diff options
Diffstat (limited to '')
-rw-r--r-- | lib/isc/include/pk11/pk11.h | 290 |
1 files changed, 290 insertions, 0 deletions
diff --git a/lib/isc/include/pk11/pk11.h b/lib/isc/include/pk11/pk11.h new file mode 100644 index 0000000..076c119 --- /dev/null +++ b/lib/isc/include/pk11/pk11.h @@ -0,0 +1,290 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#ifndef PK11_PK11_H +#define PK11_PK11_H 1 + +/*! \file pk11/pk11.h */ + +#include <stdbool.h> +#include <unistd.h> + +#include <isc/lang.h> +#include <isc/magic.h> +#include <isc/types.h> + +#define PK11_FATALCHECK(func, args) \ + ((void)(((rv = (func)args) == CKR_OK) || \ + ((pk11_error_fatalcheck)(__FILE__, __LINE__, #func, rv), 0))) + +#include <pk11/site.h> +#include <pkcs11/pkcs11.h> + +ISC_LANG_BEGINDECLS + +#define SES_MAGIC ISC_MAGIC('P', 'K', 'S', 'S') +#define TOK_MAGIC ISC_MAGIC('P', 'K', 'T', 'K') + +#define VALID_SES(x) ISC_MAGIC_VALID(x, SES_MAGIC) +#define VALID_TOK(x) ISC_MAGIC_VALID(x, TOK_MAGIC) + +typedef struct pk11_context pk11_context_t; + +struct pk11_object { + CK_OBJECT_HANDLE object; + CK_SLOT_ID slot; + CK_BBOOL ontoken; + CK_BBOOL reqlogon; + CK_BYTE attrcnt; + CK_ATTRIBUTE *repr; +}; + +struct pk11_context { + void *handle; + CK_SESSION_HANDLE session; + CK_BBOOL ontoken; + CK_OBJECT_HANDLE object; +}; + +typedef struct pk11_object pk11_object_t; + +typedef enum { + OP_ANY = 0, + OP_RSA = 1, + OP_DH = 3, + OP_ECDSA = 4, + OP_EDDSA = 5, + OP_MAX = 6 +} pk11_optype_t; + +/*% + * Global flag to make choose_slots() verbose + */ +LIBISC_EXTERNAL_DATA extern bool pk11_verbose_init; + +/*% + * Function prototypes + */ + +void +pk11_set_lib_name(const char *lib_name); +/*%< + * Set the PKCS#11 provider (aka library) path/name. + */ + +isc_result_t +pk11_initialize(isc_mem_t *mctx, const char *engine); +/*%< + * Initialize PKCS#11 device + * + * mctx: memory context to attach to pk11_mctx. + * engine: PKCS#11 provider (aka library) path/name. + * + * returns: + * ISC_R_SUCCESS + * PK11_R_NOPROVIDER: can't load the provider + * PK11_R_INITFAILED: C_Initialize() failed + * PK11_R_NORANDOMSERVICE: can't find required random service + * PK11_R_NODIGESTSERVICE: can't find required digest service + * PK11_R_NOAESSERVICE: can't find required AES service + */ + +isc_result_t +pk11_get_session(pk11_context_t *ctx, pk11_optype_t optype, bool need_services, + bool rw, bool logon, const char *pin, CK_SLOT_ID slot); +/*%< + * Initialize PKCS#11 device and acquire a session. + * + * need_services: + * if true, this session requires full PKCS#11 API + * support including random and digest services, and + * the lack of these services will cause the session not + * to be initialized. If false, the function will return + * an error code indicating the missing service, but the + * session will be usable for other purposes. + * rw: if true, session will be read/write (useful for + * generating or destroying keys); otherwise read-only. + * login: indicates whether to log in to the device + * pin: optional PIN, overriding any PIN currently associated + * with the + * slot: device slot ID + */ + +void +pk11_return_session(pk11_context_t *ctx); +/*%< + * Release an active PKCS#11 session for reuse. + */ + +isc_result_t +pk11_finalize(void); +/*%< + * Shut down PKCS#11 device and free all sessions. + */ + +isc_result_t +pk11_parse_uri(pk11_object_t *obj, const char *label, isc_mem_t *mctx, + pk11_optype_t optype); + +ISC_PLATFORM_NORETURN_PRE void +pk11_error_fatalcheck(const char *file, int line, const char *funcname, + CK_RV rv) ISC_PLATFORM_NORETURN_POST; + +void +pk11_dump_tokens(void); + +CK_RV +pkcs_C_Initialize(CK_VOID_PTR pReserved); + +char * +pk11_get_load_error_message(void); + +CK_RV +pkcs_C_Finalize(CK_VOID_PTR pReserved); + +CK_RV +pkcs_C_GetSlotList(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, + CK_ULONG_PTR pulCount); + +CK_RV +pkcs_C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo); + +CK_RV +pkcs_C_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, + CK_MECHANISM_INFO_PTR pInfo); + +CK_RV +pkcs_C_OpenSession(CK_SLOT_ID slotID, CK_FLAGS flags, CK_VOID_PTR pApplication, + CK_RV (*Notify)(CK_SESSION_HANDLE hSession, + CK_NOTIFICATION event, + CK_VOID_PTR pApplication), + CK_SESSION_HANDLE_PTR phSession); + +CK_RV +pkcs_C_CloseSession(CK_SESSION_HANDLE hSession); + +CK_RV +pkcs_C_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, + CK_CHAR_PTR pPin, CK_ULONG usPinLen); + +CK_RV +pkcs_C_Logout(CK_SESSION_HANDLE hSession); + +CK_RV +pkcs_C_CreateObject(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG usCount, CK_OBJECT_HANDLE_PTR phObject); + +CK_RV +pkcs_C_DestroyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject); + +CK_RV +pkcs_C_GetAttributeValue(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG usCount); + +CK_RV +pkcs_C_SetAttributeValue(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG usCount); + +CK_RV +pkcs_C_FindObjectsInit(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG usCount); + +CK_RV +pkcs_C_FindObjects(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE_PTR phObject, + CK_ULONG usMaxObjectCount, CK_ULONG_PTR pusObjectCount); + +CK_RV +pkcs_C_FindObjectsFinal(CK_SESSION_HANDLE hSession); + +CK_RV +pkcs_C_EncryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey); + +CK_RV +pkcs_C_Encrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, + CK_ULONG ulDataLen, CK_BYTE_PTR pEncryptedData, + CK_ULONG_PTR pulEncryptedDataLen); + +CK_RV +pkcs_C_DigestInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism); + +CK_RV +pkcs_C_DigestUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, + CK_ULONG ulPartLen); + +CK_RV +pkcs_C_DigestFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pDigest, + CK_ULONG_PTR pulDigestLen); + +CK_RV +pkcs_C_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey); + +CK_RV +pkcs_C_Sign(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, + CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen); + +CK_RV +pkcs_C_SignUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, + CK_ULONG ulPartLen); + +CK_RV +pkcs_C_SignFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen); + +CK_RV +pkcs_C_VerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey); + +CK_RV +pkcs_C_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, + CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen); + +CK_RV +pkcs_C_VerifyUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, + CK_ULONG ulPartLen); + +CK_RV +pkcs_C_VerifyFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, + CK_ULONG ulSignatureLen); + +CK_RV +pkcs_C_GenerateKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phKey); + +CK_RV +pkcs_C_GenerateKeyPair(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, + CK_ATTRIBUTE_PTR pPublicKeyTemplate, + CK_ULONG usPublicKeyAttributeCount, + CK_ATTRIBUTE_PTR pPrivateKeyTemplate, + CK_ULONG usPrivateKeyAttributeCount, + CK_OBJECT_HANDLE_PTR phPrivateKey, + CK_OBJECT_HANDLE_PTR phPublicKey); + +CK_RV +pkcs_C_DeriveKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hBaseKey, CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey); + +CK_RV +pkcs_C_SeedRandom(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSeed, + CK_ULONG ulSeedLen); + +CK_RV +pkcs_C_GenerateRandom(CK_SESSION_HANDLE hSession, CK_BYTE_PTR RandomData, + CK_ULONG ulRandomLen); + +ISC_LANG_ENDDECLS + +#endif /* PK11_PK11_H */ |