1 /* 2 * COPYRIGHT (c) International Business Machines Corp. 2005-2017 3 * 4 * This program is provided under the terms of the Common Public License, 5 * version 1.0 (CPL-1.0). Any use, reproduction or distribution for this 6 * software constitutes recipient's acceptance of CPL-1.0 terms which can be 7 * found in the file LICENSE file or at 8 * https://opensource.org/licenses/cpl1.0.php 9 */ 10 11 /*---------------------------------------------------------------------- 12 * IBM Research & Development 13 * Author: Urban, Volker (volker.urban@de.ibm.com) 14 *----------------------------------------------------------------------*/ 15 16 #if ! defined(__EP11_H__) 17 #define __EP11_H__ 18 19 #if !defined(CKR_OK) /* don't assume include guards */ 20 #include "pkcs11.h" 21 #endif 22 23 #if !defined(INT64_MIN) 24 #error "We need 64-bit <stdint.h> types, please include before this file." 25 #endif 26 27 // SHA224 etc. are additions to PKCS#11 2.20 28 // remove these when host migrates beyond 2.20 29 // 30 #if !defined(CKM_SHA224) 31 #define CKM_SHA224 0x00000255 32 #define CKM_SHA224_HMAC 0x00000256 33 #define CKM_SHA224_HMAC_GENERAL 0x00000257 34 #define CKM_SHA224_RSA_PKCS 0x00000046 35 #define CKM_SHA224_RSA_PKCS_PSS 0x00000047 36 #define CKM_SHA224_KEY_DERIVATION 0x00000396 37 #define CKM_AES_CTR 0x00001086 38 #define CKG_MGF1_SHA224 0x00000005 39 #endif 40 41 #if !defined(CKM_AES_CMAC) 42 #define CKM_AES_CMAC 0x0000108a 43 #endif 44 45 #if !defined(CKM_ALG_DES3_CMAC) 46 #define CKM_DES3_CMAC 0x00000138 47 #endif 48 49 50 /*---------------------------------------------------------------------- 51 * CK_... type arguments correspond to the original PKCS#11 call's 52 * arguments. Standard types mean PKCS#11 objects (session, token etc.) 53 * are mapped to a native type (key blob, mechanism) etc. 54 * 55 * As an example, for _Encrypt and _Decrypt, a session is passed to 56 * the PKCS#11 function. This session needs to be matched to a key blob, 57 * so our _Encrypt interface takes a key/keylen buffer instead of the 58 * session. All other parameters should be passed through unchanged. 59 * 60 * For certain operations, such as _GenerateKey, there are no real 61 * PKCS#11 type parameters at this level. 62 */ 63 64 CK_RV m_GenerateRandom(CK_BYTE_PTR rnd, CK_ULONG len, uint64_t target); 65 66 /* note: external seeding not supported */ 67 CK_RV m_SeedRandom(CK_BYTE_PTR pSeed, CK_ULONG ulSeedLen, uint64_t target); 68 CK_RV m_DigestInit(unsigned char *state, size_t * len, 69 const CK_MECHANISM_PTR pmech, uint64_t target); 70 71 CK_RV m_Digest(const unsigned char *state, size_t slen, 72 CK_BYTE_PTR data, CK_ULONG len, 73 CK_BYTE_PTR digest, CK_ULONG_PTR dglen, uint64_t target); 74 CK_RV m_DigestUpdate(unsigned char *state, size_t slen, 75 CK_BYTE_PTR data, CK_ULONG dlen, uint64_t target); 76 CK_RV m_DigestKey(unsigned char *state, size_t slen, 77 const unsigned char *key, size_t klen, uint64_t target); 78 CK_RV m_DigestFinal(const unsigned char *state, size_t slen, 79 CK_BYTE_PTR digest, CK_ULONG_PTR dlen, uint64_t target); 80 CK_RV m_DigestSingle(CK_MECHANISM_PTR pmech, 81 CK_BYTE_PTR data, CK_ULONG len, 82 CK_BYTE_PTR digest, CK_ULONG_PTR dlen, uint64_t target); 83 84 CK_RV m_EncryptInit(unsigned char *state, size_t * slen, 85 CK_MECHANISM_PTR pmech, 86 const unsigned char *key, size_t klen, uint64_t target); 87 CK_RV m_DecryptInit(unsigned char *state, size_t * slen, 88 CK_MECHANISM_PTR pmech, 89 const unsigned char *key, size_t klen, uint64_t target); 90 91 CK_RV m_EncryptUpdate(unsigned char *state, size_t slen, 92 CK_BYTE_PTR plain, CK_ULONG plen, 93 CK_BYTE_PTR cipher, CK_ULONG_PTR clen, uint64_t target); 94 CK_RV m_DecryptUpdate(unsigned char *state, size_t slen, 95 CK_BYTE_PTR cipher, CK_ULONG clen, 96 CK_BYTE_PTR plain, CK_ULONG_PTR plen, uint64_t target); 97 98 /* one-pass en/decrypt with key blob */ 99 CK_RV m_Encrypt(const unsigned char *state, size_t slen, 100 CK_BYTE_PTR plain, CK_ULONG plen, 101 CK_BYTE_PTR cipher, CK_ULONG_PTR clen, uint64_t target); 102 CK_RV m_Decrypt(const unsigned char *state, size_t slen, 103 CK_BYTE_PTR cipher, CK_ULONG clen, 104 CK_BYTE_PTR plain, CK_ULONG_PTR plen, uint64_t target); 105 106 CK_RV m_EncryptFinal(const unsigned char *state, size_t slen, 107 CK_BYTE_PTR output, CK_ULONG_PTR len, uint64_t target); 108 CK_RV m_DecryptFinal(const unsigned char *state, size_t slen, 109 CK_BYTE_PTR output, CK_ULONG_PTR len, uint64_t target); 110 111 /* en/decrypt directly with key blob */ 112 CK_RV m_EncryptSingle(const unsigned char *key, size_t klen, 113 CK_MECHANISM_PTR mech, 114 CK_BYTE_PTR plain, CK_ULONG plen, 115 CK_BYTE_PTR cipher, CK_ULONG_PTR clen, uint64_t target); 116 CK_RV m_DecryptSingle(const unsigned char *key, size_t klen, 117 CK_MECHANISM_PTR mech, 118 CK_BYTE_PTR cipher, CK_ULONG clen, 119 CK_BYTE_PTR plain, CK_ULONG_PTR plen, uint64_t target); 120 121 /* de+encrypt in one pass, without exposing cleartext */ 122 CK_RV m_ReencryptSingle(const unsigned char *dkey, size_t dklen, 123 const unsigned char *ekey, size_t eklen, 124 CK_MECHANISM_PTR pdecrmech, 125 CK_MECHANISM_PTR pencrmech, 126 CK_BYTE_PTR in, CK_ULONG ilen, 127 CK_BYTE_PTR out, CK_ULONG_PTR olen, uint64_t target); 128 129 CK_RV m_GenerateKey(CK_MECHANISM_PTR pmech, 130 CK_ATTRIBUTE_PTR ptempl, CK_ULONG templcount, 131 const unsigned char *pin, size_t pinlen, 132 unsigned char *key, size_t * klen, 133 unsigned char *csum, size_t * clen, uint64_t target); 134 135 CK_RV m_GenerateKeyPair(CK_MECHANISM_PTR pmech, 136 CK_ATTRIBUTE_PTR ppublic, CK_ULONG pubattrs, 137 CK_ATTRIBUTE_PTR pprivate, CK_ULONG prvattrs, 138 const unsigned char *pin, size_t pinlen, 139 unsigned char *key, size_t * klen, 140 unsigned char *pubkey, size_t * pklen, uint64_t target); 141 142 CK_RV m_SignInit(unsigned char *state, size_t * slen, 143 CK_MECHANISM_PTR alg, 144 const unsigned char *key, size_t klen, uint64_t target); 145 CK_RV m_VerifyInit(unsigned char *state, size_t * slen, 146 CK_MECHANISM_PTR alg, 147 const unsigned char *key, size_t klen, uint64_t target); 148 149 CK_RV m_SignUpdate(unsigned char *state, size_t slen, 150 CK_BYTE_PTR data, CK_ULONG dlen, uint64_t target); 151 CK_RV m_VerifyUpdate(unsigned char *state, size_t slen, 152 CK_BYTE_PTR data, CK_ULONG dlen, uint64_t target); 153 154 CK_RV m_SignFinal(const unsigned char *state, size_t stlen, 155 CK_BYTE_PTR sig, CK_ULONG_PTR siglen, uint64_t target); 156 CK_RV m_VerifyFinal(const unsigned char *state, size_t stlen, 157 CK_BYTE_PTR sig, CK_ULONG siglen, uint64_t target); 158 159 CK_RV m_Sign(const unsigned char *state, size_t stlen, 160 CK_BYTE_PTR data, CK_ULONG dlen, 161 CK_BYTE_PTR sig, CK_ULONG_PTR siglen, uint64_t target); 162 CK_RV m_Verify(const unsigned char *state, size_t stlen, 163 CK_BYTE_PTR data, CK_ULONG dlen, 164 CK_BYTE_PTR sig, CK_ULONG siglen, uint64_t target); 165 166 CK_RV m_SignSingle(const unsigned char *key, size_t klen, 167 CK_MECHANISM_PTR pmech, 168 CK_BYTE_PTR data, CK_ULONG dlen, 169 CK_BYTE_PTR sig, CK_ULONG_PTR slen, uint64_t target); 170 CK_RV m_VerifySingle(const unsigned char *key, size_t klen, 171 CK_MECHANISM_PTR pmech, 172 CK_BYTE_PTR data, CK_ULONG dlen, 173 CK_BYTE_PTR sig, CK_ULONG slen, uint64_t target); 174 175 /* mackey is NULL for PKCS#11 formats, not for authenticated ones */ 176 CK_RV m_WrapKey(const unsigned char *key, size_t keylen, 177 const unsigned char *kek, size_t keklen, 178 const unsigned char *mackey, size_t mklen, 179 const CK_MECHANISM_PTR pmech, 180 CK_BYTE_PTR wrapped, CK_ULONG_PTR wlen, uint64_t target); 181 182 /* mackey is NULL for PKCS#11 formats, not for authenticated ones */ 183 CK_RV m_UnwrapKey(const CK_BYTE_PTR wrapped, CK_ULONG wlen, 184 const unsigned char *kek, size_t keklen, 185 const unsigned char *mackey, size_t mklen, 186 const unsigned char *pin, size_t pinlen, 187 const CK_MECHANISM_PTR uwmech, 188 const CK_ATTRIBUTE_PTR ptempl, CK_ULONG pcount, 189 unsigned char *unwrapped, size_t * uwlen, 190 CK_BYTE_PTR csum, CK_ULONG * cslen, uint64_t target); 191 192 CK_RV m_DeriveKey(CK_MECHANISM_PTR pderivemech, 193 CK_ATTRIBUTE_PTR ptempl, CK_ULONG templcount, 194 const unsigned char *basekey, size_t bklen, 195 const unsigned char *data, size_t dlen, 196 const unsigned char *pin, size_t pinlen, 197 unsigned char *newkey, size_t * nklen, 198 unsigned char *csum, size_t * cslen, uint64_t target); 199 200 201 CK_RV m_GetMechanismList(CK_SLOT_ID slot, 202 CK_MECHANISM_TYPE_PTR mechs, 203 CK_ULONG_PTR count, uint64_t target); 204 CK_RV m_GetMechanismInfo(CK_SLOT_ID slot, 205 CK_MECHANISM_TYPE mech, 206 CK_MECHANISM_INFO_PTR pmechinfo, uint64_t target); 207 208 CK_RV m_GetAttributeValue(const unsigned char *obj, size_t olen, 209 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, 210 uint64_t target); 211 CK_RV m_SetAttributeValue(unsigned char *obj, size_t olen, 212 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, 213 uint64_t target); 214 215 216 CK_RV m_Login(CK_UTF8CHAR_PTR pin, CK_ULONG pinlen, 217 const unsigned char *nonce, size_t nlen, 218 unsigned char *pinblob, size_t * pinbloblen, uint64_t target); 219 CK_RV m_Logout(const unsigned char *pin, size_t len, uint64_t target); 220 221 CK_RV m_admin(unsigned char *response1, size_t * r1len, 222 unsigned char *response2, size_t * r2len, 223 const unsigned char *cmd, size_t clen, 224 const unsigned char *sigs, size_t slen, uint64_t target); 225 226 227 /*-------------------------------------------------------------------------- 228 * Module management. 229 */ 230 int m_add_backend(const char *name, unsigned int port); 231 int m_init(void); 232 int m_shutdown(void); 233 234 235 #endif /* n defined(__EP11_H__) */ 236