1 /* 2 * COPYRIGHT (c) International Business Machines Corp. 2001-2017 3 * 4 * This program is provided under the terms of the Common Public License, 5 * version 1.0 (CPL-1.0). Any use, reproduction or distribution for this 6 * software constitutes recipient's acceptance of CPL-1.0 terms which can be 7 * found in the file LICENSE file or at 8 * https://opensource.org/licenses/cpl1.0.php 9 */ 10 11 /*************************************************************************** 12 Change Log 13 ========== 14 4/25/03 Kapil Sood (kapil@corrent.com) 15 Added DH key pair generation and DH shared key derivation 16 functions. 17 18 19 20 ****************************************************************************/ 21 22 #ifndef _TOK_SPECIFIC_STRUCT 23 #define _TOK_SPECIFIC_STRUCT 24 25 26 struct token_specific_struct { 27 // Used to be in the token_local.h as a #def 28 char token_directory[PATH_MAX]; 29 30 // Subdirectory 31 char token_subdir[PATH_MAX]; 32 33 // Set to keysize for secure key tokens 34 int token_keysize; 35 36 // Information about how token's data should be stored. 37 struct { 38 // Use a separate directory for each user 39 CK_BBOOL per_user; 40 41 // Use data store? 42 CK_BBOOL use_master_key; 43 44 // Algorithm used to store private data (should be one of the 45 // CKM_* macros). 46 CK_MECHANISM_TYPE encryption_algorithm; 47 48 // Default Initialization vectors used for each token. Its size 49 // depends on the used algorithm. 50 CK_BYTE *pin_initial_vector; 51 CK_BYTE *obj_initial_vector; 52 } data_store; 53 54 // Create lockfile if different from standard way. 55 int (*t_creatlock) (void); 56 57 // Create or attach to token's shared memory 58 CK_RV(*t_attach_shm) (STDLL_TokData_t *, CK_SLOT_ID slot_id); 59 60 // Initialization function 61 CK_RV(*t_init) (STDLL_TokData_t *, CK_SLOT_ID, char *); 62 63 // Token data functions 64 CK_RV(*t_init_token_data) (STDLL_TokData_t *tokdata, CK_SLOT_ID slot_id); 65 CK_RV(*t_load_token_data) (STDLL_TokData_t *tokdata, 66 CK_SLOT_ID slot_id, FILE *fh); 67 CK_RV(*t_save_token_data) (STDLL_TokData_t *tokdata, 68 CK_SLOT_ID slot_id, FILE *fh); 69 70 // Random Number Gen 71 CK_RV(*t_rng) (STDLL_TokData_t *, CK_BYTE *, CK_ULONG); 72 73 // any specific final code 74 CK_RV(*t_final) (); 75 76 CK_RV(*t_init_token) (STDLL_TokData_t *, CK_SLOT_ID, CK_CHAR_PTR, 77 CK_ULONG, CK_CHAR_PTR); 78 CK_RV(*t_login) (STDLL_TokData_t *, SESSION *, CK_USER_TYPE, 79 CK_CHAR_PTR, CK_ULONG); 80 CK_RV(*t_logout) (); 81 CK_RV(*t_init_pin) (STDLL_TokData_t *, SESSION *, CK_CHAR_PTR, CK_ULONG); 82 CK_RV(*t_set_pin) (STDLL_TokData_t *, SESSION *, CK_CHAR_PTR, CK_ULONG, 83 CK_CHAR_PTR, CK_ULONG); 84 85 CK_RV(*t_des_key_gen) (STDLL_TokData_t *, CK_BYTE *, CK_ULONG, CK_ULONG); 86 CK_RV(*t_des_ecb) (STDLL_TokData_t *, CK_BYTE *, CK_ULONG, 87 CK_BYTE *, CK_ULONG *, OBJECT *, CK_BYTE); 88 CK_RV(*t_des_cbc) (STDLL_TokData_t *, CK_BYTE *, CK_ULONG, 89 CK_BYTE *, CK_ULONG *, OBJECT *, CK_BYTE *, CK_BYTE); 90 91 CK_RV(*t_tdes_ecb) (STDLL_TokData_t *, CK_BYTE *, CK_ULONG, 92 CK_BYTE *, CK_ULONG *, OBJECT *, CK_BYTE); 93 CK_RV(*t_tdes_cbc) (STDLL_TokData_t *, CK_BYTE *, CK_ULONG, 94 CK_BYTE *, CK_ULONG *, OBJECT *, CK_BYTE *, CK_BYTE); 95 96 CK_RV(*t_tdes_ofb) (STDLL_TokData_t *, CK_BYTE *, CK_BYTE *, CK_ULONG, 97 OBJECT *, CK_BYTE *, uint_32); 98 99 CK_RV(*t_tdes_cfb) (STDLL_TokData_t *, CK_BYTE *, CK_BYTE *, CK_ULONG, 100 OBJECT *, CK_BYTE *, uint_32, uint_32); 101 102 CK_RV(*t_tdes_mac) (STDLL_TokData_t *, CK_BYTE *, CK_ULONG, OBJECT *, 103 CK_BYTE *); 104 105 CK_RV(*t_rsa_decrypt) (STDLL_TokData_t *, CK_BYTE *, 106 CK_ULONG, CK_BYTE *, CK_ULONG *, OBJECT *); 107 108 CK_RV(*t_rsa_encrypt) (STDLL_TokData_t *, CK_BYTE *, 109 CK_ULONG, CK_BYTE *, CK_ULONG *, OBJECT *); 110 111 CK_RV(*t_rsa_sign) (STDLL_TokData_t *, SESSION *, CK_BYTE *, CK_ULONG, 112 CK_BYTE *, CK_ULONG *, OBJECT *); 113 CK_RV(*t_rsa_verify) (STDLL_TokData_t *, SESSION *, CK_BYTE *, CK_ULONG, 114 CK_BYTE *, CK_ULONG, OBJECT *); 115 116 CK_RV(*t_rsa_verify_recover) (STDLL_TokData_t *, CK_BYTE *, CK_ULONG, 117 CK_BYTE *, CK_ULONG *, OBJECT *); 118 119 CK_RV(*t_rsa_x509_decrypt) (STDLL_TokData_t *, CK_BYTE *, CK_ULONG, 120 CK_BYTE *, CK_ULONG *, OBJECT *); 121 122 CK_RV(*t_rsa_x509_encrypt) (STDLL_TokData_t *, CK_BYTE *, CK_ULONG, 123 CK_BYTE *, CK_ULONG *, OBJECT *); 124 125 CK_RV(*t_rsa_x509_sign) (STDLL_TokData_t *, CK_BYTE *, CK_ULONG, 126 CK_BYTE *, CK_ULONG *, OBJECT *); 127 128 CK_RV(*t_rsa_x509_verify) (STDLL_TokData_t *, CK_BYTE *, CK_ULONG, 129 CK_BYTE *, CK_ULONG, OBJECT *); 130 131 CK_RV(*t_rsa_x509_verify_recover) (STDLL_TokData_t *, CK_BYTE *, CK_ULONG, 132 CK_BYTE *, CK_ULONG *, OBJECT *); 133 134 CK_RV(*t_rsa_oaep_decrypt) (STDLL_TokData_t *, ENCR_DECR_CONTEXT *, 135 CK_BYTE *, CK_ULONG, CK_BYTE *, CK_ULONG *, 136 CK_BYTE *, CK_ULONG); 137 138 CK_RV(*t_rsa_oaep_encrypt) (STDLL_TokData_t *, ENCR_DECR_CONTEXT *, 139 CK_BYTE *, CK_ULONG, CK_BYTE *, CK_ULONG *, 140 CK_BYTE *, CK_ULONG); 141 142 CK_RV(*t_rsa_pss_sign) (STDLL_TokData_t *, SESSION *, 143 SIGN_VERIFY_CONTEXT *, CK_BYTE *, CK_ULONG, 144 CK_BYTE *, CK_ULONG *); 145 146 CK_RV(*t_rsa_pss_verify) (STDLL_TokData_t *, SESSION *, 147 SIGN_VERIFY_CONTEXT *, CK_BYTE *, CK_ULONG, 148 CK_BYTE *, CK_ULONG); 149 150 CK_RV(*t_rsa_generate_keypair) (STDLL_TokData_t *tokdata, TEMPLATE *, 151 TEMPLATE *); 152 153 CK_RV(*t_ec_sign) (STDLL_TokData_t *tokdata, SESSION *, CK_BYTE *, CK_ULONG, 154 CK_BYTE *, CK_ULONG *, OBJECT *); 155 CK_RV(*t_ec_verify) (STDLL_TokData_t *tokdata, SESSION *, CK_BYTE *, 156 CK_ULONG, CK_BYTE *, CK_ULONG, OBJECT *); 157 CK_RV(*t_ec_generate_keypair) (STDLL_TokData_t *tokdata, TEMPLATE *, 158 TEMPLATE *); 159 160 161 CK_RV(*t_ecdh_pkcs_derive) (STDLL_TokData_t *tokdata, CK_BYTE *, CK_ULONG, 162 CK_BYTE *, CK_ULONG, CK_BYTE *, CK_ULONG *, 163 CK_BYTE *, CK_ULONG); 164 165 /* Begin code contributed by Corrent corp. */ 166 167 // Token Specific DH functions 168 CK_RV(*t_dh_pkcs_derive) (STDLL_TokData_t *tokdata, CK_BYTE *, 169 CK_ULONG *, CK_BYTE *, CK_ULONG, 170 CK_BYTE *, CK_ULONG, CK_BYTE *, CK_ULONG); 171 172 CK_RV(*t_dh_pkcs_key_pair_gen) (STDLL_TokData_t *tokdata, TEMPLATE *, 173 TEMPLATE *); 174 175 /* End code contributed by Corrent corp. */ 176 177 // Token Specific SHA1 functions 178 CK_RV(*t_sha_init) (STDLL_TokData_t *, DIGEST_CONTEXT *, CK_MECHANISM *); 179 CK_RV(*t_sha) (STDLL_TokData_t *, DIGEST_CONTEXT *, CK_BYTE *, CK_ULONG, 180 CK_BYTE *, CK_ULONG *); 181 CK_RV(*t_sha_update) (STDLL_TokData_t *, DIGEST_CONTEXT *, CK_BYTE *, 182 CK_ULONG); 183 CK_RV(*t_sha_final) (STDLL_TokData_t *, DIGEST_CONTEXT *, CK_BYTE *, 184 CK_ULONG *); 185 186 // Token Specific HMAC 187 CK_RV(*t_hmac_sign_init) (STDLL_TokData_t *, SESSION *, CK_MECHANISM *, 188 CK_OBJECT_HANDLE); 189 CK_RV(*t_hmac_sign) (STDLL_TokData_t *, SESSION *, CK_BYTE *, CK_ULONG, 190 CK_BYTE *, CK_ULONG *); 191 CK_RV(*t_hmac_sign_update) (STDLL_TokData_t *, SESSION *, CK_BYTE *, 192 CK_ULONG); 193 CK_RV(*t_hmac_sign_final) (STDLL_TokData_t *, SESSION *, CK_BYTE *, 194 CK_ULONG *); 195 196 CK_RV(*t_hmac_verify_init) (STDLL_TokData_t *, SESSION *, 197 CK_MECHANISM *, CK_OBJECT_HANDLE); 198 CK_RV(*t_hmac_verify) (STDLL_TokData_t *, SESSION *, CK_BYTE *, 199 CK_ULONG, CK_BYTE *, CK_ULONG); 200 CK_RV(*t_hmac_verify_update) (STDLL_TokData_t *, SESSION *, CK_BYTE *, 201 CK_ULONG); 202 CK_RV(*t_hmac_verify_final) (STDLL_TokData_t *, SESSION *, CK_BYTE *, 203 CK_ULONG); 204 205 CK_RV(*t_generic_secret_key_gen) (STDLL_TokData_t *, TEMPLATE *); 206 207 // Token Specific AES functions 208 CK_RV(*t_aes_key_gen) (STDLL_TokData_t *, CK_BYTE *, CK_ULONG, CK_ULONG); 209 210 CK_RV(*t_aes_ecb) (STDLL_TokData_t *tokdata, CK_BYTE *, CK_ULONG, 211 CK_BYTE *, CK_ULONG *, OBJECT *, CK_BYTE); 212 213 CK_RV(*t_aes_cbc) (STDLL_TokData_t *tokdata, CK_BYTE *, CK_ULONG, 214 CK_BYTE *, CK_ULONG *, OBJECT *, CK_BYTE *, CK_BYTE); 215 216 CK_RV(*t_aes_ctr) (STDLL_TokData_t *tokdata, CK_BYTE *, CK_ULONG, 217 CK_BYTE *, CK_ULONG *, OBJECT *, CK_BYTE *, CK_ULONG, 218 CK_BYTE); 219 220 CK_RV(*t_aes_gcm_init) (STDLL_TokData_t *, SESSION *, 221 ENCR_DECR_CONTEXT *, CK_MECHANISM *, 222 CK_OBJECT_HANDLE, CK_BYTE); 223 224 CK_RV(*t_aes_gcm) (STDLL_TokData_t *, SESSION *, ENCR_DECR_CONTEXT *, 225 CK_BYTE *, CK_ULONG, CK_BYTE *, CK_ULONG *, CK_BYTE); 226 227 CK_RV(*t_aes_gcm_update) (STDLL_TokData_t *, SESSION *, 228 ENCR_DECR_CONTEXT *, CK_BYTE *, 229 CK_ULONG, CK_BYTE *, CK_ULONG *, CK_BYTE); 230 231 CK_RV(*t_aes_gcm_final) (STDLL_TokData_t *, SESSION *, 232 ENCR_DECR_CONTEXT *, CK_BYTE *, 233 CK_ULONG *, CK_BYTE); 234 235 CK_RV(*t_aes_ofb) (STDLL_TokData_t *, CK_BYTE *, CK_ULONG, CK_BYTE *, 236 OBJECT *, CK_BYTE *, uint_32); 237 238 CK_RV(*t_aes_cfb) (STDLL_TokData_t *, CK_BYTE *, CK_ULONG, CK_BYTE *, 239 OBJECT *, CK_BYTE *, uint_32, uint_32); 240 241 CK_RV(*t_aes_mac) (STDLL_TokData_t *, CK_BYTE *, CK_ULONG, OBJECT *, 242 CK_BYTE *); 243 244 // Token Specific DSA functions 245 CK_RV(*t_dsa_generate_keypair) (STDLL_TokData_t *, TEMPLATE *, TEMPLATE *); 246 247 CK_RV(*t_dsa_sign) (STDLL_TokData_t *, CK_BYTE *, CK_BYTE *, OBJECT *); 248 249 CK_RV(*t_dsa_verify) (STDLL_TokData_t *, CK_BYTE *, CK_BYTE *, OBJECT *); 250 251 CK_RV(*t_get_mechanism_list) (STDLL_TokData_t *, CK_MECHANISM_TYPE_PTR, 252 CK_ULONG_PTR); 253 CK_RV(*t_get_mechanism_info) (STDLL_TokData_t *, CK_MECHANISM_TYPE, 254 CK_MECHANISM_INFO_PTR); 255 256 CK_RV(*t_object_add) (STDLL_TokData_t *, SESSION *, OBJECT *); 257 258 }; 259 260 typedef struct token_specific_struct token_spec_t; 261 262 #endif 263