2 * GnuTLS PKCS#11 support
3 * Copyright (C) 2010-2012 Free Software Foundation, Inc.
4 * Copyright (C) 2008, Joe Orton <joe@manyfish.co.uk>
6 * Authors: Nikos Mavrogiannopoulos, Stef Walter
8 * Inspired and some parts (pkcs11_login) based on neon PKCS #11 support
9 * by Joe Orton. More ideas came from the pkcs11-helper library by
12 * The GnuTLS is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU Lesser General Public License
14 * as published by the Free Software Foundation; either version 2.1 of
15 * the License, or (at your option) any later version.
17 * This library is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
20 * Lesser General Public License for more details.
22 * You should have received a copy of the GNU Lesser General Public License
23 * along with this program. If not, see <http://www.gnu.org/licenses/>
26 #include <gnutls_int.h>
27 #include <gnutls/pkcs11.h>
30 #include <gnutls_errors.h>
31 #include <gnutls_datum.h>
34 #include <pkcs11_int.h>
35 #include <p11-kit/p11-kit.h>
36 #include <p11-kit/pin.h>
39 pkcs11_get_slot_list(struct ck_function_list * module,
40 unsigned char token_present, ck_slot_id_t * slot_list,
43 return (module)->C_GetSlotList(token_present, slot_list, count);
47 pkcs11_get_module_info(struct ck_function_list * module,
48 struct ck_info * info)
50 return (module)->C_GetInfo(info);
54 pkcs11_get_slot_info(struct ck_function_list * module,
55 ck_slot_id_t slot_id, struct ck_slot_info * info)
57 return (module)->C_GetSlotInfo(slot_id, info);
61 pkcs11_get_token_info(struct ck_function_list * module,
62 ck_slot_id_t slot_id, struct ck_token_info * info)
64 return (module)->C_GetTokenInfo(slot_id, info);
68 pkcs11_find_objects_init(struct ck_function_list * module,
69 ck_session_handle_t sess,
70 struct ck_attribute * templ, unsigned long count)
72 return (module)->C_FindObjectsInit(sess, templ, count);
76 pkcs11_find_objects(struct ck_function_list * module,
77 ck_session_handle_t sess,
78 ck_object_handle_t * objects,
79 unsigned long max_object_count,
80 unsigned long *object_count)
82 return (module)->C_FindObjects(sess, objects, max_object_count,
86 ck_rv_t pkcs11_find_objects_final(struct pkcs11_session_info * sinfo)
88 return (sinfo->module)->C_FindObjectsFinal(sinfo->pks);
91 ck_rv_t pkcs11_close_session(struct pkcs11_session_info * sinfo)
94 return (sinfo->module)->C_CloseSession(sinfo->pks);
98 pkcs11_get_attribute_value(struct ck_function_list * module,
99 ck_session_handle_t sess,
100 ck_object_handle_t object,
101 struct ck_attribute * templ,
104 return (module)->C_GetAttributeValue(sess, object, templ, count);
108 pkcs11_get_mechanism_list(struct ck_function_list * module,
109 ck_slot_id_t slot_id,
110 ck_mechanism_type_t * mechanism_list,
111 unsigned long *count)
113 return (module)->C_GetMechanismList(slot_id, mechanism_list,
118 pkcs11_sign_init(struct ck_function_list * module,
119 ck_session_handle_t sess,
120 struct ck_mechanism * mechanism, ck_object_handle_t key)
122 return (module)->C_SignInit(sess, mechanism, key);
126 pkcs11_sign(struct ck_function_list * module,
127 ck_session_handle_t sess,
129 unsigned long data_len,
130 unsigned char *signature, unsigned long *signature_len)
132 return (module)->C_Sign(sess, data, data_len, signature,
137 pkcs11_generate_key_pair(struct ck_function_list * module,
138 ck_session_handle_t sess,
139 struct ck_mechanism * mechanism,
140 struct ck_attribute * pub_templ,
141 unsigned long pub_templ_count,
142 struct ck_attribute * priv_templ,
143 unsigned long priv_templ_count,
144 ck_object_handle_t * pub,
145 ck_object_handle_t * priv)
147 return (module)->C_GenerateKeyPair(sess, mechanism, pub_templ,
148 pub_templ_count, priv_templ,
149 priv_templ_count, pub, priv);
153 pkcs11_decrypt_init(struct ck_function_list * module,
154 ck_session_handle_t sess,
155 struct ck_mechanism * mechanism,
156 ck_object_handle_t key)
158 return (module)->C_DecryptInit(sess, mechanism, key);
162 pkcs11_decrypt(struct ck_function_list * module,
163 ck_session_handle_t sess,
164 unsigned char *encrypted_data,
165 unsigned long encrypted_data_len,
166 unsigned char *data, unsigned long *data_len)
168 return (module)->C_Decrypt(sess, encrypted_data,
169 encrypted_data_len, data, data_len);
173 pkcs11_create_object(struct ck_function_list * module,
174 ck_session_handle_t sess,
175 struct ck_attribute * templ,
176 unsigned long count, ck_object_handle_t * object)
178 return (module)->C_CreateObject(sess, templ, count, object);
182 pkcs11_destroy_object(struct ck_function_list * module,
183 ck_session_handle_t sess, ck_object_handle_t object)
185 return (module)->C_DestroyObject(sess, object);
189 pkcs11_init_token(struct ck_function_list * module,
190 ck_slot_id_t slot_id, unsigned char *pin,
191 unsigned long pin_len, unsigned char *label)
193 return (module)->C_InitToken(slot_id, pin, pin_len, label);
197 pkcs11_init_pin(struct ck_function_list * module,
198 ck_session_handle_t sess,
199 unsigned char *pin, unsigned long pin_len)
201 return (module)->C_InitPIN(sess, pin, pin_len);
205 pkcs11_set_pin(struct ck_function_list * module,
206 ck_session_handle_t sess,
208 unsigned long old_len,
209 const char *new_pin, unsigned long new_len)
211 return (module)->C_SetPIN(sess, (uint8_t *) old_pin, old_len,
212 (uint8_t *) new_pin, new_len);
216 _gnutls_pkcs11_get_random(struct ck_function_list * module,
217 ck_session_handle_t sess, void *data, size_t len)
219 return (module)->C_GenerateRandom(sess, data, len);
222 const char *pkcs11_strerror(ck_rv_t rv)
224 return p11_kit_strerror(rv);