libp11
0.2.7
Main Page
Data Structures
Files
File List
Globals
libp11.h
Go to the documentation of this file.
1
/* libp11, a simple layer on to of PKCS#11 API
2
* Copyright (C) 2005 Olaf Kirch <okir@lst.de>
3
*
4
* This library is free software; you can redistribute it and/or
5
* modify it under the terms of the GNU Lesser General Public
6
* License as published by the Free Software Foundation; either
7
* version 2.1 of the License, or (at your option) any later version.
8
*
9
* This library is distributed in the hope that it will be useful,
10
* but WITHOUT ANY WARRANTY; without even the implied warranty of
11
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12
* Lesser General Public License for more details.
13
*
14
* You should have received a copy of the GNU Lesser General Public
15
* License along with this library; if not, write to the Free Software
16
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17
*/
18
24
#ifndef _LIB11_H
25
#define _LIB11_H
26
27
#include <openssl/bio.h>
28
#include <openssl/err.h>
29
#include <openssl/x509.h>
30
31
#ifdef __cplusplus
32
extern
"C"
{
33
#endif
34
35
/* get some structures for local code to handle pkcs11 data readily */
36
#define ERR_LIB_PKCS11 ERR_LIB_USER
37
38
#define PKCS11err(f,r) \
39
ERR_PUT_error(ERR_LIB_PKCS11,(f),(r),__FILE__,__LINE__)
40
41
/*
42
* The purpose of this library is to provide a simple PKCS11
43
* interface to OpenSSL application that wish to use a previously
44
* initialized card (as opposed to initializing it, etc).
45
*
46
* I am therefore making some simplifying assumptions:
47
*
48
* - no support for any operations that alter the card,
49
* i.e. readonly-login
50
*/
51
53
typedef
struct
PKCS11_key_st
{
54
char
*label;
55
unsigned
char
*id;
56
size_t
id_len;
57
unsigned
char
isPrivate
;
58
unsigned
char
needLogin
;
59
EVP_PKEY *
evp_key
;
60
void
*_private;
61
}
PKCS11_KEY
;
62
64
typedef
struct
PKCS11_cert_st
{
65
char
*label;
66
unsigned
char
*id;
67
size_t
id_len;
68
X509 *x509;
69
void
*_private;
70
}
PKCS11_CERT
;
71
73
typedef
struct
PKCS11_token_st
{
74
char
*label;
75
char
*manufacturer;
76
char
*model;
77
char
*serialnr;
78
unsigned
char
initialized;
79
unsigned
char
loginRequired;
80
unsigned
char
secureLogin;
81
unsigned
char
userPinSet;
82
unsigned
char
readOnly;
83
void
*_private;
84
}
PKCS11_TOKEN
;
85
87
typedef
struct
PKCS11_slot_st
{
88
char
*manufacturer;
89
char
*description;
90
unsigned
char
removable;
91
PKCS11_TOKEN
*
token
;
92
void
*_private;
93
}
PKCS11_SLOT
;
94
96
typedef
struct
PKCS11_ctx_st
{
97
char
*manufacturer;
98
char
*description;
99
void
*_private;
100
}
PKCS11_CTX
;
101
108
extern
PKCS11_CTX
*
PKCS11_CTX_new
(
void
);
109
115
extern
void
PKCS11_CTX_init_args
(
PKCS11_CTX
* ctx,
const
char
* init_args);
116
125
extern
int
PKCS11_CTX_load
(
PKCS11_CTX
* ctx,
const
char
* ident);
126
132
extern
void
PKCS11_CTX_unload
(
PKCS11_CTX
* ctx);
133
139
extern
void
PKCS11_CTX_free
(
PKCS11_CTX
* ctx);
140
148
extern
int
PKCS11_open_session
(
PKCS11_SLOT
* slot,
int
rw);
149
159
extern
int
PKCS11_enumerate_slots
(
PKCS11_CTX
* ctx,
160
PKCS11_SLOT
**slotsp,
unsigned
int
*nslotsp);
161
168
extern
unsigned
long
PKCS11_get_slotid_from_slot
(
PKCS11_SLOT
*slotp);
169
177
extern
void
PKCS11_release_all_slots
(
PKCS11_CTX
* ctx,
178
PKCS11_SLOT
*slots,
unsigned
int
nslots);
179
189
PKCS11_SLOT
*
PKCS11_find_token
(
PKCS11_CTX
* ctx,
190
PKCS11_SLOT
*slots,
unsigned
int
nslots);
191
201
extern
int
PKCS11_login
(
PKCS11_SLOT
* slot,
int
so,
const
char
*pin);
202
210
extern
int
PKCS11_logout
(
PKCS11_SLOT
* slot);
211
212
/* Get a list of all keys associated with this token */
213
extern
int
PKCS11_enumerate_keys(
PKCS11_TOKEN
*,
PKCS11_KEY
**,
unsigned
int
*);
214
215
/* Get the key type (as EVP_PKEY_XXX) */
216
extern
int
PKCS11_get_key_type(
PKCS11_KEY
*);
217
218
/* Get size of key modulus in number of bytes */
219
extern
int
PKCS11_get_key_size(
const
PKCS11_KEY
*);
220
/* Get actual modules and public exponent as BIGNUM */
221
extern
int
PKCS11_get_key_modulus(
PKCS11_KEY
*, BIGNUM **);
222
extern
int
PKCS11_get_key_exponent(
PKCS11_KEY
*, BIGNUM **);
223
224
/* Get the enveloped private key */
234
extern
EVP_PKEY *
PKCS11_get_private_key
(
PKCS11_KEY
*key);
244
extern
EVP_PKEY *
PKCS11_get_public_key
(
PKCS11_KEY
*key);
245
246
/* Find the corresponding certificate (if any) */
247
extern
PKCS11_CERT
*PKCS11_find_certificate(
PKCS11_KEY
*);
248
249
/* Find the corresponding key (if any) */
250
extern
PKCS11_KEY
*PKCS11_find_key(
PKCS11_CERT
*);
251
252
/* Get a list of all certificates associated with this token */
253
extern
int
PKCS11_enumerate_certs(
PKCS11_TOKEN
*,
PKCS11_CERT
**,
unsigned
int
*);
254
264
extern
int
PKCS11_init_token
(
PKCS11_TOKEN
* token,
const
char
*pin,
265
const
char
*label);
266
275
extern
int
PKCS11_init_pin
(
PKCS11_TOKEN
* token,
const
char
*pin);
276
286
extern
int
PKCS11_change_pin
(
PKCS11_SLOT
* slot,
const
char
*old_pin,
287
const
char
*new_pin);
288
302
extern
int
PKCS11_generate_key
(
PKCS11_TOKEN
* token,
int
algorithm,
unsigned
int
bits,
char
*label,
unsigned
char
*
id
,
size_t
id_len);
303
315
extern
int
PKCS11_store_private_key
(
PKCS11_TOKEN
* token, EVP_PKEY * pk,
char
*label,
unsigned
char
*
id
,
size_t
id_len);
316
328
extern
int
PKCS11_store_public_key
(
PKCS11_TOKEN
* token, EVP_PKEY * pk,
char
*label,
unsigned
char
*
id
,
size_t
id_len);
329
342
extern
int
PKCS11_store_certificate
(
PKCS11_TOKEN
* token, X509 * x509,
343
char
*label,
unsigned
char
*
id
,
size_t
id_len,
344
PKCS11_CERT
**ret_cert);
345
346
/* rsa private key operations */
347
extern
int
PKCS11_sign(
int
type,
const
unsigned
char
*m,
unsigned
int
m_len,
348
unsigned
char
*sigret,
unsigned
int
*siglen,
const
PKCS11_KEY
* key);
349
extern
int
PKCS11_private_encrypt(
int
flen,
const
unsigned
char
*from,
350
unsigned
char
*to,
const
PKCS11_KEY
* rsa,
int
padding);
361
extern
int
PKCS11_private_decrypt
(
int
flen,
const
unsigned
char
*from,
362
unsigned
char
*to,
PKCS11_KEY
* key,
int
padding);
363
extern
int
PKCS11_verify(
int
type,
const
unsigned
char
*m,
unsigned
int
m_len,
364
unsigned
char
*signature,
unsigned
int
siglen,
PKCS11_KEY
* key);
365
366
/* access random number generator */
367
extern
int
PKCS11_seed_random(
PKCS11_SLOT
*,
const
unsigned
char
*s,
unsigned
int
s_len);
368
extern
int
PKCS11_generate_random(
PKCS11_SLOT
*,
unsigned
char
*r,
unsigned
int
r_len);
369
370
/* using with openssl method mechanism */
371
RSA_METHOD *PKCS11_get_rsa_method(
void
);
372
379
extern
void
ERR_load_PKCS11_strings
(
void
);
380
381
/*
382
* Function and reason codes
383
*/
384
#define PKCS11_F_PKCS11_CTX_LOAD 1
385
#define PKCS11_F_PKCS11_ENUM_SLOTS 2
386
#define PKCS11_F_PKCS11_CHECK_TOKEN 3
387
#define PKCS11_F_PKCS11_OPEN_SESSION 4
388
#define PKCS11_F_PKCS11_LOGIN 5
389
#define PKCS11_F_PKCS11_ENUM_KEYS 6
390
#define PKCS11_F_PKCS11_GET_KEY 7
391
#define PKCS11_F_PKCS11_RSA_DECRYPT 8
392
#define PKCS11_F_PKCS11_RSA_ENCRYPT 9
393
#define PKCS11_F_PKCS11_RSA_SIGN 10
394
#define PKCS11_F_PKCS11_RSA_VERIFY 11
395
#define PKCS11_F_PKCS11_ENUM_CERTS 12
396
#define PKCS11_F_PKCS11_INIT_TOKEN 13
397
#define PKCS11_F_PKCS11_INIT_PIN 14
398
#define PKCS11_F_PKCS11_LOGOUT 15
399
#define PKCS11_F_PKCS11_STORE_PRIVATE_KEY 16
400
#define PKCS11_F_PKCS11_GENERATE_KEY 17
401
#define PKCS11_F_PKCS11_STORE_PUBLIC_KEY 18
402
#define PKCS11_F_PKCS11_STORE_CERTIFICATE 19
403
#define PKCS11_F_PKCS11_SEED_RANDOM 20
404
#define PKCS11_F_PKCS11_GENERATE_RANDOM 21
405
#define PKCS11_F_PKCS11_CHANGE_PIN 22
406
#define PKCS11_F_PKCS11_GETATTR 40
407
408
#define PKCS11_ERR_BASE 1024
409
#define PKCS11_LOAD_MODULE_ERROR (PKCS11_ERR_BASE+1)
410
#define PKCS11_MODULE_LOADED_ERROR (PKCS11_ERR_BASE+2)
411
#define PKCS11_SYMBOL_NOT_FOUND_ERROR (PKCS11_ERR_BASE+3)
412
#define PKCS11_NOT_SUPPORTED (PKCS11_ERR_BASE+4)
413
#define PKCS11_NO_SESSION (PKCS11_ERR_BASE+5)
414
#define PKCS11_KEYGEN_FAILED (PKCS11_ERR_BASE+6)
415
416
#ifdef __cplusplus
417
}
418
#endif
419
#endif
libp11, Copyright (C) 2005 Olaf Kirch <okir@lst.de>
