1 /* $NetBSD: pk11.h,v 1.1.1.4 2014/12/10 03:34:44 christos Exp $ */ 2 3 /* 4 * Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC") 5 * 6 * Permission to use, copy, modify, and/or distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 11 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 12 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 13 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 14 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 15 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 16 * PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 #ifndef PK11_PK11_H 20 #define PK11_PK11_H 1 21 22 /*! \file pk11/pk11.h */ 23 24 #include <isc/lang.h> 25 #include <isc/magic.h> 26 #include <isc/types.h> 27 28 #define PK11_FATALCHECK(func, args) \ 29 ((void) (((rv = (func) args) == CKR_OK) || \ 30 ((pk11_error_fatalcheck)(__FILE__, __LINE__, #func, rv), 0))) 31 32 #include <pkcs11/cryptoki.h> 33 34 ISC_LANG_BEGINDECLS 35 36 #define SES_MAGIC ISC_MAGIC('P','K','S','S') 37 #define TOK_MAGIC ISC_MAGIC('P','K','T','K') 38 39 #define VALID_SES(x) ISC_MAGIC_VALID(x, SES_MAGIC) 40 #define VALID_TOK(x) ISC_MAGIC_VALID(x, TOK_MAGIC) 41 42 typedef struct pk11_context pk11_context_t; 43 44 struct pk11_object { 45 CK_OBJECT_HANDLE object; 46 CK_SLOT_ID slot; 47 CK_BBOOL ontoken; 48 CK_BBOOL reqlogon; 49 CK_BYTE attrcnt; 50 CK_ATTRIBUTE *repr; 51 }; 52 53 struct pk11_context { 54 void *handle; 55 CK_SESSION_HANDLE session; 56 CK_BBOOL ontoken; 57 CK_OBJECT_HANDLE object; 58 #ifndef PKCS11CRYPTOWITHHMAC 59 unsigned char *key; 60 #endif 61 }; 62 63 typedef struct pk11_object pk11_object_t; 64 65 typedef enum { 66 OP_ANY = 0, 67 OP_RAND = 1, 68 OP_RSA = 2, 69 OP_DSA = 3, 70 OP_DH = 4, 71 OP_DIGEST = 5, 72 OP_EC = 6, 73 OP_GOST = 7, 74 OP_AES = 8, 75 OP_MAX = 9 76 } pk11_optype_t; 77 78 /*% 79 * Function prototypes 80 */ 81 82 void pk11_set_lib_name(const char *lib_name); 83 /*%< 84 * Set the PKCS#11 provider (aka library) path/name. 85 */ 86 87 isc_result_t pk11_initialize(isc_mem_t *mctx, const char *engine); 88 /*%< 89 * Initialize PKCS#11 device 90 * 91 * mctx: memory context to attach to pk11_mctx. 92 * engine: PKCS#11 provider (aka library) path/name. 93 * 94 * returns: 95 * ISC_R_SUCCESS 96 * PK11_R_NOPROVIDER: can't load the provider 97 * PK11_R_INITFAILED: C_Initialize() failed 98 * PK11_R_NORANDOMSERVICE: can't find required random service 99 * PK11_R_NODIGESTSERVICE: can't find required digest service 100 * PK11_R_NOAESSERVICE: can't find required AES service 101 */ 102 103 isc_result_t pk11_get_session(pk11_context_t *ctx, 104 pk11_optype_t optype, 105 isc_boolean_t need_services, 106 isc_boolean_t rw, 107 isc_boolean_t logon, 108 const char *pin, 109 CK_SLOT_ID slot); 110 /*%< 111 * Initialize PKCS#11 device and acquire a session. 112 * 113 * need_services: 114 * if ISC_TRUE, this session requires full PKCS#11 API 115 * support including random and digest services, and 116 * the lack of these services will cause the session not 117 * to be initialized. If ISC_FALSE, the function will return 118 * an error code indicating the missing service, but the 119 * session will be usable for other purposes. 120 * rw: if ISC_TRUE, session will be read/write (useful for 121 * generating or destroying keys); otherwise read-only. 122 * login: indicates whether to log in to the device 123 * pin: optional PIN, overriding any PIN currently associated 124 * with the 125 * slot: device slot ID 126 */ 127 128 void pk11_return_session(pk11_context_t *ctx); 129 /*%< 130 * Release an active PKCS#11 session for reuse. 131 */ 132 133 isc_result_t pk11_finalize(void); 134 /*%< 135 * Shut down PKCS#11 device and free all sessions. 136 */ 137 138 isc_result_t pk11_rand_bytes(unsigned char *buf, int num); 139 140 void pk11_rand_seed_fromfile(const char *randomfile); 141 142 isc_result_t pk11_parse_uri(pk11_object_t *obj, const char *label, 143 isc_mem_t *mctx, pk11_optype_t optype); 144 145 ISC_PLATFORM_NORETURN_PRE void 146 pk11_error_fatalcheck(const char *file, int line, 147 const char *funcname, CK_RV rv) 148 ISC_PLATFORM_NORETURN_POST; 149 150 void pk11_dump_tokens(void); 151 152 CK_RV 153 pkcs_C_Initialize(CK_VOID_PTR pReserved); 154 155 CK_RV 156 pkcs_C_Finalize(CK_VOID_PTR pReserved); 157 158 CK_RV 159 pkcs_C_GetSlotList(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, 160 CK_ULONG_PTR pulCount); 161 162 CK_RV 163 pkcs_C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo); 164 165 CK_RV 166 pkcs_C_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, 167 CK_MECHANISM_INFO_PTR pInfo); 168 169 CK_RV 170 pkcs_C_OpenSession(CK_SLOT_ID slotID, CK_FLAGS flags, 171 CK_VOID_PTR pApplication, 172 CK_RV (*Notify) (CK_SESSION_HANDLE hSession, 173 CK_NOTIFICATION event, 174 CK_VOID_PTR pApplication), 175 CK_SESSION_HANDLE_PTR phSession); 176 177 CK_RV 178 pkcs_C_CloseSession(CK_SESSION_HANDLE hSession); 179 180 CK_RV 181 pkcs_C_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, 182 CK_CHAR_PTR pPin, CK_ULONG usPinLen); 183 184 CK_RV 185 pkcs_C_Logout(CK_SESSION_HANDLE hSession); 186 187 CK_RV 188 pkcs_C_CreateObject(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate, 189 CK_ULONG usCount, CK_OBJECT_HANDLE_PTR phObject); 190 191 CK_RV 192 pkcs_C_DestroyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject); 193 194 CK_RV 195 pkcs_C_GetAttributeValue(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, 196 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG usCount); 197 198 CK_RV 199 pkcs_C_SetAttributeValue(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, 200 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG usCount); 201 202 CK_RV 203 pkcs_C_FindObjectsInit(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate, 204 CK_ULONG usCount); 205 206 CK_RV 207 pkcs_C_FindObjects(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE_PTR phObject, 208 CK_ULONG usMaxObjectCount, CK_ULONG_PTR pusObjectCount); 209 210 CK_RV 211 pkcs_C_FindObjectsFinal(CK_SESSION_HANDLE hSession); 212 213 CK_RV 214 pkcs_C_EncryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, 215 CK_OBJECT_HANDLE hKey); 216 217 CK_RV 218 pkcs_C_Encrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, 219 CK_ULONG ulDataLen, CK_BYTE_PTR pEncryptedData, 220 CK_ULONG_PTR pulEncryptedDataLen); 221 222 CK_RV 223 pkcs_C_DigestInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism); 224 225 CK_RV 226 pkcs_C_DigestUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, 227 CK_ULONG ulPartLen); 228 229 CK_RV 230 pkcs_C_DigestFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pDigest, 231 CK_ULONG_PTR pulDigestLen); 232 233 CK_RV 234 pkcs_C_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, 235 CK_OBJECT_HANDLE hKey); 236 237 CK_RV 238 pkcs_C_Sign(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, 239 CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, 240 CK_ULONG_PTR pulSignatureLen); 241 242 CK_RV 243 pkcs_C_SignUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, 244 CK_ULONG ulPartLen); 245 246 CK_RV 247 pkcs_C_SignFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, 248 CK_ULONG_PTR pulSignatureLen); 249 250 CK_RV 251 pkcs_C_VerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, 252 CK_OBJECT_HANDLE hKey); 253 254 CK_RV 255 pkcs_C_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, 256 CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, 257 CK_ULONG ulSignatureLen); 258 259 CK_RV 260 pkcs_C_VerifyUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, 261 CK_ULONG ulPartLen); 262 263 CK_RV 264 pkcs_C_VerifyFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, 265 CK_ULONG ulSignatureLen); 266 267 CK_RV 268 pkcs_C_GenerateKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, 269 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, 270 CK_OBJECT_HANDLE_PTR phKey); 271 272 CK_RV 273 pkcs_C_GenerateKeyPair(CK_SESSION_HANDLE hSession, 274 CK_MECHANISM_PTR pMechanism, 275 CK_ATTRIBUTE_PTR pPublicKeyTemplate, 276 CK_ULONG usPublicKeyAttributeCount, 277 CK_ATTRIBUTE_PTR pPrivateKeyTemplate, 278 CK_ULONG usPrivateKeyAttributeCount, 279 CK_OBJECT_HANDLE_PTR phPrivateKey, 280 CK_OBJECT_HANDLE_PTR phPublicKey); 281 282 CK_RV 283 pkcs_C_DeriveKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, 284 CK_OBJECT_HANDLE hBaseKey, CK_ATTRIBUTE_PTR pTemplate, 285 CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey); 286 287 CK_RV 288 pkcs_C_SeedRandom(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSeed, 289 CK_ULONG ulSeedLen); 290 291 CK_RV 292 pkcs_C_GenerateRandom(CK_SESSION_HANDLE hSession, CK_BYTE_PTR RandomData, 293 CK_ULONG ulRandomLen); 294 295 ISC_LANG_ENDDECLS 296 297 #endif /* PK11_PK11_H */ 298