7 #include <gnutls/pkcs11.h>
9 #define PKCS11_ID_SIZE 128
10 #define PKCS11_LABEL_SIZE 128
12 #define P11_KIT_API_SUBJECT_TO_CHANGE 1
13 #include <p11-kit/uri.h>
14 #include <p11-kit/pkcs11.h>
16 typedef unsigned char ck_bool_t
;
20 struct ck_token_info tinfo
;
21 struct ck_slot_info sinfo
;
23 struct gnutls_pkcs11_provider_s
*prov
;
26 struct gnutls_pkcs11_obj_st
29 gnutls_pkcs11_obj_type_t type
;
30 struct p11_kit_uri
*info
;
32 /* only when pubkey */
33 gnutls_datum_t pubkey
[MAX_PUBLIC_PARAMS_SIZE
];
34 gnutls_pk_algorithm pk_algorithm
;
35 unsigned int key_usage
;
38 /* thus function is called for every token in the traverse_tokens
39 * function. Once everything is traversed it is called with NULL tinfo.
40 * It should return 0 if found what it was looking for.
42 typedef int (*find_func_t
) (struct ck_function_list
*module
,
43 ck_session_handle_t pks
,
44 struct token_info
* tinfo
, struct ck_info
*,
47 int pkcs11_rv_to_err (ck_rv_t rv
);
48 int pkcs11_url_to_info (const char *url
, struct p11_kit_uri
**info
);
50 pkcs11_find_slot (struct ck_function_list
** module
, ck_slot_id_t
* slot
,
51 struct p11_kit_uri
*info
, struct token_info
*_tinfo
);
53 int pkcs11_get_info (struct p11_kit_uri
*info
,
54 gnutls_pkcs11_obj_info_t itype
, void *output
,
55 size_t * output_size
);
56 int pkcs11_login (struct ck_function_list
* module
, ck_session_handle_t pks
,
57 const struct token_info
*tinfo
, struct p11_kit_uri
*info
, int admin
);
59 int pkcs11_call_token_func (struct p11_kit_uri
*info
, const unsigned retry
);
61 extern gnutls_pkcs11_token_callback_t token_func
;
62 extern void *token_data
;
64 void pkcs11_rescan_slots (void);
65 int pkcs11_info_to_url (struct p11_kit_uri
*info
,
66 gnutls_pkcs11_url_type_t detailed
, char **url
);
68 #define SESSION_WRITE (1<<0)
69 #define SESSION_LOGIN (1<<1)
70 #define SESSION_SO (1<<2) /* security officer session */
71 int pkcs11_open_session (struct ck_function_list
**_module
, ck_session_handle_t
* _pks
,
72 struct p11_kit_uri
*info
, unsigned int flags
);
73 int _pkcs11_traverse_tokens (find_func_t find_func
, void *input
,
74 struct p11_kit_uri
*info
, unsigned int flags
);
75 ck_object_class_t
pkcs11_strtype_to_class (const char *type
);
77 int pkcs11_token_matches_info (struct p11_kit_uri
*info
,
78 struct ck_token_info
*tinfo
,
79 struct ck_info
*lib_info
);
81 /* flags are SESSION_* */
82 int pkcs11_find_object (struct ck_function_list
** _module
,
83 ck_session_handle_t
* _pks
,
84 ck_object_handle_t
* _obj
,
85 struct p11_kit_uri
*info
, unsigned int flags
);
87 unsigned int pkcs11_obj_flags_to_int (unsigned int flags
);
90 _gnutls_pkcs11_privkey_sign_hash (gnutls_pkcs11_privkey_t key
,
91 const gnutls_datum_t
* hash
,
92 gnutls_datum_t
* signature
);
95 _gnutls_pkcs11_privkey_decrypt_data (gnutls_pkcs11_privkey_t key
,
97 const gnutls_datum_t
* ciphertext
,
98 gnutls_datum_t
* plaintext
);
101 pkcs11_get_slot_list (struct ck_function_list
* module
,
102 unsigned char token_present
,
103 ck_slot_id_t
*slot_list
,
104 unsigned long *count
);
107 pkcs11_get_module_info (struct ck_function_list
* module
,
108 struct ck_info
* info
);
111 pkcs11_get_slot_info(struct ck_function_list
* module
,
112 ck_slot_id_t slot_id
,
113 struct ck_slot_info
*info
);
116 pkcs11_get_token_info (struct ck_function_list
* module
,
117 ck_slot_id_t slot_id
,
118 struct ck_token_info
*info
);
121 pkcs11_find_objects_init (struct ck_function_list
*module
,
122 ck_session_handle_t sess
,
123 struct ck_attribute
*templ
,
124 unsigned long count
);
127 pkcs11_find_objects (struct ck_function_list
*module
,
128 ck_session_handle_t sess
,
129 ck_object_handle_t
*objects
,
130 unsigned long max_object_count
,
131 unsigned long *object_count
);
134 pkcs11_find_objects_final (struct ck_function_list
*module
,
135 ck_session_handle_t sess
);
138 pkcs11_close_session (struct ck_function_list
*module
,
139 ck_session_handle_t sess
);
142 pkcs11_get_attribute_value(struct ck_function_list
*module
,
143 ck_session_handle_t sess
,
144 ck_object_handle_t object
,
145 struct ck_attribute
*templ
,
146 unsigned long count
);
149 pkcs11_get_mechanism_list (struct ck_function_list
*module
,
150 ck_slot_id_t slot_id
,
151 ck_mechanism_type_t
*mechanism_list
,
152 unsigned long *count
);
155 pkcs11_sign_init (struct ck_function_list
*module
,
156 ck_session_handle_t sess
,
157 struct ck_mechanism
*mechanism
,
158 ck_object_handle_t key
);
161 pkcs11_sign (struct ck_function_list
*module
,
162 ck_session_handle_t sess
,
164 unsigned long data_len
,
165 unsigned char *signature
,
166 unsigned long *signature_len
);
169 pkcs11_decrypt_init (struct ck_function_list
*module
,
170 ck_session_handle_t sess
,
171 struct ck_mechanism
*mechanism
,
172 ck_object_handle_t key
);
175 pkcs11_decrypt (struct ck_function_list
*module
,
176 ck_session_handle_t sess
,
177 unsigned char *encrypted_data
,
178 unsigned long encrypted_data_len
,
179 unsigned char *data
, unsigned long *data_len
);
182 pkcs11_create_object (struct ck_function_list
*module
,
183 ck_session_handle_t sess
,
184 struct ck_attribute
*templ
,
186 ck_object_handle_t
*object
);
189 pkcs11_destroy_object (struct ck_function_list
*module
,
190 ck_session_handle_t sess
,
191 ck_object_handle_t object
);
194 pkcs11_init_token (struct ck_function_list
*module
,
195 ck_slot_id_t slot_id
, unsigned char *pin
,
196 unsigned long pin_len
, unsigned char *label
);
199 pkcs11_init_pin (struct ck_function_list
*module
,
200 ck_session_handle_t sess
,
202 unsigned long pin_len
);
205 pkcs11_set_pin (struct ck_function_list
*module
,
206 ck_session_handle_t sess
,
207 unsigned char *old_pin
,
208 unsigned long old_len
,
209 unsigned char *new_pin
,
210 unsigned long new_len
);
213 pkcs11_strerror (ck_rv_t rv
);
215 #endif /* ENABLE_PKCS11 */
