libp11  0.2.8
libp11.h
Go to the documentation of this file.
1 /* libp11, a simple layer on to of PKCS#11 API
2  * Copyright (C) 2005 Olaf Kirch <okir@lst.de>
3  *
4  * This library is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU Lesser General Public
6  * License as published by the Free Software Foundation; either
7  * version 2.1 of the License, or (at your option) any later version.
8  *
9  * This library is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  * Lesser General Public License for more details.
13  *
14  * You should have received a copy of the GNU Lesser General Public
15  * License along with this library; if not, write to the Free Software
16  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
17  */
18 
24 #ifndef _LIB11_H
25 #define _LIB11_H
26 
27 #include <openssl/bio.h>
28 #include <openssl/err.h>
29 #include <openssl/x509.h>
30 
31 #ifdef __cplusplus
32 extern "C" {
33 #endif
34 
35 /* get some structures for local code to handle pkcs11 data readily */
36 #define ERR_LIB_PKCS11 ERR_LIB_USER
37 
38 #define PKCS11err(f,r) \
39 ERR_PUT_error(ERR_LIB_PKCS11,(f),(r),__FILE__,__LINE__)
40 
41 /*
42  * The purpose of this library is to provide a simple PKCS11
43  * interface to OpenSSL application that wish to use a previously
44  * initialized card (as opposed to initializing it, etc).
45  *
46  * I am therefore making some simplifying assumptions:
47  *
48  * - no support for any operations that alter the card,
49  * i.e. readonly-login
50  */
51 
53 typedef struct PKCS11_key_st {
54  char *label;
55  unsigned char *id;
56  size_t id_len;
57  unsigned char isPrivate;
58  unsigned char needLogin;
59  EVP_PKEY *evp_key;
60  void *_private;
61 } PKCS11_KEY;
62 
64 typedef struct PKCS11_cert_st {
65  char *label;
66  unsigned char *id;
67  size_t id_len;
68  X509 *x509;
69  void *_private;
70 } PKCS11_CERT;
71 
73 typedef struct PKCS11_token_st {
74  char *label;
75  char *manufacturer;
76  char *model;
77  char *serialnr;
78  unsigned char initialized;
79  unsigned char loginRequired;
80  unsigned char secureLogin;
81  unsigned char userPinSet;
82  unsigned char readOnly;
83  unsigned char hasRng;
84  unsigned char userPinCountLow;
85  unsigned char userPinFinalTry;
86  unsigned char userPinLocked;
87  unsigned char userPinToBeChanged;
88  unsigned char soPinCountLow;
89  unsigned char soPinFinalTry;
90  unsigned char soPinLocked;
91  unsigned char soPinToBeChanged;
92  void *_private;
93 } PKCS11_TOKEN;
94 
96 typedef struct PKCS11_slot_st {
97  char *manufacturer;
98  char *description;
99  unsigned char removable;
101  void *_private;
102 } PKCS11_SLOT;
103 
105 typedef struct PKCS11_ctx_st {
106  char *manufacturer;
107  char *description;
108  void *_private;
109 } PKCS11_CTX;
110 
117 extern PKCS11_CTX *PKCS11_CTX_new(void);
118 
124 extern void PKCS11_CTX_init_args(PKCS11_CTX * ctx, const char * init_args);
125 
134 extern int PKCS11_CTX_load(PKCS11_CTX * ctx, const char * ident);
135 
141 extern void PKCS11_CTX_unload(PKCS11_CTX * ctx);
142 
148 extern void PKCS11_CTX_free(PKCS11_CTX * ctx);
149 
157 extern int PKCS11_open_session(PKCS11_SLOT * slot, int rw);
158 
168 extern int PKCS11_enumerate_slots(PKCS11_CTX * ctx,
169  PKCS11_SLOT **slotsp, unsigned int *nslotsp);
170 
177 extern unsigned long PKCS11_get_slotid_from_slot(PKCS11_SLOT *slotp);
178 
186 extern void PKCS11_release_all_slots(PKCS11_CTX * ctx,
187  PKCS11_SLOT *slots, unsigned int nslots);
188 
199  PKCS11_SLOT *slots, unsigned int nslots);
200 
210 extern int PKCS11_login(PKCS11_SLOT * slot, int so, const char *pin);
211 
219 extern int PKCS11_logout(PKCS11_SLOT * slot);
220 
221 /* Get a list of all keys associated with this token */
222 extern int PKCS11_enumerate_keys(PKCS11_TOKEN *, PKCS11_KEY **, unsigned int *);
223 
224 /* Get the key type (as EVP_PKEY_XXX) */
225 extern int PKCS11_get_key_type(PKCS11_KEY *);
226 
227 /* Get size of key modulus in number of bytes */
228 extern int PKCS11_get_key_size(const PKCS11_KEY *);
229 /* Get actual modules and public exponent as BIGNUM */
230 extern int PKCS11_get_key_modulus(PKCS11_KEY *, BIGNUM **);
231 extern int PKCS11_get_key_exponent(PKCS11_KEY *, BIGNUM **);
232 
233 /* Get the enveloped private key */
243 extern EVP_PKEY *PKCS11_get_private_key(PKCS11_KEY *key);
253 extern EVP_PKEY *PKCS11_get_public_key(PKCS11_KEY *key);
254 
255 /* Find the corresponding certificate (if any) */
256 extern PKCS11_CERT *PKCS11_find_certificate(PKCS11_KEY *);
257 
258 /* Find the corresponding key (if any) */
259 extern PKCS11_KEY *PKCS11_find_key(PKCS11_CERT *);
260 
261 /* Get a list of all certificates associated with this token */
262 extern int PKCS11_enumerate_certs(PKCS11_TOKEN *, PKCS11_CERT **, unsigned int *);
263 
273 extern int PKCS11_init_token(PKCS11_TOKEN * token, const char *pin,
274  const char *label);
275 
284 extern int PKCS11_init_pin(PKCS11_TOKEN * token, const char *pin);
285 
295 extern int PKCS11_change_pin(PKCS11_SLOT * slot, const char *old_pin,
296  const char *new_pin);
297 
311 extern int PKCS11_generate_key(PKCS11_TOKEN * token, int algorithm, unsigned int bits, char *label, unsigned char* id, size_t id_len);
312 
324 extern int PKCS11_store_private_key(PKCS11_TOKEN * token, EVP_PKEY * pk, char *label, unsigned char *id, size_t id_len);
325 
337 extern int PKCS11_store_public_key(PKCS11_TOKEN * token, EVP_PKEY * pk, char *label, unsigned char *id, size_t id_len);
338 
351 extern int PKCS11_store_certificate(PKCS11_TOKEN * token, X509 * x509,
352  char *label, unsigned char *id, size_t id_len,
353  PKCS11_CERT **ret_cert);
354 
355 /* rsa private key operations */
356 extern int PKCS11_sign(int type, const unsigned char *m, unsigned int m_len,
357  unsigned char *sigret, unsigned int *siglen, const PKCS11_KEY * key);
358 extern int PKCS11_private_encrypt(int flen, const unsigned char *from,
359  unsigned char *to, const PKCS11_KEY * rsa, int padding);
370 extern int PKCS11_private_decrypt(int flen, const unsigned char *from,
371  unsigned char *to, PKCS11_KEY * key, int padding);
372 extern int PKCS11_verify(int type, const unsigned char *m, unsigned int m_len,
373  unsigned char *signature, unsigned int siglen, PKCS11_KEY * key);
374 
375 /* access random number generator */
376 extern int PKCS11_seed_random(PKCS11_SLOT *, const unsigned char *s, unsigned int s_len);
377 extern int PKCS11_generate_random(PKCS11_SLOT *, unsigned char *r, unsigned int r_len);
378 
379 /* using with openssl method mechanism */
380 RSA_METHOD *PKCS11_get_rsa_method(void);
381 
388 extern void ERR_load_PKCS11_strings(void);
389 
390 /*
391  * Function and reason codes
392  */
393 #define PKCS11_F_PKCS11_CTX_LOAD 1
394 #define PKCS11_F_PKCS11_ENUM_SLOTS 2
395 #define PKCS11_F_PKCS11_CHECK_TOKEN 3
396 #define PKCS11_F_PKCS11_OPEN_SESSION 4
397 #define PKCS11_F_PKCS11_LOGIN 5
398 #define PKCS11_F_PKCS11_ENUM_KEYS 6
399 #define PKCS11_F_PKCS11_GET_KEY 7
400 #define PKCS11_F_PKCS11_RSA_DECRYPT 8
401 #define PKCS11_F_PKCS11_RSA_ENCRYPT 9
402 #define PKCS11_F_PKCS11_RSA_SIGN 10
403 #define PKCS11_F_PKCS11_RSA_VERIFY 11
404 #define PKCS11_F_PKCS11_ENUM_CERTS 12
405 #define PKCS11_F_PKCS11_INIT_TOKEN 13
406 #define PKCS11_F_PKCS11_INIT_PIN 14
407 #define PKCS11_F_PKCS11_LOGOUT 15
408 #define PKCS11_F_PKCS11_STORE_PRIVATE_KEY 16
409 #define PKCS11_F_PKCS11_GENERATE_KEY 17
410 #define PKCS11_F_PKCS11_STORE_PUBLIC_KEY 18
411 #define PKCS11_F_PKCS11_STORE_CERTIFICATE 19
412 #define PKCS11_F_PKCS11_SEED_RANDOM 20
413 #define PKCS11_F_PKCS11_GENERATE_RANDOM 21
414 #define PKCS11_F_PKCS11_CHANGE_PIN 22
415 #define PKCS11_F_PKCS11_GETATTR 40
416 
417 #define PKCS11_ERR_BASE 1024
418 #define PKCS11_LOAD_MODULE_ERROR (PKCS11_ERR_BASE+1)
419 #define PKCS11_MODULE_LOADED_ERROR (PKCS11_ERR_BASE+2)
420 #define PKCS11_SYMBOL_NOT_FOUND_ERROR (PKCS11_ERR_BASE+3)
421 #define PKCS11_NOT_SUPPORTED (PKCS11_ERR_BASE+4)
422 #define PKCS11_NO_SESSION (PKCS11_ERR_BASE+5)
423 #define PKCS11_KEYGEN_FAILED (PKCS11_ERR_BASE+6)
424 
425 #ifdef __cplusplus
426 }
427 #endif
428 #endif
void PKCS11_release_all_slots(PKCS11_CTX *ctx, PKCS11_SLOT *slots, unsigned int nslots)
Free the list of slots allocated by PKCS11_enumerate_slots()
void PKCS11_CTX_unload(PKCS11_CTX *ctx)
Unload a PKCS#11 module.
EVP_PKEY * PKCS11_get_private_key(PKCS11_KEY *key)
Returns a EVP_PKEY object for the private key.
int PKCS11_init_pin(PKCS11_TOKEN *token, const char *pin)
Initialize the user PIN on a token.
int PKCS11_CTX_load(PKCS11_CTX *ctx, const char *ident)
Load a PKCS#11 module.
unsigned char isPrivate
private key present?
Definition: libp11.h:57
int PKCS11_private_decrypt(int flen, const unsigned char *from, unsigned char *to, PKCS11_KEY *key, int padding)
Decrypts data using the private key.
int PKCS11_login(PKCS11_SLOT *slot, int so, const char *pin)
Authenticate to the card.
EVP_PKEY * evp_key
initially NULL, need to call PKCS11_load_key
Definition: libp11.h:59
PKCS11_TOKEN * token
NULL if no token present.
Definition: libp11.h:100
EVP_PKEY * PKCS11_get_public_key(PKCS11_KEY *key)
Returns a EVP_PKEY object with the public key.
struct PKCS11_cert_st PKCS11_CERT
PKCS11 certificate object.
unsigned long PKCS11_get_slotid_from_slot(PKCS11_SLOT *slotp)
Get the slot_id from a slot as it is stored in private.
PKCS11 token: smart card or USB key.
Definition: libp11.h:73
unsigned char needLogin
login to read private key?
Definition: libp11.h:58
PKCS11 key object (public or private)
Definition: libp11.h:53
void ERR_load_PKCS11_strings(void)
Load PKCS11 error strings.
int PKCS11_store_certificate(PKCS11_TOKEN *token, X509 *x509, char *label, unsigned char *id, size_t id_len, PKCS11_CERT **ret_cert)
Store certificate on a token.
int PKCS11_enumerate_slots(PKCS11_CTX *ctx, PKCS11_SLOT **slotsp, unsigned int *nslotsp)
Get a list of all slots.
int PKCS11_open_session(PKCS11_SLOT *slot, int rw)
Open a session in RO or RW mode.
struct PKCS11_ctx_st PKCS11_CTX
PKCS11 context.
PKCS11_CTX * PKCS11_CTX_new(void)
Create a new libp11 context.
int PKCS11_store_public_key(PKCS11_TOKEN *token, EVP_PKEY *pk, char *label, unsigned char *id, size_t id_len)
Store public key on a token.
PKCS11 slot: card reader.
Definition: libp11.h:96
int PKCS11_store_private_key(PKCS11_TOKEN *token, EVP_PKEY *pk, char *label, unsigned char *id, size_t id_len)
Store private key on a token.
struct PKCS11_slot_st PKCS11_SLOT
PKCS11 slot: card reader.
PKCS11_SLOT * PKCS11_find_token(PKCS11_CTX *ctx, PKCS11_SLOT *slots, unsigned int nslots)
Find the first slot with a token.
PKCS11 context.
Definition: libp11.h:105
int PKCS11_logout(PKCS11_SLOT *slot)
De-authenticate from the card.
struct PKCS11_key_st PKCS11_KEY
PKCS11 key object (public or private)
int PKCS11_init_token(PKCS11_TOKEN *token, const char *pin, const char *label)
Initialize a token.
void PKCS11_CTX_free(PKCS11_CTX *ctx)
Free a libp11 context.
PKCS11 certificate object.
Definition: libp11.h:64
int PKCS11_generate_key(PKCS11_TOKEN *token, int algorithm, unsigned int bits, char *label, unsigned char *id, size_t id_len)
Generate and store a private key on the token.
int PKCS11_change_pin(PKCS11_SLOT *slot, const char *old_pin, const char *new_pin)
Change the user PIN on a token.
struct PKCS11_token_st PKCS11_TOKEN
PKCS11 token: smart card or USB key.
void PKCS11_CTX_init_args(PKCS11_CTX *ctx, const char *init_args)
Specify any private PKCS#11 module initializtion args, if necessary.

libp11, Copyright (C) 2005 Olaf Kirch <okir@lst.de>OpenSC-Project.org Logo