1 /*
2  * Function prototypes for pkcs15-init
3  *
4  * Copyright (C) 2002 Olaf Kirch <okir@suse.de>
5  *
6  * This library is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU Lesser General Public
8  * License as published by the Free Software Foundation; either
9  * version 2.1 of the License, or (at your option) any later version.
10  *
11  * This library is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * Lesser General Public License for more details.
15  *
16  * You should have received a copy of the GNU Lesser General Public
17  * License along with this library; if not, write to the Free Software
18  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
19  */
20 
21 #ifndef PKCS15_INIT_H
22 #define PKCS15_INIT_H
23 
24 #ifdef __cplusplus
25 extern "C" {
26 #endif
27 
28 #include "libopensc/pkcs15.h"
29 
30 #define DEFAULT_PRIVATE_KEY_LABEL "Private Key"
31 #define DEFAULT_SECRET_KEY_LABEL  "Secret Key"
32 
33 #define SC_PKCS15INIT_X509_DIGITAL_SIGNATURE     0x0080UL
34 #define SC_PKCS15INIT_X509_NON_REPUDIATION       0x0040UL
35 #define SC_PKCS15INIT_X509_KEY_ENCIPHERMENT      0x0020UL
36 #define SC_PKCS15INIT_X509_DATA_ENCIPHERMENT     0x0010UL
37 #define SC_PKCS15INIT_X509_KEY_AGREEMENT         0x0008UL
38 #define SC_PKCS15INIT_X509_KEY_CERT_SIGN         0x0004UL
39 #define SC_PKCS15INIT_X509_CRL_SIGN              0x0002UL
40 
41 typedef struct sc_profile sc_profile_t; /* opaque type */
42 
43 struct sc_pkcs15init_operations {
44 	/*
45 	 * Erase everything that's on the card
46 	 */
47 	int	(*erase_card)(struct sc_profile *, struct sc_pkcs15_card *);
48 
49 	/*
50 	 * New style API
51 	 */
52 
53 	/*
54 	 * Card-specific initialization of PKCS15 meta-information.
55 	 * Currently used by the cflex driver to read the card's
56 	 * serial number and use it as the pkcs15 serial number.
57 	 */
58 	int	(*init_card)(struct sc_profile *, struct sc_pkcs15_card *);
59 
60 	/*
61 	 * Create a DF
62 	 */
63 	int	(*create_dir)(struct sc_profile *, struct sc_pkcs15_card *, struct sc_file *);
64 
65 	/*
66 	 * Create a "pin domain". This is for cards such as
67 	 * the cryptoflex that need to put their pins into
68 	 * separate directories
69 	 */
70 	int	(*create_domain)(struct sc_profile *, struct sc_pkcs15_card *,
71 			const struct sc_pkcs15_id *, struct sc_file **);
72 
73 	/*
74 	 * Select a PIN reference
75 	 */
76 	int	(*select_pin_reference)(struct sc_profile *, struct sc_pkcs15_card *,
77 			struct sc_pkcs15_auth_info *);
78 
79 	/*
80 	 * Create a PIN object within the given DF.
81 	 *
82 	 * The pin_info object is completely filled in by the caller.
83 	 * The card driver can reject the pin reference; in this case
84 	 * the caller needs to adjust it.
85 	 */
86 	int	(*create_pin)(struct sc_profile *, struct sc_pkcs15_card *, struct sc_file *,
87 			struct sc_pkcs15_object *,
88 			const unsigned char *, size_t,
89 			const unsigned char *, size_t);
90 
91 	/*
92 	 * Select a reference for a private key object
93 	 */
94 	int	(*select_key_reference)(struct sc_profile *, struct sc_pkcs15_card *,
95 			struct sc_pkcs15_prkey_info *);
96 
97 	/*
98 	 * Create an empty key object.
99 	 * @index is the number key objects already on the card.
100 	 * @pin_info contains information on the PIN protecting
101 	 *		the key. NULL if the key should be
102 	 *		unprotected.
103 	 * @key_info should be filled in by the function
104 	 */
105 	int	(*create_key)(struct sc_profile *, struct sc_pkcs15_card *,
106 			struct sc_pkcs15_object *);
107 
108 	/*
109 	 * Store a key on the card
110 	 */
111 	int	(*store_key)(struct sc_profile *, struct sc_pkcs15_card *,
112 			struct sc_pkcs15_object *,
113 			struct sc_pkcs15_prkey *);
114 
115 	/*
116 	 * Generate key
117 	 */
118 	int	(*generate_key)(struct sc_profile *, struct sc_pkcs15_card *,
119 			struct sc_pkcs15_object *,
120 			struct sc_pkcs15_pubkey *);
121 
122 	/*
123 	 * Encode private/public key
124 	 * These are used mostly by the Cryptoflex/Cyberflex drivers.
125 	 */
126 	int	(*encode_private_key)(struct sc_profile *, struct sc_card *,
127 			struct sc_pkcs15_prkey_rsa *,
128 			unsigned char *, size_t *, int);
129 	int	(*encode_public_key)(struct sc_profile *, struct sc_card *,
130 			struct sc_pkcs15_prkey_rsa *,
131 			unsigned char *, size_t *, int);
132 
133 	/*
134 	 * Finalize card
135 	 * Ends the initialization phase of the smart card/token
136 	 * (actually this command is currently only for starcos spk 2.3
137 	 * cards).
138 	 */
139 	int	(*finalize_card)(struct sc_card *);
140 
141 	/*
142 	 * Delete object
143 	 */
144 	int (*delete_object)(struct sc_profile *, struct sc_pkcs15_card *,
145 			struct sc_pkcs15_object *, const struct sc_path *);
146 
147 	/*
148 	 * Support of pkcs15init emulation
149 	 */
150 	int (*emu_update_dir) (struct sc_profile *, struct sc_pkcs15_card *,
151 			struct sc_app_info *);
152 	int (*emu_update_any_df) (struct sc_profile *, struct sc_pkcs15_card *,
153 			unsigned, struct sc_pkcs15_object *);
154 	int (*emu_update_tokeninfo) (struct sc_profile *, struct sc_pkcs15_card *,
155 			struct sc_pkcs15_tokeninfo *);
156 	int (*emu_write_info)(struct sc_profile *, struct sc_pkcs15_card *,
157 		struct sc_pkcs15_object *);
158 	int (*emu_store_data)(struct sc_pkcs15_card *, struct sc_profile *, struct sc_pkcs15_object *,
159 			struct sc_pkcs15_der *, struct sc_path *);
160 
161 	int (*sanity_check)(struct sc_profile *, struct sc_pkcs15_card *);
162 };
163 
164 /* Do not change these or reorder these */
165 #define SC_PKCS15INIT_ID_STYLE_NATIVE		0
166 #define SC_PKCS15INIT_ID_STYLE_MOZILLA		1
167 #define SC_PKCS15INIT_ID_STYLE_RFC2459		2
168 
169 #define SC_PKCS15INIT_SO_PIN		0
170 #define SC_PKCS15INIT_SO_PUK		1
171 #define SC_PKCS15INIT_USER_PIN		2
172 #define SC_PKCS15INIT_USER_PUK		3
173 #define SC_PKCS15INIT_NPINS		4
174 
175 #define SC_PKCS15INIT_MD_STYLE_NONE	0
176 #define SC_PKCS15INIT_MD_STYLE_GEMALTO	1
177 
178 struct sc_pkcs15init_callbacks {
179 	/*
180 	 * Get a PIN from the front-end. The first argument is
181 	 * one of the SC_PKCS15INIT_XXX_PIN/PUK macros.
182 	 */
183 	int	(*get_pin)(struct sc_profile *, int, const struct sc_pkcs15_auth_info *,
184 				const char *, unsigned char *, size_t *);
185 
186 	/*
187 	 * Get a transport/secure messaging key from the front-end.
188 	 */
189 	int	(*get_key)(struct sc_profile *, int, int,
190 				const unsigned char *, size_t,
191 				unsigned char *, size_t *);
192 };
193 
194 struct sc_pkcs15init_initargs {
195 	const unsigned char *	so_pin;
196 	size_t			so_pin_len;
197 	const unsigned char *	so_puk;
198 	size_t			so_puk_len;
199 	const char *		so_pin_label;
200 	const char *		label;
201 	const char *		serial;
202 };
203 
204 struct sc_pkcs15init_pinargs {
205 	struct sc_pkcs15_id	auth_id;
206 	const char *		label;
207 	const unsigned char *	pin;
208 	size_t			pin_len;
209 
210 	struct sc_pkcs15_id	puk_id;
211 	const char *		puk_label;
212 	const unsigned char *	puk;
213 	size_t			puk_len;
214 };
215 
216 struct sc_pkcs15init_keyarg_gost_params {
217 	unsigned char gostr3410, gostr3411, gost28147;
218 };
219 
220 struct sc_pkcs15init_prkeyargs {
221 	/* TODO: member for private key algorithm: currently is used algorithm from 'key' member */
222 	struct sc_pkcs15_id	id;
223 	struct sc_pkcs15_id	auth_id;
224 	char *label;
225 	unsigned char *guid;
226 	size_t guid_len;
227 	unsigned long		usage;
228 	unsigned long		x509_usage;
229 	unsigned int		flags;
230 	unsigned int		access_flags;
231 	int			user_consent;
232 
233 	union {
234 		struct sc_pkcs15init_keyarg_gost_params gost;
235 	} params;
236 
237 	struct sc_pkcs15_prkey	key;
238 };
239 
240 struct sc_pkcs15init_keygen_args {
241 	struct sc_pkcs15init_prkeyargs prkey_args;
242 	const char *                   pubkey_label;
243 };
244 
245 struct sc_pkcs15init_pubkeyargs {
246 	struct sc_pkcs15_id	id;
247 	struct sc_pkcs15_id	auth_id;
248 	const char *		label;
249 	unsigned long		usage;
250 	unsigned long		x509_usage;
251 
252 	union {
253 		struct sc_pkcs15init_keyarg_gost_params gost;
254 	} params;
255 
256 	struct sc_pkcs15_pubkey	key;
257 };
258 
259 struct sc_pkcs15init_dataargs {
260 	struct sc_pkcs15_id	id;
261 	const char *		label;
262 	struct sc_pkcs15_id	auth_id;
263 	const char *		app_label;
264 	struct sc_object_id	app_oid;
265 
266 	struct sc_pkcs15_der	der_encoded; /* Wrong name: is not DER encoded */
267 };
268 
269 struct sc_pkcs15init_skeyargs {
270 	struct sc_pkcs15_id	id;
271 	struct sc_pkcs15_id	auth_id;
272 	const char *		label;
273 	unsigned long		usage;
274 	unsigned int		flags;
275 	unsigned int		access_flags;
276 	unsigned long		algorithm; /* User requested algorithm */
277 	unsigned long		value_len; /* User requested length */
278 	int			session_object;	 /* If nonzero. this is a session object, which will
279 						be cleared from card when the session is closed.*/
280 	int			user_consent;
281 	struct sc_pkcs15_skey	key;
282 };
283 
284 struct sc_pkcs15init_certargs {
285 	struct sc_pkcs15_id	id;
286 	const char *		label;
287 	int update;
288 
289 	unsigned long		x509_usage;
290 	unsigned char		authority;
291 	struct sc_pkcs15_der	der_encoded;
292 };
293 
294 #define P15_ATTR_TYPE_LABEL	0
295 #define P15_ATTR_TYPE_ID	1
296 #define P15_ATTR_TYPE_VALUE	2
297 
298 
299 extern struct	sc_pkcs15_object *sc_pkcs15init_new_object(int, const char *,
300 				struct sc_pkcs15_id *, void *);
301 extern void		sc_pkcs15init_free_object(struct sc_pkcs15_object *);
302 extern void	sc_pkcs15init_set_callbacks(struct sc_pkcs15init_callbacks *);
303 extern int	sc_pkcs15init_bind(struct sc_card *, const char *, const char *,
304 				struct sc_app_info *app_info, struct sc_profile **);
305 extern void	sc_pkcs15init_unbind(struct sc_profile *);
306 extern void	sc_pkcs15init_set_p15card(struct sc_profile *,
307 				struct sc_pkcs15_card *);
308 extern int	sc_pkcs15init_set_lifecycle(struct sc_card *, int);
309 extern int	sc_pkcs15init_erase_card(struct sc_pkcs15_card *,
310 				struct sc_profile *, struct sc_aid *);
311 /* XXX could this function be merged with ..._set_lifecycle ?? */
312 extern int	sc_pkcs15init_finalize_card(struct sc_card *,
313 				struct sc_profile *);
314 extern int	sc_pkcs15init_add_app(struct sc_card *,
315 				struct sc_profile *,
316 				struct sc_pkcs15init_initargs *);
317 extern int	sc_pkcs15init_store_pin(struct sc_pkcs15_card *,
318 				struct sc_profile *,
319 				struct sc_pkcs15init_pinargs *);
320 extern int	sc_pkcs15init_generate_key(struct sc_pkcs15_card *,
321 				struct sc_profile *,
322 				struct sc_pkcs15init_keygen_args *,
323 				unsigned int keybits,
324 				struct sc_pkcs15_object **);
325 extern int	sc_pkcs15init_generate_secret_key(struct sc_pkcs15_card *,
326 				struct sc_profile *,
327 				struct sc_pkcs15init_skeyargs *,
328 				struct sc_pkcs15_object **);
329 extern int	sc_pkcs15init_store_private_key(struct sc_pkcs15_card *,
330 				struct sc_profile *,
331 				struct sc_pkcs15init_prkeyargs *,
332 				struct sc_pkcs15_object **);
333 extern int	sc_pkcs15init_store_split_key(struct sc_pkcs15_card *,
334 				struct sc_profile *,
335 				struct sc_pkcs15init_prkeyargs *,
336 				struct sc_pkcs15_object **,
337 				struct sc_pkcs15_object **);
338 extern int	sc_pkcs15init_store_public_key(struct sc_pkcs15_card *,
339 				struct sc_profile *,
340 				struct sc_pkcs15init_pubkeyargs *,
341 				struct sc_pkcs15_object **);
342 extern int	sc_pkcs15init_store_secret_key(struct sc_pkcs15_card *,
343 				struct sc_profile *,
344 				struct sc_pkcs15init_skeyargs *,
345 				struct sc_pkcs15_object **);
346 extern int	sc_pkcs15init_store_certificate(struct sc_pkcs15_card *,
347 				struct sc_profile *,
348 				struct sc_pkcs15init_certargs *,
349 				struct sc_pkcs15_object **);
350 extern int	sc_pkcs15init_store_data_object(struct sc_pkcs15_card *,
351 				struct sc_profile *,
352 				struct sc_pkcs15init_dataargs *,
353 				struct sc_pkcs15_object **);
354 /* Change the value of a pkcs15 attribute.
355  * new_attrib_type can (currently) be either P15_ATTR_TYPE_LABEL or
356  *   P15_ATTR_TYPE_ID.
357  * If P15_ATTR_TYPE_LABEL, then *new_value is a struct sc_pkcs15_id;
358  * If P15_ATTR_TYPE_ID, then *new_value is a char array.
359  */
360 extern int	sc_pkcs15init_change_attrib(struct sc_pkcs15_card *,
361 				struct sc_profile *,
362 				struct sc_pkcs15_object *,
363 				int,
364 				void *,
365 				int);
366 extern int	sc_pkcs15init_add_object(struct sc_pkcs15_card *,
367 			struct sc_profile *profile,
368 			unsigned int,
369 			struct sc_pkcs15_object *);
370 extern int	sc_pkcs15init_delete_object(struct sc_pkcs15_card *,
371 				struct sc_profile *,
372 				struct sc_pkcs15_object *);
373 /* Replace an existing cert with a new one, which is assumed to be
374  * compatible with the corresponding private key (e.g. the old and
375  * new cert should have the same public key).
376  */
377 extern int	sc_pkcs15init_update_certificate(struct sc_pkcs15_card *,
378 				struct sc_profile *,
379 				struct sc_pkcs15_object *,
380 				const unsigned char *,
381 				size_t);
382 
383 extern int	sc_pkcs15init_create_file(struct sc_profile *,
384 				struct sc_pkcs15_card *, struct sc_file *);
385 extern int	sc_pkcs15init_update_file(struct sc_profile *,
386 				struct sc_pkcs15_card *, struct sc_file *, void *, unsigned int);
387 extern int	sc_pkcs15init_authenticate(struct sc_profile *, struct sc_pkcs15_card *,
388 				struct sc_file *, int);
389 extern int	sc_pkcs15init_fixup_file(struct sc_profile *, struct sc_pkcs15_card *,
390 				struct sc_file *);
391 extern int	sc_pkcs15init_get_pin_info(struct sc_profile *, int, struct sc_pkcs15_auth_info *);
392 extern int	sc_profile_get_pin_retries(struct sc_profile *, int);
393 extern int	sc_pkcs15init_get_manufacturer(struct sc_profile *,
394 				const char **);
395 extern int	sc_pkcs15init_get_serial(struct sc_profile *, const char **);
396 extern int	sc_pkcs15init_set_serial(struct sc_profile *, const char *);
397 
398 extern int	sc_pkcs15init_verify_secret(struct sc_profile *, struct sc_pkcs15_card *,
399 				sc_file_t *,  unsigned int, int);
400 extern int	sc_pkcs15init_delete_by_path(struct sc_profile *,
401 				struct sc_pkcs15_card *, const struct sc_path *);
402 extern int	sc_pkcs15init_update_any_df(struct sc_pkcs15_card *, struct sc_profile *,
403 			struct sc_pkcs15_df *, int);
404 extern int	sc_pkcs15init_select_intrinsic_id(struct sc_pkcs15_card *, struct sc_profile *,
405 			int, struct sc_pkcs15_id *, void *);
406 
407 /* Erasing the card structure via rm -rf */
408 extern int	sc_pkcs15init_erase_card_recursively(struct sc_pkcs15_card *,
409 				struct sc_profile *);
410 extern int	sc_pkcs15init_rmdir(struct sc_pkcs15_card *, struct sc_profile *,
411 				struct sc_file *);
412 
413 extern int	sc_pkcs15_create_pin_domain(struct sc_profile *, struct sc_pkcs15_card *,
414 				const struct sc_pkcs15_id *, struct sc_file **);
415 
416 extern int	sc_pkcs15init_get_pin_reference(struct sc_pkcs15_card *,
417 				struct sc_profile *, unsigned, int);
418 
419 extern int	sc_pkcs15init_sanity_check(struct sc_pkcs15_card *, struct sc_profile *);
420 
421 extern int	sc_pkcs15init_finalize_profile(struct sc_card *card, struct sc_profile *profile,
422 		                struct sc_aid *aid);
423 
424 extern int	sc_pkcs15init_unwrap_key(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
425 		struct sc_pkcs15_object *key, u8* wrapped_key, size_t wrapped_key_len,
426 		struct sc_pkcs15init_skeyargs *keyargs, struct sc_pkcs15_object **res_obj);
427 
428 
429 
430 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_gpk_ops(void);
431 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_miocos_ops(void);
432 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_cryptoflex_ops(void);
433 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_cyberflex_ops(void);
434 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_cardos_ops(void);
435 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_jcop_ops(void);
436 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_starcos_ops(void);
437 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_oberthur_ops(void);
438 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_setcos_ops(void);
439 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_incrypto34_ops(void);
440 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_muscle_ops(void);
441 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_asepcos_ops(void);
442 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_rutoken_ops(void);
443 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_entersafe_ops(void);
444 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_epass2003_ops(void);
445 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_rtecp_ops(void);
446 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_westcos_ops(void);
447 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_myeid_ops(void);
448 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_authentic_ops(void);
449 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_iasecc_ops(void);
450 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_piv_ops(void);
451 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_openpgp_ops(void);
452 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_sc_hsm_ops(void);
453 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_isoApplet_ops(void);
454 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_gids_ops(void);
455 
456 #ifdef __cplusplus
457 }
458 #endif
459 
460 #endif /* PKCS15_INIT_H */
461