QuasarApp/qca
4
0
Fork 0
mirror of https://github.com/QuasarApp/qca.git synced 2025-04-27 12:04:31 +00:00
Code Issues Projects Releases Wiki Activity

pkcs11-helper is now external dependency

Browse Source 
svn path=/trunk/kdesupport/qca/; revision=611362
This commit is contained in:
Alon Bar-Lev 2006-12-07 20:17:50 +00:00
parent cdb5cfcb2a
commit 204251b0d5
16 changed files with 155 additions and 13987 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
cmake/modules/FindPkcs11Helper.cmake Normal file
View File

@ -0,0 +1,48 @@
# - Try to find the pkcs11-helper library
# Once done this will define
#
# PKCS11H_FOUND - system has mozilla-nss lib
# PKCS11H_INCLUDE_DIRS - the mozilla-nss include directories
# PKCS11H_LIBRARIES - Link these to use mozilla-nss
# PKCS11H_DEFINITIONS - Compiler switches required for using pkcs11-helper
#
# Copyright (c) 2006, Laurent Montel, <montel@kde.org>
#
# Redistribution and use is allowed according to the terms of the BSD license.
# For details see the accompanying COPYING-CMAKE-SCRIPTS file.
#
# pkcs11-helper can be found at http://www.opensc-project.org/pkcs11-helper
#
if (PKCS11H_INCLUDE_DIRS AND PKCS11H_LIBRARIES)
# in cache already
SET(PKCS11H_FOUND TRUE)
else (PKCS11H_INCLUDE_DIRS AND PKCS11H_LIBRARIES)
INCLUDE(UsePkgConfig)
PKGCONFIG(libpkcs11-helper-1 _PKCS11HIncDir _PKCS11HLinkDir _PKCS11HLinkFlags _PKCS11HCflags)
set(PKCS11H_DEFINITIONS ${_PKCS11HCflags})
set(PKCS11H_INCLUDE_DIRS ${_PKCS11HIncDir})
set(PKCS11H_LIBRARIES ${_PKCS11HLinkFlags})
if (PKCS11H_INCLUDE_DIRS AND PKCS11H_LIBRARIES)
set(PKCS11H_FOUND TRUE)
endif (PKCS11H_INCLUDE_DIRS AND PKCS11H_LIBRARIES)
if (PKCS11H_FOUND)
if (NOT PKCS11H_FIND_QUIETLY)
message(STATUS "Found pkcs11-helper: ${PKCS11H_LIBRARIES}")
endif (NOT PKCS11H_FIND_QUIETLY)
else (PKCS11H_FOUND)
if (PKCS11H_FIND_REQUIRED)
message(FATAL_ERROR "Could NOT find pkcs11-helper")
endif (PKCS11H_FIND_REQUIRED)
endif (PKCS11H_FOUND)
MARK_AS_ADVANCED(PKCS11H_INCLUDE_DIRS PKCS11H_LIBRARIES)
endif (PKCS11H_INCLUDE_DIRS AND PKCS11H_LIBRARIES)

7
plugins/CMakeLists.txt
View File

@ -2,15 +2,20 @@
FIND_PACKAGE(OpenSSL)
find_package(Sasl2)
FIND_PACKAGE(Nss)
FIND_PACKAGE(Pkcs11Helper)
FIND_PACKAGE(LibGcrypt)
FIND_PACKAGE(Botan)
IF (OPENSSL_FOUND)
ADD_SUBDIRECTORY(qca-openssl)
ADD_SUBDIRECTORY(qca-pkcs11)
MESSAGE(STATUS "OpenSSL plugin enabled")
ENDIF(OPENSSL_FOUND)
IF (OPENSSL_FOUND AND PKCS11H_FOUND)
ADD_SUBDIRECTORY(qca-pkcs11)
MESSAGE(STATUS "PKCS#11 plugin enabled")
ENDIF (OPENSSL_FOUND AND PKCS11H_FOUND)
FIND_PROGRAM(QCA_GPG_EXECUTABLE NAMES gpg)
IF ( QCA_GPG_EXECUTABLE )

3
plugins/qca-pkcs11/.svnignore
View File

@ -9,6 +9,9 @@
*.rej
*.orig
*.dll
*.cmake
*.make
configure
conf.pri
Makefile
CMakeFiles

16
plugins/qca-pkcs11/CMakeLists.txt
View File

@ -1,25 +1,25 @@
# QCA OpenSSL
# qca-pkcs11
SET(QCA_PKCS11_SOURCES qca-pkcs11.cpp)
MY_AUTOMOC( QCA_PKCS11_SOURCES )
ADD_DEFINITIONS(-DOSSL_097)
SET(QCA_PKCS11_SOURCES ${QCA_PKCS11_SOURCES} pkcs11-helper.c)
ADD_LIBRARY(qca-pkcs11 SHARED ${QCA_PKCS11_SOURCES})
INCLUDE_DIRECTORIES(${PKCS11_INCLUDE_DIR} ${OPENSSL_INCLUDE_DIR})
ADD_DEFINITIONS(${PKCS11H_DEFINITIONS})
INCLUDE_DIRECTORIES(${PKCS11H_INCLUDE_DIR})
INCLUDE_DIRECTORIES(${OPENSSL_INCLUDE_DIR})
TARGET_LINK_LIBRARIES(qca-pkcs11 ${QT_QTCORE_LIBRARY})
TARGET_LINK_LIBRARIES(qca-pkcs11 qca)
TARGET_LINK_LIBRARIES(qca-pkcs11 ${PKCS11H_LIBRARIES})
TARGET_LINK_LIBRARIES(qca-pkcs11 ${OPENSSL_LIBRARIES})
if(APPLE)
TARGET_LINK_LIBRARIES(qca-pkcs11 crypto)
TARGET_LINK_LIBRARIES(qca-pkcs11 crypto)
endif(APPLE)
IF (WIN32)
ADD_DEFINITIONS(-DOSSL_097)
TARGET_LINK_LIBRARIES(qca-pkcs11 gdi32)
TARGET_LINK_LIBRARIES(qca-pkcs11 wsock32)
TARGET_LINK_LIBRARIES(qca-pkcs11 ssleay32 libeay32)
TARGET_LINK_LIBRARIES(qca-pkcs11 eay32)
ENDIF (WIN32)
INSTALL(TARGETS qca-pkcs11 LIBRARY DESTINATION ${qca_PLUGINSDIR})

66
plugins/qca-pkcs11/cryptoki-win32.h
View File

@ -1,66 +0,0 @@
/* cryptoki.h include file for PKCS #11. */
/* $Revision: 1.4 $ */
/* License to copy and use this software is granted provided that it is
* identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
* (Cryptoki)" in all material mentioning or referencing this software.
* License is also granted to make and use derivative works provided that
* such works are identified as "derived from the RSA Security Inc. PKCS #11
* Cryptographic Token Interface (Cryptoki)" in all material mentioning or
* referencing the derived work.
* RSA Security Inc. makes no representations concerning either the
* merchantability of this software or the suitability of this software for
* any particular purpose. It is provided "as is" without express or implied
* warranty of any kind.
*/
/* This is a sample file containing the top level include directives
* for building Win32 Cryptoki libraries and applications.
*/
#ifndef ___CRYPTOKI_H_INC___
#define ___CRYPTOKI_H_INC___
#pragma pack(push, cryptoki, 1)
/* Specifies that the function is a DLL entry point. */
#define CK_IMPORT_SPEC __declspec(dllimport)
/* Define CRYPTOKI_EXPORTS during the build of cryptoki libraries. Do
* not define it in applications.
*/
#ifdef CRYPTOKI_EXPORTS
/* Specified that the function is an exported DLL entry point. */
#define CK_EXPORT_SPEC __declspec(dllexport)
#else
#define CK_EXPORT_SPEC CK_IMPORT_SPEC
#endif
/* Ensures the calling convention for Win32 builds */
#define CK_CALL_SPEC __cdecl
#define CK_PTR *
#define CK_DEFINE_FUNCTION(returnType, name) \
returnType CK_EXPORT_SPEC CK_CALL_SPEC name
#define CK_DECLARE_FUNCTION(returnType, name) \
returnType CK_EXPORT_SPEC CK_CALL_SPEC name
#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
returnType CK_IMPORT_SPEC (CK_CALL_SPEC CK_PTR name)
#define CK_CALLBACK_FUNCTION(returnType, name) \
returnType (CK_CALL_SPEC CK_PTR name)
#ifndef NULL_PTR
#define NULL_PTR 0
#endif
#include "pkcs11-headers/pkcs11.h"
#pragma pack(pop, cryptoki)
#endif /* ___CRYPTOKI_H_INC___ */

35
plugins/qca-pkcs11/cryptoki.h
View File

@ -1,35 +0,0 @@
/* cryptoki.h include file for PKCS #11. */
/* $Revision: 1.4 $ */
/* License to copy and use this software is granted provided that it is
* identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
* (Cryptoki)" in all material mentioning or referencing this software.
* License is also granted to make and use derivative works provided that
* such works are identified as "derived from the RSA Security Inc. PKCS #11
* Cryptographic Token Interface (Cryptoki)" in all material mentioning or
* referencing the derived work.
* RSA Security Inc. makes no representations concerning either the
* merchantability of this software or the suitability of this software for
* any particular purpose. It is provided "as is" without express or implied
* warranty of any kind.
*/
#ifndef ___CRYPTOKI_H_INC___
#define ___CRYPTOKI_H_INC___
#define CK_PTR *
#define CK_DEFINE_FUNCTION(returnType, name) returnType name
#define CK_DECLARE_FUNCTION(returnType, name) returnType name
#define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType (* name)
#define CK_CALLBACK_FUNCTION(returnType, name) returnType (* name)
#ifndef NULL_PTR
#define NULL_PTR 0
#endif
#include "pkcs11-headers/pkcs11.h"
#endif /* ___CRYPTOKI_H_INC___ */

299
plugins/qca-pkcs11/pkcs11-headers/pkcs11.h
View File

@ -1,299 +0,0 @@
/* pkcs11.h include file for PKCS #11. */
/* $Revision: 1.4 $ */
/* License to copy and use this software is granted provided that it is
* identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
* (Cryptoki)" in all material mentioning or referencing this software.
* License is also granted to make and use derivative works provided that
* such works are identified as "derived from the RSA Security Inc. PKCS #11
* Cryptographic Token Interface (Cryptoki)" in all material mentioning or
* referencing the derived work.
* RSA Security Inc. makes no representations concerning either the
* merchantability of this software or the suitability of this software for
* any particular purpose. It is provided "as is" without express or implied
* warranty of any kind.
*/
#ifndef _PKCS11_H_
#define _PKCS11_H_ 1
#ifdef __cplusplus
extern "C" {
#endif
/* Before including this file (pkcs11.h) (or pkcs11t.h by
* itself), 6 platform-specific macros must be defined. These
* macros are described below, and typical definitions for them
* are also given. Be advised that these definitions can depend
* on both the platform and the compiler used (and possibly also
* on whether a Cryptoki library is linked statically or
* dynamically).
*
* In addition to defining these 6 macros, the packing convention
* for Cryptoki structures should be set. The Cryptoki
* convention on packing is that structures should be 1-byte
* aligned.
*
* If you're using Microsoft Developer Studio 5.0 to produce
* Win32 stuff, this might be done by using the following
* preprocessor directive before including pkcs11.h or pkcs11t.h:
*
* #pragma pack(push, cryptoki, 1)
*
* and using the following preprocessor directive after including
* pkcs11.h or pkcs11t.h:
*
* #pragma pack(pop, cryptoki)
*
* If you're using an earlier version of Microsoft Developer
* Studio to produce Win16 stuff, this might be done by using
* the following preprocessor directive before including
* pkcs11.h or pkcs11t.h:
*
* #pragma pack(1)
*
* In a UNIX environment, you're on your own for this. You might
* not need to do (or be able to do!) anything.
*
*
* Now for the macros:
*
*
* 1. CK_PTR: The indirection string for making a pointer to an
* object. It can be used like this:
*
* typedef CK_BYTE CK_PTR CK_BYTE_PTR;
*
* If you're using Microsoft Developer Studio 5.0 to produce
* Win32 stuff, it might be defined by:
*
* #define CK_PTR *
*
* If you're using an earlier version of Microsoft Developer
* Studio to produce Win16 stuff, it might be defined by:
*
* #define CK_PTR far *
*
* In a typical UNIX environment, it might be defined by:
*
* #define CK_PTR *
*
*
* 2. CK_DEFINE_FUNCTION(returnType, name): A macro which makes
* an exportable Cryptoki library function definition out of a
* return type and a function name. It should be used in the
* following fashion to define the exposed Cryptoki functions in
* a Cryptoki library:
*
* CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(
* CK_VOID_PTR pReserved
* )
* {
* ...
* }
*
* If you're using Microsoft Developer Studio 5.0 to define a
* function in a Win32 Cryptoki .dll, it might be defined by:
*
* #define CK_DEFINE_FUNCTION(returnType, name) \
* returnType __declspec(dllexport) name
*
* If you're using an earlier version of Microsoft Developer
* Studio to define a function in a Win16 Cryptoki .dll, it
* might be defined by:
*
* #define CK_DEFINE_FUNCTION(returnType, name) \
* returnType __export _far _pascal name
*
* In a UNIX environment, it might be defined by:
*
* #define CK_DEFINE_FUNCTION(returnType, name) \
* returnType name
*
*
* 3. CK_DECLARE_FUNCTION(returnType, name): A macro which makes
* an importable Cryptoki library function declaration out of a
* return type and a function name. It should be used in the
* following fashion:
*
* extern CK_DECLARE_FUNCTION(CK_RV, C_Initialize)(
* CK_VOID_PTR pReserved
* );
*
* If you're using Microsoft Developer Studio 5.0 to declare a
* function in a Win32 Cryptoki .dll, it might be defined by:
*
* #define CK_DECLARE_FUNCTION(returnType, name) \
* returnType __declspec(dllimport) name
*
* If you're using an earlier version of Microsoft Developer
* Studio to declare a function in a Win16 Cryptoki .dll, it
* might be defined by:
*
* #define CK_DECLARE_FUNCTION(returnType, name) \
* returnType __export _far _pascal name
*
* In a UNIX environment, it might be defined by:
*
* #define CK_DECLARE_FUNCTION(returnType, name) \
* returnType name
*
*
* 4. CK_DECLARE_FUNCTION_POINTER(returnType, name): A macro
* which makes a Cryptoki API function pointer declaration or
* function pointer type declaration out of a return type and a
* function name. It should be used in the following fashion:
*
* // Define funcPtr to be a pointer to a Cryptoki API function
* // taking arguments args and returning CK_RV.
* CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtr)(args);
*
* or
*
* // Define funcPtrType to be the type of a pointer to a
* // Cryptoki API function taking arguments args and returning
* // CK_RV, and then define funcPtr to be a variable of type
* // funcPtrType.
* typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtrType)(args);
* funcPtrType funcPtr;
*
* If you're using Microsoft Developer Studio 5.0 to access
* functions in a Win32 Cryptoki .dll, in might be defined by:
*
* #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
* returnType __declspec(dllimport) (* name)
*
* If you're using an earlier version of Microsoft Developer
* Studio to access functions in a Win16 Cryptoki .dll, it might
* be defined by:
*
* #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
* returnType __export _far _pascal (* name)
*
* In a UNIX environment, it might be defined by:
*
* #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
* returnType (* name)
*
*
* 5. CK_CALLBACK_FUNCTION(returnType, name): A macro which makes
* a function pointer type for an application callback out of
* a return type for the callback and a name for the callback.
* It should be used in the following fashion:
*
* CK_CALLBACK_FUNCTION(CK_RV, myCallback)(args);
*
* to declare a function pointer, myCallback, to a callback
* which takes arguments args and returns a CK_RV. It can also
* be used like this:
*
* typedef CK_CALLBACK_FUNCTION(CK_RV, myCallbackType)(args);
* myCallbackType myCallback;
*
* If you're using Microsoft Developer Studio 5.0 to do Win32
* Cryptoki development, it might be defined by:
*
* #define CK_CALLBACK_FUNCTION(returnType, name) \
* returnType (* name)
*
* If you're using an earlier version of Microsoft Developer
* Studio to do Win16 development, it might be defined by:
*
* #define CK_CALLBACK_FUNCTION(returnType, name) \
* returnType _far _pascal (* name)
*
* In a UNIX environment, it might be defined by:
*
* #define CK_CALLBACK_FUNCTION(returnType, name) \
* returnType (* name)
*
*
* 6. NULL_PTR: This macro is the value of a NULL pointer.
*
* In any ANSI/ISO C environment (and in many others as well),
* this should best be defined by
*
* #ifndef NULL_PTR
* #define NULL_PTR 0
* #endif
*/
/* All the various Cryptoki types and #define'd values are in the
* file pkcs11t.h. */
#include "pkcs11t.h"
#define __PASTE(x,y) x##y
/* ==============================================================
* Define the "extern" form of all the entry points.
* ==============================================================
*/
#define CK_NEED_ARG_LIST 1
#define CK_PKCS11_FUNCTION_INFO(name) \
extern CK_DECLARE_FUNCTION(CK_RV, name)
/* pkcs11f.h has all the information about the Cryptoki
* function prototypes. */
#include "pkcs11f.h"
#undef CK_NEED_ARG_LIST
#undef CK_PKCS11_FUNCTION_INFO
/* ==============================================================
* Define the typedef form of all the entry points. That is, for
* each Cryptoki function C_XXX, define a type CK_C_XXX which is
* a pointer to that kind of function.
* ==============================================================
*/
#define CK_NEED_ARG_LIST 1
#define CK_PKCS11_FUNCTION_INFO(name) \
typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, __PASTE(CK_,name))
/* pkcs11f.h has all the information about the Cryptoki
* function prototypes. */
#include "pkcs11f.h"
#undef CK_NEED_ARG_LIST
#undef CK_PKCS11_FUNCTION_INFO
/* ==============================================================
* Define structed vector of entry points. A CK_FUNCTION_LIST
* contains a CK_VERSION indicating a library's Cryptoki version
* and then a whole slew of function pointers to the routines in
* the library. This type was declared, but not defined, in
* pkcs11t.h.
* ==============================================================
*/
#define CK_PKCS11_FUNCTION_INFO(name) \
__PASTE(CK_,name) name;
struct CK_FUNCTION_LIST {
CK_VERSION version; /* Cryptoki version */
/* Pile all the function pointers into the CK_FUNCTION_LIST. */
/* pkcs11f.h has all the information about the Cryptoki
* function prototypes. */
#include "pkcs11f.h"
};
#undef CK_PKCS11_FUNCTION_INFO
#undef __PASTE
#ifdef __cplusplus
}
#endif
#endif

912
plugins/qca-pkcs11/pkcs11-headers/pkcs11f.h
View File

@ -1,912 +0,0 @@
/* pkcs11f.h include file for PKCS #11. */
/* $Revision: 1.4 $ */
/* License to copy and use this software is granted provided that it is
* identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
* (Cryptoki)" in all material mentioning or referencing this software.
* License is also granted to make and use derivative works provided that
* such works are identified as "derived from the RSA Security Inc. PKCS #11
* Cryptographic Token Interface (Cryptoki)" in all material mentioning or
* referencing the derived work.
* RSA Security Inc. makes no representations concerning either the
* merchantability of this software or the suitability of this software for
* any particular purpose. It is provided "as is" without express or implied
* warranty of any kind.
*/
/* This header file contains pretty much everything about all the */
/* Cryptoki function prototypes. Because this information is */
/* used for more than just declaring function prototypes, the */
/* order of the functions appearing herein is important, and */
/* should not be altered. */
/* General-purpose */
/* C_Initialize initializes the Cryptoki library. */
CK_PKCS11_FUNCTION_INFO(C_Initialize)
#ifdef CK_NEED_ARG_LIST
(
CK_VOID_PTR pInitArgs /* if this is not NULL_PTR, it gets
* cast to CK_C_INITIALIZE_ARGS_PTR
* and dereferenced */
);
#endif
/* C_Finalize indicates that an application is done with the
* Cryptoki library. */
CK_PKCS11_FUNCTION_INFO(C_Finalize)
#ifdef CK_NEED_ARG_LIST
(
CK_VOID_PTR pReserved /* reserved. Should be NULL_PTR */
);
#endif
/* C_GetInfo returns general information about Cryptoki. */
CK_PKCS11_FUNCTION_INFO(C_GetInfo)
#ifdef CK_NEED_ARG_LIST
(
CK_INFO_PTR pInfo /* location that receives information */
);
#endif
/* C_GetFunctionList returns the function list. */
CK_PKCS11_FUNCTION_INFO(C_GetFunctionList)
#ifdef CK_NEED_ARG_LIST
(
CK_FUNCTION_LIST_PTR_PTR ppFunctionList /* receives pointer to
* function list */
);
#endif
/* Slot and token management */
/* C_GetSlotList obtains a list of slots in the system. */
CK_PKCS11_FUNCTION_INFO(C_GetSlotList)
#ifdef CK_NEED_ARG_LIST
(
CK_BBOOL tokenPresent, /* only slots with tokens? */
CK_SLOT_ID_PTR pSlotList, /* receives array of slot IDs */
CK_ULONG_PTR pulCount /* receives number of slots */
);
#endif
/* C_GetSlotInfo obtains information about a particular slot in
* the system. */
CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo)
#ifdef CK_NEED_ARG_LIST
(
CK_SLOT_ID slotID, /* the ID of the slot */
CK_SLOT_INFO_PTR pInfo /* receives the slot information */
);
#endif
/* C_GetTokenInfo obtains information about a particular token
* in the system. */
CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo)
#ifdef CK_NEED_ARG_LIST
(
CK_SLOT_ID slotID, /* ID of the token's slot */
CK_TOKEN_INFO_PTR pInfo /* receives the token information */
);
#endif
/* C_GetMechanismList obtains a list of mechanism types
* supported by a token. */
CK_PKCS11_FUNCTION_INFO(C_GetMechanismList)
#ifdef CK_NEED_ARG_LIST
(
CK_SLOT_ID slotID, /* ID of token's slot */
CK_MECHANISM_TYPE_PTR pMechanismList, /* gets mech. array */
CK_ULONG_PTR pulCount /* gets # of mechs. */
);
#endif
/* C_GetMechanismInfo obtains information about a particular
* mechanism possibly supported by a token. */
CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo)
#ifdef CK_NEED_ARG_LIST
(
CK_SLOT_ID slotID, /* ID of the token's slot */
CK_MECHANISM_TYPE type, /* type of mechanism */
CK_MECHANISM_INFO_PTR pInfo /* receives mechanism info */
);
#endif
/* C_InitToken initializes a token. */
CK_PKCS11_FUNCTION_INFO(C_InitToken)
#ifdef CK_NEED_ARG_LIST
/* pLabel changed from CK_CHAR_PTR to CK_UTF8CHAR_PTR for v2.10 */
(
CK_SLOT_ID slotID, /* ID of the token's slot */
CK_UTF8CHAR_PTR pPin, /* the SO's initial PIN */
CK_ULONG ulPinLen, /* length in bytes of the PIN */
CK_UTF8CHAR_PTR pLabel /* 32-byte token label (blank padded) */
);
#endif
/* C_InitPIN initializes the normal user's PIN. */
CK_PKCS11_FUNCTION_INFO(C_InitPIN)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_UTF8CHAR_PTR pPin, /* the normal user's PIN */
CK_ULONG ulPinLen /* length in bytes of the PIN */
);
#endif
/* C_SetPIN modifies the PIN of the user who is logged in. */
CK_PKCS11_FUNCTION_INFO(C_SetPIN)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_UTF8CHAR_PTR pOldPin, /* the old PIN */
CK_ULONG ulOldLen, /* length of the old PIN */
CK_UTF8CHAR_PTR pNewPin, /* the new PIN */
CK_ULONG ulNewLen /* length of the new PIN */
);
#endif
/* Session management */
/* C_OpenSession opens a session between an application and a
* token. */
CK_PKCS11_FUNCTION_INFO(C_OpenSession)
#ifdef CK_NEED_ARG_LIST
(
CK_SLOT_ID slotID, /* the slot's ID */
CK_FLAGS flags, /* from CK_SESSION_INFO */
CK_VOID_PTR pApplication, /* passed to callback */
CK_NOTIFY Notify, /* callback function */
CK_SESSION_HANDLE_PTR phSession /* gets session handle */
);
#endif
/* C_CloseSession closes a session between an application and a
* token. */
CK_PKCS11_FUNCTION_INFO(C_CloseSession)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession /* the session's handle */
);
#endif
/* C_CloseAllSessions closes all sessions with a token. */
CK_PKCS11_FUNCTION_INFO(C_CloseAllSessions)
#ifdef CK_NEED_ARG_LIST
(
CK_SLOT_ID slotID /* the token's slot */
);
#endif
/* C_GetSessionInfo obtains information about the session. */
CK_PKCS11_FUNCTION_INFO(C_GetSessionInfo)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_SESSION_INFO_PTR pInfo /* receives session info */
);
#endif
/* C_GetOperationState obtains the state of the cryptographic operation
* in a session. */
CK_PKCS11_FUNCTION_INFO(C_GetOperationState)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* session's handle */
CK_BYTE_PTR pOperationState, /* gets state */
CK_ULONG_PTR pulOperationStateLen /* gets state length */
);
#endif
/* C_SetOperationState restores the state of the cryptographic
* operation in a session. */
CK_PKCS11_FUNCTION_INFO(C_SetOperationState)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* session's handle */
CK_BYTE_PTR pOperationState, /* holds state */
CK_ULONG ulOperationStateLen, /* holds state length */
CK_OBJECT_HANDLE hEncryptionKey, /* en/decryption key */
CK_OBJECT_HANDLE hAuthenticationKey /* sign/verify key */
);
#endif
/* C_Login logs a user into a token. */
CK_PKCS11_FUNCTION_INFO(C_Login)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_USER_TYPE userType, /* the user type */
CK_UTF8CHAR_PTR pPin, /* the user's PIN */
CK_ULONG ulPinLen /* the length of the PIN */
);
#endif
/* C_Logout logs a user out from a token. */
CK_PKCS11_FUNCTION_INFO(C_Logout)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession /* the session's handle */
);
#endif
/* Object management */
/* C_CreateObject creates a new object. */
CK_PKCS11_FUNCTION_INFO(C_CreateObject)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_ATTRIBUTE_PTR pTemplate, /* the object's template */
CK_ULONG ulCount, /* attributes in template */
CK_OBJECT_HANDLE_PTR phObject /* gets new object's handle. */
);
#endif
/* C_CopyObject copies an object, creating a new object for the
* copy. */
CK_PKCS11_FUNCTION_INFO(C_CopyObject)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_OBJECT_HANDLE hObject, /* the object's handle */
CK_ATTRIBUTE_PTR pTemplate, /* template for new object */
CK_ULONG ulCount, /* attributes in template */
CK_OBJECT_HANDLE_PTR phNewObject /* receives handle of copy */
);
#endif
/* C_DestroyObject destroys an object. */
CK_PKCS11_FUNCTION_INFO(C_DestroyObject)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_OBJECT_HANDLE hObject /* the object's handle */
);
#endif
/* C_GetObjectSize gets the size of an object in bytes. */
CK_PKCS11_FUNCTION_INFO(C_GetObjectSize)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_OBJECT_HANDLE hObject, /* the object's handle */
CK_ULONG_PTR pulSize /* receives size of object */
);
#endif
/* C_GetAttributeValue obtains the value of one or more object
* attributes. */
CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_OBJECT_HANDLE hObject, /* the object's handle */
CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs; gets vals */
CK_ULONG ulCount /* attributes in template */
);
#endif
/* C_SetAttributeValue modifies the value of one or more object
* attributes */
CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_OBJECT_HANDLE hObject, /* the object's handle */
CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs and values */
CK_ULONG ulCount /* attributes in template */
);
#endif
/* C_FindObjectsInit initializes a search for token and session
* objects that match a template. */
CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_ATTRIBUTE_PTR pTemplate, /* attribute values to match */
CK_ULONG ulCount /* attrs in search template */
);
#endif
/* C_FindObjects continues a search for token and session
* objects that match a template, obtaining additional object
* handles. */
CK_PKCS11_FUNCTION_INFO(C_FindObjects)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* session's handle */
CK_OBJECT_HANDLE_PTR phObject, /* gets obj. handles */
CK_ULONG ulMaxObjectCount, /* max handles to get */
CK_ULONG_PTR pulObjectCount /* actual # returned */
);
#endif
/* C_FindObjectsFinal finishes a search for token and session
* objects. */
CK_PKCS11_FUNCTION_INFO(C_FindObjectsFinal)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession /* the session's handle */
);
#endif
/* Encryption and decryption */
/* C_EncryptInit initializes an encryption operation. */
CK_PKCS11_FUNCTION_INFO(C_EncryptInit)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_MECHANISM_PTR pMechanism, /* the encryption mechanism */
CK_OBJECT_HANDLE hKey /* handle of encryption key */
);
#endif
/* C_Encrypt encrypts single-part data. */
CK_PKCS11_FUNCTION_INFO(C_Encrypt)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* session's handle */
CK_BYTE_PTR pData, /* the plaintext data */
CK_ULONG ulDataLen, /* bytes of plaintext */
CK_BYTE_PTR pEncryptedData, /* gets ciphertext */
CK_ULONG_PTR pulEncryptedDataLen /* gets c-text size */
);
#endif
/* C_EncryptUpdate continues a multiple-part encryption
* operation. */
CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* session's handle */
CK_BYTE_PTR pPart, /* the plaintext data */
CK_ULONG ulPartLen, /* plaintext data len */
CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
CK_ULONG_PTR pulEncryptedPartLen /* gets c-text size */
);
#endif
/* C_EncryptFinal finishes a multiple-part encryption
* operation. */
CK_PKCS11_FUNCTION_INFO(C_EncryptFinal)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* session handle */
CK_BYTE_PTR pLastEncryptedPart, /* last c-text */
CK_ULONG_PTR pulLastEncryptedPartLen /* gets last size */
);
#endif
/* C_DecryptInit initializes a decryption operation. */
CK_PKCS11_FUNCTION_INFO(C_DecryptInit)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_MECHANISM_PTR pMechanism, /* the decryption mechanism */
CK_OBJECT_HANDLE hKey /* handle of decryption key */
);
#endif
/* C_Decrypt decrypts encrypted data in a single part. */
CK_PKCS11_FUNCTION_INFO(C_Decrypt)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* session's handle */
CK_BYTE_PTR pEncryptedData, /* ciphertext */
CK_ULONG ulEncryptedDataLen, /* ciphertext length */
CK_BYTE_PTR pData, /* gets plaintext */
CK_ULONG_PTR pulDataLen /* gets p-text size */
);
#endif
/* C_DecryptUpdate continues a multiple-part decryption
* operation. */
CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* session's handle */
CK_BYTE_PTR pEncryptedPart, /* encrypted data */
CK_ULONG ulEncryptedPartLen, /* input length */
CK_BYTE_PTR pPart, /* gets plaintext */
CK_ULONG_PTR pulPartLen /* p-text size */
);
#endif
/* C_DecryptFinal finishes a multiple-part decryption
* operation. */
CK_PKCS11_FUNCTION_INFO(C_DecryptFinal)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_BYTE_PTR pLastPart, /* gets plaintext */
CK_ULONG_PTR pulLastPartLen /* p-text size */
);
#endif
/* Message digesting */
/* C_DigestInit initializes a message-digesting operation. */
CK_PKCS11_FUNCTION_INFO(C_DigestInit)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_MECHANISM_PTR pMechanism /* the digesting mechanism */
);
#endif
/* C_Digest digests data in a single part. */
CK_PKCS11_FUNCTION_INFO(C_Digest)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_BYTE_PTR pData, /* data to be digested */
CK_ULONG ulDataLen, /* bytes of data to digest */
CK_BYTE_PTR pDigest, /* gets the message digest */
CK_ULONG_PTR pulDigestLen /* gets digest length */
);
#endif
/* C_DigestUpdate continues a multiple-part message-digesting
* operation. */
CK_PKCS11_FUNCTION_INFO(C_DigestUpdate)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_BYTE_PTR pPart, /* data to be digested */
CK_ULONG ulPartLen /* bytes of data to be digested */
);
#endif
/* C_DigestKey continues a multi-part message-digesting
* operation, by digesting the value of a secret key as part of
* the data already digested. */
CK_PKCS11_FUNCTION_INFO(C_DigestKey)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_OBJECT_HANDLE hKey /* secret key to digest */
);
#endif
/* C_DigestFinal finishes a multiple-part message-digesting
* operation. */
CK_PKCS11_FUNCTION_INFO(C_DigestFinal)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_BYTE_PTR pDigest, /* gets the message digest */
CK_ULONG_PTR pulDigestLen /* gets byte count of digest */
);
#endif
/* Signing and MACing */
/* C_SignInit initializes a signature (private key encryption)
* operation, where the signature is (will be) an appendix to
* the data, and plaintext cannot be recovered from the
*signature. */
CK_PKCS11_FUNCTION_INFO(C_SignInit)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_MECHANISM_PTR pMechanism, /* the signature mechanism */
CK_OBJECT_HANDLE hKey /* handle of signature key */
);
#endif
/* C_Sign signs (encrypts with private key) data in a single
* part, where the signature is (will be) an appendix to the
* data, and plaintext cannot be recovered from the signature. */
CK_PKCS11_FUNCTION_INFO(C_Sign)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_BYTE_PTR pData, /* the data to sign */
CK_ULONG ulDataLen, /* count of bytes to sign */
CK_BYTE_PTR pSignature, /* gets the signature */
CK_ULONG_PTR pulSignatureLen /* gets signature length */
);
#endif
/* C_SignUpdate continues a multiple-part signature operation,
* where the signature is (will be) an appendix to the data,
* and plaintext cannot be recovered from the signature. */
CK_PKCS11_FUNCTION_INFO(C_SignUpdate)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_BYTE_PTR pPart, /* the data to sign */
CK_ULONG ulPartLen /* count of bytes to sign */
);
#endif
/* C_SignFinal finishes a multiple-part signature operation,
* returning the signature. */
CK_PKCS11_FUNCTION_INFO(C_SignFinal)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_BYTE_PTR pSignature, /* gets the signature */
CK_ULONG_PTR pulSignatureLen /* gets signature length */
);
#endif
/* C_SignRecoverInit initializes a signature operation, where
* the data can be recovered from the signature. */
CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_MECHANISM_PTR pMechanism, /* the signature mechanism */
CK_OBJECT_HANDLE hKey /* handle of the signature key */
);
#endif
/* C_SignRecover signs data in a single operation, where the
* data can be recovered from the signature. */
CK_PKCS11_FUNCTION_INFO(C_SignRecover)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_BYTE_PTR pData, /* the data to sign */
CK_ULONG ulDataLen, /* count of bytes to sign */
CK_BYTE_PTR pSignature, /* gets the signature */
CK_ULONG_PTR pulSignatureLen /* gets signature length */
);
#endif
/* Verifying signatures and MACs */
/* C_VerifyInit initializes a verification operation, where the
* signature is an appendix to the data, and plaintext cannot
* cannot be recovered from the signature (e.g. DSA). */
CK_PKCS11_FUNCTION_INFO(C_VerifyInit)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_MECHANISM_PTR pMechanism, /* the verification mechanism */
CK_OBJECT_HANDLE hKey /* verification key */
);
#endif
/* C_Verify verifies a signature in a single-part operation,
* where the signature is an appendix to the data, and plaintext
* cannot be recovered from the signature. */
CK_PKCS11_FUNCTION_INFO(C_Verify)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_BYTE_PTR pData, /* signed data */
CK_ULONG ulDataLen, /* length of signed data */
CK_BYTE_PTR pSignature, /* signature */
CK_ULONG ulSignatureLen /* signature length*/
);
#endif
/* C_VerifyUpdate continues a multiple-part verification
* operation, where the signature is an appendix to the data,
* and plaintext cannot be recovered from the signature. */
CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_BYTE_PTR pPart, /* signed data */
CK_ULONG ulPartLen /* length of signed data */
);
#endif
/* C_VerifyFinal finishes a multiple-part verification
* operation, checking the signature. */
CK_PKCS11_FUNCTION_INFO(C_VerifyFinal)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_BYTE_PTR pSignature, /* signature to verify */
CK_ULONG ulSignatureLen /* signature length */
);
#endif
/* C_VerifyRecoverInit initializes a signature verification
* operation, where the data is recovered from the signature. */
CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_MECHANISM_PTR pMechanism, /* the verification mechanism */
CK_OBJECT_HANDLE hKey /* verification key */
);
#endif
/* C_VerifyRecover verifies a signature in a single-part
* operation, where the data is recovered from the signature. */
CK_PKCS11_FUNCTION_INFO(C_VerifyRecover)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_BYTE_PTR pSignature, /* signature to verify */
CK_ULONG ulSignatureLen, /* signature length */
CK_BYTE_PTR pData, /* gets signed data */
CK_ULONG_PTR pulDataLen /* gets signed data len */
);
#endif
/* Dual-function cryptographic operations */
/* C_DigestEncryptUpdate continues a multiple-part digesting
* and encryption operation. */
CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* session's handle */
CK_BYTE_PTR pPart, /* the plaintext data */
CK_ULONG ulPartLen, /* plaintext length */
CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */
);
#endif
/* C_DecryptDigestUpdate continues a multiple-part decryption and
* digesting operation. */
CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* session's handle */
CK_BYTE_PTR pEncryptedPart, /* ciphertext */
CK_ULONG ulEncryptedPartLen, /* ciphertext length */
CK_BYTE_PTR pPart, /* gets plaintext */
CK_ULONG_PTR pulPartLen /* gets plaintext len */
);
#endif
/* C_SignEncryptUpdate continues a multiple-part signing and
* encryption operation. */
CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* session's handle */
CK_BYTE_PTR pPart, /* the plaintext data */
CK_ULONG ulPartLen, /* plaintext length */
CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */
);
#endif
/* C_DecryptVerifyUpdate continues a multiple-part decryption and
* verify operation. */
CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* session's handle */
CK_BYTE_PTR pEncryptedPart, /* ciphertext */
CK_ULONG ulEncryptedPartLen, /* ciphertext length */
CK_BYTE_PTR pPart, /* gets plaintext */
CK_ULONG_PTR pulPartLen /* gets p-text length */
);
#endif
/* Key management */
/* C_GenerateKey generates a secret key, creating a new key
* object. */
CK_PKCS11_FUNCTION_INFO(C_GenerateKey)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_MECHANISM_PTR pMechanism, /* key generation mech. */
CK_ATTRIBUTE_PTR pTemplate, /* template for new key */
CK_ULONG ulCount, /* # of attrs in template */
CK_OBJECT_HANDLE_PTR phKey /* gets handle of new key */
);
#endif
/* C_GenerateKeyPair generates a public-key/private-key pair,
* creating new key objects. */
CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* session
* handle */
CK_MECHANISM_PTR pMechanism, /* key-gen
* mech. */
CK_ATTRIBUTE_PTR pPublicKeyTemplate, /* template
* for pub.
* key */
CK_ULONG ulPublicKeyAttributeCount, /* # pub.
* attrs. */
CK_ATTRIBUTE_PTR pPrivateKeyTemplate, /* template
* for priv.
* key */
CK_ULONG ulPrivateKeyAttributeCount, /* # priv.
* attrs. */
CK_OBJECT_HANDLE_PTR phPublicKey, /* gets pub.
* key
* handle */
CK_OBJECT_HANDLE_PTR phPrivateKey /* gets
* priv. key
* handle */
);
#endif
/* C_WrapKey wraps (i.e., encrypts) a key. */
CK_PKCS11_FUNCTION_INFO(C_WrapKey)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_MECHANISM_PTR pMechanism, /* the wrapping mechanism */
CK_OBJECT_HANDLE hWrappingKey, /* wrapping key */
CK_OBJECT_HANDLE hKey, /* key to be wrapped */
CK_BYTE_PTR pWrappedKey, /* gets wrapped key */
CK_ULONG_PTR pulWrappedKeyLen /* gets wrapped key size */
);
#endif
/* C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new
* key object. */
CK_PKCS11_FUNCTION_INFO(C_UnwrapKey)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* session's handle */
CK_MECHANISM_PTR pMechanism, /* unwrapping mech. */
CK_OBJECT_HANDLE hUnwrappingKey, /* unwrapping key */
CK_BYTE_PTR pWrappedKey, /* the wrapped key */
CK_ULONG ulWrappedKeyLen, /* wrapped key len */
CK_ATTRIBUTE_PTR pTemplate, /* new key template */
CK_ULONG ulAttributeCount, /* template length */
CK_OBJECT_HANDLE_PTR phKey /* gets new handle */
);
#endif
/* C_DeriveKey derives a key from a base key, creating a new key
* object. */
CK_PKCS11_FUNCTION_INFO(C_DeriveKey)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* session's handle */
CK_MECHANISM_PTR pMechanism, /* key deriv. mech. */
CK_OBJECT_HANDLE hBaseKey, /* base key */
CK_ATTRIBUTE_PTR pTemplate, /* new key template */
CK_ULONG ulAttributeCount, /* template length */
CK_OBJECT_HANDLE_PTR phKey /* gets new handle */
);
#endif
/* Random number generation */
/* C_SeedRandom mixes additional seed material into the token's
* random number generator. */
CK_PKCS11_FUNCTION_INFO(C_SeedRandom)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_BYTE_PTR pSeed, /* the seed material */
CK_ULONG ulSeedLen /* length of seed material */
);
#endif
/* C_GenerateRandom generates random data. */
CK_PKCS11_FUNCTION_INFO(C_GenerateRandom)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession, /* the session's handle */
CK_BYTE_PTR RandomData, /* receives the random data */
CK_ULONG ulRandomLen /* # of bytes to generate */
);
#endif
/* Parallel function management */
/* C_GetFunctionStatus is a legacy function; it obtains an
* updated status of a function running in parallel with an
* application. */
CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession /* the session's handle */
);
#endif
/* C_CancelFunction is a legacy function; it cancels a function
* running in parallel. */
CK_PKCS11_FUNCTION_INFO(C_CancelFunction)
#ifdef CK_NEED_ARG_LIST
(
CK_SESSION_HANDLE hSession /* the session's handle */
);
#endif
/* Functions added in for Cryptoki Version 2.01 or later */
/* C_WaitForSlotEvent waits for a slot event (token insertion,
* removal, etc.) to occur. */
CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent)
#ifdef CK_NEED_ARG_LIST
(
CK_FLAGS flags, /* blocking/nonblocking flag */
CK_SLOT_ID_PTR pSlot, /* location that receives the slot ID */
CK_VOID_PTR pRserved /* reserved. Should be NULL_PTR */
);
#endif

1685
plugins/qca-pkcs11/pkcs11-headers/pkcs11t.h
View File

File diff suppressed because it is too large Load Diff

93
plugins/qca-pkcs11/pkcs11-helper-config.h
View File

@ -1,93 +0,0 @@
/*
* Copyright (C) 2006 Alon Bar-Lev <alon.barlev@gmail.com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
*/
#ifndef __PKCS11H_HELPER_CONFIG_H
#define __PKCS11H_HELPER_CONFIG_H
#if !defined(PKCS11H_NO_NEED_INCLUDE_CONFIG)
#if !defined(WIN32) && defined(_WIN32)
#define WIN32
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include <ctype.h>
#if defined(WIN32)
#include <windows.h>
#include <process.h>
#else
#include <dlfcn.h>
#include <unistd.h>
#include <pthread.h>
#include <signal.h>
#include <sys/time.h>
#endif
#endif /* PKCS11H_NO_NEED_INCLUDE_CONFIG */
#define ENABLE_PKCS11H_HELPER
#ifdef ENABLE_PKCS11H_HELPER
#include <openssl/x509.h>
#undef PKCS11H_USE_CYGWIN /* cygwin is not supported */
#if !defined(FALSE)
#define FALSE 0
#endif
#if !defined(TRUE)
#define TRUE (!FALSE)
#endif
typedef int PKCS11H_BOOL;
#if !defined(IN)
#define IN
#endif
#if !defined(OUT)
#define OUT
#endif
#define ENABLE_PKCS11H_DEBUG
#define ENABLE_PKCS11H_THREADING
#define ENABLE_PKCS11H_TOKEN
#undef ENABLE_PKCS11H_DATA
#define ENABLE_PKCS11H_CERTIFICATE
#undef ENABLE_PKCS11H_LOCATE
#define ENABLE_PKCS11H_ENUM
#define ENABLE_PKCS11H_SLOTEVENT
#undef ENABLE_PKCS11H_OPENSSL
#undef ENABLE_PKCS11H_STANDALONE
#define PKCS11H_ASSERT assert
#define PKCS11H_TIME time
#if defined(WIN32) || defined(PKCS11H_USE_CYGWIN)
#include "cryptoki-win32.h"
#else
#include "cryptoki.h"
#endif
#endif /* ENABLE_PKCS11H_HELPER */
#endif /* __PKCS11H_HELPER_CONFIG_H */

9911
plugins/qca-pkcs11/pkcs11-helper.c
View File

File diff suppressed because it is too large Load Diff

948
plugins/qca-pkcs11/pkcs11-helper.h
View File

@ -1,948 +0,0 @@
/*
* Copyright (c) 2005-2006 Alon Bar-Lev <alon.barlev@gmail.com>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modifi-
* cation, are permitted provided that the following conditions are met:
*
* o Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* o Redistributions in binary form must reproduce the above copyright no-
* tice, this list of conditions and the following disclaimer in the do-
* cumentation and/or other materials provided with the distribution.
*
* o The names of the contributors may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LI-
* ABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUEN-
* TIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEV-
* ER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABI-
* LITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
* THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/*
* The routines in this file deal with providing private key cryptography
* using RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki).
*
*/
#ifndef __PKCS11H_HELPER_H
#define __PKCS11H_HELPER_H
#if defined(__cplusplus)
extern "C" {
#endif
#include "pkcs11-helper-config.h"
#if defined(ENABLE_PKCS11H_SLOTEVENT) && !defined(ENABLE_PKCS11H_THREADING)
#error PKCS#11: ENABLE_PKCS11H_SLOTEVENT requires ENABLE_PKCS11H_THREADING
#endif
#if defined(ENABLE_PKCS11H_OPENSSL) && !defined(ENABLE_PKCS11H_CERTIFICATE)
#error PKCS#11: ENABLE_PKCS11H_OPENSSL requires ENABLE_PKCS11H_CERTIFICATE
#endif
#define PKCS11H_LOG_DEBUG2 5
#define PKCS11H_LOG_DEBUG1 4
#define PKCS11H_LOG_INFO 3
#define PKCS11H_LOG_WARN 2
#define PKCS11H_LOG_ERROR 1
#define PKCS11H_LOG_QUITE 0
#define PKCS11H_PIN_CACHE_INFINITE -1
#define PKCS11H_SIGNMODE_MASK_SIGN (1<<0)
#define PKCS11H_SIGNMODE_MASK_RECOVER (1<<1)
#define PKCS11H_PROMPT_MASK_ALLOW_PIN_PROMPT (1<<0)
#define PKCS11H_PROMPT_MAST_ALLOW_CARD_PROMPT (1<<1)
#define PKCS11H_SLOTEVENT_METHOD_AUTO 0
#define PKCS11H_SLOTEVENT_METHOD_TRIGGER 1
#define PKCS11H_SLOTEVENT_METHOD_POLL 2
#define PKCS11H_ENUM_METHOD_CACHE 0
#define PKCS11H_ENUM_METHOD_CACHE_EXIST 1
#define PKCS11H_ENUM_METHOD_RELOAD 2
typedef void (*pkcs11h_output_print_t)(
IN const void *pData,
IN const char * const szFormat,
IN ...
)
#ifdef __GNUC__
__attribute__ ((format (printf, 2, 3)))
#endif
;
struct pkcs11h_token_id_s;
typedef struct pkcs11h_token_id_s *pkcs11h_token_id_t;
#if defined(ENABLE_PKCS11H_CERTIFICATE)
struct pkcs11h_certificate_id_s;
struct pkcs11h_certificate_s;
typedef struct pkcs11h_certificate_id_s *pkcs11h_certificate_id_t;
typedef struct pkcs11h_certificate_s *pkcs11h_certificate_t;
#endif /* ENABLE_PKCS11H_CERTIFICATE */
#if defined(ENABLE_PKCS11H_ENUM)
struct pkcs11h_token_id_list_s;
typedef struct pkcs11h_token_id_list_s *pkcs11h_token_id_list_t;
#if defined(ENABLE_PKCS11H_DATA)
struct pkcs11h_data_id_list_s;
typedef struct pkcs11h_data_id_list_s *pkcs11h_data_id_list_t;
#endif /* ENABLE_PKCS11H_DATA */
#if defined(ENABLE_PKCS11H_CERTIFICATE)
struct pkcs11h_certificate_id_list_s;
typedef struct pkcs11h_certificate_id_list_s *pkcs11h_certificate_id_list_t;
#endif /* ENABLE_PKCS11H_CERTIFICATE */
#endif /* ENABLE_PKCS11H_ENUM */
typedef void (*pkcs11h_hook_log_t)(
IN const void *pData,
IN const unsigned flags,
IN const char * const szFormat,
IN va_list args
);
typedef void (*pkcs11h_hook_slotevent_t)(
IN const void *pData
);
typedef PKCS11H_BOOL (*pkcs11h_hook_token_prompt_t)(
IN const void *pData,
IN const pkcs11h_token_id_t token
);
typedef PKCS11H_BOOL (*pkcs11h_hook_pin_prompt_t)(
IN const void *pData,
IN const pkcs11h_token_id_t token,
OUT char * const szPIN,
IN const size_t nMaxPIN
);
struct pkcs11h_token_id_s {
char label[1024];
char manufacturerID[sizeof (((CK_TOKEN_INFO *)NULL)->manufacturerID)+1];
char model[sizeof (((CK_TOKEN_INFO *)NULL)->model)+1];
char serialNumber[sizeof (((CK_TOKEN_INFO *)NULL)->serialNumber)+1];
};
#if defined(ENABLE_PKCS11H_CERTIFICATE)
struct pkcs11h_certificate_id_s {
pkcs11h_token_id_t token_id;
char displayName[1024];
CK_BYTE_PTR attrCKA_ID;
size_t attrCKA_ID_size;
unsigned char *certificate_blob;
size_t certificate_blob_size;
};
#endif
#if defined(ENABLE_PKCS11H_ENUM)
struct pkcs11h_token_id_list_s {
pkcs11h_token_id_list_t next;
pkcs11h_token_id_t token_id;
};
#if defined(ENABLE_PKCS11H_DATA)
struct pkcs11h_data_id_list_s {
pkcs11h_data_id_list_t next;
char *application;
char *label;
};
#endif /* ENABLE_PKCS11H_DATA */
#if defined(ENABLE_PKCS11H_CERTIFICATE)
struct pkcs11h_certificate_id_list_s {
pkcs11h_certificate_id_list_t next;
pkcs11h_certificate_id_t certificate_id;
};
#endif /* ENABLE_PKCS11H_CERTIFICATE */
#endif /* ENABLE_PKCS11H_CERTIFICATE */
#if defined(ENABLE_PKCS11H_OPENSSL)
struct pkcs11h_openssl_session_s;
typedef struct pkcs11h_openssl_session_s *pkcs11h_openssl_session_t;
#endif /* ENABLE_PKCS11H_OPENSSL */
/*
* pkcs11h_getMessage - Get message by return value.
*
* Parameters:
* rv - Return value.
*/
const char *
pkcs11h_getMessage (
IN const int rv
);
/*
* pkcs11h_initialize - Inititalize helper interface.
*
* Must be called once, from main thread.
* Defaults:
* Protected authentication enabled.
* PIN cached is infinite.
*/
CK_RV
pkcs11h_initialize (void);
/*
* pkcs11h_terminate - Terminate helper interface.
*
* Must be called once, from main thread, after all
* related resources freed.
*/
CK_RV
pkcs11h_terminate (void);
/*
* pkcs11h_setLogLevel - Set current log level of the helper.
*
* Parameters:
* flags - current log level.
*
* The log level can be set to maximum, but setting it to lower
* level will improve performance.
*/
void
pkcs11h_setLogLevel (
IN const unsigned flags
);
/*
* pkcs11h_getLogLevel - Get current log level.
*/
unsigned
pkcs11h_getLogLevel (void);
/*
* pkcs11h_setLogHook - Set a log callback.
*
* Parameters:
* hook - Callback.
* pData - Data to send to callback.
*/
CK_RV
pkcs11h_setLogHook (
IN const pkcs11h_hook_log_t hook,
IN void * const pData
);
/*
* pkcs11h_setSlotEventHook - Set a slot event callback.
*
* Parameters:
* hook - Callback.
* pData - Data to send to callback.
*
* Calling this function initialize slot event notifications, these
* notifications can be started, but never terminate due to PKCS#11 limitation.
*
* In order to use slot events you must have threading enabled.
*/
CK_RV
pkcs11h_setSlotEventHook (
IN const pkcs11h_hook_slotevent_t hook,
IN void * const pData
);
/*
* pkcs11h_setTokenPromptHook - Set a token prompt callback.
*
* Parameters:
* hook - Callback.
* pData - Data to send to callback.
*/
CK_RV
pkcs11h_setTokenPromptHook (
IN const pkcs11h_hook_token_prompt_t hook,
IN void * const pData
);
/*
* pkcs11h_setPINPromptHook - Set a pin prompt callback.
*
* Parameters:
* hook - Callback.
* pData - Data to send to callback.
*/
CK_RV
pkcs11h_setPINPromptHook (
IN const pkcs11h_hook_pin_prompt_t hook,
IN void * const pData
);
/*
* pkcs11h_setProtectedAuthentication - Set global protected authentication mode.
*
* Parameters:
* fProtectedAuthentication - Allow protected authentication if enabled by token.
*/
CK_RV
pkcs11h_setProtectedAuthentication (
IN const PKCS11H_BOOL fProtectedAuthentication
);
/*
* pkcs11h_setPINCachePeriod - Set global PIN cache timeout.
*
* Parameters:
* nPINCachePeriod - Cache period in seconds, or PKCS11H_PIN_CACHE_INFINITE.
*/
CK_RV
pkcs11h_setPINCachePeriod (
IN const int nPINCachePeriod
);
/*
* pkcs11h_setMaxLoginRetries - Set global login retries attempts.
*
* Parameters:
* nMaxLoginRetries - Login retries handled by the helper.
*/
CK_RV
pkcs11h_setMaxLoginRetries (
IN const int nMaxLoginRetries
);
/*
* pkcs11h_addProvider - Add a PKCS#11 provider.
*
* Parameters:
* szReferenceName - Reference name for this provider.
* szProvider - Provider library location.
* fProtectedAuthentication - Allow this provider to use protected authentication.
* maskSignMode - Provider signmode override.
* nSlotEventMethod - Provider slot event method.
* nSlotEventPollInterval - Slot event poll interval (If in polling mode).
* fCertIsPrivate - Provider's certificate access should be done after login.
*
* This function must be called from the main thread.
*
* The global fProtectedAuthentication must be enabled in order to allow provider specific.
* The maskSignMode can be 0 in order to automatically detect key sign mode.
*/
CK_RV
pkcs11h_addProvider (
IN const char * const szReferenceName,
IN const char * const szProvider,
IN const PKCS11H_BOOL fProtectedAuthentication,
IN const unsigned maskSignMode,
IN const int nSlotEventMethod,
IN const int nSlotEventPollInterval,
IN const PKCS11H_BOOL fCertIsPrivate
);
/*
* pkcs11h_delProvider - Delete a PKCS#11 provider.
*
* Parameters:
* szReferenceName - Reference name for this provider.
*
* This function must be called from the main thread.
*/
CK_RV
pkcs11h_removeProvider (
IN const char * const szReferenceName
);
/*
* pkcs11h_forkFixup - Handle special case of Unix fork()
*
* This function should be called after fork is called. This is required
* due to a limitation of the PKCS#11 standard.
*
* This function must be called from the main thread.
*
* The helper library handles fork automatically if ENABLE_PKCS11H_THREADING
* is set on configuration file, by use of pthread_atfork.
*/
CK_RV
pkcs11h_forkFixup (void);
/*
* pkcs11h_plugAndPlay - Handle slot rescan.
*
* This function must be called from the main thread.
*
* PKCS#11 providers do not allow plug&play, plug&play can be established by
* finalizing all providers and initializing them again.
*
* The cost of this process is invalidating all sessions, and require user
* login at the next access.
*/
CK_RV
pkcs11h_plugAndPlay (void);
/*
* pkcs11h_freeTokenId - Free token_id object.
*/
CK_RV
pkcs11h_freeTokenId (
IN pkcs11h_token_id_t certificate_id
);
/*
* pkcs11h_duplicateTokenId - Duplicate token_id object.
*/
CK_RV
pkcs11h_duplicateTokenId (
OUT pkcs11h_token_id_t * const to,
IN const pkcs11h_token_id_t from
);
/*
* pkcs11h_sameTokenId - Returns TRUE if same token id
*/
PKCS11H_BOOL
pkcs11h_sameTokenId (
IN const pkcs11h_token_id_t a,
IN const pkcs11h_token_id_t b
);
#if defined(ENABLE_PKCS11H_TOKEN)
/*
* pkcs11h_token_ensureAccess - Ensure token is accessible.
*
* Parameters:
* token_id - Token id object.
* maskPrompt - Allow prompt.
*/
CK_RV
pkcs11h_token_ensureAccess (
IN const pkcs11h_token_id_t token_id,
IN const unsigned maskPrompt
);
#endif /* ENABLE_PKCS11H_TOKEN */
#if defined(ENABLE_PKCS11H_DATA)
CK_RV
pkcs11h_data_get (
IN const pkcs11h_token_id_t token_id,
IN const PKCS11H_BOOL fPublic,
IN const char * const szApplication,
IN const char * const szLabel,
OUT char * const blob,
IN OUT size_t * const p_blob_size
);
CK_RV
pkcs11h_data_put (
IN const pkcs11h_token_id_t token_id,
IN const PKCS11H_BOOL fPublic,
IN const char * const szApplication,
IN const char * const szLabel,
OUT char * const blob,
IN const size_t blob_size
);
CK_RV
pkcs11h_data_del (
IN const pkcs11h_token_id_t token_id,
IN const PKCS11H_BOOL fPublic,
IN const char * const szApplication,
IN const char * const szLabel
);
#endif /* ENABLE_PKCS11H_DATA */
#if defined(ENABLE_PKCS11H_CERTIFICATE)
/*======================================================================*
* CERTIFICATE INTERFACE
*======================================================================*/
/*
* pkcs11h_freeCertificateId - Free certificate_id object.
*/
CK_RV
pkcs11h_freeCertificateId (
IN pkcs11h_certificate_id_t certificate_id
);
/*
* pkcs11h_duplicateCertificateId - Duplicate certificate_id object.
*/
CK_RV
pkcs11h_duplicateCertificateId (
OUT pkcs11h_certificate_id_t * const to,
IN const pkcs11h_certificate_id_t from
);
/*
* pkcs11h_freeCertificate - Free certificate object.
*/
CK_RV
pkcs11h_freeCertificate (
IN pkcs11h_certificate_t certificate
);
/*
* pkcs11h_certificate_create - Create a certificate object out of certificate_id.
*
* Parameters:
* certificate_id - Certificate id object to be based on.
* nPINCachePeriod - Session specific cache period.
* p_certificate - Receives certificate object.
*
* The certificate id object may not specify the full certificate.
* The certificate object must be freed by caller.
*/
CK_RV
pkcs11h_certificate_create (
IN const pkcs11h_certificate_id_t certificate_id,
IN const int nPINCachePeriod,
OUT pkcs11h_certificate_t * const p_certificate
);
/*
* pkcs11h_certificate_getCertificateId - Get certifiate id object out of a certifiate
*
* Parameters:
* certificate - Certificate object.
* p_certificate_id - Certificate id object pointer.
*
* The certificate id must be freed by caller.
*/
CK_RV
pkcs11h_certificate_getCertificateId (
IN const pkcs11h_certificate_t certificate,
OUT pkcs11h_certificate_id_t * const p_certificate_id
);
/*
* pkcs11h_certificate_getCertificateBlob - Get the certificate blob out of the certificate object.
*
* ParametersL
* certificate - Certificate object.
* certificate_blob - Buffer.
* certificate_blob_size - Buffer size.
*
* Buffer may be NULL in order to get size.
*/
CK_RV
pkcs11h_certificate_getCertificateBlob (
IN const pkcs11h_certificate_t certificate,
OUT unsigned char * const certificate_blob,
IN OUT size_t * const p_certificate_blob_size
);
/*
* pkcs11h_certificate_ensureCertificateAccess - Ensure certificate is accessible.
*
* Parameters:
* certificate - Certificate object.
* maskPrompt - Allow prompt.
*/
CK_RV
pkcs11h_certificate_ensureCertificateAccess (
IN const pkcs11h_certificate_t certificate,
IN const unsigned maskPrompt
);
/*
* pkcs11h_certificate_ensureKeyAccess - Ensure key is accessible.
*
* Parameters:
* certificate - Certificate object.
* maskPrompt - Allow prompt.
*/
CK_RV
pkcs11h_certificate_ensureKeyAccess (
IN const pkcs11h_certificate_t certificate,
IN const unsigned maskPrompt
);
/*
* pkcs11h_certificate_sign - Sign data.
*
* Parameters:
* certificate - Certificate object.
* mech_type - PKCS#11 mechanism.
* source - Buffer to sign.
* source_size - Buffer size.
* target - Target buffer, can be NULL to get size.
* target_size - Target buffer size.
*/
CK_RV
pkcs11h_certificate_sign (
IN const pkcs11h_certificate_t certificate,
IN const CK_MECHANISM_TYPE mech_type,
IN const unsigned char * const source,
IN const size_t source_size,
OUT unsigned char * const target,
IN OUT size_t * const p_target_size
);
/*
* pkcs11h_certificate_signRecover - Sign data.
*
* Parameters:
* certificate - Certificate object.
* mech_type - PKCS#11 mechanism.
* source - Buffer to sign.
* source_size - Buffer size.
* target - Target buffer, can be NULL to get size.
* target_size - Target buffer size.
*/
CK_RV
pkcs11h_certificate_signRecover (
IN const pkcs11h_certificate_t certificate,
IN const CK_MECHANISM_TYPE mech_type,
IN const unsigned char * const source,
IN const size_t source_size,
OUT unsigned char * const target,
IN OUT size_t * const p_target_size
);
/*
* pkcs11h_certificate_signAny - Sign data mechanism determined by key attributes.
*
* Parameters:
* certificate - Certificate object.
* mech_type - PKCS#11 mechanism.
* source - Buffer to sign.
* source_size - Buffer size.
* target - Target buffer, can be NULL to get size.
* target_size - Target buffer size.
*/
CK_RV
pkcs11h_certificate_signAny (
IN const pkcs11h_certificate_t certificate,
IN const CK_MECHANISM_TYPE mech_type,
IN const unsigned char * const source,
IN const size_t source_size,
OUT unsigned char * const target,
IN OUT size_t * const p_target_size
);
/*
* pkcs11h_certificate_decrypt - Decrypt data.
*
* Parameters:
* certificate - Certificate object.
* mech_type - PKCS#11 mechanism.
* source - Buffer to sign.
* source_size - Buffer size.
* target - Target buffer, can be NULL to get size.
* target_size - Target buffer size.
*/
CK_RV
pkcs11h_certificate_decrypt (
IN const pkcs11h_certificate_t certificate,
IN const CK_MECHANISM_TYPE mech_type,
IN const unsigned char * const source,
IN const size_t source_size,
OUT unsigned char * const target,
IN OUT size_t * const p_target_size
);
#endif /* ENABLE_PKCS11H_CERTIFICATE */
#if defined(ENABLE_PKCS11H_LOCATE)
/*======================================================================*
* LOCATE INTERFACE
*======================================================================*/
#if defined(ENABLE_PKCS11H_TOKEN) || defined(ENABLE_PKCS11H_CERTIFICATE)
/*
* pkcs11h_locate_token - Locate token based on atributes.
*
* Parameters:
* szSlotType - How to locate slot.
* szSlot - Slot name.
* p_token_id - Token object.
*
* Slot:
* id - Slot number.
* name - Slot name.
* label - Available token label.
*
* Caller must free token id.
*/
CK_RV
pkcs11h_locate_token (
IN const char * const szSlotType,
IN const char * const szSlot,
OUT pkcs11h_token_id_t * const p_token_id
);
#endif /* ENABLE_PKCS11H_TOKEN || ENABLE_PKCS11H_CERTIFICATE */
#if defined(ENABLE_PKCS11H_CERTIFICATE)
/*
* pkcs11h_locate_certificate - Locate certificate based on atributes.
*
* Parameters:
* szSlotType - How to locate slot.
* szSlot - Slot name.
* szIdType - How to locate object.
* szId - Object name.
* p_certificate_id - Certificate object.
*
* Slot:
* Same as pkcs11h_locate_token.
*
* Object:
* id - Certificate CKA_ID (hex string) (Fastest).
* label - Certificate CKA_LABEL (string).
* subject - Certificate subject (OpenSSL DN).
*
* Caller must free certificate id.
*/
CK_RV
pkcs11h_locate_certificate (
IN const char * const szSlotType,
IN const char * const szSlot,
IN const char * const szIdType,
IN const char * const szId,
OUT pkcs11h_certificate_id_t * const p_certificate_id
);
#endif /* ENABLE_PKCS11H_CERTIFICATE */
#endif /* ENABLE_PKCS11H_LOCATE */
#if defined(ENABLE_PKCS11H_ENUM)
/*======================================================================*
* ENUM INTERFACE
*======================================================================*/
#if defined(ENABLE_PKCS11H_TOKEN)
/*
* pkcs11h_freeCertificateIdList - Free certificate_id list.
*/
CK_RV
pkcs11h_freeTokenIdList (
IN const pkcs11h_token_id_list_t token_id_list
);
/*
* pkcs11h_enum_getTokenIds - Enumerate available tokens
*
* Parameters:
* p_token_id_list - A list of token ids.
*
* Caller must free the list.
*/
CK_RV
pkcs11h_enum_getTokenIds (
IN const int method,
OUT pkcs11h_token_id_list_t * const p_token_id_list
);
#endif /* ENABLE_PKCS11H_TOKEN */
#if defined(ENABLE_PKCS11H_DATA)
CK_RV
pkcs11h_freeDataIdList (
IN const pkcs11h_data_id_list_t data_id_list
);
CK_RV
pkcs11h_enumDataObjects (
IN const pkcs11h_token_id_t token_id,
IN const PKCS11H_BOOL fPublic,
OUT pkcs11h_data_id_list_t * const p_data_id_list
);
#endif /* ENABLE_PKCS11H_DATA */
#if defined(ENABLE_PKCS11H_CERTIFICATE)
/*
* pkcs11h_freeCertificateIdList - Free certificate_id list.
*/
CK_RV
pkcs11h_freeCertificateIdList (
IN const pkcs11h_certificate_id_list_t cert_id_list
);
/*
* pkcs11h_enum_getTokenCertificateIds - Enumerate available certificates on specific token
*
* Parameters:
* token_id - Token id to enum.
* method - How to fetch certificates.
* p_cert_id_issuers_list - Receives issues list, can be NULL.
* p_cert_id_end_list - Receives end certificates list.
*
* This function will likely take long time.
*
* Method can be one of the following:
* PKCS11H_ENUM_METHOD_CACHE
* Return available certificates, even if token was once detected and
* was removed.
* PKCS11H_ENUM_METHOD_CACHE_EXIST
* Return available certificates for available tokens only, don't
* read the contents of the token if already read, even if this token
* removed and inserted.
* PKCS11H_ENUM_METHOD_RELOAD
* Clear all caches and then enum.
*
* Caller must free the lists.
*/
CK_RV
pkcs11h_enum_getTokenCertificateIds (
IN const pkcs11h_token_id_t token_id,
IN const int method,
OUT pkcs11h_certificate_id_list_t * const p_cert_id_issuers_list,
OUT pkcs11h_certificate_id_list_t * const p_cert_id_end_list
);
/*
* pkcs11h_enum_getCertificateIds - Enumerate available certificates.
*
* Parameters:
* method - How to fetch certificates.
* p_cert_id_issuers_list - Receives issues list, can be NULL.
* p_cert_id_end_list - Receives end certificates list.
*
* This function will likely take long time.
*
* Method can be one of the following:
* PKCS11H_ENUM_METHOD_CACHE
* Return available certificates, even if token was once detected and
* was removed.
* PKCS11H_ENUM_METHOD_CACHE_EXIST
* Return available certificates for available tokens only, don't
* read the contents of the token if already read, even if this token
* removed and inserted.
* PKCS11H_ENUM_METHOD_RELOAD
* Clear all caches and then enum.
*
* Caller must free lists.
*/
CK_RV
pkcs11h_enum_getCertificateIds (
IN const int method,
OUT pkcs11h_certificate_id_list_t * const p_cert_id_issuers_list,
OUT pkcs11h_certificate_id_list_t * const p_cert_id_end_list
);
#endif /* ENABLE_PKCS11H_CERTIFICATE */
#endif /* ENABLE_PKCS11H_ENUM */
#if defined(ENABLE_PKCS11H_OPENSSL)
/*======================================================================*
* OPENSSL INTERFACE
*======================================================================*/
/*
* pkcs11h_openssl_createSession - Create OpenSSL session based on a certificate object.
*
* Parameters:
* certificate - Certificate object.
*
* The certificate object will be freed by the OpenSSL interface on session end.
*/
pkcs11h_openssl_session_t
pkcs11h_openssl_createSession (
IN const pkcs11h_certificate_t certificate
);
/*
* pkcs11h_openssl_freeSession - Free OpenSSL session.
*
* Parameters:
* openssl_session - Session to free.
*
* The openssl_session object has a reference count just like other OpenSSL objects.
*/
void
pkcs11h_openssl_freeSession (
IN const pkcs11h_openssl_session_t openssl_session
);
/*
* pkcs11h_openssl_getRSA - Returns an RSA object out of the openssl_session object.
*
* Parameters:
* openssl_session - Session.
*/
RSA *
pkcs11h_openssl_getRSA (
IN const pkcs11h_openssl_session_t openssl_session
);
/*
* pkcs11h_openssl_getX509 - Returns an X509 object out of the openssl_session object.
*
* Parameters:
* openssl_session - Session.
*/
X509 *
pkcs11h_openssl_getX509 (
IN const pkcs11h_openssl_session_t openssl_session
);
#endif /* ENABLE_PKCS11H_OPENSSL */
#if defined(ENABLE_PKCS11H_STANDALONE)
/*======================================================================*
* STANDALONE INTERFACE
*======================================================================*/
void
pkcs11h_standalone_dump_slots (
IN const pkcs11h_output_print_t my_output,
IN const void *pData,
IN const char * const provider
);
void
pkcs11h_standalone_dump_objects (
IN const pkcs11h_output_print_t my_output,
IN const void *pData,
IN const char * const provider,
IN const char * const slot,
IN const char * const pin
);
#endif /* ENABLE_PKCS11H_STANDALONE */
#ifdef __cplusplus
}
#endif
#endif /* __PKCS11H_HELPER_H */

37
plugins/qca-pkcs11/pkcs11_helper.qcm Normal file
View File

@ -0,0 +1,37 @@
#include <qprocess.h>
#include <qstringlist.h>
/*
-----BEGIN QCMOD-----
name: pkcs11_helper
-----END QCMOD-----
*/
class qc_pkcs11_helper : public ConfObj
{
public:
qc_pkcs11_helper(Conf *c) : ConfObj(c) {}
QString name() const { return "pkcs11-helper"; }
QString shortname() const { return "pkcs11-helper"; }
bool exec()
{
QStringList incs;
QString ver, libs, other;
if (!conf->findPkgConfig(QString("libpkcs11-helper-1"),
VersionAny, 0, &ver,
&incs, &libs, &other)) {
return false;
}
for(int n = 0; n < incs.count(); ++n) {
conf->addIncludePath(incs[n]);
}
if (!libs.isEmpty()) {
conf->addLib(libs);
}
if(!other.isEmpty()) {
conf->addExtra(QString("QMAKE_CFLAGS += %1\n").arg(other));
}
return true;
}
};

77
plugins/qca-pkcs11/qca-pkcs11.cpp
View File

@ -27,7 +27,9 @@
#include <QtCore>
#include <QtCrypto>
#include "pkcs11-helper.h"
#include <pkcs11-helper-1.0/pkcs11h-token.h>
#include <pkcs11-helper-1.0/pkcs11h-certificate.h>
#include <openssl/x509.h>
using namespace QCA;
@ -83,7 +85,7 @@ protected:
static
void
_logHook (
const void *pData,
void * const global_data,
const unsigned flags,
const char * const szFormat,
va_list args
@ -92,21 +94,25 @@ protected:
static
void
_slotEventHook (
const void *pData
void * const global_data
);
static
PKCS11H_BOOL
_tokenPromptHook (
const void *pData,
const pkcs11h_token_id_t token
void * const global_data,
void * const user_data,
const pkcs11h_token_id_t token,
const unsigned retry
);
static
PKCS11H_BOOL
_pinPromptHook (
const void *pData,
void * const global_data,
void * const user_data,
const pkcs11h_token_id_t token,
const unsigned retry,
char * const szPIN,
const size_t nMaxPIN
);
@ -158,7 +164,7 @@ private:
~KeyStoreItem () {
if (token_id != NULL) {
pkcs11h_freeTokenId (token_id);
pkcs11h_token_freeTokenId (token_id);
}
}
};
@ -427,7 +433,7 @@ public:
convertToPublic () {
if (_fPrivateKeyRole) {
if (_pkcs11h_certificate != NULL) {
pkcs11h_freeCertificate (_pkcs11h_certificate);
pkcs11h_certificate_freeCertificate (_pkcs11h_certificate);
_pkcs11h_certificate = NULL;
}
_fPrivateKeyRole = false;
@ -829,6 +835,7 @@ public:
if (
(rv = pkcs11h_token_ensureAccess (
_pkcs11h_certificate_id->token_id,
NULL,
0
)) != CKR_OK
) {
@ -854,12 +861,12 @@ private:
void
freeResources () {
if (_pkcs11h_certificate != NULL) {
pkcs11h_freeCertificate (_pkcs11h_certificate);
pkcs11h_certificate_freeCertificate (_pkcs11h_certificate);
_pkcs11h_certificate = NULL;
}
if (_pkcs11h_certificate_id != NULL) {
pkcs11h_freeCertificateId (_pkcs11h_certificate_id);
pkcs11h_certificate_freeCertificateId (_pkcs11h_certificate_id);
_pkcs11h_certificate_id = NULL;
}
}
@ -873,7 +880,7 @@ private:
freeResources ();
if (
(rv = pkcs11h_duplicateCertificateId (
(rv = pkcs11h_certificate_duplicateCertificateId (
&_pkcs11h_certificate_id,
pkcs11h_certificate_id
)) != CKR_OK
@ -890,6 +897,8 @@ private:
if (
(rv = pkcs11h_certificate_create (
_pkcs11h_certificate_id,
NULL,
PKCS11H_PROMPT_MASK_ALLOW_ALL,
PKCS11H_PIN_CACHE_INFINITE,
&_pkcs11h_certificate
)) != CKR_OK
@ -1354,7 +1363,7 @@ MyKeyStoreList::keyStores () {
* Get available tokens
*/
if (
(rv = pkcs11h_enum_getTokenIds (
(rv = pkcs11h_token_enumTokenIds (
PKCS11H_ENUM_METHOD_CACHE,
&tokens
)) != CKR_OK
@ -1407,7 +1416,7 @@ MyKeyStoreList::keyStores () {
}
if (tokens != NULL) {
pkcs11h_freeTokenIdList (tokens);
pkcs11h_token_freeTokenIdList (tokens);
}
return out;
@ -1430,9 +1439,11 @@ MyKeyStoreList::entryList (int id) {
QList<Certificate> listIssuers;
if (
(rv = pkcs11h_enum_getTokenCertificateIds (
(rv = pkcs11h_certificate_enumTokenCertificateIds (
entry->token_id,
PKCS11H_ENUM_METHOD_CACHE,
NULL,
PKCS11H_PROMPT_MASK_ALLOW_ALL,
&issuers,
&certs
)) != CKR_OK
@ -1501,7 +1512,7 @@ MyKeyStoreList::entryList (int id) {
}
if (certs != NULL) {
pkcs11h_freeCertificateIdList (certs);
pkcs11h_certificate_freeCertificateIdList (certs);
}
return out;
@ -1521,7 +1532,7 @@ MyKeyStoreList::pinPrompt (
while (
i != _stores.end () &&
!pkcs11h_sameTokenId (
!pkcs11h_token_sameTokenId (
token_id,
(*i)->token_id
)
@ -1586,7 +1597,7 @@ MyKeyStoreList::registerTokenId (
while (
i != _stores.end () &&
!pkcs11h_sameTokenId (
!pkcs11h_token_sameTokenId (
token_id,
(*i)->token_id
)
@ -1604,7 +1615,7 @@ MyKeyStoreList::registerTokenId (
entry = new KeyStoreItem;
entry->id = _last_id;
pkcs11h_duplicateTokenId (&entry->token_id, token_id);
pkcs11h_token_duplicateTokenId (&entry->token_id, token_id);
_stores += entry;
_storesById.insert (entry->id, entry);
@ -1824,7 +1835,7 @@ MyKeyStoreList::deserializeCertificateId (
certificate_id_s.certificate_blob_size = (size_t)arrayCertificate.size ();
if (
(rv = pkcs11h_duplicateCertificateId (
(rv = pkcs11h_certificate_duplicateCertificateId (
p_certificate_id,
&certificate_id_s
)) != CKR_OK
@ -2031,40 +2042,50 @@ pkcs11Provider::stopSlotEvents () {
void
pkcs11Provider::_logHook (
const void *pData,
void * const global_data,
const unsigned flags,
const char * const szFormat,
va_list args
) {
pkcs11Provider *me = (pkcs11Provider *)pData;
pkcs11Provider *me = (pkcs11Provider *)global_data;
me->logHook (flags, szFormat, args);
}
void
pkcs11Provider::_slotEventHook (
const void *pData
void * const global_data
) {
pkcs11Provider *me = (pkcs11Provider *)pData;
pkcs11Provider *me = (pkcs11Provider *)global_data;
me->slotEventHook ();
}
PKCS11H_BOOL
pkcs11Provider::_tokenPromptHook (
const void *pData,
const pkcs11h_token_id_t token
void * const global_data,
void * const user_data,
const pkcs11h_token_id_t token,
const unsigned retry
) {
pkcs11Provider *me = (pkcs11Provider *)pData;
Q_UNUSED(user_data);
Q_UNUSED(retry);
pkcs11Provider *me = (pkcs11Provider *)global_data;
return me->cardPromptHook (token);
}
PKCS11H_BOOL
pkcs11Provider::_pinPromptHook (
const void *pData,
void * const global_data,
void * const user_data,
const pkcs11h_token_id_t token,
const unsigned retry,
char * const szPIN,
const size_t nMaxPIN
) {
pkcs11Provider *me = (pkcs11Provider *)pData;
Q_UNUSED(user_data);
Q_UNUSED(retry);
pkcs11Provider *me = (pkcs11Provider *)global_data;
return me->pinPromptHook (token, szPIN, nMaxPIN);
}

2
plugins/qca-pkcs11/qca-pkcs11.pro
View File

@ -6,7 +6,7 @@ CONFIG += plugin
QT -= gui
CONFIG += crypto
SOURCES = qca-pkcs11.cpp pkcs11-helper.c
SOURCES = qca-pkcs11.cpp
windows:{
# hardcoded openssl location

3
plugins/qca-pkcs11/qca-pkcs11.qc
View File

@ -5,6 +5,9 @@
<dep type='qca'>
<required/>
</dep>
<dep type='pkcs11_helper'>
<required/>
</dep>
<dep type='openssl'>
<required/>
</dep>