From 718526e0e9efbcf6f8aa5cfa411c06c21429011d Mon Sep 17 00:00:00 2001
From: james <james@e7ae566f-a301-0410-adde-c780ea21d3b5>
Date: Mon, 22 Oct 2007 20:06:14 +0000
Subject: Use pkcs11-helper as external library, can be downloaded from
 https://www.opensc-project.org/pkcs11-helper (Alon Bar-Lev).

git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@2418 e7ae566f-a301-0410-adde-c780ea21d3b5
---
 pkcs11-helper.h | 972 --------------------------------------------------------
 1 file changed, 972 deletions(-)
 delete mode 100644 pkcs11-helper.h

(limited to 'pkcs11-helper.h')

diff --git a/pkcs11-helper.h b/pkcs11-helper.h
deleted file mode 100644
index f6eb967..0000000
--- a/pkcs11-helper.h
+++ /dev/null
@@ -1,972 +0,0 @@
-/*
- * Copyright (c) 2005-2006 Alon Bar-Lev <alon.barlev@gmail.com>
- * All rights reserved.
- *
- * This software is available to you under a choice of one of two
- * licenses.  You may choose to be licensed under the terms of the GNU
- * General Public License (GPL) Version 2, or the OpenIB.org BSD license.
- *
- * GNU General Public License (GPL) Version 2
- * ===========================================
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License version 2
- *  as published by the Free Software Foundation.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program (see the file COPYING[.GPL2] included with this
- *  distribution); if not, write to the Free Software Foundation, Inc.,
- *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- *
- * OpenIB.org BSD license
- * =======================
- * Redistribution and use in source and binary forms, with or without modifi-
- * cation, are permitted provided that the following conditions are met:
- *
- *   o  Redistributions of source code must retain the above copyright notice,
- *      this list of conditions and the following disclaimer.
- *
- *   o  Redistributions in binary form must reproduce the above copyright no-
- *      tice, this list of conditions and the following disclaimer in the do-
- *      cumentation and/or other materials provided with the distribution.
- *
- *   o  The names of the contributors may not be used to endorse or promote
- *      products derived from this software without specific prior written
- *      permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
- * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LI-
- * ABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUEN-
- * TIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEV-
- * ER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABI-
- * LITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
- * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * The routines in this file deal with providing private key cryptography
- * using RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki).
- *
- */
-
-#ifndef __PKCS11H_HELPER_H
-#define __PKCS11H_HELPER_H
-
-#if defined(__cplusplus)
-extern "C" {
-#endif
-
-#include "pkcs11-helper-config.h"
-
-#if defined(ENABLE_PKCS11H_SLOTEVENT) && !defined(ENABLE_PKCS11H_THREADING)
-#error PKCS#11: ENABLE_PKCS11H_SLOTEVENT requires ENABLE_PKCS11H_THREADING
-#endif
-#if defined(ENABLE_PKCS11H_OPENSSL) && !defined(ENABLE_PKCS11H_CERTIFICATE)
-#error PKCS#11: ENABLE_PKCS11H_OPENSSL requires ENABLE_PKCS11H_CERTIFICATE
-#endif
-
-#define PKCS11H_LOG_DEBUG2	5
-#define PKCS11H_LOG_DEBUG1	4
-#define PKCS11H_LOG_INFO	3
-#define PKCS11H_LOG_WARN	2
-#define PKCS11H_LOG_ERROR	1
-#define PKCS11H_LOG_QUITE	0
-
-#define PKCS11H_PIN_CACHE_INFINITE	-1
-
-#define PKCS11H_SIGNMODE_MASK_SIGN	(1<<0)
-#define PKCS11H_SIGNMODE_MASK_RECOVER	(1<<1)
-
-#define PKCS11H_PROMPT_MASK_ALLOW_PIN_PROMPT	(1<<0)
-#define PKCS11H_PROMPT_MAST_ALLOW_CARD_PROMPT	(1<<1)
-
-#define PKCS11H_SLOTEVENT_METHOD_AUTO		0
-#define PKCS11H_SLOTEVENT_METHOD_TRIGGER	1
-#define PKCS11H_SLOTEVENT_METHOD_POLL		2
-
-#define PKCS11H_ENUM_METHOD_CACHE		0
-#define PKCS11H_ENUM_METHOD_CACHE_EXIST	1
-#define PKCS11H_ENUM_METHOD_RELOAD		2
-
-typedef void (*pkcs11h_output_print_t)(
-	IN const void *pData,
-	IN const char * const szFormat,
-	IN ...
-)
-#if __GNUC__ > 2
-    __attribute__ ((format (printf, 2, 3)))
-#endif
- ;
-
-struct pkcs11h_token_id_s;
-typedef struct pkcs11h_token_id_s *pkcs11h_token_id_t;
-
-#if defined(ENABLE_PKCS11H_CERTIFICATE)
-
-struct pkcs11h_certificate_id_s;
-struct pkcs11h_certificate_s;
-typedef struct pkcs11h_certificate_id_s *pkcs11h_certificate_id_t;
-typedef struct pkcs11h_certificate_s *pkcs11h_certificate_t;
-
-#endif				/* ENABLE_PKCS11H_CERTIFICATE */
-
-#if defined(ENABLE_PKCS11H_ENUM)
-
-struct pkcs11h_token_id_list_s;
-typedef struct pkcs11h_token_id_list_s *pkcs11h_token_id_list_t;
-
-#if defined(ENABLE_PKCS11H_DATA)
-
-struct pkcs11h_data_id_list_s;
-typedef struct pkcs11h_data_id_list_s *pkcs11h_data_id_list_t;
-
-#endif				/* ENABLE_PKCS11H_DATA */
-
-#if defined(ENABLE_PKCS11H_CERTIFICATE)
-
-struct pkcs11h_certificate_id_list_s;
-typedef struct pkcs11h_certificate_id_list_s *pkcs11h_certificate_id_list_t;
-
-#endif				/* ENABLE_PKCS11H_CERTIFICATE */
-
-#endif				/* ENABLE_PKCS11H_ENUM */
-
-typedef void (*pkcs11h_hook_log_t)(
-	IN const void *pData,
-	IN const unsigned flags,
-	IN const char * const szFormat,
-	IN va_list args
-);
-
-typedef void (*pkcs11h_hook_slotevent_t)(
-	IN const void *pData
-);
-
-typedef PKCS11H_BOOL (*pkcs11h_hook_token_prompt_t)(
-	IN const void *pData,
-	IN const pkcs11h_token_id_t token,
-	IN const unsigned retry
-);
-
-typedef PKCS11H_BOOL (*pkcs11h_hook_pin_prompt_t)(
-	IN const void *pData,
-	IN const pkcs11h_token_id_t token,
-	IN const unsigned retry,
-	OUT char * const szPIN,
-	IN const size_t nMaxPIN
-);
-
-struct pkcs11h_token_id_s {
-	char label[1024];
-	char manufacturerID[sizeof (((CK_TOKEN_INFO *)NULL)->manufacturerID)+1];
-	char model[sizeof (((CK_TOKEN_INFO *)NULL)->model)+1];
-	char serialNumber[sizeof (((CK_TOKEN_INFO *)NULL)->serialNumber)+1];
-};
-
-#if defined(ENABLE_PKCS11H_CERTIFICATE)
-
-struct pkcs11h_certificate_id_s {
-	pkcs11h_token_id_t token_id;
-
-	char displayName[1024];
-	CK_BYTE_PTR attrCKA_ID;
-	size_t attrCKA_ID_size;
-
-	unsigned char *certificate_blob;
-	size_t certificate_blob_size;
-};
-
-#endif
-
-#if defined(ENABLE_PKCS11H_ENUM)
-
-struct pkcs11h_token_id_list_s {
-	pkcs11h_token_id_list_t next;
-	pkcs11h_token_id_t token_id;
-};
-
-#if defined(ENABLE_PKCS11H_DATA)
-
-struct pkcs11h_data_id_list_s {
-	pkcs11h_data_id_list_t next;
-
-	char *application;
-	char *label;
-};
-
-#endif				/* ENABLE_PKCS11H_DATA */
-
-#if defined(ENABLE_PKCS11H_CERTIFICATE)
-
-struct pkcs11h_certificate_id_list_s {
-	pkcs11h_certificate_id_list_t next;
-	pkcs11h_certificate_id_t certificate_id;
-};
-
-#endif				/* ENABLE_PKCS11H_CERTIFICATE */
-
-#endif				/* ENABLE_PKCS11H_CERTIFICATE */
-
-#if defined(ENABLE_PKCS11H_OPENSSL)
-
-struct pkcs11h_openssl_session_s;
-typedef struct pkcs11h_openssl_session_s *pkcs11h_openssl_session_t;
-
-#endif				/* ENABLE_PKCS11H_OPENSSL */
-
-/*
- * pkcs11h_getMessage - Get message by return value.
- *
- * Parameters:
- * 	rv	- Return value.
- */
-char *
-pkcs11h_getMessage (
-	IN const int rv
-);
-
-/*
- * pkcs11h_initialize - Inititalize helper interface.
- *
- * Must be called once, from main thread.
- * Defaults:
- * 	Protected authentication enabled.
- * 	PIN cached is infinite.
- */
-CK_RV
-pkcs11h_initialize ();
-
-/*
- * pkcs11h_terminate - Terminate helper interface.
- *
- * Must be called once, from main thread, after all
- * related resources freed.
- */
-CK_RV
-pkcs11h_terminate ();
-
-/*
- * pkcs11h_setLogLevel - Set current log level of the helper.
- *
- * Parameters:
- * 	flags	- current log level.
- *
- * The log level can be set to maximum, but setting it to lower
- * level will improve performance.
- */
-void
-pkcs11h_setLogLevel (
-	IN const unsigned flags
-);
-
-/*
- * pkcs11h_getLogLevel - Get current log level.
- */
-unsigned
-pkcs11h_getLogLevel ();
-
-/*
- * pkcs11h_setLogHook - Set a log callback.
- *
- * Parameters:
- * 	hook	- Callback.
- * 	pData	- Data to send to callback.
- */
-CK_RV
-pkcs11h_setLogHook (
-	IN const pkcs11h_hook_log_t hook,
-	IN void * const pData
-);
-
-/*
- * pkcs11h_setSlotEventHook - Set a slot event callback.
- *
- * Parameters:
- * 	hook	- Callback.
- * 	pData	- Data to send to callback.
- *
- * Calling this function initialize slot event notifications, these
- * notifications can be started, but never terminate due to PKCS#11 limitation.
- *
- * In order to use slot events you must have threading enabled.
- */
-CK_RV
-pkcs11h_setSlotEventHook (
-	IN const pkcs11h_hook_slotevent_t hook,
-	IN void * const pData
-);
-
-/*
- * pkcs11h_setTokenPromptHook - Set a token prompt callback.
- *
- * Parameters:
- * 	hook	- Callback.
- * 	pData	- Data to send to callback.
- */
-CK_RV
-pkcs11h_setTokenPromptHook (
-	IN const pkcs11h_hook_token_prompt_t hook,
-	IN void * const pData
-);
-
-/*
- * pkcs11h_setPINPromptHook - Set a pin prompt callback.
- *
- * Parameters:
- * 	hook	- Callback.
- * 	pData	- Data to send to callback.
- */
-CK_RV
-pkcs11h_setPINPromptHook (
-	IN const pkcs11h_hook_pin_prompt_t hook,
-	IN void * const pData
-);
-
-/*
- * pkcs11h_setProtectedAuthentication - Set global protected authentication mode.
- *
- * Parameters:
- * 	fProtectedAuthentication	- Allow protected authentication if enabled by token.
- */
-CK_RV
-pkcs11h_setProtectedAuthentication (
-	IN const PKCS11H_BOOL fProtectedAuthentication
-);
-
-/*
- * pkcs11h_setPINCachePeriod - Set global PIN cache timeout.
- *
- * Parameters:
- * 	nPINCachePeriod	- Cache period in seconds, or PKCS11H_PIN_CACHE_INFINITE.
- */
-CK_RV
-pkcs11h_setPINCachePeriod (
-	IN const int nPINCachePeriod
-);
-
-/*
- * pkcs11h_setMaxLoginRetries - Set global login retries attempts.
- *
- * Parameters:
- * 	nMaxLoginRetries	- Login retries handled by the helper.
- */
-CK_RV
-pkcs11h_setMaxLoginRetries (
-	IN const unsigned nMaxLoginRetries
-);
-
-/*
- * pkcs11h_addProvider - Add a PKCS#11 provider.
- *
- * Parameters:
- * 	szReferenceName		- Reference name for this provider.
- * 	szProvider		- Provider library location.
- * 	fProtectedAuthentication	- Allow this provider to use protected authentication.
- * 	maskSignMode		- Provider signmode override.
- * 	nSlotEventMethod	- Provider slot event method.
- * 	nSlotEventPollInterval	- Slot event poll interval (If in polling mode).
- * 	fCertIsPrivate		- Provider's certificate access should be done after login.
- *
- * This function must be called from the main thread.
- *
- * The global fProtectedAuthentication must be enabled in order to allow provider specific.
- * The maskSignMode can be 0 in order to automatically detect key sign mode.
- */
-CK_RV
-pkcs11h_addProvider (
-	IN const char * const szReferenceName,
-	IN const char * const szProvider,
-	IN const PKCS11H_BOOL fProtectedAuthentication,
-	IN const unsigned maskSignMode,
-	IN const int nSlotEventMethod,
-	IN const int nSlotEventPollInterval,
-	IN const PKCS11H_BOOL fCertIsPrivate
-);
-
-/*
- * pkcs11h_delProvider - Delete a PKCS#11 provider.
- *
- * Parameters:
- * 	szReferenceName		- Reference name for this provider.
- *
- * This function must be called from the main thread.
- */
-CK_RV
-pkcs11h_removeProvider (
-	IN const char * const szReferenceName
-);
-
-/*
- * pkcs11h_forkFixup - Handle special case of Unix fork()
- *
- * This function should be called after fork is called. This is required
- * due to a limitation of the PKCS#11 standard.
- *
- * This function must be called from the main thread.
- *
- * The helper library handles fork automatically if ENABLE_PKCS11H_THREADING
- * is set on configuration file, by use of pthread_atfork.
- */
-CK_RV
-pkcs11h_forkFixup ();
-
-/*
- * pkcs11h_plugAndPlay - Handle slot rescan.
- *
- * This function must be called from the main thread.
- *
- * PKCS#11 providers do not allow plug&play, plug&play can be established by
- * finalizing all providers and initializing them again.
- *
- * The cost of this process is invalidating all sessions, and require user
- * login at the next access.
- */
-CK_RV
-pkcs11h_plugAndPlay ();
-
-/*
- * pkcs11h_freeTokenId - Free token_id object.
- */
-CK_RV
-pkcs11h_freeTokenId (
-	IN pkcs11h_token_id_t certificate_id
-);
-
-/*
- * pkcs11h_duplicateTokenId - Duplicate token_id object.
- */
-CK_RV
-pkcs11h_duplicateTokenId (
-	OUT pkcs11h_token_id_t * const to,
-	IN const pkcs11h_token_id_t from
-);
-
-/*
- * pkcs11h_sameTokenId - Returns TRUE if same token id
- */
-PKCS11H_BOOL
-pkcs11h_sameTokenId (
-	IN const pkcs11h_token_id_t a,
-	IN const pkcs11h_token_id_t b
-);
-
-#if defined(ENABLE_PKCS11H_TOKEN)
-
-/*
- * pkcs11h_token_ensureAccess - Ensure token is accessible.
- *
- * Parameters:
- * 	token_id	- Token id object.
- * 	maskPrompt	- Allow prompt.
- */
-CK_RV
-pkcs11h_token_ensureAccess (
-	IN const pkcs11h_token_id_t token_id,
-	IN const unsigned maskPrompt
-);
-
-#endif				/* ENABLE_PKCS11H_TOKEN */
-
-#if defined(ENABLE_PKCS11H_DATA)
-
-CK_RV
-pkcs11h_data_get (
-	IN const pkcs11h_token_id_t token_id,
-	IN const PKCS11H_BOOL fPublic,
-	IN const char * const szApplication,
-	IN const char * const szLabel,
-	OUT char * const blob,
-	IN OUT size_t * const p_blob_size
-);
-
-CK_RV
-pkcs11h_data_put (
-	IN const pkcs11h_token_id_t token_id,
-	IN const PKCS11H_BOOL fPublic,
-	IN const char * const szApplication,
-	IN const char * const szLabel,
-	OUT char * const blob,
-	IN const size_t blob_size
-);
-
-CK_RV
-pkcs11h_data_del (
-	IN const pkcs11h_token_id_t token_id,
-	IN const PKCS11H_BOOL fPublic,
-	IN const char * const szApplication,
-	IN const char * const szLabel
-);
-
-#endif				/* ENABLE_PKCS11H_DATA */
-
-#if defined(ENABLE_PKCS11H_CERTIFICATE)
-/*======================================================================*
- * CERTIFICATE INTERFACE
- *======================================================================*/
-
-/*
- * pkcs11h_freeCertificateId - Free certificate_id object.
- */
-CK_RV
-pkcs11h_freeCertificateId (
-	IN pkcs11h_certificate_id_t certificate_id
-);
-
-/*
- * pkcs11h_duplicateCertificateId - Duplicate certificate_id object.
- */
-CK_RV
-pkcs11h_duplicateCertificateId (
-	OUT pkcs11h_certificate_id_t * const to,
-	IN const pkcs11h_certificate_id_t from
-);
-
-/*
- * pkcs11h_freeCertificate - Free certificate object.
- */
-CK_RV
-pkcs11h_freeCertificate (
-	IN pkcs11h_certificate_t certificate
-);
-
-/*
- * pkcs11h_certificate_create - Create a certificate object out of certificate_id.
- *
- * Parameters:
- *	certificate_id	- Certificate id object to be based on.
- *	nPINCachePeriod	- Session specific cache period.
- *	p_certificate	- Receives certificate object.
- *
- * The certificate id object may not specify the full certificate.
- * The certificate object must be freed by caller.
- */	
-CK_RV
-pkcs11h_certificate_create (
-	IN const pkcs11h_certificate_id_t certificate_id,
-	IN const int nPINCachePeriod,
-	OUT pkcs11h_certificate_t * const p_certificate
-);
-
-/*
- * pkcs11h_certificate_getCertificateId - Get certifiate id object out of a certifiate
- *
- * Parameters:
- * 	certificate		- Certificate object.
- * 	p_certificate_id	- Certificate id object pointer.
- *
- * The certificate id must be freed by caller.
- */
-CK_RV
-pkcs11h_certificate_getCertificateId (
-	IN const pkcs11h_certificate_t certificate,
-	OUT pkcs11h_certificate_id_t * const p_certificate_id
-);
-
-/*
- * pkcs11h_certificate_getCertificateBlob - Get the certificate blob out of the certificate object.
- *
- * ParametersL
- * 	certificate		- Certificate object.
- * 	certificate_blob	- Buffer.
- * 	certificate_blob_size	- Buffer size.
- *
- * Buffer may be NULL in order to get size.
- */
-CK_RV
-pkcs11h_certificate_getCertificateBlob (
-	IN const pkcs11h_certificate_t certificate,
-	OUT unsigned char * const certificate_blob,
-	IN OUT size_t * const p_certificate_blob_size
-);
-
-/*
- * pkcs11h_certificate_ensureCertificateAccess - Ensure certificate is accessible.
- *
- * Parameters:
- * 	certificate	- Certificate object.
- * 	maskPrompt	- Allow prompt.
- */
-CK_RV
-pkcs11h_certificate_ensureCertificateAccess (
-	IN const pkcs11h_certificate_t certificate,
-	IN const unsigned maskPrompt
-);
-
-/*
- * pkcs11h_certificate_ensureKeyAccess - Ensure key is accessible.
- *
- * Parameters:
- * 	certificate	- Certificate object.
- * 	maskPrompt	- Allow prompt.
- */
-CK_RV
-pkcs11h_certificate_ensureKeyAccess (
-	IN const pkcs11h_certificate_t certificate,
-	IN const unsigned maskPrompt
-);
-
-/*
- * pkcs11h_certificate_sign - Sign data.
- *
- * Parameters:
- * 	certificate	- Certificate object.
- * 	mech_type	- PKCS#11 mechanism.
- *	source		- Buffer to sign.
- *	source_size	- Buffer size.
- *	target		- Target buffer, can be NULL to get size.
- *	target_size	- Target buffer size.
- */
-CK_RV
-pkcs11h_certificate_sign (
-	IN const pkcs11h_certificate_t certificate,
-	IN const CK_MECHANISM_TYPE mech_type,
-	IN const unsigned char * const source,
-	IN const size_t source_size,
-	OUT unsigned char * const target,
-	IN OUT size_t * const p_target_size
-);
-
-/*
- * pkcs11h_certificate_signRecover - Sign data.
- *
- * Parameters:
- * 	certificate	- Certificate object.
- * 	mech_type	- PKCS#11 mechanism.
- *	source		- Buffer to sign.
- *	source_size	- Buffer size.
- *	target		- Target buffer, can be NULL to get size.
- *	target_size	- Target buffer size.
- */
-CK_RV
-pkcs11h_certificate_signRecover (
-	IN const pkcs11h_certificate_t certificate,
-	IN const CK_MECHANISM_TYPE mech_type,
-	IN const unsigned char * const source,
-	IN const size_t source_size,
-	OUT unsigned char * const target,
-	IN OUT size_t * const p_target_size
-);
-
-/*
- * pkcs11h_certificate_signAny - Sign data mechanism determined by key attributes.
- *
- * Parameters:
- * 	certificate	- Certificate object.
- * 	mech_type	- PKCS#11 mechanism.
- *	source		- Buffer to sign.
- *	source_size	- Buffer size.
- *	target		- Target buffer, can be NULL to get size.
- *	target_size	- Target buffer size.
- */
-CK_RV
-pkcs11h_certificate_signAny (
-	IN const pkcs11h_certificate_t certificate,
-	IN const CK_MECHANISM_TYPE mech_type,
-	IN const unsigned char * const source,
-	IN const size_t source_size,
-	OUT unsigned char * const target,
-	IN OUT size_t * const p_target_size
-);
-
-/*
- * pkcs11h_certificate_decrypt - Decrypt data.
- *
- * Parameters:
- * 	certificate	- Certificate object.
- * 	mech_type	- PKCS#11 mechanism.
- *	source		- Buffer to sign.
- *	source_size	- Buffer size.
- *	target		- Target buffer, can be NULL to get size.
- *	target_size	- Target buffer size.
- */
-CK_RV
-pkcs11h_certificate_decrypt (
-	IN const pkcs11h_certificate_t certificate,
-	IN const CK_MECHANISM_TYPE mech_type,
-	IN const unsigned char * const source,
-	IN const size_t source_size,
-	OUT unsigned char * const target,
-	IN OUT size_t * const p_target_size
-);
-
-#endif				/* ENABLE_PKCS11H_CERTIFICATE */
-
-#if defined(ENABLE_PKCS11H_LOCATE)
-/*======================================================================*
- * LOCATE INTERFACE
- *======================================================================*/
-
-#if defined(ENABLE_PKCS11H_TOKEN) || defined(ENABLE_PKCS11H_CERTIFICATE)
-
-/*
- * pkcs11h_locate_token - Locate token based on atributes.
- *
- * Parameters:
- * 	szSlotType	- How to locate slot.
- * 	szSlot		- Slot name.
- * 	p_token_id	- Token object.
- *
- * Slot:
- * 	id	- Slot number.
- * 	name	- Slot name.
- * 	label	- Available token label.
- *
- * Caller must free token id.
- */
-CK_RV
-pkcs11h_locate_token (
-	IN const char * const szSlotType,
-	IN const char * const szSlot,
-	OUT pkcs11h_token_id_t * const p_token_id
-);
-
-#endif				/* ENABLE_PKCS11H_TOKEN || ENABLE_PKCS11H_CERTIFICATE */
-
-#if defined(ENABLE_PKCS11H_CERTIFICATE)
-
-/*
- * pkcs11h_locate_certificate - Locate certificate based on atributes.
- *
- * Parameters:
- * 	szSlotType	- How to locate slot.
- * 	szSlot		- Slot name.
- * 	szIdType	- How to locate object.
- * 	szId		- Object name.
- * 	p_certificate_id	- Certificate object.
- *
- * Slot:
- * Same as pkcs11h_locate_token.
- *
- * Object:
- * 	id	- Certificate CKA_ID (hex string) (Fastest).
- * 	label	- Certificate CKA_LABEL (string).
- * 	subject	- Certificate subject (OpenSSL DN).
- *
- * Caller must free certificate id.
- */
-CK_RV
-pkcs11h_locate_certificate (
-	IN const char * const szSlotType,
-	IN const char * const szSlot,
-	IN const char * const szIdType,
-	IN const char * const szId,
-	OUT pkcs11h_certificate_id_t * const p_certificate_id
-);
-
-#endif				/* ENABLE_PKCS11H_CERTIFICATE */
-
-#endif				/* ENABLE_PKCS11H_LOCATE */
-
-#if defined(ENABLE_PKCS11H_ENUM)
-/*======================================================================*
- * ENUM INTERFACE
- *======================================================================*/
-
-#if defined(ENABLE_PKCS11H_TOKEN)
-
-/*
- * pkcs11h_freeCertificateIdList - Free certificate_id list.
- */
-CK_RV
-pkcs11h_freeTokenIdList (
-	IN const pkcs11h_token_id_list_t token_id_list
-);
-
-/*
- * pkcs11h_enum_getTokenIds - Enumerate available tokens
- *
- * Parameters:
- * 	p_token_id_list		- A list of token ids.
- * 	
- * Caller must free the list.
- */
-CK_RV
-pkcs11h_enum_getTokenIds (
-	IN const int method,
-	OUT pkcs11h_token_id_list_t * const p_token_id_list
-);
-
-#endif				/* ENABLE_PKCS11H_TOKEN */
-
-#if defined(ENABLE_PKCS11H_DATA)
-
-CK_RV
-pkcs11h_freeDataIdList (
-	IN const pkcs11h_data_id_list_t data_id_list
-);
-
-CK_RV
-pkcs11h_enumDataObjects (
-	IN const pkcs11h_token_id_t token_id,
-	IN const PKCS11H_BOOL fPublic,
-	OUT pkcs11h_data_id_list_t * const p_data_id_list
-);
-
-#endif				/* ENABLE_PKCS11H_DATA */
-
-#if defined(ENABLE_PKCS11H_CERTIFICATE)
-
-/*
- * pkcs11h_freeCertificateIdList - Free certificate_id list.
- */
-CK_RV
-pkcs11h_freeCertificateIdList (
-	IN const pkcs11h_certificate_id_list_t cert_id_list
-);
-
-/*
- * pkcs11h_enum_getTokenCertificateIds - Enumerate available certificates on specific token
- *
- * Parameters:
- * 	token_id		- Token id to enum.
- * 	method			- How to fetch certificates.
- * 	p_cert_id_issuers_list	- Receives issues list, can be NULL.
- * 	p_cert_id_end_list	- Receives end certificates list.
- *
- * This function will likely take long time.
- *
- * Method can be one of the following:
- *	PKCS11H_ENUM_METHOD_CACHE
- *		Return available certificates, even if token was once detected and
- *		was removed.
- *	PKCS11H_ENUM_METHOD_CACHE_EXIST
- *		Return available certificates for available tokens only, don't
- *		read the contents of the token if already read, even if this token
- *		removed and inserted.
- *	PKCS11H_ENUM_METHOD_RELOAD
- *		Clear all caches and then enum.
- *
- * Caller must free the lists.
- */
-CK_RV
-pkcs11h_enum_getTokenCertificateIds (
-	IN const pkcs11h_token_id_t token_id,
-	IN const int method,
-	OUT pkcs11h_certificate_id_list_t * const p_cert_id_issuers_list,
-	OUT pkcs11h_certificate_id_list_t * const p_cert_id_end_list
-);
-
-/*
- * pkcs11h_enum_getCertificateIds - Enumerate available certificates.
- *
- * Parameters:
- * 	method			- How to fetch certificates.
- * 	p_cert_id_issuers_list	- Receives issues list, can be NULL.
- * 	p_cert_id_end_list	- Receives end certificates list.
- *
- * This function will likely take long time.
- *
- * Method can be one of the following:
- *	PKCS11H_ENUM_METHOD_CACHE
- *		Return available certificates, even if token was once detected and
- *		was removed.
- *	PKCS11H_ENUM_METHOD_CACHE_EXIST
- *		Return available certificates for available tokens only, don't
- *		read the contents of the token if already read, even if this token
- *		removed and inserted.
- *	PKCS11H_ENUM_METHOD_RELOAD
- *		Clear all caches and then enum.
- *
- * Caller must free lists.
- */
-CK_RV
-pkcs11h_enum_getCertificateIds (
-	IN const int method,
-	OUT pkcs11h_certificate_id_list_t * const p_cert_id_issuers_list,
-	OUT pkcs11h_certificate_id_list_t * const p_cert_id_end_list
-);
-
-#endif				/* ENABLE_PKCS11H_CERTIFICATE */
-
-#endif				/* ENABLE_PKCS11H_ENUM */
-
-#if defined(ENABLE_PKCS11H_OPENSSL)
-/*======================================================================*
- * OPENSSL INTERFACE
- *======================================================================*/
-
-/*
- * pkcs11h_openssl_createSession - Create OpenSSL session based on a certificate object.
- *
- * Parameters:
- * 	certificate	- Certificate object.
- *
- * The certificate object will be freed by the OpenSSL interface on session end.
- */
-pkcs11h_openssl_session_t
-pkcs11h_openssl_createSession (
-	IN const pkcs11h_certificate_t certificate
-);
-
-/*
- * pkcs11h_openssl_freeSession - Free OpenSSL session.
- *
- * Parameters:
- * 	openssl_session	- Session to free.
- *
- * The openssl_session object has a reference count just like other OpenSSL objects.
- */
-void
-pkcs11h_openssl_freeSession (
-	IN const pkcs11h_openssl_session_t openssl_session
-);
-
-/*
- * pkcs11h_openssl_getRSA - Returns an RSA object out of the openssl_session object.
- *
- * Parameters:
- * 	openssl_session	- Session.
- */
-RSA *
-pkcs11h_openssl_getRSA (
-	IN const pkcs11h_openssl_session_t openssl_session
-);
-
-/*
- * pkcs11h_openssl_getX509 - Returns an X509 object out of the openssl_session object.
- *
- * Parameters:
- * 	openssl_session	- Session.
- */
-X509 *
-pkcs11h_openssl_getX509 (
-	IN const pkcs11h_openssl_session_t openssl_session
-);
-
-#endif				/* ENABLE_PKCS11H_OPENSSL */
-
-#if defined(ENABLE_PKCS11H_STANDALONE)
-/*======================================================================*
- * STANDALONE INTERFACE
- *======================================================================*/
-
-void
-pkcs11h_standalone_dump_slots (
-	IN const pkcs11h_output_print_t my_output,
-	IN const void *pData,
-	IN const char * const provider
-);
-
-void
-pkcs11h_standalone_dump_objects (
-	IN const pkcs11h_output_print_t my_output,
-	IN const void *pData,
-	IN const char * const provider,
-	IN const char * const slot,
-	IN const char * const pin
-);
-
-#endif				/* ENABLE_PKCS11H_STANDALONE */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif				/* __PKCS11H_HELPER_H */
-- 
cgit v1.2.3