1 /* libp11, a simple layer on to of PKCS#11 API
2 * Copyright (C) 2016-2018 Michał Trojnara <Michal.Trojnara@stunnel.org>
3 *
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
8 *
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
13 *
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17 */
18
19 #include "libp11-int.h"
20
21 /* The following exported functions are *not* implemented here:
22 * PKCS11_get_rsa_method
23 * PKCS11_get_ecdsa_method
24 * PKCS11_ecdsa_method_free
25 * PKCS11_get_ec_key_method
26 */
27
28 /* External interface to the libp11 features */
29
PKCS11_CTX_new(void)30 PKCS11_CTX *PKCS11_CTX_new(void)
31 {
32 return pkcs11_CTX_new();
33 }
34
PKCS11_CTX_init_args(PKCS11_CTX * ctx,const char * init_args)35 void PKCS11_CTX_init_args(PKCS11_CTX *ctx, const char *init_args)
36 {
37 if (check_fork(ctx) < 0)
38 return;
39 pkcs11_CTX_init_args(ctx, init_args);
40 }
41
PKCS11_CTX_load(PKCS11_CTX * ctx,const char * ident)42 int PKCS11_CTX_load(PKCS11_CTX *ctx, const char *ident)
43 {
44 if (check_fork(ctx) < 0)
45 return -1;
46 return pkcs11_CTX_load(ctx, ident);
47 }
48
PKCS11_CTX_unload(PKCS11_CTX * ctx)49 void PKCS11_CTX_unload(PKCS11_CTX *ctx)
50 {
51 if (check_fork(ctx) < 0)
52 return;
53 pkcs11_CTX_unload(ctx);
54 }
55
PKCS11_CTX_free(PKCS11_CTX * ctx)56 void PKCS11_CTX_free(PKCS11_CTX *ctx)
57 {
58 if (check_fork(ctx) < 0)
59 return;
60 pkcs11_CTX_free(ctx);
61 }
62
PKCS11_open_session(PKCS11_SLOT * slot,int rw)63 int PKCS11_open_session(PKCS11_SLOT *slot, int rw)
64 {
65 if (check_slot_fork(slot) < 0)
66 return -1;
67 return pkcs11_open_session(slot, rw, 0);
68 }
69
PKCS11_enumerate_slots(PKCS11_CTX * ctx,PKCS11_SLOT ** slotsp,unsigned int * nslotsp)70 int PKCS11_enumerate_slots(PKCS11_CTX *ctx,
71 PKCS11_SLOT **slotsp, unsigned int *nslotsp)
72 {
73 if (check_fork(ctx) < 0)
74 return -1;
75 return pkcs11_enumerate_slots(ctx, slotsp, nslotsp);
76 }
77
PKCS11_get_slotid_from_slot(PKCS11_SLOT * slot)78 unsigned long PKCS11_get_slotid_from_slot(PKCS11_SLOT *slot)
79 {
80 if (check_slot_fork(slot) < 0)
81 return 0L;
82 return pkcs11_get_slotid_from_slot(slot);
83 }
84
PKCS11_release_all_slots(PKCS11_CTX * ctx,PKCS11_SLOT * slots,unsigned int nslots)85 void PKCS11_release_all_slots(PKCS11_CTX *ctx,
86 PKCS11_SLOT *slots, unsigned int nslots)
87 {
88 if (check_fork(ctx) < 0)
89 return;
90 pkcs11_release_all_slots(ctx, slots, nslots);
91 }
92
PKCS11_find_token(PKCS11_CTX * ctx,PKCS11_SLOT * slots,unsigned int nslots)93 PKCS11_SLOT *PKCS11_find_token(PKCS11_CTX *ctx,
94 PKCS11_SLOT *slots, unsigned int nslots)
95 {
96 if (check_fork(ctx) < 0)
97 return NULL;
98 return pkcs11_find_token(ctx, slots, nslots);
99 }
100
PKCS11_find_next_token(PKCS11_CTX * ctx,PKCS11_SLOT * slots,unsigned int nslots,PKCS11_SLOT * current)101 PKCS11_SLOT *PKCS11_find_next_token(PKCS11_CTX *ctx,
102 PKCS11_SLOT *slots, unsigned int nslots,
103 PKCS11_SLOT *current)
104 {
105 if (check_fork(ctx) < 0)
106 return NULL;
107 return pkcs11_find_next_token(ctx, slots, nslots, current);
108 }
109
PKCS11_is_logged_in(PKCS11_SLOT * slot,int so,int * res)110 int PKCS11_is_logged_in(PKCS11_SLOT *slot, int so, int *res)
111 {
112 if (check_slot_fork(slot) < 0)
113 return -1;
114 return pkcs11_is_logged_in(slot, so, res);
115 }
116
PKCS11_login(PKCS11_SLOT * slot,int so,const char * pin)117 int PKCS11_login(PKCS11_SLOT *slot, int so, const char *pin)
118 {
119 if (check_slot_fork(slot) < 0)
120 return -1;
121 return pkcs11_login(slot, so, pin, 0);
122 }
123
PKCS11_logout(PKCS11_SLOT * slot)124 int PKCS11_logout(PKCS11_SLOT *slot)
125 {
126 if (check_slot_fork(slot) < 0)
127 return -1;
128 return pkcs11_logout(slot);
129 }
130
PKCS11_enumerate_keys(PKCS11_TOKEN * token,PKCS11_KEY ** keys,unsigned int * nkeys)131 int PKCS11_enumerate_keys(PKCS11_TOKEN *token,
132 PKCS11_KEY **keys, unsigned int *nkeys)
133 {
134 if (check_token_fork(token) < 0)
135 return -1;
136 return pkcs11_enumerate_keys(token, CKO_PRIVATE_KEY, keys, nkeys);
137 }
138
PKCS11_remove_key(PKCS11_KEY * key)139 int PKCS11_remove_key(PKCS11_KEY *key)
140 {
141 if (check_key_fork(key) < 0)
142 return -1;
143 return pkcs11_remove_key(key);
144 }
145
PKCS11_enumerate_public_keys(PKCS11_TOKEN * token,PKCS11_KEY ** keys,unsigned int * nkeys)146 int PKCS11_enumerate_public_keys(PKCS11_TOKEN *token,
147 PKCS11_KEY **keys, unsigned int *nkeys)
148 {
149 if (check_token_fork(token) < 0)
150 return -1;
151 return pkcs11_enumerate_keys(token, CKO_PUBLIC_KEY, keys, nkeys);
152 }
153
PKCS11_get_key_type(PKCS11_KEY * key)154 int PKCS11_get_key_type(PKCS11_KEY *key)
155 {
156 if (check_key_fork(key) < 0)
157 return -1;
158 return pkcs11_get_key_type(key);
159 }
160
PKCS11_get_private_key(PKCS11_KEY * key)161 EVP_PKEY *PKCS11_get_private_key(PKCS11_KEY *key)
162 {
163 if (check_key_fork(key) < 0)
164 return NULL;
165 return pkcs11_get_key(key, 1);
166 }
167
PKCS11_get_public_key(PKCS11_KEY * key)168 EVP_PKEY *PKCS11_get_public_key(PKCS11_KEY *key)
169 {
170 if (check_key_fork(key) < 0)
171 return NULL;
172 return pkcs11_get_key(key, 0);
173 }
174
PKCS11_find_certificate(PKCS11_KEY * key)175 PKCS11_CERT *PKCS11_find_certificate(PKCS11_KEY *key)
176 {
177 if (check_key_fork(key) < 0)
178 return NULL;
179 return pkcs11_find_certificate(key);
180 }
181
PKCS11_find_key(PKCS11_CERT * cert)182 PKCS11_KEY *PKCS11_find_key(PKCS11_CERT *cert)
183 {
184 if (check_cert_fork(cert) < 0)
185 return NULL;
186 return pkcs11_find_key(cert);
187 }
188
PKCS11_enumerate_certs(PKCS11_TOKEN * token,PKCS11_CERT ** certs,unsigned int * ncerts)189 int PKCS11_enumerate_certs(PKCS11_TOKEN *token,
190 PKCS11_CERT **certs, unsigned int *ncerts)
191 {
192 if (check_token_fork(token) < 0)
193 return -1;
194 return pkcs11_enumerate_certs(token, certs, ncerts);
195 }
196
PKCS11_remove_certificate(PKCS11_CERT * cert)197 int PKCS11_remove_certificate(PKCS11_CERT *cert)
198 {
199 if (check_cert_fork(cert) < 0)
200 return -1;
201 return pkcs11_remove_certificate(cert);
202 }
203
PKCS11_init_token(PKCS11_TOKEN * token,const char * pin,const char * label)204 int PKCS11_init_token(PKCS11_TOKEN *token, const char *pin,
205 const char *label)
206 {
207 if (check_token_fork(token) < 0)
208 return -1;
209 return pkcs11_init_token(token, pin, label);
210 }
211
PKCS11_init_pin(PKCS11_TOKEN * token,const char * pin)212 int PKCS11_init_pin(PKCS11_TOKEN *token, const char *pin)
213 {
214 if (check_token_fork(token) < 0)
215 return -1;
216 return pkcs11_init_pin(token, pin);
217 }
218
PKCS11_change_pin(PKCS11_SLOT * slot,const char * old_pin,const char * new_pin)219 int PKCS11_change_pin(PKCS11_SLOT *slot,
220 const char *old_pin, const char *new_pin)
221 {
222 if (check_slot_fork(slot) < 0)
223 return -1;
224 return pkcs11_change_pin(slot, old_pin, new_pin);
225 }
226
PKCS11_store_private_key(PKCS11_TOKEN * token,EVP_PKEY * pk,char * label,unsigned char * id,size_t id_len)227 int PKCS11_store_private_key(PKCS11_TOKEN *token,
228 EVP_PKEY *pk, char *label, unsigned char *id, size_t id_len)
229 {
230 if (check_token_fork(token) < 0)
231 return -1;
232 return pkcs11_store_private_key(token, pk, label, id, id_len);
233 }
234
PKCS11_store_public_key(PKCS11_TOKEN * token,EVP_PKEY * pk,char * label,unsigned char * id,size_t id_len)235 int PKCS11_store_public_key(PKCS11_TOKEN *token,
236 EVP_PKEY *pk, char *label, unsigned char *id, size_t id_len)
237 {
238 if (check_token_fork(token) < 0)
239 return -1;
240 return pkcs11_store_public_key(token, pk, label, id, id_len);
241 }
242
PKCS11_store_certificate(PKCS11_TOKEN * token,X509 * x509,char * label,unsigned char * id,size_t id_len,PKCS11_CERT ** ret_cert)243 int PKCS11_store_certificate(PKCS11_TOKEN *token, X509 *x509,
244 char *label, unsigned char *id, size_t id_len,
245 PKCS11_CERT **ret_cert)
246 {
247 if (check_token_fork(token) < 0)
248 return -1;
249 return pkcs11_store_certificate(token, x509, label, id, id_len, ret_cert);
250 }
251
PKCS11_seed_random(PKCS11_SLOT * slot,const unsigned char * s,unsigned int s_len)252 int PKCS11_seed_random(PKCS11_SLOT *slot, const unsigned char *s, unsigned int s_len)
253 {
254 if (check_slot_fork(slot) < 0)
255 return -1;
256 return pkcs11_seed_random(slot, s, s_len);
257 }
258
PKCS11_generate_random(PKCS11_SLOT * slot,unsigned char * r,unsigned int r_len)259 int PKCS11_generate_random(PKCS11_SLOT *slot, unsigned char *r, unsigned int r_len)
260 {
261 if (check_slot_fork(slot) < 0)
262 return -1;
263 return pkcs11_generate_random(slot, r, r_len);
264 }
265
ERR_load_PKCS11_strings(void)266 void ERR_load_PKCS11_strings(void)
267 {
268 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
269 OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
270 #endif
271 ERR_load_P11_strings();
272 ERR_load_CKR_strings();
273 }
274
PKCS11_set_ui_method(PKCS11_CTX * ctx,UI_METHOD * ui_method,void * ui_user_data)275 int PKCS11_set_ui_method(PKCS11_CTX *ctx, UI_METHOD *ui_method, void *ui_user_data)
276 {
277 if (check_fork(ctx) < 0)
278 return -1;
279 return pkcs11_set_ui_method(ctx, ui_method, ui_user_data);
280 }
281
282 /* External interface to the deprecated features */
283
PKCS11_generate_key(PKCS11_TOKEN * token,int algorithm,unsigned int bits,char * label,unsigned char * id,size_t id_len)284 int PKCS11_generate_key(PKCS11_TOKEN *token,
285 int algorithm, unsigned int bits,
286 char *label, unsigned char *id, size_t id_len)
287 {
288 if (check_token_fork(token) < 0)
289 return -1;
290 return pkcs11_generate_key(token, algorithm, bits, label, id, id_len);
291 }
292
PKCS11_get_key_size(PKCS11_KEY * key)293 int PKCS11_get_key_size(PKCS11_KEY *key)
294 {
295 if (check_key_fork(key) < 0)
296 return -1;
297 return pkcs11_get_key_size(key);
298 }
299
PKCS11_get_key_modulus(PKCS11_KEY * key,BIGNUM ** bn)300 int PKCS11_get_key_modulus(PKCS11_KEY *key, BIGNUM **bn)
301 {
302 if (check_key_fork(key) < 0)
303 return -1;
304 return pkcs11_get_key_modulus(key, bn);
305 }
306
PKCS11_get_key_exponent(PKCS11_KEY * key,BIGNUM ** bn)307 int PKCS11_get_key_exponent(PKCS11_KEY *key, BIGNUM **bn)
308 {
309 if (check_key_fork(key) < 0)
310 return -1;
311 return pkcs11_get_key_exponent(key, bn);
312 }
313
PKCS11_sign(int type,const unsigned char * m,unsigned int m_len,unsigned char * sigret,unsigned int * siglen,PKCS11_KEY * key)314 int PKCS11_sign(int type, const unsigned char *m, unsigned int m_len,
315 unsigned char *sigret, unsigned int *siglen, PKCS11_KEY *key)
316 {
317 if (check_key_fork(key) < 0)
318 return -1;
319 return pkcs11_sign(type, m, m_len, sigret, siglen, key);
320 }
321
PKCS11_private_encrypt(int flen,const unsigned char * from,unsigned char * to,PKCS11_KEY * key,int padding)322 int PKCS11_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
323 PKCS11_KEY *key, int padding)
324 {
325 if (check_key_fork(key) < 0)
326 return -1;
327 return pkcs11_private_encrypt(flen, from, to, key, padding);
328 }
329
PKCS11_private_decrypt(int flen,const unsigned char * from,unsigned char * to,PKCS11_KEY * key,int padding)330 int PKCS11_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
331 PKCS11_KEY *key, int padding)
332 {
333 if (check_key_fork(key) < 0)
334 return -1;
335 return pkcs11_private_decrypt(flen, from, to, key, padding);
336 }
337
PKCS11_verify(int type,const unsigned char * m,unsigned int m_len,unsigned char * signature,unsigned int siglen,PKCS11_KEY * key)338 int PKCS11_verify(int type, const unsigned char *m, unsigned int m_len,
339 unsigned char *signature, unsigned int siglen, PKCS11_KEY *key)
340 {
341 (void)type;
342 (void)m;
343 (void)m_len;
344 (void)signature;
345 (void)siglen;
346 (void)key;
347
348 /* PKCS11 calls go here */
349 P11err(P11_F_PKCS11_VERIFY, P11_R_NOT_SUPPORTED);
350 return -1;
351 }
352
353 /* vim: set noexpandtab: */
354