1 /* 2 * Function prototypes for pkcs15-init 3 * 4 * Copyright (C) 2002 Olaf Kirch <okir@suse.de> 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, write to the Free Software 18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 19 */ 20 21 #ifndef PKCS15_INIT_H 22 #define PKCS15_INIT_H 23 24 #ifdef __cplusplus 25 extern "C" { 26 #endif 27 28 #include "libopensc/pkcs15.h" 29 30 #define DEFAULT_PRIVATE_KEY_LABEL "Private Key" 31 #define DEFAULT_SECRET_KEY_LABEL "Secret Key" 32 33 #define SC_PKCS15INIT_X509_DIGITAL_SIGNATURE 0x0080UL 34 #define SC_PKCS15INIT_X509_NON_REPUDIATION 0x0040UL 35 #define SC_PKCS15INIT_X509_KEY_ENCIPHERMENT 0x0020UL 36 #define SC_PKCS15INIT_X509_DATA_ENCIPHERMENT 0x0010UL 37 #define SC_PKCS15INIT_X509_KEY_AGREEMENT 0x0008UL 38 #define SC_PKCS15INIT_X509_KEY_CERT_SIGN 0x0004UL 39 #define SC_PKCS15INIT_X509_CRL_SIGN 0x0002UL 40 41 typedef struct sc_profile sc_profile_t; /* opaque type */ 42 43 struct sc_pkcs15init_operations { 44 /* 45 * Erase everything that's on the card 46 */ 47 int (*erase_card)(struct sc_profile *, struct sc_pkcs15_card *); 48 49 /* 50 * New style API 51 */ 52 53 /* 54 * Card-specific initialization of PKCS15 meta-information. 55 * Currently used by the cflex driver to read the card's 56 * serial number and use it as the pkcs15 serial number. 57 */ 58 int (*init_card)(struct sc_profile *, struct sc_pkcs15_card *); 59 60 /* 61 * Create a DF 62 */ 63 int (*create_dir)(struct sc_profile *, struct sc_pkcs15_card *, struct sc_file *); 64 65 /* 66 * Create a "pin domain". This is for cards such as 67 * the cryptoflex that need to put their pins into 68 * separate directories 69 */ 70 int (*create_domain)(struct sc_profile *, struct sc_pkcs15_card *, 71 const struct sc_pkcs15_id *, struct sc_file **); 72 73 /* 74 * Select a PIN reference 75 */ 76 int (*select_pin_reference)(struct sc_profile *, struct sc_pkcs15_card *, 77 struct sc_pkcs15_auth_info *); 78 79 /* 80 * Create a PIN object within the given DF. 81 * 82 * The pin_info object is completely filled in by the caller. 83 * The card driver can reject the pin reference; in this case 84 * the caller needs to adjust it. 85 */ 86 int (*create_pin)(struct sc_profile *, struct sc_pkcs15_card *, struct sc_file *, 87 struct sc_pkcs15_object *, 88 const unsigned char *, size_t, 89 const unsigned char *, size_t); 90 91 /* 92 * Select a reference for a private key object 93 */ 94 int (*select_key_reference)(struct sc_profile *, struct sc_pkcs15_card *, 95 struct sc_pkcs15_prkey_info *); 96 97 /* 98 * Create an empty key object. 99 * @index is the number key objects already on the card. 100 * @pin_info contains information on the PIN protecting 101 * the key. NULL if the key should be 102 * unprotected. 103 * @key_info should be filled in by the function 104 */ 105 int (*create_key)(struct sc_profile *, struct sc_pkcs15_card *, 106 struct sc_pkcs15_object *); 107 108 /* 109 * Store a key on the card 110 */ 111 int (*store_key)(struct sc_profile *, struct sc_pkcs15_card *, 112 struct sc_pkcs15_object *, 113 struct sc_pkcs15_prkey *); 114 115 /* 116 * Generate key 117 */ 118 int (*generate_key)(struct sc_profile *, struct sc_pkcs15_card *, 119 struct sc_pkcs15_object *, 120 struct sc_pkcs15_pubkey *); 121 122 /* 123 * Encode private/public key 124 * These are used mostly by the Cryptoflex/Cyberflex drivers. 125 */ 126 int (*encode_private_key)(struct sc_profile *, struct sc_card *, 127 struct sc_pkcs15_prkey_rsa *, 128 unsigned char *, size_t *, int); 129 int (*encode_public_key)(struct sc_profile *, struct sc_card *, 130 struct sc_pkcs15_prkey_rsa *, 131 unsigned char *, size_t *, int); 132 133 /* 134 * Finalize card 135 * Ends the initialization phase of the smart card/token 136 * (actually this command is currently only for starcos spk 2.3 137 * cards). 138 */ 139 int (*finalize_card)(struct sc_card *); 140 141 /* 142 * Delete object 143 */ 144 int (*delete_object)(struct sc_profile *, struct sc_pkcs15_card *, 145 struct sc_pkcs15_object *, const struct sc_path *); 146 147 /* 148 * Support of pkcs15init emulation 149 */ 150 int (*emu_update_dir) (struct sc_profile *, struct sc_pkcs15_card *, 151 struct sc_app_info *); 152 int (*emu_update_any_df) (struct sc_profile *, struct sc_pkcs15_card *, 153 unsigned, struct sc_pkcs15_object *); 154 int (*emu_update_tokeninfo) (struct sc_profile *, struct sc_pkcs15_card *, 155 struct sc_pkcs15_tokeninfo *); 156 int (*emu_write_info)(struct sc_profile *, struct sc_pkcs15_card *, 157 struct sc_pkcs15_object *); 158 int (*emu_store_data)(struct sc_pkcs15_card *, struct sc_profile *, struct sc_pkcs15_object *, 159 struct sc_pkcs15_der *, struct sc_path *); 160 161 int (*sanity_check)(struct sc_profile *, struct sc_pkcs15_card *); 162 }; 163 164 /* Do not change these or reorder these */ 165 #define SC_PKCS15INIT_ID_STYLE_NATIVE 0 166 #define SC_PKCS15INIT_ID_STYLE_MOZILLA 1 167 #define SC_PKCS15INIT_ID_STYLE_RFC2459 2 168 169 #define SC_PKCS15INIT_SO_PIN 0 170 #define SC_PKCS15INIT_SO_PUK 1 171 #define SC_PKCS15INIT_USER_PIN 2 172 #define SC_PKCS15INIT_USER_PUK 3 173 #define SC_PKCS15INIT_NPINS 4 174 175 #define SC_PKCS15INIT_MD_STYLE_NONE 0 176 #define SC_PKCS15INIT_MD_STYLE_GEMALTO 1 177 178 struct sc_pkcs15init_callbacks { 179 /* 180 * Get a PIN from the front-end. The first argument is 181 * one of the SC_PKCS15INIT_XXX_PIN/PUK macros. 182 */ 183 int (*get_pin)(struct sc_profile *, int, const struct sc_pkcs15_auth_info *, 184 const char *, unsigned char *, size_t *); 185 186 /* 187 * Get a transport/secure messaging key from the front-end. 188 */ 189 int (*get_key)(struct sc_profile *, int, int, 190 const unsigned char *, size_t, 191 unsigned char *, size_t *); 192 }; 193 194 struct sc_pkcs15init_initargs { 195 const unsigned char * so_pin; 196 size_t so_pin_len; 197 const unsigned char * so_puk; 198 size_t so_puk_len; 199 const char * so_pin_label; 200 const char * label; 201 const char * serial; 202 }; 203 204 struct sc_pkcs15init_pinargs { 205 struct sc_pkcs15_id auth_id; 206 const char * label; 207 const unsigned char * pin; 208 size_t pin_len; 209 210 struct sc_pkcs15_id puk_id; 211 const char * puk_label; 212 const unsigned char * puk; 213 size_t puk_len; 214 }; 215 216 struct sc_pkcs15init_keyarg_gost_params { 217 unsigned char gostr3410, gostr3411, gost28147; 218 }; 219 220 struct sc_pkcs15init_prkeyargs { 221 /* TODO: member for private key algorithm: currently is used algorithm from 'key' member */ 222 struct sc_pkcs15_id id; 223 struct sc_pkcs15_id auth_id; 224 char *label; 225 unsigned char *guid; 226 size_t guid_len; 227 unsigned long usage; 228 unsigned long x509_usage; 229 unsigned int flags; 230 unsigned int access_flags; 231 int user_consent; 232 233 union { 234 struct sc_pkcs15init_keyarg_gost_params gost; 235 } params; 236 237 struct sc_pkcs15_prkey key; 238 }; 239 240 struct sc_pkcs15init_keygen_args { 241 struct sc_pkcs15init_prkeyargs prkey_args; 242 const char * pubkey_label; 243 }; 244 245 struct sc_pkcs15init_pubkeyargs { 246 struct sc_pkcs15_id id; 247 struct sc_pkcs15_id auth_id; 248 const char * label; 249 unsigned long usage; 250 unsigned long x509_usage; 251 252 union { 253 struct sc_pkcs15init_keyarg_gost_params gost; 254 } params; 255 256 struct sc_pkcs15_pubkey key; 257 }; 258 259 struct sc_pkcs15init_dataargs { 260 struct sc_pkcs15_id id; 261 const char * label; 262 struct sc_pkcs15_id auth_id; 263 const char * app_label; 264 struct sc_object_id app_oid; 265 266 struct sc_pkcs15_der der_encoded; /* Wrong name: is not DER encoded */ 267 }; 268 269 struct sc_pkcs15init_skeyargs { 270 struct sc_pkcs15_id id; 271 struct sc_pkcs15_id auth_id; 272 const char * label; 273 unsigned long usage; 274 unsigned int flags; 275 unsigned int access_flags; 276 unsigned long algorithm; /* User requested algorithm */ 277 unsigned long value_len; /* User requested length */ 278 int session_object; /* If nonzero. this is a session object, which will 279 be cleared from card when the session is closed.*/ 280 int user_consent; 281 struct sc_pkcs15_skey key; 282 }; 283 284 struct sc_pkcs15init_certargs { 285 struct sc_pkcs15_id id; 286 const char * label; 287 int update; 288 289 unsigned long x509_usage; 290 unsigned char authority; 291 struct sc_pkcs15_der der_encoded; 292 }; 293 294 #define P15_ATTR_TYPE_LABEL 0 295 #define P15_ATTR_TYPE_ID 1 296 #define P15_ATTR_TYPE_VALUE 2 297 298 299 extern struct sc_pkcs15_object *sc_pkcs15init_new_object(int, const char *, 300 struct sc_pkcs15_id *, void *); 301 extern void sc_pkcs15init_free_object(struct sc_pkcs15_object *); 302 extern void sc_pkcs15init_set_callbacks(struct sc_pkcs15init_callbacks *); 303 extern int sc_pkcs15init_bind(struct sc_card *, const char *, const char *, 304 struct sc_app_info *app_info, struct sc_profile **); 305 extern void sc_pkcs15init_unbind(struct sc_profile *); 306 extern void sc_pkcs15init_set_p15card(struct sc_profile *, 307 struct sc_pkcs15_card *); 308 extern int sc_pkcs15init_set_lifecycle(struct sc_card *, int); 309 extern int sc_pkcs15init_erase_card(struct sc_pkcs15_card *, 310 struct sc_profile *, struct sc_aid *); 311 /* XXX could this function be merged with ..._set_lifecycle ?? */ 312 extern int sc_pkcs15init_finalize_card(struct sc_card *, 313 struct sc_profile *); 314 extern int sc_pkcs15init_add_app(struct sc_card *, 315 struct sc_profile *, 316 struct sc_pkcs15init_initargs *); 317 extern int sc_pkcs15init_store_pin(struct sc_pkcs15_card *, 318 struct sc_profile *, 319 struct sc_pkcs15init_pinargs *); 320 extern int sc_pkcs15init_generate_key(struct sc_pkcs15_card *, 321 struct sc_profile *, 322 struct sc_pkcs15init_keygen_args *, 323 unsigned int keybits, 324 struct sc_pkcs15_object **); 325 extern int sc_pkcs15init_generate_secret_key(struct sc_pkcs15_card *, 326 struct sc_profile *, 327 struct sc_pkcs15init_skeyargs *, 328 struct sc_pkcs15_object **); 329 extern int sc_pkcs15init_store_private_key(struct sc_pkcs15_card *, 330 struct sc_profile *, 331 struct sc_pkcs15init_prkeyargs *, 332 struct sc_pkcs15_object **); 333 extern int sc_pkcs15init_store_split_key(struct sc_pkcs15_card *, 334 struct sc_profile *, 335 struct sc_pkcs15init_prkeyargs *, 336 struct sc_pkcs15_object **, 337 struct sc_pkcs15_object **); 338 extern int sc_pkcs15init_store_public_key(struct sc_pkcs15_card *, 339 struct sc_profile *, 340 struct sc_pkcs15init_pubkeyargs *, 341 struct sc_pkcs15_object **); 342 extern int sc_pkcs15init_store_secret_key(struct sc_pkcs15_card *, 343 struct sc_profile *, 344 struct sc_pkcs15init_skeyargs *, 345 struct sc_pkcs15_object **); 346 extern int sc_pkcs15init_store_certificate(struct sc_pkcs15_card *, 347 struct sc_profile *, 348 struct sc_pkcs15init_certargs *, 349 struct sc_pkcs15_object **); 350 extern int sc_pkcs15init_store_data_object(struct sc_pkcs15_card *, 351 struct sc_profile *, 352 struct sc_pkcs15init_dataargs *, 353 struct sc_pkcs15_object **); 354 /* Change the value of a pkcs15 attribute. 355 * new_attrib_type can (currently) be either P15_ATTR_TYPE_LABEL or 356 * P15_ATTR_TYPE_ID. 357 * If P15_ATTR_TYPE_LABEL, then *new_value is a struct sc_pkcs15_id; 358 * If P15_ATTR_TYPE_ID, then *new_value is a char array. 359 */ 360 extern int sc_pkcs15init_change_attrib(struct sc_pkcs15_card *, 361 struct sc_profile *, 362 struct sc_pkcs15_object *, 363 int, 364 void *, 365 int); 366 extern int sc_pkcs15init_add_object(struct sc_pkcs15_card *, 367 struct sc_profile *profile, 368 unsigned int, 369 struct sc_pkcs15_object *); 370 extern int sc_pkcs15init_delete_object(struct sc_pkcs15_card *, 371 struct sc_profile *, 372 struct sc_pkcs15_object *); 373 /* Replace an existing cert with a new one, which is assumed to be 374 * compatible with the corresponding private key (e.g. the old and 375 * new cert should have the same public key). 376 */ 377 extern int sc_pkcs15init_update_certificate(struct sc_pkcs15_card *, 378 struct sc_profile *, 379 struct sc_pkcs15_object *, 380 const unsigned char *, 381 size_t); 382 383 extern int sc_pkcs15init_create_file(struct sc_profile *, 384 struct sc_pkcs15_card *, struct sc_file *); 385 extern int sc_pkcs15init_update_file(struct sc_profile *, 386 struct sc_pkcs15_card *, struct sc_file *, void *, unsigned int); 387 extern int sc_pkcs15init_authenticate(struct sc_profile *, struct sc_pkcs15_card *, 388 struct sc_file *, int); 389 extern int sc_pkcs15init_fixup_file(struct sc_profile *, struct sc_pkcs15_card *, 390 struct sc_file *); 391 extern int sc_pkcs15init_get_pin_info(struct sc_profile *, int, struct sc_pkcs15_auth_info *); 392 extern int sc_profile_get_pin_retries(struct sc_profile *, int); 393 extern int sc_pkcs15init_get_manufacturer(struct sc_profile *, 394 const char **); 395 extern int sc_pkcs15init_get_serial(struct sc_profile *, const char **); 396 extern int sc_pkcs15init_set_serial(struct sc_profile *, const char *); 397 398 extern int sc_pkcs15init_verify_secret(struct sc_profile *, struct sc_pkcs15_card *, 399 sc_file_t *, unsigned int, int); 400 extern int sc_pkcs15init_delete_by_path(struct sc_profile *, 401 struct sc_pkcs15_card *, const struct sc_path *); 402 extern int sc_pkcs15init_update_any_df(struct sc_pkcs15_card *, struct sc_profile *, 403 struct sc_pkcs15_df *, int); 404 extern int sc_pkcs15init_select_intrinsic_id(struct sc_pkcs15_card *, struct sc_profile *, 405 int, struct sc_pkcs15_id *, void *); 406 407 /* Erasing the card structure via rm -rf */ 408 extern int sc_pkcs15init_erase_card_recursively(struct sc_pkcs15_card *, 409 struct sc_profile *); 410 extern int sc_pkcs15init_rmdir(struct sc_pkcs15_card *, struct sc_profile *, 411 struct sc_file *); 412 413 extern int sc_pkcs15_create_pin_domain(struct sc_profile *, struct sc_pkcs15_card *, 414 const struct sc_pkcs15_id *, struct sc_file **); 415 416 extern int sc_pkcs15init_get_pin_reference(struct sc_pkcs15_card *, 417 struct sc_profile *, unsigned, int); 418 419 extern int sc_pkcs15init_sanity_check(struct sc_pkcs15_card *, struct sc_profile *); 420 421 extern int sc_pkcs15init_finalize_profile(struct sc_card *card, struct sc_profile *profile, 422 struct sc_aid *aid); 423 424 extern int sc_pkcs15init_unwrap_key(struct sc_pkcs15_card *p15card, struct sc_profile *profile, 425 struct sc_pkcs15_object *key, u8* wrapped_key, size_t wrapped_key_len, 426 struct sc_pkcs15init_skeyargs *keyargs, struct sc_pkcs15_object **res_obj); 427 428 429 430 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_gpk_ops(void); 431 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_miocos_ops(void); 432 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_cryptoflex_ops(void); 433 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_cyberflex_ops(void); 434 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_cardos_ops(void); 435 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_jcop_ops(void); 436 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_starcos_ops(void); 437 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_oberthur_ops(void); 438 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_setcos_ops(void); 439 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_incrypto34_ops(void); 440 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_muscle_ops(void); 441 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_asepcos_ops(void); 442 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_rutoken_ops(void); 443 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_entersafe_ops(void); 444 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_epass2003_ops(void); 445 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_rtecp_ops(void); 446 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_westcos_ops(void); 447 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_myeid_ops(void); 448 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_authentic_ops(void); 449 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_iasecc_ops(void); 450 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_piv_ops(void); 451 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_openpgp_ops(void); 452 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_sc_hsm_ops(void); 453 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_isoApplet_ops(void); 454 extern struct sc_pkcs15init_operations *sc_pkcs15init_get_gids_ops(void); 455 456 #ifdef __cplusplus 457 } 458 #endif 459 460 #endif /* PKCS15_INIT_H */ 461