2002-01-16 22:49:03 +00:00
|
|
|
/*
|
2002-10-19 14:04:52 +00:00
|
|
|
* sc-pkcs11.h: OpenSC project's PKCS#11 implementation header
|
2002-01-16 22:49:03 +00:00
|
|
|
*
|
2006-12-19 21:33:15 +00:00
|
|
|
* Copyright (C) 2002 Timo Teräs <timo.teras@iki.fi>
|
2002-01-16 22:49:03 +00:00
|
|
|
*
|
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
|
|
|
* License along with this library; if not, write to the Free Software
|
|
|
|
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
|
|
|
*/
|
|
|
|
|
|
2002-10-19 14:04:52 +00:00
|
|
|
#ifndef __sc_pkcs11_h__
|
|
|
|
|
#define __sc_pkcs11_h__
|
2002-01-16 22:49:03 +00:00
|
|
|
|
2010-03-04 08:14:36 +00:00
|
|
|
#include "config.h"
|
|
|
|
|
|
|
|
|
|
#include "libopensc/opensc.h"
|
|
|
|
|
#include "libopensc/pkcs15.h"
|
|
|
|
|
#include "libopensc/log.h"
|
2002-06-20 13:16:22 +00:00
|
|
|
|
2006-11-30 08:11:58 +00:00
|
|
|
#define CRYPTOKI_EXPORTS
|
2010-03-04 08:14:36 +00:00
|
|
|
#include "pkcs11.h"
|
|
|
|
|
#include "pkcs11-opensc.h"
|
2010-01-24 20:45:02 +00:00
|
|
|
#include "pkcs11-display.h"
|
2006-11-30 08:11:58 +00:00
|
|
|
|
|
|
|
|
#ifdef __cplusplus
|
|
|
|
|
extern "C" {
|
2012-04-02 22:00:56 +00:00
|
|
|
#endif
|
2006-11-30 08:11:58 +00:00
|
|
|
|
2012-05-22 15:18:00 +00:00
|
|
|
#define SC_PKCS11_PIN_UNBLOCK_NOT_ALLOWED 0
|
|
|
|
|
#define SC_PKCS11_PIN_UNBLOCK_UNLOGGED_SETPIN 1
|
|
|
|
|
#define SC_PKCS11_PIN_UNBLOCK_SCONTEXT_SETPIN 2
|
|
|
|
|
#define SC_PKCS11_PIN_UNBLOCK_SO_LOGGED_INITPIN 3
|
2010-01-08 15:41:07 +00:00
|
|
|
|
2012-05-22 15:18:00 +00:00
|
|
|
#define SC_PKCS11_SLOT_FOR_PIN_USER 1
|
|
|
|
|
#define SC_PKCS11_SLOT_FOR_PIN_SIGN 2
|
|
|
|
|
#define SC_PKCS11_SLOT_CREATE_ALL 8
|
2012-05-21 17:19:38 +00:00
|
|
|
|
2016-02-19 13:53:45 +00:00
|
|
|
#define SC_PKCS11_SLOT_FOR_PINS (SC_PKCS11_SLOT_FOR_PIN_USER | SC_PKCS11_SLOT_FOR_PIN_SIGN)
|
|
|
|
|
|
2006-11-30 08:11:58 +00:00
|
|
|
#ifdef __cplusplus
|
|
|
|
|
}
|
2002-06-20 13:16:22 +00:00
|
|
|
#endif
|
2002-01-16 22:49:03 +00:00
|
|
|
|
2002-08-19 17:13:46 +00:00
|
|
|
/* Decide whether to use pkcs11 for initialization support */
|
2008-03-06 16:06:59 +00:00
|
|
|
#ifdef ENABLE_OPENSSL
|
2003-02-14 16:59:23 +00:00
|
|
|
#define USE_PKCS15_INIT
|
2002-08-19 17:13:46 +00:00
|
|
|
#endif
|
|
|
|
|
|
2002-04-19 14:23:31 +00:00
|
|
|
#ifdef __cplusplus
|
|
|
|
|
extern "C" {
|
|
|
|
|
#endif
|
|
|
|
|
|
2002-01-16 22:49:03 +00:00
|
|
|
struct sc_pkcs11_session;
|
|
|
|
|
struct sc_pkcs11_slot;
|
|
|
|
|
struct sc_pkcs11_card;
|
|
|
|
|
|
2002-12-21 16:45:37 +00:00
|
|
|
struct sc_pkcs11_config {
|
2009-01-23 09:14:15 +00:00
|
|
|
unsigned int plug_and_play;
|
2009-01-16 16:44:35 +00:00
|
|
|
unsigned int max_virtual_slots;
|
|
|
|
|
unsigned int slots_per_card;
|
2003-01-03 10:49:07 +00:00
|
|
|
unsigned char lock_login;
|
2015-11-26 06:11:06 +00:00
|
|
|
unsigned char atomic;
|
2015-09-16 05:16:21 +00:00
|
|
|
unsigned char init_sloppy;
|
2010-01-08 15:41:07 +00:00
|
|
|
unsigned int pin_unblock_style;
|
2010-01-28 14:15:13 +00:00
|
|
|
unsigned int create_puk_slot;
|
2012-05-22 15:18:00 +00:00
|
|
|
unsigned int create_slots_flags;
|
2013-12-25 22:12:33 +00:00
|
|
|
unsigned char ignore_pin_length;
|
2002-12-21 16:45:37 +00:00
|
|
|
};
|
2002-01-16 22:49:03 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* PKCS#11 Object abstraction layer
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
struct sc_pkcs11_object_ops {
|
2005-02-11 20:09:34 +00:00
|
|
|
/* Generic operations */
|
|
|
|
|
void (*release)(void *);
|
2002-01-16 22:49:03 +00:00
|
|
|
|
2005-02-11 20:09:34 +00:00
|
|
|
/* Management methods */
|
2002-01-16 22:49:03 +00:00
|
|
|
CK_RV (*set_attribute)(struct sc_pkcs11_session *, void *, CK_ATTRIBUTE_PTR);
|
|
|
|
|
CK_RV (*get_attribute)(struct sc_pkcs11_session *, void *, CK_ATTRIBUTE_PTR);
|
2018-10-31 12:10:12 +00:00
|
|
|
CK_RV (*cmp_attribute)(struct sc_pkcs11_session *, void *, CK_ATTRIBUTE_PTR);
|
2002-01-16 22:49:03 +00:00
|
|
|
|
|
|
|
|
CK_RV (*destroy_object)(struct sc_pkcs11_session *, void *);
|
2005-02-11 20:09:34 +00:00
|
|
|
CK_RV (*get_size)(struct sc_pkcs11_session *, void *);
|
2002-01-16 22:49:03 +00:00
|
|
|
|
|
|
|
|
/* Cryptographic methods */
|
2003-10-01 06:51:49 +00:00
|
|
|
CK_RV (*sign)(struct sc_pkcs11_session *, void *,
|
|
|
|
|
CK_MECHANISM_PTR,
|
|
|
|
|
CK_BYTE_PTR pData, CK_ULONG ulDataLen,
|
|
|
|
|
CK_BYTE_PTR pSignature, CK_ULONG_PTR pulDataLen);
|
2002-03-15 15:22:41 +00:00
|
|
|
CK_RV (*unwrap_key)(struct sc_pkcs11_session *, void *,
|
|
|
|
|
CK_MECHANISM_PTR,
|
|
|
|
|
CK_BYTE_PTR pData, CK_ULONG ulDataLen,
|
2017-09-22 12:03:31 +00:00
|
|
|
void *targetKey);
|
2003-10-01 06:51:49 +00:00
|
|
|
CK_RV (*decrypt)(struct sc_pkcs11_session *, void *,
|
|
|
|
|
CK_MECHANISM_PTR,
|
|
|
|
|
CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen,
|
|
|
|
|
CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen);
|
|
|
|
|
|
2012-05-22 15:18:00 +00:00
|
|
|
CK_RV (*derive)(struct sc_pkcs11_session *, void *,
|
|
|
|
|
CK_MECHANISM_PTR,
|
|
|
|
|
CK_BYTE_PTR pSeedData, CK_ULONG ulSeedDataLen,
|
|
|
|
|
CK_BYTE_PTR pDerived, CK_ULONG_PTR pulDerivedLen);
|
|
|
|
|
|
|
|
|
|
/* Check compatibility of PKCS#15 object usage and an asked PKCS#11 mechanism. */
|
|
|
|
|
CK_RV (*can_do)(struct sc_pkcs11_session *, void *, CK_MECHANISM_TYPE, unsigned int);
|
|
|
|
|
|
Add support for PSS padding to RSA signatures
A card driver may declare support for computing the padding on the card,
or else the padding will be applied locally in padding.c. All five
PKCS11 PSS mechanisms are supported, for signature and verification.
There are a few limits on what we choose to support, in particular I
don't see a need for arbitrary combinations of MGF hash, data hash, and
salt length, so I've restricted it (for the user's benefit) to the only
cases that really matter, where salt_len = hash_len and the same hash is
used for the MGF and data hashing.
------------------------------------------------------------------------
Reworked and extended in 2018 by Jakub Jelen <jjelen@redhat.com> against
current OpenSC master, to actually work with existing PIV cards:
* extended of missing mechanisms (SHA224, possibility to select MGF1)
* compatibility with OpenSSL 1.1+
* Removed the ANSI padding
* Formatting cleanup, error checking
Based on the original work from
https://github.com/NWilson/OpenSC/commit/42f3199e66
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2015-08-25 11:45:27 +00:00
|
|
|
/* General validation of mechanism parameters (sign, encrypt, etc) */
|
|
|
|
|
CK_RV (*init_params)(struct sc_pkcs11_session *, CK_MECHANISM_PTR);
|
|
|
|
|
|
2017-09-22 12:03:31 +00:00
|
|
|
CK_RV (*wrap_key)(struct sc_pkcs11_session *, void *,
|
|
|
|
|
CK_MECHANISM_PTR,
|
|
|
|
|
void*,
|
|
|
|
|
CK_BYTE_PTR pData, CK_ULONG_PTR ulDataLen);
|
|
|
|
|
|
2005-02-11 20:09:34 +00:00
|
|
|
/* Others to be added when implemented */
|
2002-01-16 22:49:03 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct sc_pkcs11_object {
|
2010-01-24 20:45:02 +00:00
|
|
|
CK_OBJECT_HANDLE handle;
|
2003-02-23 17:50:33 +00:00
|
|
|
int flags;
|
2005-02-11 20:09:34 +00:00
|
|
|
struct sc_pkcs11_object_ops *ops;
|
2002-01-16 22:49:03 +00:00
|
|
|
};
|
|
|
|
|
|
2003-02-23 17:50:33 +00:00
|
|
|
#define SC_PKCS11_OBJECT_SEEN 0x0001
|
2003-04-17 12:38:08 +00:00
|
|
|
#define SC_PKCS11_OBJECT_HIDDEN 0x0002
|
|
|
|
|
#define SC_PKCS11_OBJECT_RECURS 0x8000
|
2003-02-23 17:50:33 +00:00
|
|
|
|
2002-01-16 22:49:03 +00:00
|
|
|
|
|
|
|
|
/*
|
2005-06-16 19:35:31 +00:00
|
|
|
* PKCS#11 smart card Framework abstraction
|
2002-01-16 22:49:03 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
struct sc_pkcs11_framework_ops {
|
2005-02-11 20:09:34 +00:00
|
|
|
/* Detect and bind card to framework */
|
2012-05-22 15:18:00 +00:00
|
|
|
CK_RV (*bind)(struct sc_pkcs11_card *, struct sc_app_info *);
|
2005-02-11 20:09:34 +00:00
|
|
|
/* Unbind and release allocated resources */
|
2002-01-16 22:49:03 +00:00
|
|
|
CK_RV (*unbind)(struct sc_pkcs11_card *);
|
|
|
|
|
|
|
|
|
|
/* Create tokens to virtual slots and
|
|
|
|
|
* objects in tokens; called after bind */
|
2016-02-19 13:53:45 +00:00
|
|
|
CK_RV (*create_tokens)(struct sc_pkcs11_card *, struct sc_app_info *);
|
2005-02-11 20:09:34 +00:00
|
|
|
CK_RV (*release_token)(struct sc_pkcs11_card *, void *);
|
2002-01-16 22:49:03 +00:00
|
|
|
|
|
|
|
|
/* Login and logout */
|
2010-03-09 15:05:29 +00:00
|
|
|
CK_RV (*login)(struct sc_pkcs11_slot *,
|
2002-04-08 15:51:19 +00:00
|
|
|
CK_USER_TYPE, CK_CHAR_PTR, CK_ULONG);
|
2012-05-22 15:18:00 +00:00
|
|
|
CK_RV (*logout)(struct sc_pkcs11_slot *);
|
|
|
|
|
CK_RV (*change_pin)(struct sc_pkcs11_slot *,
|
2002-03-20 15:04:14 +00:00
|
|
|
CK_CHAR_PTR, CK_ULONG,
|
|
|
|
|
CK_CHAR_PTR, CK_ULONG);
|
2002-01-16 22:49:03 +00:00
|
|
|
/*
|
2018-04-14 17:38:34 +00:00
|
|
|
* In future: functions to create new objects (i.e. certificates, private keys)
|
2005-02-11 20:09:34 +00:00
|
|
|
*/
|
2013-12-05 08:13:28 +00:00
|
|
|
CK_RV (*init_token)(struct sc_pkcs11_slot *, void *,
|
2002-04-05 15:02:41 +00:00
|
|
|
CK_UTF8CHAR_PTR, CK_ULONG,
|
|
|
|
|
CK_UTF8CHAR_PTR);
|
2012-05-22 15:18:00 +00:00
|
|
|
CK_RV (*init_pin)(struct sc_pkcs11_slot *,
|
2002-04-08 15:51:19 +00:00
|
|
|
CK_UTF8CHAR_PTR, CK_ULONG);
|
2012-05-22 15:18:00 +00:00
|
|
|
CK_RV (*create_object)(struct sc_pkcs11_slot *,
|
2002-04-11 15:17:33 +00:00
|
|
|
CK_ATTRIBUTE_PTR, CK_ULONG,
|
|
|
|
|
CK_OBJECT_HANDLE_PTR);
|
2012-05-22 15:18:00 +00:00
|
|
|
CK_RV (*gen_keypair)(struct sc_pkcs11_slot *,
|
|
|
|
|
CK_MECHANISM_PTR,
|
|
|
|
|
CK_ATTRIBUTE_PTR, CK_ULONG,
|
|
|
|
|
CK_ATTRIBUTE_PTR, CK_ULONG,
|
|
|
|
|
CK_OBJECT_HANDLE_PTR, CK_OBJECT_HANDLE_PTR);
|
|
|
|
|
CK_RV (*get_random)(struct sc_pkcs11_slot *,
|
2005-07-18 20:20:22 +00:00
|
|
|
CK_BYTE_PTR, CK_ULONG);
|
2002-01-16 22:49:03 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* PKCS#11 Slot (used to access card with specific framework data)
|
|
|
|
|
*/
|
|
|
|
|
|
2006-02-01 22:59:42 +00:00
|
|
|
#ifndef _WIN32
|
|
|
|
|
typedef unsigned long long sc_timestamp_t;
|
|
|
|
|
#else
|
|
|
|
|
typedef unsigned __int64 sc_timestamp_t;
|
|
|
|
|
#endif
|
|
|
|
|
|
2012-05-22 15:18:00 +00:00
|
|
|
#define SC_PKCS11_FRAMEWORK_DATA_MAX_NUM 4
|
2002-01-16 22:49:03 +00:00
|
|
|
struct sc_pkcs11_card {
|
2010-01-24 20:45:02 +00:00
|
|
|
sc_reader_t *reader;
|
|
|
|
|
sc_card_t *card;
|
2005-02-11 20:09:34 +00:00
|
|
|
struct sc_pkcs11_framework_ops *framework;
|
2012-05-22 15:18:00 +00:00
|
|
|
void *fws_data[SC_PKCS11_FRAMEWORK_DATA_MAX_NUM];
|
2002-12-21 16:45:37 +00:00
|
|
|
|
2002-12-17 11:49:12 +00:00
|
|
|
/* List of supported mechanisms */
|
|
|
|
|
struct sc_pkcs11_mechanism_type **mechanisms;
|
|
|
|
|
unsigned int nmechanisms;
|
2002-01-16 22:49:03 +00:00
|
|
|
};
|
|
|
|
|
|
2016-09-02 22:46:48 +00:00
|
|
|
/* If the slot did already show with `C_GetSlotList`, then we need to keep this
|
|
|
|
|
* slot alive. PKCS#11 2.30 allows allows adding but not removing slots until
|
|
|
|
|
* the application calls `C_GetSlotList` with `NULL`. This flag tracks the
|
|
|
|
|
* visibility to the application */
|
|
|
|
|
#define SC_PKCS11_SLOT_FLAG_SEEN 1
|
|
|
|
|
|
2002-01-16 22:49:03 +00:00
|
|
|
struct sc_pkcs11_slot {
|
2012-05-22 15:18:00 +00:00
|
|
|
CK_SLOT_ID id; /* ID of the slot */
|
|
|
|
|
int login_user; /* Currently logged in user */
|
|
|
|
|
CK_SLOT_INFO slot_info; /* Slot specific information (information about reader) */
|
|
|
|
|
CK_TOKEN_INFO token_info; /* Token specific information (information about card) */
|
|
|
|
|
sc_reader_t *reader; /* same as card->reader if there's a card present */
|
2015-02-12 01:03:45 +00:00
|
|
|
struct sc_pkcs11_card *p11card; /* The card associated with this slot */
|
2012-05-22 15:18:00 +00:00
|
|
|
unsigned int events; /* Card events SC_EVENT_CARD_{INSERTED,REMOVED} */
|
|
|
|
|
void *fw_data; /* Framework specific data */ /* TODO: get know how it used */
|
|
|
|
|
list_t objects; /* Objects in this slot */
|
|
|
|
|
unsigned int nsessions; /* Number of sessions using this slot */
|
2010-01-24 20:45:02 +00:00
|
|
|
sc_timestamp_t slot_state_expires;
|
2012-05-22 15:18:00 +00:00
|
|
|
|
|
|
|
|
int fw_data_idx; /* Index of framework data */
|
2018-04-14 17:38:34 +00:00
|
|
|
struct sc_app_info *app_info; /* Application associated to slot */
|
2015-11-26 06:11:06 +00:00
|
|
|
list_t logins; /* tracks all calls to C_Login if atomic operations are requested */
|
2016-09-02 22:46:48 +00:00
|
|
|
int flags;
|
2002-01-16 22:49:03 +00:00
|
|
|
};
|
2003-01-03 11:39:59 +00:00
|
|
|
typedef struct sc_pkcs11_slot sc_pkcs11_slot_t;
|
2002-01-16 22:49:03 +00:00
|
|
|
|
|
|
|
|
|
2002-12-17 11:49:12 +00:00
|
|
|
/* Forward decl */
|
|
|
|
|
typedef struct sc_pkcs11_operation sc_pkcs11_operation_t;
|
|
|
|
|
|
|
|
|
|
enum {
|
|
|
|
|
SC_PKCS11_OPERATION_FIND = 0,
|
|
|
|
|
SC_PKCS11_OPERATION_SIGN,
|
2003-06-27 15:26:17 +00:00
|
|
|
SC_PKCS11_OPERATION_VERIFY,
|
2002-12-17 11:49:12 +00:00
|
|
|
SC_PKCS11_OPERATION_DIGEST,
|
2003-10-01 06:51:49 +00:00
|
|
|
SC_PKCS11_OPERATION_DECRYPT,
|
2012-05-22 15:18:00 +00:00
|
|
|
SC_PKCS11_OPERATION_DERIVE,
|
2017-09-22 12:03:31 +00:00
|
|
|
SC_PKCS11_OPERATION_WRAP,
|
|
|
|
|
SC_PKCS11_OPERATION_UNWRAP,
|
2002-12-17 11:49:12 +00:00
|
|
|
SC_PKCS11_OPERATION_MAX
|
2002-01-16 22:49:03 +00:00
|
|
|
};
|
|
|
|
|
|
2002-12-17 11:49:12 +00:00
|
|
|
/* This describes a PKCS11 mechanism */
|
|
|
|
|
struct sc_pkcs11_mechanism_type {
|
|
|
|
|
CK_MECHANISM_TYPE mech; /* algorithm: md5, sha1, ... */
|
|
|
|
|
CK_MECHANISM_INFO mech_info; /* mechanism info */
|
|
|
|
|
CK_MECHANISM_TYPE key_type; /* for sign/decipher ops */
|
|
|
|
|
unsigned int obj_size;
|
|
|
|
|
|
|
|
|
|
/* General management */
|
|
|
|
|
void (*release)(sc_pkcs11_operation_t *);
|
|
|
|
|
|
|
|
|
|
/* Digest/sign Operations */
|
|
|
|
|
CK_RV (*md_init)(sc_pkcs11_operation_t *);
|
|
|
|
|
CK_RV (*md_update)(sc_pkcs11_operation_t *,
|
|
|
|
|
CK_BYTE_PTR, CK_ULONG);
|
|
|
|
|
CK_RV (*md_final)(sc_pkcs11_operation_t *,
|
|
|
|
|
CK_BYTE_PTR, CK_ULONG_PTR);
|
|
|
|
|
|
|
|
|
|
CK_RV (*sign_init)(sc_pkcs11_operation_t *,
|
|
|
|
|
struct sc_pkcs11_object *);
|
|
|
|
|
CK_RV (*sign_update)(sc_pkcs11_operation_t *,
|
|
|
|
|
CK_BYTE_PTR, CK_ULONG);
|
|
|
|
|
CK_RV (*sign_final)(sc_pkcs11_operation_t *,
|
|
|
|
|
CK_BYTE_PTR, CK_ULONG_PTR);
|
2003-01-03 14:28:50 +00:00
|
|
|
CK_RV (*sign_size)(sc_pkcs11_operation_t *,
|
|
|
|
|
CK_ULONG_PTR);
|
2003-06-27 15:26:17 +00:00
|
|
|
CK_RV (*verif_init)(sc_pkcs11_operation_t *,
|
|
|
|
|
struct sc_pkcs11_object *);
|
|
|
|
|
CK_RV (*verif_update)(sc_pkcs11_operation_t *,
|
|
|
|
|
CK_BYTE_PTR, CK_ULONG);
|
|
|
|
|
CK_RV (*verif_final)(sc_pkcs11_operation_t *,
|
|
|
|
|
CK_BYTE_PTR, CK_ULONG);
|
2003-10-01 06:51:49 +00:00
|
|
|
CK_RV (*decrypt_init)(sc_pkcs11_operation_t *,
|
|
|
|
|
struct sc_pkcs11_object *);
|
|
|
|
|
CK_RV (*decrypt)(sc_pkcs11_operation_t *,
|
|
|
|
|
CK_BYTE_PTR, CK_ULONG,
|
|
|
|
|
CK_BYTE_PTR, CK_ULONG_PTR);
|
2012-05-22 15:18:00 +00:00
|
|
|
CK_RV (*derive)(sc_pkcs11_operation_t *,
|
|
|
|
|
struct sc_pkcs11_object *,
|
|
|
|
|
CK_BYTE_PTR, CK_ULONG,
|
|
|
|
|
CK_BYTE_PTR, CK_ULONG_PTR);
|
2017-09-22 12:03:31 +00:00
|
|
|
CK_RV (*wrap)(sc_pkcs11_operation_t *,
|
|
|
|
|
struct sc_pkcs11_object *,
|
|
|
|
|
struct sc_pkcs11_object *,
|
|
|
|
|
CK_BYTE_PTR, CK_ULONG_PTR);
|
|
|
|
|
CK_RV (*unwrap)(sc_pkcs11_operation_t *,
|
|
|
|
|
struct sc_pkcs11_object *,
|
|
|
|
|
CK_BYTE_PTR, CK_ULONG,
|
|
|
|
|
struct sc_pkcs11_object *);
|
|
|
|
|
|
2002-12-17 11:49:12 +00:00
|
|
|
/* mechanism specific data */
|
2015-04-29 23:45:23 +00:00
|
|
|
const void * mech_data;
|
|
|
|
|
/* free mechanism specific data */
|
|
|
|
|
void (*free_mech_data)(const void *mech_data);
|
2002-12-17 11:49:12 +00:00
|
|
|
};
|
|
|
|
|
typedef struct sc_pkcs11_mechanism_type sc_pkcs11_mechanism_type_t;
|
2002-01-16 22:49:03 +00:00
|
|
|
|
2002-12-17 11:49:12 +00:00
|
|
|
/*
|
|
|
|
|
* Generic operation
|
|
|
|
|
*/
|
|
|
|
|
struct sc_pkcs11_operation {
|
|
|
|
|
sc_pkcs11_mechanism_type_t *type;
|
|
|
|
|
CK_MECHANISM mechanism;
|
Add support for PSS padding to RSA signatures
A card driver may declare support for computing the padding on the card,
or else the padding will be applied locally in padding.c. All five
PKCS11 PSS mechanisms are supported, for signature and verification.
There are a few limits on what we choose to support, in particular I
don't see a need for arbitrary combinations of MGF hash, data hash, and
salt length, so I've restricted it (for the user's benefit) to the only
cases that really matter, where salt_len = hash_len and the same hash is
used for the MGF and data hashing.
------------------------------------------------------------------------
Reworked and extended in 2018 by Jakub Jelen <jjelen@redhat.com> against
current OpenSC master, to actually work with existing PIV cards:
* extended of missing mechanisms (SHA224, possibility to select MGF1)
* compatibility with OpenSSL 1.1+
* Removed the ANSI padding
* Formatting cleanup, error checking
Based on the original work from
https://github.com/NWilson/OpenSC/commit/42f3199e66
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2015-08-25 11:45:27 +00:00
|
|
|
union {
|
|
|
|
|
CK_RSA_PKCS_PSS_PARAMS pss;
|
|
|
|
|
CK_RSA_PKCS_OAEP_PARAMS oaep;
|
|
|
|
|
} mechanism_params;
|
2002-12-17 11:49:12 +00:00
|
|
|
struct sc_pkcs11_session *session;
|
|
|
|
|
void * priv_data;
|
2002-01-16 22:49:03 +00:00
|
|
|
};
|
|
|
|
|
|
2002-12-17 11:49:12 +00:00
|
|
|
/* Find Operation */
|
2010-09-22 14:41:50 +00:00
|
|
|
#define SC_PKCS11_FIND_INC_HANDLES 32
|
2002-01-16 22:49:03 +00:00
|
|
|
struct sc_pkcs11_find_operation {
|
|
|
|
|
struct sc_pkcs11_operation operation;
|
2010-09-22 14:41:50 +00:00
|
|
|
int num_handles, current_handle, allocated_handles;
|
|
|
|
|
CK_OBJECT_HANDLE *handles;
|
2002-01-16 22:49:03 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* PKCS#11 Session
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
struct sc_pkcs11_session {
|
2010-01-24 20:45:02 +00:00
|
|
|
CK_SESSION_HANDLE handle;
|
2002-01-16 22:49:03 +00:00
|
|
|
/* Session to this slot */
|
|
|
|
|
struct sc_pkcs11_slot *slot;
|
2005-02-11 20:09:34 +00:00
|
|
|
CK_FLAGS flags;
|
2002-01-16 22:49:03 +00:00
|
|
|
/* Notifications */
|
|
|
|
|
CK_NOTIFY notify_callback;
|
2005-02-11 20:09:34 +00:00
|
|
|
CK_VOID_PTR notify_data;
|
2002-12-17 11:49:12 +00:00
|
|
|
/* Active operations - one per type */
|
|
|
|
|
struct sc_pkcs11_operation *operation[SC_PKCS11_OPERATION_MAX];
|
2002-01-16 22:49:03 +00:00
|
|
|
};
|
2002-12-17 11:49:12 +00:00
|
|
|
typedef struct sc_pkcs11_session sc_pkcs11_session_t;
|
2002-01-16 22:49:03 +00:00
|
|
|
|
|
|
|
|
/* Module variables */
|
|
|
|
|
extern struct sc_context *context;
|
2002-12-21 16:45:37 +00:00
|
|
|
extern struct sc_pkcs11_config sc_pkcs11_conf;
|
2010-01-24 20:45:02 +00:00
|
|
|
extern list_t sessions;
|
|
|
|
|
extern list_t virtual_slots;
|
|
|
|
|
extern list_t cards;
|
2002-01-16 22:49:03 +00:00
|
|
|
|
|
|
|
|
/* Framework definitions */
|
|
|
|
|
extern struct sc_pkcs11_framework_ops framework_pkcs15;
|
2002-04-05 15:02:41 +00:00
|
|
|
extern struct sc_pkcs11_framework_ops framework_pkcs15init;
|
2002-01-16 22:49:03 +00:00
|
|
|
|
2005-01-19 18:15:43 +00:00
|
|
|
void strcpy_bp(u8 *dst, const char *src, size_t dstsize);
|
2010-04-21 10:51:13 +00:00
|
|
|
CK_RV sc_to_cryptoki_error(int rc, const char *ctx);
|
2010-03-15 12:17:13 +00:00
|
|
|
void sc_pkcs11_print_attrs(int level, const char *file, unsigned int line, const char *function,
|
2003-04-16 14:18:07 +00:00
|
|
|
const char *info, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount);
|
2010-03-15 12:17:13 +00:00
|
|
|
#define dump_template(level, info, pTemplate, ulCount) \
|
|
|
|
|
sc_pkcs11_print_attrs(level, __FILE__, __LINE__, __FUNCTION__, \
|
2003-04-16 14:18:07 +00:00
|
|
|
info, pTemplate, ulCount)
|
2002-01-16 22:49:03 +00:00
|
|
|
|
|
|
|
|
/* Slot and card handling functions */
|
2010-01-24 20:45:02 +00:00
|
|
|
CK_RV card_removed(sc_reader_t *reader);
|
2010-03-28 20:06:56 +00:00
|
|
|
CK_RV card_detect_all(void);
|
2010-01-24 20:45:02 +00:00
|
|
|
CK_RV create_slot(sc_reader_t *reader);
|
|
|
|
|
CK_RV initialize_reader(sc_reader_t *reader);
|
|
|
|
|
CK_RV card_detect(sc_reader_t *reader);
|
|
|
|
|
CK_RV slot_get_slot(CK_SLOT_ID id, struct sc_pkcs11_slot **);
|
|
|
|
|
CK_RV slot_get_token(CK_SLOT_ID id, struct sc_pkcs11_slot **);
|
|
|
|
|
CK_RV slot_token_removed(CK_SLOT_ID id);
|
2002-01-16 22:49:03 +00:00
|
|
|
CK_RV slot_allocate(struct sc_pkcs11_slot **, struct sc_pkcs11_card *);
|
2010-01-24 20:45:02 +00:00
|
|
|
CK_RV slot_find_changed(CK_SLOT_ID_PTR idp, int mask);
|
2016-06-10 11:41:18 +00:00
|
|
|
int slot_get_logged_in_state(struct sc_pkcs11_slot *slot);
|
2002-01-16 22:49:03 +00:00
|
|
|
|
2015-11-26 06:11:06 +00:00
|
|
|
/* Login tracking functions */
|
|
|
|
|
CK_RV restore_login_state(struct sc_pkcs11_slot *slot);
|
2015-12-02 09:24:50 +00:00
|
|
|
CK_RV reset_login_state(struct sc_pkcs11_slot *slot, CK_RV rv);
|
2015-11-26 06:11:06 +00:00
|
|
|
CK_RV push_login_state(struct sc_pkcs11_slot *slot,
|
|
|
|
|
CK_USER_TYPE userType, CK_CHAR_PTR pPin, CK_ULONG ulPinLen);
|
|
|
|
|
void pop_login_state(struct sc_pkcs11_slot *slot);
|
|
|
|
|
void pop_all_login_states(struct sc_pkcs11_slot *slot);
|
|
|
|
|
|
2002-01-16 22:49:03 +00:00
|
|
|
/* Session manipulation */
|
2010-01-24 20:45:02 +00:00
|
|
|
CK_RV get_session(CK_SESSION_HANDLE hSession, struct sc_pkcs11_session ** session);
|
2005-02-11 20:09:34 +00:00
|
|
|
CK_RV session_start_operation(struct sc_pkcs11_session *,
|
2002-12-17 11:49:12 +00:00
|
|
|
int, sc_pkcs11_mechanism_type_t *,
|
|
|
|
|
struct sc_pkcs11_operation **);
|
|
|
|
|
CK_RV session_get_operation(struct sc_pkcs11_session *, int,
|
|
|
|
|
struct sc_pkcs11_operation **);
|
|
|
|
|
CK_RV session_stop_operation(struct sc_pkcs11_session *, int);
|
2003-02-17 14:21:38 +00:00
|
|
|
CK_RV sc_pkcs11_close_all_sessions(CK_SLOT_ID);
|
2002-01-16 22:49:03 +00:00
|
|
|
|
2002-03-15 15:22:41 +00:00
|
|
|
/* Generic secret key stuff */
|
|
|
|
|
CK_RV sc_pkcs11_create_secret_key(struct sc_pkcs11_session *,
|
|
|
|
|
const u8 *, size_t,
|
|
|
|
|
CK_ATTRIBUTE_PTR, CK_ULONG,
|
|
|
|
|
struct sc_pkcs11_object **);
|
2002-03-18 11:05:21 +00:00
|
|
|
/* Generic object handling */
|
2018-10-31 12:10:12 +00:00
|
|
|
CK_RV sc_pkcs11_any_cmp_attribute(struct sc_pkcs11_session *,
|
2002-03-18 11:05:21 +00:00
|
|
|
void *, CK_ATTRIBUTE_PTR);
|
2002-03-15 15:22:41 +00:00
|
|
|
|
2002-04-11 15:17:33 +00:00
|
|
|
/* Get attributes from template (misc.c) */
|
|
|
|
|
CK_RV attr_find(CK_ATTRIBUTE_PTR, CK_ULONG, CK_ULONG, void *, size_t *);
|
2003-06-03 13:57:52 +00:00
|
|
|
CK_RV attr_find2(CK_ATTRIBUTE_PTR, CK_ULONG, CK_ATTRIBUTE_PTR, CK_ULONG,
|
|
|
|
|
CK_ULONG, void *, size_t *);
|
2002-04-11 15:17:33 +00:00
|
|
|
CK_RV attr_find_ptr(CK_ATTRIBUTE_PTR, CK_ULONG, CK_ULONG, void **, size_t *);
|
2017-06-09 08:30:40 +00:00
|
|
|
CK_RV attr_find_ptr2(CK_ATTRIBUTE_PTR pTemp1, CK_ULONG ulCount1,
|
|
|
|
|
CK_ATTRIBUTE_PTR pTemp2, CK_ULONG ulCount2, CK_ULONG type, void **ptr, size_t * sizep);
|
2015-02-24 16:38:39 +00:00
|
|
|
CK_RV attr_find_and_allocate_ptr(CK_ATTRIBUTE_PTR, CK_ULONG, CK_ULONG, void **, size_t *);
|
2002-04-11 15:17:33 +00:00
|
|
|
CK_RV attr_find_var(CK_ATTRIBUTE_PTR, CK_ULONG, CK_ULONG, void *, size_t *);
|
|
|
|
|
CK_RV attr_extract(CK_ATTRIBUTE_PTR, void *, size_t *);
|
|
|
|
|
|
2002-12-17 11:49:12 +00:00
|
|
|
/* Generic Mechanism functions */
|
|
|
|
|
CK_RV sc_pkcs11_register_mechanism(struct sc_pkcs11_card *,
|
|
|
|
|
sc_pkcs11_mechanism_type_t *);
|
|
|
|
|
CK_RV sc_pkcs11_get_mechanism_list(struct sc_pkcs11_card *,
|
|
|
|
|
CK_MECHANISM_TYPE_PTR, CK_ULONG_PTR);
|
|
|
|
|
CK_RV sc_pkcs11_get_mechanism_info(struct sc_pkcs11_card *, CK_MECHANISM_TYPE,
|
|
|
|
|
CK_MECHANISM_INFO_PTR);
|
|
|
|
|
CK_RV sc_pkcs11_md_init(struct sc_pkcs11_session *, CK_MECHANISM_PTR);
|
|
|
|
|
CK_RV sc_pkcs11_md_update(struct sc_pkcs11_session *, CK_BYTE_PTR, CK_ULONG);
|
|
|
|
|
CK_RV sc_pkcs11_md_final(struct sc_pkcs11_session *, CK_BYTE_PTR, CK_ULONG_PTR);
|
|
|
|
|
CK_RV sc_pkcs11_sign_init(struct sc_pkcs11_session *, CK_MECHANISM_PTR,
|
|
|
|
|
struct sc_pkcs11_object *, CK_MECHANISM_TYPE);
|
|
|
|
|
CK_RV sc_pkcs11_sign_update(struct sc_pkcs11_session *, CK_BYTE_PTR, CK_ULONG);
|
|
|
|
|
CK_RV sc_pkcs11_sign_final(struct sc_pkcs11_session *, CK_BYTE_PTR, CK_ULONG_PTR);
|
2003-01-03 14:28:50 +00:00
|
|
|
CK_RV sc_pkcs11_sign_size(struct sc_pkcs11_session *, CK_ULONG_PTR);
|
2008-03-06 16:06:59 +00:00
|
|
|
#ifdef ENABLE_OPENSSL
|
2003-06-27 15:26:17 +00:00
|
|
|
CK_RV sc_pkcs11_verif_init(struct sc_pkcs11_session *, CK_MECHANISM_PTR,
|
|
|
|
|
struct sc_pkcs11_object *, CK_MECHANISM_TYPE);
|
|
|
|
|
CK_RV sc_pkcs11_verif_update(struct sc_pkcs11_session *, CK_BYTE_PTR, CK_ULONG);
|
|
|
|
|
CK_RV sc_pkcs11_verif_final(struct sc_pkcs11_session *, CK_BYTE_PTR, CK_ULONG);
|
|
|
|
|
#endif
|
2003-10-02 08:29:32 +00:00
|
|
|
CK_RV sc_pkcs11_decr_init(struct sc_pkcs11_session *, CK_MECHANISM_PTR, struct sc_pkcs11_object *, CK_MECHANISM_TYPE);
|
|
|
|
|
CK_RV sc_pkcs11_decr(struct sc_pkcs11_session *, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR, CK_ULONG_PTR);
|
2017-11-17 14:15:12 +00:00
|
|
|
CK_RV sc_pkcs11_wrap(struct sc_pkcs11_session *,CK_MECHANISM_PTR, struct sc_pkcs11_object *, CK_KEY_TYPE, struct sc_pkcs11_object *, CK_BYTE_PTR, CK_ULONG_PTR);
|
|
|
|
|
CK_RV sc_pkcs11_unwrap(struct sc_pkcs11_session *,CK_MECHANISM_PTR, struct sc_pkcs11_object *, CK_KEY_TYPE, CK_BYTE_PTR, CK_ULONG, struct sc_pkcs11_object *);
|
2012-05-22 15:18:00 +00:00
|
|
|
CK_RV sc_pkcs11_deri(struct sc_pkcs11_session *, CK_MECHANISM_PTR,
|
|
|
|
|
struct sc_pkcs11_object *, CK_KEY_TYPE,
|
|
|
|
|
CK_SESSION_HANDLE, CK_OBJECT_HANDLE, struct sc_pkcs11_object *);
|
2002-12-17 11:49:12 +00:00
|
|
|
sc_pkcs11_mechanism_type_t *sc_pkcs11_find_mechanism(struct sc_pkcs11_card *,
|
2010-01-24 20:45:02 +00:00
|
|
|
CK_MECHANISM_TYPE, unsigned int);
|
2002-12-17 11:49:12 +00:00
|
|
|
sc_pkcs11_mechanism_type_t *sc_pkcs11_new_fw_mechanism(CK_MECHANISM_TYPE,
|
|
|
|
|
CK_MECHANISM_INFO_PTR, CK_KEY_TYPE,
|
2015-04-29 23:45:23 +00:00
|
|
|
const void *, void (*)(const void *));
|
2002-12-17 11:49:12 +00:00
|
|
|
sc_pkcs11_operation_t *sc_pkcs11_new_operation(sc_pkcs11_session_t *,
|
|
|
|
|
sc_pkcs11_mechanism_type_t *);
|
|
|
|
|
void sc_pkcs11_release_operation(sc_pkcs11_operation_t **);
|
|
|
|
|
CK_RV sc_pkcs11_register_generic_mechanisms(struct sc_pkcs11_card *);
|
2008-03-06 16:06:59 +00:00
|
|
|
#ifdef ENABLE_OPENSSL
|
2002-12-17 11:49:12 +00:00
|
|
|
void sc_pkcs11_register_openssl_mechanisms(struct sc_pkcs11_card *);
|
|
|
|
|
#endif
|
2002-12-17 20:16:31 +00:00
|
|
|
CK_RV sc_pkcs11_register_sign_and_hash_mechanism(struct sc_pkcs11_card *,
|
|
|
|
|
CK_MECHANISM_TYPE, CK_MECHANISM_TYPE,
|
|
|
|
|
sc_pkcs11_mechanism_type_t *);
|
2002-12-17 11:49:12 +00:00
|
|
|
|
2008-03-06 16:06:59 +00:00
|
|
|
#ifdef ENABLE_OPENSSL
|
2018-10-31 12:10:12 +00:00
|
|
|
CK_RV sc_pkcs11_verify_data(const unsigned char *pubkey, unsigned int pubkey_len,
|
|
|
|
|
const unsigned char *pubkey_params, unsigned int pubkey_params_len,
|
Add support for PSS padding to RSA signatures
A card driver may declare support for computing the padding on the card,
or else the padding will be applied locally in padding.c. All five
PKCS11 PSS mechanisms are supported, for signature and verification.
There are a few limits on what we choose to support, in particular I
don't see a need for arbitrary combinations of MGF hash, data hash, and
salt length, so I've restricted it (for the user's benefit) to the only
cases that really matter, where salt_len = hash_len and the same hash is
used for the MGF and data hashing.
------------------------------------------------------------------------
Reworked and extended in 2018 by Jakub Jelen <jjelen@redhat.com> against
current OpenSC master, to actually work with existing PIV cards:
* extended of missing mechanisms (SHA224, possibility to select MGF1)
* compatibility with OpenSSL 1.1+
* Removed the ANSI padding
* Formatting cleanup, error checking
Based on the original work from
https://github.com/NWilson/OpenSC/commit/42f3199e66
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2015-08-25 11:45:27 +00:00
|
|
|
CK_MECHANISM_PTR mech, sc_pkcs11_operation_t *md,
|
2018-10-31 12:10:12 +00:00
|
|
|
unsigned char *inp, unsigned int inp_len,
|
|
|
|
|
unsigned char *signat, unsigned int signat_len);
|
2003-01-16 20:10:28 +00:00
|
|
|
#endif
|
|
|
|
|
|
2002-12-21 16:45:37 +00:00
|
|
|
/* Load configuration defaults */
|
|
|
|
|
void load_pkcs11_parameters(struct sc_pkcs11_config *, struct sc_context *);
|
|
|
|
|
|
2003-02-17 14:21:38 +00:00
|
|
|
/* Locking primitives at the pkcs11 level */
|
|
|
|
|
CK_RV sc_pkcs11_init_lock(CK_C_INITIALIZE_ARGS_PTR);
|
2003-02-19 13:44:36 +00:00
|
|
|
CK_RV sc_pkcs11_lock(void);
|
2003-02-17 14:21:38 +00:00
|
|
|
void sc_pkcs11_unlock(void);
|
|
|
|
|
void sc_pkcs11_free_lock(void);
|
|
|
|
|
|
2002-04-19 14:23:31 +00:00
|
|
|
#ifdef __cplusplus
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2006-11-30 08:11:58 +00:00
|
|
|
#endif /* __sc_pkcs11_h__ */
|
