1 /*
2  * sc-pkcs11.h: OpenSC project's PKCS#11 implementation header
3  *
4  * Copyright (C) 2002  Timo Teräs <timo.teras@iki.fi>
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, write to the Free Software
18  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
19  */
20 
21 #ifndef __sc_pkcs11_h__
22 #define __sc_pkcs11_h__
23 
24 #include "config.h"
25 
26 #include "libopensc/opensc.h"
27 #include "libopensc/pkcs15.h"
28 #include "libopensc/log.h"
29 
30 #define CRYPTOKI_EXPORTS
31 #include "pkcs11.h"
32 #include "pkcs11-opensc.h"
33 #include "pkcs11-display.h"
34 
35 #ifdef __cplusplus
36 extern "C" {
37 #endif
38 
39 #define SC_PKCS11_PIN_UNBLOCK_NOT_ALLOWED	0
40 #define SC_PKCS11_PIN_UNBLOCK_UNLOGGED_SETPIN	1
41 #define SC_PKCS11_PIN_UNBLOCK_SCONTEXT_SETPIN	2
42 #define SC_PKCS11_PIN_UNBLOCK_SO_LOGGED_INITPIN	3
43 
44 #define SC_PKCS11_SLOT_FOR_PIN_USER	1
45 #define SC_PKCS11_SLOT_FOR_PIN_SIGN	2
46 #define SC_PKCS11_SLOT_CREATE_ALL	8
47 
48 #define SC_PKCS11_SLOT_FOR_PINS		(SC_PKCS11_SLOT_FOR_PIN_USER | SC_PKCS11_SLOT_FOR_PIN_SIGN)
49 
50 #ifdef __cplusplus
51 }
52 #endif
53 
54 /* Decide whether to use pkcs11 for initialization support */
55 #ifdef ENABLE_OPENSSL
56 #define USE_PKCS15_INIT
57 #endif
58 
59 #ifdef __cplusplus
60 extern "C" {
61 #endif
62 
63 struct sc_pkcs11_session;
64 struct sc_pkcs11_slot;
65 struct sc_pkcs11_card;
66 
67 struct sc_pkcs11_config {
68 	unsigned int max_virtual_slots;
69 	unsigned int slots_per_card;
70 	unsigned char lock_login;
71 	unsigned char atomic;
72 	unsigned char init_sloppy;
73 	unsigned int pin_unblock_style;
74 	unsigned int create_puk_slot;
75 	unsigned int create_slots_flags;
76 	unsigned char ignore_pin_length;
77 };
78 
79 /*
80  * PKCS#11 Object abstraction layer
81  */
82 
83 struct sc_pkcs11_object_ops {
84 	/* Generic operations */
85 	void (*release)(void *);
86 
87 	/* Management methods */
88 	CK_RV (*set_attribute)(struct sc_pkcs11_session *, void *, CK_ATTRIBUTE_PTR);
89 	CK_RV (*get_attribute)(struct sc_pkcs11_session *, void *, CK_ATTRIBUTE_PTR);
90 	CK_RV (*cmp_attribute)(struct sc_pkcs11_session *, void *, CK_ATTRIBUTE_PTR);
91 
92 	CK_RV (*destroy_object)(struct sc_pkcs11_session *, void *);
93 	CK_RV (*get_size)(struct sc_pkcs11_session *, void *);
94 
95 	/* Cryptographic methods */
96 	CK_RV (*sign)(struct sc_pkcs11_session *, void *,
97 			CK_MECHANISM_PTR,
98 			CK_BYTE_PTR pData, CK_ULONG ulDataLen,
99 			CK_BYTE_PTR pSignature, CK_ULONG_PTR pulDataLen);
100 	CK_RV (*unwrap_key)(struct sc_pkcs11_session *, void *,
101 			CK_MECHANISM_PTR,
102 			CK_BYTE_PTR pData, CK_ULONG ulDataLen,
103 			void *targetKey);
104 	CK_RV (*decrypt)(struct sc_pkcs11_session *, void *,
105 			CK_MECHANISM_PTR,
106 			CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen,
107 			CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen);
108 
109 	CK_RV (*derive)(struct sc_pkcs11_session *, void *,
110 			CK_MECHANISM_PTR,
111 			CK_BYTE_PTR pSeedData, CK_ULONG ulSeedDataLen,
112 			CK_BYTE_PTR pDerived, CK_ULONG_PTR pulDerivedLen);
113 
114 	/* Check compatibility of PKCS#15 object usage and an asked PKCS#11 mechanism. */
115 	CK_RV (*can_do)(struct sc_pkcs11_session *, void *, CK_MECHANISM_TYPE, unsigned int);
116 
117 	/* General validation of mechanism parameters (sign, encrypt, etc) */
118 	CK_RV (*init_params)(struct sc_pkcs11_session *, CK_MECHANISM_PTR);
119 
120 	CK_RV (*wrap_key)(struct sc_pkcs11_session *, void *,
121 			CK_MECHANISM_PTR,
122 			void*,
123 			CK_BYTE_PTR pData, CK_ULONG_PTR ulDataLen);
124 
125 	/* Others to be added when implemented */
126 };
127 
128 struct sc_pkcs11_object {
129 	CK_OBJECT_HANDLE handle;
130 	int flags;
131 	struct sc_pkcs11_object_ops *ops;
132 };
133 
134 #define SC_PKCS11_OBJECT_SEEN	0x0001
135 #define SC_PKCS11_OBJECT_HIDDEN	0x0002
136 #define SC_PKCS11_OBJECT_RECURS	0x8000
137 
138 
139 /*
140  * PKCS#11 smart card Framework abstraction
141  */
142 
143 struct sc_pkcs11_framework_ops {
144 	/* Detect and bind card to framework */
145 	CK_RV (*bind)(struct sc_pkcs11_card *, struct sc_app_info *);
146 	/* Unbind and release allocated resources */
147 	CK_RV (*unbind)(struct sc_pkcs11_card *);
148 
149 	/* Create tokens to virtual slots and
150 	 * objects in tokens; called after bind */
151 	CK_RV (*create_tokens)(struct sc_pkcs11_card *, struct sc_app_info *);
152 	CK_RV (*release_token)(struct sc_pkcs11_card *, void *);
153 
154 	/* Login and logout */
155 	CK_RV (*login)(struct sc_pkcs11_slot *,
156 				CK_USER_TYPE, CK_CHAR_PTR, CK_ULONG);
157 	CK_RV (*logout)(struct sc_pkcs11_slot *);
158 	CK_RV (*change_pin)(struct sc_pkcs11_slot *,
159 				CK_CHAR_PTR, CK_ULONG,
160 				CK_CHAR_PTR, CK_ULONG);
161 	/*
162 	 * In future: functions to create new objects (i.e. certificates, private keys)
163 	 */
164 	CK_RV (*init_token)(struct sc_pkcs11_slot *, void *,
165 				CK_UTF8CHAR_PTR, CK_ULONG,
166 				CK_UTF8CHAR_PTR);
167 	CK_RV (*init_pin)(struct sc_pkcs11_slot *,
168 				CK_UTF8CHAR_PTR, CK_ULONG);
169 	CK_RV (*create_object)(struct sc_pkcs11_slot *,
170 				CK_ATTRIBUTE_PTR, CK_ULONG,
171 				CK_OBJECT_HANDLE_PTR);
172 	CK_RV (*gen_keypair)(struct sc_pkcs11_slot *,
173 				CK_MECHANISM_PTR,
174 				CK_ATTRIBUTE_PTR, CK_ULONG,
175 				CK_ATTRIBUTE_PTR, CK_ULONG,
176 				CK_OBJECT_HANDLE_PTR, CK_OBJECT_HANDLE_PTR);
177 	CK_RV (*get_random)(struct sc_pkcs11_slot *,
178 				CK_BYTE_PTR, CK_ULONG);
179 };
180 
181 /*
182  * PKCS#11 Slot (used to access card with specific framework data)
183  */
184 
185 #ifndef _WIN32
186 typedef unsigned long long sc_timestamp_t;
187 #else
188 typedef unsigned __int64   sc_timestamp_t;
189 #endif
190 
191 #define SC_PKCS11_FRAMEWORK_DATA_MAX_NUM	4
192 struct sc_pkcs11_card {
193 	sc_reader_t *reader;
194 	sc_card_t *card;
195 	struct sc_pkcs11_framework_ops *framework;
196 	void *fws_data[SC_PKCS11_FRAMEWORK_DATA_MAX_NUM];
197 
198 	/* List of supported mechanisms */
199 	struct sc_pkcs11_mechanism_type **mechanisms;
200 	unsigned int nmechanisms;
201 };
202 
203 /* If the slot did already show with `C_GetSlotList`, then we need to keep this
204  * slot alive. PKCS#11 2.30 allows allows adding but not removing slots until
205  * the application calls `C_GetSlotList` with `NULL`. This flag tracks the
206  * visibility to the application */
207 #define SC_PKCS11_SLOT_FLAG_SEEN 1
208 
209 struct sc_pkcs11_slot {
210 	CK_SLOT_ID id;			/* ID of the slot */
211 	int login_user;			/* Currently logged in user */
212 	CK_SLOT_INFO slot_info;		/* Slot specific information (information about reader) */
213 	CK_TOKEN_INFO token_info;	/* Token specific information (information about card) */
214 	sc_reader_t *reader;		/* same as card->reader if there's a card present */
215 	struct sc_pkcs11_card *p11card;	/* The card associated with this slot */
216 	unsigned int events;		/* Card events SC_EVENT_CARD_{INSERTED,REMOVED} */
217 	void *fw_data;			/* Framework specific data */  /* TODO: get know how it used */
218 	list_t objects;			/* Objects in this slot */
219 	unsigned int nsessions;		/* Number of sessions using this slot */
220 	sc_timestamp_t slot_state_expires;
221 
222 	int fw_data_idx;		/* Index of framework data */
223 	struct sc_app_info *app_info;	/* Application associated to slot */
224 	list_t logins;			/* tracks all calls to C_Login if atomic operations are requested */
225 	int flags;
226 };
227 typedef struct sc_pkcs11_slot sc_pkcs11_slot_t;
228 
229 /* Debug virtual slots. S is slot to be highlighted or NULL
230  * C is a comment format string and args It will be preceded by "VSS " */
231 #define DEBUG_VSS(S, ...) do { sc_log(context,"VSS " __VA_ARGS__); _debug_virtual_slots(S); } while (0)
232 
233 /* called by DEBUG_VSS to print table of virtual slots */
234 void  _debug_virtual_slots(sc_pkcs11_slot_t *p);
235 
236 /* Forward decl */
237 typedef struct sc_pkcs11_operation sc_pkcs11_operation_t;
238 
239 enum {
240 	SC_PKCS11_OPERATION_FIND = 0,
241 	SC_PKCS11_OPERATION_SIGN,
242 	SC_PKCS11_OPERATION_VERIFY,
243 	SC_PKCS11_OPERATION_DIGEST,
244 	SC_PKCS11_OPERATION_DECRYPT,
245 	SC_PKCS11_OPERATION_DERIVE,
246 	SC_PKCS11_OPERATION_WRAP,
247 	SC_PKCS11_OPERATION_UNWRAP,
248 	SC_PKCS11_OPERATION_MAX
249 };
250 
251 /* This describes a PKCS11 mechanism */
252 struct sc_pkcs11_mechanism_type {
253 	CK_MECHANISM_TYPE mech;		/* algorithm: md5, sha1, ... */
254 	CK_MECHANISM_INFO mech_info;	/* mechanism info */
255 	CK_MECHANISM_TYPE key_type;	/* for sign/decipher ops */
256 	unsigned int	  obj_size;
257 
258 	/* General management */
259 	void		  (*release)(sc_pkcs11_operation_t *);
260 
261 	/* Digest/sign Operations */
262 	CK_RV		  (*md_init)(sc_pkcs11_operation_t *);
263 	CK_RV		  (*md_update)(sc_pkcs11_operation_t *,
264 					CK_BYTE_PTR, CK_ULONG);
265 	CK_RV		  (*md_final)(sc_pkcs11_operation_t *,
266 					CK_BYTE_PTR, CK_ULONG_PTR);
267 
268 	CK_RV		  (*sign_init)(sc_pkcs11_operation_t *,
269 					struct sc_pkcs11_object *);
270 	CK_RV		  (*sign_update)(sc_pkcs11_operation_t *,
271 					CK_BYTE_PTR, CK_ULONG);
272 	CK_RV		  (*sign_final)(sc_pkcs11_operation_t *,
273 					CK_BYTE_PTR, CK_ULONG_PTR);
274 	CK_RV		  (*sign_size)(sc_pkcs11_operation_t *,
275 					CK_ULONG_PTR);
276 	CK_RV		  (*verif_init)(sc_pkcs11_operation_t *,
277 					struct sc_pkcs11_object *);
278 	CK_RV		  (*verif_update)(sc_pkcs11_operation_t *,
279 					CK_BYTE_PTR, CK_ULONG);
280 	CK_RV		  (*verif_final)(sc_pkcs11_operation_t *,
281 					CK_BYTE_PTR, CK_ULONG);
282 	CK_RV		  (*decrypt_init)(sc_pkcs11_operation_t *,
283 					struct sc_pkcs11_object *);
284 	CK_RV		  (*decrypt)(sc_pkcs11_operation_t *,
285 					CK_BYTE_PTR, CK_ULONG,
286 					CK_BYTE_PTR, CK_ULONG_PTR);
287 	CK_RV		  (*derive)(sc_pkcs11_operation_t *,
288 					struct sc_pkcs11_object *,
289 					CK_BYTE_PTR, CK_ULONG,
290 					CK_BYTE_PTR, CK_ULONG_PTR);
291 	CK_RV		  (*wrap)(sc_pkcs11_operation_t *,
292 					struct sc_pkcs11_object *,
293 					struct sc_pkcs11_object *,
294 					CK_BYTE_PTR, CK_ULONG_PTR);
295 	CK_RV		  (*unwrap)(sc_pkcs11_operation_t *,
296 					struct sc_pkcs11_object *,
297 					CK_BYTE_PTR, CK_ULONG,
298 					struct sc_pkcs11_object *);
299 
300 	/* mechanism specific data */
301 	const void *  mech_data;
302 	/* free mechanism specific data */
303 	void		  (*free_mech_data)(const void *mech_data);
304 };
305 typedef struct sc_pkcs11_mechanism_type sc_pkcs11_mechanism_type_t;
306 
307 /*
308  * Generic operation
309  */
310 struct sc_pkcs11_operation {
311 	sc_pkcs11_mechanism_type_t *type;
312 	CK_MECHANISM	  mechanism;
313 	union {
314 		CK_RSA_PKCS_PSS_PARAMS pss;
315 		CK_RSA_PKCS_OAEP_PARAMS oaep;
316 	} mechanism_params;
317 	struct sc_pkcs11_session *session;
318 	void *		  priv_data;
319 };
320 
321 /* Find Operation */
322 #define SC_PKCS11_FIND_INC_HANDLES	32
323 struct sc_pkcs11_find_operation {
324 	struct sc_pkcs11_operation operation;
325 	int num_handles, current_handle, allocated_handles;
326 	CK_OBJECT_HANDLE *handles;
327 };
328 
329 /*
330  * PKCS#11 Session
331  */
332 
333 struct sc_pkcs11_session {
334 	CK_SESSION_HANDLE handle;
335 	/* Session to this slot */
336 	struct sc_pkcs11_slot *slot;
337 	CK_FLAGS flags;
338 	/* Notifications */
339 	CK_NOTIFY notify_callback;
340 	CK_VOID_PTR notify_data;
341 	/* Active operations - one per type */
342 	struct sc_pkcs11_operation *operation[SC_PKCS11_OPERATION_MAX];
343 };
344 typedef struct sc_pkcs11_session sc_pkcs11_session_t;
345 
346 /* Module variables */
347 extern struct sc_context *context;
348 extern struct sc_pkcs11_config sc_pkcs11_conf;
349 extern list_t sessions;
350 extern list_t virtual_slots;
351 extern list_t cards;
352 
353 /* Framework definitions */
354 extern struct sc_pkcs11_framework_ops framework_pkcs15;
355 extern struct sc_pkcs11_framework_ops framework_pkcs15init;
356 
357 void strcpy_bp(u8 *dst, const char *src, size_t dstsize);
358 CK_RV sc_to_cryptoki_error(int rc, const char *ctx);
359 void sc_pkcs11_print_attrs(int level, const char *file, unsigned int line, const char *function,
360 		const char *info, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount);
361 #define dump_template(level, info, pTemplate, ulCount) \
362 		sc_pkcs11_print_attrs(level, __FILE__, __LINE__, __FUNCTION__, \
363 				info, pTemplate, ulCount)
364 
365 /* Slot and card handling functions */
366 CK_RV card_removed(sc_reader_t *reader);
367 CK_RV card_detect_all(void);
368 CK_RV create_slot(sc_reader_t *reader);
369 void init_slot_info(CK_SLOT_INFO_PTR pInfo, sc_reader_t *reader);
370 CK_RV card_detect(sc_reader_t *reader);
371 CK_RV slot_get_slot(CK_SLOT_ID id, struct sc_pkcs11_slot **);
372 CK_RV slot_get_token(CK_SLOT_ID id, struct sc_pkcs11_slot **);
373 CK_RV slot_token_removed(CK_SLOT_ID id);
374 CK_RV slot_allocate(struct sc_pkcs11_slot **, struct sc_pkcs11_card *);
375 CK_RV slot_find_changed(CK_SLOT_ID_PTR idp, int mask);
376 int slot_get_logged_in_state(struct sc_pkcs11_slot *slot);
377 
378 /* Login tracking functions */
379 CK_RV restore_login_state(struct sc_pkcs11_slot *slot);
380 CK_RV reset_login_state(struct sc_pkcs11_slot *slot, CK_RV rv);
381 CK_RV push_login_state(struct sc_pkcs11_slot *slot,
382 		CK_USER_TYPE userType, CK_CHAR_PTR pPin, CK_ULONG ulPinLen);
383 void pop_login_state(struct sc_pkcs11_slot *slot);
384 void pop_all_login_states(struct sc_pkcs11_slot *slot);
385 
386 /* Session manipulation */
387 CK_RV get_session(CK_SESSION_HANDLE hSession, struct sc_pkcs11_session ** session);
388 CK_RV session_start_operation(struct sc_pkcs11_session *,
389 			int, sc_pkcs11_mechanism_type_t *,
390 			struct sc_pkcs11_operation **);
391 CK_RV session_get_operation(struct sc_pkcs11_session *, int,
392 			struct sc_pkcs11_operation **);
393 CK_RV session_stop_operation(struct sc_pkcs11_session *, int);
394 CK_RV sc_pkcs11_close_all_sessions(CK_SLOT_ID);
395 
396 /* Generic secret key stuff */
397 CK_RV sc_pkcs11_create_secret_key(struct sc_pkcs11_session *,
398 			const u8 *, size_t,
399 			CK_ATTRIBUTE_PTR, CK_ULONG,
400 			struct sc_pkcs11_object **);
401 /* Generic object handling */
402 CK_RV sc_pkcs11_any_cmp_attribute(struct sc_pkcs11_session *,
403 			void *, CK_ATTRIBUTE_PTR);
404 
405 /* Get attributes from template (misc.c) */
406 CK_RV attr_find(CK_ATTRIBUTE_PTR, CK_ULONG, CK_ULONG, void *, size_t *);
407 CK_RV attr_find2(CK_ATTRIBUTE_PTR, CK_ULONG, CK_ATTRIBUTE_PTR, CK_ULONG,
408 		CK_ULONG, void *, size_t *);
409 CK_RV attr_find_ptr(CK_ATTRIBUTE_PTR, CK_ULONG, CK_ULONG, void **, size_t *);
410 CK_RV attr_find_ptr2(CK_ATTRIBUTE_PTR pTemp1, CK_ULONG ulCount1,
411 		CK_ATTRIBUTE_PTR pTemp2, CK_ULONG ulCount2, CK_ULONG type, void **ptr, size_t * sizep);
412 CK_RV attr_find_and_allocate_ptr(CK_ATTRIBUTE_PTR, CK_ULONG, CK_ULONG, void **, size_t *);
413 CK_RV attr_find_var(CK_ATTRIBUTE_PTR, CK_ULONG, CK_ULONG, void *, size_t *);
414 CK_RV attr_extract(CK_ATTRIBUTE_PTR, void *, size_t *);
415 
416 /* Generic Mechanism functions */
417 CK_RV sc_pkcs11_register_mechanism(struct sc_pkcs11_card *,
418 				sc_pkcs11_mechanism_type_t *);
419 CK_RV sc_pkcs11_get_mechanism_list(struct sc_pkcs11_card *,
420 				CK_MECHANISM_TYPE_PTR, CK_ULONG_PTR);
421 CK_RV sc_pkcs11_get_mechanism_info(struct sc_pkcs11_card *, CK_MECHANISM_TYPE,
422 				CK_MECHANISM_INFO_PTR);
423 CK_RV sc_pkcs11_md_init(struct sc_pkcs11_session *, CK_MECHANISM_PTR);
424 CK_RV sc_pkcs11_md_update(struct sc_pkcs11_session *, CK_BYTE_PTR, CK_ULONG);
425 CK_RV sc_pkcs11_md_final(struct sc_pkcs11_session *, CK_BYTE_PTR, CK_ULONG_PTR);
426 CK_RV sc_pkcs11_sign_init(struct sc_pkcs11_session *, CK_MECHANISM_PTR,
427 				struct sc_pkcs11_object *, CK_MECHANISM_TYPE);
428 CK_RV sc_pkcs11_sign_update(struct sc_pkcs11_session *, CK_BYTE_PTR, CK_ULONG);
429 CK_RV sc_pkcs11_sign_final(struct sc_pkcs11_session *, CK_BYTE_PTR, CK_ULONG_PTR);
430 CK_RV sc_pkcs11_sign_size(struct sc_pkcs11_session *, CK_ULONG_PTR);
431 #ifdef ENABLE_OPENSSL
432 CK_RV sc_pkcs11_verif_init(struct sc_pkcs11_session *, CK_MECHANISM_PTR,
433 				struct sc_pkcs11_object *, CK_MECHANISM_TYPE);
434 CK_RV sc_pkcs11_verif_update(struct sc_pkcs11_session *, CK_BYTE_PTR, CK_ULONG);
435 CK_RV sc_pkcs11_verif_final(struct sc_pkcs11_session *, CK_BYTE_PTR, CK_ULONG);
436 #endif
437 CK_RV sc_pkcs11_decr_init(struct sc_pkcs11_session *, CK_MECHANISM_PTR, struct sc_pkcs11_object *, CK_MECHANISM_TYPE);
438 CK_RV sc_pkcs11_decr(struct sc_pkcs11_session *, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR);
439 CK_RV sc_pkcs11_wrap(struct sc_pkcs11_session *,CK_MECHANISM_PTR, struct sc_pkcs11_object *, CK_KEY_TYPE, struct sc_pkcs11_object *, CK_BYTE_PTR, CK_ULONG_PTR);
440 CK_RV sc_pkcs11_unwrap(struct sc_pkcs11_session *,CK_MECHANISM_PTR, struct sc_pkcs11_object *, CK_KEY_TYPE, CK_BYTE_PTR, CK_ULONG, struct sc_pkcs11_object *);
441 CK_RV sc_pkcs11_deri(struct sc_pkcs11_session *, CK_MECHANISM_PTR,
442 				struct sc_pkcs11_object *, CK_KEY_TYPE,
443 				CK_SESSION_HANDLE, CK_OBJECT_HANDLE, struct sc_pkcs11_object *);
444 sc_pkcs11_mechanism_type_t *sc_pkcs11_find_mechanism(struct sc_pkcs11_card *,
445 				CK_MECHANISM_TYPE, unsigned int);
446 sc_pkcs11_mechanism_type_t *sc_pkcs11_new_fw_mechanism(CK_MECHANISM_TYPE,
447 				CK_MECHANISM_INFO_PTR, CK_KEY_TYPE,
448 				const void *, void (*)(const void *));
449 sc_pkcs11_operation_t *sc_pkcs11_new_operation(sc_pkcs11_session_t *,
450 				sc_pkcs11_mechanism_type_t *);
451 void sc_pkcs11_release_operation(sc_pkcs11_operation_t **);
452 CK_RV sc_pkcs11_register_generic_mechanisms(struct sc_pkcs11_card *);
453 #ifdef ENABLE_OPENSSL
454 void sc_pkcs11_register_openssl_mechanisms(struct sc_pkcs11_card *);
455 #endif
456 CK_RV sc_pkcs11_register_sign_and_hash_mechanism(struct sc_pkcs11_card *,
457 				CK_MECHANISM_TYPE, CK_MECHANISM_TYPE,
458 				sc_pkcs11_mechanism_type_t *);
459 
460 #ifdef ENABLE_OPENSSL
461 CK_RV sc_pkcs11_verify_data(const unsigned char *pubkey, unsigned int pubkey_len,
462 	const unsigned char *pubkey_params, unsigned int pubkey_params_len,
463 	CK_MECHANISM_PTR mech, sc_pkcs11_operation_t *md,
464 	unsigned char *inp, unsigned int inp_len,
465 	unsigned char *signat, unsigned int signat_len);
466 #endif
467 
468 /* Load configuration defaults */
469 void load_pkcs11_parameters(struct sc_pkcs11_config *, struct sc_context *);
470 
471 /* Locking primitives at the pkcs11 level */
472 CK_RV sc_pkcs11_init_lock(CK_C_INITIALIZE_ARGS_PTR);
473 CK_RV sc_pkcs11_lock(void);
474 void sc_pkcs11_unlock(void);
475 void sc_pkcs11_free_lock(void);
476 
477 #ifdef __cplusplus
478 }
479 #endif
480 
481 #endif  /* __sc_pkcs11_h__ */
482