Main Page | Data Structures | Directories | File List | Data Fields | Globals

libp11.h

Go to the documentation of this file.
00001 /* libp11, a simple layer on to of PKCS#11 API
00002  * Copyright (C) 2005 Olaf Kirch <okir@lst.de>
00003  *
00004  *  This library is free software; you can redistribute it and/or
00005  *  modify it under the terms of the GNU Lesser General Public
00006  *  License as published by the Free Software Foundation; either
00007  *  version 2.1 of the License, or (at your option) any later version.
00008  *
00009  *  This library is distributed in the hope that it will be useful,
00010  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
00011  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
00012  *  Lesser General Public License for more details.
00013  *
00014  *  You should have received a copy of the GNU Lesser General Public
00015  *  License along with this library; if not, write to the Free Software
00016  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
00017  */
00018 
00024 #ifndef _LIB11_H
00025 #define _LIB11_H
00026 
00027 #include <openssl/bio.h>
00028 #include <openssl/err.h>
00029 #include <openssl/x509.h>
00030 
00031 #ifdef __cplusplus
00032 extern "C" {
00033 #endif
00034 
00035 /* get some structures for local code to handle pkcs11 data readily */
00036 #define ERR_LIB_PKCS11  ERR_LIB_USER
00037 
00038 #define PKCS11err(f,r) \
00039 ERR_PUT_error(ERR_LIB_PKCS11,(f),(r),__FILE__,__LINE__)
00040 
00041 /*
00042  * The purpose of this library is to provide a simple PKCS11
00043  * interface to OpenSSL application that wish to use a previously
00044  * initialized card (as opposed to initializing it, etc).
00045  *
00046  * I am therefore making some simplifying assumptions:
00047  *
00048  *  -   no support for any operations that alter the card,
00049  *      i.e. readonly-login
00050  */
00051 
00053 typedef struct PKCS11_key_st {
00054         char *label;
00055         unsigned char *id;
00056         int id_len;
00057         unsigned char isPrivate;        
00058         unsigned char needLogin;        
00059         EVP_PKEY *evp_key;              
00060         void *_private;
00061 } PKCS11_KEY;
00062 
00064 typedef struct PKCS11_cert_st {
00065         char *label;
00066         unsigned char *id;
00067         int id_len;
00068         X509 *x509;
00069         void *_private;
00070 } PKCS11_CERT;
00071 
00073 typedef struct PKCS11_token_st {
00074         char *label;
00075         char *manufacturer;
00076         char *model;
00077         char *serialnr;
00078         unsigned char initialized;
00079         unsigned char loginRequired;
00080         unsigned char secureLogin;
00081         unsigned char userPinSet;
00082         unsigned char readOnly;
00083         void *_private;
00084 } PKCS11_TOKEN;
00085 
00087 typedef struct PKCS11_slot_st {
00088         char *manufacturer;
00089         char *description;
00090         unsigned char removable;
00091         PKCS11_TOKEN *token;    
00092         void *_private;
00093 } PKCS11_SLOT;
00094 
00096 typedef struct PKCS11_ctx_st {
00097         char *manufacturer;
00098         char *description;
00099         void *_private;
00100 } PKCS11_CTX;
00101 
00108 extern PKCS11_CTX *PKCS11_CTX_new(void);
00109 
00118 extern int PKCS11_CTX_load(PKCS11_CTX * ctx, const char * ident);
00119 
00125 extern void PKCS11_CTX_unload(PKCS11_CTX * ctx);
00126 
00132 extern void PKCS11_CTX_free(PKCS11_CTX * ctx);
00133 
00141 extern int PKCS11_open_session(PKCS11_SLOT * slot, int rw);
00142 
00152 extern int PKCS11_enumerate_slots(PKCS11_CTX * ctx,
00153                         PKCS11_SLOT **slotsp, unsigned int *nslotsp);
00154 
00162 extern void PKCS11_release_all_slots(PKCS11_CTX * ctx,
00163                         PKCS11_SLOT *slots, unsigned int nslots);
00164 
00174 PKCS11_SLOT *PKCS11_find_token(PKCS11_CTX * ctx, 
00175                         PKCS11_SLOT *slots, unsigned int nslots);
00176 
00186 extern int PKCS11_login(PKCS11_SLOT * slot, int so, const char *pin);
00187 
00195 extern int PKCS11_logout(PKCS11_SLOT * slot);
00196 
00197 /* Get a list of all keys associated with this token */
00198 extern int PKCS11_enumerate_keys(PKCS11_TOKEN *, PKCS11_KEY **, unsigned int *);
00199 
00200 /* Get the key type (as EVP_PKEY_XXX) */
00201 extern int PKCS11_get_key_type(PKCS11_KEY *);
00202 
00203 /* Get size of key modulus in number of bytes */
00204 extern int PKCS11_get_key_size(const PKCS11_KEY *);
00205 /* Get actual modules and public exponent as BIGNUM */
00206 extern int PKCS11_get_key_modulus(PKCS11_KEY *, BIGNUM **);
00207 extern int PKCS11_get_key_exponent(PKCS11_KEY *, BIGNUM **);
00208 
00209 /* Get the enveloped private key */
00219 extern EVP_PKEY *PKCS11_get_private_key(PKCS11_KEY *key);
00229 extern EVP_PKEY *PKCS11_get_public_key(PKCS11_KEY *key);
00230 
00231 /* Find the corresponding certificate (if any) */
00232 extern PKCS11_CERT *PKCS11_find_certificate(PKCS11_KEY *);
00233 
00234 /* Find the corresponding key (if any) */
00235 extern PKCS11_KEY *PKCS11_find_key(PKCS11_CERT *);
00236 
00237 /* Get a list of all certificates associated with this token */
00238 extern int PKCS11_enumerate_certs(PKCS11_TOKEN *, PKCS11_CERT **, unsigned int *);
00239 
00249 extern int PKCS11_init_token(PKCS11_TOKEN * token, const char *pin,
00250         const char *label);
00251 
00260 extern int PKCS11_init_pin(PKCS11_TOKEN * token, const char *pin);
00261 
00271 extern int PKCS11_change_pin(PKCS11_SLOT * slot, const char *old_pin,
00272         const char *new_pin);
00273 
00274 /* Store various objects on the token */
00275 extern int PKCS11_generate_key(PKCS11_TOKEN *, int, unsigned int, char *);
00276 extern int PKCS11_store_private_key(PKCS11_TOKEN *, EVP_PKEY *, char *);
00277 
00290 extern int PKCS11_store_certificate(PKCS11_TOKEN * token, X509 * x509,
00291                 char *label, unsigned char *id, unsigned int id_len,
00292                 PKCS11_CERT **ret_cert);
00293 
00294 /* rsa private key operations */
00295 extern int PKCS11_sign(int type, const unsigned char *m, unsigned int m_len,
00296         unsigned char *sigret, unsigned int *siglen, const PKCS11_KEY * key);
00297 extern int PKCS11_private_encrypt(int flen, const unsigned char *from,
00298         unsigned char *to, const PKCS11_KEY * rsa, int padding);
00309 extern int PKCS11_private_decrypt(int flen, const unsigned char *from,
00310         unsigned char *to, PKCS11_KEY * key, int padding);
00311 extern int PKCS11_verify(int type, const unsigned char *m, unsigned int m_len,
00312         unsigned char *signature, unsigned int siglen, PKCS11_KEY * key);
00313 
00314 /* access random number generator */
00315 extern int PKCS11_seed_random(PKCS11_SLOT *, const unsigned char *s, unsigned int s_len);
00316 extern int PKCS11_generate_random(PKCS11_SLOT *, unsigned char *r, unsigned int r_len);
00317 
00318 /* using with openssl method mechanism */
00319 RSA_METHOD *PKCS11_get_rsa_method(void);
00320 
00327 extern void ERR_load_PKCS11_strings(void);
00328 
00329 /*
00330  * Function and reason codes
00331  */
00332 #define PKCS11_F_PKCS11_CTX_LOAD                1
00333 #define PKCS11_F_PKCS11_ENUM_SLOTS              2
00334 #define PKCS11_F_PKCS11_CHECK_TOKEN             3
00335 #define PKCS11_F_PKCS11_OPEN_SESSION            4
00336 #define PKCS11_F_PKCS11_LOGIN                   5
00337 #define PKCS11_F_PKCS11_ENUM_KEYS               6
00338 #define PKCS11_F_PKCS11_GET_KEY                 7
00339 #define PKCS11_F_PKCS11_RSA_DECRYPT             8
00340 #define PKCS11_F_PKCS11_RSA_ENCRYPT             9
00341 #define PKCS11_F_PKCS11_RSA_SIGN                10
00342 #define PKCS11_F_PKCS11_RSA_VERIFY              11
00343 #define PKCS11_F_PKCS11_ENUM_CERTS              12
00344 #define PKCS11_F_PKCS11_INIT_TOKEN              13
00345 #define PKCS11_F_PKCS11_INIT_PIN                14
00346 #define PKCS11_F_PKCS11_LOGOUT                  15
00347 #define PKCS11_F_PKCS11_STORE_PRIVATE_KEY       16
00348 #define PKCS11_F_PKCS11_GENERATE_KEY            17
00349 #define PKCS11_F_PKCS11_STORE_PUBLIC_KEY        18
00350 #define PKCS11_F_PKCS11_STORE_CERTIFICATE       19
00351 #define PKCS11_F_PKCS11_SEED_RANDOM             20
00352 #define PKCS11_F_PKCS11_GENERATE_RANDOM         21
00353 #define PKCS11_F_PKCS11_CHANGE_PIN              22
00354 #define PKCS11_F_PKCS11_GETATTR                 40
00355 
00356 #define PKCS11_ERR_BASE                         1024
00357 #define PKCS11_LOAD_MODULE_ERROR                (PKCS11_ERR_BASE+1)
00358 #define PKCS11_MODULE_LOADED_ERROR              (PKCS11_ERR_BASE+2)
00359 #define PKCS11_SYMBOL_NOT_FOUND_ERROR           (PKCS11_ERR_BASE+3)
00360 #define PKCS11_NOT_SUPPORTED                    (PKCS11_ERR_BASE+4)
00361 #define PKCS11_NO_SESSION                       (PKCS11_ERR_BASE+5)
00362 #define PKCS11_KEYGEN_FAILED                    (PKCS11_ERR_BASE+6)
00363 
00364 #ifdef __cplusplus
00365 }
00366 #endif
00367 #endif

Generated on Wed Nov 23 21:39:17 2005 for libp11 by  doxygen 1.4.2