diff options
author | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2007-10-22 20:06:14 +0000 |
---|---|---|
committer | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2007-10-22 20:06:14 +0000 |
commit | 718526e0e9efbcf6f8aa5cfa411c06c21429011d (patch) | |
tree | 91ba9366ad8d733256e15eb61623384a48a9950f /pkcs11-helper.h | |
parent | Modified command line and config file parser to allow (diff) | |
download | openvpn-718526e0e9efbcf6f8aa5cfa411c06c21429011d.tar.xz |
Use pkcs11-helper as external library, can be downloaded
from https://www.opensc-project.org/pkcs11-helper (Alon Bar-Lev).
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2418 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'pkcs11-helper.h')
-rw-r--r-- | pkcs11-helper.h | 972 |
1 files changed, 0 insertions, 972 deletions
diff --git a/pkcs11-helper.h b/pkcs11-helper.h deleted file mode 100644 index f6eb967..0000000 --- a/pkcs11-helper.h +++ /dev/null @@ -1,972 +0,0 @@ -/* - * Copyright (c) 2005-2006 Alon Bar-Lev <alon.barlev@gmail.com> - * All rights reserved. - * - * This software is available to you under a choice of one of two - * licenses. You may choose to be licensed under the terms of the GNU - * General Public License (GPL) Version 2, or the OpenIB.org BSD license. - * - * GNU General Public License (GPL) Version 2 - * =========================================== - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program (see the file COPYING[.GPL2] included with this - * distribution); if not, write to the Free Software Foundation, Inc., - * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * OpenIB.org BSD license - * ======================= - * Redistribution and use in source and binary forms, with or without modifi- - * cation, are permitted provided that the following conditions are met: - * - * o Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * o Redistributions in binary form must reproduce the above copyright no- - * tice, this list of conditions and the following disclaimer in the do- - * cumentation and/or other materials provided with the distribution. - * - * o The names of the contributors may not be used to endorse or promote - * products derived from this software without specific prior written - * permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LI- - * ABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUEN- - * TIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEV- - * ER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABI- - * LITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * The routines in this file deal with providing private key cryptography - * using RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki). - * - */ - -#ifndef __PKCS11H_HELPER_H -#define __PKCS11H_HELPER_H - -#if defined(__cplusplus) -extern "C" { -#endif - -#include "pkcs11-helper-config.h" - -#if defined(ENABLE_PKCS11H_SLOTEVENT) && !defined(ENABLE_PKCS11H_THREADING) -#error PKCS#11: ENABLE_PKCS11H_SLOTEVENT requires ENABLE_PKCS11H_THREADING -#endif -#if defined(ENABLE_PKCS11H_OPENSSL) && !defined(ENABLE_PKCS11H_CERTIFICATE) -#error PKCS#11: ENABLE_PKCS11H_OPENSSL requires ENABLE_PKCS11H_CERTIFICATE -#endif - -#define PKCS11H_LOG_DEBUG2 5 -#define PKCS11H_LOG_DEBUG1 4 -#define PKCS11H_LOG_INFO 3 -#define PKCS11H_LOG_WARN 2 -#define PKCS11H_LOG_ERROR 1 -#define PKCS11H_LOG_QUITE 0 - -#define PKCS11H_PIN_CACHE_INFINITE -1 - -#define PKCS11H_SIGNMODE_MASK_SIGN (1<<0) -#define PKCS11H_SIGNMODE_MASK_RECOVER (1<<1) - -#define PKCS11H_PROMPT_MASK_ALLOW_PIN_PROMPT (1<<0) -#define PKCS11H_PROMPT_MAST_ALLOW_CARD_PROMPT (1<<1) - -#define PKCS11H_SLOTEVENT_METHOD_AUTO 0 -#define PKCS11H_SLOTEVENT_METHOD_TRIGGER 1 -#define PKCS11H_SLOTEVENT_METHOD_POLL 2 - -#define PKCS11H_ENUM_METHOD_CACHE 0 -#define PKCS11H_ENUM_METHOD_CACHE_EXIST 1 -#define PKCS11H_ENUM_METHOD_RELOAD 2 - -typedef void (*pkcs11h_output_print_t)( - IN const void *pData, - IN const char * const szFormat, - IN ... -) -#if __GNUC__ > 2 - __attribute__ ((format (printf, 2, 3))) -#endif - ; - -struct pkcs11h_token_id_s; -typedef struct pkcs11h_token_id_s *pkcs11h_token_id_t; - -#if defined(ENABLE_PKCS11H_CERTIFICATE) - -struct pkcs11h_certificate_id_s; -struct pkcs11h_certificate_s; -typedef struct pkcs11h_certificate_id_s *pkcs11h_certificate_id_t; -typedef struct pkcs11h_certificate_s *pkcs11h_certificate_t; - -#endif /* ENABLE_PKCS11H_CERTIFICATE */ - -#if defined(ENABLE_PKCS11H_ENUM) - -struct pkcs11h_token_id_list_s; -typedef struct pkcs11h_token_id_list_s *pkcs11h_token_id_list_t; - -#if defined(ENABLE_PKCS11H_DATA) - -struct pkcs11h_data_id_list_s; -typedef struct pkcs11h_data_id_list_s *pkcs11h_data_id_list_t; - -#endif /* ENABLE_PKCS11H_DATA */ - -#if defined(ENABLE_PKCS11H_CERTIFICATE) - -struct pkcs11h_certificate_id_list_s; -typedef struct pkcs11h_certificate_id_list_s *pkcs11h_certificate_id_list_t; - -#endif /* ENABLE_PKCS11H_CERTIFICATE */ - -#endif /* ENABLE_PKCS11H_ENUM */ - -typedef void (*pkcs11h_hook_log_t)( - IN const void *pData, - IN const unsigned flags, - IN const char * const szFormat, - IN va_list args -); - -typedef void (*pkcs11h_hook_slotevent_t)( - IN const void *pData -); - -typedef PKCS11H_BOOL (*pkcs11h_hook_token_prompt_t)( - IN const void *pData, - IN const pkcs11h_token_id_t token, - IN const unsigned retry -); - -typedef PKCS11H_BOOL (*pkcs11h_hook_pin_prompt_t)( - IN const void *pData, - IN const pkcs11h_token_id_t token, - IN const unsigned retry, - OUT char * const szPIN, - IN const size_t nMaxPIN -); - -struct pkcs11h_token_id_s { - char label[1024]; - char manufacturerID[sizeof (((CK_TOKEN_INFO *)NULL)->manufacturerID)+1]; - char model[sizeof (((CK_TOKEN_INFO *)NULL)->model)+1]; - char serialNumber[sizeof (((CK_TOKEN_INFO *)NULL)->serialNumber)+1]; -}; - -#if defined(ENABLE_PKCS11H_CERTIFICATE) - -struct pkcs11h_certificate_id_s { - pkcs11h_token_id_t token_id; - - char displayName[1024]; - CK_BYTE_PTR attrCKA_ID; - size_t attrCKA_ID_size; - - unsigned char *certificate_blob; - size_t certificate_blob_size; -}; - -#endif - -#if defined(ENABLE_PKCS11H_ENUM) - -struct pkcs11h_token_id_list_s { - pkcs11h_token_id_list_t next; - pkcs11h_token_id_t token_id; -}; - -#if defined(ENABLE_PKCS11H_DATA) - -struct pkcs11h_data_id_list_s { - pkcs11h_data_id_list_t next; - - char *application; - char *label; -}; - -#endif /* ENABLE_PKCS11H_DATA */ - -#if defined(ENABLE_PKCS11H_CERTIFICATE) - -struct pkcs11h_certificate_id_list_s { - pkcs11h_certificate_id_list_t next; - pkcs11h_certificate_id_t certificate_id; -}; - -#endif /* ENABLE_PKCS11H_CERTIFICATE */ - -#endif /* ENABLE_PKCS11H_CERTIFICATE */ - -#if defined(ENABLE_PKCS11H_OPENSSL) - -struct pkcs11h_openssl_session_s; -typedef struct pkcs11h_openssl_session_s *pkcs11h_openssl_session_t; - -#endif /* ENABLE_PKCS11H_OPENSSL */ - -/* - * pkcs11h_getMessage - Get message by return value. - * - * Parameters: - * rv - Return value. - */ -char * -pkcs11h_getMessage ( - IN const int rv -); - -/* - * pkcs11h_initialize - Inititalize helper interface. - * - * Must be called once, from main thread. - * Defaults: - * Protected authentication enabled. - * PIN cached is infinite. - */ -CK_RV -pkcs11h_initialize (); - -/* - * pkcs11h_terminate - Terminate helper interface. - * - * Must be called once, from main thread, after all - * related resources freed. - */ -CK_RV -pkcs11h_terminate (); - -/* - * pkcs11h_setLogLevel - Set current log level of the helper. - * - * Parameters: - * flags - current log level. - * - * The log level can be set to maximum, but setting it to lower - * level will improve performance. - */ -void -pkcs11h_setLogLevel ( - IN const unsigned flags -); - -/* - * pkcs11h_getLogLevel - Get current log level. - */ -unsigned -pkcs11h_getLogLevel (); - -/* - * pkcs11h_setLogHook - Set a log callback. - * - * Parameters: - * hook - Callback. - * pData - Data to send to callback. - */ -CK_RV -pkcs11h_setLogHook ( - IN const pkcs11h_hook_log_t hook, - IN void * const pData -); - -/* - * pkcs11h_setSlotEventHook - Set a slot event callback. - * - * Parameters: - * hook - Callback. - * pData - Data to send to callback. - * - * Calling this function initialize slot event notifications, these - * notifications can be started, but never terminate due to PKCS#11 limitation. - * - * In order to use slot events you must have threading enabled. - */ -CK_RV -pkcs11h_setSlotEventHook ( - IN const pkcs11h_hook_slotevent_t hook, - IN void * const pData -); - -/* - * pkcs11h_setTokenPromptHook - Set a token prompt callback. - * - * Parameters: - * hook - Callback. - * pData - Data to send to callback. - */ -CK_RV -pkcs11h_setTokenPromptHook ( - IN const pkcs11h_hook_token_prompt_t hook, - IN void * const pData -); - -/* - * pkcs11h_setPINPromptHook - Set a pin prompt callback. - * - * Parameters: - * hook - Callback. - * pData - Data to send to callback. - */ -CK_RV -pkcs11h_setPINPromptHook ( - IN const pkcs11h_hook_pin_prompt_t hook, - IN void * const pData -); - -/* - * pkcs11h_setProtectedAuthentication - Set global protected authentication mode. - * - * Parameters: - * fProtectedAuthentication - Allow protected authentication if enabled by token. - */ -CK_RV -pkcs11h_setProtectedAuthentication ( - IN const PKCS11H_BOOL fProtectedAuthentication -); - -/* - * pkcs11h_setPINCachePeriod - Set global PIN cache timeout. - * - * Parameters: - * nPINCachePeriod - Cache period in seconds, or PKCS11H_PIN_CACHE_INFINITE. - */ -CK_RV -pkcs11h_setPINCachePeriod ( - IN const int nPINCachePeriod -); - -/* - * pkcs11h_setMaxLoginRetries - Set global login retries attempts. - * - * Parameters: - * nMaxLoginRetries - Login retries handled by the helper. - */ -CK_RV -pkcs11h_setMaxLoginRetries ( - IN const unsigned nMaxLoginRetries -); - -/* - * pkcs11h_addProvider - Add a PKCS#11 provider. - * - * Parameters: - * szReferenceName - Reference name for this provider. - * szProvider - Provider library location. - * fProtectedAuthentication - Allow this provider to use protected authentication. - * maskSignMode - Provider signmode override. - * nSlotEventMethod - Provider slot event method. - * nSlotEventPollInterval - Slot event poll interval (If in polling mode). - * fCertIsPrivate - Provider's certificate access should be done after login. - * - * This function must be called from the main thread. - * - * The global fProtectedAuthentication must be enabled in order to allow provider specific. - * The maskSignMode can be 0 in order to automatically detect key sign mode. - */ -CK_RV -pkcs11h_addProvider ( - IN const char * const szReferenceName, - IN const char * const szProvider, - IN const PKCS11H_BOOL fProtectedAuthentication, - IN const unsigned maskSignMode, - IN const int nSlotEventMethod, - IN const int nSlotEventPollInterval, - IN const PKCS11H_BOOL fCertIsPrivate -); - -/* - * pkcs11h_delProvider - Delete a PKCS#11 provider. - * - * Parameters: - * szReferenceName - Reference name for this provider. - * - * This function must be called from the main thread. - */ -CK_RV -pkcs11h_removeProvider ( - IN const char * const szReferenceName -); - -/* - * pkcs11h_forkFixup - Handle special case of Unix fork() - * - * This function should be called after fork is called. This is required - * due to a limitation of the PKCS#11 standard. - * - * This function must be called from the main thread. - * - * The helper library handles fork automatically if ENABLE_PKCS11H_THREADING - * is set on configuration file, by use of pthread_atfork. - */ -CK_RV -pkcs11h_forkFixup (); - -/* - * pkcs11h_plugAndPlay - Handle slot rescan. - * - * This function must be called from the main thread. - * - * PKCS#11 providers do not allow plug&play, plug&play can be established by - * finalizing all providers and initializing them again. - * - * The cost of this process is invalidating all sessions, and require user - * login at the next access. - */ -CK_RV -pkcs11h_plugAndPlay (); - -/* - * pkcs11h_freeTokenId - Free token_id object. - */ -CK_RV -pkcs11h_freeTokenId ( - IN pkcs11h_token_id_t certificate_id -); - -/* - * pkcs11h_duplicateTokenId - Duplicate token_id object. - */ -CK_RV -pkcs11h_duplicateTokenId ( - OUT pkcs11h_token_id_t * const to, - IN const pkcs11h_token_id_t from -); - -/* - * pkcs11h_sameTokenId - Returns TRUE if same token id - */ -PKCS11H_BOOL -pkcs11h_sameTokenId ( - IN const pkcs11h_token_id_t a, - IN const pkcs11h_token_id_t b -); - -#if defined(ENABLE_PKCS11H_TOKEN) - -/* - * pkcs11h_token_ensureAccess - Ensure token is accessible. - * - * Parameters: - * token_id - Token id object. - * maskPrompt - Allow prompt. - */ -CK_RV -pkcs11h_token_ensureAccess ( - IN const pkcs11h_token_id_t token_id, - IN const unsigned maskPrompt -); - -#endif /* ENABLE_PKCS11H_TOKEN */ - -#if defined(ENABLE_PKCS11H_DATA) - -CK_RV -pkcs11h_data_get ( - IN const pkcs11h_token_id_t token_id, - IN const PKCS11H_BOOL fPublic, - IN const char * const szApplication, - IN const char * const szLabel, - OUT char * const blob, - IN OUT size_t * const p_blob_size -); - -CK_RV -pkcs11h_data_put ( - IN const pkcs11h_token_id_t token_id, - IN const PKCS11H_BOOL fPublic, - IN const char * const szApplication, - IN const char * const szLabel, - OUT char * const blob, - IN const size_t blob_size -); - -CK_RV -pkcs11h_data_del ( - IN const pkcs11h_token_id_t token_id, - IN const PKCS11H_BOOL fPublic, - IN const char * const szApplication, - IN const char * const szLabel -); - -#endif /* ENABLE_PKCS11H_DATA */ - -#if defined(ENABLE_PKCS11H_CERTIFICATE) -/*======================================================================* - * CERTIFICATE INTERFACE - *======================================================================*/ - -/* - * pkcs11h_freeCertificateId - Free certificate_id object. - */ -CK_RV -pkcs11h_freeCertificateId ( - IN pkcs11h_certificate_id_t certificate_id -); - -/* - * pkcs11h_duplicateCertificateId - Duplicate certificate_id object. - */ -CK_RV -pkcs11h_duplicateCertificateId ( - OUT pkcs11h_certificate_id_t * const to, - IN const pkcs11h_certificate_id_t from -); - -/* - * pkcs11h_freeCertificate - Free certificate object. - */ -CK_RV -pkcs11h_freeCertificate ( - IN pkcs11h_certificate_t certificate -); - -/* - * pkcs11h_certificate_create - Create a certificate object out of certificate_id. - * - * Parameters: - * certificate_id - Certificate id object to be based on. - * nPINCachePeriod - Session specific cache period. - * p_certificate - Receives certificate object. - * - * The certificate id object may not specify the full certificate. - * The certificate object must be freed by caller. - */ -CK_RV -pkcs11h_certificate_create ( - IN const pkcs11h_certificate_id_t certificate_id, - IN const int nPINCachePeriod, - OUT pkcs11h_certificate_t * const p_certificate -); - -/* - * pkcs11h_certificate_getCertificateId - Get certifiate id object out of a certifiate - * - * Parameters: - * certificate - Certificate object. - * p_certificate_id - Certificate id object pointer. - * - * The certificate id must be freed by caller. - */ -CK_RV -pkcs11h_certificate_getCertificateId ( - IN const pkcs11h_certificate_t certificate, - OUT pkcs11h_certificate_id_t * const p_certificate_id -); - -/* - * pkcs11h_certificate_getCertificateBlob - Get the certificate blob out of the certificate object. - * - * ParametersL - * certificate - Certificate object. - * certificate_blob - Buffer. - * certificate_blob_size - Buffer size. - * - * Buffer may be NULL in order to get size. - */ -CK_RV -pkcs11h_certificate_getCertificateBlob ( - IN const pkcs11h_certificate_t certificate, - OUT unsigned char * const certificate_blob, - IN OUT size_t * const p_certificate_blob_size -); - -/* - * pkcs11h_certificate_ensureCertificateAccess - Ensure certificate is accessible. - * - * Parameters: - * certificate - Certificate object. - * maskPrompt - Allow prompt. - */ -CK_RV -pkcs11h_certificate_ensureCertificateAccess ( - IN const pkcs11h_certificate_t certificate, - IN const unsigned maskPrompt -); - -/* - * pkcs11h_certificate_ensureKeyAccess - Ensure key is accessible. - * - * Parameters: - * certificate - Certificate object. - * maskPrompt - Allow prompt. - */ -CK_RV -pkcs11h_certificate_ensureKeyAccess ( - IN const pkcs11h_certificate_t certificate, - IN const unsigned maskPrompt -); - -/* - * pkcs11h_certificate_sign - Sign data. - * - * Parameters: - * certificate - Certificate object. - * mech_type - PKCS#11 mechanism. - * source - Buffer to sign. - * source_size - Buffer size. - * target - Target buffer, can be NULL to get size. - * target_size - Target buffer size. - */ -CK_RV -pkcs11h_certificate_sign ( - IN const pkcs11h_certificate_t certificate, - IN const CK_MECHANISM_TYPE mech_type, - IN const unsigned char * const source, - IN const size_t source_size, - OUT unsigned char * const target, - IN OUT size_t * const p_target_size -); - -/* - * pkcs11h_certificate_signRecover - Sign data. - * - * Parameters: - * certificate - Certificate object. - * mech_type - PKCS#11 mechanism. - * source - Buffer to sign. - * source_size - Buffer size. - * target - Target buffer, can be NULL to get size. - * target_size - Target buffer size. - */ -CK_RV -pkcs11h_certificate_signRecover ( - IN const pkcs11h_certificate_t certificate, - IN const CK_MECHANISM_TYPE mech_type, - IN const unsigned char * const source, - IN const size_t source_size, - OUT unsigned char * const target, - IN OUT size_t * const p_target_size -); - -/* - * pkcs11h_certificate_signAny - Sign data mechanism determined by key attributes. - * - * Parameters: - * certificate - Certificate object. - * mech_type - PKCS#11 mechanism. - * source - Buffer to sign. - * source_size - Buffer size. - * target - Target buffer, can be NULL to get size. - * target_size - Target buffer size. - */ -CK_RV -pkcs11h_certificate_signAny ( - IN const pkcs11h_certificate_t certificate, - IN const CK_MECHANISM_TYPE mech_type, - IN const unsigned char * const source, - IN const size_t source_size, - OUT unsigned char * const target, - IN OUT size_t * const p_target_size -); - -/* - * pkcs11h_certificate_decrypt - Decrypt data. - * - * Parameters: - * certificate - Certificate object. - * mech_type - PKCS#11 mechanism. - * source - Buffer to sign. - * source_size - Buffer size. - * target - Target buffer, can be NULL to get size. - * target_size - Target buffer size. - */ -CK_RV -pkcs11h_certificate_decrypt ( - IN const pkcs11h_certificate_t certificate, - IN const CK_MECHANISM_TYPE mech_type, - IN const unsigned char * const source, - IN const size_t source_size, - OUT unsigned char * const target, - IN OUT size_t * const p_target_size -); - -#endif /* ENABLE_PKCS11H_CERTIFICATE */ - -#if defined(ENABLE_PKCS11H_LOCATE) -/*======================================================================* - * LOCATE INTERFACE - *======================================================================*/ - -#if defined(ENABLE_PKCS11H_TOKEN) || defined(ENABLE_PKCS11H_CERTIFICATE) - -/* - * pkcs11h_locate_token - Locate token based on atributes. - * - * Parameters: - * szSlotType - How to locate slot. - * szSlot - Slot name. - * p_token_id - Token object. - * - * Slot: - * id - Slot number. - * name - Slot name. - * label - Available token label. - * - * Caller must free token id. - */ -CK_RV -pkcs11h_locate_token ( - IN const char * const szSlotType, - IN const char * const szSlot, - OUT pkcs11h_token_id_t * const p_token_id -); - -#endif /* ENABLE_PKCS11H_TOKEN || ENABLE_PKCS11H_CERTIFICATE */ - -#if defined(ENABLE_PKCS11H_CERTIFICATE) - -/* - * pkcs11h_locate_certificate - Locate certificate based on atributes. - * - * Parameters: - * szSlotType - How to locate slot. - * szSlot - Slot name. - * szIdType - How to locate object. - * szId - Object name. - * p_certificate_id - Certificate object. - * - * Slot: - * Same as pkcs11h_locate_token. - * - * Object: - * id - Certificate CKA_ID (hex string) (Fastest). - * label - Certificate CKA_LABEL (string). - * subject - Certificate subject (OpenSSL DN). - * - * Caller must free certificate id. - */ -CK_RV -pkcs11h_locate_certificate ( - IN const char * const szSlotType, - IN const char * const szSlot, - IN const char * const szIdType, - IN const char * const szId, - OUT pkcs11h_certificate_id_t * const p_certificate_id -); - -#endif /* ENABLE_PKCS11H_CERTIFICATE */ - -#endif /* ENABLE_PKCS11H_LOCATE */ - -#if defined(ENABLE_PKCS11H_ENUM) -/*======================================================================* - * ENUM INTERFACE - *======================================================================*/ - -#if defined(ENABLE_PKCS11H_TOKEN) - -/* - * pkcs11h_freeCertificateIdList - Free certificate_id list. - */ -CK_RV -pkcs11h_freeTokenIdList ( - IN const pkcs11h_token_id_list_t token_id_list -); - -/* - * pkcs11h_enum_getTokenIds - Enumerate available tokens - * - * Parameters: - * p_token_id_list - A list of token ids. - * - * Caller must free the list. - */ -CK_RV -pkcs11h_enum_getTokenIds ( - IN const int method, - OUT pkcs11h_token_id_list_t * const p_token_id_list -); - -#endif /* ENABLE_PKCS11H_TOKEN */ - -#if defined(ENABLE_PKCS11H_DATA) - -CK_RV -pkcs11h_freeDataIdList ( - IN const pkcs11h_data_id_list_t data_id_list -); - -CK_RV -pkcs11h_enumDataObjects ( - IN const pkcs11h_token_id_t token_id, - IN const PKCS11H_BOOL fPublic, - OUT pkcs11h_data_id_list_t * const p_data_id_list -); - -#endif /* ENABLE_PKCS11H_DATA */ - -#if defined(ENABLE_PKCS11H_CERTIFICATE) - -/* - * pkcs11h_freeCertificateIdList - Free certificate_id list. - */ -CK_RV -pkcs11h_freeCertificateIdList ( - IN const pkcs11h_certificate_id_list_t cert_id_list -); - -/* - * pkcs11h_enum_getTokenCertificateIds - Enumerate available certificates on specific token - * - * Parameters: - * token_id - Token id to enum. - * method - How to fetch certificates. - * p_cert_id_issuers_list - Receives issues list, can be NULL. - * p_cert_id_end_list - Receives end certificates list. - * - * This function will likely take long time. - * - * Method can be one of the following: - * PKCS11H_ENUM_METHOD_CACHE - * Return available certificates, even if token was once detected and - * was removed. - * PKCS11H_ENUM_METHOD_CACHE_EXIST - * Return available certificates for available tokens only, don't - * read the contents of the token if already read, even if this token - * removed and inserted. - * PKCS11H_ENUM_METHOD_RELOAD - * Clear all caches and then enum. - * - * Caller must free the lists. - */ -CK_RV -pkcs11h_enum_getTokenCertificateIds ( - IN const pkcs11h_token_id_t token_id, - IN const int method, - OUT pkcs11h_certificate_id_list_t * const p_cert_id_issuers_list, - OUT pkcs11h_certificate_id_list_t * const p_cert_id_end_list -); - -/* - * pkcs11h_enum_getCertificateIds - Enumerate available certificates. - * - * Parameters: - * method - How to fetch certificates. - * p_cert_id_issuers_list - Receives issues list, can be NULL. - * p_cert_id_end_list - Receives end certificates list. - * - * This function will likely take long time. - * - * Method can be one of the following: - * PKCS11H_ENUM_METHOD_CACHE - * Return available certificates, even if token was once detected and - * was removed. - * PKCS11H_ENUM_METHOD_CACHE_EXIST - * Return available certificates for available tokens only, don't - * read the contents of the token if already read, even if this token - * removed and inserted. - * PKCS11H_ENUM_METHOD_RELOAD - * Clear all caches and then enum. - * - * Caller must free lists. - */ -CK_RV -pkcs11h_enum_getCertificateIds ( - IN const int method, - OUT pkcs11h_certificate_id_list_t * const p_cert_id_issuers_list, - OUT pkcs11h_certificate_id_list_t * const p_cert_id_end_list -); - -#endif /* ENABLE_PKCS11H_CERTIFICATE */ - -#endif /* ENABLE_PKCS11H_ENUM */ - -#if defined(ENABLE_PKCS11H_OPENSSL) -/*======================================================================* - * OPENSSL INTERFACE - *======================================================================*/ - -/* - * pkcs11h_openssl_createSession - Create OpenSSL session based on a certificate object. - * - * Parameters: - * certificate - Certificate object. - * - * The certificate object will be freed by the OpenSSL interface on session end. - */ -pkcs11h_openssl_session_t -pkcs11h_openssl_createSession ( - IN const pkcs11h_certificate_t certificate -); - -/* - * pkcs11h_openssl_freeSession - Free OpenSSL session. - * - * Parameters: - * openssl_session - Session to free. - * - * The openssl_session object has a reference count just like other OpenSSL objects. - */ -void -pkcs11h_openssl_freeSession ( - IN const pkcs11h_openssl_session_t openssl_session -); - -/* - * pkcs11h_openssl_getRSA - Returns an RSA object out of the openssl_session object. - * - * Parameters: - * openssl_session - Session. - */ -RSA * -pkcs11h_openssl_getRSA ( - IN const pkcs11h_openssl_session_t openssl_session -); - -/* - * pkcs11h_openssl_getX509 - Returns an X509 object out of the openssl_session object. - * - * Parameters: - * openssl_session - Session. - */ -X509 * -pkcs11h_openssl_getX509 ( - IN const pkcs11h_openssl_session_t openssl_session -); - -#endif /* ENABLE_PKCS11H_OPENSSL */ - -#if defined(ENABLE_PKCS11H_STANDALONE) -/*======================================================================* - * STANDALONE INTERFACE - *======================================================================*/ - -void -pkcs11h_standalone_dump_slots ( - IN const pkcs11h_output_print_t my_output, - IN const void *pData, - IN const char * const provider -); - -void -pkcs11h_standalone_dump_objects ( - IN const pkcs11h_output_print_t my_output, - IN const void *pData, - IN const char * const provider, - IN const char * const slot, - IN const char * const pin -); - -#endif /* ENABLE_PKCS11H_STANDALONE */ - -#ifdef __cplusplus -} -#endif - -#endif /* __PKCS11H_HELPER_H */ |