lib » isc » include » pk11

pk11.h

Go to the documentation of this file.
00001 /*
00002  * Copyright (C) 2014  Internet Systems Consortium, Inc. ("ISC")
00003  *
00004  * Permission to use, copy, modify, and/or distribute this software for any
00005  * purpose with or without fee is hereby granted, provided that the above
00006  * copyright notice and this permission notice appear in all copies.
00007  *
00008  * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
00009  * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
00010  * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
00011  * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
00012  * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
00013  * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
00014  * PERFORMANCE OF THIS SOFTWARE.
00015  */
00016 
00017 #ifndef PK11_PK11_H
00018 #define PK11_PK11_H 1
00019 
00020 /*! \file pk11/pk11.h */
00021 
00022 #include <isc/lang.h>
00023 #include <isc/magic.h>
00024 #include <isc/types.h>
00025 
00026 #define PK11_FATALCHECK(func, args) \
00027         ((void) (((rv = (func) args) == CKR_OK) || \
00028                  ((pk11_error_fatalcheck)(__FILE__, __LINE__, #func, rv), 0)))
00029 
00030 #include <pkcs11/cryptoki.h>
00031 
00032 ISC_LANG_BEGINDECLS
00033 
00034 #define SES_MAGIC       ISC_MAGIC('P','K','S','S')
00035 #define TOK_MAGIC       ISC_MAGIC('P','K','T','K')
00036 
00037 #define VALID_SES(x)    ISC_MAGIC_VALID(x, SES_MAGIC)
00038 #define VALID_TOK(x)    ISC_MAGIC_VALID(x, TOK_MAGIC)
00039 
00040 typedef struct pk11_context pk11_context_t;
00041 
00042 struct pk11_object {
00043         CK_OBJECT_HANDLE        object;
00044         CK_SLOT_ID              slot;
00045         CK_BBOOL                ontoken;
00046         CK_BBOOL                reqlogon;
00047         CK_BYTE                 attrcnt;
00048         CK_ATTRIBUTE            *repr;
00049 };
00050 
00051 struct pk11_context {
00052         void                    *handle;
00053         CK_SESSION_HANDLE       session;
00054         CK_BBOOL                ontoken;
00055         CK_OBJECT_HANDLE        object;
00056 #ifndef PKCS11CRYPTOWITHHMAC
00057         unsigned char           *key;
00058 #endif
00059 };
00060 
00061 typedef struct pk11_object pk11_object_t;
00062 
00063 typedef enum {
00064         OP_ANY = 0,
00065         OP_RAND = 1,
00066         OP_RSA = 2,
00067         OP_DSA = 3,
00068         OP_DH = 4,
00069         OP_DIGEST = 5,
00070         OP_EC = 6,
00071         OP_GOST = 7,
00072         OP_AES = 8,
00073         OP_MAX = 9
00074 } pk11_optype_t;
00075 
00076 /*%
00077  * Function prototypes
00078  */
00079 
00080 void pk11_set_lib_name(const char *lib_name);
00081 /*%<
00082  * Set the PKCS#11 provider (aka library) path/name.
00083  */
00084 
00085 isc_result_t pk11_initialize(isc_mem_t *mctx, const char *engine);
00086 /*%<
00087  * Initialize PKCS#11 device
00088  *
00089  * mctx:   memory context to attach to pk11_mctx.
00090  * engine: PKCS#11 provider (aka library) path/name.
00091  *
00092  * returns:
00093  *         ISC_R_SUCCESS
00094  *         PK11_R_NOPROVIDER: can't load the provider
00095  *         PK11_R_INITFAILED: C_Initialize() failed
00096  *         PK11_R_NORANDOMSERVICE: can't find required random service
00097  *         PK11_R_NODIGESTSERVICE: can't find required digest service
00098  *         PK11_R_NOAESSERVICE: can't find required AES service
00099  */
00100 
00101 isc_result_t pk11_get_session(pk11_context_t *ctx,
00102                               pk11_optype_t optype,
00103                               isc_boolean_t need_services,
00104                               isc_boolean_t rw,
00105                               isc_boolean_t logon,
00106                               const char *pin,
00107                               CK_SLOT_ID slot);
00108 /*%<
00109  * Initialize PKCS#11 device and acquire a session.
00110  *
00111  * need_services:
00112  *        if ISC_TRUE, this session requires full PKCS#11 API
00113  *        support including random and digest services, and
00114  *        the lack of these services will cause the session not
00115  *        to be initialized.  If ISC_FALSE, the function will return
00116  *        an error code indicating the missing service, but the
00117  *        session will be usable for other purposes.
00118  * rw:    if ISC_TRUE, session will be read/write (useful for
00119  *        generating or destroying keys); otherwise read-only.
00120  * login: indicates whether to log in to the device
00121  * pin:   optional PIN, overriding any PIN currently associated
00122  *        with the
00123  * slot:  device slot ID
00124  */
00125 
00126 void pk11_return_session(pk11_context_t *ctx);
00127 /*%<
00128  * Release an active PKCS#11 session for reuse.
00129  */
00130 
00131 isc_result_t pk11_finalize(void);
00132 /*%<
00133  * Shut down PKCS#11 device and free all sessions.
00134  */
00135 
00136 isc_result_t pk11_rand_bytes(unsigned char *buf, int num);
00137 
00138 void pk11_rand_seed_fromfile(const char *randomfile);
00139 
00140 isc_result_t pk11_parse_uri(pk11_object_t *obj, const char *label,
00141                             isc_mem_t *mctx, pk11_optype_t optype);
00142 
00143 ISC_PLATFORM_NORETURN_PRE void
00144 pk11_error_fatalcheck(const char *file, int line,
00145                       const char *funcname, CK_RV rv)
00146 ISC_PLATFORM_NORETURN_POST;
00147 
00148 void pk11_dump_tokens(void);
00149 
00150 CK_RV
00151 pkcs_C_Initialize(CK_VOID_PTR pReserved);
00152 
00153 CK_RV
00154 pkcs_C_Finalize(CK_VOID_PTR pReserved);
00155 
00156 CK_RV
00157 pkcs_C_GetSlotList(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList,
00158                    CK_ULONG_PTR pulCount);
00159 
00160 CK_RV
00161 pkcs_C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo);
00162 
00163 CK_RV
00164 pkcs_C_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type,
00165                         CK_MECHANISM_INFO_PTR pInfo);
00166 
00167 CK_RV
00168 pkcs_C_OpenSession(CK_SLOT_ID slotID, CK_FLAGS flags,
00169                    CK_VOID_PTR pApplication,
00170                    CK_RV  (*Notify) (CK_SESSION_HANDLE hSession,
00171                                      CK_NOTIFICATION event,
00172                                      CK_VOID_PTR pApplication),
00173                    CK_SESSION_HANDLE_PTR phSession);
00174 
00175 CK_RV
00176 pkcs_C_CloseSession(CK_SESSION_HANDLE hSession);
00177 
00178 CK_RV
00179 pkcs_C_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType,
00180              CK_CHAR_PTR pPin, CK_ULONG usPinLen);
00181 
00182 CK_RV
00183 pkcs_C_Logout(CK_SESSION_HANDLE hSession);
00184 
00185 CK_RV
00186 pkcs_C_CreateObject(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate,
00187                     CK_ULONG usCount, CK_OBJECT_HANDLE_PTR phObject);
00188 
00189 CK_RV
00190 pkcs_C_DestroyObject(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject);
00191 
00192 CK_RV
00193 pkcs_C_GetAttributeValue(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject,
00194                          CK_ATTRIBUTE_PTR pTemplate, CK_ULONG usCount);
00195 
00196 CK_RV
00197 pkcs_C_SetAttributeValue(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject,
00198                          CK_ATTRIBUTE_PTR pTemplate, CK_ULONG usCount);
00199 
00200 CK_RV
00201 pkcs_C_FindObjectsInit(CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate,
00202                        CK_ULONG usCount);
00203 
00204 CK_RV
00205 pkcs_C_FindObjects(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE_PTR phObject,
00206                    CK_ULONG usMaxObjectCount, CK_ULONG_PTR pusObjectCount);
00207 
00208 CK_RV
00209 pkcs_C_FindObjectsFinal(CK_SESSION_HANDLE hSession);
00210 
00211 CK_RV
00212 pkcs_C_EncryptInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
00213                    CK_OBJECT_HANDLE hKey);
00214 
00215 CK_RV
00216 pkcs_C_Encrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
00217                CK_ULONG ulDataLen, CK_BYTE_PTR pEncryptedData,
00218                CK_ULONG_PTR pulEncryptedDataLen);
00219 
00220 CK_RV
00221 pkcs_C_DigestInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism);
00222 
00223 CK_RV
00224 pkcs_C_DigestUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
00225                     CK_ULONG ulPartLen);
00226 
00227 CK_RV
00228 pkcs_C_DigestFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pDigest,
00229                    CK_ULONG_PTR pulDigestLen);
00230 
00231 CK_RV
00232 pkcs_C_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
00233                 CK_OBJECT_HANDLE hKey);
00234 
00235 CK_RV
00236 pkcs_C_Sign(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
00237             CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
00238             CK_ULONG_PTR pulSignatureLen);
00239 
00240 CK_RV
00241 pkcs_C_SignUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
00242                   CK_ULONG ulPartLen);
00243 
00244 CK_RV
00245 pkcs_C_SignFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
00246                  CK_ULONG_PTR pulSignatureLen);
00247 
00248 CK_RV
00249 pkcs_C_VerifyInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
00250                   CK_OBJECT_HANDLE hKey);
00251 
00252 CK_RV
00253 pkcs_C_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
00254               CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
00255               CK_ULONG ulSignatureLen);
00256 
00257 CK_RV
00258 pkcs_C_VerifyUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
00259                     CK_ULONG ulPartLen);
00260 
00261 CK_RV
00262 pkcs_C_VerifyFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
00263                    CK_ULONG ulSignatureLen);
00264 
00265 CK_RV
00266 pkcs_C_GenerateKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
00267                    CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
00268                    CK_OBJECT_HANDLE_PTR phKey);
00269 
00270 CK_RV
00271 pkcs_C_GenerateKeyPair(CK_SESSION_HANDLE hSession,
00272                        CK_MECHANISM_PTR pMechanism,
00273                        CK_ATTRIBUTE_PTR pPublicKeyTemplate,
00274                        CK_ULONG usPublicKeyAttributeCount,
00275                        CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
00276                        CK_ULONG usPrivateKeyAttributeCount,
00277                        CK_OBJECT_HANDLE_PTR phPrivateKey,
00278                        CK_OBJECT_HANDLE_PTR phPublicKey);
00279 
00280 CK_RV
00281 pkcs_C_DeriveKey(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
00282                  CK_OBJECT_HANDLE hBaseKey, CK_ATTRIBUTE_PTR pTemplate,
00283                  CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey);
00284 
00285 CK_RV
00286 pkcs_C_SeedRandom(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSeed,
00287                   CK_ULONG ulSeedLen);
00288 
00289 CK_RV
00290 pkcs_C_GenerateRandom(CK_SESSION_HANDLE hSession, CK_BYTE_PTR RandomData,
00291                       CK_ULONG ulRandomLen);
00292 
00293 ISC_LANG_ENDDECLS
00294 
00295 #endif /* PK11_PK11_H */
Generated on Tue Apr 28 17:41:04 2015 by Doxygen 1.5.4 for BIND9 Internals 9.11.0pre-alpha