plugAndPlay - Handle slot rescan.
- *
- * This function must be called from the main thread.
- *
- * PKCS#11 providers do not allow plug&play, plug&play can be established by
- * finalizing all providers and initializing them again.
- *
- * The cost of this process is invalidating all sessions, and require user
- * login at the next access.
- */
-CK_RV
-pkcs11h_plugAndPlay ();
-
-/*
- * pkcs11h_freeTokenId - Free token_id object.
- */
-CK_RV
-pkcs11h_freeTokenId (
- IN pkcs11h_token_id_t certificate_id
-);
-
-/*
- * pkcs11h_duplicateTokenId - Duplicate token_id object.
- */
-CK_RV
-pkcs11h_duplicateTokenId (
- OUT pkcs11h_token_id_t * const to,
- IN const pkcs11h_token_id_t from
-);
-
-/*
- * pkcs11h_sameTokenId - Returns TRUE if same token id
- */
-PKCS11H_BOOL
-pkcs11h_sameTokenId (
- IN const pkcs11h_token_id_t a,
- IN const pkcs11h_token_id_t b
-);
-
-#if defined(ENABLE_PKCS11H_TOKEN)
-
-/*
- * pkcs11h_token_ensureAccess - Ensure token is accessible.
- *
- * Parameters:
- * token_id - Token id object.
- * maskPrompt - Allow prompt.
- */
-CK_RV
-pkcs11h_token_ensureAccess (
- IN const pkcs11h_token_id_t token_id,
- IN const unsigned maskPrompt
-);
-
-#endif /* ENABLE_PKCS11H_TOKEN */
-
-#if defined(ENABLE_PKCS11H_DATA)
-
-CK_RV
-pkcs11h_data_get (
- IN const pkcs11h_token_id_t token_id,
- IN const PKCS11H_BOOL fPublic,
- IN const char * const szApplication,
- IN const char * const szLabel,
- OUT char * const blob,
- IN OUT size_t * const p_blob_size
-);
-
-CK_RV
-pkcs11h_data_put (
- IN const pkcs11h_token_id_t token_id,
- IN const PKCS11H_BOOL fPublic,
- IN const char * const szApplication,
- IN const char * const szLabel,
- OUT char * const blob,
- IN const size_t blob_size
-);
-
-CK_RV
-pkcs11h_data_del (
- IN const pkcs11h_token_id_t token_id,
- IN const PKCS11H_BOOL fPublic,
- IN const char * const szApplication,
- IN const char * const szLabel
-);
-
-#endif /* ENABLE_PKCS11H_DATA */
-
-#if defined(ENABLE_PKCS11H_CERTIFICATE)
-/*======================================================================*
- * CERTIFICATE INTERFACE
- *======================================================================*/
-
-/*
- * pkcs11h_freeCertificateId - Free certificate_id object.
- */
-CK_RV
-pkcs11h_freeCertificateId (
- IN pkcs11h_certificate_id_t certificate_id
-);
-
-/*
- * pkcs11h_duplicateCertificateId - Duplicate certificate_id object.
- */
-CK_RV
-pkcs11h_duplicateCertificateId (
- OUT pkcs11h_certificate_id_t * const to,
- IN const pkcs11h_certificate_id_t from
-);
-
-/*
- * pkcs11h_freeCertificate - Free certificate object.
- */
-CK_RV
-pkcs11h_freeCertificate (
- IN pkcs11h_certificate_t certificate
-);
-
-/*
- * pkcs11h_certificate_create - Create a certificate object out of certificate_id.
- *
- * Parameters:
- * certificate_id - Certificate id object to be based on.
- * nPINCachePeriod - Session specific cache period.
- * p_certificate - Receives certificate object.
- *
- * The certificate id object may not specify the full certificate.
- * The certificate object must be freed by caller.
- */
-CK_RV
-pkcs11h_certificate_create (
- IN const pkcs11h_certificate_id_t certificate_id,
- IN const int nPINCachePeriod,
- OUT pkcs11h_certificate_t * const p_certificate
-);
-
-/*
- * pkcs11h_certificate_getCertificateId - Get certifiate id object out of a certifiate
- *
- * Parameters:
- * certificate - Certificate object.
- * p_certificate_id - Certificate id object pointer.
- *
- * The certificate id must be freed by caller.
- */
-CK_RV
-pkcs11h_certificate_getCertificateId (
- IN const pkcs11h_certificate_t certificate,
- OUT pkcs11h_certificate_id_t * const p_certificate_id
-);
-
-/*
- * pkcs11h_certificate_getCertificateBlob - Get the certificate blob out of the certificate object.
- *
- * ParametersL
- * certificate - Certificate object.
- * certificate_blob - Buffer.
- * certificate_blob_size - Buffer size.
- *
- * Buffer may be NULL in order to get size.
- */
-CK_RV
-pkcs11h_certificate_getCertificateBlob (
- IN const pkcs11h_certificate_t certificate,
- OUT unsigned char * const certificate_blob,
- IN OUT size_t * const p_certificate_blob_size
-);
-
-/*
- * pkcs11h_certificate_ensureCertificateAccess - Ensure certificate is accessible.
- *
- * Parameters:
- * certificate - Certificate object.
- * maskPrompt - Allow prompt.
- */
-CK_RV
-pkcs11h_certificate_ensureCertificateAccess (
- IN const pkcs11h_certificate_t certificate,
- IN const unsigned maskPrompt
-);
-
-/*
- * pkcs11h_certificate_ensureKeyAccess - Ensure key is accessible.
- *
- * Parameters:
- * certificate - Certificate object.
- * maskPrompt - Allow prompt.
- */
-CK_RV
-pkcs11h_certificate_ensureKeyAccess (
- IN const pkcs11h_certificate_t certificate,
- IN const unsigned maskPrompt
-);
-
-/*
- * pkcs11h_certificate_sign - Sign data.
- *
- * Parameters:
- * certificate - Certificate object.
- * mech_type - PKCS#11 mechanism.
- * source - Buffer to sign.
- * source_size - Buffer size.
- * target - Target buffer, can be NULL to get size.
- * target_size - Target buffer size.
- */
-CK_RV
-pkcs11h_certificate_sign (
- IN const pkcs11h_certificate_t certificate,
- IN const CK_MECHANISM_TYPE mech_type,
- IN const unsigned char * const source,
- IN const size_t source_size,
- OUT unsigned char * const target,
- IN OUT size_t * const p_target_size
-);
-
-/*
- * pkcs11h_certificate_signRecover - Sign data.
- *
- * Parameters:
- * certificate - Certificate object.
- * mech_type - PKCS#11 mechanism.
- * source - Buffer to sign.
- * source_size - Buffer size.
- * target - Target buffer, can be NULL to get size.
- * target_size - Target buffer size.
- */
-CK_RV
-pkcs11h_certificate_signRecover (
- IN const pkcs11h_certificate_t certificate,
- IN const CK_MECHANISM_TYPE mech_type,
- IN const unsigned char * const source,
- IN const size_t source_size,
- OUT unsigned char * const target,
- IN OUT size_t * const p_target_size
-);
-
-/*
- * pkcs11h_certificate_signAny - Sign data mechanism determined by key attributes.
- *
- * Parameters:
- * certificate - Certificate object.
- * mech_type - PKCS#11 mechanism.
- * source - Buffer to sign.
- * source_size - Buffer size.
- * target - Target buffer, can be NULL to get size.
- * target_size - Target buffer size.
- */
-CK_RV
-pkcs11h_certificate_signAny (
- IN const pkcs11h_certificate_t certificate,
- IN const CK_MECHANISM_TYPE mech_type,
- IN const unsigned char * const source,
- IN const size_t source_size,
- OUT unsigned char * const target,
- IN OUT size_t * const p_target_size
-);
-
-/*
- * pkcs11h_certificate_decrypt - Decrypt data.
- *
- * Parameters:
- * certificate - Certificate object.
- * mech_type - PKCS#11 mechanism.
- * source - Buffer to sign.
- * source_size - Buffer size.
- * target - Target buffer, can be NULL to get size.
- * target_size - Target buffer size.
- */
-CK_RV
-pkcs11h_certificate_decrypt (
- IN const pkcs11h_certificate_t certificate,
- IN const CK_MECHANISM_TYPE mech_type,
- IN const unsigned char * const source,
- IN const size_t source_size,
- OUT unsigned char * const target,
- IN OUT size_t * const p_target_size
-);
-
-#endif /* ENABLE_PKCS11H_CERTIFICATE */
-
-#if defined(ENABLE_PKCS11H_LOCATE)
-/*======================================================================*
- * LOCATE INTERFACE
- *======================================================================*/
-
-#if defined(ENABLE_PKCS11H_TOKEN) || defined(ENABLE_PKCS11H_CERTIFICATE)
-
-/*
- * pkcs11h_locate_token - Locate token based on atributes.
- *
- * Parameters:
- * szSlotType - How to locate slot.
- * szSlot - Slot name.
- * p_token_id - Token object.
- *
- * Slot:
- * id - Slot number.
- * name - Slot name.
- * label - Available token label.
- *
- * Caller must free token id.
- */
-CK_RV
-pkcs11h_locate_token (
- IN const char * const szSlotType,
- IN const char * const szSlot,
- OUT pkcs11h_token_id_t * const p_token_id
-);
-
-#endif /* ENABLE_PKCS11H_TOKEN || ENABLE_PKCS11H_CERTIFICATE */
-
-#if defined(ENABLE_PKCS11H_CERTIFICATE)
-
-/*
- * pkcs11h_locate_certificate - Locate certificate based on atributes.
- *
- * Parameters:
- * szSlotType - How to locate slot.
- * szSlot - Slot name.
- * szIdType - How to locate object.
- * szId - Object name.
- * p_certificate_id - Certificate object.
- *
- * Slot:
- * Same as pkcs11h_locate_token.
- *
- * Object:
- * id - Certificate CKA_ID (hex string) (Fastest).
- * label - Certificate CKA_LABEL (string).
- * subject - Certificate subject (OpenSSL DN).
- *
- * Caller must free certificate id.
- */
-CK_RV
-pkcs11h_locate_certificate (
- IN const char * const szSlotType,
- IN const char * const szSlot,
- IN const char * const szIdType,
- IN const char * const szId,
- OUT pkcs11h_certificate_id_t * const p_certificate_id
-);
-
-#endif /* ENABLE_PKCS11H_CERTIFICATE */
-
-#endif /* ENABLE_PKCS11H_LOCATE */
-
-#if defined(ENABLE_PKCS11H_ENUM)
-/*======================================================================*
- * ENUM INTERFACE
- *======================================================================*/
-
-#if defined(ENABLE_PKCS11H_TOKEN)
-
-/*
- * pkcs11h_freeCertificateIdList - Free certificate_id list.
- */
-CK_RV
-pkcs11h_freeTokenIdList (
- IN const pkcs11h_token_id_list_t token_id_list
-);
-
-/*
- * pkcs11h_enum_getTokenIds - Enumerate available tokens
- *
- * Parameters:
- * p_token_id_list - A list of token ids.
- *
- * Caller must free the list.
- */
-CK_RV
-pkcs11h_enum_getTokenIds (
- IN const int method,
- OUT pkcs11h_token_id_list_t * const p_token_id_list
-);
-
-#endif /* ENABLE_PKCS11H_TOKEN */
-
-#if defined(ENABLE_PKCS11H_DATA)
-
-CK_RV
-pkcs11h_freeDataIdList (
- IN const pkcs11h_data_id_list_t data_id_list
-);
-
-CK_RV
-pkcs11h_enumDataObjects (
- IN const pkcs11h_token_id_t token_id,
- IN const PKCS11H_BOOL fPublic,
- OUT pkcs11h_data_id_list_t * const p_data_id_list
-);
-
-#endif /* ENABLE_PKCS11H_DATA */
-
-#if defined(ENABLE_PKCS11H_CERTIFICATE)
-
-/*
- * pkcs11h_freeCertificateIdList - Free certificate_id list.
- */
-CK_RV
-pkcs11h_freeCertificateIdList (
- IN const pkcs11h_certificate_id_list_t cert_id_list
-);
-
-/*
- * pkcs11h_enum_getTokenCertificateIds - Enumerate available certificates on specific token
- *
- * Parameters:
- * token_id - Token id to enum.
- * method - How to fetch certificates.
- * p_cert_id_issuers_list - Receives issues list, can be NULL.
- * p_cert_id_end_list - Receives end certificates list.
- *
- * This function will likely take long time.
- *
- * Method can be one of the following:
- * PKCS11H_ENUM_METHOD_CACHE
- * Return available certificates, even if token was once detected and
- * was removed.
- * PKCS11H_ENUM_METHOD_CACHE_EXIST
- * Return available certificates for available tokens only, don't
- * read the contents of the token if already read, even if this token
- * removed and inserted.
- * PKCS11H_ENUM_METHOD_RELOAD
- * Clear all caches and then enum.
- *
- * Caller must free the lists.
- */
-CK_RV
-pkcs11h_enum_getTokenCertificateIds (
- IN const pkcs11h_token_id_t token_id,
- IN const int method,
- OUT pkcs11h_certificate_id_list_t * const p_cert_id_issuers_list,
- OUT pkcs11h_certificate_id_list_t * const p_cert_id_end_list
-);
-
-/*
- * pkcs11h_enum_getCertificateIds - Enumerate available certificates.
- *
- * Parameters:
- * method - How to fetch certificates.
- * p_cert_id_issuers_list - Receives issues list, can be NULL.
- * p_cert_id_end_list - Receives end certificates list.
- *
- * This function will likely take long time.
- *
- * Method can be one of the following:
- * PKCS11H_ENUM_METHOD_CACHE
- * Return available certificates, even if token was once detected and
- * was removed.
- * PKCS11H_ENUM_METHOD_CACHE_EXIST
- * Return available certificates for available tokens only, don't
- * read the contents of the token if already read, even if this token
- * removed and inserted.
- * PKCS11H_ENUM_METHOD_RELOAD
- * Clear all caches and then enum.
- *
- * Caller must free lists.
- */
-CK_RV
-pkcs11h_enum_getCertificateIds (
- IN const int method,
- OUT pkcs11h_certificate_id_list_t * const p_cert_id_issuers_list,
- OUT pkcs11h_certificate_id_list_t * const p_cert_id_end_list
-);
-
-#endif /* ENABLE_PKCS11H_CERTIFICATE */
-
-#endif /* ENABLE_PKCS11H_ENUM */
-
-#if defined(ENABLE_PKCS11H_OPENSSL)
-/*======================================================================*
- * OPENSSL INTERFACE
- *======================================================================*/
-
-/*
- * pkcs11h_openssl_createSession - Create OpenSSL session based on a certificate object.
- *
- * Parameters:
- * certificate - Certificate object.
- *
- * The certificate object will be freed by the OpenSSL interface on session end.
- */
-pkcs11h_openssl_session_t
-pkcs11h_openssl_createSession (
- IN const pkcs11h_certificate_t certificate
-);
-
-/*
- * pkcs11h_openssl_freeSession - Free OpenSSL session.
- *
- * Parameters:
- * openssl_session - Session to free.
- *
- * The openssl_session object has a reference count just like other OpenSSL objects.
- */
-void
-pkcs11h_openssl_freeSession (
- IN const pkcs11h_openssl_session_t openssl_session
-);
-
-/*
- * pkcs11h_openssl_getRSA - Returns an RSA object out of the openssl_session object.
- *
- * Parameters:
- * openssl_session - Session.
- */
-RSA *
-pkcs11h_openssl_getRSA (
- IN const pkcs11h_openssl_session_t openssl_session
-);
-
-/*
- * pkcs11h_openssl_getX509 - Returns an X509 object out of the openssl_session object.
- *
- * Parameters:
- * openssl_session - Session.
- */
-X509 *
-pkcs11h_openssl_getX509 (
- IN const pkcs11h_openssl_session_t openssl_session
-);
-
-#endif /* ENABLE_PKCS11H_OPENSSL */
-
-#if defined(ENABLE_PKCS11H_STANDALONE)
-/*======================================================================*
- * STANDALONE INTERFACE
- *======================================================================*/
-
-void
-pkcs11h_standalone_dump_slots (
- IN const pkcs11h_output_print_t my_output,
- IN const void *pData,
- IN const char * const provider
-);
-
-void
-pkcs11h_standalone_dump_objects (
- IN const pkcs11h_output_print_t my_output,
- IN const void *pData,
- IN const char * const provider,
- IN const char * const slot,
- IN const char * const pin
-);
-
-#endif /* ENABLE_PKCS11H_STANDALONE */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __PKCS11H_HELPER_H */