libp11.h

Go to the documentation of this file.
00001 /* libp11, a simple layer on to of PKCS#11 API
00002  * Copyright (C) 2005 Olaf Kirch <okir@lst.de>
00003  *
00004  *  This library is free software; you can redistribute it and/or
00005  *  modify it under the terms of the GNU Lesser General Public
00006  *  License as published by the Free Software Foundation; either
00007  *  version 2.1 of the License, or (at your option) any later version.
00008  *
00009  *  This library is distributed in the hope that it will be useful,
00010  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
00011  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
00012  *  Lesser General Public License for more details.
00013  *
00014  *  You should have received a copy of the GNU Lesser General Public
00015  *  License along with this library; if not, write to the Free Software
00016  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
00017  */
00018 
00024 #ifndef _LIB11_H
00025 #define _LIB11_H
00026 
00027 #include <openssl/bio.h>
00028 #include <openssl/err.h>
00029 #include <openssl/x509.h>
00030 
00031 #ifdef __cplusplus
00032 extern "C" {
00033 #endif
00034 
00035 /* get some structures for local code to handle pkcs11 data readily */
00036 #define ERR_LIB_PKCS11  ERR_LIB_USER
00037 
00038 #define PKCS11err(f,r) \
00039 ERR_PUT_error(ERR_LIB_PKCS11,(f),(r),__FILE__,__LINE__)
00040 
00041 /*
00042  * The purpose of this library is to provide a simple PKCS11
00043  * interface to OpenSSL application that wish to use a previously
00044  * initialized card (as opposed to initializing it, etc).
00045  *
00046  * I am therefore making some simplifying assumptions:
00047  *
00048  *  -   no support for any operations that alter the card,
00049  *      i.e. readonly-login
00050  */
00051 
00053 typedef struct PKCS11_key_st {
00054         char *label;
00055         unsigned char *id;
00056         int id_len;
00057         unsigned char isPrivate;        
00058         unsigned char needLogin;        
00059         EVP_PKEY *evp_key;              
00060         void *_private;
00061 } PKCS11_KEY;
00062 
00064 typedef struct PKCS11_cert_st {
00065         char *label;
00066         unsigned char *id;
00067         int id_len;
00068         X509 *x509;
00069         void *_private;
00070 } PKCS11_CERT;
00071 
00073 typedef struct PKCS11_token_st {
00074         char *label;
00075         char *manufacturer;
00076         char *model;
00077         char *serialnr;
00078         unsigned char initialized;
00079         unsigned char loginRequired;
00080         unsigned char secureLogin;
00081         unsigned char userPinSet;
00082         unsigned char readOnly;
00083         void *_private;
00084 } PKCS11_TOKEN;
00085 
00087 typedef struct PKCS11_slot_st {
00088         char *manufacturer;
00089         char *description;
00090         unsigned char removable;
00091         PKCS11_TOKEN *token;    
00092         void *_private;
00093 } PKCS11_SLOT;
00094 
00096 typedef struct PKCS11_ctx_st {
00097         char *manufacturer;
00098         char *description;
00099         void *_private;
00100 } PKCS11_CTX;
00101 
00108 extern PKCS11_CTX *PKCS11_CTX_new(void);
00109 
00118 extern int PKCS11_CTX_load(PKCS11_CTX * ctx, const char * ident);
00119 
00125 extern void PKCS11_CTX_unload(PKCS11_CTX * ctx);
00126 
00132 extern void PKCS11_CTX_free(PKCS11_CTX * ctx);
00133 
00141 extern int PKCS11_open_session(PKCS11_SLOT * slot, int rw);
00142 
00152 extern int PKCS11_enumerate_slots(PKCS11_CTX * ctx,
00153                         PKCS11_SLOT **slotsp, unsigned int *nslotsp);
00154 
00162 extern void PKCS11_release_all_slots(PKCS11_CTX * ctx,
00163                         PKCS11_SLOT *slots, unsigned int nslots);
00164 
00174 PKCS11_SLOT *PKCS11_find_token(PKCS11_CTX * ctx, 
00175                         PKCS11_SLOT *slots, unsigned int nslots);
00176 
00186 extern int PKCS11_login(PKCS11_SLOT * slot, int so, const char *pin);
00187 
00195 extern int PKCS11_logout(PKCS11_SLOT * slot);
00196 
00197 /* Get a list of all keys associated with this token */
00198 extern int PKCS11_enumerate_keys(PKCS11_TOKEN *, PKCS11_KEY **, unsigned int *);
00199 
00200 /* Get the key type (as EVP_PKEY_XXX) */
00201 extern int PKCS11_get_key_type(PKCS11_KEY *);
00202 
00203 /* Get size of key modulus in number of bytes */
00204 extern int PKCS11_get_key_size(const PKCS11_KEY *);
00205 /* Get actual modules and public exponent as BIGNUM */
00206 extern int PKCS11_get_key_modulus(PKCS11_KEY *, BIGNUM **);
00207 extern int PKCS11_get_key_exponent(PKCS11_KEY *, BIGNUM **);
00208 
00209 /* Get the enveloped private key */
00219 extern EVP_PKEY *PKCS11_get_private_key(PKCS11_KEY *key);
00229 extern EVP_PKEY *PKCS11_get_public_key(PKCS11_KEY *key);
00230 
00231 /* Find the corresponding certificate (if any) */
00232 extern PKCS11_CERT *PKCS11_find_certificate(PKCS11_KEY *);
00233 
00234 /* Find the corresponding key (if any) */
00235 extern PKCS11_KEY *PKCS11_find_key(PKCS11_CERT *);
00236 
00237 /* Get a list of all certificates associated with this token */
00238 extern int PKCS11_enumerate_certs(PKCS11_TOKEN *, PKCS11_CERT **, unsigned int *);
00239 
00249 extern int PKCS11_init_token(PKCS11_TOKEN * token, const char *pin,
00250         const char *label);
00251 
00260 extern int PKCS11_init_pin(PKCS11_TOKEN * token, const char *pin);
00261 
00271 extern int PKCS11_change_pin(PKCS11_SLOT * slot, const char *old_pin,
00272         const char *new_pin);
00273 
00287 extern int PKCS11_generate_key(PKCS11_TOKEN * token, int algorithm, unsigned int bits, char *label, unsigned char* id, unsigned int id_len);
00288 
00289 /* 
00290  * Store private key on a token
00291  *
00292  * @param token token returned by PKCS11_find_token()
00293  * @param pk private key
00294  * @param label label for this key
00295  * @param id bytes to use as id value
00296  * @param id_len length of id value.
00297  * @retval 0 success
00298  * @retval -1 error
00299  */
00300 extern int PKCS11_store_private_key(PKCS11_TOKEN * token, EVP_PKEY * pk, char *label, unsigned char *id, unsigned int id_len);
00301 
00302 /*
00303  * Store public key on a token
00304  *
00305  * @param token token returned by PKCS11_find_token()
00306  * @param pk private key
00307  * @param label label for this key
00308  * @param id bytes to use as id value
00309  * @param id_len length of id value.
00310  * @retval 0 success
00311  * @retval -1 error
00312  */
00313 extern int PKCS11_store_public_key(PKCS11_TOKEN * token, EVP_PKEY * pk, char *label, unsigned char *id, unsigned int id_len);
00314 
00315 /*
00316  * Store certificate on a token
00317  *
00318  * @param token token returned by PKCS11_find_token()
00319  * @param x509 x509 certificate object
00320  * @param label label for this certificate
00321  * @param id bytes to use as id value
00322  * @param id_len length of id value.
00323  * @param ret_cert put new PKCS11_CERT object here
00324  * @retval 0 success
00325  * @retval -1 error
00326  */
00327 extern int PKCS11_store_certificate(PKCS11_TOKEN * token, X509 * x509,
00328                 char *label, unsigned char *id, unsigned int id_len,
00329                 PKCS11_CERT **ret_cert);
00330 
00331 /* rsa private key operations */
00332 extern int PKCS11_sign(int type, const unsigned char *m, unsigned int m_len,
00333         unsigned char *sigret, unsigned int *siglen, const PKCS11_KEY * key);
00334 extern int PKCS11_private_encrypt(int flen, const unsigned char *from,
00335         unsigned char *to, const PKCS11_KEY * rsa, int padding);
00346 extern int PKCS11_private_decrypt(int flen, const unsigned char *from,
00347         unsigned char *to, PKCS11_KEY * key, int padding);
00348 extern int PKCS11_verify(int type, const unsigned char *m, unsigned int m_len,
00349         unsigned char *signature, unsigned int siglen, PKCS11_KEY * key);
00350 
00351 /* access random number generator */
00352 extern int PKCS11_seed_random(PKCS11_SLOT *, const unsigned char *s, unsigned int s_len);
00353 extern int PKCS11_generate_random(PKCS11_SLOT *, unsigned char *r, unsigned int r_len);
00354 
00355 /* using with openssl method mechanism */
00356 RSA_METHOD *PKCS11_get_rsa_method(void);
00357 
00364 extern void ERR_load_PKCS11_strings(void);
00365 
00366 /*
00367  * Function and reason codes
00368  */
00369 #define PKCS11_F_PKCS11_CTX_LOAD                1
00370 #define PKCS11_F_PKCS11_ENUM_SLOTS              2
00371 #define PKCS11_F_PKCS11_CHECK_TOKEN             3
00372 #define PKCS11_F_PKCS11_OPEN_SESSION            4
00373 #define PKCS11_F_PKCS11_LOGIN                   5
00374 #define PKCS11_F_PKCS11_ENUM_KEYS               6
00375 #define PKCS11_F_PKCS11_GET_KEY                 7
00376 #define PKCS11_F_PKCS11_RSA_DECRYPT             8
00377 #define PKCS11_F_PKCS11_RSA_ENCRYPT             9
00378 #define PKCS11_F_PKCS11_RSA_SIGN                10
00379 #define PKCS11_F_PKCS11_RSA_VERIFY              11
00380 #define PKCS11_F_PKCS11_ENUM_CERTS              12
00381 #define PKCS11_F_PKCS11_INIT_TOKEN              13
00382 #define PKCS11_F_PKCS11_INIT_PIN                14
00383 #define PKCS11_F_PKCS11_LOGOUT                  15
00384 #define PKCS11_F_PKCS11_STORE_PRIVATE_KEY       16
00385 #define PKCS11_F_PKCS11_GENERATE_KEY            17
00386 #define PKCS11_F_PKCS11_STORE_PUBLIC_KEY        18
00387 #define PKCS11_F_PKCS11_STORE_CERTIFICATE       19
00388 #define PKCS11_F_PKCS11_SEED_RANDOM             20
00389 #define PKCS11_F_PKCS11_GENERATE_RANDOM         21
00390 #define PKCS11_F_PKCS11_CHANGE_PIN              22
00391 #define PKCS11_F_PKCS11_GETATTR                 40
00392 
00393 #define PKCS11_ERR_BASE                         1024
00394 #define PKCS11_LOAD_MODULE_ERROR                (PKCS11_ERR_BASE+1)
00395 #define PKCS11_MODULE_LOADED_ERROR              (PKCS11_ERR_BASE+2)
00396 #define PKCS11_SYMBOL_NOT_FOUND_ERROR           (PKCS11_ERR_BASE+3)
00397 #define PKCS11_NOT_SUPPORTED                    (PKCS11_ERR_BASE+4)
00398 #define PKCS11_NO_SESSION                       (PKCS11_ERR_BASE+5)
00399 #define PKCS11_KEYGEN_FAILED                    (PKCS11_ERR_BASE+6)
00400 
00401 #ifdef __cplusplus
00402 }
00403 #endif
00404 #endif

Generated on Mon Jul 16 10:56:45 2007 for libp11 by  doxygen 1.5.1