src/p11_child/p11_child.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

/*
    SSSD

    Helper child to commmunicate with SmartCard

    Authors:
        Sumit Bose <sbose@redhat.com>

    Copyright (C) 2018 Red Hat

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

#ifndef __P11_CHILD_H__
#define __P11_CHILD_H__

/* for CK_MECHANISM_TYPE */
#include <p11-kit/pkcs11.h>

/* Time to wait for new slot events. */
#define PKCS11_SLOT_EVENT_WAIT_TIME 1
struct p11_ctx;

struct cert_verify_opts {
    bool do_ocsp;
    bool do_verification;
    bool verification_partial_chain;
    char *ocsp_default_responder;
    char *ocsp_default_responder_signing_cert;
    char **crl_files;
    int num_files;
    CK_MECHANISM_TYPE ocsp_dgst;
    bool soft_ocsp;
    bool soft_crl;
};

enum op_mode {
    OP_NONE,
    OP_AUTH,
    OP_PREAUTH,
    OP_VERIFIY
};

enum pin_mode {
    PIN_NONE,
    PIN_STDIN,
    PIN_KEYPAD
};

errno_t init_p11_ctx(TALLOC_CTX *mem_ctx, const char *ca_db,
                     bool wait_for_card, struct p11_ctx **p11_ctx);

errno_t init_verification(struct p11_ctx *p11_ctx,
                          struct cert_verify_opts *cert_verify_opts);

bool do_verification_b64(struct p11_ctx *p11_ctx, const char *cert_b64);

errno_t do_card(TALLOC_CTX *mem_ctx, struct p11_ctx *p11_ctx,
                enum op_mode mode, const char *pin,
                const char *module_name_in, const char *token_name_in,
                const char *key_id_in, const char *label,
                const char *uri, char **_multi);

errno_t parse_cert_verify_opts(TALLOC_CTX *mem_ctx, const char *verify_opts,
                               struct cert_verify_opts **cert_verify_opts);
#endif /* __P11_CHILD_H__ */