xref: /minix/external/bsd/bind/dist/lib/isc/include/pk11/pk11.h (revision 00b67f09) 
1 /*	$NetBSD: pk11.h,v 1.1.1.4 2014/12/10 03:34:44 christos Exp $	*/
2 
3 /*
4  * Copyright (C) 2014  Internet Systems Consortium, Inc. ("ISC")
5  *
6  * Permission to use, copy, modify, and/or distribute this software for any
7  * purpose with or without fee is hereby granted, provided that the above
8  * copyright notice and this permission notice appear in all copies.
9  *
10  * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
11  * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
12  * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
13  * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
14  * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
15  * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
16  * PERFORMANCE OF THIS SOFTWARE.
17  */
18 
19 #ifndef PK11_PK11_H
20 #define PK11_PK11_H 1
21 
22 /*! \file pk11/pk11.h */
23 
24 #include <isc/lang.h>
25 #include <isc/magic.h>
26 #include <isc/types.h>
27 
28 #define PK11_FATALCHECK(func, args) \
29 	((void) (((rv = (func) args) == CKR_OK) || \
30 		 ((pk11_error_fatalcheck)(__FILE__, __LINE__, #func, rv), 0)))
31 
32 #include <pkcs11/cryptoki.h>
33 
34 ISC_LANG_BEGINDECLS
35 
36 #define SES_MAGIC	ISC_MAGIC('P','K','S','S')
37 #define TOK_MAGIC	ISC_MAGIC('P','K','T','K')
38 
39 #define VALID_SES(x)	ISC_MAGIC_VALID(x, SES_MAGIC)
40 #define VALID_TOK(x)	ISC_MAGIC_VALID(x, TOK_MAGIC)
41 
42 typedef struct pk11_context pk11_context_t;
43 
44 struct pk11_object {
45 	CK_OBJECT_HANDLE	object;
46 	CK_SLOT_ID		slot;
47 	CK_BBOOL		ontoken;
48 	CK_BBOOL		reqlogon;
49 	CK_BYTE			attrcnt;
50 	CK_ATTRIBUTE		*repr;
51 };
52 
53 struct pk11_context {
54 	void			*handle;
55 	CK_SESSION_HANDLE	session;
56 	CK_BBOOL		ontoken;
57 	CK_OBJECT_HANDLE	object;
58 #ifndef PKCS11CRYPTOWITHHMAC
59 	unsigned char		*key;
60 #endif
61 };
62 
63 typedef struct pk11_object pk11_object_t;
64 
65 typedef enum {
66 	OP_ANY = 0,
67 	OP_RAND = 1,
68 	OP_RSA = 2,
69 	OP_DSA = 3,
70 	OP_DH = 4,
71 	OP_DIGEST = 5,
72 	OP_EC = 6,
73 	OP_GOST = 7,
74 	OP_AES = 8,
75 	OP_MAX = 9
76 } pk11_optype_t;
77 
78 /*%
79  * Function prototypes
80  */
81 
82 void pk11_set_lib_name(const char *lib_name);
83 /*%<
84  * Set the PKCS#11 provider (aka library) path/name.
85  */
86 
87 isc_result_t pk11_initialize(isc_mem_t *mctx, const char *engine);
88 /*%<
89  * Initialize PKCS#11 device
90  *
91  * mctx:   memory context to attach to pk11_mctx.
92  * engine: PKCS#11 provider (aka library) path/name.
93  *
94  * returns:
95  *         ISC_R_SUCCESS
96  *         PK11_R_NOPROVIDER: can't load the provider
97  *         PK11_R_INITFAILED: C_Initialize() failed
98  *         PK11_R_NORANDOMSERVICE: can't find required random service
99  *         PK11_R_NODIGESTSERVICE: can't find required digest service
100  *         PK11_R_NOAESSERVICE: can't find required AES service
101  */
102 
103 isc_result_t pk11_get_session(pk11_context_t *ctx,
104 			      pk11_optype_t optype,
105 			      isc_boolean_t need_services,
106 			      isc_boolean_t rw,
107 			      isc_boolean_t logon,
108 			      const char *pin,
109 			      CK_SLOT_ID slot);
110 /*%<
111  * Initialize PKCS#11 device and acquire a session.
112  *
113  * need_services:
114  * 	  if ISC_TRUE, this session requires full PKCS#11 API
115  * 	  support including random and digest services, and
116  * 	  the lack of these services will cause the session not
117  * 	  to be initialized.  If ISC_FALSE, the function will return
118  * 	  an error code indicating the missing service, but the
119  * 	  session will be usable for other purposes.
120  * rw:    if ISC_TRUE, session will be read/write (useful for
121  *        generating or destroying keys); otherwise read-only.
122  * login: indicates whether to log in to the device
123  * pin:   optional PIN, overriding any PIN currently associated
124  *        with the
125  * slot:  device slot ID
126  */
127 
128 void pk11_return_session(pk11_context_t *ctx);
129 /*%<
130  * Release an active PKCS#11 session for reuse.
131  */
132 
133 isc_result_t pk11_finalize(void);
134 /*%<
135  * Shut down PKCS#11 device and free all sessions.
136  */
137 
138 isc_result_t pk11_rand_bytes(unsigned char *buf, int num);
139 
140 void pk11_rand_seed_fromfile(const char *randomfile);
141 
142 isc_result_t pk11_parse_uri(pk11_object_t *obj, const char *label,
143 			    isc_mem_t *mctx, pk11_optype_t optype);
144 
145 ISC_PLATFORM_NORETURN_PRE void
146 pk11_error_fatalcheck(const char *file, int line,
147 		      const char *funcname, CK_RV rv)
148 ISC_PLATFORM_NORETURN_POST;
149 
150 void pk11_dump_tokens(void);
151 
152 CK_RV
153 pkcs_C_Initialize(CK_VOID_PTR pReserved);
154 
155 CK_RV
156 pkcs_C_Finalize(CK_VOID_PTR pReserved);
157 
158 CK_RV
159 pkcs_C_GetSlotList(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList,
160 		   CK_ULONG_PTR pulCount);
161 
162 CK_RV
163 pkcs_C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo);
164 
165 CK_RV
166 pkcs_C_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type,
167 			CK_MECHANISM_INFO_PTR pInfo);
168 
169 CK_RV
170 pkcs_C_OpenSession(CK_SLOT_ID slotID, CK_FLAGS flags,
171 		   CK_VOID_PTR pApplication,
172 		   CK_RV  (*Notify) (CK_SESSION_HANDLE hSession,
173 				     CK_NOTIFICATION event,
174 				     CK_VOID_PTR pApplication),
175 		   CK_SESSION_HANDLE_PTR phSession);
176 
177 CK_RV
178 pkcs_C_CloseSession(CK_SESSION_HANDLE hSession);
179 
180 CK_RV
181 pkcs_C_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType,
182 	     CK_CHAR_PTR pPin, CK_ULONG usPinLen);
183 
184 CK_RV
185 pkcs_C_Logout(CK_SESSION_HANDLE hSession);
186 
187 CK_RV
188 pkcs_C_CreateObject(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate,
189 		    CK_ULONG usCount, CK_OBJECT_HANDLE_PTR phObject);
190 
191 CK_RV
192 pkcs_C_DestroyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject);
193 
194 CK_RV
195 pkcs_C_GetAttributeValue(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject,
196 			 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG usCount);
197 
198 CK_RV
199 pkcs_C_SetAttributeValue(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject,
200 			 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG usCount);
201 
202 CK_RV
203 pkcs_C_FindObjectsInit(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate,
204 		       CK_ULONG usCount);
205 
206 CK_RV
207 pkcs_C_FindObjects(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE_PTR phObject,
208 		   CK_ULONG usMaxObjectCount, CK_ULONG_PTR pusObjectCount);
209 
210 CK_RV
211 pkcs_C_FindObjectsFinal(CK_SESSION_HANDLE hSession);
212 
213 CK_RV
214 pkcs_C_EncryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
215 		   CK_OBJECT_HANDLE hKey);
216 
217 CK_RV
218 pkcs_C_Encrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
219 	       CK_ULONG ulDataLen, CK_BYTE_PTR pEncryptedData,
220 	       CK_ULONG_PTR pulEncryptedDataLen);
221 
222 CK_RV
223 pkcs_C_DigestInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism);
224 
225 CK_RV
226 pkcs_C_DigestUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
227 		    CK_ULONG ulPartLen);
228 
229 CK_RV
230 pkcs_C_DigestFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pDigest,
231 		   CK_ULONG_PTR pulDigestLen);
232 
233 CK_RV
234 pkcs_C_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
235 		CK_OBJECT_HANDLE hKey);
236 
237 CK_RV
238 pkcs_C_Sign(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
239 	    CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
240 	    CK_ULONG_PTR pulSignatureLen);
241 
242 CK_RV
243 pkcs_C_SignUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
244 		  CK_ULONG ulPartLen);
245 
246 CK_RV
247 pkcs_C_SignFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
248 		 CK_ULONG_PTR pulSignatureLen);
249 
250 CK_RV
251 pkcs_C_VerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
252 		  CK_OBJECT_HANDLE hKey);
253 
254 CK_RV
255 pkcs_C_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
256 	      CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
257 	      CK_ULONG ulSignatureLen);
258 
259 CK_RV
260 pkcs_C_VerifyUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
261 		    CK_ULONG ulPartLen);
262 
263 CK_RV
264 pkcs_C_VerifyFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
265 		   CK_ULONG ulSignatureLen);
266 
267 CK_RV
268 pkcs_C_GenerateKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
269 		   CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
270 		   CK_OBJECT_HANDLE_PTR phKey);
271 
272 CK_RV
273 pkcs_C_GenerateKeyPair(CK_SESSION_HANDLE hSession,
274 		       CK_MECHANISM_PTR pMechanism,
275 		       CK_ATTRIBUTE_PTR pPublicKeyTemplate,
276 		       CK_ULONG usPublicKeyAttributeCount,
277 		       CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
278 		       CK_ULONG usPrivateKeyAttributeCount,
279 		       CK_OBJECT_HANDLE_PTR phPrivateKey,
280 		       CK_OBJECT_HANDLE_PTR phPublicKey);
281 
282 CK_RV
283 pkcs_C_DeriveKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
284 		 CK_OBJECT_HANDLE hBaseKey, CK_ATTRIBUTE_PTR pTemplate,
285 		 CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey);
286 
287 CK_RV
288 pkcs_C_SeedRandom(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSeed,
289 		  CK_ULONG ulSeedLen);
290 
291 CK_RV
292 pkcs_C_GenerateRandom(CK_SESSION_HANDLE hSession, CK_BYTE_PTR RandomData,
293 		      CK_ULONG ulRandomLen);
294 
295 ISC_LANG_ENDDECLS
296 
297 #endif /* PK11_PK11_H */
298