-
Notifications
You must be signed in to change notification settings - Fork 2
/
gpkcs11_locl.h
155 lines (134 loc) · 3.26 KB
/
gpkcs11_locl.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/rand.h>
#include <openssl/x509.h>
#include <openssl/sha.h>
#include <ctype.h>
#include <errno.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/param.h>
#include <dirent.h>
#include <pkcs11u.h>
#include <pkcs11.h>
#include <pkcs11n.h>
#ifdef HAVE_MYPROXY
#include <myproxy.h>
#include <gsi_socket.h>
#endif
#define MANUFACTURER_ID "CESNET"
#define OPENSSL_ASN1_MALLOC_ENCODE(T, B, BL, S, R) \
{ \
unsigned char *p; \
(BL) = i2d_##T((S), NULL); \
if ((BL) <= 0) { \
(R) = EINVAL; \
} else { \
(B) = malloc((BL)); \
if ((B) == NULL) { \
(R) = ENOMEM; \
} else { \
p = (B); \
(R) = 0; \
(BL) = i2d_##T((S), &p); \
if ((BL) <= 0) { \
free((B)); \
(R) = EINVAL; \
} \
} \
} \
}
#define OBJECT_ID_MASK 0xfff
#define HANDLE_OBJECT_ID(h) ((h) & OBJECT_ID_MASK)
#define OBJECT_ID(obj) HANDLE_OBJECT_ID((obj)->object_handle)
#define MAX_NUM_SESSION 10
typedef struct gpkcs11_st_attr {
CK_ATTRIBUTE attribute;
int secret;
} gpkcs11_st_attr;
typedef struct gpkcs11_session_state {
CK_SESSION_HANDLE session_handle;
struct {
CK_ATTRIBUTE *attributes;
CK_ULONG num_attributes;
int next_object;
} find;
int encrypt_object;
CK_MECHANISM_PTR encrypt_mechanism;
int decrypt_object;
CK_MECHANISM_PTR decrypt_mechanism;
int sign_object;
CK_MECHANISM_PTR sign_mechanism;
int verify_object;
CK_MECHANISM_PTR verify_mechanism;
int digest_object;
} gpkcs11_session_state;
typedef struct gpkcs11_st_object {
CK_OBJECT_HANDLE object_handle;
gpkcs11_st_attr *attrs;
int num_attributes;
enum {
STO_T_CERTIFICATE,
STO_T_PRIVATE_KEY,
STO_T_PUBLIC_KEY,
STO_T_NETSCAPE_TRUST
} type;
union {
X509 *cert;
EVP_PKEY *public_key;
struct {
const char *file;
EVP_PKEY *key;
X509 *cert;
} private_key;
} u;
} gpkcs11_st_object;
typedef struct gpkcs11_soft_token_t {
struct {
const char *text;
CK_VERSION libraryVersion;
} desc;
CK_VOID_PTR application;
CK_NOTIFY notify;
struct {
gpkcs11_st_object **objs;
int num_objs;
} object;
struct {
int hardware_slot;
int app_error_fatal;
int login_done;
} flags;
int open_sessions;
gpkcs11_session_state state[MAX_NUM_SESSION];
FILE *logfile;
char *myproxy_server;
char *myproxy_user;
} gpkcs11_soft_token_t;
void
gpkcs11_log(const char *fmt, ...);
void
gpkcs11_app_error(const char *fmt, ...);
CK_RV
gpkcs11_verify_session_handle(CK_SESSION_HANDLE hSession, gpkcs11_session_state **state);
#define VERIFY_SESSION_HANDLE(s, state) \
{ \
CK_RV ret; \
ret = gpkcs11_verify_session_handle(s, state); \
if (ret != CKR_OK) { \
return(ret); \
} \
}
CK_RV
gpkcs11_init_token(const char *version, const char *description, gpkcs11_soft_token_t *token);
CK_RV
gpkcs11_add_credentials(char *label, const char *cert_file, const char *private_key_file, char *id, int anchor);
CK_RV
get_myproxy_creds(char *server, char *username, char *password, char **creds);