1 /* libp11, a simple layer on to of PKCS#11 API 2 * Copyright (C) 2005 Olaf Kirch <okir@lst.de> 3 * 4 * This library is free software; you can redistribute it and/or 5 * modify it under the terms of the GNU Lesser General Public 6 * License as published by the Free Software Foundation; either 7 * version 2.1 of the License, or (at your option) any later version. 8 * 9 * This library is distributed in the hope that it will be useful, 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 12 * Lesser General Public License for more details. 13 * 14 * You should have received a copy of the GNU Lesser General Public 15 * License along with this library; if not, write to the Free Software 16 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 17 */ 18 19 /** 20 * @file libp11.h 21 * @brief libp11 header file 22 */ 23 24 #ifndef _LIB11_H 25 #define _LIB11_H 26 27 #include "p11_err.h" 28 #include <openssl/bio.h> 29 #include <openssl/err.h> 30 #include <openssl/bn.h> 31 #include <openssl/rsa.h> 32 #include <openssl/x509.h> 33 #include <openssl/evp.h> 34 35 #ifdef __cplusplus 36 extern "C" { 37 #endif 38 39 int ERR_load_CKR_strings(void); 40 void ERR_unload_CKR_strings(void); 41 void ERR_CKR_error(int function, int reason, char *file, int line); 42 # define CKRerr(f,r) ERR_CKR_error((f),(r),__FILE__,__LINE__) 43 int ERR_get_CKR_code(void); 44 45 /* 46 * The purpose of this library is to provide a simple PKCS11 47 * interface to OpenSSL application that wish to use a previously 48 * initialized card (as opposed to initializing it, etc). 49 * 50 * I am therefore making some simplifying assumptions: 51 * 52 * - no support for any operations that alter the card, 53 * i.e. readonly-login 54 */ 55 56 /** PKCS11 key object (public or private) */ 57 typedef struct PKCS11_key_st { 58 char *label; 59 unsigned char *id; 60 size_t id_len; 61 unsigned char isPrivate; /**< private key present? */ 62 unsigned char needLogin; /**< login to read private key? */ 63 EVP_PKEY *evp_key; /**< initially NULL, need to call PKCS11_load_key */ 64 void *_private; 65 } PKCS11_KEY; 66 67 /** PKCS11 certificate object */ 68 typedef struct PKCS11_cert_st { 69 char *label; 70 unsigned char *id; 71 size_t id_len; 72 X509 *x509; 73 void *_private; 74 } PKCS11_CERT; 75 76 /** PKCS11 token: smart card or USB key */ 77 typedef struct PKCS11_token_st { 78 char *label; 79 char *manufacturer; 80 char *model; 81 char *serialnr; 82 unsigned char initialized; 83 unsigned char loginRequired; 84 unsigned char secureLogin; 85 unsigned char userPinSet; 86 unsigned char readOnly; 87 unsigned char hasRng; 88 unsigned char userPinCountLow; 89 unsigned char userPinFinalTry; 90 unsigned char userPinLocked; 91 unsigned char userPinToBeChanged; 92 unsigned char soPinCountLow; 93 unsigned char soPinFinalTry; 94 unsigned char soPinLocked; 95 unsigned char soPinToBeChanged; 96 void *_private; 97 } PKCS11_TOKEN; 98 99 /** PKCS11 slot: card reader */ 100 typedef struct PKCS11_slot_st { 101 char *manufacturer; 102 char *description; 103 unsigned char removable; 104 PKCS11_TOKEN *token; /**< NULL if no token present */ 105 void *_private; 106 } PKCS11_SLOT; 107 108 /** PKCS11 context */ 109 typedef struct PKCS11_ctx_st { 110 char *manufacturer; 111 char *description; 112 void *_private; 113 } PKCS11_CTX; 114 115 /** 116 * Create a new libp11 context 117 * 118 * This should be the first function called in the use of libp11 119 * @return an allocated context 120 */ 121 extern PKCS11_CTX *PKCS11_CTX_new(void); 122 123 /** 124 * Specify any private PKCS#11 module initialization args, if necessary 125 * 126 * @return none 127 */ 128 extern void PKCS11_CTX_init_args(PKCS11_CTX * ctx, const char * init_args); 129 130 /** 131 * Load a PKCS#11 module 132 * 133 * @param ctx context allocated by PKCS11_CTX_new() 134 * @param ident PKCS#11 library filename 135 * @retval 0 success 136 * @retval -1 error 137 */ 138 extern int PKCS11_CTX_load(PKCS11_CTX * ctx, const char * ident); 139 140 /** 141 * Reinitialize a PKCS#11 module (after a fork) 142 * 143 * @param ctx context allocated by PKCS11_CTX_new() 144 * @retval 0 success 145 * @retval -1 error 146 */ 147 extern int PKCS11_CTX_reload(PKCS11_CTX * ctx); 148 149 /** 150 * Unload a PKCS#11 module 151 * 152 * @param ctx context allocated by PKCS11_CTX_new() 153 */ 154 extern void PKCS11_CTX_unload(PKCS11_CTX * ctx); 155 156 /** 157 * Free a libp11 context 158 * 159 * @param ctx context allocated by PKCS11_CTX_new() 160 */ 161 extern void PKCS11_CTX_free(PKCS11_CTX * ctx); 162 163 /** Open a session in RO or RW mode 164 * 165 * @param slot slot descriptor returned by PKCS11_find_token() or PKCS11_enumerate_slots() 166 * @param rw open in read/write mode is mode != 0, otherwise in read only mode 167 * @retval 0 success 168 * @retval -1 error 169 */ 170 extern int PKCS11_open_session(PKCS11_SLOT * slot, int rw); 171 172 /** 173 * Get a list of all slots 174 * 175 * @param ctx context allocated by PKCS11_CTX_new() 176 * @param slotsp pointer on a list of slots 177 * @param nslotsp size of the allocated list 178 * @retval 0 success 179 * @retval -1 error 180 */ 181 extern int PKCS11_enumerate_slots(PKCS11_CTX * ctx, 182 PKCS11_SLOT **slotsp, unsigned int *nslotsp); 183 184 /** 185 * Get the slot_id from a slot as it is stored in private 186 * 187 * @param slotp pointer on a slot 188 * @retval the slotid 189 */ 190 extern unsigned long PKCS11_get_slotid_from_slot(PKCS11_SLOT *slotp); 191 192 /** 193 * Free the list of slots allocated by PKCS11_enumerate_slots() 194 * 195 * @param ctx context allocated by PKCS11_CTX_new() 196 * @param slots list of slots allocated by PKCS11_enumerate_slots() 197 * @param nslots size of the list 198 */ 199 extern void PKCS11_release_all_slots(PKCS11_CTX * ctx, 200 PKCS11_SLOT *slots, unsigned int nslots); 201 202 /** 203 * Find the first slot with a token 204 * 205 * @param ctx context allocated by PKCS11_CTX_new() 206 * @param slots list of slots allocated by PKCS11_enumerate_slots() 207 * @param nslots size of the list 208 * @retval !=NULL pointer on a slot structure 209 * @retval NULL error 210 */ 211 PKCS11_SLOT *PKCS11_find_token(PKCS11_CTX * ctx, 212 PKCS11_SLOT *slots, unsigned int nslots); 213 214 /** 215 * Find the next slot with a token 216 * 217 * @param ctx context allocated by PKCS11_CTX_new() 218 * @param slots list of slots allocated by PKCS11_enumerate_slots() 219 * @param nslots size of the list 220 * @param slot current slot 221 * @retval !=NULL pointer on a slot structure 222 * @retval NULL error 223 */ 224 PKCS11_SLOT *PKCS11_find_next_token(PKCS11_CTX * ctx, 225 PKCS11_SLOT *slots, unsigned int nslots, 226 PKCS11_SLOT *slot); 227 228 /** 229 * Check if user is already authenticated to a card 230 * 231 * @param slot slot returned by PKCS11_find_token() 232 * @param so kind of login to check: CKU_SO if != 0, otherwise CKU_USER 233 * @param res pointer to return value: 1 if logged in, 0 if not logged in 234 * @retval 0 success 235 * @retval -1 error 236 */ 237 extern int PKCS11_is_logged_in(PKCS11_SLOT * slot, int so, int * res); 238 239 /** 240 * Authenticate to the card 241 * 242 * @param slot slot returned by PKCS11_find_token() 243 * @param so login as CKU_SO if != 0, otherwise login as CKU_USER 244 * @param pin PIN value 245 * @retval 0 success 246 * @retval -1 error 247 */ 248 extern int PKCS11_login(PKCS11_SLOT * slot, int so, const char *pin); 249 250 /** 251 * De-authenticate from the card 252 * 253 * @param slot slot returned by PKCS11_find_token() 254 * @retval 0 success 255 * @retval -1 error 256 */ 257 extern int PKCS11_logout(PKCS11_SLOT * slot); 258 259 /* Get a list of private keys associated with this token */ 260 extern int PKCS11_enumerate_keys(PKCS11_TOKEN *, 261 PKCS11_KEY **, unsigned int *); 262 263 /* Remove the key from this token */ 264 extern int PKCS11_remove_key(PKCS11_KEY *); 265 266 /* Get a list of public keys associated with this token */ 267 extern int PKCS11_enumerate_public_keys(PKCS11_TOKEN *, 268 PKCS11_KEY **, unsigned int *); 269 270 /* Get the key type (as EVP_PKEY_XXX) */ 271 extern int PKCS11_get_key_type(PKCS11_KEY *); 272 273 /** 274 * Returns a EVP_PKEY object for the private key 275 * 276 * @param key PKCS11_KEY object 277 * @retval !=NULL reference to the EVP_PKEY object 278 * @retval NULL error 279 */ 280 extern EVP_PKEY *PKCS11_get_private_key(PKCS11_KEY *key); 281 282 /** 283 * Returns a EVP_PKEY object with the public key 284 * 285 * @param key PKCS11_KEY object 286 * @retval !=NULL reference to the EVP_PKEY object 287 * @retval NULL error 288 */ 289 extern EVP_PKEY *PKCS11_get_public_key(PKCS11_KEY *key); 290 291 /* Find the corresponding certificate (if any) */ 292 extern PKCS11_CERT *PKCS11_find_certificate(PKCS11_KEY *); 293 294 /* Find the corresponding key (if any) */ 295 extern PKCS11_KEY *PKCS11_find_key(PKCS11_CERT *); 296 297 /* Get a list of all certificates associated with this token */ 298 extern int PKCS11_enumerate_certs(PKCS11_TOKEN *, PKCS11_CERT **, unsigned int *); 299 300 /* Remove the certificate from this token */ 301 extern int PKCS11_remove_certificate(PKCS11_CERT *); 302 303 /* Set UI method to allow retrieving CKU_CONTEXT_SPECIFIC PINs interactively */ 304 extern int PKCS11_set_ui_method(PKCS11_CTX *ctx, 305 UI_METHOD *ui_method, void *ui_user_data); 306 307 /** 308 * Initialize a token 309 * 310 * @param token token descriptor (in general slot->token) 311 * @param pin Security Officer PIN value 312 * @param label new name of the token 313 * @retval 0 success 314 * @retval -1 error 315 */ 316 extern int PKCS11_init_token(PKCS11_TOKEN * token, const char *pin, 317 const char *label); 318 319 /** 320 * Initialize the user PIN on a token 321 * 322 * @param token token descriptor (in general slot->token) 323 * @param pin new user PIN value 324 * @retval 0 success 325 * @retval -1 error 326 */ 327 extern int PKCS11_init_pin(PKCS11_TOKEN * token, const char *pin); 328 329 /** 330 * Change the currently used (either USER or SO) PIN on a token. 331 * 332 * @param slot slot returned by PKCS11_find_token() 333 * @param old_pin old PIN value 334 * @param new_pin new PIN value 335 * @retval 0 success 336 * @retval -1 error 337 */ 338 extern int PKCS11_change_pin(PKCS11_SLOT * slot, const char *old_pin, 339 const char *new_pin); 340 341 /** 342 * Store private key on a token 343 * 344 * @param token token returned by PKCS11_find_token() 345 * @param pk private key 346 * @param label label for this key 347 * @param id bytes to use as the id value 348 * @param id_len length of the id value 349 * @retval 0 success 350 * @retval -1 error 351 */ 352 extern int PKCS11_store_private_key(PKCS11_TOKEN * token, EVP_PKEY * pk, char *label, unsigned char *id, size_t id_len); 353 354 /** 355 * Store public key on a token 356 * 357 * @param token token returned by PKCS11_find_token() 358 * @param pk private key 359 * @param label label for this key 360 * @param id bytes to use as the id value 361 * @param id_len length of the id value 362 * @retval 0 success 363 * @retval -1 error 364 */ 365 extern int PKCS11_store_public_key(PKCS11_TOKEN * token, EVP_PKEY * pk, char *label, unsigned char *id, size_t id_len); 366 367 /** 368 * Store certificate on a token 369 * 370 * @param token token returned by PKCS11_find_token() 371 * @param x509 x509 certificate object 372 * @param label label for this certificate 373 * @param id bytes to use as the id value 374 * @param id_len length of the id value 375 * @param ret_cert put new PKCS11_CERT object here 376 * @retval 0 success 377 * @retval -1 error 378 */ 379 extern int PKCS11_store_certificate(PKCS11_TOKEN * token, X509 * x509, 380 char *label, unsigned char *id, size_t id_len, 381 PKCS11_CERT **ret_cert); 382 383 /* Access the random number generator */ 384 extern int PKCS11_seed_random(PKCS11_SLOT *slot, const unsigned char *s, unsigned int s_len); 385 extern int PKCS11_generate_random(PKCS11_SLOT *slot, unsigned char *r, unsigned int r_len); 386 387 /* 388 * PKCS#11 implementation for OpenSSL methods 389 */ 390 RSA_METHOD *PKCS11_get_rsa_method(void); 391 /* Also define unsupported methods to retain backward compatibility */ 392 #if OPENSSL_VERSION_NUMBER >= 0x10100002L && !defined(LIBRESSL_VERSION_NUMBER) 393 EC_KEY_METHOD *PKCS11_get_ec_key_method(void); 394 void *PKCS11_get_ecdsa_method(void); 395 void *PKCS11_get_ecdh_method(void); 396 #else 397 void *PKCS11_get_ec_key_method(void); 398 ECDSA_METHOD *PKCS11_get_ecdsa_method(void); 399 ECDH_METHOD *PKCS11_get_ecdh_method(void); 400 #endif 401 int PKCS11_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth, 402 const int **nids, int nid); 403 404 /** 405 * Load PKCS11 error strings 406 * 407 * Call this function to be able to use ERR_reason_error_string(ERR_get_error()) 408 * to get an textual version of the latest error code 409 */ 410 extern void ERR_load_PKCS11_strings(void); 411 412 #if defined(_LIBP11_INT_H) 413 /* Deprecated functions will no longer be exported in libp11 0.5.0 */ 414 /* They are, however, used internally in OpenSSL method definitions */ 415 #define P11_DEPRECATED(msg) 416 #elif defined(_MSC_VER) 417 #define P11_DEPRECATED(msg) __declspec(deprecated(msg)) 418 #elif defined(__GNUC__) 419 #if (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) >= 40500 420 /* GCC >= 4.5.0 supports printing a message */ 421 #define P11_DEPRECATED(msg) __attribute__ ((deprecated(msg))) 422 #else 423 #define P11_DEPRECATED(msg) __attribute__ ((deprecated)) 424 #endif 425 #elif defined(__clang__) 426 #define P11_DEPRECATED(msg) __attribute__ ((deprecated(msg))) 427 #else 428 #define P11_DEPRECATED(msg) 429 #endif 430 431 #define P11_DEPRECATED_FUNC \ 432 P11_DEPRECATED("This function will be removed in libp11 0.5.0") 433 434 /* 435 * These functions will be removed from libp11, because they partially 436 * duplicate the functionality OpenSSL provides for EVP_PKEY objects 437 */ 438 439 /** 440 * Generate a private key on the token 441 * 442 * @param token token returned by PKCS11_find_token() 443 * @param algorithm IGNORED (still here for backward compatibility) 444 * @param bits size of the modulus in bits 445 * @param label label for this key 446 * @param id bytes to use as the id value 447 * @param id_len length of the id value 448 * @retval 0 success 449 * @retval -1 error 450 */ 451 P11_DEPRECATED_FUNC extern int PKCS11_generate_key(PKCS11_TOKEN * token, 452 int algorithm, unsigned int bits, 453 char *label, unsigned char* id, size_t id_len); 454 455 /* Get the RSA key modulus size (in bytes) */ 456 P11_DEPRECATED_FUNC extern int PKCS11_get_key_size(PKCS11_KEY *); 457 458 /* Get the RSA key modules as BIGNUM */ 459 P11_DEPRECATED_FUNC extern int PKCS11_get_key_modulus(PKCS11_KEY *, BIGNUM **); 460 461 /* Get the RSA key public exponent as BIGNUM */ 462 P11_DEPRECATED_FUNC extern int PKCS11_get_key_exponent(PKCS11_KEY *, BIGNUM **); 463 464 /* Sign with the EC private key */ 465 P11_DEPRECATED_FUNC extern int PKCS11_ecdsa_sign( 466 const unsigned char *m, unsigned int m_len, 467 unsigned char *sigret, unsigned int *siglen, PKCS11_KEY * key); 468 469 /* Sign with the RSA private key */ 470 P11_DEPRECATED_FUNC extern int PKCS11_sign(int type, 471 const unsigned char *m, unsigned int m_len, 472 unsigned char *sigret, unsigned int *siglen, PKCS11_KEY * key); 473 474 /* This function has never been implemented */ 475 P11_DEPRECATED_FUNC extern int PKCS11_verify(int type, 476 const unsigned char *m, unsigned int m_len, 477 unsigned char *signature, unsigned int siglen, PKCS11_KEY * key); 478 479 /* Encrypts data using the private key */ 480 P11_DEPRECATED_FUNC extern int PKCS11_private_encrypt( 481 int flen, const unsigned char *from, 482 unsigned char *to, PKCS11_KEY * rsa, int padding); 483 484 /** 485 * Decrypts data using the private key 486 * 487 * @param flen length of the encrypted data 488 * @param from encrypted data 489 * @param to output buffer (MUST be a least flen bytes long) 490 * @param key private key object 491 * @param padding padding algorithm to be used 492 * @return the length of the decrypted data or 0 if an error occurred 493 */ 494 P11_DEPRECATED_FUNC extern int PKCS11_private_decrypt( 495 int flen, const unsigned char *from, 496 unsigned char *to, PKCS11_KEY * key, int padding); 497 498 /* Function codes */ 499 # define CKR_F_PKCS11_CHANGE_PIN 100 500 # define CKR_F_PKCS11_CHECK_TOKEN 101 501 # define CKR_F_PKCS11_CTX_LOAD 102 502 # define CKR_F_PKCS11_ECDH_DERIVE 103 503 # define CKR_F_PKCS11_ECDSA_SIGN 104 504 # define CKR_F_PKCS11_ENUMERATE_SLOTS 105 505 # define CKR_F_PKCS11_FIND_CERTS 106 506 # define CKR_F_PKCS11_FIND_KEYS 107 507 # define CKR_F_PKCS11_GENERATE_RANDOM 108 508 # define CKR_F_PKCS11_GETATTR_ALLOC 109 509 # define CKR_F_PKCS11_GETATTR_BN 110 510 # define CKR_F_PKCS11_GETATTR_INT 111 511 # define CKR_F_PKCS11_INIT_PIN 112 512 # define CKR_F_PKCS11_INIT_SLOT 113 513 # define CKR_F_PKCS11_INIT_TOKEN 114 514 # define CKR_F_PKCS11_IS_LOGGED_IN 115 515 # define CKR_F_PKCS11_LOGIN 116 516 # define CKR_F_PKCS11_LOGOUT 117 517 # define CKR_F_PKCS11_NEXT_CERT 118 518 # define CKR_F_PKCS11_NEXT_KEY 119 519 # define CKR_F_PKCS11_OPEN_SESSION 120 520 # define CKR_F_PKCS11_PRIVATE_DECRYPT 121 521 # define CKR_F_PKCS11_PRIVATE_ENCRYPT 122 522 # define CKR_F_PKCS11_RELOAD_KEY 123 523 # define CKR_F_PKCS11_REOPEN_SESSION 124 524 # define CKR_F_PKCS11_SEED_RANDOM 125 525 # define CKR_F_PKCS11_STORE_CERTIFICATE 126 526 # define CKR_F_PKCS11_STORE_KEY 127 527 # define CKR_F_PKCS11_REMOVE_KEY 128 528 # define CKR_F_PKCS11_REMOVE_CERTIFICATE 129 529 # define CKR_F_PKCS11_GENERATE_KEY 130 530 531 /* Backward compatibility of error function codes */ 532 #define PKCS11_F_PKCS11_CHANGE_PIN CKR_F_PKCS11_CHANGE_PIN 533 #define PKCS11_F_PKCS11_CHECK_TOKEN CKR_F_PKCS11_CHECK_TOKEN 534 #define PKCS11_F_PKCS11_CTX_LOAD CKR_F_PKCS11_CTX_LOAD 535 #define PKCS11_F_PKCS11_ECDH_DERIVE CKR_F_PKCS11_ECDH_DERIVE 536 #define PKCS11_F_PKCS11_ECDSA_SIGN CKR_F_PKCS11_ECDSA_SIGN 537 #define PKCS11_F_PKCS11_ENUMERATE_SLOTS CKR_F_PKCS11_ENUMERATE_SLOTS 538 #define PKCS11_F_PKCS11_FIND_CERTS CKR_F_PKCS11_FIND_CERTS 539 #define PKCS11_F_PKCS11_FIND_KEYS CKR_F_PKCS11_FIND_KEYS 540 #define PKCS11_F_PKCS11_GENERATE_RANDOM CKR_F_PKCS11_GENERATE_RANDOM 541 #define PKCS11_F_PKCS11_GETATTR_ALLOC CKR_F_PKCS11_GETATTR_ALLOC 542 #define PKCS11_F_PKCS11_GETATTR_BN CKR_F_PKCS11_GETATTR_BN 543 #define PKCS11_F_PKCS11_GETATTR_INT CKR_F_PKCS11_GETATTR_INT 544 #define PKCS11_F_PKCS11_INIT_PIN CKR_F_PKCS11_INIT_PIN 545 #define PKCS11_F_PKCS11_INIT_SLOT CKR_F_PKCS11_INIT_SLOT 546 #define PKCS11_F_PKCS11_INIT_TOKEN CKR_F_PKCS11_INIT_TOKEN 547 #define PKCS11_F_PKCS11_IS_LOGGED_IN CKR_F_PKCS11_IS_LOGGED_IN 548 #define PKCS11_F_PKCS11_LOGIN CKR_F_PKCS11_LOGIN 549 #define PKCS11_F_PKCS11_LOGOUT CKR_F_PKCS11_LOGOUT 550 #define PKCS11_F_PKCS11_NEXT_CERT CKR_F_PKCS11_NEXT_CERT 551 #define PKCS11_F_PKCS11_NEXT_KEY CKR_F_PKCS11_NEXT_KEY 552 #define PKCS11_F_PKCS11_OPEN_SESSION CKR_F_PKCS11_OPEN_SESSION 553 #define PKCS11_F_PKCS11_PRIVATE_DECRYPT CKR_F_PKCS11_PRIVATE_DECRYPT 554 #define PKCS11_F_PKCS11_PRIVATE_ENCRYPT CKR_F_PKCS11_PRIVATE_ENCRYPT 555 #define PKCS11_F_PKCS11_RELOAD_KEY CKR_F_PKCS11_RELOAD_KEY 556 #define PKCS11_F_PKCS11_REOPEN_SESSION CKR_F_PKCS11_REOPEN_SESSION 557 #define PKCS11_F_PKCS11_SEED_RANDOM CKR_F_PKCS11_SEED_RANDOM 558 #define PKCS11_F_PKCS11_STORE_CERTIFICATE CKR_F_PKCS11_STORE_CERTIFICATE 559 #define PKCS11_F_PKCS11_STORE_KEY CKR_F_PKCS11_STORE_KEY 560 #define PKCS11_F_PKCS11_REMOVE_KEY CKR_F_PKCS11_REMOVE_KEY 561 #define PKCS11_F_PKCS11_REMOVE_CERTIFICATE CKR_F_PKCS11_REMOVE_CERTIFICATE 562 #define PKCS11_F_PKCS11_GENERATE_KEY CKR_F_PKCS11_GENERATE_KEY 563 564 /* Backward compatibility of error reason codes */ 565 #define PKCS11_LOAD_MODULE_ERROR P11_R_LOAD_MODULE_ERROR 566 #define PKCS11_MODULE_LOADED_ERROR -1 567 #define PKCS11_SYMBOL_NOT_FOUND_ERROR -1 568 #define PKCS11_NOT_SUPPORTED P11_R_NOT_SUPPORTED 569 #define PKCS11_NO_SESSION P11_R_NO_SESSION 570 #define PKCS11_KEYGEN_FAILED P11_R_KEYGEN_FAILED 571 #define PKCS11_UI_FAILED P11_R_UI_FAILED 572 573 /* Backward compatibility emulation of the ERR_LIB_PKCS11 constant. 574 * We currently use two separate variables for library error codes: 575 * one for imported PKCS#11 module errors, and one for our own libp11 errors. 576 * We return the value for PKCS#11, as it is more likely to be needed. */ 577 #define ERR_LIB_PKCS11 (ERR_get_CKR_code()) 578 579 #ifdef __cplusplus 580 } 581 #endif 582 #endif 583 584 /* vim: set noexpandtab: */ 585