/* * Copyright (c) 2005-2006 Alon Bar-Lev * All rights reserved. * * This software is available to you under a choice of one of two * licenses. You may choose to be licensed under the terms of the GNU * General Public License (GPL) Version 2, or the OpenIB.org BSD license. * * GNU General Public License (GPL) Version 2 * =========================================== * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program (see the file COPYING[.GPL2] included with this * distribution); if not, write to the Free Software Foundation, Inc., * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * OpenIB.org BSD license * ======================= * Redistribution and use in source and binary forms, with or without modifi- * cation, are permitted provided that the following conditions are met: * * o Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * o Redistributions in binary form must reproduce the above copyright no- * tice, this list of conditions and the following disclaimer in the do- * cumentation and/or other materials provided with the distribution. * * o The names of the contributors may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LI- * ABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUEN- * TIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEV- * ER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABI- * LITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /* * The routines in this file deal with providing private key cryptography * using RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki). * */ #ifndef __PKCS11H_HELPER_H #define __PKCS11H_HELPER_H #if defined(__cplusplus) extern "C" { #endif #include "pkcs11-helper-config.h" #if defined(ENABLE_PKCS11H_SLOTEVENT) && !defined(ENABLE_PKCS11H_THREADING) #error PKCS#11: ENABLE_PKCS11H_SLOTEVENT requires ENABLE_PKCS11H_THREADING #endif #if defined(ENABLE_PKCS11H_OPENSSL) && !defined(ENABLE_PKCS11H_CERTIFICATE) #error PKCS#11: ENABLE_PKCS11H_OPENSSL requires ENABLE_PKCS11H_CERTIFICATE #endif #define PKCS11H_LOG_DEBUG2 5 #define PKCS11H_LOG_DEBUG1 4 #define PKCS11H_LOG_INFO 3 #define PKCS11H_LOG_WARN 2 #define PKCS11H_LOG_ERROR 1 #define PKCS11H_LOG_QUITE 0 #define PKCS11H_PIN_CACHE_INFINITE -1 #define PKCS11H_SIGNMODE_MASK_SIGN (1<<0) #define PKCS11H_SIGNMODE_MASK_RECOVER (1<<1) #define PKCS11H_PROMPT_MASK_ALLOW_PIN_PROMPT (1<<0) #define PKCS11H_PROMPT_MAST_ALLOW_CARD_PROMPT (1<<1) #define PKCS11H_SLOTEVENT_METHOD_AUTO 0 #define PKCS11H_SLOTEVENT_METHOD_TRIGGER 1 #define PKCS11H_SLOTEVENT_METHOD_POLL 2 #define PKCS11H_ENUM_METHOD_CACHE 0 #define PKCS11H_ENUM_METHOD_CACHE_EXIST 1 #define PKCS11H_ENUM_METHOD_RELOAD 2 typedef void (*pkcs11h_output_print_t)( IN const void *pData, IN const char * const szFormat, IN ... ) #if __GNUC__ > 2 __attribute__ ((format (printf, 2, 3))) #endif ; struct pkcs11h_token_id_s; typedef struct pkcs11h_token_id_s *pkcs11h_token_id_t; #if defined(ENABLE_PKCS11H_CERTIFICATE) struct pkcs11h_certificate_id_s; struct pkcs11h_certificate_s; typedef struct pkcs11h_certificate_id_s *pkcs11h_certificate_id_t; typedef struct pkcs11h_certificate_s *pkcs11h_certificate_t; #endif /* ENABLE_PKCS11H_CERTIFICATE */ #if defined(ENABLE_PKCS11H_ENUM) struct pkcs11h_token_id_list_s; typedef struct pkcs11h_token_id_list_s *pkcs11h_token_id_list_t; #if defined(ENABLE_PKCS11H_DATA) struct pkcs11h_data_id_list_s; typedef struct pkcs11h_data_id_list_s *pkcs11h_data_id_list_t; #endif /* ENABLE_PKCS11H_DATA */ #if defined(ENABLE_PKCS11H_CERTIFICATE) struct pkcs11h_certificate_id_list_s; typedef struct pkcs11h_certificate_id_list_s *pkcs11h_certificate_id_list_t; #endif /* ENABLE_PKCS11H_CERTIFICATE */ #endif /* ENABLE_PKCS11H_ENUM */ typedef void (*pkcs11h_hook_log_t)( IN const void *pData, IN const unsigned flags, IN const char * const szFormat, IN va_list args ); typedef void (*pkcs11h_hook_slotevent_t)( IN const void *pData ); typedef PKCS11H_BOOL (*pkcs11h_hook_token_prompt_t)( IN const void *pData, IN const pkcs11h_token_id_t token, IN const unsigned retry ); typedef PKCS11H_BOOL (*pkcs11h_hook_pin_prompt_t)( IN const void *pData, IN const pkcs11h_token_id_t token, IN const unsigned retry, OUT char * const szPIN, IN const size_t nMaxPIN ); struct pkcs11h_token_id_s { char label[1024]; char manufacturerID[sizeof (((CK_TOKEN_INFO *)NULL)->manufacturerID)+1]; char model[sizeof (((CK_TOKEN_INFO *)NULL)->model)+1]; char serialNumber[sizeof (((CK_TOKEN_INFO *)NULL)->serialNumber)+1]; }; #if defined(ENABLE_PKCS11H_CERTIFICATE) struct pkcs11h_certificate_id_s { pkcs11h_token_id_t token_id; char displayName[1024]; CK_BYTE_PTR attrCKA_ID; size_t attrCKA_ID_size; unsigned char *certificate_blob; size_t certificate_blob_size; }; #endif #if defined(ENABLE_PKCS11H_ENUM) struct pkcs11h_token_id_list_s { pkcs11h_token_id_list_t next; pkcs11h_token_id_t token_id; }; #if defined(ENABLE_PKCS11H_DATA) struct pkcs11h_data_id_list_s { pkcs11h_data_id_list_t next; char *application; char *label; }; #endif /* ENABLE_PKCS11H_DATA */ #if defined(ENABLE_PKCS11H_CERTIFICATE) struct pkcs11h_certificate_id_list_s { pkcs11h_certificate_id_list_t next; pkcs11h_certificate_id_t certificate_id; }; #endif /* ENABLE_PKCS11H_CERTIFICATE */ #endif /* ENABLE_PKCS11H_CERTIFICATE */ #if defined(ENABLE_PKCS11H_OPENSSL) struct pkcs11h_openssl_session_s; typedef struct pkcs11h_openssl_session_s *pkcs11h_openssl_session_t; #endif /* ENABLE_PKCS11H_OPENSSL */ /* * pkcs11h_getMessage - Get message by return value. * * Parameters: * rv - Return value. */ char * pkcs11h_getMessage ( IN const int rv ); /* * pkcs11h_initialize - Inititalize helper interface. * * Must be called once, from main thread. * Defaults: * Protected authentication enabled. * PIN cached is infinite. */ CK_RV pkcs11h_initialize (); /* * pkcs11h_terminate - Terminate helper interface. * * Must be called once, from main thread, after all * related resources freed. */ CK_RV pkcs11h_terminate (); /* * pkcs11h_setLogLevel - Set current log level of the helper. * * Parameters: * flags - current log level. * * The log level can be set to maximum, but setting it to lower * level will improve performance. */ void pkcs11h_setLogLevel ( IN const unsigned flags ); /* * pkcs11h_getLogLevel - Get current log level. */ unsigned pkcs11h_getLogLevel (); /* * pkcs11h_setLogHook - Set a log callback. * * Parameters: * hook - Callback. * pData - Data to send to callback. */ CK_RV pkcs11h_setLogHook ( IN const pkcs11h_hook_log_t hook, IN void * const pData ); /* * pkcs11h_setSlotEventHook - Set a slot event callback. * * Parameters: * hook - Callback. * pData - Data to send to callback. * * Calling this function initialize slot event notifications, these * notifications can be started, but never terminate due to PKCS#11 limitation. * * In order to use slot events you must have threading enabled. */ CK_RV pkcs11h_setSlotEventHook ( IN const pkcs11h_hook_slotevent_t hook, IN void * const pData ); /* * pkcs11h_setTokenPromptHook - Set a token prompt callback. * * Parameters: * hook - Callback. * pData - Data to send to callback. */ CK_RV pkcs11h_setTokenPromptHook ( IN const pkcs11h_hook_token_prompt_t hook, IN void * const pData ); /* * pkcs11h_setPINPromptHook - Set a pin prompt callback. * * Parameters: * hook - Callback. * pData - Data to send to callback. */ CK_RV pkcs11h_setPINPromptHook ( IN const pkcs11h_hook_pin_prompt_t hook, IN void * const pData ); /* * pkcs11h_setProtectedAuthentication - Set global protected authentication mode. * * Parameters: * fProtectedAuthentication - Allow protected authentication if enabled by token. */ CK_RV pkcs11h_setProtectedAuthentication ( IN const PKCS11H_BOOL fProtectedAuthentication ); /* * pkcs11h_setPINCachePeriod - Set global PIN cache timeout. * * Parameters: * nPINCachePeriod - Cache period in seconds, or PKCS11H_PIN_CACHE_INFINITE. */ CK_RV pkcs11h_setPINCachePeriod ( IN const int nPINCachePeriod ); /* * pkcs11h_setMaxLoginRetries - Set global login retries attempts. * * Parameters: * nMaxLoginRetries - Login retries handled by the helper. */ CK_RV pkcs11h_setMaxLoginRetries ( IN const unsigned nMaxLoginRetries ); /* * pkcs11h_addProvider - Add a PKCS#11 provider. * * Parameters: * szReferenceName - Reference name for this provider. * szProvider - Provider library location. * fProtectedAuthentication - Allow this provider to use protected authentication. * maskSignMode - Provider signmode override. * nSlotEventMethod - Provider slot event method. * nSlotEventPollInterval - Slot event poll interval (If in polling mode). * fCertIsPrivate - Provider's certificate access should be done after login. * * This function must be called from the main thread. * * The global fProtectedAuthentication must be enabled in order to allow provider specific. * The maskSignMode can be 0 in order to automatically detect key sign mode. */ CK_RV pkcs11h_addProvider ( IN const char * const szReferenceName, IN const char * const szProvider, IN const PKCS11H_BOOL fProtectedAuthentication, IN const unsigned maskSignMode, IN const int nSlotEventMethod, IN const int nSlotEventPollInterval, IN const PKCS11H_BOOL fCertIsPrivate ); /* * pkcs11h_delProvider - Delete a PKCS#11 provider. * * Parameters: * szReferenceName - Reference name for this provider. * * This function must be called from the main thread. */ CK_RV pkcs11h_removeProvider ( IN const char * const szReferenceName ); /* * pkcs11h_forkFixup - Handle special case of Unix fork() * * This function should be called after fork is called. This is required * due to a limitation of the PKCS#11 standard. * * This function must be called from the main thread. * * The helper library handles fork automatically if ENABLE_PKCS11H_THREADING * is set on configuration file, by use of pthread_atfork. */ CK_RV pkcs11h_forkFixup (); /* * pkcs11h_plugAndPlay - Handle slot rescan. * * This function must be called from the main thread. * * PKCS#11 providers do not allow plug&play, plug&play can be established by * finalizing all providers and initializing them again. * * The cost of this process is invalidating all sessions, and require user * login at the next access. */ CK_RV pkcs11h_plugAndPlay (); /* * pkcs11h_freeTokenId - Free token_id object. */ CK_RV pkcs11h_freeTokenId ( IN pkcs11h_token_id_t certificate_id ); /* * pkcs11h_duplicateTokenId - Duplicate token_id object. */ CK_RV pkcs11h_duplicateTokenId ( OUT pkcs11h_token_id_t * const to, IN const pkcs11h_token_id_t from ); /* * pkcs11h_sameTokenId - Returns TRUE if same token id */ PKCS11H_BOOL pkcs11h_sameTokenId ( IN const pkcs11h_token_id_t a, IN const pkcs11h_token_id_t b ); #if defined(ENABLE_PKCS11H_TOKEN) /* * pkcs11h_token_ensureAccess - Ensure token is accessible. * * Parameters: * token_id - Token id object. * maskPrompt - Allow prompt. */ CK_RV pkcs11h_token_ensureAccess ( IN const pkcs11h_token_id_t token_id, IN const unsigned maskPrompt ); #endif /* ENABLE_PKCS11H_TOKEN */ #if defined(ENABLE_PKCS11H_DATA) CK_RV pkcs11h_data_get ( IN const pkcs11h_token_id_t token_id, IN const PKCS11H_BOOL fPublic, IN const char * const szApplication, IN const char * const szLabel, OUT char * const blob, IN OUT size_t * const p_blob_size ); CK_RV pkcs11h_data_put ( IN const pkcs11h_token_id_t token_id, IN const PKCS11H_BOOL fPublic, IN const char * const szApplication, IN const char * const szLabel, OUT char * const blob, IN const size_t blob_size ); CK_RV pkcs11h_data_del ( IN const pkcs11h_token_id_t token_id, IN const PKCS11H_BOOL fPublic, IN const char * const szApplication, IN const char * const szLabel ); #endif /* ENABLE_PKCS11H_DATA */ #if defined(ENABLE_PKCS11H_CERTIFICATE) /*======================================================================* * CERTIFICATE INTERFACE *======================================================================*/ /* * pkcs11h_freeCertificateId - Free certificate_id object. */ CK_RV pkcs11h_freeCertificateId ( IN pkcs11h_certificate_id_t certificate_id ); /* * pkcs11h_duplicateCertificateId - Duplicate certificate_id object. */ CK_RV pkcs11h_duplicateCertificateId ( OUT pkcs11h_certificate_id_t * const to, IN const pkcs11h_certificate_id_t from ); /* * pkcs11h_freeCertificate - Free certificate object. */ CK_RV pkcs11h_freeCertificate ( IN pkcs11h_certificate_t certificate ); /* * pkcs11h_certificate_create - Create a certificate object out of certificate_id. * * Parameters: * certificate_id - Certificate id object to be based on. * nPINCachePeriod - Session specific cache period. * p_certificate - Receives certificate object. * * The certificate id object may not specify the full certificate. * The certificate object must be freed by caller. */ CK_RV pkcs11h_certificate_create ( IN const pkcs11h_certificate_id_t certificate_id, IN const int nPINCachePeriod, OUT pkcs11h_certificate_t * const p_certificate ); /* * pkcs11h_certificate_getCertificateId - Get certifiate id object out of a certifiate * * Parameters: * certificate - Certificate object. * p_certificate_id - Certificate id object pointer. * * The certificate id must be freed by caller. */ CK_RV pkcs11h_certificate_getCertificateId ( IN const pkcs11h_certificate_t certificate, OUT pkcs11h_certificate_id_t * const p_certificate_id ); /* * pkcs11h_certificate_getCertificateBlob - Get the certificate blob out of the certificate object. * * ParametersL * certificate - Certificate object. * certificate_blob - Buffer. * certificate_blob_size - Buffer size. * * Buffer may be NULL in order to get size. */ CK_RV pkcs11h_certificate_getCertificateBlob ( IN const pkcs11h_certificate_t certificate, OUT unsigned char * const certificate_blob, IN OUT size_t * const p_certificate_blob_size ); /* * pkcs11h_certificate_ensureCertificateAccess - Ensure certificate is accessible. * * Parameters: * certificate - Certificate object. * maskPrompt - Allow prompt. */ CK_RV pkcs11h_certificate_ensureCertificateAccess ( IN const pkcs11h_certificate_t certificate, IN const unsigned maskPrompt ); /* * pkcs11h_certificate_ensureKeyAccess - Ensure key is accessible. * * Parameters: * certificate - Certificate object. * maskPrompt - Allow prompt. */ CK_RV pkcs11h_certificate_ensureKeyAccess ( IN const pkcs11h_certificate_t certificate, IN const unsigned maskPrompt ); /* * pkcs11h_certificate_sign - Sign data. * * Parameters: * certificate - Certificate object. * mech_type - PKCS#11 mechanism. * source - Buffer to sign. * source_size - Buffer size. * target - Target buffer, can be NULL to get size. * target_size - Target buffer size. */ CK_RV pkcs11h_certificate_sign ( IN const pkcs11h_certificate_t certificate, IN const CK_MECHANISM_TYPE mech_type, IN const unsigned char * const source, IN const size_t source_size, OUT unsigned char * const target, IN OUT size_t * const p_target_size ); /* * pkcs11h_certificate_signRecover - Sign data. * * Parameters: * certificate - Certificate object. * mech_type - PKCS#11 mechanism. * source - Buffer to sign. * source_size - Buffer size. * target - Target buffer, can be NULL to get size. * target_size - Target buffer size. */ CK_RV pkcs11h_certificate_signRecover ( IN const pkcs11h_certificate_t certificate, IN const CK_MECHANISM_TYPE mech_type, IN const unsigned char * const source, IN const size_t source_size, OUT unsigned char * const target, IN OUT size_t * const p_target_size ); /* * pkcs11h_certificate_signAny - Sign data mechanism determined by key attributes. * * Parameters: * certificate - Certificate object. * mech_type - PKCS#11 mechanism. * source - Buffer to sign. * source_size - Buffer size. * target - Target buffer, can be NULL to get size. * target_size - Target buffer size. */ CK_RV pkcs11h_certificate_signAny ( IN const pkcs11h_certificate_t certificate, IN const CK_MECHANISM_TYPE mech_type, IN const unsigned char * const source, IN const size_t source_size, OUT unsigned char * const target, IN OUT size_t * const p_target_size ); /* * pkcs11h_certificate_decrypt - Decrypt data. * * Parameters: * certificate - Certificate object. * mech_type - PKCS#11 mechanism. * source - Buffer to sign. * source_size - Buffer size. * target - Target buffer, can be NULL to get size. * target_size - Target buffer size. */ CK_RV pkcs11h_certificate_decrypt ( IN const pkcs11h_certificate_t certificate, IN const CK_MECHANISM_TYPE mech_type, IN const unsigned char * const source, IN const size_t source_size, OUT unsigned char * const target, IN OUT size_t * const p_target_size ); #endif /* ENABLE_PKCS11H_CERTIFICATE */ #if defined(ENABLE_PKCS11H_LOCATE) /*======================================================================* * LOCATE INTERFACE *======================================================================*/ #if defined(ENABLE_PKCS11H_TOKEN) || defined(ENABLE_PKCS11H_CERTIFICATE) /* * pkcs11h_locate_token - Locate token based on atributes. * * Parameters: * szSlotType - How to locate slot. * szSlot - Slot name. * p_token_id - Token object. * * Slot: * id - Slot number. * name - Slot name. * label - Available token label. * * Caller must free token id. */ CK_RV pkcs11h_locate_token ( IN const char * const szSlotType, IN const char * const szSlot, OUT pkcs11h_token_id_t * const p_token_id ); #endif /* ENABLE_PKCS11H_TOKEN || ENABLE_PKCS11H_CERTIFICATE */ #if defined(ENABLE_PKCS11H_CERTIFICATE) /* * pkcs11h_locate_certificate - Locate certificate based on atributes. * * Parameters: * szSlotType - How to locate slot. * szSlot - Slot name. * szIdType - How to locate object. * szId - Object name. * p_certificate_id - Certificate object. * * Slot: * Same as pkcs11h_locate_token. * * Object: * id - Certificate CKA_ID (hex string) (Fastest). * label - Certificate CKA_LABEL (string). * subject - Certificate subject (OpenSSL DN). * * Caller must free certificate id. */ CK_RV pkcs11h_locate_certificate ( IN const char * const szSlotType, IN const char * const szSlot, IN const char * const szIdType, IN const char * const szId, OUT pkcs11h_certificate_id_t * const p_certificate_id ); #endif /* ENABLE_PKCS11H_CERTIFICATE */ #endif /* ENABLE_PKCS11H_LOCATE */ #if defined(ENABLE_PKCS11H_ENUM) /*======================================================================* * ENUM INTERFACE *======================================================================*/ #if defined(ENABLE_PKCS11H_TOKEN) /* * pkcs11h_freeCertificateIdList - Free certificate_id list. */ CK_RV pkcs11h_freeTokenIdList ( IN const pkcs11h_token_id_list_t token_id_list ); /* * pkcs11h_enum_getTokenIds - Enumerate available tokens * * Parameters: * p_token_id_list - A list of token ids. * * Caller must free the list. */ CK_RV pkcs11h_enum_getTokenIds ( IN const int method, OUT pkcs11h_token_id_list_t * const p_token_id_list ); #endif /* ENABLE_PKCS11H_TOKEN */ #if defined(ENABLE_PKCS11H_DATA) CK_RV pkcs11h_freeDataIdList ( IN const pkcs11h_data_id_list_t data_id_list ); CK_RV pkcs11h_enumDataObjects ( IN const pkcs11h_token_id_t token_id, IN const PKCS11H_BOOL fPublic, OUT pkcs11h_data_id_list_t * const p_data_id_list ); #endif /* ENABLE_PKCS11H_DATA */ #if defined(ENABLE_PKCS11H_CERTIFICATE) /* * pkcs11h_freeCertificateIdList - Free certificate_id list. */ CK_RV pkcs11h_freeCertificateIdList ( IN const pkcs11h_certificate_id_list_t cert_id_list ); /* * pkcs11h_enum_getTokenCertificateIds - Enumerate available certificates on specific token * * Parameters: * token_id - Token id to enum. * method - How to fetch certificates. * p_cert_id_issuers_list - Receives issues list, can be NULL. * p_cert_id_end_list - Receives end certificates list. * * This function will likely take long time. * * Method can be one of the following: * PKCS11H_ENUM_METHOD_CACHE * Return available certificates, even if token was once detected and * was removed. * PKCS11H_ENUM_METHOD_CACHE_EXIST * Return available certificates for available tokens only, don't * read the contents of the token if already read, even if this token * removed and inserted. * PKCS11H_ENUM_METHOD_RELOAD * Clear all caches and then enum. * * Caller must free the lists. */ CK_RV pkcs11h_enum_getTokenCertificateIds ( IN const pkcs11h_token_id_t token_id, IN const int method, OUT pkcs11h_certificate_id_list_t * const p_cert_id_issuers_list, OUT pkcs11h_certificate_id_list_t * const p_cert_id_end_list ); /* * pkcs11h_enum_getCertificateIds - Enumerate available certificates. * * Parameters: * method - How to fetch certificates. * p_cert_id_issuers_list - Receives issues list, can be NULL. * p_cert_id_end_list - Receives end certificates list. * * This function will likely take long time. * * Method can be one of the following: * PKCS11H_ENUM_METHOD_CACHE * Return available certificates, even if token was once detected and * was removed. * PKCS11H_ENUM_METHOD_CACHE_EXIST * Return available certificates for available tokens only, don't * read the contents of the token if already read, even if this token * removed and inserted. * PKCS11H_ENUM_METHOD_RELOAD * Clear all caches and then enum. * * Caller must free lists. */ CK_RV pkcs11h_enum_getCertificateIds ( IN const int method, OUT pkcs11h_certificate_id_list_t * const p_cert_id_issuers_list, OUT pkcs11h_certificate_id_list_t * const p_cert_id_end_list ); #endif /* ENABLE_PKCS11H_CERTIFICATE */ #endif /* ENABLE_PKCS11H_ENUM */ #if defined(ENABLE_PKCS11H_OPENSSL) /*======================================================================* * OPENSSL INTERFACE *======================================================================*/ /* * pkcs11h_openssl_createSession - Create OpenSSL session based on a certificate object. * * Parameters: * certificate - Certificate object. * * The certificate object will be freed by the OpenSSL interface on session end. */ pkcs11h_openssl_session_t pkcs11h_openssl_createSession ( IN const pkcs11h_certificate_t certificate ); /* * pkcs11h_openssl_freeSession - Free OpenSSL session. * * Parameters: * openssl_session - Session to free. * * The openssl_session object has a reference count just like other OpenSSL objects. */ void pkcs11h_openssl_freeSession ( IN const pkcs11h_openssl_session_t openssl_session ); /* * pkcs11h_openssl_getRSA - Returns an RSA object out of the openssl_session object. * * Parameters: * openssl_session - Session. */ RSA * pkcs11h_openssl_getRSA ( IN const pkcs11h_openssl_session_t openssl_session ); /* * pkcs11h_openssl_getX509 - Returns an X509 object out of the openssl_session object. * * Parameters: * openssl_session - Session. */ X509 * pkcs11h_openssl_getX509 ( IN const pkcs11h_openssl_session_t openssl_session ); #endif /* ENABLE_PKCS11H_OPENSSL */ #if defined(ENABLE_PKCS11H_STANDALONE) /*======================================================================* * STANDALONE INTERFACE *======================================================================*/ void pkcs11h_standalone_dump_slots ( IN const pkcs11h_output_print_t my_output, IN const void *pData, IN const char * const provider ); void pkcs11h_standalone_dump_objects ( IN const pkcs11h_output_print_t my_output, IN const void *pData, IN const char * const provider, IN const char * const slot, IN const char * const pin ); #endif /* ENABLE_PKCS11H_STANDALONE */ #ifdef __cplusplus } #endif #endif /* __PKCS11H_HELPER_H */