summaryrefslogtreecommitdiffstats
path: root/pkcs11-helper.h
diff options
context:
space:
mode:
authorjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2005-10-20 05:58:08 +0000
committerjames <james@e7ae566f-a301-0410-adde-c780ea21d3b5>2005-10-20 05:58:08 +0000
commit984cf0036c882c4fada83448aaa37bbd5ebb8130 (patch)
treed8a8d9f93c48326f2bb2295d95e19a4c830b3d62 /pkcs11-helper.h
parentf78687162b7593ba0ab4edba19cce370ad917e0a (diff)
downloadopenvpn-984cf0036c882c4fada83448aaa37bbd5ebb8130.tar.gz
openvpn-984cf0036c882c4fada83448aaa37bbd5ebb8130.tar.xz
openvpn-984cf0036c882c4fada83448aaa37bbd5ebb8130.zip
Merged with Alon's r688.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@689 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'pkcs11-helper.h')
-rw-r--r--pkcs11-helper.h252
1 files changed, 252 insertions, 0 deletions
diff --git a/pkcs11-helper.h b/pkcs11-helper.h
new file mode 100644
index 0000000..10a3a6f
--- /dev/null
+++ b/pkcs11-helper.h
@@ -0,0 +1,252 @@
+/*
+ * Copyright (c) 2005 Alon Bar-Lev <alon.barlev@gmail.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modifi-
+ * cation, are permitted provided that the following conditions are met:
+ *
+ * o Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * o Redistributions in binary form must reproduce the above copyright no-
+ * tice, this list of conditions and the following disclaimer in the do-
+ * cumentation and/or other materials provided with the distribution.
+ *
+ * o The names of the contributors may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LI-
+ * ABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUEN-
+ * TIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEV-
+ * ER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABI-
+ * LITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * The routines in this file deal with providing private key cryptography
+ * using RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki).
+ *
+ */
+
+#ifndef __PKCS11_HELPER_H
+#define __PKCS11_HELPER_H
+
+#include "pkcs11-helper-config.h"
+
+#define PKCS11H_MAX_ATTRIBUTE_SIZE (10*1024)
+
+typedef void (*pkcs11h_output_print_t)(
+ IN const void *pData,
+ IN const char * const szFormat,
+ IN ...
+);
+
+typedef bool (*pkcs11h_hook_card_prompt_t)(
+ IN const void *pData,
+ IN const char * const szLabel
+);
+
+typedef bool (*pkcs11h_hook_pin_prompt_t)(
+ IN const void *pData,
+ IN const char * const szLabel,
+ OUT char * const szPIN,
+ IN const size_t nMaxPIN
+);
+
+
+typedef struct pkcs11h_hooks_s {
+ void *card_prompt_data;
+ void *pin_prompt_data;
+ pkcs11h_hook_card_prompt_t card_prompt;
+ pkcs11h_hook_pin_prompt_t pin_prompt;
+} *pkcs11h_hooks_t;
+
+typedef struct pkcs11h_provider_s {
+ struct pkcs11h_provider_s *next;
+
+ bool fEnabled;
+ char *szName;
+
+#if defined(WIN32)
+ HANDLE hLibrary;
+#else
+ void *hLibrary;
+#endif
+ CK_FUNCTION_LIST_PTR f;
+ bool fShouldFinalize;
+ char *szSignMode;
+
+} *pkcs11h_provider_t;
+
+typedef struct pkcs11h_session_s {
+
+ pkcs11h_provider_t provider;
+
+ bool fProtectedAuthentication;
+
+ char szLabel[sizeof (((CK_TOKEN_INFO *)NULL)->label)+1];
+ CK_CHAR serialNumber[sizeof (((CK_TOKEN_INFO *)NULL)->serialNumber)];
+
+ unsigned char *certificate;
+ size_t certificate_size;
+ unsigned char *certificate_id;
+ size_t certificate_id_size;
+
+ CK_SLOT_ID slot;
+ bool fKeySignRecover;
+
+ CK_SESSION_HANDLE session;
+ CK_OBJECT_HANDLE key;
+
+ time_t timePINExpire;
+} *pkcs11h_session_t;
+
+typedef struct pkcs11h_data_s {
+ bool fInitialized;
+ int nPINCachePeriod;
+ pkcs11h_provider_t providers;
+ pkcs11h_hooks_t hooks;
+} *pkcs11h_data_t;
+
+typedef struct pkcs11h_openssl_session_s {
+ int nReferenceCount;
+ bool fInitialized;
+ bool fShouldPadSign;
+ X509 *x509;
+ RSA_METHOD smart_rsa;
+ int (*orig_finish)(RSA *rsa);
+ pkcs11h_session_t pkcs11h_session;
+} *pkcs11h_openssl_session_t;
+
+CK_RV
+pkcs11h_initialize ();
+
+CK_RV
+pkcs11h_terminate ();
+
+CK_RV
+pkcs11h_setCardPromptHook (
+ IN const pkcs11h_hook_card_prompt_t hook,
+ IN void * const pData
+);
+
+CK_RV
+pkcs11h_setPINPromptHook (
+ IN const pkcs11h_hook_pin_prompt_t hook,
+ IN void * const pData
+);
+
+CK_RV
+pkcs11h_setPINCachePeriod (
+ IN const int nPINCachePeriod
+);
+
+CK_RV
+pkcs11h_addProvider (
+ IN const char * const szProvider,
+ IN const char * const szSignMode
+);
+
+CK_RV
+pkcs11h_forkFixup ();
+
+CK_RV
+pkcs11h_createSession (
+ IN const char * const szSlotType,
+ IN const char * const szSlot,
+ IN const char * const szIdType,
+ IN const char * const szId,
+ IN const bool fProtectedAuthentication,
+ OUT pkcs11h_session_t * const pkcs11h_session
+);
+
+CK_RV
+pkcs11h_freeSession (
+ IN const pkcs11h_session_t pkcs11h_session
+);
+
+CK_RV
+pkcs11h_sign (
+ IN const pkcs11h_session_t pkcs11h_session,
+ IN const CK_MECHANISM_TYPE mech_type,
+ IN const unsigned char * const source,
+ IN const size_t source_size,
+ OUT unsigned char * const target,
+ IN OUT size_t * const target_size
+);
+
+CK_RV
+pkcs11h_signRecover (
+ IN const pkcs11h_session_t pkcs11h_session,
+ IN const CK_MECHANISM_TYPE mech_type,
+ IN const unsigned char * const source,
+ IN const size_t source_size,
+ OUT unsigned char * const target,
+ IN OUT size_t * const target_size
+);
+
+CK_RV
+pkcs11h_decrypt (
+ IN const pkcs11h_session_t pkcs11h_session,
+ IN const CK_MECHANISM_TYPE mech_type,
+ IN const unsigned char * const source,
+ IN const size_t source_size,
+ OUT unsigned char * const target,
+ IN OUT size_t * const target_size
+);
+
+CK_RV
+pkcs11h_getCertificate (
+ IN const pkcs11h_session_t pkcs11h_session,
+ OUT unsigned char * const certificate,
+ IN OUT size_t * const certificate_size
+);
+
+char *
+pkcs11h_getMessage (
+ IN const int rv
+);
+
+pkcs11h_openssl_session_t
+pkcs11h_openssl_createSession (
+ IN const bool fShouldPadSign
+);
+
+void
+pkcs11h_openssl_freeSession (
+ IN const pkcs11h_openssl_session_t pkcs11h_openssl_session
+);
+
+RSA *
+pkcs11h_openssl_getRSA (
+ IN const pkcs11h_openssl_session_t pkcs11h_openssl_session
+);
+
+X509 *
+pkcs11h_openssl_getX509 (
+ IN const pkcs11h_openssl_session_t pkcs11h_openssl_session
+);
+
+void
+pkcs11h_standalone_dump_slots (
+ IN const pkcs11h_output_print_t my_output,
+ IN const void *pData,
+ IN const char * const provider
+);
+
+void
+pkcs11h_standalone_dump_objects (
+ IN const pkcs11h_output_print_t my_output,
+ IN const void *pData,
+ IN const char * const provider,
+ IN const char * const slot,
+ IN const char * const pin
+);
+
+#endif
generated by cgit (git 2.34.1) at 2024-05-03 18:27:23 +0000