diff options
author | Stef Walter <stefw@collabora.co.uk> | 2011-06-07 20:20:17 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-06-07 20:21:13 +0200 |
commit | 18cb0a89d3eb08847fc3ecc8cd9438bb88c7b4fa (patch) | |
tree | 1c5362536fc4df64222c6b837d9e1bae5d958456 /lib/pkcs11_int.h | |
parent | 91b0db8967863694dee39d9722895e153ca8d580 (diff) | |
download | gnutls-18cb0a89d3eb08847fc3ecc8cd9438bb88c7b4fa.tar.gz |
The attached patch ports gnutls to p11-kit.
p11-kit is added as a dependency. p11-kit itself has no dependencies outside of basic libc stuff. The source code for p11-kit is available both in git and tarball form. [3]
If the gnutls dependency on p11-kit is disabled (via a configure option) then the PKCS#11 support is disabled. This is useful in bare bones embedded systems or places where very minimal dependencies are limited.
Diffstat (limited to 'lib/pkcs11_int.h')
-rw-r--r-- | lib/pkcs11_int.h | 178 |
1 files changed, 141 insertions, 37 deletions
diff --git a/lib/pkcs11_int.h b/lib/pkcs11_int.h index 19cb1dfacd..d0c892c03d 100644 --- a/lib/pkcs11_int.h +++ b/lib/pkcs11_int.h @@ -1,13 +1,19 @@ #ifndef PKCS11_INT_H #define PKCS11_INT_H -#include <pakchois/pakchois.h> +#ifdef ENABLE_PKCS11 + +#define CRYPTOKI_GNU +#include "pkcs11_spec.h" #include <gnutls/pkcs11.h> #include <x509/x509_int.h> #define PKCS11_ID_SIZE 128 #define PKCS11_LABEL_SIZE 128 +#define P11_KIT_API_SUBJECT_TO_CHANGE 1 +#include <p11-kit/uri.h> + struct token_info { struct ck_token_info tinfo; @@ -16,34 +22,11 @@ struct token_info struct gnutls_pkcs11_provider_s *prov; }; -struct pkcs11_url_info -{ - /* everything here is null terminated strings */ - opaque id[PKCS11_ID_SIZE * 3 + 1]; /* hex with delimiters */ - opaque type[16]; /* cert/key etc. */ - - opaque lib_manufacturer[sizeof - (((struct ck_info *) NULL)->manufacturer_id) + 1]; - opaque lib_desc[sizeof - (((struct ck_info *) NULL)->library_description) + 1]; - opaque lib_version[12]; - - opaque manufacturer[sizeof - (((struct ck_token_info *) NULL)->manufacturer_id) + 1]; - opaque token[sizeof (((struct ck_token_info *) NULL)->label) + 1]; - opaque serial[sizeof (((struct ck_token_info *) NULL)->serial_number) + 1]; - opaque model[sizeof (((struct ck_token_info *) NULL)->model) + 1]; - opaque label[PKCS11_LABEL_SIZE + 1]; - - opaque certid_raw[PKCS11_ID_SIZE]; /* same as ID but raw */ - size_t certid_raw_size; -}; - struct gnutls_pkcs11_obj_st { gnutls_datum_t raw; gnutls_pkcs11_obj_type_t type; - struct pkcs11_url_info info; + struct p11_kit_uri *info; /* only when pubkey */ gnutls_datum_t pubkey[MAX_PUBLIC_PARAMS_SIZE]; @@ -55,46 +38,50 @@ struct gnutls_pkcs11_obj_st * function. Once everything is traversed it is called with NULL tinfo. * It should return 0 if found what it was looking for. */ -typedef int (*find_func_t) (pakchois_session_t * pks, +typedef int (*find_func_t) (struct ck_function_list *module, + ck_session_handle_t pks, struct token_info * tinfo, struct ck_info *, void *input); int pkcs11_rv_to_err (ck_rv_t rv); -int pkcs11_url_to_info (const char *url, struct pkcs11_url_info *info); +int pkcs11_url_to_info (const char *url, struct p11_kit_uri **info); int -pkcs11_find_slot (pakchois_module_t ** module, ck_slot_id_t * slot, - struct pkcs11_url_info *info, struct token_info *_tinfo); +pkcs11_find_slot (struct ck_function_list ** module, ck_slot_id_t * slot, + struct p11_kit_uri *info, struct token_info *_tinfo); -int pkcs11_get_info (struct pkcs11_url_info *info, +int pkcs11_get_info (struct p11_kit_uri *info, gnutls_pkcs11_obj_info_t itype, void *output, size_t * output_size); -int pkcs11_login (pakchois_session_t * pks, +int pkcs11_login (struct ck_function_list * module, ck_session_handle_t pks, const struct token_info *info, int admin); +int pkcs11_call_token_func (struct p11_kit_uri *info, const unsigned retry); + extern gnutls_pkcs11_token_callback_t token_func; extern void *token_data; void pkcs11_rescan_slots (void); -int pkcs11_info_to_url (const struct pkcs11_url_info *info, +int pkcs11_info_to_url (struct p11_kit_uri *info, gnutls_pkcs11_url_type_t detailed, char **url); #define SESSION_WRITE (1<<0) #define SESSION_LOGIN (1<<1) #define SESSION_SO (1<<2) /* security officer session */ -int pkcs11_open_session (pakchois_session_t ** _pks, - struct pkcs11_url_info *info, unsigned int flags); +int pkcs11_open_session (struct ck_function_list **_module, ck_session_handle_t * _pks, + struct p11_kit_uri *info, unsigned int flags); int _pkcs11_traverse_tokens (find_func_t find_func, void *input, unsigned int flags); ck_object_class_t pkcs11_strtype_to_class (const char *type); -int pkcs11_token_matches_info (struct pkcs11_url_info *info, +int pkcs11_token_matches_info (struct p11_kit_uri *info, struct ck_token_info *tinfo, struct ck_info *lib_info); /* flags are SESSION_* */ -int pkcs11_find_object (pakchois_session_t ** _pks, +int pkcs11_find_object (struct ck_function_list ** _module, + ck_session_handle_t * _pks, ck_object_handle_t * _obj, - struct pkcs11_url_info *info, unsigned int flags); + struct p11_kit_uri *info, unsigned int flags); unsigned int pkcs11_obj_flags_to_int (unsigned int flags); @@ -109,4 +96,121 @@ _gnutls_pkcs11_privkey_decrypt_data (gnutls_pkcs11_privkey_t key, const gnutls_datum_t * ciphertext, gnutls_datum_t * plaintext); +ck_rv_t +pkcs11_get_slot_list (struct ck_function_list * module, + unsigned char token_present, + ck_slot_id_t *slot_list, + unsigned long *count); + +ck_rv_t +pkcs11_get_module_info (struct ck_function_list * module, + struct ck_info * info); + +ck_rv_t +pkcs11_get_slot_info(struct ck_function_list * module, + ck_slot_id_t slot_id, + struct ck_slot_info *info); + +ck_rv_t +pkcs11_get_token_info (struct ck_function_list * module, + ck_slot_id_t slot_id, + struct ck_token_info *info); + +ck_rv_t +pkcs11_find_objects_init (struct ck_function_list *module, + ck_session_handle_t sess, + struct ck_attribute *templ, + unsigned long count); + +ck_rv_t +pkcs11_find_objects (struct ck_function_list *module, + ck_session_handle_t sess, + ck_object_handle_t *objects, + unsigned long max_object_count, + unsigned long *object_count); + +ck_rv_t +pkcs11_find_objects_final (struct ck_function_list *module, + ck_session_handle_t sess); + +ck_rv_t +pkcs11_close_session (struct ck_function_list *module, + ck_session_handle_t sess); + +ck_rv_t +pkcs11_get_attribute_value(struct ck_function_list *module, + ck_session_handle_t sess, + ck_object_handle_t object, + struct ck_attribute *templ, + unsigned long count); + +ck_rv_t +pkcs11_get_mechanism_list (struct ck_function_list *module, + ck_slot_id_t slot_id, + ck_mechanism_type_t *mechanism_list, + unsigned long *count); + +ck_rv_t +pkcs11_sign_init (struct ck_function_list *module, + ck_session_handle_t sess, + struct ck_mechanism *mechanism, + ck_object_handle_t key); + +ck_rv_t +pkcs11_sign (struct ck_function_list *module, + ck_session_handle_t sess, + unsigned char *data, + unsigned long data_len, + unsigned char *signature, + unsigned long *signature_len); + +ck_rv_t +pkcs11_decrypt_init (struct ck_function_list *module, + ck_session_handle_t sess, + struct ck_mechanism *mechanism, + ck_object_handle_t key); + +ck_rv_t +pkcs11_decrypt (struct ck_function_list *module, + ck_session_handle_t sess, + unsigned char *encrypted_data, + unsigned long encrypted_data_len, + unsigned char *data, unsigned long *data_len); + +ck_rv_t +pkcs11_create_object (struct ck_function_list *module, + ck_session_handle_t sess, + struct ck_attribute *templ, + unsigned long count, + ck_object_handle_t *object); + +ck_rv_t +pkcs11_destroy_object (struct ck_function_list *module, + ck_session_handle_t sess, + ck_object_handle_t object); + +ck_rv_t +pkcs11_init_token (struct ck_function_list *module, + ck_slot_id_t slot_id, unsigned char *pin, + unsigned long pin_len, unsigned char *label); + +ck_rv_t +pkcs11_init_pin (struct ck_function_list *module, + ck_session_handle_t sess, + unsigned char *pin, + unsigned long pin_len); + +ck_rv_t +pkcs11_set_pin (struct ck_function_list *module, + ck_session_handle_t sess, + unsigned char *old_pin, + unsigned long old_len, + unsigned char *new_pin, + unsigned long new_len); + +const char * +pkcs11_strerror (ck_rv_t rv); + +#endif /* ENABLE_PKCS11 */ + #endif |