1 2 /* **************************************************************************** 3 4 * eID Middleware Project. 5 * Copyright (C) 2008-2014 FedICT. 6 * 7 * This is free software; you can redistribute it and/or modify it 8 * under the terms of the GNU Lesser General Public License version 9 * 3.0 as published by the Free Software Foundation. 10 * 11 * This software is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this software; if not, see 18 * http://www.gnu.org/licenses/. 19 20 **************************************************************************** */ 21 #if !defined(__CAL__) 22 #define __CAL__ 23 24 #include <stdio.h> 25 #include "beid_p11.h" 26 //#include "CardLayer.h" 27 28 #ifdef __cplusplus 29 extern "C" 30 { 31 #endif 32 33 #ifdef PKCS11_FF 34 /* int cal_getgnFFReaders(void); 35 void cal_setgnFFReaders(int newgnFFReaders); 36 void cal_incgnFFReaders(void); 37 void cal_re_establish_context(void);*/ 38 #endif 39 40 #define CAL_MECHANISM_TABLE { \ 41 { CKM_MD5, 128, 128 , CKF_DIGEST }, \ 42 { CKM_SHA_1, 160, 160 , CKF_DIGEST }, \ 43 { CKM_SHA256, 256, 256 , CKF_DIGEST }, \ 44 { CKM_SHA384, 384, 384 , CKF_DIGEST }, \ 45 { CKM_SHA512, 512, 512 , CKF_DIGEST }, \ 46 { CKM_RIPEMD160, 160, 160 , CKF_DIGEST }, \ 47 { CKM_RSA_PKCS, 1024, 2048, CKF_HW | CKF_SIGN }, \ 48 { CKM_MD5_RSA_PKCS, 1024, 2048, CKF_HW | CKF_SIGN }, \ 49 { CKM_SHA1_RSA_PKCS, 1024, 2048, CKF_HW | CKF_SIGN }, \ 50 { CKM_SHA256_RSA_PKCS, 1024, 2048, CKF_HW | CKF_SIGN }, \ 51 { CKM_SHA384_RSA_PKCS, 1024, 2048, CKF_HW | CKF_SIGN }, \ 52 { CKM_SHA512_RSA_PKCS, 1024, 2048, CKF_HW | CKF_SIGN }, \ 53 { CKM_RIPEMD160_RSA_PKCS, 1024, 2048, CKF_HW | CKF_SIGN }, \ 54 { CKM_SHA1_RSA_PKCS_PSS, 2048, 2048, CKF_HW | CKF_SIGN }, \ 55 { CKM_SHA256_RSA_PKCS_PSS, 2048, 2048, CKF_HW | CKF_SIGN }, \ 56 { CKM_ECDSA_SHA256, 256, 521, CKF_HW | CKF_SIGN }, \ 57 { CKM_ECDSA_SHA384, 256, 521, CKF_HW | CKF_SIGN }, \ 58 { CKM_ECDSA_SHA512, 256, 521, CKF_HW | CKF_SIGN }, \ 59 { CKM_ECDSA, 256, 521, CKF_HW | CKF_SIGN } \ 60 } 61 62 63 #define BEID_TEMPLATE_PRV_KEY_RSA { \ 64 { CKA_CLASS, ( CK_VOID_PTR ) NULL, 0 }, \ 65 { CKA_ID, ( CK_VOID_PTR ) NULL, 0 }, \ 66 { CKA_SUBJECT, ( CK_VOID_PTR ) NULL, 0 }, \ 67 { CKA_LABEL, ( CK_VOID_PTR ) NULL, 0 }, \ 68 { CKA_TOKEN, ( CK_VOID_PTR ) NULL, 0 }, \ 69 { CKA_KEY_TYPE, ( CK_VOID_PTR ) NULL, 0 }, \ 70 { CKA_SENSITIVE, ( CK_VOID_PTR ) NULL, 0 }, \ 71 { CKA_SIGN, ( CK_VOID_PTR ) NULL, 0 }, \ 72 { CKA_SIGN_RECOVER, ( CK_VOID_PTR ) NULL, 0 }, \ 73 { CKA_DECRYPT, ( CK_VOID_PTR ) NULL, 0 }, \ 74 { CKA_UNWRAP, ( CK_VOID_PTR ) NULL, 0 }, \ 75 { CKA_MODULUS, ( CK_VOID_PTR ) NULL, 0 }, \ 76 { CKA_MODULUS_BITS, ( CK_VOID_PTR ) NULL, 0 }, \ 77 { CKA_EXTRACTABLE, ( CK_VOID_PTR ) NULL, 0 }, \ 78 { CKA_PUBLIC_EXPONENT, ( CK_VOID_PTR ) NULL, 0 }, \ 79 { CKA_PRIVATE, ( CK_VOID_PTR ) NULL, 0 }, \ 80 { CKA_PRIVATE_EXPONENT, ( CK_VOID_PTR ) NULL, 0 }, \ 81 { CKA_PRIME_1, ( CK_VOID_PTR ) NULL, 0 }, \ 82 { CKA_PRIME_2, ( CK_VOID_PTR ) NULL, 0 }, \ 83 { CKA_EXPONENT_1, ( CK_VOID_PTR ) NULL, 0 }, \ 84 { CKA_EXPONENT_2, ( CK_VOID_PTR ) NULL, 0 }, \ 85 { CKA_COEFFICIENT, ( CK_VOID_PTR ) NULL, 0 }, \ 86 { CKA_DERIVE, ( CK_VOID_PTR ) NULL, 0 } \ 87 } 88 89 #define BEID_TEMPLATE_PUB_KEY_RSA { \ 90 { CKA_CLASS, ( CK_VOID_PTR ) NULL, 0 }, \ 91 { CKA_ID, ( CK_VOID_PTR ) NULL, 0 }, \ 92 { CKA_SUBJECT, ( CK_VOID_PTR ) NULL, 0 }, \ 93 { CKA_LABEL, ( CK_VOID_PTR ) NULL, 0 }, \ 94 { CKA_TOKEN, ( CK_VOID_PTR ) NULL, 0 }, \ 95 { CKA_KEY_TYPE, ( CK_VOID_PTR ) NULL, 0 }, \ 96 { CKA_PRIVATE, ( CK_VOID_PTR ) NULL, 0 }, \ 97 { CKA_TRUSTED, ( CK_VOID_PTR ) NULL, 0 }, \ 98 { CKA_SENSITIVE, ( CK_VOID_PTR ) NULL, 0 }, \ 99 { CKA_ENCRYPT, ( CK_VOID_PTR ) NULL, 0 }, \ 100 { CKA_VERIFY, ( CK_VOID_PTR ) NULL, 0 }, \ 101 { CKA_WRAP, ( CK_VOID_PTR ) NULL, 0 }, \ 102 { CKA_VALUE, ( CK_VOID_PTR ) NULL, 0 }, \ 103 { CKA_MODULUS, ( CK_VOID_PTR ) NULL, 0 }, \ 104 { CKA_MODULUS_BITS, ( CK_VOID_PTR ) NULL, 0 }, \ 105 { CKA_PUBLIC_EXPONENT, ( CK_VOID_PTR ) NULL, 0 }, \ 106 { CKA_DERIVE, ( CK_VOID_PTR ) NULL, 0 } \ 107 } 108 109 #define BEID_TEMPLATE_PRV_KEY_EC { \ 110 { CKA_CLASS, ( CK_VOID_PTR ) NULL, 0 }, \ 111 { CKA_ID, ( CK_VOID_PTR ) NULL, 0 }, \ 112 { CKA_SUBJECT, ( CK_VOID_PTR ) NULL, 0 }, \ 113 { CKA_LABEL, ( CK_VOID_PTR ) NULL, 0 }, \ 114 { CKA_TOKEN, ( CK_VOID_PTR ) NULL, 0 }, \ 115 { CKA_KEY_TYPE, ( CK_VOID_PTR ) NULL, 0 }, \ 116 { CKA_SENSITIVE, ( CK_VOID_PTR ) NULL, 0 }, \ 117 { CKA_SIGN, ( CK_VOID_PTR ) NULL, 0 }, \ 118 { CKA_SIGN_RECOVER, ( CK_VOID_PTR ) NULL, 0 }, \ 119 { CKA_DECRYPT, ( CK_VOID_PTR ) NULL, 0 }, \ 120 { CKA_UNWRAP, ( CK_VOID_PTR ) NULL, 0 }, \ 121 { CKA_EC_PARAMS, ( CK_VOID_PTR ) NULL, 0 }, \ 122 { CKA_EXTRACTABLE, ( CK_VOID_PTR ) NULL, 0 }, \ 123 { CKA_PRIVATE, ( CK_VOID_PTR ) NULL, 0 }, \ 124 { CKA_DERIVE, ( CK_VOID_PTR ) NULL, 0 } \ 125 } 126 127 #define BEID_TEMPLATE_PUB_KEY_EC { \ 128 { CKA_CLASS, ( CK_VOID_PTR ) NULL, 0 }, \ 129 { CKA_ID, ( CK_VOID_PTR ) NULL, 0 }, \ 130 { CKA_SUBJECT, ( CK_VOID_PTR ) NULL, 0 }, \ 131 { CKA_LABEL, ( CK_VOID_PTR ) NULL, 0 }, \ 132 { CKA_TOKEN, ( CK_VOID_PTR ) NULL, 0 }, \ 133 { CKA_KEY_TYPE, ( CK_VOID_PTR ) NULL, 0 }, \ 134 { CKA_PRIVATE, ( CK_VOID_PTR ) NULL, 0 }, \ 135 { CKA_TRUSTED, ( CK_VOID_PTR ) NULL, 0 }, \ 136 { CKA_SENSITIVE, ( CK_VOID_PTR ) NULL, 0 }, \ 137 { CKA_ENCRYPT, ( CK_VOID_PTR ) NULL, 0 }, \ 138 { CKA_VERIFY, ( CK_VOID_PTR ) NULL, 0 }, \ 139 { CKA_WRAP, ( CK_VOID_PTR ) NULL, 0 }, \ 140 { CKA_EC_PARAMS, ( CK_VOID_PTR ) NULL, 0 }, \ 141 { CKA_EC_POINT, ( CK_VOID_PTR ) NULL, 0 }, \ 142 { CKA_DERIVE, ( CK_VOID_PTR ) NULL, 0 } \ 143 } 144 145 #define BEID_TEMPLATE_CERTIFICATE { \ 146 { CKA_CLASS, ( CK_VOID_PTR ) NULL, 0 }, \ 147 { CKA_ID, ( CK_VOID_PTR ) NULL, 0 }, \ 148 { CKA_SUBJECT, ( CK_VOID_PTR ) NULL, 0 }, \ 149 { CKA_ISSUER, ( CK_VOID_PTR ) NULL, 0 }, \ 150 { CKA_TOKEN, ( CK_VOID_PTR ) NULL, 0 }, \ 151 { CKA_TRUSTED, ( CK_VOID_PTR ) NULL, 0 }, \ 152 { CKA_CERTIFICATE_TYPE, ( CK_VOID_PTR ) NULL, 0 }, \ 153 { CKA_PRIVATE, ( CK_VOID_PTR ) NULL, 0 }, \ 154 { CKA_SERIAL_NUMBER, ( CK_VOID_PTR ) NULL, 0 }, \ 155 { CKA_VALUE, ( CK_VOID_PTR ) NULL, 0 }, \ 156 { CKA_LABEL, ( CK_VOID_PTR ) NULL, 0 }, \ 157 { 0, ( CK_VOID_PTR ) NULL, 0 } \ 158 } 159 160 #define BEID_TEMPLATE_ID_DATA { \ 161 { CKA_CLASS, ( CK_VOID_PTR ) NULL, 0 }, \ 162 { CKA_TOKEN, ( CK_VOID_PTR ) NULL, 0 }, \ 163 { CKA_PRIVATE, ( CK_VOID_PTR ) NULL, 0 }, \ 164 { CKA_VALUE, ( CK_VOID_PTR ) NULL, 0 }, \ 165 { CKA_VALUE_LEN, ( CK_VOID_PTR ) NULL, 0 }, \ 166 { CKA_LABEL, ( CK_VOID_PTR ) NULL, 0 }, \ 167 { CKA_MODIFIABLE, ( CK_VOID_PTR ) NULL, 0 }, \ 168 { CKA_OBJECT_ID, ( CK_VOID_PTR ) NULL, 0 } \ 169 } 170 171 // { BEID_FIELD_TAG_ID_Version, "Version"}, 172 #define BEID_ID_DATA_LABELS { \ 173 { BEID_FIELD_TAG_ID_CardNr, "card_number"}, \ 174 { BEID_FIELD_TAG_ID_ChipNr, "chip_number"}, \ 175 { BEID_FIELD_TAG_ID_ValidityBeginDate, "validity_begin_date"}, \ 176 { BEID_FIELD_TAG_ID_ValidityEndDate, "validity_end_date"}, \ 177 { BEID_FIELD_TAG_ID_IssuingMunicipality,"issuing_municipality"}, \ 178 { BEID_FIELD_TAG_ID_NationalNr, "national_number"}, \ 179 { BEID_FIELD_TAG_ID_Surname, "surname"}, \ 180 { BEID_FIELD_TAG_ID_FirstNames, "firstnames"}, \ 181 { BEID_FIELD_TAG_ID_FirstLetterOfThirdGivenName, "first_letter_of_third_given_name"}, \ 182 { BEID_FIELD_TAG_ID_Nationality, "nationality"}, \ 183 { BEID_FIELD_TAG_ID_LocationOfBirth, "location_of_birth"}, \ 184 { BEID_FIELD_TAG_ID_DateOfBirth, "date_of_birth"}, \ 185 { BEID_FIELD_TAG_ID_Gender, "gender"}, \ 186 { BEID_FIELD_TAG_ID_Nobility, "nobility"}, \ 187 { BEID_FIELD_TAG_ID_DocumentType, "document_type"}, \ 188 { BEID_FIELD_TAG_ID_SpecialStatus, "special_status"}, \ 189 { BEID_FIELD_TAG_ID_PhotoHash, "photo_hash"}, \ 190 { BEID_FIELD_TAG_ID_Duplicata, "duplicata"}, \ 191 { BEID_FIELD_TAG_ID_SpecialOrganization,"special_organization"}, \ 192 { BEID_FIELD_TAG_ID_MemberOfFamily, "member_of_family"}, \ 193 { BEID_FIELD_TAG_ID_DateAndCountryOfProtection, "date_and_country_of_protection"}, \ 194 { BEID_FIELD_TAG_ID_WorkPermitType, "work_permit_mention"}, \ 195 { BEID_FIELD_TAG_ID_Vat1, "employer_vat_1"}, \ 196 { BEID_FIELD_TAG_ID_Vat2, "employer_vat_2"}, \ 197 { BEID_FIELD_TAG_ID_RegionalFileNumber, "regional_file_number"}, \ 198 { BEID_FIELD_TAG_ID_BasicKeyHash, "basic_key_hash"}, \ 199 } 200 201 //{ BEID_FIELD_TAG_ADDR_Version, "Address_Version"}, 202 #define BEID_ADDRESS_DATA_LABELS { \ 203 { BEID_FIELD_TAG_ADDR_Street, "address_street_and_number"}, \ 204 { BEID_FIELD_TAG_ADDR_ZipCode, "address_zip"}, \ 205 { BEID_FIELD_TAG_ADDR_Municipality, "address_municipality"} \ 206 } 207 208 #define BEID_ID_RECORD_DATA_LABELS { \ 209 { BEID_FIELD_TAG_ID_CardNr, "record_card_number"}, \ 210 { BEID_FIELD_TAG_ID_ChipNr, "record_chip_number"}, \ 211 { BEID_FIELD_TAG_ID_ValidityBeginDate, "record_validity_begin_date"}, \ 212 { BEID_FIELD_TAG_ID_ValidityEndDate, "record_validity_end_date"}, \ 213 { BEID_FIELD_TAG_ID_IssuingMunicipality, "record_issuing_municipality"}, \ 214 { BEID_FIELD_TAG_ID_NationalNr, "record_national_number"}, \ 215 { BEID_FIELD_TAG_ID_Surname, "record_surname"}, \ 216 { BEID_FIELD_TAG_ID_FirstNames, "record_firstnames"}, \ 217 { BEID_FIELD_TAG_ID_FirstLetterOfThirdGivenName, "record_first_letter_of_third_given_name"}, \ 218 { BEID_FIELD_TAG_ID_Nationality, "record_nationality"}, \ 219 { BEID_FIELD_TAG_ID_LocationOfBirth, "record_location_of_birth"}, \ 220 { BEID_FIELD_TAG_ID_DateOfBirth, "record_date_of_birth"}, \ 221 { BEID_FIELD_TAG_ID_Gender, "record_gender"}, \ 222 { BEID_FIELD_TAG_ID_Nobility, "record_nobility"}, \ 223 { BEID_FIELD_TAG_ID_DocumentType, "record_document_type"}, \ 224 { BEID_FIELD_TAG_ID_SpecialStatus, "record_special_status"}, \ 225 { BEID_FIELD_TAG_ID_PhotoHash, "record_photo_hash"}, \ 226 { BEID_FIELD_TAG_ID_Duplicata, "record_duplicata"}, \ 227 { BEID_FIELD_TAG_ID_SpecialOrganization, "record_special_organization"}, \ 228 { BEID_FIELD_TAG_ID_MemberOfFamily, "record_member_of_family"}, \ 229 { BEID_FIELD_TAG_ID_DateAndCountryOfProtection, "record_date_and_country_of_protection"}, \ 230 { BEID_FIELD_TAG_ID_WorkPermitType, "record_work_permit_mention"}, \ 231 { BEID_FIELD_TAG_ID_Vat1, "record_employer_vat_1"}, \ 232 { BEID_FIELD_TAG_ID_Vat2, "record_employer_vat_2"}, \ 233 { BEID_FIELD_TAG_ID_RegionalFileNumber, "record_regional_file_number"}, \ 234 { BEID_FIELD_TAG_ID_BasicKeyHash, "record_basic_key_hash"}, \ 235 } 236 237 //{ BEID_FIELD_TAG_ADDR_Version, "Address_Version"}, 238 #define BEID_ADDRESS_RECORD_DATA_LABELS { \ 239 { BEID_FIELD_TAG_ADDR_Street, "record_address_street_and_number"}, \ 240 { BEID_FIELD_TAG_ADDR_ZipCode, "record_address_zip"}, \ 241 { BEID_FIELD_TAG_ADDR_Municipality, "record_address_municipality"} \ 242 } 243 244 #define BEID_LABEL_DATA_SerialNr "carddata_serialnumber" 245 #define BEID_LABEL_DATA_CompCode "carddata_comp_code" 246 #define BEID_LABEL_DATA_OSNr "carddata_os_number" 247 #define BEID_LABEL_DATA_OSVersion "carddata_os_version" 248 #define BEID_LABEL_DATA_SoftMaskNumber "carddata_soft_mask_number" 249 #define BEID_LABEL_DATA_SoftMaskVersion "carddata_soft_mask_version" 250 #define BEID_LABEL_DATA_ApplVersion "carddata_appl_version" 251 #define BEID_LABEL_DATA_GlobOSVersion "carddata_glob_os_version" 252 #define BEID_LABEL_DATA_ApplIntVersion "carddata_appl_int_version" 253 #define BEID_LABEL_DATA_PKCS1Support "carddata_pkcs1_support" 254 #define BEID_LABEL_DATA_ApplLifeCycle "carddata_appl_lifecycle" 255 #define BEID_LABEL_DATA_KeyExchangeVersion "carddata_key_exchange_version" 256 #define BEID_LABEL_DATA_PKCS15Version "carddata_pkcs15_version" 257 #define BEID_LABEL_DATA_Signature "carddata_signature" 258 #define BEID_LABEL_DATA_PinAuth "carddata_pin_counter" 259 260 #define BEID_LABEL_ATR "ATR" 261 262 #define BEID_OBJECTID_ID "id" 263 #define BEID_OBJECTID_ADDRESS "address" 264 #define BEID_OBJECTID_PHOTO "photo" 265 #define BEID_OBJECTID_CARDDATA "carddata" 266 #define BEID_OBJECTID_RNCERT "rncert" 267 #define BEID_OBJECTID_SIGN_DATA_FILE "sign_data_file" 268 #define BEID_OBJECTID_SIGN_ADDRESS_FILE "sign_address_file" 269 #define BEID_OBJECTID_BASIC_KEY_FILE "basic_key_file" 270 //to give the hidden record objects their own (hidden/undocumented) CKA_OBJECT_ID 271 //this "record" CKA_OBJECT_ID is not meant to (and can not) be used to retrieve all hidden objects 272 #define BEID_OBJECTID_RECORD "record" 273 274 typedef struct BEID_DATA_LABELS_NAME 275 { 276 unsigned char tag; 277 const char *name; 278 } BEID_DATA_LABELS_NAME; 279 280 #define BEID_LABEL_DATA_FILE "DATA_FILE" 281 #define BEID_LABEL_ADDRESS_FILE "ADDRESS_FILE" 282 #define BEID_LABEL_PHOTO "PHOTO_FILE" 283 #define BEID_LABEL_CARD_DATA "CARD_DATA" 284 #define BEID_LABEL_CERT_RN "CERT_RN_FILE" 285 //#define BEID_LABEL_CERT_RNCA "CERT_RNCA_FILE" 286 #define BEID_LABEL_SGN_RN "SIGN_DATA_FILE" 287 #define BEID_LABEL_SGN_ADDRESS "SIGN_ADDRESS_FILE" 288 #define BEID_LABEL_BASIC_KEY "BASIC_KEY_FILE" 289 290 typedef enum { 291 BEID_PIN_READ_EF, 292 BEID_PIN_AUTH, 293 BEID_PIN_NONREP, 294 } tPinObjective; 295 296 CK_RV cal_init(void); 297 //void cal_init_pcsc(); 298 // long cal_check_pcsc(CK_BBOOL * pRunning); 299 void cal_wait(int millisecs); 300 void cal_close(void); 301 void cal_clean_slots(void); 302 CK_RV cal_init_slots(void); 303 CK_RV cal_token_present(CK_SLOT_ID hSlot, int *pPresent); 304 CK_RV cal_get_token_info(CK_SLOT_ID hSlot, CK_TOKEN_INFO_PTR pInfo); 305 CK_RV cal_get_mechanism_list(CK_SLOT_ID hSlot, 306 CK_MECHANISM_TYPE_PTR pMechanismList, 307 CK_ULONG_PTR pulCount); 308 CK_RV cal_connect(CK_SLOT_ID hSlot); 309 CK_RV cal_disconnect(CK_SLOT_ID hSlot); 310 CK_RV cal_init_objects(P11_SLOT * pSlot); 311 CK_RV cal_get_mechanism_info(CK_SLOT_ID hSlot, CK_MECHANISM_TYPE type, 312 CK_MECHANISM_INFO_PTR pInfo); 313 CK_RV cal_logon(CK_SLOT_ID hSlot, size_t l_pin, CK_CHAR_PTR pin, 314 int sec_messaging); 315 CK_RV cal_logout(CK_SLOT_ID hSlot); 316 CK_RV cal_change_pin(CK_SLOT_ID hSlot, CK_ULONG pinref, CK_ULONG l_oldpin, 317 CK_CHAR_PTR oldpin, CK_ULONG l_newpin, 318 CK_CHAR_PTR newpin); 319 CK_RV cal_get_card_data(CK_SLOT_ID hSlot); 320 CK_RV cal_read_and_store_record(P11_SLOT* pSlot, CK_ULONG ulDataType, CK_BYTE bRecordID, CK_UTF8CHAR* plabel, CK_ULONG ulLabelLen); 321 CK_RV cal_read_ID_files(CK_SLOT_ID hSlot, CK_ULONG dataType); 322 CK_RV cal_read_object(CK_SLOT_ID hSlot, P11_OBJECT * pObject); 323 CK_RV cal_sign(CK_SLOT_ID hSlot, P11_SIGN_DATA * pSignData, 324 unsigned char *in, unsigned long l_in, 325 unsigned char *out, unsigned long *l_out); 326 CK_RV cal_validate_session(P11_SESSION * pSession); 327 CK_RV cal_update_token(CK_SLOT_ID hSlot, int *pStatus, int bPresenceOnly); 328 CK_RV cal_wait_for_slot_event(int block); 329 CK_RV cal_wait_for_the_slot_event(int block); 330 CK_RV cal_get_slot_changes(int *ph); 331 CK_RV cal_refresh_readers(void); 332 333 #ifdef __cplusplus 334 } 335 #endif 336 337 338 #endif 339