00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00024 #ifndef _LIB11_H
00025 #define _LIB11_H
00026
00027 #include <openssl/bio.h>
00028 #include <openssl/err.h>
00029 #include <openssl/x509.h>
00030
00031 #ifdef __cplusplus
00032 extern "C" {
00033 #endif
00034
00035
00036 #define ERR_LIB_PKCS11 ERR_LIB_USER
00037
00038 #define PKCS11err(f,r) \
00039 ERR_PUT_error(ERR_LIB_PKCS11,(f),(r),__FILE__,__LINE__)
00040
00041
00042
00043
00044
00045
00046
00047
00048
00049
00050
00051
00053 typedef struct PKCS11_key_st {
00054 char *label;
00055 unsigned char *id;
00056 int id_len;
00057 unsigned char isPrivate;
00058 unsigned char needLogin;
00059 EVP_PKEY *evp_key;
00060 void *_private;
00061 } PKCS11_KEY;
00062
00064 typedef struct PKCS11_cert_st {
00065 char *label;
00066 unsigned char *id;
00067 int id_len;
00068 X509 *x509;
00069 void *_private;
00070 } PKCS11_CERT;
00071
00073 typedef struct PKCS11_token_st {
00074 char *label;
00075 char *manufacturer;
00076 char *model;
00077 char *serialnr;
00078 unsigned char initialized;
00079 unsigned char loginRequired;
00080 unsigned char secureLogin;
00081 unsigned char userPinSet;
00082 unsigned char readOnly;
00083 void *_private;
00084 } PKCS11_TOKEN;
00085
00087 typedef struct PKCS11_slot_st {
00088 char *manufacturer;
00089 char *description;
00090 unsigned char removable;
00091 PKCS11_TOKEN *token;
00092 void *_private;
00093 } PKCS11_SLOT;
00094
00096 typedef struct PKCS11_ctx_st {
00097 char *manufacturer;
00098 char *description;
00099 void *_private;
00100 } PKCS11_CTX;
00101
00108 extern PKCS11_CTX *PKCS11_CTX_new(void);
00109
00118 extern int PKCS11_CTX_load(PKCS11_CTX * ctx, const char * ident);
00119
00125 extern void PKCS11_CTX_unload(PKCS11_CTX * ctx);
00126
00132 extern void PKCS11_CTX_free(PKCS11_CTX * ctx);
00133
00141 extern int PKCS11_open_session(PKCS11_SLOT * slot, int rw);
00142
00152 extern int PKCS11_enumerate_slots(PKCS11_CTX * ctx,
00153 PKCS11_SLOT **slotsp, unsigned int *nslotsp);
00154
00162 extern void PKCS11_release_all_slots(PKCS11_CTX * ctx,
00163 PKCS11_SLOT *slots, unsigned int nslots);
00164
00174 PKCS11_SLOT *PKCS11_find_token(PKCS11_CTX * ctx,
00175 PKCS11_SLOT *slots, unsigned int nslots);
00176
00186 extern int PKCS11_login(PKCS11_SLOT * slot, int so, const char *pin);
00187
00195 extern int PKCS11_logout(PKCS11_SLOT * slot);
00196
00197
00198 extern int PKCS11_enumerate_keys(PKCS11_TOKEN *, PKCS11_KEY **, unsigned int *);
00199
00200
00201 extern int PKCS11_get_key_type(PKCS11_KEY *);
00202
00203
00204 extern int PKCS11_get_key_size(const PKCS11_KEY *);
00205
00206 extern int PKCS11_get_key_modulus(PKCS11_KEY *, BIGNUM **);
00207 extern int PKCS11_get_key_exponent(PKCS11_KEY *, BIGNUM **);
00208
00209
00219 extern EVP_PKEY *PKCS11_get_private_key(PKCS11_KEY *key);
00229 extern EVP_PKEY *PKCS11_get_public_key(PKCS11_KEY *key);
00230
00231
00232 extern PKCS11_CERT *PKCS11_find_certificate(PKCS11_KEY *);
00233
00234
00235 extern PKCS11_KEY *PKCS11_find_key(PKCS11_CERT *);
00236
00237
00238 extern int PKCS11_enumerate_certs(PKCS11_TOKEN *, PKCS11_CERT **, unsigned int *);
00239
00249 extern int PKCS11_init_token(PKCS11_TOKEN * token, const char *pin,
00250 const char *label);
00251
00260 extern int PKCS11_init_pin(PKCS11_TOKEN * token, const char *pin);
00261
00271 extern int PKCS11_change_pin(PKCS11_SLOT * slot, const char *old_pin,
00272 const char *new_pin);
00273
00287 extern int PKCS11_generate_key(PKCS11_TOKEN * token, int algorithm, unsigned int bits, char *label, unsigned char* id, unsigned int id_len);
00288
00289
00290
00291
00292
00293
00294
00295
00296
00297
00298
00299
00300 extern int PKCS11_store_private_key(PKCS11_TOKEN * token, EVP_PKEY * pk, char *label, unsigned char *id, unsigned int id_len);
00301
00302
00303
00304
00305
00306
00307
00308
00309
00310
00311
00312
00313 extern int PKCS11_store_public_key(PKCS11_TOKEN * token, EVP_PKEY * pk, char *label, unsigned char *id, unsigned int id_len);
00314
00315
00316
00317
00318
00319
00320
00321
00322
00323
00324
00325
00326
00327 extern int PKCS11_store_certificate(PKCS11_TOKEN * token, X509 * x509,
00328 char *label, unsigned char *id, unsigned int id_len,
00329 PKCS11_CERT **ret_cert);
00330
00331
00332 extern int PKCS11_sign(int type, const unsigned char *m, unsigned int m_len,
00333 unsigned char *sigret, unsigned int *siglen, const PKCS11_KEY * key);
00334 extern int PKCS11_private_encrypt(int flen, const unsigned char *from,
00335 unsigned char *to, const PKCS11_KEY * rsa, int padding);
00346 extern int PKCS11_private_decrypt(int flen, const unsigned char *from,
00347 unsigned char *to, PKCS11_KEY * key, int padding);
00348 extern int PKCS11_verify(int type, const unsigned char *m, unsigned int m_len,
00349 unsigned char *signature, unsigned int siglen, PKCS11_KEY * key);
00350
00351
00352 extern int PKCS11_seed_random(PKCS11_SLOT *, const unsigned char *s, unsigned int s_len);
00353 extern int PKCS11_generate_random(PKCS11_SLOT *, unsigned char *r, unsigned int r_len);
00354
00355
00356 RSA_METHOD *PKCS11_get_rsa_method(void);
00357
00364 extern void ERR_load_PKCS11_strings(void);
00365
00366
00367
00368
00369 #define PKCS11_F_PKCS11_CTX_LOAD 1
00370 #define PKCS11_F_PKCS11_ENUM_SLOTS 2
00371 #define PKCS11_F_PKCS11_CHECK_TOKEN 3
00372 #define PKCS11_F_PKCS11_OPEN_SESSION 4
00373 #define PKCS11_F_PKCS11_LOGIN 5
00374 #define PKCS11_F_PKCS11_ENUM_KEYS 6
00375 #define PKCS11_F_PKCS11_GET_KEY 7
00376 #define PKCS11_F_PKCS11_RSA_DECRYPT 8
00377 #define PKCS11_F_PKCS11_RSA_ENCRYPT 9
00378 #define PKCS11_F_PKCS11_RSA_SIGN 10
00379 #define PKCS11_F_PKCS11_RSA_VERIFY 11
00380 #define PKCS11_F_PKCS11_ENUM_CERTS 12
00381 #define PKCS11_F_PKCS11_INIT_TOKEN 13
00382 #define PKCS11_F_PKCS11_INIT_PIN 14
00383 #define PKCS11_F_PKCS11_LOGOUT 15
00384 #define PKCS11_F_PKCS11_STORE_PRIVATE_KEY 16
00385 #define PKCS11_F_PKCS11_GENERATE_KEY 17
00386 #define PKCS11_F_PKCS11_STORE_PUBLIC_KEY 18
00387 #define PKCS11_F_PKCS11_STORE_CERTIFICATE 19
00388 #define PKCS11_F_PKCS11_SEED_RANDOM 20
00389 #define PKCS11_F_PKCS11_GENERATE_RANDOM 21
00390 #define PKCS11_F_PKCS11_CHANGE_PIN 22
00391 #define PKCS11_F_PKCS11_GETATTR 40
00392
00393 #define PKCS11_ERR_BASE 1024
00394 #define PKCS11_LOAD_MODULE_ERROR (PKCS11_ERR_BASE+1)
00395 #define PKCS11_MODULE_LOADED_ERROR (PKCS11_ERR_BASE+2)
00396 #define PKCS11_SYMBOL_NOT_FOUND_ERROR (PKCS11_ERR_BASE+3)
00397 #define PKCS11_NOT_SUPPORTED (PKCS11_ERR_BASE+4)
00398 #define PKCS11_NO_SESSION (PKCS11_ERR_BASE+5)
00399 #define PKCS11_KEYGEN_FAILED (PKCS11_ERR_BASE+6)
00400
00401 #ifdef __cplusplus
00402 }
00403 #endif
00404 #endif