Main Page | Directories | File List

libp11.h

00001 /* libp11, a simple layer on to of PKCS#11 API
00002  * Copyright (C) 2005 Olaf Kirch <okir@lst.de>
00003  *
00004  *  This library is free software; you can redistribute it and/or
00005  *  modify it under the terms of the GNU Lesser General Public
00006  *  License as published by the Free Software Foundation; either
00007  *  version 2.1 of the License, or (at your option) any later version.
00008  *
00009  *  This library is distributed in the hope that it will be useful,
00010  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
00011  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
00012  *  Lesser General Public License for more details.
00013  *
00014  *  You should have received a copy of the GNU Lesser General Public
00015  *  License along with this library; if not, write to the Free Software
00016  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
00017  */
00018 
00019 #ifndef _LIB11_H
00020 #define _LIB11_H
00021 
00022 #include <openssl/bio.h>
00023 #include <openssl/err.h>
00024 #include <openssl/x509.h>
00025 
00026 #ifdef __cplusplus
00027 extern "C" {
00028 #endif
00029 
00030 /* get some structures for local code to handle pkcs11 data readily */
00031 #define ERR_LIB_PKCS11  ERR_LIB_USER
00032 
00033 #define PKCS11err(f,r) \
00034 ERR_PUT_error(ERR_LIB_PKCS11,(f),(r),__FILE__,__LINE__)
00035 
00036 /*
00037  * The purpose of this library is to provide a simple PKCS11
00038  * interface to OpenSSL application that wish to use a previously
00039  * initialized card (as opposed to initializing it, etc).
00040  *
00041  * I am therefore making some simplifying assumptions:
00042  *
00043  *  -   no support for any operations that alter the card,
00044  *      i.e. readonly-login
00045  */
00046 
00047 /* PKCS11 key object (public or private) */
00048 typedef struct PKCS11_key_st {
00049         char *label;
00050         unsigned char *id;
00051         int id_len;
00052         unsigned char isPrivate;        /* private key present? */
00053         unsigned char needLogin;        /* login to read private key? */
00054         EVP_PKEY *evp_key;              /* initially NULL, need to call PKCS11_load_key */
00055         void *_private;
00056 } PKCS11_KEY;
00057 
00058 /* PKCS11 certificate object */
00059 typedef struct PKCS11_cert_st {
00060         char *label;
00061         unsigned char *id;
00062         int id_len;
00063         X509 *x509;
00064         void *_private;
00065 } PKCS11_CERT;
00066 
00067 /* PKCS11 token, e.g. smart card or USB key */
00068 typedef struct PKCS11_token_st {
00069         char *label;
00070         char *manufacturer;
00071         char *model;
00072         char *serialnr;
00073         unsigned char initialized;
00074         unsigned char loginRequired;
00075         unsigned char secureLogin;
00076         unsigned char userPinSet;
00077         unsigned char readOnly;
00078         void *_private;
00079 } PKCS11_TOKEN;
00080 
00081 /* PKCS11 slot, e.g. card reader */
00082 typedef struct PKCS11_slot_st {
00083         char *manufacturer;
00084         char *description;
00085         unsigned char removable;
00086         PKCS11_TOKEN *token;    /* NULL if no token present */
00087         void *_private;
00088 } PKCS11_SLOT;
00089 
00090 typedef struct PKCS11_ctx_st {
00091         char *manufacturer;
00092         char *description;
00093         void *_private;
00094 } PKCS11_CTX;
00095 
00096 extern PKCS11_CTX *PKCS11_CTX_new(void);
00097 extern int PKCS11_CTX_load(PKCS11_CTX *, const char *ident);
00098 extern void PKCS11_CTX_unload(PKCS11_CTX *);
00099 extern void PKCS11_CTX_free(PKCS11_CTX *);
00100 
00101 /* open a session in RO or RW mode */
00102 extern int PKCS11_open_session(PKCS11_SLOT *, int);
00103 
00104 /* Get a list of all slots */
00105 extern int PKCS11_enumerate_slots(PKCS11_CTX *,
00106                         PKCS11_SLOT **slotsp, unsigned int *nslotsp);
00107 
00108 /* and free them again */
00109 extern void PKCS11_release_all_slots(PKCS11_CTX *,
00110                         PKCS11_SLOT *slots, unsigned int nslots);
00111 
00112 /* Find the first slot with a token */
00113 PKCS11_SLOT *PKCS11_find_token(PKCS11_CTX * ctx, 
00114                         PKCS11_SLOT *slots, unsigned int nslots);
00115 
00116 /* Authenticate to the card */
00117 extern int PKCS11_login(PKCS11_SLOT *, int so, const char *pin);
00118 extern int PKCS11_logout(PKCS11_SLOT *);
00119 
00120 /* Get a list of all keys associated with this token */
00121 extern int PKCS11_enumerate_keys(PKCS11_TOKEN *, PKCS11_KEY **, unsigned int *);
00122 
00123 /* Get the key type (as EVP_PKEY_XXX) */
00124 extern int PKCS11_get_key_type(PKCS11_KEY *);
00125 
00126 /* Get size of key modulus in number of bytes */
00127 extern int PKCS11_get_key_size(const PKCS11_KEY *);
00128 /* Get actual modules and public exponent as BIGNUM */
00129 extern int PKCS11_get_key_modulus(PKCS11_KEY *, BIGNUM **);
00130 extern int PKCS11_get_key_exponent(PKCS11_KEY *, BIGNUM **);
00131 
00132 /* Get the enveloped private key */
00133 extern EVP_PKEY *PKCS11_get_private_key(PKCS11_KEY *);
00134 extern EVP_PKEY *PKCS11_get_public_key(PKCS11_KEY *);
00135 
00136 /* Find the corresponding certificate (if any) */
00137 extern PKCS11_CERT *PKCS11_find_certificate(PKCS11_KEY *);
00138 
00139 /* Find the corresponding key (if any) */
00140 extern PKCS11_KEY *PKCS11_find_key(PKCS11_CERT *);
00141 
00142 /* Get a list of all certificates associated with this token */
00143 extern int PKCS11_enumerate_certs(PKCS11_TOKEN *, PKCS11_CERT **, unsigned int *);
00144 
00145 /* Initialize a token */
00146 extern int PKCS11_init_token(PKCS11_TOKEN *, const char *pin,
00147         const char *label);
00148 
00149 /* Initialize the user PIN on a token */
00150 extern int PKCS11_init_pin(PKCS11_TOKEN *, const char *pin);
00151 
00152 /* Change the user PIN on a token */
00153 extern int PKCS11_change_pin(PKCS11_SLOT *, const char *old_pin,
00154         const char *new_pin);
00155 
00156 /* Store various objects on the token */
00157 extern int PKCS11_generate_key(PKCS11_TOKEN *, int, unsigned int, char *);
00158 extern int PKCS11_store_private_key(PKCS11_TOKEN *, EVP_PKEY *, char *);
00159 
00160 /* rsa private key operations */
00161 extern int PKCS11_sign(int type, const unsigned char *m, unsigned int m_len,
00162         unsigned char *sigret, unsigned int *siglen, const PKCS11_KEY * key);
00163 extern int PKCS11_private_encrypt(int flen, const unsigned char *from,
00164         unsigned char *to, const PKCS11_KEY * rsa, int padding);
00165 extern int PKCS11_private_decrypt(int flen, const unsigned char *from,
00166         unsigned char *to, PKCS11_KEY * key, int padding);
00167 extern int PKCS11_verify(int type, const unsigned char *m, unsigned int m_len,
00168         unsigned char *signature, unsigned int siglen, PKCS11_KEY * key);
00169 
00170 /* access random number generator */
00171 extern int PKCS11_seed_random(PKCS11_SLOT *, const unsigned char *s, unsigned int s_len);
00172 extern int PKCS11_generate_random(PKCS11_SLOT *, unsigned char *r, unsigned int r_len);
00173 
00174 /* Load PKCS11 error strings */
00175 extern void ERR_load_PKCS11_strings(void);
00176 
00177 /*
00178  * Function and reason codes
00179  */
00180 #define PKCS11_F_PKCS11_CTX_LOAD                1
00181 #define PKCS11_F_PKCS11_ENUM_SLOTS              2
00182 #define PKCS11_F_PKCS11_CHECK_TOKEN             3
00183 #define PKCS11_F_PKCS11_OPEN_SESSION            4
00184 #define PKCS11_F_PKCS11_LOGIN                   5
00185 #define PKCS11_F_PKCS11_ENUM_KEYS               6
00186 #define PKCS11_F_PKCS11_GET_KEY                 7
00187 #define PKCS11_F_PKCS11_RSA_DECRYPT             8
00188 #define PKCS11_F_PKCS11_RSA_ENCRYPT             9
00189 #define PKCS11_F_PKCS11_RSA_SIGN                10
00190 #define PKCS11_F_PKCS11_RSA_VERIFY              11
00191 #define PKCS11_F_PKCS11_ENUM_CERTS              12
00192 #define PKCS11_F_PKCS11_INIT_TOKEN              13
00193 #define PKCS11_F_PKCS11_INIT_PIN                14
00194 #define PKCS11_F_PKCS11_LOGOUT                  15
00195 #define PKCS11_F_PKCS11_STORE_PRIVATE_KEY       16
00196 #define PKCS11_F_PKCS11_GENERATE_KEY            17
00197 #define PKCS11_F_PKCS11_STORE_PUBLIC_KEY        18
00198 #define PKCS11_F_PKCS11_STORE_CERTIFICATE       19
00199 #define PKCS11_F_PKCS11_SEED_RANDOM             20
00200 #define PKCS11_F_PKCS11_GENERATE_RANDOM         21
00201 #define PKCS11_F_PKCS11_CHANGE_PIN              22
00202 #define PKCS11_F_PKCS11_GETATTR                 40
00203 
00204 #define PKCS11_ERR_BASE                         1024
00205 #define PKCS11_LOAD_MODULE_ERROR                (PKCS11_ERR_BASE+1)
00206 #define PKCS11_MODULE_LOADED_ERROR              (PKCS11_ERR_BASE+2)
00207 #define PKCS11_SYMBOL_NOT_FOUND_ERROR           (PKCS11_ERR_BASE+3)
00208 #define PKCS11_NOT_SUPPORTED                    (PKCS11_ERR_BASE+4)
00209 #define PKCS11_NO_SESSION                       (PKCS11_ERR_BASE+5)
00210 #define PKCS11_KEYGEN_FAILED                    (PKCS11_ERR_BASE+6)
00211 
00212 #ifdef __cplusplus
00213 }
00214 #endif
00215 #endif

Generated on Mon Sep 19 15:50:06 2005 for libp11 by  doxygen 1.4.2