lib/pkcs11_int.h

   1 /*
   2  * GnuTLS PKCS#11 support
   3  * Copyright (C) 2010-2012 Free Software Foundation, Inc.
   4  *
   5  * Authors: Nikos Mavrogiannopoulos, Stef Walter
   6  *
   7  * The GnuTLS is free software; you can redistribute it and/or
   8  * modify it under the terms of the GNU Lesser General Public License
   9  * as published by the Free Software Foundation; either version 2.1 of
  10  * the License, or (at your option) any later version.
  11  *
  12  * This library is distributed in the hope that it will be useful, but
  13  * WITHOUT ANY WARRANTY; without even the implied warranty of
  14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  15  * Lesser General Public License for more details.
  16  *
  17  * You should have received a copy of the GNU Lesser General Public License
  18  * along with this program.  If not, see <http://www.gnu.org/licenses/>
  19  */
  20
  21 #ifndef PKCS11_INT_H
  22 #define PKCS11_INT_H
  23
  24 #ifdef ENABLE_PKCS11
  25
  26 #define CRYPTOKI_GNU
  27 #include <p11-kit/pkcs11.h>
  28 #include <gnutls/pkcs11.h>
  29 #include <x509/x509_int.h>
  30
  31 #define PKCS11_ID_SIZE 128
  32 #define PKCS11_LABEL_SIZE 128
  33
  34 #include <p11-kit/uri.h>
  35 typedef unsigned char ck_bool_t;
  36
  37 struct pkcs11_session_info {
  38         struct ck_function_list *module;
  39         struct ck_token_info tinfo;
  40         ck_session_handle_t pks;
  41         unsigned int init;
  42 };
  43
  44 struct token_info {
  45         struct ck_token_info tinfo;
  46         struct ck_slot_info sinfo;
  47         ck_slot_id_t sid;
  48         struct gnutls_pkcs11_provider_st *prov;
  49 };
  50
  51 struct gnutls_pkcs11_obj_st {
  52         gnutls_datum_t raw;
  53         gnutls_pkcs11_obj_type_t type;
  54         struct p11_kit_uri *info;
  55
  56         /* only when pubkey */
  57         gnutls_datum_t pubkey[MAX_PUBLIC_PARAMS_SIZE];
  58         gnutls_pk_algorithm_t pk_algorithm;
  59         unsigned int key_usage;
  60
  61         struct pin_info_st pin;
  62 };
  63
  64 /* This must be called on every function that uses a PKCS #11 function
  65  * directly */
  66 int _gnutls_pkcs11_check_init(void);
  67
  68 #define PKCS11_CHECK_INIT \
  69         ret = _gnutls_pkcs11_check_init(); \
  70         if (ret < 0) \
  71                 return gnutls_assert_val(ret)
  72
  73 #define PKCS11_CHECK_INIT_RET(x) \
  74         ret = _gnutls_pkcs11_check_init(); \
  75         if (ret < 0) \
  76                 return gnutls_assert_val(x)
  77
  78 /* thus function is called for every token in the traverse_tokens
  79  * function. Once everything is traversed it is called with NULL tinfo.
  80  * It should return 0 if found what it was looking for.
  81  */
  82 typedef int (*find_func_t) (struct pkcs11_session_info *,
  83                             struct token_info * tinfo, struct ck_info *,
  84                             void *input);
  85
  86 int pkcs11_rv_to_err(ck_rv_t rv);
  87 int pkcs11_url_to_info(const char *url, struct p11_kit_uri **info);
  88 int
  89 pkcs11_find_slot(struct ck_function_list **module, ck_slot_id_t * slot,
  90                  struct p11_kit_uri *info, struct token_info *_tinfo);
  91
  92 int pkcs11_read_pubkey(struct ck_function_list *module,
  93                        ck_session_handle_t pks, ck_object_handle_t obj,
  94                        ck_key_type_t key_type, gnutls_datum_t * pubkey);
  95
  96 int pkcs11_get_info(struct p11_kit_uri *info,
  97                     gnutls_pkcs11_obj_info_t itype, void *output,
  98                     size_t * output_size);
  99 int pkcs11_login(struct pkcs11_session_info *sinfo,
 100                  struct pin_info_st *pin_info,
 101                  const struct token_info *tokinfo,
 102                  struct p11_kit_uri *info, int so);
 103
 104 int pkcs11_call_token_func(struct p11_kit_uri *info, const unsigned retry);
 105
 106 extern gnutls_pkcs11_token_callback_t _gnutls_token_func;
 107 extern void *_gnutls_token_data;
 108
 109 void pkcs11_rescan_slots(void);
 110 int pkcs11_info_to_url(struct p11_kit_uri *info,
 111                        gnutls_pkcs11_url_type_t detailed, char **url);
 112
 113 #define SESSION_WRITE (1<<0)
 114 #define SESSION_LOGIN (1<<1)
 115 #define SESSION_SO (1<<2)       /* security officer session */
 116 #define SESSION_TRUSTED (1<<3) /* session on a marked as trusted (p11-kit) module */
 117 int pkcs11_open_session(struct pkcs11_session_info *sinfo,
 118                         struct pin_info_st *pin_info,
 119                         struct p11_kit_uri *info, unsigned int flags);
 120 int _pkcs11_traverse_tokens(find_func_t find_func, void *input,
 121                             struct p11_kit_uri *info,
 122                             struct pin_info_st *pin_info,
 123                             unsigned int flags);
 124 ck_object_class_t pkcs11_strtype_to_class(const char *type);
 125
 126 int pkcs11_token_matches_info(struct p11_kit_uri *info,
 127                               struct ck_token_info *tinfo,
 128                               struct ck_info *lib_info);
 129
 130 unsigned int pkcs11_obj_flags_to_int(unsigned int flags);
 131
 132 int
 133 _gnutls_pkcs11_privkey_sign_hash(gnutls_pkcs11_privkey_t key,
 134                                  const gnutls_datum_t * hash,
 135                                  gnutls_datum_t * signature);
 136
 137 int
 138 _gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key,
 139                                     unsigned int flags,
 140                                     const gnutls_datum_t * ciphertext,
 141                                     gnutls_datum_t * plaintext);
 142
 143 static inline int pk_to_mech(gnutls_pk_algorithm_t pk)
 144 {
 145         if (pk == GNUTLS_PK_DSA)
 146                 return CKM_DSA;
 147         else if (pk == GNUTLS_PK_EC)
 148                 return CKM_ECDSA;
 149         else
 150                 return CKM_RSA_PKCS;
 151 }
 152
 153 static inline gnutls_pk_algorithm_t mech_to_pk(ck_key_type_t m)
 154 {
 155         if (m == CKK_RSA)
 156                 return GNUTLS_PK_RSA;
 157         else if (m == CKK_DSA)
 158                 return GNUTLS_PK_DSA;
 159         else if (m == CKK_ECDSA)
 160                 return GNUTLS_PK_EC;
 161         else
 162                 return GNUTLS_PK_UNKNOWN;
 163 }
 164
 165 static inline int pk_to_genmech(gnutls_pk_algorithm_t pk)
 166 {
 167         if (pk == GNUTLS_PK_DSA)
 168                 return CKM_DSA_KEY_PAIR_GEN;
 169         else if (pk == GNUTLS_PK_EC)
 170                 return CKM_ECDSA_KEY_PAIR_GEN;
 171         else
 172                 return CKM_RSA_PKCS_KEY_PAIR_GEN;
 173 }
 174
 175 ck_rv_t
 176 pkcs11_generate_key_pair(struct ck_function_list * module,
 177                          ck_session_handle_t sess,
 178                          struct ck_mechanism * mechanism,
 179                          struct ck_attribute * pub_templ,
 180                          unsigned long pub_templ_count,
 181                          struct ck_attribute * priv_templ,
 182                          unsigned long priv_templ_count,
 183                          ck_object_handle_t * pub,
 184                          ck_object_handle_t * priv);
 185
 186 ck_rv_t
 187 pkcs11_get_slot_list(struct ck_function_list *module,
 188                      unsigned char token_present,
 189                      ck_slot_id_t * slot_list, unsigned long *count);
 190
 191 ck_rv_t
 192 pkcs11_get_module_info(struct ck_function_list *module,
 193                        struct ck_info *info);
 194
 195 ck_rv_t
 196 pkcs11_get_slot_info(struct ck_function_list *module,
 197                      ck_slot_id_t slot_id, struct ck_slot_info *info);
 198
 199 ck_rv_t
 200 pkcs11_get_token_info(struct ck_function_list *module,
 201                       ck_slot_id_t slot_id, struct ck_token_info *info);
 202
 203 ck_rv_t
 204 pkcs11_find_objects_init(struct ck_function_list *module,
 205                          ck_session_handle_t sess,
 206                          struct ck_attribute *templ, unsigned long count);
 207
 208 ck_rv_t
 209 pkcs11_find_objects(struct ck_function_list *module,
 210                     ck_session_handle_t sess,
 211                     ck_object_handle_t * objects,
 212                     unsigned long max_object_count,
 213                     unsigned long *object_count);
 214
 215 ck_rv_t pkcs11_find_objects_final(struct pkcs11_session_info *);
 216
 217 ck_rv_t pkcs11_close_session(struct pkcs11_session_info *);
 218
 219 ck_rv_t
 220 pkcs11_get_attribute_value(struct ck_function_list *module,
 221                            ck_session_handle_t sess,
 222                            ck_object_handle_t object,
 223                            struct ck_attribute *templ,
 224                            unsigned long count);
 225
 226 ck_rv_t
 227 pkcs11_get_mechanism_list(struct ck_function_list *module,
 228                           ck_slot_id_t slot_id,
 229                           ck_mechanism_type_t * mechanism_list,
 230                           unsigned long *count);
 231
 232 ck_rv_t
 233 pkcs11_sign_init(struct ck_function_list *module,
 234                  ck_session_handle_t sess,
 235                  struct ck_mechanism *mechanism, ck_object_handle_t key);
 236
 237 ck_rv_t
 238 pkcs11_sign(struct ck_function_list *module,
 239             ck_session_handle_t sess,
 240             unsigned char *data,
 241             unsigned long data_len,
 242             unsigned char *signature, unsigned long *signature_len);
 243
 244 ck_rv_t
 245 pkcs11_decrypt_init(struct ck_function_list *module,
 246                     ck_session_handle_t sess,
 247                     struct ck_mechanism *mechanism,
 248                     ck_object_handle_t key);
 249
 250 ck_rv_t
 251 pkcs11_decrypt(struct ck_function_list *module,
 252                ck_session_handle_t sess,
 253                unsigned char *encrypted_data,
 254                unsigned long encrypted_data_len,
 255                unsigned char *data, unsigned long *data_len);
 256
 257 ck_rv_t
 258 pkcs11_create_object(struct ck_function_list *module,
 259                      ck_session_handle_t sess,
 260                      struct ck_attribute *templ,
 261                      unsigned long count, ck_object_handle_t * object);
 262
 263 ck_rv_t
 264 pkcs11_destroy_object(struct ck_function_list *module,
 265                       ck_session_handle_t sess, ck_object_handle_t object);
 266
 267 ck_rv_t
 268 pkcs11_init_token(struct ck_function_list *module,
 269                   ck_slot_id_t slot_id, unsigned char *pin,
 270                   unsigned long pin_len, unsigned char *label);
 271
 272 ck_rv_t
 273 pkcs11_init_pin(struct ck_function_list *module,
 274                 ck_session_handle_t sess,
 275                 unsigned char *pin, unsigned long pin_len);
 276
 277 ck_rv_t
 278 pkcs11_set_pin(struct ck_function_list *module,
 279                ck_session_handle_t sess,
 280                const char *old_pin,
 281                unsigned long old_len,
 282                const char *new_pin, unsigned long new_len);
 283
 284 ck_rv_t
 285 _gnutls_pkcs11_get_random(struct ck_function_list *module,
 286                   ck_session_handle_t sess, void *data, size_t len);
 287
 288
 289 const char *pkcs11_strerror(ck_rv_t rv);
 290
 291 #endif                          /* ENABLE_PKCS11 */
 292
 293 #endif