27 #include <openssl/bio.h>
28 #include <openssl/err.h>
29 #include <openssl/x509.h>
36 #define ERR_LIB_PKCS11 ERR_LIB_USER
38 #define PKCS11err(f,r) \
39 ERR_PUT_error(ERR_LIB_PKCS11,(f),(r),__FILE__,__LINE__)
78 unsigned char initialized;
79 unsigned char loginRequired;
80 unsigned char secureLogin;
81 unsigned char userPinSet;
82 unsigned char readOnly;
84 unsigned char userPinCountLow;
85 unsigned char userPinFinalTry;
86 unsigned char userPinLocked;
87 unsigned char userPinToBeChanged;
88 unsigned char soPinCountLow;
89 unsigned char soPinFinalTry;
90 unsigned char soPinLocked;
91 unsigned char soPinToBeChanged;
99 unsigned char removable;
228 extern int PKCS11_get_key_size(
const PKCS11_KEY *);
230 extern int PKCS11_get_key_modulus(
PKCS11_KEY *, BIGNUM **);
231 extern int PKCS11_get_key_exponent(
PKCS11_KEY *, BIGNUM **);
296 const char *new_pin);
352 char *label,
unsigned char *
id,
size_t id_len,
356 extern int PKCS11_sign(
int type,
const unsigned char *m,
unsigned int m_len,
357 unsigned char *sigret,
unsigned int *siglen,
const PKCS11_KEY * key);
358 extern int PKCS11_private_encrypt(
int flen,
const unsigned char *from,
359 unsigned char *to,
const PKCS11_KEY * rsa,
int padding);
371 unsigned char *to,
PKCS11_KEY * key,
int padding);
372 extern int PKCS11_verify(
int type,
const unsigned char *m,
unsigned int m_len,
373 unsigned char *signature,
unsigned int siglen,
PKCS11_KEY * key);
376 extern int PKCS11_seed_random(
PKCS11_SLOT *,
const unsigned char *s,
unsigned int s_len);
377 extern int PKCS11_generate_random(
PKCS11_SLOT *,
unsigned char *r,
unsigned int r_len);
380 RSA_METHOD *PKCS11_get_rsa_method(
void);
393 #define PKCS11_F_PKCS11_CTX_LOAD 1
394 #define PKCS11_F_PKCS11_ENUM_SLOTS 2
395 #define PKCS11_F_PKCS11_CHECK_TOKEN 3
396 #define PKCS11_F_PKCS11_OPEN_SESSION 4
397 #define PKCS11_F_PKCS11_LOGIN 5
398 #define PKCS11_F_PKCS11_ENUM_KEYS 6
399 #define PKCS11_F_PKCS11_GET_KEY 7
400 #define PKCS11_F_PKCS11_RSA_DECRYPT 8
401 #define PKCS11_F_PKCS11_RSA_ENCRYPT 9
402 #define PKCS11_F_PKCS11_RSA_SIGN 10
403 #define PKCS11_F_PKCS11_RSA_VERIFY 11
404 #define PKCS11_F_PKCS11_ENUM_CERTS 12
405 #define PKCS11_F_PKCS11_INIT_TOKEN 13
406 #define PKCS11_F_PKCS11_INIT_PIN 14
407 #define PKCS11_F_PKCS11_LOGOUT 15
408 #define PKCS11_F_PKCS11_STORE_PRIVATE_KEY 16
409 #define PKCS11_F_PKCS11_GENERATE_KEY 17
410 #define PKCS11_F_PKCS11_STORE_PUBLIC_KEY 18
411 #define PKCS11_F_PKCS11_STORE_CERTIFICATE 19
412 #define PKCS11_F_PKCS11_SEED_RANDOM 20
413 #define PKCS11_F_PKCS11_GENERATE_RANDOM 21
414 #define PKCS11_F_PKCS11_CHANGE_PIN 22
415 #define PKCS11_F_PKCS11_GETATTR 40
417 #define PKCS11_ERR_BASE 1024
418 #define PKCS11_LOAD_MODULE_ERROR (PKCS11_ERR_BASE+1)
419 #define PKCS11_MODULE_LOADED_ERROR (PKCS11_ERR_BASE+2)
420 #define PKCS11_SYMBOL_NOT_FOUND_ERROR (PKCS11_ERR_BASE+3)
421 #define PKCS11_NOT_SUPPORTED (PKCS11_ERR_BASE+4)
422 #define PKCS11_NO_SESSION (PKCS11_ERR_BASE+5)
423 #define PKCS11_KEYGEN_FAILED (PKCS11_ERR_BASE+6)
void PKCS11_release_all_slots(PKCS11_CTX *ctx, PKCS11_SLOT *slots, unsigned int nslots)
Free the list of slots allocated by PKCS11_enumerate_slots()
void PKCS11_CTX_unload(PKCS11_CTX *ctx)
Unload a PKCS#11 module.
EVP_PKEY * PKCS11_get_private_key(PKCS11_KEY *key)
Returns a EVP_PKEY object for the private key.
int PKCS11_init_pin(PKCS11_TOKEN *token, const char *pin)
Initialize the user PIN on a token.
int PKCS11_CTX_load(PKCS11_CTX *ctx, const char *ident)
Load a PKCS#11 module.
unsigned char isPrivate
private key present?
int PKCS11_private_decrypt(int flen, const unsigned char *from, unsigned char *to, PKCS11_KEY *key, int padding)
Decrypts data using the private key.
int PKCS11_login(PKCS11_SLOT *slot, int so, const char *pin)
Authenticate to the card.
EVP_PKEY * evp_key
initially NULL, need to call PKCS11_load_key
PKCS11_TOKEN * token
NULL if no token present.
EVP_PKEY * PKCS11_get_public_key(PKCS11_KEY *key)
Returns a EVP_PKEY object with the public key.
struct PKCS11_cert_st PKCS11_CERT
PKCS11 certificate object.
unsigned long PKCS11_get_slotid_from_slot(PKCS11_SLOT *slotp)
Get the slot_id from a slot as it is stored in private.
PKCS11 token: smart card or USB key.
unsigned char needLogin
login to read private key?
PKCS11 key object (public or private)
void ERR_load_PKCS11_strings(void)
Load PKCS11 error strings.
int PKCS11_store_certificate(PKCS11_TOKEN *token, X509 *x509, char *label, unsigned char *id, size_t id_len, PKCS11_CERT **ret_cert)
Store certificate on a token.
int PKCS11_enumerate_slots(PKCS11_CTX *ctx, PKCS11_SLOT **slotsp, unsigned int *nslotsp)
Get a list of all slots.
int PKCS11_open_session(PKCS11_SLOT *slot, int rw)
Open a session in RO or RW mode.
struct PKCS11_ctx_st PKCS11_CTX
PKCS11 context.
PKCS11_CTX * PKCS11_CTX_new(void)
Create a new libp11 context.
int PKCS11_store_public_key(PKCS11_TOKEN *token, EVP_PKEY *pk, char *label, unsigned char *id, size_t id_len)
Store public key on a token.
PKCS11 slot: card reader.
int PKCS11_store_private_key(PKCS11_TOKEN *token, EVP_PKEY *pk, char *label, unsigned char *id, size_t id_len)
Store private key on a token.
struct PKCS11_slot_st PKCS11_SLOT
PKCS11 slot: card reader.
PKCS11_SLOT * PKCS11_find_token(PKCS11_CTX *ctx, PKCS11_SLOT *slots, unsigned int nslots)
Find the first slot with a token.
int PKCS11_logout(PKCS11_SLOT *slot)
De-authenticate from the card.
struct PKCS11_key_st PKCS11_KEY
PKCS11 key object (public or private)
int PKCS11_init_token(PKCS11_TOKEN *token, const char *pin, const char *label)
Initialize a token.
void PKCS11_CTX_free(PKCS11_CTX *ctx)
Free a libp11 context.
PKCS11 certificate object.
int PKCS11_generate_key(PKCS11_TOKEN *token, int algorithm, unsigned int bits, char *label, unsigned char *id, size_t id_len)
Generate and store a private key on the token.
int PKCS11_change_pin(PKCS11_SLOT *slot, const char *old_pin, const char *new_pin)
Change the user PIN on a token.
struct PKCS11_token_st PKCS11_TOKEN
PKCS11 token: smart card or USB key.
void PKCS11_CTX_init_args(PKCS11_CTX *ctx, const char *init_args)
Specify any private PKCS#11 module initializtion args, if necessary.